# @summary Manages Stalwart Mail Server service
#
# @api private
class stalwart::service {
  assert_private()

  # Service is installed by the RPM package
  service { 'stalwart':
    ensure    => running,
    enable    => true,
    subscribe => [
      File[$stalwart::tls_cert],
      File[$stalwart::tls_key],
    ],
  }

  # Add capability to bind to privileged ports (143, 443, 993)
  systemd::manage_dropin { 'bind-capabilities.conf':
    ensure        => present,
    unit          => 'stalwart.service',
    service_entry => {
      'AmbientCapabilities' => 'CAP_NET_BIND_SERVICE',
    },
    notify        => Service['stalwart'],
  }
}