services: agate: Update options for compatibility with the current Agate version.

* gnu/services/web.scm (<agate-configuration>)[certs]: Add.
[cert]: Remove.
[key]: Remove.
[hostname]: Change from string to list.
[silent?]: Remove.
[only-tls13?]: Add.
[central-conf?]: Add.
[ed25519?]: Add.
[skip-port-check?]: Add.
(agate-shepherd-service): Change handling of addr and hostname, add new
options handling.
* doc/guix.texi (Web Services): Update.

Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Rodion Goritskov 2024-06-22 23:33:54 +04:00 committed by Ludovic Courtès
parent 2cbdec8bcd
commit 4bc49e2185
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 63 additions and 38 deletions

View file

@ -32935,25 +32935,30 @@ This is the type of the agate service, whose value should be an
(service agate-service-type
(agate-configuration
(content "/srv/gemini")
(cert "/srv/cert.pem")
(key "/srv/key.rsa")))
(certs "/srv/gemini-certs")))
@end lisp
The example above represents the minimal tweaking necessary to get Agate
up and running. Specifying the path to the certificate and key is
up and running. Specifying the path to the certificate and key directory is
always necessary, as the Gemini protocol requires TLS by default.
To obtain a certificate and a key, you could, for example, use OpenSSL,
running a command similar to the following example:
If specified path is writable by Agate, and contains no valid key
and certificate, the Agate will try to generate them on the first start.
If specified directory is read-only - key and certificate should be pre-generated by user.
To obtain a certificate and a key in a DER format, you could, for example,
use OpenSSL, running a commands similar to the following example:
@example
openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
-days 3650 -nodes -subj "/CN=example.com"
openssl genpkey -out key.der -outform DER -algorithm RSA \
-pkeyopt rsa_keygen_bits:4096
openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
-subj "/CN=example.com"
@end example
Of course, you'll have to replace @i{example.com} with your own domain
name, and then point the Agate configuration towards the path of the
generated key and certificate.
directory with the generated key and certificate using the @code{certs} option.
@end defvar
@ -32967,30 +32972,38 @@ The package object of the Agate server.
@item @code{content} (default: @file{"/srv/gemini"})
The directory from which Agate will serve files.
@item @code{cert} (default: @code{#f})
The path to the TLS certificate PEM file to be used for encrypted
connections. Must be filled in with a value from the user.
@item @code{key} (default: @code{#f})
The path to the PKCS8 private key file to be used for encrypted
connections. Must be filled in with a value from the user.
@item @code{certs} (default: @file{"/srv/gemini-certs"})
Root of the certificate directory. Must be filled in with a value from the user.
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
A list of the addresses to listen on.
@item @code{hostname} (default: @code{#f})
The domain name of this Gemini server. Optional.
@item @code{hostnames} (default: @code{'()})
Virtual hosts for the Gemini server. If multiple values are
specified, corresponding directory names should be present in the @code{content}
directory. Optional.
@item @code{lang} (default: @code{#f})
RFC 4646 language code(s) for text/gemini documents. Optional.
@item @code{silent?} (default: @code{#f})
Set to @code{#t} to disable logging output.
@item @code{only-tls13?} (default: @code{#f})
Set to @code{#t} to disable support for TLSv1.2.
@item @code{serve-secret?} (default: @code{#f})
Set to @code{#t} to serve secret files (files/directories starting with
a dot).
@item @code{central-conf?} (default: @code{#f})
Set to @code{#t} to look for the .meta configuration file in the @code{content}
root directory and will ignore @code{.meta} files in other directories
@item @code{ed25519?} (default: @code{#f})
Set to @code{#t} to generate keys using the Ed25519 signature algorithm
instead of the default ECDSA.
@item @code{skip-port-check?} (default: @code{#f})
Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
@item @code{log-ip?} (default: @code{#t})
Whether or not to output IP addresses when logging.

View file

@ -302,13 +302,15 @@ (define-module (gnu services web)
agate-configuration?
agate-configuration-package
agate-configuration-content
agate-configuration-cert
agate-configuration-key
agate-configuration-certs
agate-configuration-addr
agate-configuration-hostname
agate-configuration-lang
agate-configuration-silent
agate-configuration-only-tls13
agate-configuration-serve-secret
agate-configuration-central-conf
agate-configuration-ed25519
agate-configuration-skip-port-check
agate-configuration-log-ip
agate-configuration-user
agate-configuration-group
@ -2184,20 +2186,24 @@ (define-record-type* <agate-configuration>
(default agate))
(content agate-configuration-content
(default "/srv/gemini"))
(cert agate-configuration-cert
(default #f))
(key agate-configuration-key
(default #f))
(certs agate-configuration-certs
(default "/srv/gemini-certs"))
(addr agate-configuration-addr
(default '("0.0.0.0:1965" "[::]:1965")))
(hostname agate-configuration-hostname
(default #f))
(default '()))
(lang agate-configuration-lang
(default #f))
(silent? agate-configuration-silent
(only-tls13? agate-configuration-only-tls13
(default #f))
(serve-secret? agate-configuration-serve-secret
(default #f))
(central-conf? agate-configuration-central-conf
(default #f))
(ed25519? agate-configuration-ed25519
(default #f))
(skip-port-check? agate-configuration-skip-port-check
(default #f))
(log-ip? agate-configuration-log-ip
(default #t))
(user agate-configuration-user
@ -2209,8 +2215,10 @@ (define-record-type* <agate-configuration>
(define agate-shepherd-service
(match-lambda
(($ <agate-configuration> package content cert key addr
hostname lang silent? serve-secret?
(($ <agate-configuration> package content certs addr
hostname lang only-tls13?
serve-secret? central-conf?
ed25519? skip-port-check?
log-ip? user group log-file)
(list (shepherd-service
(provision '(agate))
@ -2220,17 +2228,21 @@ (define agate-shepherd-service
#~(make-forkexec-constructor
(list #$agate
"--content" #$content
"--cert" #$cert
"--key" #$key
"--addr" #$@addr
"--certs" #$certs
#$@(append-map
(lambda x (append '("--addr") x))
addr)
#$@(append-map
(lambda x (append '("--hostname") x))
hostname)
#$@(if lang
(list "--lang" lang)
'())
#$@(if hostname
(list "--hostname" hostname)
'())
#$@(if silent? '("--silent") '())
#$@(if serve-secret? '("--serve-secret") '())
#$@(if only-tls13? '("--only-tls13") '())
#$@(if central-conf? '("--central-conf") '())
#$@(if ed25519? '("--ed25519") '())
#$@(if skip-port-check? '("--skip-port-check") '())
#$@(if log-ip? '("--log-ip") '()))
#:user #$user #:group #$group
#:log-file #$log-file)))