diff options
| author | EuAndreh <eu@euandre.org> | 2020-11-28 11:59:51 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-11-28 11:59:51 -0300 |
| commit | 422c0ec5c0fcc21734bfc2744b37e8c45dfe5620 (patch) | |
| tree | 9a7fb986a055fa5a00987da61b252db52e213ee7 /sync | |
| parent | tests.sh: Remove call to ./scripts/assert-nixfmt.sh (diff) | |
| download | toph-422c0ec5c0fcc21734bfc2744b37e8c45dfe5620.tar.gz toph-422c0ec5c0fcc21734bfc2744b37e8c45dfe5620.tar.xz | |
vps.scm: Restart NGINX service instead of killing the process
Diffstat (limited to 'sync')
| -rw-r--r-- | sync/vps.scm | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/sync/vps.scm b/sync/vps.scm index 6486776..8ca21cb 100644 --- a/sync/vps.scm +++ b/sync/vps.scm @@ -1,5 +1,6 @@ (use-modules (gnu) - (ice-9 textual-ports)) + (ice-9 textual-ports) + (guix gexp)) (use-service-modules networking ssh mcron admin mail web certbot) (use-package-modules ssh backup) @@ -22,6 +23,9 @@ root ALL=(ALL) ALL (define mail-domain (string-append "mail." tld)) +(define certbot-alias + "certbot") + (define letsencrypt-prefix "/etc/letsencrypt/live/") @@ -52,13 +56,6 @@ pki " mail-domain " key \"" (tls-priv-for mail-domain) "\"")) (string-append prefix "." tld)) tls-prefixes))) -;; FIXME: restart the service over killing the process -(define %nginx-deploy-hook - (program-file - "nginx-deploy-hook" - #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read))) - (kill pid SIGHUP)))) - (operating-system (locale "fr_FR.UTF-8") (timezone "America/Sao_Paulo") @@ -94,9 +91,10 @@ pki " mail-domain " key \"" (tls-priv-for mail-domain) "\"")) (opensmtpd-configuration (config-file opensmtpd-config))) (service mail-aliases-service-type - '(("postmaster" "root") + `(("postmaster" "root") ("webmaster" "root") - ("abuse" "root"))) + ("abuse" "root") + (,certbot-alias "root"))) (service nginx-service-type (nginx-configuration (server-blocks @@ -110,13 +108,18 @@ pki " mail-domain " key \"" (tls-priv-for mail-domain) "\"")) (ssl-certificate-key (tls-priv-for tld))))))) (service certbot-service-type (certbot-configuration - (email (string-append "certbot@" tld)) + (email (string-append certbot-alias "@" tld)) (certificates (list (certificate-configuration - (domains tls-domains) - ;; FIXME: call /var/lib/certbot/renew-certificates on deploy-hook - (deploy-hook %nginx-deploy-hook))))))) + (domains tls-domains)))))) + (simple-service 'automatic-certbot-renewal + activation-service-type + (with-imported-modules '((gnu services herd)) + #~(begin + (use-modules (gnu services herd)) + (execl "/var/lib/certbot/renew-certificates") + (restart-service 'nginx))))) %base-services)) (bootloader (bootloader-configuration |