From 966fd7b7e9f321a02e740659ab1c1853e34533b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= Date: Sat, 10 Feb 2018 14:56:53 +0100 Subject: services: certbot: Rename 'host' to 'domain'. * doc/guix.texi (Certificate Services): Rename 'host' to 'domain'. * gnu/services/certbot.scm (, certbot-renewal-jobs, certbot-activation, certbot-nginx-server-configurations, certbot-service-type): Rename 'host' to 'domain'. --- doc/guix.texi | 14 +++++++------- gnu/services/certbot.scm | 42 ++++++++++++++++++++++-------------------- 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 03cd2d5d71..ff3fa97d7f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15757,8 +15757,8 @@ The certbot package to use. The directory from which to serve the Let's Encrypt challenge/response files. -@item @code{hosts} (default: @code{()}) -A list of hosts for which to generate certificates and request +@item @code{domains} (default: @code{()}) +A list of domains for which to generate certificates and request signatures. @item @code{default-location} (default: @i{see below}) @@ -15766,7 +15766,7 @@ The default @code{nginx-location-configuration}. Because @code{certbot} needs to be able to serve challenges and responses, it needs to be able to run a web server. It does so by extending the @code{nginx} web service with an @code{nginx-server-configuration} listening on the -@var{hosts} on port 80, and which has a +@var{domains} on port 80, and which has a @code{nginx-location-configuration} for the @code{/.well-known/} URI path subspace used by Let's Encrypt. @xref{Web Services}, for more on these nginx configuration data types. @@ -15776,7 +15776,7 @@ Requests to other URL paths will be matched by the @code{nginx-server-configuration}s. By default, the @code{default-location} will issue a redirect from -@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving +@code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving you to define what to serve on your site via @code{https}. Pass @code{#f} to not issue a default location. @@ -15784,9 +15784,9 @@ Pass @code{#f} to not issue a default location. @end deftp The public key and its signatures will be written to -@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each -@var{host} in the configuration. The private key is written to -@code{/etc/letsencrypt/live/@var{host}/privkey.pem}. +@code{/etc/letsencrypt/live/@var{domain}/fullchain.pem}, for each +@var{domain} in the configuration. The private key is written to +@code{/etc/letsencrypt/live/@var{domain}/privkey.pem}. @node DNS Services diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 8ca64d9986..0b425bab90 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -48,7 +48,7 @@ (default certbot)) (webroot certbot-configuration-webroot (default "/var/www")) - (hosts certbot-configuration-hosts + (domains certbot-configuration-domains (default '())) (default-location certbot-configuration-default-location (default @@ -59,9 +59,9 @@ (define certbot-renewal-jobs (match-lambda - (($ package webroot hosts default-location) - (match hosts - ;; Avoid pinging certbot if we have no hosts. + (($ package webroot domains default-location) + (match domains + ;; Avoid pinging certbot if we have no domains. (() '()) (_ (list @@ -71,37 +71,38 @@ #~(job '(next-minute-from (next-hour '(0 12)) (list (random 60))) (string-append #$package "/bin/certbot renew" (string-concatenate - (map (lambda (host) - (string-append " -d " host)) - '#$hosts)))))))))) + (map (lambda (domain) + (string-append " -d " domain)) + '#$domains)))))))))) (define certbot-activation (match-lambda - (($ package webroot hosts default-location) + (($ package webroot domains default-location) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (mkdir-p #$webroot) (for-each - (lambda (host) - (unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host)) + (lambda (domain) + (unless (file-exists? + (in-vicinity "/etc/letsencrypt/live" domain)) (unless (zero? (system* (string-append #$certbot "/bin/certbot") "certonly" "--webroot" "-w" #$webroot - "-d" host)) - (error "failed to acquire cert for host" host)))) - '#$hosts)))))) + "-d" domain)) + (error "failed to acquire cert for domain" domain)))) + '#$domains)))))) (define certbot-nginx-server-configurations (match-lambda - (($ package webroot hosts default-location) + (($ package webroot domains default-location) (map - (lambda (host) + (lambda (domain) (nginx-server-configuration (listen '("80" "[::]:80")) (ssl-certificate #f) (ssl-certificate-key #f) - (server-name (list host)) + (server-name (list domain)) (locations (filter identity (list @@ -109,7 +110,7 @@ (uri "/.well-known") (body (list (list "root " webroot ";")))) default-location))))) - hosts)))) + domains)))) (define certbot-service-type (service-type (name 'certbot) @@ -121,11 +122,12 @@ (service-extension mcron-service-type certbot-renewal-jobs))) (compose concatenate) - (extend (lambda (config additional-hosts) + (extend (lambda (config additional-domains) (certbot-configuration (inherit config) - (hosts (append (certbot-configuration-hosts config) - additional-hosts))))) + (domains (append + (certbot-configuration-domains config) + additional-domains))))) (default-value (certbot-configuration)) (description "Automatically renew @url{https://letsencrypt.org, Let's -- cgit v1.2.3