summary refs log tree commit diff
diff options
context:
space:
mode:
authorClément Lassieur <clement@lassieur.org>2018-02-10 14:56:53 +0100
committerClément Lassieur <clement@lassieur.org>2018-02-22 21:43:53 +0100
commit966fd7b7e9f321a02e740659ab1c1853e34533b5 (patch)
treef4be977f11a4c402c8ff78e9320e43f976c46ac4
parent301518638fbb2344b523623317bb5cd084e80d44 (diff)
downloadguix-966fd7b7e9f321a02e740659ab1c1853e34533b5.tar.gz
services: certbot: Rename 'host' to 'domain'.
* doc/guix.texi (Certificate Services): Rename 'host' to 'domain'.
* gnu/services/certbot.scm (<certbot-configuration>, certbot-renewal-jobs,
certbot-activation, certbot-nginx-server-configurations,
certbot-service-type): Rename 'host' to 'domain'.
-rw-r--r--doc/guix.texi14
-rw-r--r--gnu/services/certbot.scm42
2 files changed, 29 insertions, 27 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 03cd2d5d71..ff3fa97d7f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15757,8 +15757,8 @@ The certbot package to use.
 The directory from which to serve the Let's Encrypt challenge/response
 files.
 
-@item @code{hosts} (default: @code{()})
-A list of hosts for which to generate certificates and request
+@item @code{domains} (default: @code{()})
+A list of domains for which to generate certificates and request
 signatures.
 
 @item @code{default-location} (default: @i{see below})
@@ -15766,7 +15766,7 @@ The default @code{nginx-location-configuration}.  Because @code{certbot}
 needs to be able to serve challenges and responses, it needs to be able
 to run a web server.  It does so by extending the @code{nginx} web
 service with an @code{nginx-server-configuration} listening on the
-@var{hosts} on port 80, and which has a
+@var{domains} on port 80, and which has a
 @code{nginx-location-configuration} for the @code{/.well-known/} URI
 path subspace used by Let's Encrypt.  @xref{Web Services}, for more on
 these nginx configuration data types.
@@ -15776,7 +15776,7 @@ Requests to other URL paths will be matched by the
 @code{nginx-server-configuration}s.
 
 By default, the @code{default-location} will issue a redirect from
-@code{http://@var{host}/...} to @code{https://@var{host}/...}, leaving
+@code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving
 you to define what to serve on your site via @code{https}.
 
 Pass @code{#f} to not issue a default location.
@@ -15784,9 +15784,9 @@ Pass @code{#f} to not issue a default location.
 @end deftp
 
 The public key and its signatures will be written to
-@code{/etc/letsencrypt/live/@var{host}/fullchain.pem}, for each
-@var{host} in the configuration.  The private key is written to
-@code{/etc/letsencrypt/live/@var{host}/privkey.pem}.
+@code{/etc/letsencrypt/live/@var{domain}/fullchain.pem}, for each
+@var{domain} in the configuration.  The private key is written to
+@code{/etc/letsencrypt/live/@var{domain}/privkey.pem}.
 
 
 @node DNS Services
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 8ca64d9986..0b425bab90 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -48,7 +48,7 @@
                        (default certbot))
   (webroot             certbot-configuration-webroot
                        (default "/var/www"))
-  (hosts               certbot-configuration-hosts
+  (domains             certbot-configuration-domains
                        (default '()))
   (default-location    certbot-configuration-default-location
                        (default
@@ -59,9 +59,9 @@
 
 (define certbot-renewal-jobs
   (match-lambda
-    (($ <certbot-configuration> package webroot hosts default-location)
-     (match hosts
-       ;; Avoid pinging certbot if we have no hosts.
+    (($ <certbot-configuration> package webroot domains default-location)
+     (match domains
+       ;; Avoid pinging certbot if we have no domains.
        (() '())
        (_
         (list
@@ -71,37 +71,38 @@
          #~(job '(next-minute-from (next-hour '(0 12)) (list (random 60)))
                 (string-append #$package "/bin/certbot renew"
                                (string-concatenate
-                                (map (lambda (host)
-                                       (string-append " -d " host))
-                                     '#$hosts))))))))))
+                                (map (lambda (domain)
+                                       (string-append " -d " domain))
+                                     '#$domains))))))))))
 
 (define certbot-activation
   (match-lambda
-    (($ <certbot-configuration> package webroot hosts default-location)
+    (($ <certbot-configuration> package webroot domains default-location)
      (with-imported-modules '((guix build utils))
        #~(begin
            (use-modules (guix build utils))
            (mkdir-p #$webroot)
            (for-each
-            (lambda (host)
-              (unless (file-exists? (in-vicinity "/etc/letsencrypt/live" host))
+            (lambda (domain)
+              (unless (file-exists?
+                       (in-vicinity "/etc/letsencrypt/live" domain))
                 (unless (zero? (system*
                                 (string-append #$certbot "/bin/certbot")
                                 "certonly" "--webroot" "-w" #$webroot
-                                "-d" host))
-                  (error "failed to acquire cert for host" host))))
-            '#$hosts))))))
+                                "-d" domain))
+                  (error "failed to acquire cert for domain" domain))))
+            '#$domains))))))
 
 (define certbot-nginx-server-configurations
   (match-lambda
-    (($ <certbot-configuration> package webroot hosts default-location)
+    (($ <certbot-configuration> package webroot domains default-location)
      (map
-      (lambda (host)
+      (lambda (domain)
         (nginx-server-configuration
          (listen '("80" "[::]:80"))
          (ssl-certificate #f)
          (ssl-certificate-key #f)
-         (server-name (list host))
+         (server-name (list domain))
          (locations
           (filter identity
                   (list
@@ -109,7 +110,7 @@
                     (uri "/.well-known")
                     (body (list (list "root " webroot ";"))))
                    default-location)))))
-      hosts))))
+      domains))))
 
 (define certbot-service-type
   (service-type (name 'certbot)
@@ -121,11 +122,12 @@
                        (service-extension mcron-service-type
                                           certbot-renewal-jobs)))
                 (compose concatenate)
-                (extend (lambda (config additional-hosts)
+                (extend (lambda (config additional-domains)
                           (certbot-configuration
                            (inherit config)
-                           (hosts (append (certbot-configuration-hosts config)
-                                          additional-hosts)))))
+                           (domains (append
+                                     (certbot-configuration-domains config)
+                                     additional-domains)))))
                 (default-value (certbot-configuration))
                 (description
                  "Automatically renew @url{https://letsencrypt.org, Let's