;;; SPDX-License-Identifier: GPL-3.0-or-later
;;; SPDX-FileCopyrightText: 2026 Marek Paśnikowski <marek@marekpasnikowski.pl>

;;; COPYRIGHT NOTICE
;;;
;;; Copyright 2026, Marek Paśnikowski <marek@marekpasnikowski.pl>

;;; LICENSE NOTICE
;;;
;;; This library is free software: you can redistribute it and/or modify it under the terms of
;;; the GNU General Public License as published by the Free Software Foundation,
;;; either version 3 of the License, or (at your option) any later version.
;;;
;;; This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
;;; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
;;; See the GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License along with this library.
;;; If not, see <https://www.gnu.org/licenses/>.

(define-module (deployment services certbot)
  #:export     (aisaka-certbot-service)
  #:use-module (gnu services)
  #:use-module (gnu services certbot)
  #:use-module (guix gexp)
  #:use-module ((deployment services web)
                #:prefix deployment:services:web:)
  #:use-module ((gnu services web)
                #:prefix gnu:services:web:))

(define nginx-extension-of-certbot
  (service-extension deployment:services:web:nginx-service-type*
                     (@@ (gnu services certbot)
                         certbot-nginx-server-configurations)))

(define (extend-certbot extension)
  (let*
      ((extension-target-    (service-extension-target extension))
       (nginx-service-type?- (eq? extension-target-
                                  gnu:services:web:nginx-service-type)))
    (if nginx-service-type?-
        nginx-extension-of-certbot
        extension)))

(define certbot-type
  (let
      ((certbot-extensions- (service-type-extensions certbot-service-type)))
    (service-type
     (inherit    certbot-service-type)
     (extensions (map extend-certbot
                      certbot-extensions-)))))

(define nginx-deploy-hook-file
  #~(let
        ((pid (call-with-input-file "/var/run/nginx/pid"
                read)))
      (kill pid
            SIGHUP)))

(define aisaka-certificate-configuration
  (certificate-configuration
   (deploy-hook (program-file "nginx-deploy-hook"
                              nginx-deploy-hook-file))
   (domains     (list "marekpasnikowski.pl"
                      "git.marekpasnikowski.pl"
                      "guix.marekpasnikowski.pl"
                      "matrix.marekpasnikowski.pl"
                      "mx.marekpasnikowski.pl"
                      "radicale.marekpasnikowski.pl"
                      "www.marekpasnikowski.pl"))))

(define aisaka-certbot-configuration
  (certbot-configuration
   (certificates (list aisaka-certificate-configuration))
   (email        "marek@marekpasnikowski.pl")
   (webroot      "/srv/www/marek/marekpasnikowski.pl")))

(define aisaka-certbot-service
  (service certbot-type
           aisaka-certbot-configuration))

;;; EOF