[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/04: services: certbot: Reload nginx in deploy hook.
From: |
guix-commits |
Subject: |
03/04: services: certbot: Reload nginx in deploy hook. |
Date: |
Wed, 31 Jan 2024 10:55:28 -0500 (EST) |
snape pushed a commit to branch master
in repository guix.
commit d4a4b12f0ac52563254d34dc1e26030b354d3f73
Author: Carlo Zancanaro <carlo@zancanaro.id.au>
AuthorDate: Wed Jan 31 11:46:24 2024 +0000
services: certbot: Reload nginx in deploy hook.
* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
* doc/guix.texi (Certificate services): Remove deploy-hook from example.
Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
Signed-off-by: Clément Lassieur <clement@lassieur.org>
---
doc/guix.texi | 10 +---------
gnu/services/certbot.scm | 10 ++++++++--
2 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 732abceb0f..c71d7e94cf 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32562,21 +32562,13 @@ A service type for the @code{certbot} Let's Encrypt
client. Its value
must be a @code{certbot-configuration} record as in this example:
@lisp
-(define %certbot-deploy-hook
- (program-file "certbot-deploy-hook.scm"
- (with-imported-modules '((gnu services herd))
- #~(begin
- (use-modules (gnu services herd))
- (with-shepherd-action 'nginx ('reload) result result)))))
-
(service certbot-service-type
(certbot-configuration
(email "foo@@example.net")
(certificates
(list
(certificate-configuration
- (domains '("example.net" "www.example.net"))
- (deploy-hook %certbot-deploy-hook))
+ (domains '("example.net" "www.example.net")))
(certificate-configuration
(domains '("bar.example.net")))))))
@end lisp
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 10b99f5630..cb1be0c0e9 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -100,9 +100,11 @@ overwrite the initial self-signed certificates upon the
first successful
deploy."
(program-file
(string-append name "-deploy-hook")
- (with-imported-modules '((guix build utils))
+ (with-imported-modules '((gnu services herd)
+ (guix build utils))
#~(begin
- (use-modules (guix build utils))
+ (use-modules (gnu services herd)
+ (guix build utils))
(mkdir-p #$(string-append "/etc/certs/" name))
(chmod #$(string-append "/etc/certs/" name) #o755)
@@ -120,6 +122,10 @@ deploy."
#$(string-append "/etc/certs/" name "/privkey.pem"))
(rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new")
#$(string-append "/etc/certs/" name "/fullchain.pem"))
+
+ ;; With the new certificates in place, tell nginx to reload them.
+ (with-shepherd-action 'nginx ('reload) result result)
+
#$@(if deploy-hook-script
(list #~(invoke #$deploy-hook-script))
'())))))