services: certbot: Rename 'host' to 'domain'.

* doc/guix.texi (Certificate Services): Rename 'host' to 'domain'.
* gnu/services/certbot.scm (<certbot-configuration>, certbot-renewal-jobs,
certbot-activation, certbot-nginx-server-configurations,
certbot-service-type): Rename 'host' to 'domain'.
This commit is contained in:
Clément Lassieur 2018-02-10 14:56:53 +01:00
parent 301518638f
commit 966fd7b7e9
No known key found for this signature in database
GPG key ID: 89F96D4808F359C7
2 changed files with 29 additions and 27 deletions

View file

@ -15757,8 +15757,8 @@ The certbot package to use.
The directory from which to serve the Let's Encrypt challenge/response
files.
@item @code{hosts} (default: @code{()})
A list of hosts for which to generate certificates and request
@item @code{domains} (default: @code{()})
A list of domains for which to generate certificates and request
signatures.
@item @code{default-location} (default: @i{see below})
@ -15766,7 +15766,7 @@ The default @code{nginx-location-configuration}. Because @code{certbot}
needs to be able to serve challenges and responses, it needs to be able
to run a web server. It does so by extending the @code{nginx} web
service with an @code{nginx-server-configuration} listening on the
@var{hosts} on port 80, and which has a
@var{domains} on port 80, and which has a
@code{nginx-location-configuration} for the @code{/.well-known/} URI
path subspace used by Let's Encrypt. @xref{Web Services}, for more on
these nginx configuration data types.
@ -15776,7 +15776,7 @@ Requests to other URL paths will be matched by the
@code{nginx-server-configuration}s.
By default, the @code{default-location} will issue a redirect from
@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving
@code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving
you to define what to serve on your site via @code{https}.
Pass @code{#f} to not issue a default location.
@ -15784,9 +15784,9 @@ Pass @code{#f} to not issue a default location.
@end deftp
The public key and its signatures will be written to
@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each
@var{host} in the configuration. The private key is written to
@code{/etc/letsencrypt/live/@var{host}/privkey.pem}.
@code{/etc/letsencrypt/live/@var{domain}/fullchain.pem}, for each
@var{domain} in the configuration. The private key is written to
@code{/etc/letsencrypt/live/@var{domain}/privkey.pem}.
@node DNS Services

View file

@ -48,7 +48,7 @@ (define-record-type* <certbot-configuration>
(default certbot))
(webroot certbot-configuration-webroot
(default "/var/www"))
(hosts certbot-configuration-hosts
(domains certbot-configuration-domains
(default '()))
(default-location certbot-configuration-default-location
(default
@ -59,9 +59,9 @@ (define-record-type* <certbot-configuration>
(define certbot-renewal-jobs
(match-lambda
(($ <certbot-configuration> package webroot hosts default-location)
(match hosts
;; Avoid pinging certbot if we have no hosts.
(($ <certbot-configuration> package webroot domains default-location)
(match domains
;; Avoid pinging certbot if we have no domains.
(() '())
(_
(list
@ -71,37 +71,38 @@ (define certbot-renewal-jobs
#~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
(string-append #$package "/bin/certbot renew"
(string-concatenate
(map (lambda (host)
(string-append " -d " host))
'#$hosts))))))))))
(map (lambda (domain)
(string-append " -d " domain))
'#$domains))))))))))
(define certbot-activation
(match-lambda
(($ <certbot-configuration> package webroot hosts default-location)
(($ <certbot-configuration> package webroot domains default-location)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(mkdir-p #$webroot)
(for-each
(lambda (host)
(unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host))
(lambda (domain)
(unless (file-exists?
(in-vicinity "/etc/letsencrypt/live" domain))
(unless (zero? (system*
(string-append #$certbot "/bin/certbot")
"certonly" "--webroot" "-w" #$webroot
"-d" host))
(error "failed to acquire cert for host" host))))
'#$hosts))))))
"-d" domain))
(error "failed to acquire cert for domain" domain))))
'#$domains))))))
(define certbot-nginx-server-configurations
(match-lambda
(($ <certbot-configuration> package webroot hosts default-location)
(($ <certbot-configuration> package webroot domains default-location)
(map
(lambda (host)
(lambda (domain)
(nginx-server-configuration
(listen '("80" "[::]:80"))
(ssl-certificate #f)
(ssl-certificate-key #f)
(server-name (list host))
(server-name (list domain))
(locations
(filter identity
(list
@ -109,7 +110,7 @@ (define certbot-nginx-server-configurations
(uri "/.well-known")
(body (list (list "root " webroot ";"))))
default-location)))))
hosts))))
domains))))
(define certbot-service-type
(service-type (name 'certbot)
@ -121,11 +122,12 @@ (define certbot-service-type
(service-extension mcron-service-type
certbot-renewal-jobs)))
(compose concatenate)
(extend (lambda (config additional-hosts)
(extend (lambda (config additional-domains)
(certbot-configuration
(inherit config)
(hosts (append (certbot-configuration-hosts config)
additional-hosts)))))
(domains (append
(certbot-configuration-domains config)
additional-domains)))))
(default-value (certbot-configuration))
(description
"Automatically renew @url{https://letsencrypt.org, Let's