mirror of
https://codeberg.org/guix/guix.git
synced 2025-10-02 02:15:12 +00:00
services: certbot: Turn into a Shepherd timer.
* gnu/services/certbot.scm (certbot-renewal-jobs): Rename to… (certbot-renewal-shepherd-services): … this. Return a list of Shepherd services, including ‘renew-certbot-certificates’, formally defined… (certbot-renewal-one-shot): … here. Remove. (certbot-service-type): Adjust accordingly. Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Change-Id: I25ad9fc1277f4f6f948ab5fce7c6626f22591d10
This commit is contained in:
Ludovic Courtès
parent
465ce8c6a6
commit
8d77e252d2
1 changed files with 50 additions and 43 deletions
|
|
@ -27,7 +27,6 @@
|
||||||
#:use-module (gnu services)
|
#:use-module (gnu services)
|
||||||
#:use-module (gnu services base)
|
#:use-module (gnu services base)
|
||||||
#:use-module (gnu services shepherd)
|
#:use-module (gnu services shepherd)
|
||||||
#:use-module (gnu services mcron)
|
|
||||||
#:use-module (gnu services web)
|
#:use-module (gnu services web)
|
||||||
#:use-module (gnu system shadow)
|
#:use-module (gnu system shadow)
|
||||||
#:use-module (gnu packages tls)
|
#:use-module (gnu packages tls)
|
||||||
|
|
@ -220,23 +219,32 @@ deploy."
|
||||||
'#$commands)
|
'#$commands)
|
||||||
(exit script-code))))))))
|
(exit script-code))))))))
|
||||||
|
|
||||||
(define (certbot-renewal-jobs config)
|
(define (certbot-renewal-shepherd-services config)
|
||||||
(list
|
(list (shepherd-service
|
||||||
;; Attempt to renew the certificates twice per day, at a random minute
|
(provision '(certbot-certificate-renewal))
|
||||||
;; within the hour. See https://eff-certbot.readthedocs.io/.
|
(requirement '(user-processes nginx))
|
||||||
#~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
|
(modules '((shepherd service timer)))
|
||||||
#$(certbot-command config))))
|
(start #~(make-timer-constructor
|
||||||
|
;; Attempt to renew the certificates twice per day. See
|
||||||
|
;; https://eff-certbot.readthedocs.io/.
|
||||||
|
(calendar-event #:minutes '(22) #:hours '(0 12))
|
||||||
|
(command '(#$(certbot-command config)))
|
||||||
|
#:wait-for-termination? #t))
|
||||||
|
(stop #~(make-timer-destructor))
|
||||||
|
(documentation "Periodically run the 'certbot' command to renew X.509
|
||||||
|
certificates.")
|
||||||
|
(actions
|
||||||
|
(list shepherd-trigger-action
|
||||||
|
(shepherd-configuration-action (certbot-command config)))))
|
||||||
|
|
||||||
(define (certbot-renewal-one-shot config)
|
|
||||||
(list
|
|
||||||
;; Renew certificates when the system first starts. This is a one-shot
|
;; Renew certificates when the system first starts. This is a one-shot
|
||||||
;; service, because the mcron configuration will take care of running this
|
;; service, because the timer above takes care of running this
|
||||||
;; periodically. This is most useful the very first time the system starts,
|
;; periodically. This is most useful the very first time the system
|
||||||
;; to overwrite our self-signed certificates as soon as possible without
|
;; starts, to overwrite our self-signed certificates as soon as
|
||||||
;; user intervention.
|
;; possible without user intervention.
|
||||||
(shepherd-service
|
(shepherd-service
|
||||||
(provision '(renew-certbot-certificates))
|
(provision '(renew-certbot-certificates))
|
||||||
(requirement '(nginx))
|
(requirement '(user-processes nginx))
|
||||||
(one-shot? #t)
|
(one-shot? #t)
|
||||||
(start #~(lambda _
|
(start #~(lambda _
|
||||||
;; This needs the network, but there's no reliable way to know
|
;; This needs the network, but there's no reliable way to know
|
||||||
|
|
@ -258,8 +266,9 @@ deploy."
|
||||||
;; Failure.
|
;; Failure.
|
||||||
#f))))))
|
#f))))))
|
||||||
(auto-start? #t)
|
(auto-start? #t)
|
||||||
(documentation "Call certbot to renew certificates.")
|
(documentation "Run 'certbot' to renew certificates at boot time.")
|
||||||
(actions (list (shepherd-configuration-action (certbot-command config)))))))
|
(actions
|
||||||
|
(list (shepherd-configuration-action (certbot-command config)))))))
|
||||||
|
|
||||||
(define (generate-certificate-gexp certbot-cert-directory rsa-key-size)
|
(define (generate-certificate-gexp certbot-cert-directory rsa-key-size)
|
||||||
(match-lambda
|
(match-lambda
|
||||||
|
|
@ -354,10 +363,8 @@ deploy."
|
||||||
(compose list certbot-configuration-package))
|
(compose list certbot-configuration-package))
|
||||||
(service-extension activation-service-type
|
(service-extension activation-service-type
|
||||||
certbot-activation)
|
certbot-activation)
|
||||||
(service-extension mcron-service-type
|
|
||||||
certbot-renewal-jobs)
|
|
||||||
(service-extension shepherd-root-service-type
|
(service-extension shepherd-root-service-type
|
||||||
certbot-renewal-one-shot)))
|
certbot-renewal-shepherd-services)))
|
||||||
(compose concatenate)
|
(compose concatenate)
|
||||||
(extend (lambda (config additional-certificates)
|
(extend (lambda (config additional-certificates)
|
||||||
(certbot-configuration
|
(certbot-configuration
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue