[Unit]
Description = public-inbox NNTP server %i
-Wants = public-inbox-nntpd.socket
-After = public-inbox-nntpd.socket
+Wants = public-inbox-nntpd.socket public-inbox-nntps.socket
+After = public-inbox-nntpd.socket public-inbox-nntps.socket
[Service]
Environment = PI_CONFIG=/home/pi/.public-inbox/config \
LimitNOFILE = 30000
ExecStartPre = /bin/mkdir -p -m 1777 /tmp/.pub-inline
ExecStart = /usr/local/bin/public-inbox-nntpd \
--1 /var/log/public-inbox/nntpd.out.log
+-1 /var/log/public-inbox/nntpd.out.log \
+--cert /etc/ssl/certs/news.example.com.pem \
+--key /etc/ssl/private/news.example.com.key
StandardError = syslog
-Sockets = public-inbox-nntpd.socket
+
+# NonBlocking is REQUIRED to avoid a race condition if running
+# simultaneous services
+NonBlocking = true
+
+Sockets = public-inbox-nntpd.socket public-inbox-nntps.socket
+
KillSignal = SIGQUIT
User = nobody
-Group = nogroup
+Group = ssl-cert
ExecReload = /bin/kill -HUP $MAINPID
TimeoutStopSec = 86400
KillMode = process