aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Lepiller <julien@lepiller.eu>2019-04-19 22:28:30 +0200
committerJulien Lepiller <julien@lepiller.eu>2019-04-25 19:46:18 +0200
commitb68aff1f05864a589b62afa44665a99e5cf43718 (patch)
tree70bca19ca5fe12b6a9cf889c8a18fb002cbc7b45
parentc3634df2a48a5b981a97c85f425784cee9f94bc7 (diff)
downloadpatches-b68aff1f05864a589b62afa44665a99e5cf43718.tar
patches-b68aff1f05864a589b62afa44665a99e5cf43718.tar.gz
gnu: certbot: Add support for manual plugin.
* gnu/services/certbot.scm (certificate-configuration): Add challenge, auth-hook and cleanup-hook fields. (certbot-command): Use them. * doc/guix.texi (Certificate Services): Document them.
-rw-r--r--doc/guix.texi20
-rw-r--r--gnu/services/certbot.scm40
2 files changed, 51 insertions, 9 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 879cb562e9..dbbb811a60 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -19425,6 +19425,26 @@ Its default is the first provided domain.
The first domain provided will be the subject CN of the certificate, and
all domains will be Subject Alternative Names on the certificate.
+@item @code{challenge} (default: @code{#f})
+The challenge type that has to be run by certbot. If @code{#f} is specified,
+default to the HTTP challenge. If a value is specified, defaults to the
+manual plugin (see @code{authentication-hook}, @code{cleanup-hook} and
+the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}).
+
+@item @code{authentication-hook} (default: @code{#f})
+Command to be run in a shell once for each certificate challenge to be
+answered. For this command, the shell variable @code{$CERTBOT_DOMAIN}
+will contain the domain being authenticated, @code{$CERTBOT_VALIDATION}
+contains the validation string and @code{$CERTBOT_TOKEN} contains the
+file name of the resource requested when performing an HTTP-01 challenge.
+
+@item @code{cleanup-hook} (default: @code{#f})
+Command to be run in a shell once for each certificate challenge that
+have been answered by the @code{auth-hook}. For this command, the shell
+variables available in the @code{auth-hook} script are still available, and
+additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
+of the @code{auth-hook} script.
+
@item @code{deploy-hook} (default: @code{#f})
Command to be run in a shell once for each successfully issued
certificate. For this command, the shell variable
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 7565bc97ca..ae34ad17bb 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2016 ng0 <ng0@n0.is>
;;; Copyright © 2016 Sou Bunnbu <iyzsong@member.fsf.org>
;;; Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -50,6 +51,12 @@
(default #f))
(domains certificate-configuration-domains
(default '()))
+ (challenge certificate-configuration-challenge
+ (default #f))
+ (authentication-hook certificate-authentication-hook
+ (default #f))
+ (cleanup-hook certificate-cleanup-hook
+ (default #f))
(deploy-hook certificate-configuration-deploy-hook
(default #f)))
@@ -81,17 +88,32 @@
(commands
(map
(match-lambda
- (($ <certificate-configuration> custom-name domains
+ (($ <certificate-configuration> custom-name domains challenge
+ authentication-hook cleanup-hook
deploy-hook)
(let ((name (or custom-name (car domains))))
- (append
- (list name certbot "certonly" "-n" "--agree-tos"
- "-m" email
- "--webroot" "-w" webroot
- "--cert-name" name
- "-d" (string-join domains ","))
- (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
- (if deploy-hook `("--deploy-hook" ,deploy-hook) '())))))
+ (if challenge
+ (append
+ (list name certbot "certonly" "-n" "--agree-tos"
+ "-m" email
+ "--manual"
+ (string-append "--preferred-challenges=" challenge)
+ "--cert-name" name
+ "-d" (string-join domains ","))
+ (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if authentication-hook
+ `("--manual-auth-hook" ,authentication-hook)
+ '())
+ (if cleanup-hook `("--manual-cleanup-hook" ,cleanup-hook) '())
+ (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
+ (append
+ (list name certbot "certonly" "-n" "--agree-tos"
+ "-m" email
+ "--webroot" "-w" webroot
+ "--cert-name" name
+ "-d" (string-join domains ","))
+ (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+ (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
certificates)))
(program-file
"certbot-command"