diff options
| author | ng0 <ng0@n0.is> | 2019-02-22 16:12:07 +0000 |
|---|---|---|
| committer | ng0 <ng0@n0.is> | 2019-02-22 16:12:07 +0000 |
| commit | 3cb3f078cbb9fa50f2eaeead9225183ea2c18006 (patch) | |
| tree | b94d0b38e87da7c409c623bd5567019ac6f91735 | |
| parent | 3f7fded39a5e4b1efd101c2896339b39ba00239a (diff) | |
| download | deployment-3cb3f078cbb9fa50f2eaeead9225183ea2c18006.tar.gz deployment-3cb3f078cbb9fa50f2eaeead9225183ea2c18006.tar.bz2 deployment-3cb3f078cbb9fa50f2eaeead9225183ea2c18006.zip | |
adjust certbot-service and add deployhook
| -rw-r--r-- | guix/config.scm | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/guix/config.scm b/guix/config.scm index ec3bfa7..2b4771d 100644 --- a/guix/config.scm +++ b/guix/config.scm @@ -64,6 +64,14 @@ (string-append #$certbot "/bin/certbot renew"))) ;;; --- cron jobs end +(define %my-deploy-hook + (programm-file "my-deploy-hook" + #~(let* ((pid (call-with-input-file "/var/run/nginx/pid" read)) + (cert-dir (getenv "RENEWED_LINEAGE")) + (privkey (string-append cert-dir "/privkey.pem"))) + (chmod privkey #o600) + (kill pid SIGHUP)))) + ;;; --- nginx start ;; TODO: Translate nginx code to guix nginx-service without a file ;; if possible wiht our config. @@ -209,16 +217,7 @@ "/bin/env")) ("/bin/ksh" ,(file-append (canonical-package loksh) "/bin/ksh")))) - ;; TODO: Use deploy-hook ;; TODO: Add git.taler.net - ;; (service certbot-service-type - ;; (certbot-configuration - ;; ;; FIXME: switch over to taler.net domain - ;; (email "cert-admin-taler@n0.is") - ;; (certificates - ;; (list - ;; (certificate-configuration - ;; (domains '("gv.taler.net"))))))) ;; TODO: acme-client cronjob for: ;; taler.net www.taler.net api.taler.net lcov.taler.net ;; git.taler.net gauger.taler.net buildbot.taler.net @@ -234,6 +233,15 @@ ;; envs.taler.net blog.demo.taler.net ;; blog.test.taler.net donations.test.taler.net ;; docs.taler.net intranet.taler.net stage.taler.net + ;;(service certbot-service-type + ;; (certbot-configuration + ;; (email "cert-admin-taler@n0.is") + ;; (certificates + ;; (list + ;; (certificate-configuration + ;; (domains '("gv.taler.net")) + ;; (deploy-hook %my-deploy-hook))))))) + (service openssh-service-type (openssh-configuration (x11-forwarding? #t) |