From: Rodion Goritskov <rodion.goritskov@gmail.com>
To: 71722@debbugs.gnu.org
Cc: Rodion Goritskov <rodion.goritskov@gmail.com>
Subject: [bug#71722] [PATCH 2/2] services: agate-service-type: Update documentation.
Date: Sat, 22 Jun 2024 23:33:55 +0400 [thread overview]
Message-ID: <60dbc3caee3fc6038fceeeb5ca677cf1d626c8a7.1719082137.git.rodion.goritskov@gmail.com> (raw)
In-Reply-To: <cover.1719082137.git.rodion.goritskov@gmail.com>
* doc/guix.texi: Document (agate-service-type) updated options.
Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738
---
doc/guix.texi | 51 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 32 insertions(+), 19 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 0102fd0fad..c75de94486 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32734,25 +32734,30 @@ Web Services
(service agate-service-type
(agate-configuration
(content "/srv/gemini")
- (cert "/srv/cert.pem")
- (key "/srv/key.rsa")))
+ (certs "/srv/gemini-certs")))
@end lisp
The example above represents the minimal tweaking necessary to get Agate
-up and running. Specifying the path to the certificate and key is
+up and running. Specifying the path to the certificate and key directory is
always necessary, as the Gemini protocol requires TLS by default.
-To obtain a certificate and a key, you could, for example, use OpenSSL,
-running a command similar to the following example:
+If specified path is writable by Agate, and contains no valid key
+and certificate, the Agate will try to generate them on the first start.
+If specified directory is read-only - key and certificate should be pre-generated by user.
+
+To obtain a certificate and a key in a DER format, you could, for example,
+use OpenSSL, running a commands similar to the following example:
@example
-openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
- -days 3650 -nodes -subj "/CN=example.com"
+openssl genpkey -out key.der -outform DER -algorithm RSA \
+ -pkeyopt rsa_keygen_bits:4096
+openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
+ -subj "/CN=example.com"
@end example
Of course, you'll have to replace @i{example.com} with your own domain
name, and then point the Agate configuration towards the path of the
-generated key and certificate.
+directory with the generated key and certificate using the @code{certs} option.
@end defvar
@@ -32766,30 +32771,38 @@ Web Services
@item @code{content} (default: @file{"/srv/gemini"})
The directory from which Agate will serve files.
-@item @code{cert} (default: @code{#f})
-The path to the TLS certificate PEM file to be used for encrypted
-connections. Must be filled in with a value from the user.
-
-@item @code{key} (default: @code{#f})
-The path to the PKCS8 private key file to be used for encrypted
-connections. Must be filled in with a value from the user.
+@item @code{certs} (default: @file{"/srv/gemini-certs"})
+Root of the certificate directory. Must be filled in with a value from the user.
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
A list of the addresses to listen on.
-@item @code{hostname} (default: @code{#f})
-The domain name of this Gemini server. Optional.
+@item @code{hostnames} (default: @code{'()})
+Virtual hosts for the Gemini server. If multiple values are
+specified, corresponding directory names should be present in the @code{content}
+directory. Optional.
@item @code{lang} (default: @code{#f})
RFC 4646 language code(s) for text/gemini documents. Optional.
-@item @code{silent?} (default: @code{#f})
-Set to @code{#t} to disable logging output.
+@item @code{only-tls13?} (default: @code{#f})
+Set to @code{#t} to disable support for TLSv1.2.
@item @code{serve-secret?} (default: @code{#f})
Set to @code{#t} to serve secret files (files/directories starting with
a dot).
+@item @code{central-conf?} (default: @code{#f})
+Set to @code{#t} to look for the .meta configuration file in the @code{content}
+root directory and will ignore @code{.meta} files in other directories
+
+@item @code{ed25519?} (default: @code{#f})
+Set to @code{#t} to generate keys using the Ed25519 signature algorithm
+instead of the default ECDSA.
+
+@item @code{skip-port-check?} (default: @code{#f})
+Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
+
@item @code{log-ip?} (default: @code{#t})
Whether or not to output IP addresses when logging.
--
2.45.1
next prev parent reply other threads:[~2024-06-22 19:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-22 19:03 [bug#71722] [PATCH 0/2] services: Update agate-service-type to match actual agate options Rodion Goritskov
2024-06-22 19:33 ` [bug#71722] [PATCH 1/2] services: agate: Update options for compatibility with the current Agate version Rodion Goritskov
2024-06-22 19:33 ` Rodion Goritskov [this message]
2024-07-26 17:01 ` [bug#71722] [PATCH 0/2] services: Update agate-service-type to match actual agate options Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60dbc3caee3fc6038fceeeb5ca677cf1d626c8a7.1719082137.git.rodion.goritskov@gmail.com \
--to=rodion.goritskov@gmail.com \
--cc=71722@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).