From 813cefc3cc2b17d752bf6ea7803ce036e562a286 Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Wed, 29 Nov 2023 20:40:30 +0100 Subject: Simplify nginx certificate deployment hook --- tw/services/nextcloud.scm | 7 +++---- tw/services/web.scm | 18 +++++++++--------- 2 files changed, 12 insertions(+), 13 deletions(-) (limited to 'tw/services') diff --git a/tw/services/nextcloud.scm b/tw/services/nextcloud.scm index eed2f4fd..77ec7b9c 100644 --- a/tw/services/nextcloud.scm +++ b/tw/services/nextcloud.scm @@ -13,7 +13,8 @@ #:use-module (guix gexp) #:use-module ((guix packages) #:select (package-version)) #:use-module ((guix utils) #:select (version-major)) - #:use-module (tw services restic)) + #:use-module (tw services restic) + #:use-module (tw services web)) (define-public %nextcloud-php.ini (computed-file "nextcloud-php.ini" @@ -280,9 +281,7 @@ opcache.revalidate_freq=120 (simple-service 'nextcloud-certificates certbot-service-type (list (certificate-configuration (domains (list nextcloud-domain)) - (deploy-hook - (program-file "nginx-cert-deploy-hook" - #~(kill (call-with-input-file "/var/run/nginx/pid" read) SIGHUP)))))) + (deploy-hook %nginx-cert-deploy-hook)))) (simple-service 'nextcloud-backup-cleanup restic-cleanup-service-type (list (restic-scheduled-cleanup diff --git a/tw/services/web.scm b/tw/services/web.scm index 12851a72..8e8e0ebe 100644 --- a/tw/services/web.scm +++ b/tw/services/web.scm @@ -6,9 +6,14 @@ #:use-module (guix gexp) #:use-module (guix records) #:use-module ((srfi srfi-1) #:select (concatenate)) - #:export (https-reverse-proxy-service-type + #:export (%nginx-cert-deploy-hook + https-reverse-proxy-service-type https-reverse-proxy-configuration)) +(define %nginx-cert-deploy-hook + (program-file "nginx-cert-deploy-hook" + #~(kill (call-with-input-file "/var/run/nginx/pid" read) SIGHUP))) + (define-configuration/no-serialization https-reverse-proxy-configuration (domains list-of-strings "List of domain names that nginx should proxy requests for.") @@ -17,18 +22,13 @@ proxied to.") (destination-ip (string "127.0.0.1") "The IP address of the server that should be proxied to. Usually, this should be localhost.") (destination-protocol (string "http") "The protocol that the proxied service -speaks. Set to @code{\"https\"} if you want to proxy HTTPS-to-HTTPS.") - (nginx-pid-file (string "/var/run/nginx/pid") "The file containing nginx's -process ID. This may differ from the default if nginx's @code{run-directory} -differs from its default.")) +speaks. Set to @code{\"https\"} if you want to proxy HTTPS-to-HTTPS.")) (define (reverse-proxy-certificate config) - (match-record config (domains nginx-pid-file) + (match-record config (domains) (certificate-configuration (domains domains) - (deploy-hook - (program-file "nginx-cert-deploy-hook" - #~(kill (call-with-input-file #$nginx-pid-file read) SIGHUP)))))) + (deploy-hook %nginx-cert-deploy-hook)))) (define (reverse-proxy-nginx-server config) (match-record config -- cgit v1.2.3