diff options
author | Clément Lassieur <clement@lassieur.org> | 2018-02-10 16:32:26 +0100 |
---|---|---|
committer | Clément Lassieur <clement@lassieur.org> | 2018-02-22 21:43:53 +0100 |
commit | 65fc1d890d2e33e62a7c9d9fe31184c48d848e0c (patch) | |
tree | 67533892a1431b89f738d96986cb3bb513cd402f | |
parent | c1dfcfdf58b4a05903d6b4266ca3c04f1c4cb6e2 (diff) | |
download | gnu-guix-65fc1d890d2e33e62a7c9d9fe31184c48d848e0c.tar gnu-guix-65fc1d890d2e33e62a7c9d9fe31184c48d848e0c.tar.gz |
services: certbot: Get certbot to run non-interactively.
* doc/guix.texi (Certificate Services): Add email field and link to the ACME
Subscriber Agreement.
* gnu/services/certbot.scm (<certbot-configuration>, certbot-command,
certbot-activation, certbot-nginx-server-configurations): Add email field.
(certbot-command): Add '-n' and '--agree-tos' options.
(certbot-service-type): Remove default-value.
-rw-r--r-- | doc/guix.texi | 8 | ||||
-rw-r--r-- | gnu/services/certbot.scm | 14 |
2 files changed, 17 insertions, 5 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index ff3fa97d7f..241d41bfd3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15741,6 +15741,10 @@ revoked, but running it regularly would give your service a chance of staying online in case a Let's Encrypt-initiated revocation happened for some reason. +By using this service, you agree to the ACME Subscriber Agreement, which +can be found there: +@url{https://acme-v01.api.letsencrypt.org/directory}. + @defvr {Scheme Variable} certbot-service-type A service type for the @code{certbot} Let's Encrypt client. @end defvr @@ -15761,6 +15765,10 @@ files. A list of domains for which to generate certificates and request signatures. +@item @code{email} +Mandatory email used for registration, recovery contact, and important +account notifications. + @item @code{default-location} (default: @i{see below}) The default @code{nginx-location-configuration}. Because @code{certbot} needs to be able to serve challenges and responses, it needs to be able diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 661e174980..379c211430 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -50,6 +50,7 @@ (default "/var/www")) (domains certbot-configuration-domains (default '())) + (email certbot-configuration-email) (default-location certbot-configuration-default-location (default (nginx-location-configuration @@ -59,12 +60,14 @@ (define certbot-command (match-lambda - (($ <certbot-configuration> package webroot domains default-location) + (($ <certbot-configuration> package webroot domains email + default-location) (let* ((certbot (file-append package "/bin/certbot")) (commands (map (lambda (domain) - (list certbot "certonly" + (list certbot "certonly" "-n" "--agree-tos" + "-m" email "--webroot" "-w" webroot "-d" domain)) domains))) @@ -85,7 +88,8 @@ (define (certbot-activation config) (match config - (($ <certbot-configuration> package webroot domains default-location) + (($ <certbot-configuration> package webroot domains email + default-location) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) @@ -94,7 +98,8 @@ (define certbot-nginx-server-configurations (match-lambda - (($ <certbot-configuration> package webroot domains default-location) + (($ <certbot-configuration> package webroot domains email + default-location) (map (lambda (domain) (nginx-server-configuration @@ -127,7 +132,6 @@ (domains (append (certbot-configuration-domains config) additional-domains))))) - (default-value (certbot-configuration)) (description "Automatically renew @url{https://letsencrypt.org, Let's Encrypt} HTTPS certificates by adjusting the nginx web server configuration |