[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#30459] [PATCH 06/11] services: certbot: Get certbot to run non-inte
From: |
Marius Bakke |
Subject: |
[bug#30459] [PATCH 06/11] services: certbot: Get certbot to run non-interactively. |
Date: |
Thu, 22 Feb 2018 14:57:07 +0100 |
User-agent: |
Notmuch/0.26 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) |
Clément Lassieur <address@hidden> writes:
> Marius Bakke <address@hidden> writes:
>
>> Clément Lassieur <address@hidden> writes:
>>
>>> * doc/guix.texi (Certificate Services): Add email field.
>>> * gnu/services/certbot.scm (<certbot-configuration>, certbot-command,
>>> certbot-activation, certbot-nginx-server-configurations): Add email field.
>>> (certbot-command): Add '-n' and '--agree-tos' options.
>>> (certbot-service-type): Remove default-value.
>>
>> Since this effectively hides the ToS from the user, I think we should
>> update documentation to link to it. Something along the lines of
>> "By using this service, you agree to the Terms and Conditions laid out
>> in URL...".
>>
>> I'm not a user of certbot currently and thus haven't tested it, but the
>> other patches LGTM to me. Thanks a lot for working on this!
>
> Thank you very much for the review, Marius, I'll update the
> documentation as you said.
>
> I won't push right now because I'm unconvinced by certbot-activation:
> - it runs at every reconfigure, whereas I want it to run only when the
> configuration changes
> - it runs at system startup (with no internet access, I think) which I
> obviously don't want
> - it requires internet access
I haven't studied the code, but perhaps certbot-activation could be made
a "proper" Shepherd service (e.g. simple-service)? That way it can have
a dependency on networking, at least. It also would not run on every
reconfigure.
> Assuming there is no way to get it to run only on reconfigure when the
> configuration has changed, I could make a command that the user would
> use manually (wich profile-service-type). They would use this command
> if they add new certificates and if they don't want to wait for the cron
> task to happen. WDYT?
This sounds great, but don't know if it should block this series.
Perhaps you can push it to a 'wip-certbot' branch on Savannah for easier
access and testing?
Also, hopefully some of our newfound Shepherd experts can chime in on
this thread :)
signature.asc
Description: PGP signature
[bug#30459] [PATCH 02/11] services: certbot: Run certbot twice a day at a random minute., Clément Lassieur, 2018/02/14
[bug#30459] [PATCH 07/11] services: certbot: Associate one certificate with several domains., Clément Lassieur, 2018/02/14
[bug#30459] [PATCH 04/11] services: certbot: Rename 'host' to 'domain'., Clément Lassieur, 2018/02/14
[bug#30459] [PATCH 03/11] services: certbot: Fix indentation., Clément Lassieur, 2018/02/14
[bug#30459] [PATCH 09/11] services: certbot: Allow to set RSA key size., Clément Lassieur, 2018/02/14
[bug#30459] [PATCH 11/11] services: certbot: Allow to set a deploy hook., Clément Lassieur, 2018/02/14
[bug#30459] [PATCH 10/11] services: certbot: Add verbosity., Clément Lassieur, 2018/02/14