etc: Simplify default config by removing systemd sockets

Having systemd open sockets and pass them to chasquid is neat, but also adds some complexity to the default config, for very little value in practice. This patch simplifies the default config by having chasquid open the sockets instead. Note that systemd file descriptor passing continues to be supported, and existing installations will not be affected.
2025-12-17 14:37:02 +00:00 · 2022-11-12 11:37:56 +00:00
parent 48da3c1657
commit 2bad7a14be
5 changed files with 6 additions and 39 deletions
--- a/etc/chasquid/chasquid.conf
+++ b/etc/chasquid/chasquid.conf
@@ -14,19 +14,19 @@
 # Default: "systemd", which means systemd passes sockets to us.
 # systemd sockets must be named with "FileDescriptorName=smtp".
 #smtp_address: "systemd"
-#smtp_address: ":25"
+smtp_address: ":25"

 # Addresses to listen on for submission (usually port 587).
 # Default: "systemd", which means systemd passes sockets to us.
 # systemd sockets must be named with "FileDescriptorName=submission".
 #submission_address: "systemd"
-#submission_address: ":587"
+submission_address: ":587"

 # Addresses to listen on for submission-over-TLS (usually port 465).
 # Default: "systemd", which means systemd passes sockets to us.
 # systemd sockets must be named with "FileDescriptorName=submission_tls".
 #submission_over_tls_address: "systemd"
-#submission_over_tls_address: ":465"
+submission_over_tls_address: ":465"

 # Address for the monitoring http server.
 # Do NOT expose this to the public internet.
--- a/etc/systemd/system/chasquid-smtp.socket
+++ b/etc/systemd/system/chasquid-smtp.socket
@@ -1,11 +0,0 @@
-[Unit]
-Description=chasquid mail daemon (SMTP sockets)
-
-[Socket]
-ListenStream=25
-FileDescriptorName=smtp
-Service=chasquid.service
-
-[Install]
-WantedBy=chasquid.target
-
--- a/etc/systemd/system/chasquid-submission.socket
+++ b/etc/systemd/system/chasquid-submission.socket
@@ -1,11 +0,0 @@
-[Unit]
-Description=chasquid mail daemon (submission sockets)
-
-[Socket]
-ListenStream=587
-FileDescriptorName=submission
-Service=chasquid.service
-
-[Install]
-WantedBy=chasquid.target
-
--- a/etc/systemd/system/chasquid-submission_tls.socket
+++ b/etc/systemd/system/chasquid-submission_tls.socket
@@ -1,11 +0,0 @@
-[Unit]
-Description=chasquid mail daemon (submission over TLS sockets)
-
-[Socket]
-ListenStream=465
-FileDescriptorName=submission_tls
-Service=chasquid.service
-
-[Install]
-WantedBy=chasquid.target
-
--- a/etc/systemd/system/chasquid.service
+++ b/etc/systemd/system/chasquid.service
@@ -1,8 +1,5 @@
 [Unit]
 Description=chasquid mail daemon (service)
-Requires=chasquid-smtp.socket \
-	chasquid-submission.socket \
-	chasquid-submission_tls.socket

 [Service]
 ExecStart=/usr/local/bin/chasquid \
@@ -17,6 +14,9 @@ Restart=always
 User=mail
 Group=mail

+# Let chasquid listen on ports < 1024.
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
 # Simple security measures just in case.
 ProtectSystem=full