services: agate: Update options for compatibility with the current Agate version.
* gnu/services/web.scm (<agate-configuration>)[certs]: Add. [cert]: Remove. [key]: Remove. [hostname]: Change from string to list. [silent?]: Remove. [only-tls13?]: Add. [central-conf?]: Add. [ed25519?]: Add. [skip-port-check?]: Add. (agate-shepherd-service): Change handling of addr and hostname, add new options handling. * doc/guix.texi (Web Services): Update. Change-Id: Ifb4968d704627344913bb69f20636d710a4fe738 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
parent
2cbdec8bcd
commit
4bc49e2185
@ -32935,25 +32935,30 @@ This is the type of the agate service, whose value should be an
|
||||
(service agate-service-type
|
||||
(agate-configuration
|
||||
(content "/srv/gemini")
|
||||
(cert "/srv/cert.pem")
|
||||
(key "/srv/key.rsa")))
|
||||
(certs "/srv/gemini-certs")))
|
||||
@end lisp
|
||||
|
||||
The example above represents the minimal tweaking necessary to get Agate
|
||||
up and running. Specifying the path to the certificate and key is
|
||||
up and running. Specifying the path to the certificate and key directory is
|
||||
always necessary, as the Gemini protocol requires TLS by default.
|
||||
|
||||
To obtain a certificate and a key, you could, for example, use OpenSSL,
|
||||
running a command similar to the following example:
|
||||
If specified path is writable by Agate, and contains no valid key
|
||||
and certificate, the Agate will try to generate them on the first start.
|
||||
If specified directory is read-only - key and certificate should be pre-generated by user.
|
||||
|
||||
To obtain a certificate and a key in a DER format, you could, for example,
|
||||
use OpenSSL, running a commands similar to the following example:
|
||||
|
||||
@example
|
||||
openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem \
|
||||
-days 3650 -nodes -subj "/CN=example.com"
|
||||
openssl genpkey -out key.der -outform DER -algorithm RSA \
|
||||
-pkeyopt rsa_keygen_bits:4096
|
||||
openssl req -x509 -key key.der -outform DER -days 3650 -out cert.der \
|
||||
-subj "/CN=example.com"
|
||||
@end example
|
||||
|
||||
Of course, you'll have to replace @i{example.com} with your own domain
|
||||
name, and then point the Agate configuration towards the path of the
|
||||
generated key and certificate.
|
||||
directory with the generated key and certificate using the @code{certs} option.
|
||||
|
||||
@end defvar
|
||||
|
||||
@ -32967,30 +32972,38 @@ The package object of the Agate server.
|
||||
@item @code{content} (default: @file{"/srv/gemini"})
|
||||
The directory from which Agate will serve files.
|
||||
|
||||
@item @code{cert} (default: @code{#f})
|
||||
The path to the TLS certificate PEM file to be used for encrypted
|
||||
connections. Must be filled in with a value from the user.
|
||||
|
||||
@item @code{key} (default: @code{#f})
|
||||
The path to the PKCS8 private key file to be used for encrypted
|
||||
connections. Must be filled in with a value from the user.
|
||||
@item @code{certs} (default: @file{"/srv/gemini-certs"})
|
||||
Root of the certificate directory. Must be filled in with a value from the user.
|
||||
|
||||
@item @code{addr} (default: @code{'("0.0.0.0:1965" "[::]:1965")})
|
||||
A list of the addresses to listen on.
|
||||
|
||||
@item @code{hostname} (default: @code{#f})
|
||||
The domain name of this Gemini server. Optional.
|
||||
@item @code{hostnames} (default: @code{'()})
|
||||
Virtual hosts for the Gemini server. If multiple values are
|
||||
specified, corresponding directory names should be present in the @code{content}
|
||||
directory. Optional.
|
||||
|
||||
@item @code{lang} (default: @code{#f})
|
||||
RFC 4646 language code(s) for text/gemini documents. Optional.
|
||||
|
||||
@item @code{silent?} (default: @code{#f})
|
||||
Set to @code{#t} to disable logging output.
|
||||
@item @code{only-tls13?} (default: @code{#f})
|
||||
Set to @code{#t} to disable support for TLSv1.2.
|
||||
|
||||
@item @code{serve-secret?} (default: @code{#f})
|
||||
Set to @code{#t} to serve secret files (files/directories starting with
|
||||
a dot).
|
||||
|
||||
@item @code{central-conf?} (default: @code{#f})
|
||||
Set to @code{#t} to look for the .meta configuration file in the @code{content}
|
||||
root directory and will ignore @code{.meta} files in other directories
|
||||
|
||||
@item @code{ed25519?} (default: @code{#f})
|
||||
Set to @code{#t} to generate keys using the Ed25519 signature algorithm
|
||||
instead of the default ECDSA.
|
||||
|
||||
@item @code{skip-port-check?} (default: @code{#f})
|
||||
Set to @code{#t} to skip URL port check even when a @code{hostname} is specified.
|
||||
|
||||
@item @code{log-ip?} (default: @code{#t})
|
||||
Whether or not to output IP addresses when logging.
|
||||
|
||||
|
@ -302,13 +302,15 @@
|
||||
agate-configuration?
|
||||
agate-configuration-package
|
||||
agate-configuration-content
|
||||
agate-configuration-cert
|
||||
agate-configuration-key
|
||||
agate-configuration-certs
|
||||
agate-configuration-addr
|
||||
agate-configuration-hostname
|
||||
agate-configuration-lang
|
||||
agate-configuration-silent
|
||||
agate-configuration-only-tls13
|
||||
agate-configuration-serve-secret
|
||||
agate-configuration-central-conf
|
||||
agate-configuration-ed25519
|
||||
agate-configuration-skip-port-check
|
||||
agate-configuration-log-ip
|
||||
agate-configuration-user
|
||||
agate-configuration-group
|
||||
@ -2184,20 +2186,24 @@ root=/srv/gemini
|
||||
(default agate))
|
||||
(content agate-configuration-content
|
||||
(default "/srv/gemini"))
|
||||
(cert agate-configuration-cert
|
||||
(default #f))
|
||||
(key agate-configuration-key
|
||||
(default #f))
|
||||
(certs agate-configuration-certs
|
||||
(default "/srv/gemini-certs"))
|
||||
(addr agate-configuration-addr
|
||||
(default '("0.0.0.0:1965" "[::]:1965")))
|
||||
(hostname agate-configuration-hostname
|
||||
(default #f))
|
||||
(default '()))
|
||||
(lang agate-configuration-lang
|
||||
(default #f))
|
||||
(silent? agate-configuration-silent
|
||||
(default #f))
|
||||
(only-tls13? agate-configuration-only-tls13
|
||||
(default #f))
|
||||
(serve-secret? agate-configuration-serve-secret
|
||||
(default #f))
|
||||
(central-conf? agate-configuration-central-conf
|
||||
(default #f))
|
||||
(ed25519? agate-configuration-ed25519
|
||||
(default #f))
|
||||
(skip-port-check? agate-configuration-skip-port-check
|
||||
(default #f))
|
||||
(log-ip? agate-configuration-log-ip
|
||||
(default #t))
|
||||
(user agate-configuration-user
|
||||
@ -2209,8 +2215,10 @@ root=/srv/gemini
|
||||
|
||||
(define agate-shepherd-service
|
||||
(match-lambda
|
||||
(($ <agate-configuration> package content cert key addr
|
||||
hostname lang silent? serve-secret?
|
||||
(($ <agate-configuration> package content certs addr
|
||||
hostname lang only-tls13?
|
||||
serve-secret? central-conf?
|
||||
ed25519? skip-port-check?
|
||||
log-ip? user group log-file)
|
||||
(list (shepherd-service
|
||||
(provision '(agate))
|
||||
@ -2220,17 +2228,21 @@ root=/srv/gemini
|
||||
#~(make-forkexec-constructor
|
||||
(list #$agate
|
||||
"--content" #$content
|
||||
"--cert" #$cert
|
||||
"--key" #$key
|
||||
"--addr" #$@addr
|
||||
"--certs" #$certs
|
||||
#$@(append-map
|
||||
(lambda x (append '("--addr") x))
|
||||
addr)
|
||||
#$@(append-map
|
||||
(lambda x (append '("--hostname") x))
|
||||
hostname)
|
||||
#$@(if lang
|
||||
(list "--lang" lang)
|
||||
'())
|
||||
#$@(if hostname
|
||||
(list "--hostname" hostname)
|
||||
'())
|
||||
#$@(if silent? '("--silent") '())
|
||||
#$@(if serve-secret? '("--serve-secret") '())
|
||||
#$@(if only-tls13? '("--only-tls13") '())
|
||||
#$@(if central-conf? '("--central-conf") '())
|
||||
#$@(if ed25519? '("--ed25519") '())
|
||||
#$@(if skip-port-check? '("--skip-port-check") '())
|
||||
#$@(if log-ip? '("--log-ip") '()))
|
||||
#:user #$user #:group #$group
|
||||
#:log-file #$log-file)))
|
||||
|
Loading…
Reference in New Issue
Block a user