diff options
author | Timo Wilken | 2023-11-29 20:40:30 +0100 |
---|---|---|
committer | Timo Wilken | 2023-11-29 20:43:36 +0100 |
commit | 813cefc3cc2b17d752bf6ea7803ce036e562a286 (patch) | |
tree | 3336c80c80228279a82833da7a54e8381c357228 /tw/services | |
parent | 36f7bbb00d43ccbfaa50ae2d2efedfbb3761cc91 (diff) |
Simplify nginx certificate deployment hook
Diffstat (limited to 'tw/services')
-rw-r--r-- | tw/services/nextcloud.scm | 7 | ||||
-rw-r--r-- | tw/services/web.scm | 18 |
2 files changed, 12 insertions, 13 deletions
diff --git a/tw/services/nextcloud.scm b/tw/services/nextcloud.scm index eed2f4fd..77ec7b9c 100644 --- a/tw/services/nextcloud.scm +++ b/tw/services/nextcloud.scm @@ -13,7 +13,8 @@ #:use-module (guix gexp) #:use-module ((guix packages) #:select (package-version)) #:use-module ((guix utils) #:select (version-major)) - #:use-module (tw services restic)) + #:use-module (tw services restic) + #:use-module (tw services web)) (define-public %nextcloud-php.ini (computed-file "nextcloud-php.ini" @@ -280,9 +281,7 @@ opcache.revalidate_freq=120 (simple-service 'nextcloud-certificates certbot-service-type (list (certificate-configuration (domains (list nextcloud-domain)) - (deploy-hook - (program-file "nginx-cert-deploy-hook" - #~(kill (call-with-input-file "/var/run/nginx/pid" read) SIGHUP)))))) + (deploy-hook %nginx-cert-deploy-hook)))) (simple-service 'nextcloud-backup-cleanup restic-cleanup-service-type (list (restic-scheduled-cleanup diff --git a/tw/services/web.scm b/tw/services/web.scm index 12851a72..8e8e0ebe 100644 --- a/tw/services/web.scm +++ b/tw/services/web.scm @@ -6,9 +6,14 @@ #:use-module (guix gexp) #:use-module (guix records) #:use-module ((srfi srfi-1) #:select (concatenate)) - #:export (https-reverse-proxy-service-type + #:export (%nginx-cert-deploy-hook + https-reverse-proxy-service-type https-reverse-proxy-configuration)) +(define %nginx-cert-deploy-hook + (program-file "nginx-cert-deploy-hook" + #~(kill (call-with-input-file "/var/run/nginx/pid" read) SIGHUP))) + (define-configuration/no-serialization https-reverse-proxy-configuration (domains list-of-strings "List of domain names that nginx should proxy requests for.") @@ -17,18 +22,13 @@ proxied to.") (destination-ip (string "127.0.0.1") "The IP address of the server that should be proxied to. Usually, this should be localhost.") (destination-protocol (string "http") "The protocol that the proxied service -speaks. Set to @code{\"https\"} if you want to proxy HTTPS-to-HTTPS.") - (nginx-pid-file (string "/var/run/nginx/pid") "The file containing nginx's -process ID. This may differ from the default if nginx's @code{run-directory} -differs from its default.")) +speaks. Set to @code{\"https\"} if you want to proxy HTTPS-to-HTTPS.")) (define (reverse-proxy-certificate config) - (match-record config <https-reverse-proxy-configuration> (domains nginx-pid-file) + (match-record config <https-reverse-proxy-configuration> (domains) (certificate-configuration (domains domains) - (deploy-hook - (program-file "nginx-cert-deploy-hook" - #~(kill (call-with-input-file #$nginx-pid-file read) SIGHUP)))))) + (deploy-hook %nginx-cert-deploy-hook)))) (define (reverse-proxy-nginx-server config) (match-record config <https-reverse-proxy-configuration> |