commit be5d82611fcd17a86683b03490fa3c4539549197
parent f58c0ffc0211a0e4cf4c26e8e2c665b6b1b48819
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 7 Sep 2025 10:39:41 +0200
add socket activation (fixes #9464)
Diffstat:
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/debian/anastasis-httpd.service b/debian/anastasis-httpd.service
@@ -1,6 +1,7 @@
[Unit]
Description=Anastasis key recovery backend
After=postgresql.service network.target
+Requires=anastasis-httpd.socket
[Service]
User=anastasis-httpd
@@ -8,12 +9,24 @@ Type=simple
Restart=always
RestartMode=direct
RestartSec=1s
-RestartPreventExitStatus=2 3 4 5 6 9
+RestartPreventExitStatus=9
+
+# Disable the service if more than 5 restarts are encountered within 5s.
+# These are usually the systemd defaults, but can be overwritten, thus we set
+# them here explicitly, as the exchange code assumes StartLimitInterval
+# to be >=5s.
+StartLimitBurst=5
+StartLimitInterval=5s
+
ExecStart=/usr/bin/anastasis-httpd -c /etc/anastasis/anastasis.conf -L INFO
EnvironmentFile=/etc/anastasis/anastasis.env
+RuntimeMaxSec=3600s
StandardOutput=journal
StandardError=journal
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
[Install]
WantedBy=multi-user.target
diff --git a/debian/anastasis-httpd.socket b/debian/anastasis-httpd.socket
@@ -0,0 +1,14 @@
+[Unit]
+Description=Anastasis Socket
+PartOf=anastasis-httpd.service
+
+[Socket]
+ListenStream=/run/anastasis/httpd/anastasis-http.sock
+Accept=no
+Service=anastasis-httpd.service
+SocketUser=anastasis-httpd
+SocketGroup=www-data
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
