setting capabilities no longer works?

[skyfaller]

linode-caddy/roles/sunrise/handlers/main.yml

Lines 39 to 44 in 8502fd0

	- name: let caddy bind to ports 80 and 443
	capabilities:
	path: '{{ caddy_binary_location }}'
	capability: cap_net_bind_service=+ep
	state: present
	listen: restart caddy

has been failing on both production Arch Linux and test Alpine Linux. What's with that?

[skyfaller]

typical error:

RUNNING HANDLER [sunrise : let caddy bind to ports 80 and 443] ************************************************************
fatal: [america.maximumethics.dev]: FAILED! => {"changed": false, "msg": "Unable to get capabilities of /usr/bin/caddy", "stderr": "", "stderr_lines": [], "stdout": "/usr/bin/caddy cap_net_bind_service=ep", "stdout_lines": ["/usr/bin/caddy cap_net_bind_service=ep"]}

[skyfaller]

Maybe we're not supposed to do this at all on newer versions of systemd? https://newbedev.com/caddy-listen-tcp-443-bind-permission-denied

I guess I'll plan to disable it on Arch Linux, which is on systemd 250? We already have AmbientCapabilities=CAP_NET_BIND_SERVICE in our service file.