(services): export certbot related definitions to a dedicated moduleHEAD test master

author: Marek Paśnikowski <marek@marekpasnikowski.pl> 2026-04-25 11:56:56 +0200
committer: Marek Paśnikowski <marek@marekpasnikowski.pl> 2026-04-25 12:11:37 +0200
commit: de2a7b0a9f30a76219d47aabf30e0adda39f20ee (patch)
tree: f6fad5f4e12f01fe3527e73a9c7837791f9b6135 /deployment/services/certbot.scm
parent: 7709840101089074a7db49e19c7796fafef1ee9a (diff)
1 files changed, 68 insertions, 0 deletions
diff --git a/deployment/services/certbot.scm b/deployment/services/certbot.scm
new file mode 100644
index 0000000..4725b31
--- /dev/null
+++ b/deployment/services/certbot.scm
@@ -0,0 +1,68 @@
+;;; SPDX-License-Identifier: GPL-3.0-or-later
+;;; SPDX-FileCopyrightText: 2024-2026 Marek Paśnikowski <marek@marekpasnikowski.pl>
+
+(define-module (deployment services certbot)
+  #:export     (aisaka-certbot-service)
+  #:use-module (gnu services)
+  #:use-module (gnu services certbot)
+  #:use-module (guix gexp)
+  #:use-module ((deployment services web)
+                #:prefix deployment:services:web:)
+  #:use-module ((gnu services web)
+                #:prefix gnu:services:web:))
+
+(define nginx-extension-of-certbot
+  (service-extension deployment:services:web:nginx-service-type*
+                     (@@ (gnu services certbot)
+                         certbot-nginx-server-configurations)))
+
+(define (extend-certbot extension)
+  (let*
+      ((extension-target-    (service-extension-target extension))
+       (nginx-service-type?- (eq? extension-target-
+                                  gnu:services:web:nginx-service-type)))
+    (if nginx-service-type?-
+        nginx-extension-of-certbot
+        extension)))
+
+(define certbot-type
+  (let
+      ((certbot-extensions- (service-type-extensions certbot-service-type)))
+    (service-type
+     (inherit    certbot-service-type)
+     (extensions (map extend-certbot
+                      certbot-extensions-)))))
+
+(define nginx-deploy-hook-file
+  #~(let
+        ((pid (call-with-input-file "/var/run/nginx/pid"
+                read)))
+      (kill pid
+            SIGHUP)))
+
+(define aisaka-certificate-configuration
+  (certificate-configuration
+   (deploy-hook (program-file "nginx-deploy-hook"
+                              nginx-deploy-hook-file))
+   (domains     (list "marekpasnikowski.pl"
+                      "git.marekpasnikowski.pl"
+                      "guix.marekpasnikowski.pl"
+                      "matrix.marekpasnikowski.pl"
+                      "mx.marekpasnikowski.pl"
+                      "radicale.marekpasnikowski.pl"
+                      "schron.marekpasnikowski.pl"
+                      "sejf.marekpasnikowski.pl"
+                      "test.marekpasnikowski.pl"
+                      "www.marekpasnikowski.pl"))))
+
+(define aisaka-certbot-configuration
+  (certbot-configuration
+   (certificates (list aisaka-certificate-configuration))
+   (email        "marek@marekpasnikowski.pl")
+   (webroot      "/srv/www/marek/marekpasnikowski.pl")))
+
+(define aisaka-certbot-service
+  (service certbot-type
+           aisaka-certbot-configuration))
+
+;;; EOF
author	Marek Paśnikowski <marek@marekpasnikowski.pl>	2026-04-25 11:56:56 +0200
committer	Marek Paśnikowski <marek@marekpasnikowski.pl>	2026-04-25 12:11:37 +0200
commit	de2a7b0a9f30a76219d47aabf30e0adda39f20ee (patch)
tree	f6fad5f4e12f01fe3527e73a9c7837791f9b6135 /deployment/services/certbot.scm
parent	7709840101089074a7db49e19c7796fafef1ee9a (diff)