services: certbot: Reload nginx in deploy hook.

* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx. * doc/guix.texi (Certificate services): Remove deploy-hook from example. Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176 Signed-off-by: Clément Lassieur <clement@lassieur.org>
2024-01-31 11:46:24 +00:00 · 2024-01-31 11:46:24 +00:00 · d4a4b12f0a
parent fc0ec9a3cc
commit d4a4b12f0a
2 changed files with 9 additions and 11 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -32562,21 +32562,13 @@ A service type for the @code{certbot} Let's Encrypt client.  Its value
 must be a @code{certbot-configuration} record as in this example:

@lisp
-(define %certbot-deploy-hook
-  (program-file "certbot-deploy-hook.scm"
-    (with-imported-modules '((gnu services herd))
-      #~(begin
-          (use-modules (gnu services herd))
-          (with-shepherd-action 'nginx ('reload) result result)))))
-
 (service certbot-service-type
         (certbot-configuration
          (email "foo@@example.net")
          (certificates
           (list
            (certificate-configuration
-             (domains '("example.net" "www.example.net"))
-             (deploy-hook %certbot-deploy-hook))
+             (domains '("example.net" "www.example.net")))
            (certificate-configuration
             (domains '("bar.example.net")))))))
@end lisp
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@ -100,9 +100,11 @@ overwrite the initial self-signed certificates upon the first successful
 deploy."
  (program-file
   (string-append name "-deploy-hook")
-   (with-imported-modules '((guix build utils))
+   (with-imported-modules '((gnu services herd)
+                            (guix build utils))
     #~(begin
-         (use-modules (guix build utils))
+         (use-modules (gnu services herd)
+                      (guix build utils))
         (mkdir-p #$(string-append "/etc/certs/" name))
         (chmod #$(string-append "/etc/certs/" name) #o755)

@ -120,6 +122,10 @@ deploy."
                      #$(string-append "/etc/certs/" name "/privkey.pem"))
         (rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new")
                      #$(string-append "/etc/certs/" name "/fullchain.pem"))
+
+         ;; With the new certificates in place, tell nginx to reload them.
+         (with-shepherd-action 'nginx ('reload) result result)
+
         #$@(if deploy-hook-script
                (list #~(invoke #$deploy-hook-script))
                '())))))