services: certbot: Get certbot to run non-interactively.

* doc/guix.texi (Certificate Services): Add email field and link to the ACME
Subscriber Agreement.
* gnu/services/certbot.scm (<certbot-configuration>, certbot-command,
certbot-activation, certbot-nginx-server-configurations): Add email field.
(certbot-command): Add '-n' and '--agree-tos' options.
(certbot-service-type): Remove default-value.
This commit is contained in:
Clément Lassieur 2018-02-10 16:32:26 +01:00
parent c1dfcfdf58
commit 65fc1d890d
No known key found for this signature in database
GPG key ID: 89F96D4808F359C7
2 changed files with 17 additions and 5 deletions

View file

@ -15741,6 +15741,10 @@ revoked, but running it regularly would give your service a chance of
staying online in case a Let's Encrypt-initiated revocation happened for
some reason.
By using this service, you agree to the ACME Subscriber Agreement, which
can be found there:
@url{https://acme-v01.api.letsencrypt.org/directory}.
@defvr {Scheme Variable} certbot-service-type
A service type for the @code{certbot} Let's Encrypt client.
@end defvr
@ -15761,6 +15765,10 @@ files.
A list of domains for which to generate certificates and request
signatures.
@item @code{email}
Mandatory email used for registration, recovery contact, and important
account notifications.
@item @code{default-location} (default: @i{see below})
The default @code{nginx-location-configuration}. Because @code{certbot}
needs to be able to serve challenges and responses, it needs to be able

View file

@ -50,6 +50,7 @@ (define-record-type* <certbot-configuration>
(default "/var/www"))
(domains certbot-configuration-domains
(default '()))
(email certbot-configuration-email)
(default-location certbot-configuration-default-location
(default
(nginx-location-configuration
@ -59,12 +60,14 @@ (define-record-type* <certbot-configuration>
(define certbot-command
(match-lambda
(($ <certbot-configuration> package webroot domains default-location)
(($ <certbot-configuration> package webroot domains email
default-location)
(let* ((certbot (file-append package "/bin/certbot"))
(commands
(map
(lambda (domain)
(list certbot "certonly"
(list certbot "certonly" "-n" "--agree-tos"
"-m" email
"--webroot" "-w" webroot
"-d" domain))
domains)))
@ -85,7 +88,8 @@ (define (certbot-renewal-jobs config)
(define (certbot-activation config)
(match config
(($ <certbot-configuration> package webroot domains default-location)
(($ <certbot-configuration> package webroot domains email
default-location)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
@ -94,7 +98,8 @@ (define (certbot-activation config)
(define certbot-nginx-server-configurations
(match-lambda
(($ <certbot-configuration> package webroot domains default-location)
(($ <certbot-configuration> package webroot domains email
default-location)
(map
(lambda (domain)
(nginx-server-configuration
@ -127,7 +132,6 @@ (define certbot-service-type
(domains (append
(certbot-configuration-domains config)
additional-domains)))))
(default-value (certbot-configuration))
(description
"Automatically renew @url{https://letsencrypt.org, Let's
Encrypt} HTTPS certificates by adjusting the nginx web server configuration