Use forge-nginx-service-type to activate SSL certificates

Use the forge-nginx-service-type rather than the plain
nginx-service-type so that we get the SSL certificates setup and
maintenance automatically.

2 files changed, 20 insertions, 12 deletions

diff --git a/public-sparql-deploy.sh b/public-sparql-deploy.sh
index d910747..bee9abf 100755
--- a/public-sparql-deploy.sh
+++ b/public-sparql-deploy.sh
@@ -25,6 +25,7 @@ container_script=$(guix system container \
                         --share=/export2/guix-containers/public-sparql/var/lib/virtuoso=/var/lib/virtuoso \
 			--share=/export2/guix-containers/public-sparql/tmp=/tmp \
 			--share=/export2/guix-containers/public-sparql/var/log=/var/log \
+			--share=/export2/guix-containers/public-sparql/var/lib/acme=/var/lib/acme \
                         public-sparql.scm)
 
 echo $container_script
diff --git a/public-sparql.scm b/public-sparql.scm
index 76c9f3a..08f97ea 100644
--- a/public-sparql.scm
+++ b/public-sparql.scm
@@ -19,15 +19,22 @@
 
 (use-modules (gnu)
              (gn services databases)
-             (gnu services web))
+             (gnu services web)
+             (forge nginx)
+             (forge socket))
 
-(define (virtuoso-reverse-proxy-server-block listen sparql-port)
+(define %reverse-http-proxy-port 8990)
+(define %reverse-https-proxy-port 8991)
+
+(define %virtuoso-port 8982)
+(define %sparql-port 8983)
+
+(define (virtuoso-reverse-proxy-server-block sparql-port)
   "Return an <nginx-server-configuration> object listening on LISTEN to
 reverse proxy the Virtuoso server. SPARQL-PORT is the port virtuoso's
 SPARQL endpoint is listening on."
   (nginx-server-configuration
    (server-name '("sparql.genenetwork.org"))
-   (listen (list listen))
    (locations
     (list (nginx-location-configuration
            (uri "/")
@@ -35,10 +42,6 @@ SPARQL endpoint is listening on."
                                       (number->string sparql-port) ";")
                        "proxy_set_header Host $host;")))))))
 
-(define %reverse-proxy-port 8990)
-(define %virtuoso-port 8981)
-(define %sparql-port 8982)
-
 (operating-system
   (host-name "sparql")
   (timezone "UTC")
@@ -58,10 +61,14 @@ SPARQL endpoint is listening on."
 			     (maximum-dirty-buffers 3000000)
                              (database-file "/var/lib/virtuoso/public-virtuoso.db")
                              (transaction-file "/var/lib/virtuoso/public-virtuoso.trx")))
-                   (service nginx-service-type
-                            (nginx-configuration
+                   (service forge-nginx-service-type
+                            (forge-nginx-configuration
+                             (http-listen (forge-ip-socket
+                                           (ip "0.0.0.0")
+                                           (port %reverse-http-proxy-port)))
+                             (https-listen (forge-ip-socket
+                                            (ip "0.0.0.0")
+                                            (port %reverse-https-proxy-port)))
                              (server-blocks
-                              (list (virtuoso-reverse-proxy-server-block
-                                     (number->string %reverse-proxy-port)
-                                     %sparql-port)))))
+                              (list (virtuoso-reverse-proxy-server-block %sparql-port)))))
                    %base-services)))