From b36e2f9058eb1863abb22d44a7f4f650fa81bdd4 Mon Sep 17 00:00:00 2001
From: Azalea Redmyer <azalea@grrlz.net>
Date: Wed, 18 Feb 2026 07:36:29 -0800
Subject: Update nginx service & add extra plugin load path, more enabled
 modules for prosody service

---
 bluechateau/systems/chinstrap.scm | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/bluechateau/systems/chinstrap.scm b/bluechateau/systems/chinstrap.scm
index c14a1f0..a593b5b 100644
--- a/bluechateau/systems/chinstrap.scm
+++ b/bluechateau/systems/chinstrap.scm
@@ -61,6 +61,12 @@
 	 (shell (file-append (specification->package "shadow")
 			     "/sbin/nologin")))))
 
+(define (nginx-signal name signal)
+  (program-file
+   name
+   #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+       (kill pid #$signal))))
+
 ;; Override the default nginx service account configuration so
 ;; the nginx user is a member of the 'git' group. (required for
 ;; cgit)
@@ -97,9 +103,12 @@
 (define prosody-service
   (service prosody-service-type
 	   (prosody-configuration
+	    (plugin-paths '("/srv/lib/prosody-modules-enabled"))
 	    (modules-enabled
 	     (cons*
-	      "groups" "mam" "user_account_management" "http_file_share" %default-modules-enabled))
+	      "groups" "mam" "smacks" "user_account_management" "http_file_share"
+	      "cloud_notify" "cloud_notify_encrypted" "cloud_notify_extensions"
+	      %default-modules-enabled))
 	    (virtualhosts
 	     (list
 	      (virtualhost-configuration
@@ -437,7 +446,8 @@ port = 8000"))
    (packages
     (append
      (map specification->package
-	  '("emacs" "git" "prosody"))
+	  '("emacs" "git"
+	    "mercurial" "prosody"))
      %base-packages))
 
    (services
@@ -495,11 +505,16 @@ port = 8000"))
 		      (service-type-extensions certbot-service-type))))
 	       (certbot-configuration
 		(email "mononoke@anche.no")
+		(webroot "/var/www/certbot")
 		(certificates
 		 (list
 		  (certificate-configuration
 		   (name "bluechateau")
-		   (domains ssl-domains))))))
+		   (domains ssl-domains)
+		   ;; Send SIGHUP signal to nginx to trigger a
+                   ;; configuration reload, thus loading the
+                   ;; updated certificates.
+                   (deploy-hook (nginx-signal "nginx-deploy-hook" SIGHUP)))))))
       
       ;; NGINX (web hosting)
       ;; Be sure to use the custom service defined at the
-- 
cgit v1.2.3