From a5afe4bd06223f71a44ea7d42e9fb2ba3d178154 Mon Sep 17 00:00:00 2001
From: Kristoffer Dalby <kristoffer@tailscale.com>
Date: Thu, 20 Apr 2023 15:43:02 +0200
Subject: [PATCH] Add more capabilities for systemd

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
---
 CHANGELOG.md                             | 6 ++++++
 docs/packaging/headscale.systemd.service | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 59ca7b2d..0345ec90 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@
 
 ### Changes
 
+## 0.22.1 (2023-04-20)
+
+### Changes
+
+- Fix issue where SystemD could not bind to port 80 [#1365](https://github.com/juanfont/headscale/pull/1365)
+
 ## 0.22.0 (2023-04-20)
 
 ### Changes
diff --git a/docs/packaging/headscale.systemd.service b/docs/packaging/headscale.systemd.service
index 954ab37f..36b0ae4e 100644
--- a/docs/packaging/headscale.systemd.service
+++ b/docs/packaging/headscale.systemd.service
@@ -16,7 +16,7 @@ WorkingDirectory=/var/lib/headscale
 ReadWritePaths=/var/lib/headscale /var/run
 
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
-CapabilityBoundingSet=CAP_CHOWN
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
 LockPersonality=true
 NoNewPrivileges=true
 PrivateDevices=true