summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/LetsEncrypt.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/LetsEncrypt.hs')
-rw-r--r--src/Propellor/Property/LetsEncrypt.hs24
1 files changed, 14 insertions, 10 deletions
diff --git a/src/Propellor/Property/LetsEncrypt.hs b/src/Propellor/Property/LetsEncrypt.hs
index 651cffd9..2df290be 100644
--- a/src/Propellor/Property/LetsEncrypt.hs
+++ b/src/Propellor/Property/LetsEncrypt.hs
@@ -26,11 +26,11 @@ type WebRoot = FilePath
-- not modify the web server's configuration in any way; instead the
-- `CertInstaller` is used once the client has successfully obtained the
-- certificate.
---
--- This also handles renewing the certificate, and the `CertInstaller` is
--- also run after renewal. For renewel to work well, propellor needs to be
--- run periodically (at least a couple times per month).
--
+-- This also handles renewing the certificate.
+-- For renewel to work well, propellor needs to be
+-- run periodically (at least a couple times per month).
+--
-- See `Propellor.Property.Apache.httpsVirtualHost` for a property built using this.
letsEncrypt :: AgreeTOS -> Domain -> WebRoot -> CertInstaller -> Property NoInfo
letsEncrypt tos domain = letsEncrypt' tos domain []
@@ -48,9 +48,8 @@ letsEncrypt' (AgreeTOS memail) domain domains webroot certinstaller =
if ok
then do
endstats <- liftIO getstats
- if startstats == endstats
- then return NoChange
- else ensureProperty certsinstalled
+ ensureProperty $
+ certsinstalled (startstats /= endstats)
else do
liftIO $ hPutStr stderr transcript
return FailedChange
@@ -80,8 +79,9 @@ letsEncrypt' (AgreeTOS memail) domain domains webroot certinstaller =
s <- getFileStatus f
return (fileID s, deviceID s, fileMode s, fileSize s, modificationTime s)
- certsinstalled = propertyList ("certs installed") $
- flip map alldomains $ \d -> certinstaller d
+ certsinstalled newcert = propertyList ("certs installed") $
+ flip map alldomains $ \d -> certinstaller
+ newcert d
(certFile d)
(privKeyFile d)
(chainFile d)
@@ -91,7 +91,11 @@ letsEncrypt' (AgreeTOS memail) domain domains webroot certinstaller =
--
-- For example, it could configure the web server to use the certificate
-- files, and restart the web server.
-type CertInstaller = Domain -> CertFile -> PrivKeyFile -> ChainFile -> FullChainFile -> Property NoInfo
+--
+-- The Bool is True when a new cerficate was just obtained.
+-- But, this is also run when the certificate has not changed, so that
+-- any changes to the property will take effect.
+type CertInstaller = Bool -> Domain -> CertFile -> PrivKeyFile -> ChainFile -> FullChainFile -> Property NoInfo
-- | Locations of certificate files generated by lets encrypt.
type CertFile = FilePath