# ==> /etc/systemd/system/public-inbox-nntpd@.service <==
+# Consider looking at public-inbox-netd@.service instead of this file
+# to simplify management when serving multiple protocols.
+#
# Since SIGUSR2 upgrades do not work under systemd, this service file
# allows starting two simultaneous services during upgrade time
# (e.g. public-inbox-nntpd@1 public-inbox-nntpd@2) with the intention
ExecStartPre = /bin/mkdir -p -m 1777 /tmp/.pub-inline
ExecStart = /usr/local/bin/public-inbox-nntpd \
-1 /var/log/public-inbox/nntpd.out.log \
--2 /var/log/public-inbox/nntpd.err.log
+--cert /etc/ssl/certs/news.example.com.pem \
+--key /etc/ssl/private/news.example.com.key
+StandardError = syslog
+
+# NonBlocking is REQUIRED to avoid a race condition if running
+# simultaneous services
+NonBlocking = true
+
Sockets = public-inbox-nntpd.socket
+
KillSignal = SIGQUIT
User = nobody
-Group = nogroup
+Group = ssl-cert
ExecReload = /bin/kill -HUP $MAINPID
-TimeoutStopSec = 3600
+TimeoutStopSec = 86400
KillMode = process
[Install]