[PATCH 0/4] doc updates and simplifications

[PATCH 0/4] doc updates and simplifications

[Eric Wong]

I should've done -netd in 2016 when I did -httpd :x

Eric Wong (4):
  doc: drop ancient Apache and WEBrick examples
  examples: consolidate systemd socket examples
  examples: add systemd files for -netd
  doc: spell out "PROTOCOL" in examples

 Documentation/lei-blob.pod              |  2 +-
 Documentation/lei-convert.pod           |  2 +-
 Documentation/lei-import.pod            |  2 +-
 Documentation/lei-lcat.pod              |  2 +-
 Documentation/lei-q.pod                 |  2 +-
 Documentation/lei-rediff.pod            |  2 +-
 Documentation/public-inbox-daemon.pod   |  4 +-
 Documentation/public-inbox-imapd.pod    |  6 +--
 Documentation/public-inbox-netd.pod     |  4 +-
 Documentation/public-inbox-nntpd.pod    |  4 +-
 Documentation/public-inbox-pop3d.pod    |  6 +--
 MANIFEST                                |  9 +---
 examples/README                         |  4 --
 examples/apache2_cgi.conf               | 34 --------------
 examples/apache2_perl.conf              | 25 -----------
 examples/apache2_perl_old.conf          | 38 ----------------
 examples/cgi-webrick.rb                 | 25 -----------
 examples/public-inbox-httpd.socket      |  3 ++
 examples/public-inbox-httpd@.service    |  3 ++
 examples/public-inbox-imap-onion.socket | 12 -----
 examples/public-inbox-imapd.socket      | 17 ++++++-
 examples/public-inbox-imapd@.service    | 12 ++---
 examples/public-inbox-imaps.socket      | 12 -----
 examples/public-inbox-netd.socket       | 45 +++++++++++++++++++
 examples/public-inbox-netd@.service     | 60 +++++++++++++++++++++++++
 examples/public-inbox-nntpd.socket      | 21 ++++++++-
 examples/public-inbox-nntpd@.service    |  9 ++--
 examples/public-inbox-nntps.socket      | 12 -----
 28 files changed, 178 insertions(+), 199 deletions(-)
 delete mode 100644 examples/apache2_cgi.conf
 delete mode 100644 examples/apache2_perl.conf
 delete mode 100644 examples/apache2_perl_old.conf
 delete mode 100644 examples/cgi-webrick.rb
 delete mode 100644 examples/public-inbox-imap-onion.socket
 delete mode 100644 examples/public-inbox-imaps.socket
 create mode 100644 examples/public-inbox-netd.socket
 create mode 100644 examples/public-inbox-netd@.service
 delete mode 100644 examples/public-inbox-nntps.socket

[PATCH 1/4] doc: drop ancient Apache and WEBrick examples

[Eric Wong]

Having old, unmaintained docs for other HTTP servers is likely
harmful at this point.  public-inbox-httpd is specifically
designed to handle git repos on slow storage and stream giant
mbox.gz files fairly to slow clients.
---
 MANIFEST                       |  4 ----
 examples/README                |  4 ----
 examples/apache2_cgi.conf      | 34 ------------------------------
 examples/apache2_perl.conf     | 25 ----------------------
 examples/apache2_perl_old.conf | 38 ----------------------------------
 examples/cgi-webrick.rb        | 25 ----------------------
 6 files changed, 130 deletions(-)
 delete mode 100644 examples/apache2_cgi.conf
 delete mode 100644 examples/apache2_perl.conf
 delete mode 100644 examples/apache2_perl_old.conf
 delete mode 100644 examples/cgi-webrick.rb

diff --git a/MANIFEST b/MANIFEST
index d37ba0ab..196b9627 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -122,10 +122,6 @@ devel/README
 devel/syscall-list
 examples/README
 examples/README.unsubscribe
-examples/apache2_cgi.conf
-examples/apache2_perl.conf
-examples/apache2_perl_old.conf
-examples/cgi-webrick.rb
 examples/cgit-commit-filter.lua
 examples/cgit-wwwhighlight-filter.lua
 examples/cgit.psgi
diff --git a/examples/README b/examples/README
index 1d5dcd34..5674d7ed 100644
--- a/examples/README
+++ b/examples/README
@@ -9,10 +9,6 @@ For PSGI/Plack (HTTP) servers
 -----------------------------
 public-inbox.psgi - starting point for PSGI/Plack users in production and dev
 
-For Apache2 users
------------------
-apache2_perl.conf - intended to be the basis of a production config
-
 Contact
 -------
 Please send any related feedback to public-inbox: meta@public-inbox.org
diff --git a/examples/apache2_cgi.conf b/examples/apache2_cgi.conf
deleted file mode 100644
index 5ec64d72..00000000
--- a/examples/apache2_cgi.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-# Example Apache2 configuration using CGI mod_cgi
-# If possible, use mod_perl (see apache2_perl.conf) or
-# a standalone PSGI/Plack # server instead of this.
-# Adjust paths to your installation.
-
-ServerName "public-inbox"
-ServerRoot "/var/www/cgi-bin"
-DocumentRoot "/var/www/cgi-bin"
-ErrorLog "/tmp/public-inbox-error.log"
-PidFile "/tmp/public-inbox.pid"
-Listen 127.0.0.1:8080
-LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
-LoadModule env_module /usr/lib/apache2/modules/mod_env.so
-LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
-LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
-LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
-TypesConfig "/dev/null"
-
-<Directory /var/www/cgi-bin>
-	Options +ExecCGI
-	AddHandler cgi-script .cgi
-
-	# we use this hack to ensure "public-inbox.cgi" doesn't show up
-	# in any of our redirects:
-	SetEnv NO_SCRIPT_NAME 1
-
-	# our public-inbox.cgi requires PATH_INFO-based URLs with minimal
-	# use of query parameters
-	DirectoryIndex public-inbox.cgi
-	RewriteEngine On
-	RewriteCond %{REQUEST_FILENAME} !-f
-	RewriteCond %{REQUEST_FILENAME} !-d
-	RewriteRule ^.* /public-inbox.cgi/$0 [L,PT]
-</Directory>
diff --git a/examples/apache2_perl.conf b/examples/apache2_perl.conf
deleted file mode 100644
index a4721b5b..00000000
--- a/examples/apache2_perl.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# Example Apache2 configuration using Plack::Handler::Apache2
-# Adjust paths to your installation
-
-ServerName "public-inbox"
-ServerRoot "/var/www"
-DocumentRoot "/var/www"
-ErrorLog "/tmp/public-inbox-error.log"
-PidFile "/tmp/public-inbox.pid"
-Listen 127.0.0.1:8080
-LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so
-
-# no need to set no rely on HOME if using this:
-PerlSetEnv PI_CONFIG /home/pi/.public-inbox/config
-
-<Location />
-	SetHandler perl-script
-	PerlResponseHandler Plack::Handler::Apache2
-	PerlSetVar psgi_app /path/to/public-inbox.psgi
-</Location>
-
-# Optional, preload the application in the parent like startup.pl
-<Perl>
-	use Plack::Handler::Apache2;
-	Plack::Handler::Apache2->preload("/path/to/public-inbox.psgi");
-</Perl>
diff --git a/examples/apache2_perl_old.conf b/examples/apache2_perl_old.conf
deleted file mode 100644
index a6de2304..00000000
--- a/examples/apache2_perl_old.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-# Example legacy Apache2 configuration using CGI + mod_perl2
-# Consider using Plack::Handler::Apache2 instead (see apache2_perl.conf)
-# Adjust paths to your installation
-
-ServerName "public-inbox"
-ServerRoot "/var/www/cgi-bin"
-DocumentRoot "/var/www/cgi-bin"
-ErrorLog "/tmp/public-inbox-error.log"
-PidFile "/tmp/public-inbox.pid"
-Listen 127.0.0.1:8080
-LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so
-LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
-LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
-LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
-TypesConfig "/dev/null"
-
-# PerlPassEnv PATH # this is implicit
-<Directory /var/www/cgi-bin>
-	Options +ExecCGI
-	AddHandler perl-script .cgi
-	PerlResponseHandler ModPerl::Registry
-	PerlOptions +ParseHeaders
-
-	# we use this hack to ensure "public-inbox.cgi" doesn't show up
-	# in any of our redirects:
-	PerlSetEnv NO_SCRIPT_NAME 1
-
-	# no need to set no rely on HOME if using this:
-	PerlSetEnv PI_CONFIG /home/pi/.public-inbox/config
-
-	# our public-inbox.cgi requires PATH_INFO-based URLs with minimal
-	# use of query parameters
-	DirectoryIndex public-inbox.cgi
-	RewriteEngine On
-	RewriteCond %{REQUEST_FILENAME} !-f
-	RewriteCond %{REQUEST_FILENAME} !-d
-	RewriteRule ^.* /public-inbox.cgi/$0 [L,PT]
-</Directory>
diff --git a/examples/cgi-webrick.rb b/examples/cgi-webrick.rb
deleted file mode 100644
index 5554a012..00000000
--- a/examples/cgi-webrick.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/env ruby
-# Sample configuration using WEBrick, mainly intended dev/testing
-# for folks familiar with Ruby and not various Perl webserver
-# deployment options.  For those familiar with Perl web servers,
-# plackup(1) is recommended for development and public-inbox-httpd(1)
-# is our production deployment server.
-require 'webrick'
-require 'logger'
-options = {
-  :BindAddress => '127.0.0.1',
-  :Port => 8080,
-  :Logger => Logger.new($stderr),
-  :CGIPathEnv => ENV['PATH'], # need to run 'git' commands
-  :AccessLog => [
-    [ Logger.new($stdout), WEBrick::AccessLog::COMBINED_LOG_FORMAT ]
-  ],
-}
-server = WEBrick::HTTPServer.new(options)
-server.mount("/",
-             WEBrick::HTTPServlet::CGIHandler,
-            "/var/www/cgi-bin/public-inbox.cgi")
-['INT', 'TERM'].each do |signal|
-  trap(signal) {exit!(0)}
-end
-server.start

[PATCH 2/4] examples: consolidate systemd socket examples

[Eric Wong]

systemd.socket(5) files can actually contain multiple listen
sockets, so shave down inode overhead and simplify config
file management by consolidating all applicable ports into
a single file for each daemon.
---
 MANIFEST                                |  3 ---
 examples/public-inbox-imap-onion.socket | 12 ------------
 examples/public-inbox-imapd.socket      | 14 +++++++++++++-
 examples/public-inbox-imapd@.service    |  9 +++------
 examples/public-inbox-imaps.socket      | 12 ------------
 examples/public-inbox-nntpd.socket      | 18 ++++++++++++++++--
 examples/public-inbox-nntpd@.service    |  6 +++---
 examples/public-inbox-nntps.socket      | 12 ------------
 8 files changed, 35 insertions(+), 51 deletions(-)
 delete mode 100644 examples/public-inbox-imap-onion.socket
 delete mode 100644 examples/public-inbox-imaps.socket
 delete mode 100644 examples/public-inbox-nntps.socket

diff --git a/MANIFEST b/MANIFEST
index 196b9627..9900b776 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -134,13 +134,10 @@ examples/nginx_proxy
 examples/public-inbox-config
 examples/public-inbox-httpd.socket
 examples/public-inbox-httpd@.service
-examples/public-inbox-imap-onion.socket
 examples/public-inbox-imapd.socket
 examples/public-inbox-imapd@.service
-examples/public-inbox-imaps.socket
 examples/public-inbox-nntpd.socket
 examples/public-inbox-nntpd@.service
-examples/public-inbox-nntps.socket
 examples/public-inbox-watch.service
 examples/public-inbox.psgi
 examples/unsubscribe-milter.socket
diff --git a/examples/public-inbox-imap-onion.socket b/examples/public-inbox-imap-onion.socket
deleted file mode 100644
index 76b4e7ca..00000000
--- a/examples/public-inbox-imap-onion.socket
+++ /dev/null
@@ -1,12 +0,0 @@
-# ==> /etc/systemd/system/public-inbox-imap-onion.socket <==
-# This unit is for the corresponding line in torrc(5):
-# HiddenServicePort 143 unix:/run/imapd.onion.sock
-[Unit]
-Description = public-inbox-imap .onion socket
-
-[Socket]
-ListenStream = /run/imapd.onion.sock
-Service = public-inbox-imapd@1.service
-
-[Install]
-WantedBy = sockets.target
diff --git a/examples/public-inbox-imapd.socket b/examples/public-inbox-imapd.socket
index fcd924fd..c3c55ea1 100644
--- a/examples/public-inbox-imapd.socket
+++ b/examples/public-inbox-imapd.socket
@@ -1,11 +1,23 @@
 # ==> /etc/systemd/system/public-inbox-imapd.socket <==
+# This contains 5 sockets for an public-inbox-imapd instance.
+# The TCP ports are well-known ports registered in /etc/services.
+# The /run/imapd.onion.sock entry is meant for the Tor hidden service
+# enabled by the following line in the torrc(5) file:
+#   HiddenServicePort 143 unix:/run/imapd.onion.sock
 [Unit]
-Description = public-inbox-imapd socket
+Description = public-inbox-imapd sockets
 
 [Socket]
 ListenStream = 0.0.0.0:143
+ListenStream = 0.0.0.0:993
+ListenStream = /run/imapd.onion.sock
+
+# Separating IPv4 from IPv6 listeners makes for nicer output
+# of IPv4 addresses in various reporting/monitoring tools
 BindIPv6Only = ipv6-only
 ListenStream = [::]:143
+ListenStream = [::]:993
+
 Service = public-inbox-imapd@1.service
 
 [Install]
diff --git a/examples/public-inbox-imapd@.service b/examples/public-inbox-imapd@.service
index e0446ed3..f7428d85 100644
--- a/examples/public-inbox-imapd@.service
+++ b/examples/public-inbox-imapd@.service
@@ -7,10 +7,8 @@
 
 [Unit]
 Description = public-inbox-imapd IMAP server %i
-Wants = public-inbox-imapd.socket public-inbox-imaps.socket \
-public-inbox-imap-onion.socket
-After = public-inbox-imapd.socket public-inbox-imaps.socket \
-public-inbox-imap-onion.socket
+Wants = public-inbox-imapd.socket
+After = public-inbox-imapd.socket
 
 [Service]
 Environment = PI_CONFIG=/home/pi/.public-inbox/config \
@@ -29,8 +27,7 @@ StandardError = syslog
 # simultaneous services
 NonBlocking = true
 
-Sockets = public-inbox-imapd.socket public-inbox-imaps.socket \
-public-inbox-imap-onion.socket
+Sockets = public-inbox-imapd.socket
 
 KillSignal = SIGQUIT
 User = nobody
diff --git a/examples/public-inbox-imaps.socket b/examples/public-inbox-imaps.socket
deleted file mode 100644
index b61cc742..00000000
--- a/examples/public-inbox-imaps.socket
+++ /dev/null
@@ -1,12 +0,0 @@
-# ==> /etc/systemd/system/public-inbox-imaps.socket <==
-[Unit]
-Description = public-inbox-imaps socket
-
-[Socket]
-ListenStream = 0.0.0.0:993
-BindIPv6Only = ipv6-only
-ListenStream = [::]:993
-Service = public-inbox-imapd@1.service
-
-[Install]
-WantedBy = sockets.target
diff --git a/examples/public-inbox-nntpd.socket b/examples/public-inbox-nntpd.socket
index eeddf343..0a3ccb2f 100644
--- a/examples/public-inbox-nntpd.socket
+++ b/examples/public-inbox-nntpd.socket
@@ -1,9 +1,23 @@
 # ==> /etc/systemd/system/public-inbox-nntpd.socket <==
+# This contains 5 sockets for an public-inbox-nntpd instance.
+# The TCP ports are well-known ports registered in /etc/services.
+# The /run/nntpd.onion.sock entry is meant for the Tor hidden service
+# enabled by the following line in the torrc(5) file:
+#   HiddenServicePort 119 unix:/run/nntpd.onion.sock
 [Unit]
-Description = public-inbox-nntpd socket
+Description = public-inbox-nntpd sockets
 
 [Socket]
-ListenStream = 119
+ListenStream = 0.0.0.0:119
+ListenStream = 0.0.0.0:563
+ListenStream = /run/nntpd.onion.sock
+
+# Separating IPv4 from IPv6 listeners makes for nicer output
+# of IPv4 addresses in various reporting/monitoring tools
+BindIPv6Only = ipv6-only
+ListenStream = [::]:119
+ListenStream = [::]:563
+
 Service = public-inbox-nntpd@1.service
 
 [Install]
diff --git a/examples/public-inbox-nntpd@.service b/examples/public-inbox-nntpd@.service
index 4dd2f5d7..d6aea067 100644
--- a/examples/public-inbox-nntpd@.service
+++ b/examples/public-inbox-nntpd@.service
@@ -7,8 +7,8 @@
 
 [Unit]
 Description = public-inbox NNTP server %i
-Wants = public-inbox-nntpd.socket public-inbox-nntps.socket
-After = public-inbox-nntpd.socket public-inbox-nntps.socket
+Wants = public-inbox-nntpd.socket
+After = public-inbox-nntpd.socket
 
 [Service]
 Environment = PI_CONFIG=/home/pi/.public-inbox/config \
@@ -27,7 +27,7 @@ StandardError = syslog
 # simultaneous services
 NonBlocking = true
 
-Sockets = public-inbox-nntpd.socket public-inbox-nntps.socket
+Sockets = public-inbox-nntpd.socket
 
 KillSignal = SIGQUIT
 User = nobody
diff --git a/examples/public-inbox-nntps.socket b/examples/public-inbox-nntps.socket
deleted file mode 100644
index fa678196..00000000
--- a/examples/public-inbox-nntps.socket
+++ /dev/null
@@ -1,12 +0,0 @@
-# ==> /etc/systemd/system/public-inbox-nntps.socket <==
-[Unit]
-Description = public-inbox-nntps socket
-
-[Socket]
-ListenStream = 0.0.0.0:563
-BindIPv6Only = ipv6-only
-ListenStream = [::]:563
-Service = public-inbox-nntpd@1.service
-
-[Install]
-WantedBy = sockets.target

[PATCH 3/4] examples: add systemd files for -netd

[Eric Wong]

It's important show that a single systemd service and socket file
can replace all other read-only daemons for ease-of-management.
---
 MANIFEST                             |  2 +
 examples/public-inbox-httpd.socket   |  3 ++
 examples/public-inbox-httpd@.service |  3 ++
 examples/public-inbox-imapd.socket   |  3 ++
 examples/public-inbox-imapd@.service |  3 ++
 examples/public-inbox-netd.socket    | 45 +++++++++++++++++++++
 examples/public-inbox-netd@.service  | 60 ++++++++++++++++++++++++++++
 examples/public-inbox-nntpd.socket   |  3 ++
 examples/public-inbox-nntpd@.service |  3 ++
 9 files changed, 125 insertions(+)
 create mode 100644 examples/public-inbox-netd.socket
 create mode 100644 examples/public-inbox-netd@.service

diff --git a/MANIFEST b/MANIFEST
index 9900b776..cc0a9a4c 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -136,6 +136,8 @@ examples/public-inbox-httpd.socket
 examples/public-inbox-httpd@.service
 examples/public-inbox-imapd.socket
 examples/public-inbox-imapd@.service
+examples/public-inbox-netd.socket
+examples/public-inbox-netd@.service
 examples/public-inbox-nntpd.socket
 examples/public-inbox-nntpd@.service
 examples/public-inbox-watch.service
diff --git a/examples/public-inbox-httpd.socket b/examples/public-inbox-httpd.socket
index 1a1ed735..3a6e4432 100644
--- a/examples/public-inbox-httpd.socket
+++ b/examples/public-inbox-httpd.socket
@@ -1,4 +1,7 @@
 # ==> /etc/systemd/system/public-inbox-httpd.socket <==
+# Consider looking at public-inbox-netd.socket instead of this file
+# to simplify management when serving multiple protocols.
+
 [Unit]
 Description = public-inbox-httpd socket
 
diff --git a/examples/public-inbox-httpd@.service b/examples/public-inbox-httpd@.service
index 147f7c6d..73731533 100644
--- a/examples/public-inbox-httpd@.service
+++ b/examples/public-inbox-httpd@.service
@@ -1,4 +1,7 @@
 # ==> /etc/systemd/system/public-inbox-httpd@.service <==
+# Consider looking at public-inbox-netd@.service instead of this file
+# to simplify management when serving multiple protocols.
+#
 # Since SIGUSR2 upgrades do not work under systemd, this service file
 # allows starting two simultaneous services during upgrade time
 # (e.g. public-inbox-httpd@1 public-inbox-httpd@2) with the intention
diff --git a/examples/public-inbox-imapd.socket b/examples/public-inbox-imapd.socket
index c3c55ea1..22ce16fb 100644
--- a/examples/public-inbox-imapd.socket
+++ b/examples/public-inbox-imapd.socket
@@ -1,4 +1,7 @@
 # ==> /etc/systemd/system/public-inbox-imapd.socket <==
+# Consider looking at public-inbox-netd.socket instead of this file
+# to simplify management when serving multiple protocols.
+#
 # This contains 5 sockets for an public-inbox-imapd instance.
 # The TCP ports are well-known ports registered in /etc/services.
 # The /run/imapd.onion.sock entry is meant for the Tor hidden service
diff --git a/examples/public-inbox-imapd@.service b/examples/public-inbox-imapd@.service
index f7428d85..300019a8 100644
--- a/examples/public-inbox-imapd@.service
+++ b/examples/public-inbox-imapd@.service
@@ -1,4 +1,7 @@
 # ==> /etc/systemd/system/public-inbox-imapd@.service <==
+# Consider looking at public-inbox-netd@.service instead of this file
+# to simplify management when serving multiple protocols.
+#
 # Since SIGUSR2 upgrades do not work under systemd, this service file
 # allows starting two simultaneous services during upgrade time
 # (e.g. public-inbox-imapd@1 public-inbox-imapd@2) with the intention
diff --git a/examples/public-inbox-netd.socket b/examples/public-inbox-netd.socket
new file mode 100644
index 00000000..9a19602e
--- /dev/null
+++ b/examples/public-inbox-netd.socket
@@ -0,0 +1,45 @@
+# ==> /etc/systemd/system/public-inbox-netd.socket <==
+# This contains all the services that public-inbox-netd can run;
+# allowing it to replace (or run in parallel to) any existing -httpd,
+# -imapd, -nntpd, or -pop3d instances.
+#
+# The TCP ports are well-known ports registered in /etc/services.
+# The /run/*.sock entries are meant for the Tor hidden service
+# enabled by the following lines in the torrc(5) file:
+#   HiddenServicePort 110 unix:/run/pop3.sock
+#   HiddenServicePort 119 unix:/run/nntp.sock
+#   HiddenServicePort 143 unix:/run/imap.sock
+[Unit]
+Description = public-inbox-netd sockets
+
+[Socket]
+# for tor (see torrc(5))
+ListenStream = /run/imap.sock
+ListenStream = /run/pop3.sock
+ListenStream = /run/nntp.sock
+
+# this is for varnish:
+ListenStream = 127.0.0.1:280
+
+# public facing
+ListenStream = 0.0.0.0:110
+ListenStream = 0.0.0.0:119
+ListenStream = 0.0.0.0:143
+ListenStream = 0.0.0.0:563
+ListenStream = 0.0.0.0:993
+ListenStream = 0.0.0.0:995
+
+# Separating IPv4 from IPv6 listeners makes for nicer output
+# of IPv4 addresses in various reporting/monitoring tools
+BindIPv6Only = ipv6-only
+ListenStream = [::]:110
+ListenStream = [::]:119
+ListenStream = [::]:143
+ListenStream = [::]:563
+ListenStream = [::]:993
+ListenStream = [::]:995
+
+Service = public-inbox-netd@1.service
+
+[Install]
+WantedBy = sockets.target
diff --git a/examples/public-inbox-netd@.service b/examples/public-inbox-netd@.service
new file mode 100644
index 00000000..de5feea6
--- /dev/null
+++ b/examples/public-inbox-netd@.service
@@ -0,0 +1,60 @@
+# ==> /etc/systemd/system/public-inbox-netd@.service <==
+# Since SIGUSR2 upgrades do not work under systemd, this service file
+# allows starting two simultaneous services during upgrade time
+# (e.g. public-inbox-netd@1 public-inbox-netd@2) with the intention
+# that they take turns running in-between upgrades.  This should
+# allow upgrading without downtime.
+# For servers expecting visitors from multiple timezones, TZ=UTC
+# is needed to ensure a consistent approxidate experience with search.
+[Unit]
+Description = public-inbox-netd server %i
+Wants = public-inbox-netd.socket
+After = public-inbox-netd.socket
+
+[Service]
+Environment = PI_CONFIG=/home/pi/.public-inbox/config \
+PATH=/usr/local/bin:/usr/bin:/bin \
+TZ=UTC \
+PERL_INLINE_DIRECTORY=/tmp/.netd-inline
+
+LimitNOFILE = 30000
+LimitCORE = infinity
+ExecStartPre = /bin/mkdir -p -m 1777 /tmp/.netd-inline
+
+# The '-l' args below map each socket in public-inbox-netd.socket to
+# the appropriate IANA service name:
+ExecStart = /usr/local/bin/public-inbox-netd -W0 \
+-1 /var/log/netd/stdout.out.log \
+--cert /etc/ssl/certs/news.example.com.pem \
+--key /etc/ssl/private/news.example.com.key
+-l imap:///run/imap.sock?out=/var/log/netd/imap.out,err=/var/log/netd/imap.err \
+-l nntp:///run/nntp.sock?out=/var/log/netd/nntp.out,err=/var/log/netd/nntp.err \
+-l pop3:///run/pop3.sock?out=/var/log/netd/pop3.out,err=/var/log/netd/pop3.err \
+-l imap://0.0.0.0/?out=/var/log/netd/imap.out,err=/var/log/netd/imap.err \
+-l nntp://0.0.0.0/?out=/var/log/netd/nntp.out,err=/var/log/netd/nntp.err \
+-l pop3://0.0.0.0/?out=/var/log/netd/pop3.out,err=/var/log/netd/pop3.err \
+-l imap://[::]/?out=/var/log/netd/imap.out,err=/var/log/netd/imap.err \
+-l nntp://[::]/?out=/var/log/netd/nntp.out,err=/var/log/netd/nntp.err \
+-l pop3://[::]/?out=/var/log/netd/pop3.out,err=/var/log/netd/pop3.err \
+-l imaps://0.0.0.0/?out=/var/log/netd/imap.out,err=/var/log/netd/imap.err \
+-l nntps://0.0.0.0/?out=/var/log/netd/nntp.out,err=/var/log/netd/nntp.err \
+-l pop3s://0.0.0.0/?out=/var/log/netd/pop3.out,err=/var/log/netd/pop3.err \
+-l imaps://[::]/?out=/var/log/netd/imap.out,err=/var/log/netd/imap.err \
+-l nntps://[::]/?out=/var/log/netd/nntp.out,err=/var/log/netd/nntp.err \
+-l pop3s://[::]/?out=/var/log/netd/pop3.out,err=/var/log/netd/pop3.err \
+-l http://127.0.0.1:280/?psgi=/etc/public.psgi,err=/var/log/netd/http.err
+
+# NonBlocking is REQUIRED to avoid a race condition if running
+# simultaneous services
+NonBlocking = true
+
+Sockets = public-inbox-netd.socket
+KillSignal = SIGQUIT
+User = news
+Group = ssl-cert
+ExecReload = /bin/kill -HUP $MAINPID
+TimeoutStopSec = 30
+KillMode = process
+
+[Install]
+WantedBy = multi-user.target
diff --git a/examples/public-inbox-nntpd.socket b/examples/public-inbox-nntpd.socket
index 0a3ccb2f..10335d8d 100644
--- a/examples/public-inbox-nntpd.socket
+++ b/examples/public-inbox-nntpd.socket
@@ -1,4 +1,7 @@
 # ==> /etc/systemd/system/public-inbox-nntpd.socket <==
+# Consider looking at public-inbox-netd.socket instead of this file
+# to simplify management when serving multiple protocols.
+#
 # This contains 5 sockets for an public-inbox-nntpd instance.
 # The TCP ports are well-known ports registered in /etc/services.
 # The /run/nntpd.onion.sock entry is meant for the Tor hidden service
diff --git a/examples/public-inbox-nntpd@.service b/examples/public-inbox-nntpd@.service
index d6aea067..56e1cc8f 100644
--- a/examples/public-inbox-nntpd@.service
+++ b/examples/public-inbox-nntpd@.service
@@ -1,4 +1,7 @@
 # ==> /etc/systemd/system/public-inbox-nntpd@.service <==
+# Consider looking at public-inbox-netd@.service instead of this file
+# to simplify management when serving multiple protocols.
+#
 # Since SIGUSR2 upgrades do not work under systemd, this service file
 # allows starting two simultaneous services during upgrade time
 # (e.g. public-inbox-nntpd@1 public-inbox-nntpd@2) with the intention

[PATCH 4/4] doc: spell out "PROTOCOL" in examples

[Eric Wong]

"PROTO" is probably ambiguous, and we'll use the same
terminology as used in curl(1) documentation.
---
 Documentation/lei-blob.pod            | 2 +-
 Documentation/lei-convert.pod         | 2 +-
 Documentation/lei-import.pod          | 2 +-
 Documentation/lei-lcat.pod            | 2 +-
 Documentation/lei-q.pod               | 2 +-
 Documentation/lei-rediff.pod          | 2 +-
 Documentation/public-inbox-daemon.pod | 4 ++--
 Documentation/public-inbox-imapd.pod  | 6 +++---
 Documentation/public-inbox-netd.pod   | 4 ++--
 Documentation/public-inbox-nntpd.pod  | 4 ++--
 Documentation/public-inbox-pop3d.pod  | 6 +++---
 11 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/Documentation/lei-blob.pod b/Documentation/lei-blob.pod
index e401bb47..558fc54c 100644
--- a/Documentation/lei-blob.pod
+++ b/Documentation/lei-blob.pod
@@ -86,7 +86,7 @@ reconstructed from patch emails.
 
 =item --no-torsocks
 
-=item --proxy=PROTO://HOST[:PORT]
+=item --proxy=PROTOCOL://HOST[:PORT]
 
 =back
 
diff --git a/Documentation/lei-convert.pod b/Documentation/lei-convert.pod
index c113db18..b3e29824 100644
--- a/Documentation/lei-convert.pod
+++ b/Documentation/lei-convert.pod
@@ -48,7 +48,7 @@ L<lei-q(1)>.
 
 =item --no-torsocks
 
-=item --proxy=PROTO://HOST[:PORT]
+=item --proxy=PROTOCOL://HOST[:PORT]
 
 =back
 
diff --git a/Documentation/lei-import.pod b/Documentation/lei-import.pod
index ad769084..4ac7dccd 100644
--- a/Documentation/lei-import.pod
+++ b/Documentation/lei-import.pod
@@ -81,7 +81,7 @@ Whether to wrap L<git(1)> and L<curl(1)> commands with L<torsocks(1)>.
 
 Default: C<auto>
 
-=item --proxy=PROTO://HOST[:PORT]
+=item --proxy=PROTOCOL://HOST[:PORT]
 
 Use the specified proxy (e.g., C<socks5h://0:9050>).
 
diff --git a/Documentation/lei-lcat.pod b/Documentation/lei-lcat.pod
index e85e5e67..e8073862 100644
--- a/Documentation/lei-lcat.pod
+++ b/Documentation/lei-lcat.pod
@@ -52,7 +52,7 @@ which lets you pipe arbitrary lines to arbitrary commands).
 
 =item --torsocks=auto|no|yes, --no-torsocks
 
-=item --proxy=PROTO://HOST[:PORT]
+=item --proxy=PROTOCOL://HOST[:PORT]
 
 =item -o MFOLDER, --output=MFOLDER
 
diff --git a/Documentation/lei-q.pod b/Documentation/lei-q.pod
index 1cbffba4..2f0c3bc6 100644
--- a/Documentation/lei-q.pod
+++ b/Documentation/lei-q.pod
@@ -241,7 +241,7 @@ Whether to wrap L<git(1)> and L<curl(1)> commands with L<torsocks(1)>.
 
 Default: C<auto>
 
-=item --proxy=PROTO://HOST[:PORT]
+=item --proxy=PROTOCOL://HOST[:PORT]
 
 =back
 
diff --git a/Documentation/lei-rediff.pod b/Documentation/lei-rediff.pod
index 4d5e8168..f18548d3 100644
--- a/Documentation/lei-rediff.pod
+++ b/Documentation/lei-rediff.pod
@@ -104,7 +104,7 @@ The options below, described in L<lei-q(1)>, are also supported.
 
 =item --torsocks=auto|no|yes, --no-torsocks
 
-=item --proxy=PROTO://HOST[:PORT]
+=item --proxy=PROTOCOL://HOST[:PORT]
 
 =back
 
diff --git a/Documentation/public-inbox-daemon.pod b/Documentation/public-inbox-daemon.pod
index 5d26ce56..81a79a10 100644
--- a/Documentation/public-inbox-daemon.pod
+++ b/Documentation/public-inbox-daemon.pod
@@ -31,9 +31,9 @@ processes to take advantage of multiple CPUs.
 
 =over
 
-=item -l [PROTO://]ADDRESS[?opt1=val1,opt2=val2]
+=item -l [PROTOCOL://]ADDRESS[?opt1=val1,opt2=val2]
 
-=item --listen [PROTO://]ADDRESS[?opt1=val1,opt2=val2]
+=item --listen [PROTOCOL://]ADDRESS[?opt1=val1,opt2=val2]
 
 This takes an absolute path to a Unix socket or HOST:PORT
 to listen on.  For example, to listen to TCP connections on
diff --git a/Documentation/public-inbox-imapd.pod b/Documentation/public-inbox-imapd.pod
index 23577a69..85bf3651 100644
--- a/Documentation/public-inbox-imapd.pod
+++ b/Documentation/public-inbox-imapd.pod
@@ -27,12 +27,12 @@ are supported and documented below.
 
 =over
 
-=item -l PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item -l PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
-=item --listen PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item --listen PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
 In addition to the normal C<-l>/C<--listen> switch described in
-L<public-inbox-daemon(8)>, the C<PROTO> prefix (e.g. C<imap://> or
+L<public-inbox-daemon(8)>, the C<PROTOCOL> prefix (e.g. C<imap://> or
 C<imaps://>) may be specified to force a given protocol.
 
 For STARTTLS and IMAPS support, the C<cert> and C<key> may be specified
diff --git a/Documentation/public-inbox-netd.pod b/Documentation/public-inbox-netd.pod
index 4dc27749..71425e3c 100644
--- a/Documentation/public-inbox-netd.pod
+++ b/Documentation/public-inbox-netd.pod
@@ -25,9 +25,9 @@ See common options in L<public-inbox-daemon(8)/OPTIONS>.
 
 =over
 
-=item -l PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item -l PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
-=item --listen PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item --listen PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
 =item -l http://ADDRESS/?env.PI_CONFIG=/path/to/cfg,psgi=/path/to/app.psgi
 
diff --git a/Documentation/public-inbox-nntpd.pod b/Documentation/public-inbox-nntpd.pod
index cf53da59..59111f92 100644
--- a/Documentation/public-inbox-nntpd.pod
+++ b/Documentation/public-inbox-nntpd.pod
@@ -26,9 +26,9 @@ are supported and documented below.
 
 =over
 
-=item -l PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item -l PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
-=item --listen PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item --listen PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
 In addition to the normal C<-l>/C<--listen> switch described in
 L<public-inbox-daemon(8)>, the protocol prefix (e.g. C<nntp://> or
diff --git a/Documentation/public-inbox-pop3d.pod b/Documentation/public-inbox-pop3d.pod
index 0404c2a7..fb16fb96 100644
--- a/Documentation/public-inbox-pop3d.pod
+++ b/Documentation/public-inbox-pop3d.pod
@@ -50,12 +50,12 @@ See common options in L<public-inbox-daemon(8)/OPTIONS>.
 
 =over
 
-=item -l PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item -l PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
-=item --listen PROTO://ADDRESS/?cert=/path/to/cert,key=/path/to/key
+=item --listen PROTOCOL://ADDRESS/?cert=/path/to/cert,key=/path/to/key
 
 In addition to the normal C<-l>/C<--listen> switch described in
-L<public-inbox-daemon(8)>, the C<PROTO> prefix (e.g. C<pop3://> or
+L<public-inbox-daemon(8)>, the C<PROTOCOL> prefix (e.g. C<pop3://> or
 C<pop3s://>) may be specified to force a given protocol.
 
 For STARTTLS and POP3S support, the C<cert> and C<key> may be specified