nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services: certbot: Rename 'host' to 'domain'. 

* doc/guix.texi (Certificate Services): Rename 'host' to 'domain'.
* gnu/services/certbot.scm (<certbot-configuration>, certbot-renewal-jobs,
certbot-activation, certbot-nginx-server-configurations,
certbot-service-type): Rename 'host' to 'domain'.
This commit is contained in:
Clément Lassieur 2018-02-10 14:56:53 +01:00
parent 301518638f
commit 966fd7b7e9
No known key found for this signature in database
GPG Key ID: 89F96D4808F359C7
2 changed files with 29 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/guix.texi
View File

@ -15757,8 +15757,8 @@ The certbot package to use.
The directory from which to serve the Let's Encrypt challenge/response The directory from which to serve the Let's Encrypt challenge/response
files. files.
@item @code{hosts} (default: @code{()}) @item @code{domains} (default: @code{()})
A list of hosts for which to generate certificates and request A list of domains for which to generate certificates and request
signatures. signatures.
@item @code{default-location} (default: @i{see below}) @item @code{default-location} (default: @i{see below})
@ -15766,7 +15766,7 @@ The default @code{nginx-location-configuration}. Because @code{certbot}
needs to be able to serve challenges and responses, it needs to be able needs to be able to serve challenges and responses, it needs to be able
to run a web server. It does so by extending the @code{nginx} web to run a web server. It does so by extending the @code{nginx} web
service with an @code{nginx-server-configuration} listening on the service with an @code{nginx-server-configuration} listening on the
@var{hosts} on port 80, and which has a @var{domains} on port 80, and which has a
@code{nginx-location-configuration} for the @code{/.well-known/} URI @code{nginx-location-configuration} for the @code{/.well-known/} URI
path subspace used by Let's Encrypt. @xref{Web Services}, for more on path subspace used by Let's Encrypt. @xref{Web Services}, for more on
these nginx configuration data types. these nginx configuration data types.
@ -15776,7 +15776,7 @@ Requests to other URL paths will be matched by the
@code{nginx-server-configuration}s. @code{nginx-server-configuration}s.
By default, the @code{default-location} will issue a redirect from By default, the @code{default-location} will issue a redirect from
@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving @code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving
you to define what to serve on your site via @code{https}. you to define what to serve on your site via @code{https}.
Pass @code{#f} to not issue a default location. Pass @code{#f} to not issue a default location.
@ -15784,9 +15784,9 @@ Pass @code{#f} to not issue a default location.
@end deftp @end deftp
The public key and its signatures will be written to The public key and its signatures will be written to
@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each @code{/etc/letsencrypt/live/@var{domain}/fullchain.pem}, for each
@var{host} in the configuration. The private key is written to @var{domain} in the configuration. The private key is written to
@code{/etc/letsencrypt/live/@var{host}/privkey.pem}. @code{/etc/letsencrypt/live/@var{domain}/privkey.pem}.
@node DNS Services @node DNS Services

42
gnu/services/certbot.scm
View File

@ -48,7 +48,7 @@
(default certbot)) (default certbot))
(webroot certbot-configuration-webroot (webroot certbot-configuration-webroot
(default "/var/www")) (default "/var/www"))
(hosts certbot-configuration-hosts (domains certbot-configuration-domains
(default '())) (default '()))
(default-location certbot-configuration-default-location (default-location certbot-configuration-default-location
(default (default
@ -59,9 +59,9 @@
(define certbot-renewal-jobs (define certbot-renewal-jobs
(match-lambda (match-lambda
(($ <certbot-configuration> package webroot hosts default-location) (($ <certbot-configuration> package webroot domains default-location)
(match hosts (match domains
;; Avoid pinging certbot if we have no hosts. ;; Avoid pinging certbot if we have no domains.
(() '()) (() '())
(_ (_
(list (list
@ -71,37 +71,38 @@
#~(job '(next-minute-from (next-hour '(0 12)) (list (random 60))) #~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
(string-append #$package "/bin/certbot renew" (string-append #$package "/bin/certbot renew"
(string-concatenate (string-concatenate
(map (lambda (host) (map (lambda (domain)
(string-append " -d " host)) (string-append " -d " domain))
'#$hosts)))))))))) '#$domains))))))))))
(define certbot-activation (define certbot-activation
(match-lambda (match-lambda
(($ <certbot-configuration> package webroot hosts default-location) (($ <certbot-configuration> package webroot domains default-location)
(with-imported-modules '((guix build utils)) (with-imported-modules '((guix build utils))
#~(begin #~(begin
(use-modules (guix build utils)) (use-modules (guix build utils))
(mkdir-p #$webroot) (mkdir-p #$webroot)
(for-each (for-each
(lambda (host) (lambda (domain)
(unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host)) (unless (file-exists?
(in-vicinity "/etc/letsencrypt/live" domain))
(unless (zero? (system* (unless (zero? (system*
(string-append #$certbot "/bin/certbot") (string-append #$certbot "/bin/certbot")
"certonly" "--webroot" "-w" #$webroot "certonly" "--webroot" "-w" #$webroot
"-d" host)) "-d" domain))
(error "failed to acquire cert for host" host)))) (error "failed to acquire cert for domain" domain))))
'#$hosts)))))) '#$domains))))))
(define certbot-nginx-server-configurations (define certbot-nginx-server-configurations
(match-lambda (match-lambda
(($ <certbot-configuration> package webroot hosts default-location) (($ <certbot-configuration> package webroot domains default-location)
(map (map
(lambda (host) (lambda (domain)
(nginx-server-configuration (nginx-server-configuration
(listen '("80" "[::]:80")) (listen '("80" "[::]:80"))
(ssl-certificate #f) (ssl-certificate #f)
(ssl-certificate-key #f) (ssl-certificate-key #f)
(server-name (list host)) (server-name (list domain))
(locations (locations
(filter identity (filter identity
(list (list
@ -109,7 +110,7 @@
(uri "/.well-known") (uri "/.well-known")
(body (list (list "root " webroot ";")))) (body (list (list "root " webroot ";"))))
default-location))))) default-location)))))
hosts)))) domains))))
(define certbot-service-type (define certbot-service-type
(service-type (name 'certbot) (service-type (name 'certbot)
@ -121,11 +122,12 @@
(service-extension mcron-service-type (service-extension mcron-service-type
certbot-renewal-jobs))) certbot-renewal-jobs)))
(compose concatenate) (compose concatenate)
(extend (lambda (config additional-hosts) (extend (lambda (config additional-domains)
(certbot-configuration (certbot-configuration
(inherit config) (inherit config)
(hosts (append (certbot-configuration-hosts config) (domains (append
additional-hosts))))) (certbot-configuration-domains config)
additional-domains)))))
(default-value (certbot-configuration)) (default-value (certbot-configuration))
(description (description
"Automatically renew @url{https://letsencrypt.org, Let's "Automatically renew @url{https://letsencrypt.org, Let's