Create a guix service for the identity provider.

4 files changed, 171 insertions, 2 deletions

diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm
new file mode 100644
index 0000000..4c7834c
--- /dev/null
+++ b/guix/vkraus/services/webid-oidc.scm
@@ -0,0 +1,119 @@
+(define-module (vkraus services webid-oidc)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages admin)
+  #:use-module (vkraus packages webid-oidc)
+  #:use-module (guix gexp)
+  #:use-module (guix modules)
+  #:use-module (guix records)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 optargs))
+
+(define-record-type* <webid-oidc-issuer-configuration>
+  webid-oidc-issuer-configuration
+  make-webid-oidc-issuer-configuration
+  webid-oidc-issuer-configuration?
+  (webid-oidc webid-oidc-issuer-configuration-webid-oidc
+              (default webid-oidc))
+  (issuer webid-oidc-issuer-configuration-issuer)
+  (key-file webid-oidc-issuer-configuration-key-file
+            (default "/var/lib/webid-oidc/issuer/key.jwk"))
+  (subject webid-oidc-issuer-configuration-subject)
+  (password webid-oidc-issuer-configuration-password)
+  (jwks-uri webid-oidc-issuer-configuration-jwks-uri)
+  (authorization-endpoint-uri
+   webid-oidc-issuer-configuration-authorization-endpoint-uri)
+  (token-endpoint-uri
+   webid-oidc-issuer-configuration-token-endpoint-uri)
+  (port webid-oidc-issuer-configuration-port (default 8088))
+  (extra-options
+   webid-oidc-issuer-configuration-extra-options
+   (default '())))
+
+(export <webid-oidc-issuer-configuration>
+        webid-oidc-issuer-configuration
+        make-webid-oidc-issuer-configuration
+        webid-oidc-issuer-configuration?
+        webid-oidc-issuer-configuration-webid-oidc
+        webid-oidc-issuer-configuration-issuer
+        webid-oidc-issuer-configuration-key-file
+        webid-oidc-issuer-configuration-subject
+        webid-oidc-issuer-configuration-password
+        webid-oidc-issuer-configuration-jwks-uri
+        webid-oidc-issuer-configuration-authorization-endpoint-uri
+        webid-oidc-issuer-configuration-token-endpoint-uri
+        webid-oidc-issuer-configuration-port
+        webid-oidc-issuer-configuration-extra-options)
+
+(define webid-oidc-issuer-shepherd-service
+  (match-lambda
+    (($ <webid-oidc-issuer-configuration>
+        webid-oidc issuer key-file subject password jwks-uri
+        authorization-endpoint-uri token-endpoint-uri port
+        extra-options)
+     (with-imported-modules
+      (source-module-closure
+       '((gnu build shepherd)
+         (gnu system file-systems)))
+      (list (shepherd-service
+             (provision '(webid-oidc-issuer))
+             (documentation "Run the Solid identity provider.")
+             (requirement '(user-processes))
+             (modules '((gnu build shepherd)
+                        (gnu system file-systems)))
+             (start
+              #~(begin
+                  (let* ((user (getpwnam "webid-oidc-issuer"))
+                         (prepare-directory
+                          (lambda (dir)
+                            (mkdir-p dir)
+                            (chown dir (passwd:uid user) (passwd:gid user))
+                            (chmod dir #o700))))
+                    (prepare-directory "/var/log/webid-oidc")
+                    (prepare-directory "/var/lib/webid-oidc")
+                    (prepare-directory "/var/cache/webid-oidc"))
+                  (make-forkexec-constructor
+                   (list
+                    (string-append #$webid-oidc "/bin/webid-oidc-issuer")
+                    "--issuer" #$issuer
+                    "--key-file" #$key-file
+                    "--subject" #$subject
+                    "--password" #$password
+                    "--jwks-uri" #$jwks-uri
+                    "--authorization-endpoint-uri" #$authorization-endpoint-uri
+                    "--token-endpoint-uri" #$token-endpoint-uri
+                    "--port" (with-output-to-string (lambda () (display #$port)))
+                    "--log-file" "issuer.log"
+                    "--error-file" "issuer.err"
+                    #$@extra-options)
+                   #:user "webid-oidc-issuer"
+                   #:group "webid-oidc-issuer"
+                   #:directory "/var/log/webid-oidc"
+                   #:environment-variables
+                   `("XDG_DATA_HOME=/var/lib"
+                     "XDG_CACHE_HOME=/var/cache"
+                     "LANG=C"))))
+             (stop #~(make-kill-destructor))))))))
+
+(define %webid-oidc-issuer-accounts
+  (list (user-group (name "webid-oidc-issuer")
+                    (system? #t))
+        (user-account
+         (name "webid-oidc-issuer")
+         (group "webid-oidc-issuer")
+         (system? #t)
+         (comment "The user that runs the webid-oidc issuer.")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define-public webid-oidc-issuer-service-type
+  (service-type
+   (name 'webid-oidc-issuer)
+   (extensions
+    (list
+     (service-extension account-service-type
+                        (const %webid-oidc-issuer-accounts))
+     (service-extension
+      shepherd-root-service-type
+      webid-oidc-issuer-shepherd-service)))))
diff --git a/guix/vkraus/systems/webid-oidc-issuer.scm b/guix/vkraus/systems/webid-oidc-issuer.scm
new file mode 100644
index 0000000..103f49f
--- /dev/null
+++ b/guix/vkraus/systems/webid-oidc-issuer.scm
@@ -0,0 +1,50 @@
+(define-module (vkraus systems webid-oidc-issuer)
+  #:use-module (gnu)
+  #:use-module (guix)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (vkraus services webid-oidc)
+  #:use-module (vkraus packages webid-oidc))
+
+(operating-system
+ (locale "fr_FR.utf8")
+ (timezone "Europe/Paris")
+ (keyboard-layout (keyboard-layout "fr"))
+ (host-name "webid-oidc-issuer")
+ (users (cons* (user-account
+		(name "admin")
+		(comment "Administrator")
+		(group "users")
+		(home-directory "/home/admin")
+                (supplementary-groups
+                 '("wheel" "netdev")))
+	       %base-user-accounts))
+ (packages
+  (append
+   (list (specification->package "nss-certs"))
+   %base-packages))
+ (services
+  (append
+   (cons*
+    (service webid-oidc-issuer-service-type
+	     (webid-oidc-issuer-configuration
+	      (webid-oidc webid-oidc-snapshot)
+	      (issuer "http://localhost:8080")
+	      (subject "http://localhost:8080/profile/card#me")
+	      (password "p4ssw0rd")
+	      (jwks-uri "http://localhost:8080/keys")
+	      (authorization-endpoint-uri "http://localhost:8080/authorize")
+	      (token-endpoint-uri "http://localhost:8080/token")
+	      (port 8080)))
+    %base-services)))
+ (bootloader
+  (bootloader-configuration
+   (bootloader grub-efi-bootloader)
+   (target "/boot/efi")
+   (keyboard-layout keyboard-layout)))
+ (file-systems
+  (cons* (file-system
+          (mount-point "/")
+          (device "/dev/sda")
+          (type "ext4"))
+         %base-file-systems)))
diff --git a/po/fr.po b/po/fr.po
index e9fdaa3..561e910 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: webid-oidc 0.0.0\n"
 "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-06-05 16:17+0200\n"
+"POT-Creation-Date: 2021-06-05 16:18+0200\n"
 "PO-Revision-Date: 2021-06-05 11:07+0200\n"
 "Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n"
 "Language-Team: French <vivien@planete-kraus.eu>\n"
diff --git a/po/webid-oidc.pot b/po/webid-oidc.pot
index 9168393..c5b6815 100644
--- a/po/webid-oidc.pot
+++ b/po/webid-oidc.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: webid-oidc SNAPSHOT\n"
 "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-06-05 16:17+0200\n"
+"POT-Creation-Date: 2021-06-05 16:18+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"