services: certbot: Rename 'host' to 'domain'.
* doc/guix.texi (Certificate Services): Rename 'host' to 'domain'. * gnu/services/certbot.scm (<certbot-configuration>, certbot-renewal-jobs, certbot-activation, certbot-nginx-server-configurations, certbot-service-type): Rename 'host' to 'domain'.master
Clément Lassieur
parent
301518638f
commit
966fd7b7e9
|
|
@ -15757,8 +15757,8 @@ The certbot package to use.
|
|||
The directory from which to serve the Let's Encrypt challenge/response
|
||||
files.
|
||||
|
||||
@item @code{hosts} (default: @code{()})
|
||||
A list of hosts for which to generate certificates and request
|
||||
@item @code{domains} (default: @code{()})
|
||||
A list of domains for which to generate certificates and request
|
||||
signatures.
|
||||
|
||||
@item @code{default-location} (default: @i{see below})
|
||||
|
|
@ -15766,7 +15766,7 @@ The default @code{nginx-location-configuration}. Because @code{certbot}
|
|||
needs to be able to serve challenges and responses, it needs to be able
|
||||
to run a web server. It does so by extending the @code{nginx} web
|
||||
service with an @code{nginx-server-configuration} listening on the
|
||||
@var{hosts} on port 80, and which has a
|
||||
@var{domains} on port 80, and which has a
|
||||
@code{nginx-location-configuration} for the @code{/.well-known/} URI
|
||||
path subspace used by Let's Encrypt. @xref{Web Services}, for more on
|
||||
these nginx configuration data types.
|
||||
|
|
@ -15776,7 +15776,7 @@ Requests to other URL paths will be matched by the
|
|||
@code{nginx-server-configuration}s.
|
||||
|
||||
By default, the @code{default-location} will issue a redirect from
|
||||
@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving
|
||||
@code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving
|
||||
you to define what to serve on your site via @code{https}.
|
||||
|
||||
Pass @code{#f} to not issue a default location.
|
||||
|
|
@ -15784,9 +15784,9 @@ Pass @code{#f} to not issue a default location.
|
|||
@end deftp
|
||||
|
||||
The public key and its signatures will be written to
|
||||
@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each
|
||||
@var{host} in the configuration. The private key is written to
|
||||
@code{/etc/letsencrypt/live/@var{host}/privkey.pem}.
|
||||
@code{/etc/letsencrypt/live/@var{domain}/fullchain.pem}, for each
|
||||
@var{domain} in the configuration. The private key is written to
|
||||
@code{/etc/letsencrypt/live/@var{domain}/privkey.pem}.
|
||||
|
||||
|
||||
@node DNS Services
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@
|
|||
(default certbot))
|
||||
(webroot certbot-configuration-webroot
|
||||
(default "/var/www"))
|
||||
(hosts certbot-configuration-hosts
|
||||
(domains certbot-configuration-domains
|
||||
(default '()))
|
||||
(default-location certbot-configuration-default-location
|
||||
(default
|
||||
|
|
@ -59,9 +59,9 @@
|
|||
|
||||
(define certbot-renewal-jobs
|
||||
(match-lambda
|
||||
(($ <certbot-configuration> package webroot hosts default-location)
|
||||
(match hosts
|
||||
;; Avoid pinging certbot if we have no hosts.
|
||||
(($ <certbot-configuration> package webroot domains default-location)
|
||||
(match domains
|
||||
;; Avoid pinging certbot if we have no domains.
|
||||
(() '())
|
||||
(_
|
||||
(list
|
||||
|
|
@ -71,37 +71,38 @@
|
|||
#~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
|
||||
(string-append #$package "/bin/certbot renew"
|
||||
(string-concatenate
|
||||
(map (lambda (host)
|
||||
(string-append " -d " host))
|
||||
'#$hosts))))))))))
|
||||
(map (lambda (domain)
|
||||
(string-append " -d " domain))
|
||||
'#$domains))))))))))
|
||||
|
||||
(define certbot-activation
|
||||
(match-lambda
|
||||
(($ <certbot-configuration> package webroot hosts default-location)
|
||||
(($ <certbot-configuration> package webroot domains default-location)
|
||||
(with-imported-modules '((guix build utils))
|
||||
#~(begin
|
||||
(use-modules (guix build utils))
|
||||
(mkdir-p #$webroot)
|
||||
(for-each
|
||||
(lambda (host)
|
||||
(unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host))
|
||||
(lambda (domain)
|
||||
(unless (file-exists?
|
||||
(in-vicinity "/etc/letsencrypt/live" domain))
|
||||
(unless (zero? (system*
|
||||
(string-append #$certbot "/bin/certbot")
|
||||
"certonly" "--webroot" "-w" #$webroot
|
||||
"-d" host))
|
||||
(error "failed to acquire cert for host" host))))
|
||||
'#$hosts))))))
|
||||
"-d" domain))
|
||||
(error "failed to acquire cert for domain" domain))))
|
||||
'#$domains))))))
|
||||
|
||||
(define certbot-nginx-server-configurations
|
||||
(match-lambda
|
||||
(($ <certbot-configuration> package webroot hosts default-location)
|
||||
(($ <certbot-configuration> package webroot domains default-location)
|
||||
(map
|
||||
(lambda (host)
|
||||
(lambda (domain)
|
||||
(nginx-server-configuration
|
||||
(listen '("80" "[::]:80"))
|
||||
(ssl-certificate #f)
|
||||
(ssl-certificate-key #f)
|
||||
(server-name (list host))
|
||||
(server-name (list domain))
|
||||
(locations
|
||||
(filter identity
|
||||
(list
|
||||
|
|
@ -109,7 +110,7 @@
|
|||
(uri "/.well-known")
|
||||
(body (list (list "root " webroot ";"))))
|
||||
default-location)))))
|
||||
hosts))))
|
||||
domains))))
|
||||
|
||||
(define certbot-service-type
|
||||
(service-type (name 'certbot)
|
||||
|
|
@ -121,11 +122,12 @@
|
|||
(service-extension mcron-service-type
|
||||
certbot-renewal-jobs)))
|
||||
(compose concatenate)
|
||||
(extend (lambda (config additional-hosts)
|
||||
(extend (lambda (config additional-domains)
|
||||
(certbot-configuration
|
||||
(inherit config)
|
||||
(hosts (append (certbot-configuration-hosts config)
|
||||
additional-hosts)))))
|
||||
(domains (append
|
||||
(certbot-configuration-domains config)
|
||||
additional-domains)))))
|
||||
(default-value (certbot-configuration))
|
||||
(description
|
||||
"Automatically renew @url{https://letsencrypt.org, Let's
|
||||
|
|
|
|||
Loading…
Reference in New Issue