services: certbot: Refactor certbot command.

* gnu/services/certbot.scm (certbot-renewal-jobs, certbot-activation):
Refactor common code into certbot-command.

gnu/services/certbot.scm

@@ -57,41 +57,40 @@
                           (body
                            (list "return 301 https://$host$request_uri;"))))))
 
-(define certbot-renewal-jobs
+(define certbot-command
   (match-lambda
     (($ <certbot-configuration> package webroot domains default-location)
-     (match domains
+     (let* ((certbot (file-append package "/bin/certbot"))
-       ;; Avoid pinging certbot if we have no domains.
+            (commands
-       (() '())
+             (map
-       (_
+              (lambda (domain)
-        (list
+                (list certbot "certonly"
-         ;; Attempt to renew the certificates twice per day, at a random
+                      "--webroot" "-w" webroot
-         ;; minute within the hour.  See
+                      "-d" domain))
-         ;; https://certbot.eff.org/all-instructions/.
+              domains)))
-         #~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
+       (program-file
-                (string-append #$package "/bin/certbot renew"
+        "certbot-command"
-                               (string-concatenate
+        #~(let ((code 0))
-                                (map (lambda (domain)
+            (for-each
-                                       (string-append " -d " domain))
+             (lambda (command)
-                                     '#$domains))))))))))
+               (set! code (or (apply system* command) code)))
+             '#$commands) code))))))
 
-(define certbot-activation
+(define (certbot-renewal-jobs config)
-  (match-lambda
+  (list
+   ;; Attempt to renew the certificates twice per day, at a random minute
+   ;; within the hour.  See https://certbot.eff.org/all-instructions/.
+   #~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
+          #$(certbot-command config))))
+
+(define (certbot-activation config)
+  (match config
     (($ <certbot-configuration> package webroot domains default-location)
      (with-imported-modules '((guix build utils))
        #~(begin
            (use-modules (guix build utils))
            (mkdir-p #$webroot)
-           (for-each
+           (zero? (system* #$(certbot-command config))))))))
-            (lambda (domain)
-              (unless (file-exists?
-                       (in-vicinity "/etc/letsencrypt/live" domain))
-                (unless (zero? (system*
-                                (string-append #$certbot "/bin/certbot")
-                                "certonly" "--webroot" "-w" #$webroot
-                                "-d" domain))
-                  (error "failed to acquire cert for domain" domain))))
-            '#$domains))))))
 
 (define certbot-nginx-server-configurations
   (match-lambda