GNU bug report logs - #30459
Certbot service patches

Previous Next

Full log

View this message in rfc822 format

From: Clément Lassieur <clement <at> lassieur.org>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 30459 <at> debbugs.gnu.org
Subject: [bug#30459] [PATCH 06/11] services: certbot: Get certbot to run non-interactively.
Date: Mon, 19 Feb 2018 23:46:07 +0100

Marius Bakke <mbakke <at> fastmail.com> writes:

> Clément Lassieur <clement <at> lassieur.org> writes:
>
>> * doc/guix.texi (Certificate Services): Add email field.
>> * gnu/services/certbot.scm (<certbot-configuration>, certbot-command,
>> certbot-activation, certbot-nginx-server-configurations): Add email field.
>> (certbot-command): Add '-n' and '--agree-tos' options.
>> (certbot-service-type): Remove default-value.
>
> Since this effectively hides the ToS from the user, I think we should
> update documentation to link to it.  Something along the lines of
> "By using this service, you agree to the Terms and Conditions laid out
> in URL...".
>
> I'm not a user of certbot currently and thus haven't tested it, but the
> other patches LGTM to me.  Thanks a lot for working on this!

Thank you very much for the review, Marius, I'll update the
documentation as you said.

I won't push right now because I'm unconvinced by certbot-activation:
  - it runs at every reconfigure, whereas I want it to run only when the
    configuration changes
  - it runs at system startup (with no internet access, I think) which I
    obviously don't want
  - it requires internet access

Assuming there is no way to get it to run only on reconfigure when the
configuration has changed, I could make a command that the user would
use manually (wich profile-service-type).  They would use this command
if they add new certificates and if they don't want to wait for the cron
task to happen.  WDYT?

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.