ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-12-26 22:38:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

services: certbot: Reload nginx in deploy hook.

Browse source 
* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
* doc/guix.texi (Certificate services): Remove deploy-hook from example.

Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
Signed-off-by: Clément Lassieur <clement@lassieur.org>
This commit is contained in:
Carlo Zancanaro 2024-01-31 11:46:24 +00:00 committed by Clément Lassieur
parent fc0ec9a3cc
commit d4a4b12f0a
No known key found for this signature in database
GPG key ID: 89F96D4808F359C7
2 changed files with 9 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
doc/guix.texi
View file

@ -32562,21 +32562,13 @@ A service type for the @code{certbot} Let's Encrypt client. Its value
must be a @code{certbot-configuration} record as in this example: must be a @code{certbot-configuration} record as in this example:
@lisp @lisp
(define %certbot-deploy-hook
(program-file "certbot-deploy-hook.scm"
(with-imported-modules '((gnu services herd))
#~(begin
(use-modules (gnu services herd))
(with-shepherd-action 'nginx ('reload) result result)))))
(service certbot-service-type (service certbot-service-type
(certbot-configuration (certbot-configuration
(email "foo@@example.net") (email "foo@@example.net")
(certificates (certificates
(list (list
(certificate-configuration (certificate-configuration
(domains '("example.net" "www.example.net")) (domains '("example.net" "www.example.net")))
(deploy-hook %certbot-deploy-hook))
(certificate-configuration (certificate-configuration
(domains '("bar.example.net"))))))) (domains '("bar.example.net")))))))
@end lisp @end lisp

10
gnu/services/certbot.scm
View file

@ -100,9 +100,11 @@ (define (certbot-deploy-hook name deploy-hook-script)
deploy." deploy."
(program-file (program-file
(string-append name "-deploy-hook") (string-append name "-deploy-hook")
(with-imported-modules '((guix build utils)) (with-imported-modules '((gnu services herd)
(guix build utils))
#~(begin #~(begin
(use-modules (guix build utils)) (use-modules (gnu services herd)
(guix build utils))
(mkdir-p #$(string-append "/etc/certs/" name)) (mkdir-p #$(string-append "/etc/certs/" name))
(chmod #$(string-append "/etc/certs/" name) #o755) (chmod #$(string-append "/etc/certs/" name) #o755)
@ -120,6 +122,10 @@ (define (certbot-deploy-hook name deploy-hook-script)
#$(string-append "/etc/certs/" name "/privkey.pem")) #$(string-append "/etc/certs/" name "/privkey.pem"))
(rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new") (rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new")
#$(string-append "/etc/certs/" name "/fullchain.pem")) #$(string-append "/etc/certs/" name "/fullchain.pem"))
;; With the new certificates in place, tell nginx to reload them.
(with-shepherd-action 'nginx ('reload) result result)
#$@(if deploy-hook-script #$@(if deploy-hook-script
(list #~(invoke #$deploy-hook-script)) (list #~(invoke #$deploy-hook-script))
'()))))) '())))))