services: certbot: Don't try to renew certificates on activation.

Because it takes too much time and it requires networking.

Thanks to Mathieu Othacehe for suggesting this.

* gnu/services/certbot.scm (certbot-activation): Do not run the renewal
command, copy its path to a fixed location, display it, so that the user can
run the command when they want.

gnu/services/certbot.scm

@@ -26,6 +26,7 @@
   #:use-module (gnu services web)
   #:use-module (gnu system shadow)
   #:use-module (gnu packages tls)
+  #:use-module (guix i18n)
   #:use-module (guix records)
   #:use-module (guix gexp)
   #:use-module (srfi srfi-1)
@@ -113,14 +114,19 @@
           #$(certbot-command config))))
 
 (define (certbot-activation config)
-  (match config
+  (let* ((certbot-directory "/var/lib/certbot")
-    (($ <certbot-configuration> package webroot certificates email
+         (script (in-vicinity certbot-directory "renew-certificates"))
-                                rsa-key-size default-location)
+         (message (format #f (G_ "~a may need to be run~%") script)))
-     (with-imported-modules '((guix build utils))
+    (match config
-       #~(begin
+      (($ <certbot-configuration> package webroot certificates email
-           (use-modules (guix build utils))
+                                  rsa-key-size default-location)
-           (mkdir-p #$webroot)
+       (with-imported-modules '((guix build utils))
-           (zero? (system* #$(certbot-command config))))))))
+         #~(begin
+             (use-modules (guix build utils))
+             (mkdir-p #$webroot)
+             (mkdir-p #$certbot-directory)
+             (copy-file #$(certbot-command config) #$script)
+             (display #$message)))))))
 
 (define certbot-nginx-server-configurations
   (match-lambda