[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#46961: [PATCH v3 3/4] services: certbot: Reload nginx in deploy hook
|
From: |
Carlo Zancanaro |
|
Subject: |
bug#46961: [PATCH v3 3/4] services: certbot: Reload nginx in deploy hook. |
|
Date: |
Wed, 31 Jan 2024 11:46:24 +0000 |
* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
* doc/guix.texi (Certificate services): Remove deploy-hook from example.
Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
---
I've pulled the nginx reloading into the regular deployment hook
here. I also removed the explicit deploy hook in the documentation,
because that is now the default behaviour.
doc/guix.texi | 10 +---------
gnu/services/certbot.scm | 10 ++++++++--
2 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 732abceb0f..c71d7e94cf 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32562,21 +32562,13 @@ Certificate Services
must be a @code{certbot-configuration} record as in this example:
@lisp
-(define %certbot-deploy-hook
- (program-file "certbot-deploy-hook.scm"
- (with-imported-modules '((gnu services herd))
- #~(begin
- (use-modules (gnu services herd))
- (with-shepherd-action 'nginx ('reload) result result)))))
-
(service certbot-service-type
(certbot-configuration
(email "foo@@example.net")
(certificates
(list
(certificate-configuration
- (domains '("example.net" "www.example.net"))
- (deploy-hook %certbot-deploy-hook))
+ (domains '("example.net" "www.example.net")))
(certificate-configuration
(domains '("bar.example.net")))))))
@end lisp
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 10b99f5630..cb1be0c0e9 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -100,9 +100,11 @@ (define (certbot-deploy-hook name deploy-hook-script)
deploy."
(program-file
(string-append name "-deploy-hook")
- (with-imported-modules '((guix build utils))
+ (with-imported-modules '((gnu services herd)
+ (guix build utils))
#~(begin
- (use-modules (guix build utils))
+ (use-modules (gnu services herd)
+ (guix build utils))
(mkdir-p #$(string-append "/etc/certs/" name))
(chmod #$(string-append "/etc/certs/" name) #o755)
@@ -120,6 +122,10 @@ (define (certbot-deploy-hook name deploy-hook-script)
#$(string-append "/etc/certs/" name "/privkey.pem"))
(rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new")
#$(string-append "/etc/certs/" name "/fullchain.pem"))
+
+ ;; With the new certificates in place, tell nginx to reload them.
+ (with-shepherd-action 'nginx ('reload) result result)
+
#$@(if deploy-hook-script
(list #~(invoke #$deploy-hook-script))
'())))))
--
2.41.0
- bug#46961: Nginx and certbot cervices don't play well togther, (continued)
bug#46961: Nginx and certbot cervices don't play well togther, Clément Lassieur, 2024/01/29
bug#46961: [PATCH 1/2] services: certbot: Symlink certificates to /etc/certs, Carlo Zancanaro, 2024/01/24
bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx, Carlo Zancanaro, 2024/01/30
Message not available
bug#46961: [PATCH v3 1/4] services: certbot: Symlink certificates to /etc/certs., Carlo Zancanaro, 2024/01/31
bug#46961: [PATCH v3 3/4] services: certbot: Reload nginx in deploy hook.,
Carlo Zancanaro <=
bug#46961: [PATCH v3 0/4] Make certbot play more nicely with nginx, Carlo Zancanaro, 2024/01/31
bug#46961: [PATCH v3 4/4] services: certbot: Add one-shot service to renew certificates., Carlo Zancanaro, 2024/01/31
bug#46961: [PATCH v3 2/4] services: certbot: Create self-signed certificates before certbot runs., Carlo Zancanaro, 2024/01/31
bug#46961: [PATCH v2 3/4] services: certbot: Add a default deploy hook to reload nginx., Carlo Zancanaro, 2024/01/30
bug#46961: [PATCH v2 1/4] services: certbot: Symlink certificates to /etc/certs., Carlo Zancanaro, 2024/01/30
bug#46961: [PATCH v2 2/4] services: certbot: Create self-signed certificates before certbot runs., Carlo Zancanaro, 2024/01/30
bug#46961: [PATCH v2 4/4] services: certbot: Add one-shot service to renew certificates., Carlo Zancanaro, 2024/01/30