[PATCH v2 3/4] services: certbot: Add a default deploy hook to reload nginx.

* gnu/services/certbot.scm (%default-deploy-hook): New variable. ()[deploy-hook]: Use it as default deploy hook. * doc/guix.texi (Certificate services): Document new default deploy hook. Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176 --- doc/guix.texi| 6 +- gnu/services/ce

[PATCH v2 0/4] Make certbot play more nicely with nginx

Hi Guix, This patch series is a few changes to make certbot default to doing "the right thing" in the common case of wanting certificates for an nginx web server. The initial change (in v1 of these patches) was to solve the certbot bootstrapping problem. Nginx won't start without valid certificat

[PATCH v2 2/4] services: certbot: Create self-signed certificates before certbot runs.

* gnu/services/certbot.scm (): Add start-self-signed? field. (generate-certificate-gexp): New procedure. (certbot-activation): Generate self-signed certificates when start-self-signed? is #t. * doc/guix.texi (Certificate services): Document start-self-signed?. Change-Id: Icfd85ae0c3e29324acbcde6ba

[PATCH v2 4/4] services: certbot: Add one-shot service to renew certificates.

* gnu/services/certbot.scm (certbot-renewal-one-shot): New procedure. (certbot-service-type)[extensions]: Add it to shepherd-root extension. (certbot-command): Make connection errors return a different exit code. (certbot-activation): Remove message with certificate renewal instructions. Change-Id

[PATCH v2 1/4] services: certbot: Symlink certificates to /etc/certs.

* gnu/services/certbot.scm (certbot-deploy-hook): New procedure. (certbot-command): Pass new deploy hook to certbot. * doc/guix.texi: Replace "letsencrypt/live" with "certs" throughout. Change-Id: I2ba5e4903d1e293e566b732a84b07d5a134b697d --- doc/guix.texi| 26 +---

Re: [PATCH v2 0/4] Make certbot play more nicely with nginx

Hi Carlo, On Tue, Jan 30 2024, Carlo Zancanaro wrote: > certbot can't produce certificates without a functional nginx Yes, it can. The option is called --standalone. [1] Maybe another way to bootstrap the certificates would be to hold off on starting Nginx or Apache until all certificates are o

Re: Symlinks in "guix pack" and "guix shell"

Konrad Hinsen writes: > Here is my most recent experiment: I found a simpler one, using a more recent Guix commit: guix time-machine --commit=7b0863f07a113caef26fea13909bd97d250b629e \ -- pack -S /etc/ssl=etc/ssl --format=squashfs bash nss-certs Unfortunately, I have no idea how to debug

Re: Preservation of Guix report for 2024-01-26

Ludovic Courtès writes: > Thumbs up on bzip2 support! We should update Disarchive in Guix but > perhaps that’s already in your pipeline? I sent https://issues.guix.gnu.org/68769. Now I see that I didn’t have the newest Git hooks installed, so no change ID and no email to the relevant team. So

Re: bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx

On Tue, Jan 30 2024, Felix Lechner via Bug reports for GNU Guix wrote: > Hi Carlo, > > On Tue, Jan 30 2024, Carlo Zancanaro wrote: > >> certbot can't produce certificates without a functional nginx > > Yes, it can. The option is called --standalone. [1] > > Maybe another way to bootstrap the certi

Re: [PATCH v2 0/4] Make certbot play more nicely with nginx

Hi Felix, On Tue, Jan 30 2024, Felix Lechner wrote: On Tue, Jan 30 2024, Carlo Zancanaro wrote: certbot can't produce certificates without a functional nginx Yes, it can. The option is called --standalone. [1] You are correct, of course. If I had been more precise I would have said "with o

Re: [PATCH v2 0/4] Make certbot play more nicely with nginx

I sympathize with your approach (I, too, have been supplementing Certbot with self-signed certs for some time). What would also be cool is not to have `certbot-service-type` depend on `nginx-service-type` in the first place. So that one can more easily use another HTTP server. It can of course b