09/11: services: certbot: Allow to set RSA key size.

[Clément Lassieur]

snape pushed a commit to branch master
in repository guix.

commit a2cb2bbc0ba984398dd79ff7bd37af8960f67ced
Author: Clément Lassieur <address@hidden>
Date:   Sat Feb 10 17:27:19 2018 +0100

    services: certbot: Allow to set RSA key size.
    
    * doc/guix.texi (Certificate Services): Document it.
    * gnu/services/certbot.scm (<cerbot-configuration>, certbot-command,
    certbot-activation, certbot-nginx-server-configurations): Add it.
---
 doc/guix.texi            |  3 +++
 gnu/services/certbot.scm | 21 +++++++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 9e51ff3..e180297 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15785,6 +15785,9 @@ and several @code{domains}.
 Mandatory email used for registration, recovery contact, and important
 account notifications.
 
address@hidden @code{rsa-key-size} (default: @code{2048})
+Size of the RSA key.
+
 @item @code{default-location} (default: @i{see below})
 The default @code{nginx-location-configuration}.  Because @code{certbot}
 needs to be able to serve challenges and responses, it needs to be able
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index a70a365..51f5d71 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -60,6 +60,8 @@
   (certificates        certbot-configuration-certificates
                        (default '()))
   (email               certbot-configuration-email)
+  (rsa-key-size        certbot-configuration-rsa-key-size
+                       (default #f))
   (default-location    certbot-configuration-default-location
                        (default
                          (nginx-location-configuration
@@ -70,17 +72,20 @@
 (define certbot-command
   (match-lambda
     (($ <certbot-configuration> package webroot certificates email
-                                default-location)
+                                rsa-key-size default-location)
      (let* ((certbot (file-append package "/bin/certbot"))
+            (rsa-key-size (and rsa-key-size (number->string rsa-key-size)))
             (commands
              (map
               (match-lambda
                 (($ <certificate-configuration> name domains)
-                 (list certbot "certonly" "-n" "--agree-tos"
-                       "-m" email
-                       "--webroot" "-w" webroot
-                       "--cert-name" (or name (car domains))
-                       "-d" (string-join domains ","))))
+                 (append
+                  (list certbot "certonly" "-n" "--agree-tos"
+                        "-m" email
+                        "--webroot" "-w" webroot
+                        "--cert-name" (or name (car domains))
+                        "-d" (string-join domains ","))
+                  (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()))))
               certificates)))
        (program-file
         "certbot-command"
@@ -100,7 +105,7 @@
 (define (certbot-activation config)
   (match config
     (($ <certbot-configuration> package webroot certificates email
-                                default-location)
+                                rsa-key-size default-location)
      (with-imported-modules '((guix build utils))
        #~(begin
            (use-modules (guix build utils))
@@ -110,7 +115,7 @@
 (define certbot-nginx-server-configurations
   (match-lambda
     (($ <certbot-configuration> package webroot certificates email
-                                default-location)
+                                rsa-key-size default-location)
      (list
       (nginx-server-configuration
        (listen '("80" "[::]:80"))