From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43592) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eorNv-0005vk-Bh for guix-patches@gnu.org; Thu, 22 Feb 2018 08:58:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eorNq-0004hW-GX for guix-patches@gnu.org; Thu, 22 Feb 2018 08:58:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:47516) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eorNq-0004h3-AV for guix-patches@gnu.org; Thu, 22 Feb 2018 08:58:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eorNp-00074u-Om for guix-patches@gnu.org; Thu, 22 Feb 2018 08:58:01 -0500 Subject: [bug#30459] [PATCH 06/11] services: certbot: Get certbot to run non-interactively. Resent-Message-ID: From: Marius Bakke In-Reply-To: <874lmc4mz4.fsf@lassieur.org> References: <20180214213504.29984-1-clement@lassieur.org> <20180214213504.29984-6-clement@lassieur.org> <87606vvecp.fsf@fastmail.com> <874lmc4mz4.fsf@lassieur.org> Date: Thu, 22 Feb 2018 14:57:07 +0100 Message-ID: <874lm9b00c.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Cc: 30459@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cl=C3=A9ment Lassieur writes: > Marius Bakke writes: > >> Cl=C3=A9ment Lassieur writes: >> >>> * doc/guix.texi (Certificate Services): Add email field. >>> * gnu/services/certbot.scm (, certbot-command, >>> certbot-activation, certbot-nginx-server-configurations): Add email fie= ld. >>> (certbot-command): Add '-n' and '--agree-tos' options. >>> (certbot-service-type): Remove default-value. >> >> Since this effectively hides the ToS from the user, I think we should >> update documentation to link to it. Something along the lines of >> "By using this service, you agree to the Terms and Conditions laid out >> in URL...". >> >> I'm not a user of certbot currently and thus haven't tested it, but the >> other patches LGTM to me. Thanks a lot for working on this! > > Thank you very much for the review, Marius, I'll update the > documentation as you said. > > I won't push right now because I'm unconvinced by certbot-activation: > - it runs at every reconfigure, whereas I want it to run only when the > configuration changes > - it runs at system startup (with no internet access, I think) which I > obviously don't want > - it requires internet access I haven't studied the code, but perhaps certbot-activation could be made a "proper" Shepherd service (e.g. simple-service)? That way it can have a dependency on networking, at least. It also would not run on every reconfigure. > Assuming there is no way to get it to run only on reconfigure when the > configuration has changed, I could make a command that the user would > use manually (wich profile-service-type). They would use this command > if they add new certificates and if they don't want to wait for the cron > task to happen. WDYT? This sounds great, but don't know if it should block this series. Perhaps you can push it to a 'wip-certbot' branch on Savannah for easier access and testing? Also, hopefully some of our newfound Shepherd experts can chime in on this thread :) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlqOzDMACgkQoqBt8qM6 VPqL3QgAqHKRp8YQpo8ec/UF7fwTgfQxAleVDJRDZ83hGXM1sUJNA3TgvbA5E+kq MwXtprovF+RBXtwsJdUSM5LoSHTmaiAjG9LhtYRg0DmOtlzMzm+w3DJL2O8ppi1a k23m7K6yTGoTbsWcEKyh3Xyn2z7PdMFRdHtnFRC7vrX43H18r3uogBmScvcDfL/s 6q63HGvOTaln7VsrTEDB6BOtFXIt0pOiyHMGdFrG0XTXgN/T6RqEwoglmEk1WGCI YAvLbwdkm2DNn0mZbguLBi9NH40Nn2UcmJr8Bcy3T64Y/MVyAciOPLdYPX6/3rSQ fy1hvQwy4c3/qEgqcXQRRI741xzLcQ== =2+aZ -----END PGP SIGNATURE----- --=-=-=--