No ext_urls

[public-inbox.git] / examples / public-inbox-nntpd@.service

diff --git a/examples/public-inbox-nntpd@.service b/examples/public-inbox-nntpd@.service
index 62202c2fa54e18a9f11da0fe0540f2c904a23864..56e1cc8fb61ba99ab9cc1cc01a96f05e4fee4a2e 100644 (file)
--- a/examples/public-inbox-nntpd@.service
+++ b/examples/public-inbox-nntpd@.service
@@ -1,4 +1,7 @@
 # ==> /etc/systemd/system/public-inbox-nntpd@.service <==
+# Consider looking at public-inbox-netd@.service instead of this file
+# to simplify management when serving multiple protocols.
+#
 # Since SIGUSR2 upgrades do not work under systemd, this service file
 # allows starting two simultaneous services during upgrade time
 # (e.g. public-inbox-nntpd@1 public-inbox-nntpd@2) with the intention
@@ -18,12 +21,20 @@ PERL_INLINE_DIRECTORY=/tmp/.pub-inline
 LimitNOFILE = 30000
 ExecStartPre = /bin/mkdir -p -m 1777 /tmp/.pub-inline
 ExecStart = /usr/local/bin/public-inbox-nntpd \
--1 /var/log/public-inbox/nntpd.out.log
+-1 /var/log/public-inbox/nntpd.out.log \
+--cert /etc/ssl/certs/news.example.com.pem \
+--key /etc/ssl/private/news.example.com.key
 StandardError = syslog
+
+# NonBlocking is REQUIRED to avoid a race condition if running
+# simultaneous services
+NonBlocking = true
+
 Sockets = public-inbox-nntpd.socket
+
 KillSignal = SIGQUIT
 User = nobody
-Group = nogroup
+Group = ssl-cert
 ExecReload = /bin/kill -HUP $MAINPID
 TimeoutStopSec = 86400
 KillMode = process