Put low port privilege into an optional subpackage

Move "AmbientCapabilities=CAP_NET_BIND_SERVICE" to the "[Service]"
section of the optional "lowport" unit drop-in file and package that
drop-in in a separate, optionally installable jellyfin-server-lowports
subpackage.

This isolates the CAP_NET_BIND_SERVICE capability to only installations
that desire it.

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>

fedora/jellyfin-server-lowports.conf

@@ -0,0 +1,4 @@
+# This allows Jellyfin to bind to low ports such as 80 and/or 443
+
+[Service]
+AmbientCapabilities=CAP_NET_BIND_SERVICE

fedora/jellyfin.service

@@ -3,7 +3,6 @@ After=network-online.target
 Description=Jellyfin is a free software media system that puts you in control of managing and streaming your media.
 
 [Service]
-AmbientCapabilities=CAP_NET_BIND_SERVICE
 EnvironmentFile=/etc/sysconfig/jellyfin
 WorkingDirectory=/var/lib/jellyfin
 ExecStart=/usr/bin/jellyfin ${JELLYFIN_WEB_OPT} ${JELLYFIN_RESTART_OPT} ${JELLYFIN_FFMPEG_OPT} ${JELLYFIN_SERVICE_OPT} ${JELLYFIN_NOWEBAPP_OPT}

fedora/jellyfin.spec

@@ -12,7 +12,7 @@ Release:        1%{?dist}
 Summary:        The Free Software Media System
 License:        GPLv3
 URL:            https://jellyfin.org
-# Jellyfin Server tarball created by `make -f .copr/Makefile srpm`, real URL ends with `v%{version}.tar.gz`
+# Jellyfin Server tarball created by `make -f .copr/Makefile srpm`, real URL ends with `v%%{version}.tar.gz`
 Source0:        jellyfin-server-%{version}.tar.gz
 Source11:       jellyfin.service
 Source12:       jellyfin.env
@@ -20,6 +20,7 @@ Source13:       jellyfin.sudoers
 Source14:       restart.sh
 Source15:       jellyfin.override.conf
 Source16:       jellyfin-firewalld.xml
+Source17:       jellyfin-server-lowports.conf
 
 %{?systemd_requires}
 BuildRequires:  systemd
@@ -45,6 +46,16 @@ Requires:       libcurl, fontconfig, freetype, openssl, glibc, libicu, at, sudo
 %description server
 The Jellyfin media server backend.
 
+%package server-lowports
+# RPMfusion free
+Summary:        The Free Software Media System Server backend.  Low-port binding.
+Requires:       jellyfin-server
+
+%description server-lowports
+The Jellyfin media server backend low port binding package.  This package
+enables binding to ports < 1024.  You would install this if you want
+the Jellyfin server to bind to ports 80 and/or 443 for example.
+
 %prep
 %autosetup -n jellyfin-server-%{version} -b 0
 
@@ -57,6 +68,7 @@ dotnet publish --configuration Release --output='%{buildroot}%{_libdir}/jellyfin
     "-p:DebugSymbols=false;DebugType=none" Jellyfin.Server
 %{__install} -D -m 0644 LICENSE %{buildroot}%{_datadir}/licenses/jellyfin/LICENSE
 %{__install} -D -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/systemd/system/jellyfin.service.d/override.conf
+%{__install} -D -m 0644 %{SOURCE17} %{buildroot}%{_unitdir}/jellyfin.service.d/jellyfin-server-lowports.conf
 %{__install} -D -m 0644 Jellyfin.Server/Resources/Configuration/logging.json %{buildroot}%{_sysconfdir}/jellyfin/logging.json
 %{__mkdir} -p %{buildroot}%{_bindir}
 tee %{buildroot}%{_bindir}/jellyfin << EOF
@@ -95,6 +107,9 @@ EOF
 %attr(750,jellyfin,jellyfin) %dir %{_var}/cache/jellyfin
 %{_datadir}/licenses/jellyfin/LICENSE
 
+%files server-lowports
+%{_unitdir}/jellyfin.service.d/jellyfin-server-lowports.conf
+
 %pre server
 getent group jellyfin >/dev/null || groupadd -r jellyfin
 getent passwd jellyfin >/dev/null || \
@@ -137,6 +152,9 @@ fi
 %systemd_postun_with_restart jellyfin.service
 
 %changelog
+* Mon Nov 29 2021 Brian J. Murrell <brian@interlinx.bc.ca>
+- Add jellyfin-server-lowports.service drop-in in a server-lowports
+  subpackage to allow binding to low ports
 * Fri Dec 04 2020 Jellyfin Packaging Team <packaging@jellyfin.org>
 - Forthcoming stable release
 * Mon Jul 27 2020 Jellyfin Packaging Team <packaging@jellyfin.org>