From 3cb3f078cbb9fa50f2eaeead9225183ea2c18006 Mon Sep 17 00:00:00 2001 From: ng0 Date: Fri, 22 Feb 2019 16:12:07 +0000 Subject: adjust certbot-service and add deployhook --- guix/config.scm | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/guix/config.scm b/guix/config.scm index ec3bfa7..2b4771d 100644 --- a/guix/config.scm +++ b/guix/config.scm @@ -64,6 +64,14 @@ (string-append #$certbot "/bin/certbot renew"))) ;;; --- cron jobs end +(define %my-deploy-hook + (programm-file "my-deploy-hook" + #~(let* ((pid (call-with-input-file "/var/run/nginx/pid" read)) + (cert-dir (getenv "RENEWED_LINEAGE")) + (privkey (string-append cert-dir "/privkey.pem"))) + (chmod privkey #o600) + (kill pid SIGHUP)))) + ;;; --- nginx start ;; TODO: Translate nginx code to guix nginx-service without a file ;; if possible wiht our config. @@ -209,16 +217,7 @@ "/bin/env")) ("/bin/ksh" ,(file-append (canonical-package loksh) "/bin/ksh")))) - ;; TODO: Use deploy-hook ;; TODO: Add git.taler.net - ;; (service certbot-service-type - ;; (certbot-configuration - ;; ;; FIXME: switch over to taler.net domain - ;; (email "cert-admin-taler@n0.is") - ;; (certificates - ;; (list - ;; (certificate-configuration - ;; (domains '("gv.taler.net"))))))) ;; TODO: acme-client cronjob for: ;; taler.net www.taler.net api.taler.net lcov.taler.net ;; git.taler.net gauger.taler.net buildbot.taler.net @@ -234,6 +233,15 @@ ;; envs.taler.net blog.demo.taler.net ;; blog.test.taler.net donations.test.taler.net ;; docs.taler.net intranet.taler.net stage.taler.net + ;;(service certbot-service-type + ;; (certbot-configuration + ;; (email "cert-admin-taler@n0.is") + ;; (certificates + ;; (list + ;; (certificate-configuration + ;; (domains '("gv.taler.net")) + ;; (deploy-hook %my-deploy-hook))))))) + (service openssh-service-type (openssh-configuration (x11-forwarding? #t) -- cgit v1.2.3