From d4a4b12f0ac52563254d34dc1e26030b354d3f73 Mon Sep 17 00:00:00 2001
From: Carlo Zancanaro <carlo@zancanaro.id.au>
Date: Wed, 31 Jan 2024 11:46:24 +0000
Subject: services: certbot: Reload nginx in deploy hook.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
* doc/guix.texi (Certificate services): Remove deploy-hook from example.

Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
Signed-off-by: Clément Lassieur <clement@lassieur.org>
---
 gnu/services/certbot.scm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'gnu/services')

diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 10b99f5630..cb1be0c0e9 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -100,9 +100,11 @@ overwrite the initial self-signed certificates upon the first successful
 deploy."
   (program-file
    (string-append name "-deploy-hook")
-   (with-imported-modules '((guix build utils))
+   (with-imported-modules '((gnu services herd)
+                            (guix build utils))
      #~(begin
-         (use-modules (guix build utils))
+         (use-modules (gnu services herd)
+                      (guix build utils))
          (mkdir-p #$(string-append "/etc/certs/" name))
          (chmod #$(string-append "/etc/certs/" name) #o755)
 
@@ -120,6 +122,10 @@ deploy."
                       #$(string-append "/etc/certs/" name "/privkey.pem"))
          (rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new")
                       #$(string-append "/etc/certs/" name "/fullchain.pem"))
+
+         ;; With the new certificates in place, tell nginx to reload them.
+         (with-shepherd-action 'nginx ('reload) result result)
+
          #$@(if deploy-hook-script
                 (list #~(invoke #$deploy-hook-script))
                 '())))))
-- 
cgit v1.2.3