]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
provide a way for systemd-supervised services to listen on TLS via socket activation
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sun, 17 Jul 2016 13:02:29 +0000 (15:02 +0200)
committerOndřej Surý <ondrej@sury.org>
Fri, 5 Aug 2016 09:47:14 +0000 (11:47 +0200)
daemon/main.c
systemd/knot-resolver-tls.socket [new file with mode: 0644]

index c02adb0f2365c9641e70e640a6c2ea316eee6999..5c6dafb7ca61e732da7047e89ebf1a280869f9b7 100644 (file)
@@ -510,6 +510,8 @@ int main(int argc, char **argv)
                }
                if (!strcasecmp("control",socket_names[i])) {
                        control_fd = fd;
+               } else if (!strcasecmp("tls",socket_names[i])) {
+                       array_push(tls_fd_set, fd);
                } else {
                        array_push(fd_set, fd);
                }
diff --git a/systemd/knot-resolver-tls.socket b/systemd/knot-resolver-tls.socket
new file mode 100644 (file)
index 0000000..317dd2e
--- /dev/null
@@ -0,0 +1,12 @@
+[Unit]
+Description=Knot DNS Resolver TLS network listener
+Documentation=man:kresd(8)
+Before=sockets.target
+
+[Socket]
+ListenStream=853
+FileDescriptorName=tls
+Service=knot-resolver.service
+
+[Install]
+WantedBy=sockets.target