diff options
| author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-18 14:47:41 +0200 |
|---|---|---|
| committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-18 14:47:41 +0200 |
| commit | 27885c5afabfbdda4b02a62ce8b401812f649062 (patch) | |
| tree | 22a5669d5289d27dbfe5e2ea6e6927e02b285e21 | |
Update package
| -rw-r--r-- | vkraus/packages/ChangeLog | 13 | ||||
| -rw-r--r-- | vkraus/packages/webid-oidc.scm | 146 | ||||
| -rw-r--r-- | vkraus/services/webid-oidc.scm | 347 | ||||
| -rw-r--r-- | vkraus/systems/webid-oidc.scm | 80 |
4 files changed, 586 insertions, 0 deletions
diff --git a/vkraus/packages/ChangeLog b/vkraus/packages/ChangeLog new file mode 100644 index 0000000..630e7ed --- /dev/null +++ b/vkraus/packages/ChangeLog @@ -0,0 +1,13 @@ +2020-12-06 Vivien Kraus <vivien@planete-kraus.eu> + + * webid-oidc.scm (webid-oidc-snapshot): Call wrap-program to set + up the paths. + +2020-11-26 Vivien Kraus <vivien@planete-kraus.eu> + + * webid-oidc.scm (webid-oidc-snapshot): change the guix name of + the snapshot package so that there is no conflict with the + release. + (webid-oidc-release): use an explicit guix package name, we don't + want to inherit the snapshot name. + diff --git a/vkraus/packages/webid-oidc.scm b/vkraus/packages/webid-oidc.scm new file mode 100644 index 0000000..12782ec --- /dev/null +++ b/vkraus/packages/webid-oidc.scm @@ -0,0 +1,146 @@ +(define-module (vkraus packages webid-oidc) + #:use-module (guix packages) + #:use-module (guix gexp) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix download) + #:use-module (guix git-download) + #:use-module (guix build-system gnu) + #:use-module (gnu packages) + #:use-module (gnu packages base) + #:use-module (gnu packages guile) + #:use-module (gnu packages guile-xyz) + #:use-module (gnu packages nettle) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages texinfo) + #:use-module (gnu packages autotools) + #:use-module (gnu packages gettext) + #:use-module (gnu packages man) + #:use-module (gnu packages tls) + #:use-module (gnu packages xml) + #:use-module (gnu packages emacs) + #:use-module (gnu packages emacs-xyz)) + +(define-public webid-oidc-snapshot + (package + (name "webid-oidc-snapshot") + (version "SNAPSHOT") + (source "./webid-oidc-SNAPSHOT.tar.gz") + (build-system gnu-build-system) + (arguments + '(#:modules ((guix build utils) + (guix build gnu-build-system) + (ice-9 rdelim) + (ice-9 popen)) + #:phases + (modify-phases + %standard-phases + (add-after + 'install 'wrap-program + (lambda* (#:key native-inputs inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (the-guile (assoc-ref (or native-inputs inputs) "guile")) + (the-guile-exec (format #f "~a/bin/guile" the-guile)) + (effective-version + (read-line + (open-pipe* OPEN_READ + the-guile-exec + "-c" + "(display (effective-version))"))) + (guile-propagated-inputs + (cons out + (map (lambda (name) + (assoc-ref inputs name)) + '("guile-json" "guile-rdf" "gnutls")))) + (mod-paths + (map (lambda (prop-input) + (format #f "~a/share/guile/site/~a" + prop-input effective-version)) + guile-propagated-inputs)) + (go-paths + (map (lambda (prop-input) + (format #f "~a/lib/guile/~a/site-ccache" + prop-input effective-version)) + guile-propagated-inputs))) + (for-each + (lambda (program) + (wrap-program + (format #f "~a/bin/webid-oidc-~a" out program) + `("GUILE_LOAD_PATH" ":" = ,mod-paths) + `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))) + '(issuer reverse-proxy hello client-service example-app)))))))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("guile" ,guile-3.0) + ("texinfo" ,texinfo) + ("autoconf" ,autoconf) + ("autoconf-archive" ,autoconf-archive) + ("automake" ,automake) + ("libtool" ,libtool) + ("gettext" ,gnu-gettext) + ("coreutils" ,coreutils) ;; for link (wrap-program) + ("help2man" ,help2man) + ("which" ,which))) + (inputs `(("guile" ,guile-3.0) + ("nettle" ,nettle))) + (propagated-inputs + `(("guile" ,guile-3.0) + ("guile-json" ,guile-json-4) + ("guile-rdf" ,guile-rdf) + ("gnutls" ,gnutls))) + (synopsis "") + (description "") + (home-page "https://labo.planete-kraus.eu/webid-oidc.git") + (license license:gpl3+) + (native-search-paths + (list (search-path-specification + (variable "LTDL_LIBRARY_PATH") + (files '("lib"))))))) + +(define-public (webid-oidc-release version commit hash) + (package + (inherit webid-oidc-snapshot) + (name "webid-oidc") + (version version) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://labo.planete-kraus.eu/webid-oidc.git") + (commit commit))) + (sha256 (base32 hash)) + (snippet + `(begin + (with-output-to-file ".tarball-version" + (lambda _ (format #t "~a~%" ,version))) + #t)))))) + +(define-public (webid-oidc-htmlize webid-oidc) + (package + (inherit webid-oidc) + (name "webid-oidc-html") + (arguments + '(#:phases + (modify-phases + %standard-phases + (add-after + 'build 'build-html + (lambda* (#:key make-flags parallel-build? #:allow-other-keys) + (apply invoke "make" "html" + `(,@(if parallel-build? + `("-j" ,(number->string (parallel-job-count))) + '()) + ,@make-flags)))) + (replace + 'install + (lambda* (#:key make-flags parallel-build? #:allow-other-keys) + (apply invoke "make" "install-html" + `(,@(if parallel-build? + `("-j" ,(number->string (parallel-job-count))) + '()) + ,@make-flags))))))) + (synopsis "HTML documentation for webid-oidc") + (description "The manual for webid-oidc is provided as a texinfo +file, which is exported to HTML."))) + +(define-public (make-website webid-oidc) + (file-append (webid-oidc-htmlize webid-oidc) "/share/doc/webid-oidc/webid-oidc.html")) diff --git a/vkraus/services/webid-oidc.scm b/vkraus/services/webid-oidc.scm new file mode 100644 index 0000000..e510ba9 --- /dev/null +++ b/vkraus/services/webid-oidc.scm @@ -0,0 +1,347 @@ +(define-module (vkraus services webid-oidc) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (vkraus packages webid-oidc) + #:use-module (guix gexp) + #:use-module (guix modules) + #:use-module (guix records) + #:use-module (ice-9 match) + #:use-module (ice-9 optargs)) + +(define-record-type* <webid-oidc-issuer-configuration> + webid-oidc-issuer-configuration + make-webid-oidc-issuer-configuration + webid-oidc-issuer-configuration? + (webid-oidc webid-oidc-issuer-configuration-webid-oidc + (default webid-oidc)) + (issuer webid-oidc-issuer-configuration-issuer) + (key-file webid-oidc-issuer-configuration-key-file + (default "/var/lib/webid-oidc/issuer/key.jwk")) + (subject webid-oidc-issuer-configuration-subject) + (password webid-oidc-issuer-configuration-password) + (jwks-uri webid-oidc-issuer-configuration-jwks-uri) + (authorization-endpoint-uri + webid-oidc-issuer-configuration-authorization-endpoint-uri) + (token-endpoint-uri + webid-oidc-issuer-configuration-token-endpoint-uri) + (port webid-oidc-issuer-configuration-port (default 8088)) + (extra-options + webid-oidc-issuer-configuration-extra-options + (default '()))) + +(define-record-type* <webid-oidc-reverse-proxy-configuration> + webid-oidc-reverse-proxy-configuration + make-webid-oidc-reverse-proxy-configuration + webid-oidc-reverse-proxy-configuration? + (webid-oidc webid-oidc-reverse-proxy-configuration-webid-oidc + (default webid-oidc)) + (port webid-oidc-reverse-proxy-port (default 8090)) + (inbound-uri webid-oidc-reverse-proxy-configuration-inbound-uri) + (outbound-uri webid-oidc-reverse-proxy-configuration-outbound-uri) + (header webid-oidc-reverse-proxy-configuration-header + (default "XXX-Agent")) + (extra-options + webid-oidc-reverse-proxy-extra-options + (default '()))) + +(define-record-type* <webid-oidc-hello-configuration> + webid-oidc-hello-configuration + make-webid-oidc-hello-configuration + webid-oidc-hello-configuration? + (webid-oidc webid-oidc-hello-configuration-webid-oidc + (default webid-oidc)) + (port webid-oidc-hello-configuration-port (default 8089)) + (extra-options + webid-oidc-hello-configuration-extra-options + (default '()))) + +(define-record-type* <webid-oidc-client-service-configuration> + webid-oidc-client-service-configuration + make-webid-oidc-client-service-configuration + webid-oidc-client-service-configuration? + (webid-oidc webid-oidc-client-service-configuration-webid-oidc + (default webid-oidc)) + (client-id webid-oidc-client-service-configuration-client-id) + (redirect-uri webid-oidc-client-service-configuration-redirect-uri) + (client-name webid-oidc-client-service-configuration-client-name (default "Example Solid App")) + (client-uri webid-oidc-client-service-configuration-client-uri (default "https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client")) + (port webid-oidc-client-service-configuration-port (default 8088)) + (extra-options + webid-oidc-client-service-configuration-extra-options + (default '()))) + +(export <webid-oidc-issuer-configuration> + webid-oidc-issuer-configuration + make-webid-oidc-issuer-configuration + webid-oidc-issuer-configuration? + webid-oidc-issuer-configuration-webid-oidc + webid-oidc-issuer-configuration-issuer + webid-oidc-issuer-configuration-key-file + webid-oidc-issuer-configuration-subject + webid-oidc-issuer-configuration-password + webid-oidc-issuer-configuration-jwks-uri + webid-oidc-issuer-configuration-authorization-endpoint-uri + webid-oidc-issuer-configuration-token-endpoint-uri + webid-oidc-issuer-configuration-port + webid-oidc-issuer-configuration-extra-options + <webid-oidc-reverse-proxy-configuration> + webid-oidc-reverse-proxy-configuration + make-webid-oidc-reverse-proxy-configuration + webid-oidc-reverse-proxy-configuration? + webid-oidc-reverse-proxy-configuration-webid-oidc + webid-oidc-reverse-proxy-configuration-port + webid-oidc-reverse-proxy-configuration-inbound-uri + webid-oidc-reverse-proxy-configuration-outbound-uri + webid-oidc-reverse-proxy-configuration-header + webid-oidc-reverse-proxy-configuration-extra-options + <webid-oidc-hello-configuration> + webid-oidc-hello-configuration + make-webid-oidc-hello-configuration + webid-oidc-hello-configuration? + webid-oidc-hello-configuration-webid-oidc + webid-oidc-hello-configuration-port + webid-oidc-hello-configuration-extra-options + <webid-oidc-client-service-configuration> + webid-oidc-client-service-configuration + make-webid-oidc-client-service-configuration + webid-oidc-client-service-configuration? + webid-oidc-client-service-configuration-webid-oidc + webid-oidc-client-service-configuration-client-id + webid-oidc-client-service-configuration-redirect-uri + webid-oidc-client-service-configuration-client-name + webid-oidc-client-service-configuration-client-uri + webid-oidc-client-service-configuration-port + webid-oidc-client-service-configuration-extra-options) + +(define webid-oidc-issuer-shepherd-service + (match-lambda + (($ <webid-oidc-issuer-configuration> + webid-oidc issuer key-file subject password jwks-uri + authorization-endpoint-uri token-endpoint-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-issuer)) + (documentation "Run the Solid identity provider.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-issuer") + "--issuer" #$issuer + "--key-file" #$key-file + "--subject" #$subject + "--password" #$password + "--jwks-uri" #$jwks-uri + "--authorization-endpoint-uri" #$authorization-endpoint-uri + "--token-endpoint-uri" #$token-endpoint-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "issuer.log" + "--error-file" "issuer.err" + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define webid-oidc-reverse-proxy-shepherd-service + (match-lambda + (($ <webid-oidc-reverse-proxy-configuration> + webid-oidc port inbound-uri outbound-uri header + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-reverse-proxy)) + (documentation "Run a proxy to authenticate with Solid.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-reverse-proxy") + "--port" (with-output-to-string (lambda () (display #$port))) + "--inbound-uri" #$inbound-uri + "--outbound-uri" #$outbound-uri + "--header" #$header + "--log-file" "reverse-proxy.log" + "--error-file" "reverse-proxy.err" + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define webid-oidc-hello-shepherd-service + (match-lambda + (($ <webid-oidc-hello-configuration> + webid-oidc port extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-hello)) + (documentation "Run a demonstration Solid server.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-hello") + "--port" (with-output-to-string (lambda () (display #$port))) + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define webid-oidc-client-service-shepherd-service + (match-lambda + (($ <webid-oidc-client-service-configuration> + webid-oidc client-id redirect-uri client-name client-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-client-service)) + (documentation "Run a server for a Solid application.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-client-service") + "--client-id" #$client-id + "--redirect-uri" #$redirect-uri + "--client-name" #$client-name + "--client-uri" #$client-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "client-service.log" + "--error-file" "client-service.err" + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define %webid-oidc-accounts + (list (user-group (name "webid-oidc") + (system? #t)) + (user-account + (name "webid-oidc") + (group "webid-oidc") + (system? #t) + (comment "The user that runs the webid-oidc issuer and resource server.") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define-public webid-oidc-issuer-service-type + (service-type + (name 'webid-oidc-issuer) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-issuer-shepherd-service))))) + +(define-public webid-oidc-reverse-proxy-service-type + (service-type + (name 'webid-oidc-reverse-proxy) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-reverse-proxy-shepherd-service))))) + +(define-public webid-oidc-hello-service-type + (service-type + (name 'webid-oidc-hello) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-hello-shepherd-service))))) + +(define-public webid-oidc-client-service-service-type + (service-type + (name 'webid-oidc-client-service) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-client-service-shepherd-service))))) diff --git a/vkraus/systems/webid-oidc.scm b/vkraus/systems/webid-oidc.scm new file mode 100644 index 0000000..704c746 --- /dev/null +++ b/vkraus/systems/webid-oidc.scm @@ -0,0 +1,80 @@ +(define-module (vkraus systems webid-oidc) + #:use-module (gnu) + #:use-module (guix) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (vkraus services webid-oidc) + #:use-module (vkraus packages webid-oidc) + #:use-module (gnu services web)) + +(operating-system + (locale "fr_FR.utf8") + (timezone "Europe/Paris") + (keyboard-layout (keyboard-layout "fr")) + (host-name "webid-oidc-issuer") + (users %base-user-accounts) + (packages + (append + (list (specification->package "nss-certs")) + %base-packages)) + (services + (append + (cons* + (service webid-oidc-issuer-service-type + (webid-oidc-issuer-configuration + (webid-oidc webid-oidc-snapshot) + (issuer "http://localhost:8080") + (subject "http://localhost:8080/profile/card#me") + (password "p4ssw0rd") + (jwks-uri "http://localhost:8080/keys") + (authorization-endpoint-uri "http://localhost:8080/authorize") + (token-endpoint-uri "http://localhost:8080/token") + (port 8080))) + (service webid-oidc-hello-service-type + (webid-oidc-hello-configuration + (webid-oidc webid-oidc-snapshot) + (port 8081))) + (service nginx-service-type + (nginx-configuration + (upstream-blocks + (list + (nginx-upstream-configuration + (name "issuer") + (servers (list "localhost:8080"))) + (nginx-upstream-configuration + (name "server") + (servers (list "localhost:8081"))))) + (server-blocks + (list + (nginx-server-configuration + (server-name '("localhost")) + (listen '("80")) + (locations + (list + (nginx-location-configuration + (uri "/profile/card") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/keys") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/authorize") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/token") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/") + (body (list "proxy_pass http://server;")))))))))) + %base-services))) + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (target "/boot/efi") + (keyboard-layout keyboard-layout))) + (file-systems + (cons* (file-system + (mount-point "/") + (device "/dev/sda") + (type "ext4")) + %base-file-systems))) |