guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: certbot: Add support for manual plugin.

From: guix-commits
Subject: 01/01: gnu: certbot: Add support for manual plugin.
Date: Thu, 25 Apr 2019 13:47:54 -0400 (EDT) 
roptat pushed a commit to branch master
in repository guix.

commit b68aff1f05864a589b62afa44665a99e5cf43718
Author: Julien Lepiller <address@hidden>
Date:   Fri Apr 19 22:28:30 2019 +0200

    gnu: certbot: Add support for manual plugin.
    
    * gnu/services/certbot.scm (certificate-configuration): Add challenge,
    auth-hook and cleanup-hook fields.
    (certbot-command): Use them.
    * doc/guix.texi (Certificate Services): Document them.
---
 doc/guix.texi            | 20 ++++++++++++++++++++
 gnu/services/certbot.scm | 40 +++++++++++++++++++++++++++++++---------
 2 files changed, 51 insertions(+), 9 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 879cb56..dbbb811 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -19425,6 +19425,26 @@ Its default is the first provided domain.
 The first domain provided will be the subject CN of the certificate, and
 all domains will be Subject Alternative Names on the certificate.
 
address@hidden @code{challenge} (default: @code{#f})
+The challenge type that has to be run by certbot.  If @code{#f} is specified,
+default to the HTTP challenge.  If a value is specified, defaults to the
+manual plugin (see @code{authentication-hook}, @code{cleanup-hook} and
+the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}).
+
address@hidden @code{authentication-hook} (default: @code{#f})
+Command to be run in a shell once for each certificate challenge to be
+answered.  For this command, the shell variable @code{$CERTBOT_DOMAIN}
+will contain the domain being authenticated, @code{$CERTBOT_VALIDATION}
+contains the validation string and @code{$CERTBOT_TOKEN} contains the
+file name of the resource requested when performing an HTTP-01 challenge.
+
address@hidden @code{cleanup-hook} (default: @code{#f})
+Command to be run in a shell once for each certificate challenge that
+have been answered by the @code{auth-hook}.  For this command, the shell
+variables available in the @code{auth-hook} script are still available, and
+additionally @code{$CERTBOT_AUTH_OUTPUT} will contain the standard output
+of the @code{auth-hook} script.
+
 @item @code{deploy-hook} (default: @code{#f})
 Command to be run in a shell once for each successfully issued
 certificate.  For this command, the shell variable
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 7565bc9..ae34ad1 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 ng0 <address@hidden>
 ;;; Copyright © 2016 Sou Bunnbu <address@hidden>
 ;;; Copyright © 2017, 2018 Clément Lassieur <address@hidden>
+;;; Copyright © 2019 Julien Lepiller <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -50,6 +51,12 @@
                        (default #f))
   (domains             certificate-configuration-domains
                        (default '()))
+  (challenge           certificate-configuration-challenge
+                       (default #f))
+  (authentication-hook certificate-authentication-hook
+                       (default #f))
+  (cleanup-hook        certificate-cleanup-hook
+                       (default #f))
   (deploy-hook         certificate-configuration-deploy-hook
                        (default #f)))
 
@@ -81,17 +88,32 @@
             (commands
              (map
               (match-lambda
-                (($ <certificate-configuration> custom-name domains
+                (($ <certificate-configuration> custom-name domains challenge
+                                                authentication-hook 
cleanup-hook
                                                 deploy-hook)
                  (let ((name (or custom-name (car domains))))
-                   (append
-                    (list name certbot "certonly" "-n" "--agree-tos"
-                          "-m" email
-                          "--webroot" "-w" webroot
-                          "--cert-name" name
-                          "-d" (string-join domains ","))
-                    (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
-                    (if deploy-hook `("--deploy-hook" ,deploy-hook) '())))))
+                   (if challenge
+                     (append
+                      (list name certbot "certonly" "-n" "--agree-tos"
+                            "-m" email
+                            "--manual"
+                            (string-append "--preferred-challenges=" challenge)
+                            "--cert-name" name
+                            "-d" (string-join domains ","))
+                      (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+                      (if authentication-hook
+                          `("--manual-auth-hook" ,authentication-hook)
+                          '())
+                      (if cleanup-hook `("--manual-cleanup-hook" 
,cleanup-hook) '())
+                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))
+                     (append
+                      (list name certbot "certonly" "-n" "--agree-tos"
+                            "-m" email
+                            "--webroot" "-w" webroot
+                            "--cert-name" name
+                            "-d" (string-join domains ","))
+                      (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
+                      (if deploy-hook `("--deploy-hook" ,deploy-hook) '()))))))
               certificates)))
        (program-file
         "certbot-command"
reply via email to
[Prev in Thread] Current Thread [Next in Thread]