mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
Alex Palaistras
e7e90f0002
Dovecot will, by default, have login processes run under a limited `chroot` environment. However, this broke recently with the update to Podman 4.4.1 and the removal of implicit `CAP_CHROOT` capabilities. This commit re-adds these in place.
27 lines
1.1 KiB
Desktop File
27 lines
1.1 KiB
Desktop File
[Unit]
|
|
Description=Dovecot POP3/IMAP Server
|
|
Wants=container-build@%N.service container-volume@%N.service mariadb.service rspamd.service grafana-dashboard@dovecot.service
|
|
After=container-build@%N.service container-volume@%N.service mariadb.service rspamd.service
|
|
Before=grafana-dashboard@dovecot.service
|
|
|
|
[Service]
|
|
Type=notify
|
|
NotifyAccess=all
|
|
SyslogIdentifier=%N
|
|
Restart=on-failure
|
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
|
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
|
|
--cap-add SYS_CHROOT \
|
|
--env-file %E/coreos-home-server/%N/%N.env \
|
|
--env-file %E/coreos-home-server/rspamd/rspamd.env \
|
|
--publish 143:143 --publish 993:993 --publish 4190:4190 \
|
|
--volume %N:/var/mail:z \
|
|
--volume letsencrypt:/etc/ssl/private:z,ro \
|
|
localhost/%N:latest
|
|
ExecStop=/bin/podman stop --ignore --time 10 %N
|
|
ExecStopPost=/bin/podman rm --ignore --force %N
|
|
ExecReload=/bin/podman exec %N doveadm -v reload
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|