From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56736) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1em4in-0005F2-JS for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1em4im-00018H-K0 for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:09 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:35487) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1em4im-000184-Eo for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:08 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1em4im-0001yS-7G for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:08 -0500 Subject: [bug#30459] [PATCH 09/11] services: certbot: Allow to set RSA key size. Resent-Message-ID: From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Date: Wed, 14 Feb 2018 22:35:02 +0100 Message-Id: <20180214213504.29984-9-clement@lassieur.org> In-Reply-To: <20180214213504.29984-1-clement@lassieur.org> References: <20180214213504.29984-1-clement@lassieur.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30459@debbugs.gnu.org * doc/guix.texi (Certificate Services): Document it. * gnu/services/certbot.scm (, certbot-command, certbot-activation, certbot-nginx-server-configurations): Add it. --- doc/guix.texi | 3 +++ gnu/services/certbot.scm | 21 +++++++++++++-------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 4f6f9e9c7..8500cda6d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15716,6 +15716,9 @@ and several @code{domains}. Mandatory email used for registration, recovery contact, and important account notifications. +@item @code{rsa-key-size} (default: @code{2048}) +Size of the RSA key. + @item @code{default-location} (default: @i{see below}) The default @code{nginx-location-configuration}. Because @code{certbot} needs to be able to serve challenges and responses, it needs to be able diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index a70a36591..51f5d719a 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -60,6 +60,8 @@ (certificates certbot-configuration-certificates (default '())) (email certbot-configuration-email) + (rsa-key-size certbot-configuration-rsa-key-size + (default #f)) (default-location certbot-configuration-default-location (default (nginx-location-configuration @@ -70,17 +72,20 @@ (define certbot-command (match-lambda (($ package webroot certificates email - default-location) + rsa-key-size default-location) (let* ((certbot (file-append package "/bin/certbot")) + (rsa-key-size (and rsa-key-size (number->string rsa-key-size))) (commands (map (match-lambda (($ name domains) - (list certbot "certonly" "-n" "--agree-tos" - "-m" email - "--webroot" "-w" webroot - "--cert-name" (or name (car domains)) - "-d" (string-join domains ",")))) + (append + (list certbot "certonly" "-n" "--agree-tos" + "-m" email + "--webroot" "-w" webroot + "--cert-name" (or name (car domains)) + "-d" (string-join domains ",")) + (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())))) certificates))) (program-file "certbot-command" @@ -100,7 +105,7 @@ (define (certbot-activation config) (match config (($ package webroot certificates email - default-location) + rsa-key-size default-location) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) @@ -110,7 +115,7 @@ (define certbot-nginx-server-configurations (match-lambda (($ package webroot certificates email - default-location) + rsa-key-size default-location) (list (nginx-server-configuration (listen '("80" "[::]:80")) -- 2.16.1