me
/
guix
Archived
1
0
Fork 0
Commit Graph

30 Commits (b4206a08badcc1b1fb276c09665ba481171d5cb3)

Author SHA1 Message Date
Carlo Zancanaro 023c3e0ac4
services: certbot: Add one-shot service to renew certificates.
* gnu/services/certbot.scm (certbot-renewal-one-shot): New procedure.
(certbot-service-type)[extensions]: Add it to shepherd-root extension.
(certbot-command): Make connection errors return a different exit code.
(certbot-activation): Remove message with certificate renewal instructions.

Change-Id: I614ac6214a753dba0396e2385a75926c8355caa1
Signed-off-by: Clément Lassieur <clement@lassieur.org>
2024-01-31 16:54:19 +01:00
Carlo Zancanaro d4a4b12f0a
services: certbot: Reload nginx in deploy hook.
* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
* doc/guix.texi (Certificate services): Remove deploy-hook from example.

Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
Signed-off-by: Clément Lassieur <clement@lassieur.org>
2024-01-31 16:54:16 +01:00
Carlo Zancanaro fc0ec9a3cc
services: certbot: Create self-signed certificates before certbot runs.
* gnu/services/certbot.scm (<certificate-configuration>): Add
start-self-signed? field.
(generate-certificate-gexp): New procedure.
(certbot-activation): Generate self-signed certificates when
start-self-signed? is #t.
* doc/guix.texi (Certificate services): Document start-self-signed?.

Change-Id: Icfd85ae0c3e29324acbcde6ba283546cf0e27a1d
Signed-off-by: Clément Lassieur <clement@lassieur.org>
2024-01-31 16:54:12 +01:00
Carlo Zancanaro a2b1ef903b
services: certbot: Symlink certificates to /etc/certs.
* gnu/services/certbot.scm (certbot-deploy-hook): New procedure.
(certbot-command): Pass new deploy hook to certbot.
* doc/guix.texi: Replace "letsencrypt/live" with "certs" throughout, except in
the certbot deploy-hook description.

Change-Id: I2ba5e4903d1e293e566b732a84b07d5a134b697d
Signed-off-by: Clément Lassieur <clement@lassieur.org>
2024-01-31 16:54:03 +01:00
Saku Laesvuori a82130de50
services: certbot: Fix nginx crash when certbot is used without domains.
* gnu/services/certbot.scm (certbot-nginx-server-configurations):
Don't return a broken nginx-server-configuration with empty server_name
when no certificate domains are configured. Instead add a separate
server for every certificate, so 0 certificates adds 0 servers.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reviewed-by: Bruno Victal <mirai@makinata.eu>
2023-06-18 23:12:10 +02:00
jgart c13c890138
services: certbot: Fix broken link.
* gnu/services/certbot.scm (certbot-renewal-jobs): Fix broken link.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2023-01-03 16:34:44 -05:00
Mája Tomášek 1bf18818c6
services: certbot: Create "live" directory during activation.
When trying to run certbot, the mcron command fails, as
/etc/letsencrypt/live is missing.  This patch adds it into the certbot
activation service.

* gnu/services/certbot.scm (certbot-activation): Make /etc/letsencrypt/live.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-09-29 22:59:48 +02:00
Raghav Gururajan 1bf1226a4f
services: certbot: Add option to use CSR file.
* gnu/services/certbot.scm (<certificate-configuration>): Add csr field.
(certbot-command): Modify.
* doc/guix.texi (Certificate Services): Document it.
2021-06-24 18:19:39 -04:00
Timotej Lazar 11a962e653
services: certbot: Support registration without email.
* gnu/services/certbot.scm (certbot-configuration): Add default for the
email option.
(certbot-command): Pass email for registration only when specified.
* doc/guix.texi (Certificate Services): "mandatory"→"optional" email.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2020-09-13 23:34:23 +02:00
nikita 3c986a7dc2
mailmap: Update entries for Nikita.
* .mailmap: change email and name for Nikita.
* Makefile.am, doc/guix.texi, etc/completion/fish/guix.fish,
gnu/packages/accessibility.scm, gnu/packages/admin.scm,
gnu/packages/audio.scm, gnu/packages/autotools.scm, gnu/packages/cdrom.scm,
gnu/packages/check.scm, gnu/packages/cinnamon.scm,
gnu/packages/compression.scm, gnu/packages/crypto.scm,
gnu/packages/databases.scm, gnu/packages/django.scm, gnu/packages/dns.scm,
gnu/packages/elixir.scm, gnu/packages/emacs-xyz.scm, gnu/packages/emacs.scm,
gnu/packages/enlightenment.scm, gnu/packages/erlang.scm,
gnu/packages/fonts.scm, gnu/packages/fontutils.scm, gnu/packages/forth.scm,
gnu/packages/fvwm.scm, gnu/packages/games.scm, gnu/packages/gl.scm,
gnu/packages/gnome.scm, gnu/packages/gnunet.scm, gnu/packages/gnupg.scm,
gnu/packages/gtk.scm, gnu/packages/guile-wm.scm, gnu/packages/guile-xyz.scm,
gnu/packages/haskell-apps.scm, gnu/packages/haskell-check.scm,
gnu/packages/haskell-crypto.scm, gnu/packages/haskell-xyz.scm,
gnu/packages/haskell.scm, gnu/packages/image-viewers.scm,
gnu/packages/image.scm, gnu/packages/irc.scm, gnu/packages/language.scm,
gnu/packages/libcanberra.scm, gnu/packages/linux.scm,
gnu/packages/lisp-xyz.scm, gnu/packages/lisp.scm, gnu/packages/lolcode.scm,
gnu/packages/lxde.scm, gnu/packages/lxqt.scm, gnu/packages/mail.scm,
gnu/packages/markup.scm, gnu/packages/mate.scm, gnu/packages/maths.scm,
gnu/packages/mc.scm, gnu/packages/messaging.scm, gnu/packages/music.scm,
gnu/packages/ncurses.scm, gnu/packages/networking.scm,
gnu/packages/nickle.scm, gnu/packages/openbox.scm, gnu/packages/pdf.scm,
gnu/packages/perl-check.scm, gnu/packages/perl.scm,
gnu/packages/python-compression.scm, gnu/packages/python-crypto.scm,
gnu/packages/python-web.scm, gnu/packages/python-xyz.scm,
gnu/packages/python.scm, gnu/packages/qt.scm, gnu/packages/ruby.scm,
gnu/packages/rust.scm, gnu/packages/scheme.scm,
gnu/packages/serialization.scm, gnu/packages/shells.scm,
gnu/packages/ssh.scm, gnu/packages/suckless.scm, gnu/packages/tbb.scm,
gnu/packages/telephony.scm, gnu/packages/text-editors.scm,
gnu/packages/textutils.scm, gnu/packages/time.scm, gnu/packages/tls.scm,
gnu/packages/tor.scm, gnu/packages/version-control.scm,
gnu/packages/video.scm, gnu/packages/vim.scm, gnu/packages/web.scm,
gnu/packages/wm.scm, gnu/packages/xdisorg.scm, gnu/packages/xfce.scm,
gnu/packages/xml.scm, gnu/packages/xorg.scm, gnu/services/certbot.scm,
gnu/services/desktop.scm, gnu/services/version-control.scm,
gnu/services/web.scm, guix/import/hackage.scm, guix/licenses.scm: Likewise.

Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2020-05-13 09:30:26 +03:00
Jack Hill f6713b55a1
services: certbot: Add server option.
* gnu/services/certbot.scm (certbot-configuration): Add server option.
(certbot-command): Use server option.
(certbot-actication): Use server option.
(certbot-nginx-server-configurations): Use server option.
* doc/guix.texi (Certificate Services): Document server option.

Co-authored-by: Tobias Geerinckx-Rice <me@tobias.gr>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2020-03-08 21:21:57 +01:00
Carlo Zancanaro ec36339dfd
services: certbot: Add --manual-public-ip-logging-ok for manual challenges
* gnu/services/certbot.scm (certbot-command): Add
  --manual-public-ip-logging-ok flag to the certbot command when doing a
  manual challenge.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2019-09-16 10:22:35 +02:00
Julien Lepiller b68aff1f05
gnu: certbot: Add support for manual plugin.
* gnu/services/certbot.scm (certificate-configuration): Add challenge,
auth-hook and cleanup-hook fields.
(certbot-command): Use them.
* doc/guix.texi (Certificate Services): Document them.
2019-04-25 19:46:18 +02:00
ng0 47956fa0c2
Correct name and email address for ng0.
* .mailmap, Makefile.am, doc/guix.de.texi, doc/guix.fr.texi,
doc/guix.texi, etc/completion/fish/guix.fish,
gnu/packages/accessibility.scm, gnu/packages/admin.scm,
gnu/packages/audio.scm, gnu/packages/autotools.scm,
gnu/packages/cdrom.scm, gnu/packages/check.scm,
gnu/packages/cinnamon.scm, gnu/packages/compression.scm,
gnu/packages/crypto.scm, gnu/packages/databases.scm,
gnu/packages/django.scm, gnu/packages/dns.scm, gnu/packages/elixir.scm,
gnu/packages/emacs-xyz.scm, gnu/packages/emacs.scm,
gnu/packages/enlightenment.scm, gnu/packages/erlang.scm,
gnu/packages/fonts.scm, gnu/packages/fontutils.scm,
gnu/packages/forth.scm, gnu/packages/fvwm.scm, gnu/packages/games.scm,
gnu/packages/gl.scm, gnu/packages/gnome.scm, gnu/packages/gnunet.scm,
gnu/packages/gnupg.scm, gnu/packages/gnuzilla.scm, gnu/packages/gtk.scm,
gnu/packages/guile-wm.scm,gnu/packages/guile-xyz.scm,
gnu/packages/haskell-check.scm, gnu/packages/haskell-crypto.scm,
gnu/packages/haskell.scm, gnu/packages/image-viewers.scm,
gnu/packages/image.scm, gnu/packages/irc.scm,
gnu/packages/language.scm, gnu/packages/libcanberra.scm,
gnu/packages/linux.scm, gnu/packages/lisp.scm, gnu/packages/lolcode.scm,
gnu/packages/lxde.scm, gnu/packages/lxqt.scm, gnu/packages/mail.scm,
gnu/packages/markup.scm, gnu/packages/mate.scm, gnu/packages/maths.scm,
gnu/packages/mc.scm, gnu/packages/messaging.scm, gnu/packages/music.scm,
gnu/packages/ncurses.scm, gnu/packages/networking.scm,
gnu/packages/nickle.scm, gnu/packages/openbox.scm, gnu/packages/pdf.scm,
gnu/packages/perl-check.scm, gnu/packages/perl.scm,
gnu/packages/python-compression.scm, gnu/packages/python-crypto.scm,
gnu/packages/python-web.scm, gnu/packages/python-xyz.scm,
gnu/packages/python.scm, gnu/packages/qt.scm, gnu/packages/ruby.scm,
gnu/packages/rust.scm, gnu/packages/scheme.scm,
gnu/packages/serialization.scm, gnu/packages/shells.scm,
gnu/packages/ssh.scm, gnu/packages/suckless.scm, gnu/packages/tbb.scm,
gnu/packages/telephony.scm, gnu/packages/text-editors.scm,
gnu/packages/textutils.scm, gnu/packages/time.scm, gnu/packages/tls.scm,
gnu/packages/tor.scm, gnu/packages/version-control.scm,
gnu/packages/video.scm, gnu/packages/vim.scm, gnu/packages/web.scm,
gnu/packages/wm.scm, gnu/packages/xdisorg.scm, gnu/packages/xfce.scm,
gnu/packages/xml.scm, gnu/packages/xorg.scm, gnu/services/certbot.scm,
gnu/services/desktop.scm, gnu/services/version-control.scm,
gnu/services/web.scm, guix/import/hackage.scm, guix/licenses.scm:
Correct name and email address for ng0.

Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
2019-03-18 15:05:08 +01:00
Clément Lassieur f72662968e
services: certbot: Don't try to renew certificates on activation.
Because it takes too much time and it requires networking.

Thanks to Mathieu Othacehe for suggesting this.

* gnu/services/certbot.scm (certbot-activation): Do not run the renewal
command, copy its path to a fixed location, display it, so that the user can
run the command when they want.
2018-04-03 16:21:31 +02:00
ng0 4a78fd4617
Correct name and Email for ng0.
* .mailmap: Correct name and Email for ng0.
* Makefile.am, doc/guix.texi, etc/completion/fish/guix.fish
gnu/packages/accessibility.scm, gnu/packages/admin.scm,
gnu/packages/audio.scm, gnu/packages/autotools.scm,
gnu/packages/cdrom.scm, gnu/packages/check.scm,
gnu/packages/cinnamon.scm, gnu/packages/compression.scm,
gnu/packages/crypto.scm, gnu/packages/databases.scm,
gnu/packages/django.scm, gnu/packages/dns.scm,
gnu/packages/emacs.scm, gnu/packages/enlightenment.scm,
gnu/packages/fonts.scm, gnu/packages/fontutils.scm,
gnu/packages/forth.scm, gnu/packages/fvwm.scm,
gnu/packages/games.scm, gnu/packages/gl.scm,
gnu/packages/gnome.scm, gnu/packages/gnunet.scm,
gnu/packages/gnupg.scm, gnu/packages/gnuzilla.scm,
gnu/packages/gtk.scm, gnu/packages/guile-wm.scm,
gnu/packages/guile.scm, gnu/packages/haskell-check.scm,
gnu/packages/haskell-crypto.scm, gnu/packages/haskell.scm,
gnu/packages/image-viewers.scm, gnu/packages/image.scm,
gnu/packages/irc.scm, gnu/packages/language.scm,
gnu/packages/libcanberra.scm, gnu/packages/linux.scm,
gnu/packages/lisp.scm, gnu/packages/lolcode.scm,
gnu/packages/lxde.scm, gnu/packages/lxqt.scm,
gnu/packages/mail.scm, gnu/packages/markup.scm,
gnu/packages/mate.scm, gnu/packages/maths.scm,
gnu/packages/mc.scm, gnu/packages/messaging.scm,
gnu/packages/music.scm, gnu/packages/ncurses.scm,
gnu/packages/networking.scm, gnu/packages/nickle.scm,
gnu/packages/openbox.scm, gnu/packages/pdf.scm,
gnu/packages/perl-check.scm, gnu/packages/perl.scm,
gnu/packages/python-crypto.scm, gnu/packages/python-web.scm,
gnu/packages/python.scm, gnu/packages/qt.scm,
gnu/packages/ruby.scm, gnu/packages/rust.scm,
gnu/packages/scheme.scm, gnu/packages/serialization.scm,
gnu/packages/shells.scm, gnu/packages/ssh.scm,
gnu/packages/suckless.scm, gnu/packages/tbb.scm,
gnu/packages/telephony.scm, gnu/packages/text-editors.scm,
gnu/packages/textutils.scm, gnu/packages/time.scm,
gnu/packages/tls.scm, gnu/packages/tor.scm,
gnu/packages/version-control.scm, gnu/packages/video.scm,
gnu/packages/vim.scm, gnu/packages/web.scm,
gnu/packages/wm.scm, gnu/packages/xdisorg.scm,
gnu/packages/xfce.scm, gnu/packages/xml.scm,
gnu/packages/xorg.scm, gnu/services/certbot.scm,
gnu/services/desktop.scm, gnu/services/version-control.scm,
gnu/services/web.scm, guix/import/hackage.scm,
guix/licenses.scm: Likewise.

Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
2018-03-20 17:17:58 +01:00
Clément Lassieur fece75fe35
services: certbot: Allow to set a deploy hook.
* doc/guix.texi (Certificate Services): Document it.
* gnu/services/certbot.scm (<certificate-configuration>, certbot-command): Add
it.
2018-02-22 21:43:54 +01:00
Clément Lassieur e216c797f7
services: certbot: Add verbosity.
The certificate name wasn't displayed if it wasn't being renewed.

* gnu/services/certbot.scm (certbot-command): Print certificate name before
running the associated command.
2018-02-22 21:43:54 +01:00
Clément Lassieur a2cb2bbc0b
services: certbot: Allow to set RSA key size.
* doc/guix.texi (Certificate Services): Document it.
* gnu/services/certbot.scm (<cerbot-configuration>, certbot-command,
certbot-activation, certbot-nginx-server-configurations): Add it.
2018-02-22 21:43:54 +01:00
Clément Lassieur c3215d2f9d
services: certbot: Associate one certificate with several domains.
* doc/guix.texi (Certificate Services): Document <certificate-configuration>,
the change from domains to certificates and the fact that their path is now
derived from their name.
* gnu/services/certbot.scm (<certificate-configuration>): Add and export it.
(certbot-configuration, certbot-command, certbot-activation,
certbot-nginx-server-configurations, certbot-service-type): Replace 'domains'
with 'certificates'.
(certbot-nginx-server-configurations): Use only one nginx-server-configuration
and use all certificate domains as the server-name.
2018-02-22 21:43:53 +01:00
Clément Lassieur 65fc1d890d
services: certbot: Get certbot to run non-interactively.
* doc/guix.texi (Certificate Services): Add email field and link to the ACME
Subscriber Agreement.
* gnu/services/certbot.scm (<certbot-configuration>, certbot-command,
certbot-activation, certbot-nginx-server-configurations): Add email field.
(certbot-command): Add '-n' and '--agree-tos' options.
(certbot-service-type): Remove default-value.
2018-02-22 21:43:53 +01:00
Clément Lassieur c1dfcfdf58
services: certbot: Refactor certbot command.
* gnu/services/certbot.scm (certbot-renewal-jobs, certbot-activation):
Refactor common code into certbot-command.
2018-02-22 21:43:53 +01:00
Clément Lassieur 966fd7b7e9
services: certbot: Rename 'host' to 'domain'.
* doc/guix.texi (Certificate Services): Rename 'host' to 'domain'.
* gnu/services/certbot.scm (<certbot-configuration>, certbot-renewal-jobs,
certbot-activation, certbot-nginx-server-configurations,
certbot-service-type): Rename 'host' to 'domain'.
2018-02-22 21:43:53 +01:00
Clément Lassieur 301518638f
services: certbot: Fix indentation.
* gnu/services/certbot.scm (certbot-activation): Fix indentation.
2018-02-22 21:43:53 +01:00
Clément Lassieur 7ab04c17c0
services: certbot: Run certbot twice a day at a random minute.
* doc/guix.texi (Certificate Services): Document it.
* gnu/services/certbot.scm (certbot-renewal-jobs): Change job's time
specification.
2018-02-22 21:43:52 +01:00
Clément Lassieur 70cd2239a5
services: certbot: Listen on IPv6.
* gnu/services/certbot.scm (certbot-nginx-server-configurations): Listen on
IPv6 too.
2018-02-22 21:43:52 +01:00
Clément Lassieur 8b223ceac4
services: nginx: Replace 'http-port' and 'https-port' with 'listen'.
* doc/guix.texi (Web Services, Version Control Services): Update accordingly.
* gnu/services/certbot.scm (certbot-nginx-server-configurations): Likewise.
* gnu/services/version-control.scm (%cgit-configuration-nginx): Likewise.
* gnu/services/web.scm (<nginx-server-configuration>,
emit-nginx-server-config): Likewise.
* gnu/tests/version-control.scm (%cgit-configuration-nginx,
%git-nginx-configuration): Likewise.
* gnu/tests/web.scm (%nginx-servers, %php-fpm-nginx-server-blocks): Likewise.
2017-12-18 12:03:14 +01:00
Christopher Baines e8a051ee7c
services: certbot: Fix certbot renewal job.
Quote the list of hosts, to avoid generating a broken job definition.

* gnu/services/certbot.scm (certbot-renewal-jobs): Quote the hosts when
  passing them in to the job gexp.
2017-12-17 20:37:12 +00:00
Ludovic Courtès 3af03e5967
services: certbot: Add default value and description.
* gnu/services/certbot.scm (certbot-service-type)
[default-value, description]: New fields.
* po/packages/POTFILES.in: Add it.
2017-11-28 23:34:25 +01:00
Andy Wingo 1115f14017
services: Add certbot service.
* gnu/services/certbot.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add new file.
* doc/guix.texi (Certificate Services): New section.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2017-11-28 23:34:24 +01:00