From patchwork Tue Apr  4 20:43:46 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Saku Laesvuori <saku@laesvuori.fi>
X-Patchwork-Id: 11979
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id C3B6617359; Tue,  4 Apr 2023 21:44:23 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id A3D0917347
	for <patchwork@mira.cbaines.net>; Tue,  4 Apr 2023 21:44:22 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1pjnVe-0001Lg-77; Tue, 04 Apr 2023 16:44:06 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pjnVc-0001LY-QF
 for guix-patches@gnu.org; Tue, 04 Apr 2023 16:44:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pjnVa-0008Hw-Gc
 for guix-patches@gnu.org; Tue, 04 Apr 2023 16:44:04 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pjnVa-0007mt-6E
 for guix-patches@gnu.org; Tue, 04 Apr 2023 16:44:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#62642] [PATCH v2] services: certbot: Fix nginx crash when
 certbot is used without domains
Resent-From: Saku Laesvuori <saku@laesvuori.fi>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 04 Apr 2023 20:44:02 +0000
Resent-Message-ID: <handler.62642.B62642.168064103229909@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62642
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Bruno Victal <mirai@makinata.eu>
Cc: 62642@debbugs.gnu.org
Received: via spool by 62642-submit@debbugs.gnu.org id=B62642.168064103229909
 (code B ref 62642); Tue, 04 Apr 2023 20:44:02 +0000
Received: (at 62642) by debbugs.gnu.org; 4 Apr 2023 20:43:52 +0000
Received: from localhost ([127.0.0.1]:50370 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1pjnVP-0007mK-Ug
 for submit@debbugs.gnu.org; Tue, 04 Apr 2023 16:43:52 -0400
Received: from vmi571514.contaboserver.net ([75.119.130.101]:43278
 helo=mail.laesvuori.fi) by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <saku@laesvuori.fi>) id 1pjnVO-0007mC-1Y
 for 62642@debbugs.gnu.org; Tue, 04 Apr 2023 16:43:50 -0400
Received: from X-kone (88-113-24-127.elisa-laajakaista.fi [88.113.24.127])
 by mail.laesvuori.fi (Postfix) with ESMTPSA id 7ECDD342467;
 Tue,  4 Apr 2023 22:44:16 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail;
 t=1680641056; bh=p08MHGBkNtg/YMphhuUfdrd72LmG2TbrsLSMbGu37I0=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=FblHpwopY/Imt/DTMGgbIZ54t3T/jt2dZGJhlmo3ZLZrB1toeC/bAaYdWHhBclxDa
 UHhDTKHK+zBYiGgg8mBA//V0dFtJAgAr2UZDQLWY6DsiMHDkG6YZnxKZRINW7teLqE
 168+f3+e9BCWgoBc1a6aQtP5bc3iZI59YrqdDVk4=
Date: Tue, 4 Apr 2023 23:43:46 +0300
Message-ID: <20230404204346.urftnbdrquetm7jw@X-kone>
References: <20230403133241.14760-1-saku@laesvuori.fi>
 <66755b58-1cb1-eae6-a4ac-69c174ed58aa@makinata.eu>
 <20230403180659.zhbtbfnn2uhgplgc@X-kone>
 <84bb2e1c-db0c-ac08-9275-ffcc0f828b1c@makinata.eu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <84bb2e1c-db0c-ac08-9275-ffcc0f828b1c@makinata.eu>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to: Saku Laesvuori <saku@laesvuori.fi>
X-ACL-Warn: ,  Saku Laesvuori via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Saku Laesvuori via Guix-patches via
 <guix-patches@gnu.org>
From: Saku Laesvuori <saku@laesvuori.fi>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/services/certbot.scm (certbot-nginx-server-configurations):
Don't return a broken nginx-server-configuration with empty server_name
when no certificate domains are configured. Instead add a separate
server for every certificate, so 0 certificates adds 0 servers.
---
 gnu/services/certbot.scm | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)


base-commit: 2cf71e725d55bc5bf1ad663b7c696516299cc8a7

diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm
index 8e6784df2b..0c45471659 100644
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@@ -173,20 +173,24 @@ (define certbot-nginx-server-configurations
   (match-lambda
     (($ <certbot-configuration> package webroot certificates email
                                 server rsa-key-size default-location)
-     (list
-      (nginx-server-configuration
-       (listen '("80" "[::]:80"))
-       (ssl-certificate #f)
-       (ssl-certificate-key #f)
-       (server-name
-        (apply append (map certificate-configuration-domains certificates)))
-       (locations
-        (filter identity
-                (list
-                 (nginx-location-configuration
-                  (uri "/.well-known")
-                  (body (list (list "root " webroot ";"))))
-                 default-location))))))))
+     (define (certificate->nginx-server certificate-configuration)
+       (match-record certificate-configuration <certificate-configuration> 
+         (domains challenge)
+         (nginx-server-configuration
+          (listen '("80" "[::]:80"))
+          (ssl-certificate #f)
+          (ssl-certificate-key #f)
+          (server-name domains)
+          (locations
+           (filter identity
+                   (append
+                    (if challenge
+                      '()
+                      (list (nginx-location-configuration
+                             (uri "/.well-known")
+                             (body (list (list "root " webroot ";"))))))
+                    (list default-location)))))))
+     (map certificate->nginx-server certificates))))
 
 (define certbot-service-type
   (service-type (name 'certbot)