services: agate: Update options for compatibility with the current Agate version.

* gnu/services/web.scm (<agate-configuration>)[certs]: Add.
[cert]: Remove.
[key]: Remove.
[hostname]: Change from string to list.
[silent?]: Remove.
[only-tls13?]: Add.
[central-conf?]: Add.
[ed25519?]: Add.
[skip-port-check?]: Add.
(agate-shepherd-service): Change handling of addr and hostname, add new
options handling.
* doc/guix.texi (Web Services): Update.

Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Rodion Goritskov 2024-06-22 23:33:54 +04:00 committed by Ludovic Courtès
parent 2cbdec8bcd
commit 4bc49e2185
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 63 additions and 38 deletions

View file

@ -32935,25 +32935,30 @@ This is the type of the agate service, whose value should be an
(service agate-service-type (service agate-service-type
(agate-configuration (agate-configuration
(content "/srv/gemini") (content "/srv/gemini")
(cert "/srv/cert.pem") (certs "/srv/gemini-certs")))
(key "/srv/key.rsa")))
@end lisp @end lisp
The example above represents the minimal tweaking necessary to get Agate The example above represents the minimal tweaking necessary to get Agate
up and running. Specifying the path to the certificate and key is up and running. Specifying the path to the certificate and key directory is
always necessary, as the Gemini protocol requires TLS by default. always necessary, as the Gemini protocol requires TLS by default.
To obtain a certificate and a key, you could, for example, use OpenSSL, If specified path is writable by Agate, and contains no valid key
running a command similar to the following example: and certificate, the Agate will try to generate them on the first start.
If specified directory is read-only - key and certificate should be pre-generated by user.
To obtain a certificate and a key in a DER format, you could, for example,
use OpenSSL, running a commands similar to the following example:
@example @example
openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \ openssl genpkey -out key.der -outform DER -algorithm RSA \
-days 3650 -nodes -subj "/CN=example.com" -pkeyopt rsa_keygen_bits:4096
openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
-subj "/CN=example.com"
@end example @end example
Of course, you'll have to replace @i{example.com} with your own domain Of course, you'll have to replace @i{example.com} with your own domain
name, and then point the Agate configuration towards the path of the name, and then point the Agate configuration towards the path of the
generated key and certificate. directory with the generated key and certificate using the @code{certs} option.
@end defvar @end defvar
@ -32967,30 +32972,38 @@ The package object of the Agate server.
@item @code{content} (default: @file{"/srv/gemini"}) @item @code{content} (default: @file{"/srv/gemini"})
The directory from which Agate will serve files. The directory from which Agate will serve files.
@item @code{cert} (default: @code{#f}) @item @code{certs} (default: @file{"/srv/gemini-certs"})
The path to the TLS certificate PEM file to be used for encrypted Root of the certificate directory. Must be filled in with a value from the user.
connections. Must be filled in with a value from the user.
@item @code{key} (default: @code{#f})
The path to the PKCS8 private key file to be used for encrypted
connections. Must be filled in with a value from the user.
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")}) @item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
A list of the addresses to listen on. A list of the addresses to listen on.
@item @code{hostname} (default: @code{#f}) @item @code{hostnames} (default: @code{'()})
The domain name of this Gemini server. Optional. Virtual hosts for the Gemini server. If multiple values are
specified, corresponding directory names should be present in the @code{content}
directory. Optional.
@item @code{lang} (default: @code{#f}) @item @code{lang} (default: @code{#f})
RFC 4646 language code(s) for text/gemini documents. Optional. RFC 4646 language code(s) for text/gemini documents. Optional.
@item @code{silent?} (default: @code{#f}) @item @code{only-tls13?} (default: @code{#f})
Set to @code{#t} to disable logging output. Set to @code{#t} to disable support for TLSv1.2.
@item @code{serve-secret?} (default: @code{#f}) @item @code{serve-secret?} (default: @code{#f})
Set to @code{#t} to serve secret files (files/directories starting with Set to @code{#t} to serve secret files (files/directories starting with
a dot). a dot).
@item @code{central-conf?} (default: @code{#f})
Set to @code{#t} to look for the .meta configuration file in the @code{content}
root directory and will ignore @code{.meta} files in other directories
@item @code{ed25519?} (default: @code{#f})
Set to @code{#t} to generate keys using the Ed25519 signature algorithm
instead of the default ECDSA.
@item @code{skip-port-check?} (default: @code{#f})
Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
@item @code{log-ip?} (default: @code{#t}) @item @code{log-ip?} (default: @code{#t})
Whether or not to output IP addresses when logging. Whether or not to output IP addresses when logging.

View file

@ -302,13 +302,15 @@ (define-module (gnu services web)
agate-configuration? agate-configuration?
agate-configuration-package agate-configuration-package
agate-configuration-content agate-configuration-content
agate-configuration-cert agate-configuration-certs
agate-configuration-key
agate-configuration-addr agate-configuration-addr
agate-configuration-hostname agate-configuration-hostname
agate-configuration-lang agate-configuration-lang
agate-configuration-silent agate-configuration-only-tls13
agate-configuration-serve-secret agate-configuration-serve-secret
agate-configuration-central-conf
agate-configuration-ed25519
agate-configuration-skip-port-check
agate-configuration-log-ip agate-configuration-log-ip
agate-configuration-user agate-configuration-user
agate-configuration-group agate-configuration-group
@ -2184,20 +2186,24 @@ (define-record-type* <agate-configuration>
(default agate)) (default agate))
(content agate-configuration-content (content agate-configuration-content
(default "/srv/gemini")) (default "/srv/gemini"))
(cert agate-configuration-cert (certs agate-configuration-certs
(default #f)) (default "/srv/gemini-certs"))
(key agate-configuration-key
(default #f))
(addr agate-configuration-addr (addr agate-configuration-addr
(default '("0.0.0.0:1965" "[::]:1965"))) (default '("0.0.0.0:1965" "[::]:1965")))
(hostname agate-configuration-hostname (hostname agate-configuration-hostname
(default #f)) (default '()))
(lang agate-configuration-lang (lang agate-configuration-lang
(default #f)) (default #f))
(silent? agate-configuration-silent (only-tls13? agate-configuration-only-tls13
(default #f)) (default #f))
(serve-secret? agate-configuration-serve-secret (serve-secret? agate-configuration-serve-secret
(default #f)) (default #f))
(central-conf? agate-configuration-central-conf
(default #f))
(ed25519? agate-configuration-ed25519
(default #f))
(skip-port-check? agate-configuration-skip-port-check
(default #f))
(log-ip? agate-configuration-log-ip (log-ip? agate-configuration-log-ip
(default #t)) (default #t))
(user agate-configuration-user (user agate-configuration-user
@ -2209,8 +2215,10 @@ (define-record-type* <agate-configuration>
(define agate-shepherd-service (define agate-shepherd-service
(match-lambda (match-lambda
(($ <agate-configuration> package content cert key addr (($ <agate-configuration> package content certs addr
hostname lang silent? serve-secret? hostname lang only-tls13?
serve-secret? central-conf?
ed25519? skip-port-check?
log-ip? user group log-file) log-ip? user group log-file)
(list (shepherd-service (list (shepherd-service
(provision '(agate)) (provision '(agate))
@ -2220,17 +2228,21 @@ (define agate-shepherd-service
#~(make-forkexec-constructor #~(make-forkexec-constructor
(list #$agate (list #$agate
"--content" #$content "--content" #$content
"--cert" #$cert "--certs" #$certs
"--key" #$key #$@(append-map
"--addr" #$@addr (lambda x (append '("--addr") x))
addr)
#$@(append-map
(lambda x (append '("--hostname") x))
hostname)
#$@(if lang #$@(if lang
(list "--lang" lang) (list "--lang" lang)
'()) '())
#$@(if hostname
(list "--hostname" hostname)
'())
#$@(if silent? '("--silent") '())
#$@(if serve-secret? '("--serve-secret") '()) #$@(if serve-secret? '("--serve-secret") '())
#$@(if only-tls13? '("--only-tls13") '())
#$@(if central-conf? '("--central-conf") '())
#$@(if ed25519? '("--ed25519") '())
#$@(if skip-port-check? '("--skip-port-check") '())
#$@(if log-ip? '("--log-ip") '())) #$@(if log-ip? '("--log-ip") '()))
#:user #$user #:group #$group #:user #$user #:group #$group
#:log-file #$log-file))) #:log-file #$log-file)))