Add a systemd socket unit and adjust `AmbientCapabilities=`

[eriksjolund]

Now that Caddy supports socket activation adjust the systemd service examples

init/caddy.service init/caddy-api.service

to make use of a socket unit.

I haven't verified this but I'm speculating that we could remove the line

https://github.com/caddyserver/dist/blob/34f51d87d16c3da70156edffdf7c52a6916f48e6/init/caddy.service#L32

CAP_NET_ADMIN was added in

• https://github.com/caddyserver/dist/pull/98

There is a systemd directive ReceiveBuffer that looks useful:

https://www.freedesktop.org/software/systemd/man/latest/systemd.socket.html#ReceiveBuffer=

(I don't know if the systemd directive ReceiveBuffer= would provide enough functionality to justify the removal of CAP_NET_ADMIN)

[francislavoie]

I don't think we can remove any capabilities like that. Socket activation is still an opt-in feature that users have to use in their configs. I don't envision that changing either. If you don't want the capability set, you can set overrides for your systemd config: https://caddyserver.com/docs/running#overrides

[eriksjolund]

Overriding the systemd config is fine with me. Should I close this issue?