[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#47136] [PATCH 3/3] services: certbot: Add dry-run? certificate opti
|
From: |
Pierre Langlois |
|
Subject: |
[bug#47136] [PATCH 3/3] services: certbot: Add dry-run? certificate option. |
|
Date: |
Sat, 17 Apr 2021 17:51:46 +0100 |
|
User-agent: |
mu4e 1.4.15; emacs 27.2 |
Hi all,
Friendly ping on this series :-).
Thanks,
Pierre
Pierre Langlois writes:
> * gnu/services/certbot.scm (certificate-configuration): Add dry-run? field.
> (certbot-command): Use it to pass --dry-run to certbot.
> * doc/guix.texi (Certificate Services): Document dry-run? option.
> ---
> doc/guix.texi | 35 +++++++++++++++++++++++++++++++++++
> gnu/services/certbot.scm | 10 +++++++---
> 2 files changed, 42 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index ec449b1772..322c717941 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -25665,6 +25665,41 @@ certificates and keys; the shell variable
> @code{$RENEWED_DOMAINS} will
> contain a space-delimited list of renewed certificate domains (for
> example, @samp{"example.com www.example.com"}.
>
> +@item @code{dry-run?} (default: @code{#f})
> +Communitcate with the ACME server but do not update certificates nor
note-to-self, typo here: Communicate
> +trigger @code{deploy-hook}. This is useful as a temporary setting to
> +test the challenge procedure, especially the @code{authentication-hook}
> +and @code{cleanup-hook} while working on them. It's also a good idea to
> +use Let's Encrypt's staging server at
> +@url{https://acme-staging-v02.api.letsencrypt.org/directory} while
> +testing, which allows for higher rate limits, but with which
> +@code{certbot} will helpfully refuse to update certificates and
> +recommend the @code{dry-run?} option. For example:
> +
> +@lisp
> +(define %authentication-hook
> + (program-file "authentication-hook"
> + #~(let ((domain (getenv "CERTBOT_DOMAIN"))
> + (token (getenv "CERTBOT_TOKEN")))
> + (format #t "Hey, can you authenticate ~a with ~a for me?"
> + domain token))))
> +
> +(define %cleanup-hook
> + (program-file "authentication-hook"
> + #~(display "Bye")
> +
> +(service certbot-service-type
> + (certbot-configuration
> + (server "https://acme-staging-v02.api.letsencrypt.org/directory";)
> + (certificates
> + (list
> + (certificate-configuration
> + (dry-run? #t)
> + (authentication-hook %authentication-hook)
> + (cleanup-hook %cleanup-hook)
> + (domains '("example.net" "www.example.net")))))))
> +@end lisp
> +
> @end table
> @end deftp
>
> diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
> index 1cea68fc2a..15274cf0ed 100644
> --- a/gnu/services/certbot.scm
> +++ b/gnu/services/certbot.scm
> @@ -61,6 +61,8 @@
> (cleanup-hook certificate-cleanup-hook
> (default #f))
> (deploy-hook certificate-configuration-deploy-hook
> + (default #f))
> + (dry-run? certbot-configuration-dry-run?
> (default #f)))
>
> (define-record-type* <certbot-configuration>
> @@ -96,7 +98,7 @@
> (match-lambda
> (($ <certificate-configuration> custom-name domains challenge
> authentication-hook
> cleanup-hook
> - deploy-hook)
> + deploy-hook dry-run?)
> (let ((name (or custom-name (car domains))))
> (if challenge
> (append
> @@ -114,7 +116,8 @@
> `("--manual-auth-hook" ,authentication-hook)
> '())
> (if cleanup-hook `("--manual-cleanup-hook"
> ,cleanup-hook) '())
> - (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
> + (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> + (if dry-run? '("--dry-run")))
> (append
> (list name certbot "certonly" "-n" "--agree-tos"
> "--webroot" "-w" webroot
> @@ -125,7 +128,8 @@
> '("--register-unsafely-without-email"))
> (if server `("--server" ,server) '())
> (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
> - (if deploy-hook `("--deploy-hook" ,deploy-hook)
> '()))))))
> + (if deploy-hook `("--deploy-hook" ,deploy-hook) '())
> + (if dry-run? '("--dry-run") '()))))))
> certificates)))
> (program-file
> "certbot-command"
signature.asc
Description: PGP signature
- [bug#47136] [PATCH 3/3] services: certbot: Add dry-run? certificate option.,
Pierre Langlois <=