Is it possible to listen on unix socket?

[singpolyma]

Most of my web apps listen on unix socket instead of INET port number, can gitit do that? Just gitit -l /tmp/thing.sock did not work.

[jgm]

Not at present.

[trentbuck]

Related: systemd socket activation (i.e. gitit.socket) would Just WorkTM if gitit can be made to use an already-open file descriptor 3, instead of opening its own TCP listener. This would let systemd-analyze security be used to harden the gitit namespace even to the point where TCP/IP are blocked!

Here is a janky web app being locked down heavily (and then nginx reverse-proxies it): https://github.com/trentbuck/collection4/blob/main/debian/service#L15-L44

(Of course, even gitit as-is you can do most of this lockdown -- and you would still need TCP/IP if you wanted gitit to be able to send password reset emails, because fork+exec'ing /usr/sbin/sendmail runs it in the same systemd "slice" as gitit.)