From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 17 Jul 2016 13:02:29 +0000 (+0200)
Subject: provide a way for systemd-supervised services to listen on TLS via socket activation
X-Git-Tag: v1.1.0~7^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aede98c2a690d81c513306c8f111ccc97ff65709;p=thirdparty%2Fknot-resolver.git

provide a way for systemd-supervised services to listen on TLS via socket activation
---

diff --git a/daemon/main.c b/daemon/main.c
index c02adb0f2..5c6dafb7c 100644
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -510,6 +510,8 @@ int main(int argc, char **argv)
 		}
 		if (!strcasecmp("control",socket_names[i])) {
 			control_fd = fd;
+		} else if (!strcasecmp("tls",socket_names[i])) {
+			array_push(tls_fd_set, fd);
 		} else {
 			array_push(fd_set, fd);
 		}
diff --git a/systemd/knot-resolver-tls.socket b/systemd/knot-resolver-tls.socket
new file mode 100644
index 000000000..317dd2ebe
--- /dev/null
+++ b/systemd/knot-resolver-tls.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=Knot DNS Resolver TLS network listener
+Documentation=man:kresd(8)
+Before=sockets.target
+
+[Socket]
+ListenStream=853
+FileDescriptorName=tls
+Service=knot-resolver.service
+
+[Install]
+WantedBy=sockets.target