Add a systemd socket unit and adjust AmbientCapabilities=

[eriksjolund]

Now that Caddy supports socket activation adjust the systemd service examples

init/caddy.service
init/caddy-api.service

to make use of a socket unit.

I haven't verified this but I'm speculating that we could remove the line

dist/init/caddy.service

Line 32 in 34f51d8

AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

CAP_NET_ADMIN was added in

• Enable CAP_NET_ADMIN #98

There is a systemd directive ReceiveBuffer that looks useful:

https://www.freedesktop.org/software/systemd/man/latest/systemd.socket.html#ReceiveBuffer=

(I don't know if the systemd directive ReceiveBuffer= would provide enough functionality to justify the removal of CAP_NET_ADMIN)

[francislavoie]

I don't think we can remove any capabilities like that. Socket activation is still an opt-in feature that users have to use in their configs. I don't envision that changing either. If you don't want the capability set, you can set overrides for your systemd config: https://caddyserver.com/docs/running#overrides

[eriksjolund]

Overriding the systemd config is fine with me.
Should I close this issue?