From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id SGL+H9MNfmVG9gAAkFu2QA (envelope-from ) for ; Sat, 16 Dec 2023 21:51:31 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id mLfPHNMNfmUgpAAA62LTzQ (envelope-from ) for ; Sat, 16 Dec 2023 21:51:31 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702759891; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=3ZmcET/uohUz5k2KFgf4yIjGXmIRGWX4x0OUQi9kKEI=; b=EU9DA4MSvbwF7bV/0QirNRpOgCmThVlwxSWX/n9jm4E8Hn3P3glcyy+fTKCS6AJZhsakob klKd6nh7+P7l1Oh9ybX25Wi4dB+1tH14dgKo0XzyPmK5D9WlpGMr7HQUSIx0EAVaQy5pjK eIM3UdI7eU4Gk14R8b2E0GNOKa+qgva7y2FdlpJfDGmwdy+k5bwcXtHYZY3KicZhs7qlp2 +/2TsTkYpM1eYibcBT9aCpI/Ef5pClPc/WkLZcN9tP9fhupoETGMGCrJYzBkqmyMioWyH/ 3aLzVmvmoyhVNH8sdcQ1ddJgaAatxJPJt5+CpmZ8ObE/lP72t80Bd1m+QdMbGQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702759891; a=rsa-sha256; cv=none; b=mnp5XA5zmTLnD7Tf45WgLlxcf/3pk2zh8F0MH/RTu2+PQ+gxdpjSB7LHzVpY7j4SdYuZzC f5ulpLrmGhANEilp2dHSOzu7dRpOJIlxPiDK4GAey5jZxBStl7e7LN5MjQsH9Fy+AS+04t iBpjgJvtDThZGmuc2qEhxunZaNu9JR4fuq9lvuRmrcmJA4D5Ih9NBRSLpxglGYtNGxa/SA 7uJH8xyKefTXtbkFgEBEGFfaX1P2l/9aOp8OYGf/0q/PZe1pERbgP6TpL0j/KLuxzNXPAR YXFfobpQmj0yDvTDUnZ6eumZ0xbn2eiy74cyWgxdeTefAWhn61lXLoLQEolvCg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 391C030DD7 for ; Sat, 16 Dec 2023 21:51:30 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rEbcn-0002B5-CL; Sat, 16 Dec 2023 15:51:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEbck-0002Ah-9q for guix-patches@gnu.org; Sat, 16 Dec 2023 15:51:02 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rEbck-0007Y9-1g for guix-patches@gnu.org; Sat, 16 Dec 2023 15:51:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rEbck-00033C-QU for guix-patches@gnu.org; Sat, 16 Dec 2023 15:51:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67497] [PATCH] Multiple deploy hooks in certbot service Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 16 Dec 2023 20:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Arun Isaac , Felix Lechner Cc: 67497@debbugs.gnu.org Received: via spool by 67497-submit@debbugs.gnu.org id=B67497.170275983211631 (code B ref 67497); Sat, 16 Dec 2023 20:51:02 +0000 Received: (at 67497) by debbugs.gnu.org; 16 Dec 2023 20:50:32 +0000 Received: from localhost ([127.0.0.1]:56160 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEbcG-00031S-4d for submit@debbugs.gnu.org; Sat, 16 Dec 2023 15:50:32 -0500 Received: from smtpmciv1.myservices.hosting ([185.26.107.237]:51632) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rEbc9-00031D-TA for 67497@debbugs.gnu.org; Sat, 16 Dec 2023 15:50:30 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv1.myservices.hosting (Postfix) with ESMTP id DC38520DD5; Sat, 16 Dec 2023 21:50:22 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 2A42780095; Sat, 16 Dec 2023 21:50:19 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 2U0fwhI8ZYwP; Sat, 16 Dec 2023 21:50:18 +0100 (CET) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 88AD880067; Sat, 16 Dec 2023 21:50:18 +0100 (CET) Message-ID: Date: Sat, 16 Dec 2023 20:50:16 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US References: <87zfyzkkt4.fsf@lease-up.com> <874jh6bu8c.fsf@systemreboot.net> From: Bruno Victal In-Reply-To: <874jh6bu8c.fsf@systemreboot.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------pxfr190QYyQd4FQ2hWfEPAXI" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -8.30 X-Spam-Score: -8.30 X-Migadu-Queue-Id: 391C030DD7 X-Migadu-Scanner: mx12.migadu.com X-TUID: ks0GO5iS9uee This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------pxfr190QYyQd4FQ2hWfEPAXI Content-Type: multipart/mixed; boundary="------------OUIg0jZ6YGGc1qxwQ5EDzy8W"; protected-headers="v1" From: Bruno Victal To: Arun Isaac , Felix Lechner Cc: 67497@debbugs.gnu.org Message-ID: Subject: Re: bug#67497: [PATCH] Multiple deploy hooks in certbot service References: <87zfyzkkt4.fsf@lease-up.com> <874jh6bu8c.fsf@systemreboot.net> In-Reply-To: <874jh6bu8c.fsf@systemreboot.net> --------------OUIg0jZ6YGGc1qxwQ5EDzy8W Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Felix and Arun, On 2023-11-28 00:24, Arun Isaac wrote: > It's already possible to write the deploy-hook as a G-expression > constructed script (using program-file) that invokes multiple hooks in > succession. Something like: >=20 > (program-file "deploy-hook" > (with-imported-modules '((guix build utils)) > #~(begin > (use-modules (guix build utils)) >=20 > (invoke "/some/hook") > (invoke "/some/other/hook")))) Indeed, and for the record mine looks like this: --8<---------------cut here---------------start------------->8--- (program-file "certbot-hook.scm" ;; source-module-closure not used here because at the time of writing ;; (gnu services herd) only uses Guile modules. (with-imported-modules '((gnu services herd)) #~(begin (use-modules (gnu services herd)) (with-shepherd-action 'nginx ('reload) result result) (restart-service 'dovecot) (restart-service 'smtpd)))) --8<---------------cut here---------------end--------------->8--- (that is, a single hook is responsible for various other shepherd services) > Here /some/hook and /some/other/hook can themselves be recursively > constructed using program-file. So, do we really need a service that > explicitly accepts multiple deploy hooks? As Arun pointed out, I don't think multiple deploy hooks would be adding value here. What would be interesting though is adding service-extensions support for certbot-service-type. Roughly speaking, two plausible ways to achieve this would be: * Single deploy-hook and ungexp-splicing, i.e.: --8<---------------cut here---------------start------------->8--- ;; service-extension-hooks: list of program-files #$@(map (lambda (extension-hook) #~(invoke #$extension-hook)) service-extension-hooks) --8<---------------cut here---------------end--------------->8--- * Multiple --deploy-hook =E2=80=A6 behind the scenes (the deploy-hook field in still accepts only a single hook) Important note, such service-extensions must account for the fact that they are actually extensions to objects, i.e. they have to account for which domain(s) is the (deploy/ cleanup/authentication)-hook for. --=20 Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno. --------------OUIg0jZ6YGGc1qxwQ5EDzy8W-- --------------pxfr190QYyQd4FQ2hWfEPAXI Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTAPCseV0HOaN0YFheobOGDL+spVQUCZX4NigAKCRCobOGDL+sp VecqAP0YQWXsd5Egk/UBaNWqfO0cHBbrUDIRCNPJCx/5JTcdsAEA82oxJvMavBw+ 3CZhxwacoy8+ImYFWJ195K5RmNO3yAM= =ZTEy -----END PGP SIGNATURE----- --------------pxfr190QYyQd4FQ2hWfEPAXI--