diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-18 14:47:41 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-18 14:47:41 +0200 |
commit | 27885c5afabfbdda4b02a62ce8b401812f649062 (patch) | |
tree | 22a5669d5289d27dbfe5e2ea6e6927e02b285e21 /vkraus/services |
Update package
Diffstat (limited to 'vkraus/services')
-rw-r--r-- | vkraus/services/webid-oidc.scm | 347 |
1 files changed, 347 insertions, 0 deletions
diff --git a/vkraus/services/webid-oidc.scm b/vkraus/services/webid-oidc.scm new file mode 100644 index 0000000..e510ba9 --- /dev/null +++ b/vkraus/services/webid-oidc.scm @@ -0,0 +1,347 @@ +(define-module (vkraus services webid-oidc) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (vkraus packages webid-oidc) + #:use-module (guix gexp) + #:use-module (guix modules) + #:use-module (guix records) + #:use-module (ice-9 match) + #:use-module (ice-9 optargs)) + +(define-record-type* <webid-oidc-issuer-configuration> + webid-oidc-issuer-configuration + make-webid-oidc-issuer-configuration + webid-oidc-issuer-configuration? + (webid-oidc webid-oidc-issuer-configuration-webid-oidc + (default webid-oidc)) + (issuer webid-oidc-issuer-configuration-issuer) + (key-file webid-oidc-issuer-configuration-key-file + (default "/var/lib/webid-oidc/issuer/key.jwk")) + (subject webid-oidc-issuer-configuration-subject) + (password webid-oidc-issuer-configuration-password) + (jwks-uri webid-oidc-issuer-configuration-jwks-uri) + (authorization-endpoint-uri + webid-oidc-issuer-configuration-authorization-endpoint-uri) + (token-endpoint-uri + webid-oidc-issuer-configuration-token-endpoint-uri) + (port webid-oidc-issuer-configuration-port (default 8088)) + (extra-options + webid-oidc-issuer-configuration-extra-options + (default '()))) + +(define-record-type* <webid-oidc-reverse-proxy-configuration> + webid-oidc-reverse-proxy-configuration + make-webid-oidc-reverse-proxy-configuration + webid-oidc-reverse-proxy-configuration? + (webid-oidc webid-oidc-reverse-proxy-configuration-webid-oidc + (default webid-oidc)) + (port webid-oidc-reverse-proxy-port (default 8090)) + (inbound-uri webid-oidc-reverse-proxy-configuration-inbound-uri) + (outbound-uri webid-oidc-reverse-proxy-configuration-outbound-uri) + (header webid-oidc-reverse-proxy-configuration-header + (default "XXX-Agent")) + (extra-options + webid-oidc-reverse-proxy-extra-options + (default '()))) + +(define-record-type* <webid-oidc-hello-configuration> + webid-oidc-hello-configuration + make-webid-oidc-hello-configuration + webid-oidc-hello-configuration? + (webid-oidc webid-oidc-hello-configuration-webid-oidc + (default webid-oidc)) + (port webid-oidc-hello-configuration-port (default 8089)) + (extra-options + webid-oidc-hello-configuration-extra-options + (default '()))) + +(define-record-type* <webid-oidc-client-service-configuration> + webid-oidc-client-service-configuration + make-webid-oidc-client-service-configuration + webid-oidc-client-service-configuration? + (webid-oidc webid-oidc-client-service-configuration-webid-oidc + (default webid-oidc)) + (client-id webid-oidc-client-service-configuration-client-id) + (redirect-uri webid-oidc-client-service-configuration-redirect-uri) + (client-name webid-oidc-client-service-configuration-client-name (default "Example Solid App")) + (client-uri webid-oidc-client-service-configuration-client-uri (default "https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client")) + (port webid-oidc-client-service-configuration-port (default 8088)) + (extra-options + webid-oidc-client-service-configuration-extra-options + (default '()))) + +(export <webid-oidc-issuer-configuration> + webid-oidc-issuer-configuration + make-webid-oidc-issuer-configuration + webid-oidc-issuer-configuration? + webid-oidc-issuer-configuration-webid-oidc + webid-oidc-issuer-configuration-issuer + webid-oidc-issuer-configuration-key-file + webid-oidc-issuer-configuration-subject + webid-oidc-issuer-configuration-password + webid-oidc-issuer-configuration-jwks-uri + webid-oidc-issuer-configuration-authorization-endpoint-uri + webid-oidc-issuer-configuration-token-endpoint-uri + webid-oidc-issuer-configuration-port + webid-oidc-issuer-configuration-extra-options + <webid-oidc-reverse-proxy-configuration> + webid-oidc-reverse-proxy-configuration + make-webid-oidc-reverse-proxy-configuration + webid-oidc-reverse-proxy-configuration? + webid-oidc-reverse-proxy-configuration-webid-oidc + webid-oidc-reverse-proxy-configuration-port + webid-oidc-reverse-proxy-configuration-inbound-uri + webid-oidc-reverse-proxy-configuration-outbound-uri + webid-oidc-reverse-proxy-configuration-header + webid-oidc-reverse-proxy-configuration-extra-options + <webid-oidc-hello-configuration> + webid-oidc-hello-configuration + make-webid-oidc-hello-configuration + webid-oidc-hello-configuration? + webid-oidc-hello-configuration-webid-oidc + webid-oidc-hello-configuration-port + webid-oidc-hello-configuration-extra-options + <webid-oidc-client-service-configuration> + webid-oidc-client-service-configuration + make-webid-oidc-client-service-configuration + webid-oidc-client-service-configuration? + webid-oidc-client-service-configuration-webid-oidc + webid-oidc-client-service-configuration-client-id + webid-oidc-client-service-configuration-redirect-uri + webid-oidc-client-service-configuration-client-name + webid-oidc-client-service-configuration-client-uri + webid-oidc-client-service-configuration-port + webid-oidc-client-service-configuration-extra-options) + +(define webid-oidc-issuer-shepherd-service + (match-lambda + (($ <webid-oidc-issuer-configuration> + webid-oidc issuer key-file subject password jwks-uri + authorization-endpoint-uri token-endpoint-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-issuer)) + (documentation "Run the Solid identity provider.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-issuer") + "--issuer" #$issuer + "--key-file" #$key-file + "--subject" #$subject + "--password" #$password + "--jwks-uri" #$jwks-uri + "--authorization-endpoint-uri" #$authorization-endpoint-uri + "--token-endpoint-uri" #$token-endpoint-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "issuer.log" + "--error-file" "issuer.err" + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define webid-oidc-reverse-proxy-shepherd-service + (match-lambda + (($ <webid-oidc-reverse-proxy-configuration> + webid-oidc port inbound-uri outbound-uri header + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-reverse-proxy)) + (documentation "Run a proxy to authenticate with Solid.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-reverse-proxy") + "--port" (with-output-to-string (lambda () (display #$port))) + "--inbound-uri" #$inbound-uri + "--outbound-uri" #$outbound-uri + "--header" #$header + "--log-file" "reverse-proxy.log" + "--error-file" "reverse-proxy.err" + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define webid-oidc-hello-shepherd-service + (match-lambda + (($ <webid-oidc-hello-configuration> + webid-oidc port extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-hello)) + (documentation "Run a demonstration Solid server.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-hello") + "--port" (with-output-to-string (lambda () (display #$port))) + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define webid-oidc-client-service-shepherd-service + (match-lambda + (($ <webid-oidc-client-service-configuration> + webid-oidc client-id redirect-uri client-name client-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-client-service)) + (documentation "Run a server for a Solid application.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-client-service") + "--client-id" #$client-id + "--redirect-uri" #$redirect-uri + "--client-name" #$client-name + "--client-uri" #$client-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "client-service.log" + "--error-file" "client-service.err" + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define %webid-oidc-accounts + (list (user-group (name "webid-oidc") + (system? #t)) + (user-account + (name "webid-oidc") + (group "webid-oidc") + (system? #t) + (comment "The user that runs the webid-oidc issuer and resource server.") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define-public webid-oidc-issuer-service-type + (service-type + (name 'webid-oidc-issuer) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-issuer-shepherd-service))))) + +(define-public webid-oidc-reverse-proxy-service-type + (service-type + (name 'webid-oidc-reverse-proxy) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-reverse-proxy-shepherd-service))))) + +(define-public webid-oidc-hello-service-type + (service-type + (name 'webid-oidc-hello) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-hello-shepherd-service))))) + +(define-public webid-oidc-client-service-service-type + (service-type + (name 'webid-oidc-client-service) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-client-service-shepherd-service))))) |