aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi14
-rw-r--r--gnu/services/certbot.scm42
2 files changed, 29 insertions, 27 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 03cd2d5d71..ff3fa97d7f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15757,8 +15757,8 @@ The certbot package to use.
The directory from which to serve the Let's Encrypt challenge/response
files.
-@item @code{hosts} (default: @code{()})
-A list of hosts for which to generate certificates and request
+@item @code{domains} (default: @code{()})
+A list of domains for which to generate certificates and request
signatures.
@item @code{default-location} (default: @i{see below})
@@ -15766,7 +15766,7 @@ The default @code{nginx-location-configuration}. Because @code{certbot}
needs to be able to serve challenges and responses, it needs to be able
to run a web server. It does so by extending the @code{nginx} web
service with an @code{nginx-server-configuration} listening on the
-@var{hosts} on port 80, and which has a
+@var{domains} on port 80, and which has a
@code{nginx-location-configuration} for the @code{/.well-known/} URI
path subspace used by Let's Encrypt. @xref{Web Services}, for more on
these nginx configuration data types.
@@ -15776,7 +15776,7 @@ Requests to other URL paths will be matched by the
@code{nginx-server-configuration}s.
By default, the @code{default-location} will issue a redirect from
-@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving
+@code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving
you to define what to serve on your site via @code{https}.
Pass @code{#f} to not issue a default location.
@@ -15784,9 +15784,9 @@ Pass @code{#f} to not issue a default location.
@end deftp
The public key and its signatures will be written to
-@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each
-@var{host} in the configuration. The private key is written to
-@code{/etc/letsencrypt/live/@var{host}/privkey.pem}.
+@code{/etc/letsencrypt/live/@var{domain}/fullchain.pem}, for each
+@var{domain} in the configuration. The private key is written to
+@code{/etc/letsencrypt/live/@var{domain}/privkey.pem}.
@node DNS Services
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 8ca64d9986..0b425bab90 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -48,7 +48,7 @@
(default certbot))
(webroot certbot-configuration-webroot
(default "/var/www"))
- (hosts certbot-configuration-hosts
+ (domains certbot-configuration-domains
(default '()))
(default-location certbot-configuration-default-location
(default
@@ -59,9 +59,9 @@
(define certbot-renewal-jobs
(match-lambda
- (($ <certbot-configuration> package webroot hosts default-location)
- (match hosts
- ;; Avoid pinging certbot if we have no hosts.
+ (($ <certbot-configuration> package webroot domains default-location)
+ (match domains
+ ;; Avoid pinging certbot if we have no domains.
(() '())
(_
(list
@@ -71,37 +71,38 @@
#~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
(string-append #$package "/bin/certbot renew"
(string-concatenate
- (map (lambda (host)
- (string-append " -d " host))
- '#$hosts))))))))))
+ (map (lambda (domain)
+ (string-append " -d " domain))
+ '#$domains))))))))))
(define certbot-activation
(match-lambda
- (($ <certbot-configuration> package webroot hosts default-location)
+ (($ <certbot-configuration> package webroot domains default-location)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(mkdir-p #$webroot)
(for-each
- (lambda (host)
- (unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host))
+ (lambda (domain)
+ (unless (file-exists?
+ (in-vicinity "/etc/letsencrypt/live" domain))
(unless (zero? (system*
(string-append #$certbot "/bin/certbot")
"certonly" "--webroot" "-w" #$webroot
- "-d" host))
- (error "failed to acquire cert for host" host))))
- '#$hosts))))))
+ "-d" domain))
+ (error "failed to acquire cert for domain" domain))))
+ '#$domains))))))
(define certbot-nginx-server-configurations
(match-lambda
- (($ <certbot-configuration> package webroot hosts default-location)
+ (($ <certbot-configuration> package webroot domains default-location)
(map
- (lambda (host)
+ (lambda (domain)
(nginx-server-configuration
(listen '("80" "[::]:80"))
(ssl-certificate #f)
(ssl-certificate-key #f)
- (server-name (list host))
+ (server-name (list domain))
(locations
(filter identity
(list
@@ -109,7 +110,7 @@
(uri "/.well-known")
(body (list (list "root " webroot ";"))))
default-location)))))
- hosts))))
+ domains))))
(define certbot-service-type
(service-type (name 'certbot)
@@ -121,11 +122,12 @@
(service-extension mcron-service-type
certbot-renewal-jobs)))
(compose concatenate)
- (extend (lambda (config additional-hosts)
+ (extend (lambda (config additional-domains)
(certbot-configuration
(inherit config)
- (hosts (append (certbot-configuration-hosts config)
- additional-hosts)))))
+ (domains (append
+ (certbot-configuration-domains config)
+ additional-domains)))))
(default-value (certbot-configuration))
(description
"Automatically renew @url{https://letsencrypt.org, Let's