Makefile

@@ -49,10 +49,11 @@ deb: $(BUILD_DIR)/caddy
 	sed 's/{{VERSION}}/$(VERSION)-$(REVISION)/g; s/{{ARCH}}/$(ARCH)/g' debian/control > $(STAGING_DIR)/DEBIAN/control
 
 	@# Scripts
+	cp debian/preinst $(STAGING_DIR)/DEBIAN/
 	cp debian/postinst $(STAGING_DIR)/DEBIAN/
 	cp debian/prerm $(STAGING_DIR)/DEBIAN/
 	cp debian/postrm $(STAGING_DIR)/DEBIAN/
-	chmod 755 $(STAGING_DIR)/DEBIAN/postinst $(STAGING_DIR)/DEBIAN/prerm $(STAGING_DIR)/DEBIAN/postrm
+	chmod 755 $(STAGING_DIR)/DEBIAN/preinst $(STAGING_DIR)/DEBIAN/postinst $(STAGING_DIR)/DEBIAN/prerm $(STAGING_DIR)/DEBIAN/postrm
 
 	@# Conffiles
 	cp debian/conffiles $(STAGING_DIR)/DEBIAN/

debian/postinst

@@ -1,6 +1,15 @@
 #!/bin/sh
+# postinst for madcat-caddy
+#
+# Handles:
+#   - Fresh install (no prior caddy)
+#   - Upgrade from stock caddy with masked service
+#   - Upgrade from previous madcat-caddy
+
 set -e
 
+UNIT_PATH="/usr/lib/systemd/system/caddy.service"
+
 # Create caddy user/group if they don't exist
 if ! getent group caddy >/dev/null 2>&1; then
     groupadd --system caddy
@@ -16,9 +25,57 @@ mkdir -p /var/lib/caddy/.config/caddy
 mkdir -p /var/lib/caddy/.local/share/caddy
 chown -R caddy:caddy /var/lib/caddy
 
-# Enable and start the service
+# Stop caddy-api.service if it exists (leftover from stock caddy)
 if [ -d /run/systemd/system ]; then
+    systemctl stop caddy-api.service 2>/dev/null || true
+fi
+
+# Handle systemd service setup
+if [ -d /run/systemd/system ]; then
+    # If the unit file is missing (removed during package transition) or is a
+    # dangling symlink (masked unit pointing to /dev/null), recreate it.
+    if [ ! -f "$UNIT_PATH" ] || [ -L "$UNIT_PATH" ]; then
+        # Unmask first — removes the /dev/null symlink if masked
+        systemctl unmask caddy.service 2>/dev/null || true
+
+        # If still missing after unmask, recreate from our embedded copy
+        if [ ! -f "$UNIT_PATH" ]; then
+            mkdir -p "$(dirname "$UNIT_PATH")"
+            cat > "$UNIT_PATH" << 'UNIT'
+[Unit]
+Description=Caddy web server (madcat-caddy)
+Documentation=https://caddyserver.com/docs/
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=notify
+User=caddy
+Group=caddy
+ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+LimitNPROC=512
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+UNIT
+        fi
+    fi
+
+    # Reload systemd to pick up the unit file (new or recreated)
     systemctl daemon-reload
+
+    # Unmask again after reload in case it was masked in systemd's state
+    systemctl unmask caddy.service 2>/dev/null || true
+
+    # Enable and start
     systemctl enable caddy.service
     systemctl start caddy.service || true
 fi

debian/preinst

@@ -0,0 +1,14 @@
+#!/bin/sh
+# preinst for madcat-caddy
+#
+# Stop existing caddy services before install/upgrade.
+# Guards against failures when services don't exist (e.g., caddy-api.service
+# from stock caddy may not be present on all systems).
+
+set -e
+
+if [ -d /run/systemd/system ]; then
+    # Stop stock caddy services — both may not exist, so guard with || true
+    systemctl stop caddy.service 2>/dev/null || true
+    systemctl stop caddy-api.service 2>/dev/null || true
+fi