03/04: services: certbot: Reload nginx in deploy hook.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/04: services: certbot: Reload nginx in deploy hook.

From:	guix-commits
Subject:	03/04: services: certbot: Reload nginx in deploy hook.
Date:	Wed, 31 Jan 2024 10:55:28 -0500 (EST)

snape pushed a commit to branch master
in repository guix.

commit d4a4b12f0ac52563254d34dc1e26030b354d3f73
Author: Carlo Zancanaro <carlo@zancanaro.id.au>
AuthorDate: Wed Jan 31 11:46:24 2024 +0000

    services: certbot: Reload nginx in deploy hook.
    
    * gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
    * doc/guix.texi (Certificate services): Remove deploy-hook from example.
    
    Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
    Signed-off-by: Clément Lassieur <clement@lassieur.org>
---
 doc/guix.texi            | 10 +---------
 gnu/services/certbot.scm | 10 ++++++++--
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 732abceb0f..c71d7e94cf 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32562,21 +32562,13 @@ A service type for the @code{certbot} Let's Encrypt 
client.  Its value
 must be a @code{certbot-configuration} record as in this example:
 
 @lisp
-(define %certbot-deploy-hook
-  (program-file "certbot-deploy-hook.scm"
-    (with-imported-modules '((gnu services herd))
-      #~(begin
-          (use-modules (gnu services herd))
-          (with-shepherd-action 'nginx ('reload) result result)))))
-
 (service certbot-service-type
          (certbot-configuration
           (email "foo@@example.net")
           (certificates
            (list
             (certificate-configuration
-             (domains '("example.net" "www.example.net"))
-             (deploy-hook %certbot-deploy-hook))
+             (domains '("example.net" "www.example.net")))
             (certificate-configuration
              (domains '("bar.example.net")))))))
 @end lisp
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 10b99f5630..cb1be0c0e9 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -100,9 +100,11 @@ overwrite the initial self-signed certificates upon the 
first successful
 deploy."
   (program-file
    (string-append name "-deploy-hook")
-   (with-imported-modules '((guix build utils))
+   (with-imported-modules '((gnu services herd)
+                            (guix build utils))
      #~(begin
-         (use-modules (guix build utils))
+         (use-modules (gnu services herd)
+                      (guix build utils))
          (mkdir-p #$(string-append "/etc/certs/" name))
          (chmod #$(string-append "/etc/certs/" name) #o755)
 
@@ -120,6 +122,10 @@ deploy."
                       #$(string-append "/etc/certs/" name "/privkey.pem"))
          (rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new")
                       #$(string-append "/etc/certs/" name "/fullchain.pem"))
+
+         ;; With the new certificates in place, tell nginx to reload them.
+         (with-shepherd-action 'nginx ('reload) result result)
+
          #$@(if deploy-hook-script
                 (list #~(invoke #$deploy-hook-script))
                 '())))))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (7a45f7b9e1 -> 023c3e0ac4), guix-commits, 2024/01/31
- 03/04: services: certbot: Reload nginx in deploy hook., guix-commits <=
- 01/04: services: certbot: Symlink certificates to /etc/certs., guix-commits, 2024/01/31
- 04/04: services: certbot: Add one-shot service to renew certificates., guix-commits, 2024/01/31
- 02/04: services: certbot: Create self-signed certificates before certbot runs., guix-commits, 2024/01/31

Prev by Date: 02/02: gnu: cl-maidenhead: Update to 1.1-1.4b9c38e.
Next by Date: branch master updated (7a45f7b9e1 -> 023c3e0ac4)
Previous by thread: branch master updated (7a45f7b9e1 -> 023c3e0ac4)
Next by thread: 01/04: services: certbot: Symlink certificates to /etc/certs.
Index(es):
- Date
- Thread