aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClément Lassieur <clement@lassieur.org>2018-02-10 16:32:26 +0100
committerClément Lassieur <clement@lassieur.org>2018-02-22 21:43:53 +0100
commit65fc1d890d2e33e62a7c9d9fe31184c48d848e0c (patch)
tree67533892a1431b89f738d96986cb3bb513cd402f
parentc1dfcfdf58b4a05903d6b4266ca3c04f1c4cb6e2 (diff)
downloadgnu-guix-65fc1d890d2e33e62a7c9d9fe31184c48d848e0c.tar
gnu-guix-65fc1d890d2e33e62a7c9d9fe31184c48d848e0c.tar.gz
services: certbot: Get certbot to run non-interactively.
* doc/guix.texi (Certificate Services): Add email field and link to the ACME Subscriber Agreement. * gnu/services/certbot.scm (<certbot-configuration>, certbot-command, certbot-activation, certbot-nginx-server-configurations): Add email field. (certbot-command): Add '-n' and '--agree-tos' options. (certbot-service-type): Remove default-value.
-rw-r--r--doc/guix.texi8
-rw-r--r--gnu/services/certbot.scm14
2 files changed, 17 insertions, 5 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index ff3fa97d7f..241d41bfd3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15741,6 +15741,10 @@ revoked, but running it regularly would give your service a chance of
staying online in case a Let's Encrypt-initiated revocation happened for
some reason.
+By using this service, you agree to the ACME Subscriber Agreement, which
+can be found there:
+@url{https://acme-v01.api.letsencrypt.org/directory}.
+
@defvr {Scheme Variable} certbot-service-type
A service type for the @code{certbot} Let's Encrypt client.
@end defvr
@@ -15761,6 +15765,10 @@ files.
A list of domains for which to generate certificates and request
signatures.
+@item @code{email}
+Mandatory email used for registration, recovery contact, and important
+account notifications.
+
@item @code{default-location} (default: @i{see below})
The default @code{nginx-location-configuration}. Because @code{certbot}
needs to be able to serve challenges and responses, it needs to be able
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 661e174980..379c211430 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -50,6 +50,7 @@
(default "/var/www"))
(domains certbot-configuration-domains
(default '()))
+ (email certbot-configuration-email)
(default-location certbot-configuration-default-location
(default
(nginx-location-configuration
@@ -59,12 +60,14 @@
(define certbot-command
(match-lambda
- (($ <certbot-configuration> package webroot domains default-location)
+ (($ <certbot-configuration> package webroot domains email
+ default-location)
(let* ((certbot (file-append package "/bin/certbot"))
(commands
(map
(lambda (domain)
- (list certbot "certonly"
+ (list certbot "certonly" "-n" "--agree-tos"
+ "-m" email
"--webroot" "-w" webroot
"-d" domain))
domains)))
@@ -85,7 +88,8 @@
(define (certbot-activation config)
(match config
- (($ <certbot-configuration> package webroot domains default-location)
+ (($ <certbot-configuration> package webroot domains email
+ default-location)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
@@ -94,7 +98,8 @@
(define certbot-nginx-server-configurations
(match-lambda
- (($ <certbot-configuration> package webroot domains default-location)
+ (($ <certbot-configuration> package webroot domains email
+ default-location)
(map
(lambda (domain)
(nginx-server-configuration
@@ -127,7 +132,6 @@
(domains (append
(certbot-configuration-domains config)
additional-domains)))))
- (default-value (certbot-configuration))
(description
"Automatically renew @url{https://letsencrypt.org, Let's
Encrypt} HTTPS certificates by adjusting the nginx web server configuration