From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id 2CN4LJv6VGHlTAAAgWs5BA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 30 Sep 2021 01:45:31 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id oNgnKJv6VGG+eQAAB5/wlQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 29 Sep 2021 23:45:31 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id F0AC8147F4
	for <larch@yhetil.org>; Thu, 30 Sep 2021 01:45:30 +0200 (CEST)
Received: from localhost ([::1]:35734 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1mVjGU-0002p9-5q
	for larch@yhetil.org; Wed, 29 Sep 2021 19:45:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:56644)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mVjG3-0002ob-0f
 for bug-guix@gnu.org; Wed, 29 Sep 2021 19:45:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:39434)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mVjG2-0000AP-Hz
 for bug-guix@gnu.org; Wed, 29 Sep 2021 19:45:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mVjG2-00031x-E7
 for bug-guix@gnu.org; Wed, 29 Sep 2021 19:45:02 -0400
Subject: bug#50872: Prosody service + letsencrypt certs improvements
Resent-From: Christine Lemmer-Webber <cwebber@dustycloud.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-To: bug-guix@gnu.org
Resent-Date: Wed, 29 Sep 2021 23:45:02 +0000
Resent-Message-ID: <handler.50872.D50872.163295909611607.done@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: cc-closed 50872
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Carlo Zancanaro <carlo@zancanaro.id.au>
Mail-Followup-To: 50872@debbugs.gnu.org, cwebber@dustycloud.org,
 cwebber@dustycloud.org
Received: via spool by 50872-done@debbugs.gnu.org id=D50872.163295909611607
 (code D ref 50872); Wed, 29 Sep 2021 23:45:02 +0000
Received: (at 50872-done) by debbugs.gnu.org; 29 Sep 2021 23:44:56 +0000
Received: from localhost ([127.0.0.1]:50977 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mVjFw-000319-8M
 for submit@debbugs.gnu.org; Wed, 29 Sep 2021 19:44:56 -0400
Received: from dustycloud.org ([50.116.34.160]:58044)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <cwebber@dustycloud.org>) id 1mVjFt-00030u-B3
 for 50872-done@debbugs.gnu.org; Wed, 29 Sep 2021 19:44:53 -0400
Received: from twig (localhost [127.0.0.1])
 by dustycloud.org (Postfix) with ESMTPS id A634126663;
 Wed, 29 Sep 2021 19:44:52 -0400 (EDT)
References: <87h7e4tyb3.fsf@dustycloud.org> <87zgrv13hp.fsf@zancanaro.id.au>
User-agent: mu4e 1.6.6; emacs 27.2
From: Christine Lemmer-Webber <cwebber@dustycloud.org>
Date: Wed, 29 Sep 2021 19:43:29 -0400
In-reply-to: <87zgrv13hp.fsf@zancanaro.id.au>
Message-ID: <87fstnosjv.fsf@dustycloud.org>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: 50872-done@debbugs.gnu.org
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1632959131;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-to:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post;
	bh=uutr8OIhuxiYdPTH/eSmd865FE17lU2nAeKKQCGLGlQ=;
	b=c+PrF+K9rvAxILqVSwKZhT6DWo3IqR/MHrfOLeJU9FWcbUBfhRAPCI9j7fwsJca5cI450m
	zqlY5CL+a6xm72vtsf9AYllJZruUKvh/qaaoEi1mdp6d39jpzjlYIUu/dNA9g6r2nyD4n+
	lsNATY8y9o0LN7/VeJBxdoL1GhWKNPdnAAx2RC0PlHzWypu8Qhgxpglix7yQAjeO/NMuse
	itNzkeChPt+UrG38GzOJ2bljUQ9OQzve42bsyH8JAcOkzwyMemeYI+9Uoud64rwcPkuOxc
	fduJkdx0i9xxiRtIl+65vDyK5b1UOFf+bKyNa8HEoQeMte+kUOSH2ws0PzTwRQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632959131; a=rsa-sha256; cv=none;
	b=ZUKOml7XPGjySLBr7sQsVqoU3Sz4+dWSQ/8GuNi4ey1bXsPkyZxA9frxB9M2etY9Za3FJi
	Hpfn74NEX0CQRTWkvkSGFMHv1bPBB860UkkSdlHnDojl0Xk0Cc+SwCOLUQ19DAj3ejdknc
	h8RqGKIBXPJcIlajbwpnAKHMIv+1HigKzP60M+8/8qtWwVWjMvnuGOX1sRbb9EXAjPrfns
	+37oi6DDYUA4m2YijdihusxfXRNblPNt+G3BoPUGGynXCtVZIofHjRcNwFI/QUiFlWxA+e
	kpY8XGhp6ityJf4E1R+ZaFQW0qXWTzudo0PEKAczTFJ2bidl0tiaKuc/BU81aA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Spam-Score: -2.40
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: F0AC8147F4
X-Spam-Score: -2.40
X-Migadu-Scanner: scn0.migadu.com
X-TUID: I7iAAAYpz6w/

Carlo Zancanaro <carlo@zancanaro.id.au> writes:

> Hi Christine,
>
> On Tue, Sep 28 2021, Christine Lemmer-Webber wrote:
>> Hm, in other words we really ought to run this attached to some hook
>> related to the letsencrypt services... when they renew successfully,
>> it should trigger this command, I'd think.  We do similar things for
>> nginx, etc...
>
> I'm pretty sure Guix doesn't do anything automatic when certificates
> are renewed. For nginx there's an example in the manual for how to set
> up a deploy hook to reload the certificates[1], so I expect that
> you'll have to set up something similar.

You're right... not sure why I thought it did.

> My prosody setup has this deploy hook:
>
>    (program-file
>     "reload-certificates"
>     #~(let ((prosodyctl (string-append #$(specification->package
>      "prosody")
>                                        "/bin/prosodyctl")))
>         (system* prosodyctl "--root" "cert" "import"
>         "/etc/letsencrypt/live")
>         (system* prosodyctl "reload")))
>
> but I have recently had some trouble with it (prosody hasn't been
> reloading the certificate properly). I don't think my issue is 
> related to this deploy hook, though.

That seems great.  I'll give it a try.

Since this isn't significantly different from other services then (well,
excepting that prosody needs to not just reload but have the import
command run again... but you've provided what looks like a good solution
above) I'm going to close this.

> I hope that helps!

It does, thanks!

> Carlo
>
> [1]:
> https://guix.gnu.org/en/manual/en/html_node/Certificate-Services.html