services: certbot: Reload nginx in deploy hook.

* gnu/services/certbot.scm (certbot-deploy-hook): Reload nginx.
* doc/guix.texi (Certificate services): Remove deploy-hook from example.

Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
Signed-off-by: Clément Lassieur <clement@lassieur.org>

1 files changed, 8 insertions, 2 deletions

diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 10b99f5630..cb1be0c0e9 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -100,9 +100,11 @@ overwrite the initial self-signed certificates upon the first successful
 deploy."
   (program-file
    (string-append name "-deploy-hook")
-   (with-imported-modules '((guix build utils))
+   (with-imported-modules '((gnu services herd)
+                            (guix build utils))
      #~(begin
-         (use-modules (guix build utils))
+         (use-modules (gnu services herd)
+                      (guix build utils))
          (mkdir-p #$(string-append "/etc/certs/" name))
          (chmod #$(string-append "/etc/certs/" name) #o755)
 
@@ -120,6 +122,10 @@ deploy."
                       #$(string-append "/etc/certs/" name "/privkey.pem"))
          (rename-file #$(string-append "/etc/certs/" name "/fullchain.pem.new")
                       #$(string-append "/etc/certs/" name "/fullchain.pem"))
+
+         ;; With the new certificates in place, tell nginx to reload them.
+         (with-shepherd-action 'nginx ('reload) result result)
+
          #$@(if deploy-hook-script
                 (list #~(invoke #$deploy-hook-script))
                 '())))))