[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
11/11: services: certbot: Allow to set a deploy hook.
From: |
Clément Lassieur |
Subject: |
11/11: services: certbot: Allow to set a deploy hook. |
Date: |
Thu, 22 Feb 2018 15:44:42 -0500 (EST) |
snape pushed a commit to branch master
in repository guix.
commit fece75fe356ce9f99d1d13baaa5f195c510f187b
Author: Clément Lassieur <address@hidden>
Date: Sun Feb 11 10:53:10 2018 +0100
services: certbot: Allow to set a deploy hook.
* doc/guix.texi (Certificate Services): Document it.
* gnu/services/certbot.scm (<certificate-configuration>, certbot-command):
Add
it.
---
doc/guix.texi | 22 ++++++++++++++++++++--
gnu/services/certbot.scm | 10 +++++++---
2 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index e180297..6911645 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15733,7 +15733,9 @@ signature.
The certbot service automates this process: the initial key
generation, the initial certification request to the Let's Encrypt
service, the web server challenge/response integration, writing the
-certificate to disk, and the automated periodic renewals.
+certificate to disk, the automated periodic renewals, and the deployment
+tasks associated with the renewal (e.g. reloading services, copying keys
+with different permissions).
Certbot is run twice a day, at a random minute within the hour. It
won't do anything until your certificates are due for renewal or
@@ -15750,13 +15752,20 @@ A service type for the @code{certbot} Let's Encrypt
client. Its value
must be a @code{certbot-configuration} record as in this example:
@example
+(define %nginx-deploy-hook
+ (program-file
+ "nginx-deploy-hook"
+ #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+ (kill pid SIGHUP))))
+
(service certbot-service-type
(certbot-configuration
(email "foo@@example.net")
(certificates
(list
(certificate-configuration
- (domains '("example.net" "www.example.net")))
+ (domains '("example.net" "www.example.net"))
+ (deploy-hook %nginx-deploy-hook))
(certificate-configuration
(domains '("bar.example.net")))))))
@end example
@@ -15826,6 +15835,15 @@ Its default is the first provided domain.
The first domain provided will be the subject CN of the certificate, and
all domains will be Subject Alternative Names on the certificate.
address@hidden @code{deploy-hook} (default: @code{#f})
+Command to be run in a shell once for each successfully issued
+certificate. For this command, the shell variable
address@hidden will point to the config live subdirectory (for
+example, @samp{"/etc/letsencrypt/live/example.com"}) containing the new
+certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
+contain a space-delimited list of renewed certificate domains (for
+example, @samp{"example.com www.example.com"}.
+
@end table
@end deftp
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index f90e4f0..066b824 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -48,7 +48,9 @@
(name certificate-configuration-name
(default #f))
(domains certificate-configuration-domains
- (default '())))
+ (default '()))
+ (deploy-hook certificate-configuration-deploy-hook
+ (default #f)))
(define-record-type* <certbot-configuration>
certbot-configuration make-certbot-configuration
@@ -78,7 +80,8 @@
(commands
(map
(match-lambda
- (($ <certificate-configuration> custom-name domains)
+ (($ <certificate-configuration> custom-name domains
+ deploy-hook)
(let ((name (or custom-name (car domains))))
(append
(list name certbot "certonly" "-n" "--agree-tos"
@@ -86,7 +89,8 @@
"--webroot" "-w" webroot
"--cert-name" name
"-d" (string-join domains ","))
- (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())))))
+ (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if deploy-hook `("--deploy-hook" ,deploy-hook) '())))))
certificates)))
(program-file
"certbot-command"
- branch master updated (5c213d1 -> fece75f), Clément Lassieur, 2018/02/22
- 01/11: services: certbot: Listen on IPv6., Clément Lassieur, 2018/02/22
- 03/11: services: certbot: Fix indentation., Clément Lassieur, 2018/02/22
- 02/11: services: certbot: Run certbot twice a day at a random minute., Clément Lassieur, 2018/02/22
- 08/11: doc: Fix typo in certbot-configuration description., Clément Lassieur, 2018/02/22
- 05/11: services: certbot: Refactor certbot command., Clément Lassieur, 2018/02/22
- 06/11: services: certbot: Get certbot to run non-interactively., Clément Lassieur, 2018/02/22
- 09/11: services: certbot: Allow to set RSA key size., Clément Lassieur, 2018/02/22
- 04/11: services: certbot: Rename 'host' to 'domain'., Clément Lassieur, 2018/02/22
- 11/11: services: certbot: Allow to set a deploy hook.,
Clément Lassieur <=
- 07/11: services: certbot: Associate one certificate with several domains., Clément Lassieur, 2018/02/22
- 10/11: services: certbot: Add verbosity., Clément Lassieur, 2018/02/22