From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56671) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1em4il-0005Dr-Jd for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1em4ii-0000zf-4a for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:35481) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1em4ih-0000zM-W3 for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:04 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1em4ih-0001xi-Nz for guix-patches@gnu.org; Wed, 14 Feb 2018 16:36:03 -0500 Subject: [bug#30459] [PATCH 04/11] services: certbot: Rename 'host' to 'domain'. Resent-Message-ID: From: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Date: Wed, 14 Feb 2018 22:34:57 +0100 Message-Id: <20180214213504.29984-4-clement@lassieur.org> In-Reply-To: <20180214213504.29984-1-clement@lassieur.org> References: <20180214213504.29984-1-clement@lassieur.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30459@debbugs.gnu.org * doc/guix.texi (Certificate Services): Rename 'host' to 'domain'. * gnu/services/certbot.scm (, certbot-renewal-jobs, certbot-activation, certbot-nginx-server-configurations, certbot-service-type): Rename 'host' to 'domain'. --- doc/guix.texi | 14 +++++++------- gnu/services/certbot.scm | 42 ++++++++++++++++++++++-------------------- 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 42705ff8d..42f2593d3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15692,8 +15692,8 @@ The certbot package to use. The directory from which to serve the Let's Encrypt challenge/response files. -@item @code{hosts} (default: @code{()}) -A list of hosts for which to generate certificates and request +@item @code{domains} (default: @code{()}) +A list of domains for which to generate certificates and request signatures. @item @code{default-location} (default: @i{see below}) @@ -15701,7 +15701,7 @@ The default @code{nginx-location-configuration}. Because @code{certbot} needs to be able to serve challenges and responses, it needs to be able to run a web server. It does so by extending the @code{nginx} web service with an @code{nginx-server-configuration} listening on the -@var{hosts} on port 80, and which has a +@var{domains} on port 80, and which has a @code{nginx-location-configuration} for the @code{/.well-known/} URI path subspace used by Let's Encrypt. @xref{Web Services}, for more on these nginx configuration data types. @@ -15711,7 +15711,7 @@ Requests to other URL paths will be matched by the @code{nginx-server-configuration}s. By default, the @code{default-location} will issue a redirect from -@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving +@code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving you to define what to serve on your site via @code{https}. Pass @code{#f} to not issue a default location. @@ -15719,9 +15719,9 @@ Pass @code{#f} to not issue a default location. @end deftp The public key and its signatures will be written to -@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each -@var{host} in the configuration. The private key is written to -@code{/etc/letsencrypt/live/@var{host}/privkey.pem}. +@code{/etc/letsencrypt/live/@var{domain}/fullchain.pem}, for each +@var{domain} in the configuration. The private key is written to +@code{/etc/letsencrypt/live/@var{domain}/privkey.pem}. @node DNS Services diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 8ca64d998..0b425bab9 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -48,7 +48,7 @@ (default certbot)) (webroot certbot-configuration-webroot (default "/var/www")) - (hosts certbot-configuration-hosts + (domains certbot-configuration-domains (default '())) (default-location certbot-configuration-default-location (default @@ -59,9 +59,9 @@ (define certbot-renewal-jobs (match-lambda - (($ package webroot hosts default-location) - (match hosts - ;; Avoid pinging certbot if we have no hosts. + (($ package webroot domains default-location) + (match domains + ;; Avoid pinging certbot if we have no domains. (() '()) (_ (list @@ -71,37 +71,38 @@ #~(job '(next-minute-from (next-hour '(0 12)) (list (random 60))) (string-append #$package "/bin/certbot renew" (string-concatenate - (map (lambda (host) - (string-append " -d " host)) - '#$hosts)))))))))) + (map (lambda (domain) + (string-append " -d " domain)) + '#$domains)))))))))) (define certbot-activation (match-lambda - (($ package webroot hosts default-location) + (($ package webroot domains default-location) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (mkdir-p #$webroot) (for-each - (lambda (host) - (unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host)) + (lambda (domain) + (unless (file-exists? + (in-vicinity "/etc/letsencrypt/live" domain)) (unless (zero? (system* (string-append #$certbot "/bin/certbot") "certonly" "--webroot" "-w" #$webroot - "-d" host)) - (error "failed to acquire cert for host" host)))) - '#$hosts)))))) + "-d" domain)) + (error "failed to acquire cert for domain" domain)))) + '#$domains)))))) (define certbot-nginx-server-configurations (match-lambda - (($ package webroot hosts default-location) + (($ package webroot domains default-location) (map - (lambda (host) + (lambda (domain) (nginx-server-configuration (listen '("80" "[::]:80")) (ssl-certificate #f) (ssl-certificate-key #f) - (server-name (list host)) + (server-name (list domain)) (locations (filter identity (list @@ -109,7 +110,7 @@ (uri "/.well-known") (body (list (list "root " webroot ";")))) default-location))))) - hosts)))) + domains)))) (define certbot-service-type (service-type (name 'certbot) @@ -121,11 +122,12 @@ (service-extension mcron-service-type certbot-renewal-jobs))) (compose concatenate) - (extend (lambda (config additional-hosts) + (extend (lambda (config additional-domains) (certbot-configuration (inherit config) - (hosts (append (certbot-configuration-hosts config) - additional-hosts))))) + (domains (append + (certbot-configuration-domains config) + additional-domains))))) (default-value (certbot-configuration)) (description "Automatically renew @url{https://letsencrypt.org, Let's -- 2.16.1