services: certbot: Allow to set RSA key size.

* doc/guix.texi (Certificate Services): Document it.
* gnu/services/certbot.scm (<cerbot-configuration>, certbot-command,
certbot-activation, certbot-nginx-server-configurations): Add it.
This commit is contained in:
Clément Lassieur 2018-02-10 17:27:19 +01:00
parent 0420a293cc
commit a2cb2bbc0b
No known key found for this signature in database
GPG Key ID: 89F96D4808F359C7
2 changed files with 16 additions and 8 deletions

View File

@ -15785,6 +15785,9 @@ and several @code{domains}.
Mandatory email used for registration, recovery contact, and important Mandatory email used for registration, recovery contact, and important
account notifications. account notifications.
@item @code{rsa-key-size} (default: @code{2048})
Size of the RSA key.
@item @code{default-location} (default: @i{see below}) @item @code{default-location} (default: @i{see below})
The default @code{nginx-location-configuration}. Because @code{certbot} The default @code{nginx-location-configuration}. Because @code{certbot}
needs to be able to serve challenges and responses, it needs to be able needs to be able to serve challenges and responses, it needs to be able

View File

@ -60,6 +60,8 @@
(certificates certbot-configuration-certificates (certificates certbot-configuration-certificates
(default '())) (default '()))
(email certbot-configuration-email) (email certbot-configuration-email)
(rsa-key-size certbot-configuration-rsa-key-size
(default #f))
(default-location certbot-configuration-default-location (default-location certbot-configuration-default-location
(default (default
(nginx-location-configuration (nginx-location-configuration
@ -70,17 +72,20 @@
(define certbot-command (define certbot-command
(match-lambda (match-lambda
(($ <certbot-configuration> package webroot certificates email (($ <certbot-configuration> package webroot certificates email
default-location) rsa-key-size default-location)
(let* ((certbot (file-append package "/bin/certbot")) (let* ((certbot (file-append package "/bin/certbot"))
(rsa-key-size (and rsa-key-size (number->string rsa-key-size)))
(commands (commands
(map (map
(match-lambda (match-lambda
(($ <certificate-configuration> name domains) (($ <certificate-configuration> name domains)
(append
(list certbot "certonly" "-n" "--agree-tos" (list certbot "certonly" "-n" "--agree-tos"
"-m" email "-m" email
"--webroot" "-w" webroot "--webroot" "-w" webroot
"--cert-name" (or name (car domains)) "--cert-name" (or name (car domains))
"-d" (string-join domains ",")))) "-d" (string-join domains ","))
(if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()))))
certificates))) certificates)))
(program-file (program-file
"certbot-command" "certbot-command"
@ -100,7 +105,7 @@
(define (certbot-activation config) (define (certbot-activation config)
(match config (match config
(($ <certbot-configuration> package webroot certificates email (($ <certbot-configuration> package webroot certificates email
default-location) rsa-key-size default-location)
(with-imported-modules '((guix build utils)) (with-imported-modules '((guix build utils))
#~(begin #~(begin
(use-modules (guix build utils)) (use-modules (guix build utils))
@ -110,7 +115,7 @@
(define certbot-nginx-server-configurations (define certbot-nginx-server-configurations
(match-lambda (match-lambda
(($ <certbot-configuration> package webroot certificates email (($ <certbot-configuration> package webroot certificates email
default-location) rsa-key-size default-location)
(list (list
(nginx-server-configuration (nginx-server-configuration
(listen '("80" "[::]:80")) (listen '("80" "[::]:80"))