guix-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#71722] [PATCH 2/2] services: agate-service-type: Update documentati


From: Rodion Goritskov
Subject: [bug#71722] [PATCH 2/2] services: agate-service-type: Update documentation.
Date: Sat, 22 Jun 2024 23:33:55 +0400

* doc/guix.texi: Document (agate-service-type) updated options.

Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
---
 doc/guix.texi | 51 ++++++++++++++++++++++++++++++++-------------------
 1 file changed, 32 insertions(+), 19 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 0102fd0fad..c75de94486 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32734,25 +32734,30 @@ Web Services
 (service agate-service-type
         (agate-configuration
           (content "/srv/gemini")
-          (cert "/srv/cert.pem")
-          (key "/srv/key.rsa")))
+          (certs "/srv/gemini-certs")))
 @end lisp
 
 The example above represents the minimal tweaking necessary to get Agate
-up and running.  Specifying the path to the certificate and key is
+up and running.  Specifying the path to the certificate and key directory is
 always necessary, as the Gemini protocol requires TLS by default.
 
-To obtain a certificate and a key, you could, for example, use OpenSSL,
-running a command similar to the following example:
+If specified path is writable by Agate, and contains no valid key
+and certificate, the Agate will try to generate them on the first start.
+If specified directory is read-only - key and certificate should be 
pre-generated by user.
+
+To obtain a certificate and a key in a DER format, you could, for example,
+use OpenSSL, running a commands similar to the following example:
 
 @example
-openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
-    -days 3650 -nodes -subj "/CN=example.com"
+openssl genpkey -out key.der -outform DER -algorithm RSA \
+    -pkeyopt rsa_keygen_bits:4096
+openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
+    -subj "/CN=example.com"
 @end example
 
 Of course, you'll have to replace @i{example.com} with your own domain
 name, and then point the Agate configuration towards the path of the
-generated key and certificate.
+directory with the generated key and certificate using the @code{certs} option.
 
 @end defvar
 
@@ -32766,30 +32771,38 @@ Web Services
 @item @code{content} (default: @file{"/srv/gemini"})
 The directory from which Agate will serve files.
 
-@item @code{cert} (default: @code{#f})
-The path to the TLS certificate PEM file to be used for encrypted
-connections.  Must be filled in with a value from the user.
-
-@item @code{key} (default: @code{#f})
-The path to the PKCS8 private key file to be used for encrypted
-connections.  Must be filled in with a value from the user.
+@item @code{certs} (default: @file{"/srv/gemini-certs"})
+Root of the certificate directory. Must be filled in with a value from the 
user.
 
 @item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
 A list of the addresses to listen on.
 
-@item @code{hostname} (default: @code{#f})
-The domain name of this Gemini server.  Optional.
+@item @code{hostnames} (default: @code{'()})
+Virtual hosts for the Gemini server. If multiple values are
+specified, corresponding directory names should be present in the 
@code{content}
+directory. Optional.
 
 @item @code{lang} (default: @code{#f})
 RFC 4646 language code(s) for text/gemini documents.  Optional.
 
-@item @code{silent?} (default: @code{#f})
-Set to @code{#t} to disable logging output.
+@item @code{only-tls13?} (default: @code{#f})
+Set to @code{#t} to disable support for TLSv1.2.
 
 @item @code{serve-secret?} (default: @code{#f})
 Set to @code{#t} to serve secret files (files/directories starting with
 a dot).
 
+@item @code{central-conf?} (default: @code{#f})
+Set to @code{#t} to look for the .meta configuration file in the @code{content}
+root directory and will ignore @code{.meta} files in other directories
+
+@item @code{ed25519?} (default: @code{#f})
+Set to @code{#t} to generate keys using the Ed25519 signature algorithm
+instead of the default ECDSA.
+
+@item @code{skip-port-check?} (default: @code{#f})
+Set to @code{#t} to skip URL port check even when a @code{hostname} is 
specified.
+
 @item @code{log-ip?} (default: @code{#t})
 Whether or not to output IP addresses when logging.
 
-- 
2.45.1






reply via email to

[Prev in Thread] Current Thread [Next in Thread]