summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVivien Kraus <vivien@planete-kraus.eu>2021-08-01 23:15:56 +0200
committerVivien Kraus <vivien@planete-kraus.eu>2021-08-02 04:03:20 +0200
commitb43be9d4b05af12a22a97210b35885a3727e4a86 (patch)
tree656a87c8fdc5ef0e773a88182b0554a1d746f4b3
parentbae1843f1a1d644fb3bd4f8c40b1dbb900aa3325 (diff)
Make only one service type, but accept multiple configurations.0.5.2
-rw-r--r--NEWS4
-rw-r--r--README33
-rw-r--r--doc/disfluid.texi36
-rw-r--r--guix/vkraus/services/disfluid.scm578
-rw-r--r--guix/vkraus/systems/test.scm88
5 files changed, 437 insertions, 302 deletions
diff --git a/NEWS b/NEWS
index d777d56..ac7f7f9 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,10 @@
#+author: Vivien Kraus
#+email: vivien@planete-kraus.eu
+* The Guix service now accepts multiple instance of the service
+It still runs one process per server, but it is now possible to run
+two servers. This is useful for testing with 2 different users.
+
* The server can now load the encrypted password from a file
This means that the encrypted password can be hidden from the other
users.
diff --git a/README b/README
index c3c9597..2ad0530 100644
--- a/README
+++ b/README
@@ -46,6 +46,39 @@ To build, first run the =bootstrap= script, then =./configure=,
Once installed, you get a program named =disfluid=. Run it with =-h=
to get the options.
+* Running as a docker image
+The =guix/vkraus/systems/test.scm= contains a couple of servers, one
+for [[http://localhost:8081/alice#me]] (the password is "alice"), and one
+for [[http://localhost:8082/bob#me]] (the password is "bob"). Both servers
+running on localhost:8081 and localhost:8082 are aware that they are
+http-only and run on these ports.
+
+Once you have the Guix channel installed, you can build the image as:
+
+#+begin_src shell
+ sudo docker load -i $(guix system docker-image guix/vkraus/systems/test.scm) \
+ && sudo docker tag guix:latest vivienkraus/disfluid:test-bench
+#+end_src
+
+I try to publish recent versions of the test bench on Docker Hub, but
+I may forget. Don’t forget to remind me if you think it’s too old.
+
+Then, you will need to start the container:
+
+#+begin_src shell
+ export container_id="$(sudo docker create vivienkraus/disfluid:test-bench)"
+ sudo docker start $container_id
+#+end_src
+
+You can enter the container to check the log files, for instance:
+
+#+begin_src shell
+ sudo docker exec -it $container_id /run/current-system/profile/bin/bash --login
+#+end_src
+
+Unfortunately, I don’t know how to let the host access the 8081 and
+8082 ports.
+
# Local Variables:
# mode: org
# End:
diff --git a/doc/disfluid.texi b/doc/disfluid.texi
index d18c8e9..93128c1 100644
--- a/doc/disfluid.texi
+++ b/doc/disfluid.texi
@@ -48,6 +48,7 @@ Free Documentation License''
@menu
* Decentralized Authentication on the Web::
* Invoking disfluid::
+* Running disfluid with GNU Guix::
* The Json Web Token::
* Caching on server side::
* Content negociation::
@@ -233,6 +234,41 @@ set the name of the application.
set an URI where to find more information about the client.
@end table
+@node Running disfluid with GNU Guix
+@chapter Running disfluid with GNU Guix
+
+The channel at
+@url{https://labo.planete-kraus.eu/webid-oidc-channel.git} can be used
+with guix. It defines the package at the latest commit, and a service
+definition in @emph{(vkraus services disfluid)}.
+
+@defvr {service type} disfluid-service-type
+This service runs a bunch of disfluid servers with the @emph{disfluid}
+system user, each with a unique name. The value it takes is an alist
+of service configurations: the keys are unique names (to differenciate
+the generated shepherd services), and the values are configuration
+records for an issuer, reverse proxy, server, or client service.
+@end defvr
+
+@deftp {configuration record} <disfluid-issuer-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{issuer} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}]
+The configuration for the identity provider. The optional
+@var{disfluid} argument is the package containing the binary to run,
+if you want to apply some patches, and @var{extra-options} is an empty
+list by default.
+@end deftp
+
+@deftp {configuration record} <disfluid-reverse-proxy-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{port} @var{inbound-uri} @var{outbound-uri} @var{header} [@var{extra-options}]
+This record configures an authenticating reverse proxy.
+@end deftp
+
+@deftp {configuration record} <disfluid-client-service-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{client-id} @var{redirect-uri} [@var{client-name}] [@var{client-uri}] @var{port} [@var{extra-options}]
+This record configures a server to serve public application pages.
+@end deftp
+
+@deftp {configuration record} <disfluid-server-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{server-name} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}]
+The configuration for the full server.
+@end deftp
+
@node The Json Web Token
@chapter The Json Web Token
diff --git a/guix/vkraus/services/disfluid.scm b/guix/vkraus/services/disfluid.scm
index bf7078c..fdc9443 100644
--- a/guix/vkraus/services/disfluid.scm
+++ b/guix/vkraus/services/disfluid.scm
@@ -37,8 +37,7 @@
(complete-corresponding-source
disfluid-issuer-configuration-complete-corresponding-source)
(issuer disfluid-issuer-configuration-issuer)
- (key-file disfluid-issuer-configuration-key-file
- (default "/var/lib/disfluid/issuer/key.jwk"))
+ (key-file disfluid-issuer-configuration-key-file)
(subject disfluid-issuer-configuration-subject)
(encrypted-password-file disfluid-issuer-configuration-encrypted-password-file)
(jwks-uri disfluid-issuer-configuration-jwks-uri)
@@ -107,8 +106,7 @@
(complete-corresponding-source
disfluid-server-configuration-complete-corresponding-source)
(server-name disfluid-server-configuration-server-name)
- (key-file disfluid-server-configuration-key-file
- (default "/var/lib/disfluid/server/key.jwk"))
+ (key-file disfluid-server-configuration-key-file)
(subject disfluid-server-configuration-subject)
(encrypted-password-file disfluid-server-configuration-encrypted-password-file)
(jwks-uri disfluid-server-configuration-jwks-uri)
@@ -183,242 +181,234 @@
disfluid-server-configuration-port
disfluid-server-configuration-extra-options)
-(define disfluid-issuer-shepherd-service
+(define configuration->shepherd-service
(match-lambda
- (($ <disfluid-issuer-configuration>
- disfluid ccs issuer key-file subject encrypted-password-file jwks-uri
- authorization-endpoint-uri token-endpoint-uri port
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(disfluid-issuer))
- (documentation "Run the Solid identity provider.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory "/var/lib/disfluid")
- (prepare-directory "/var/cache/disfluid"))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "identity-provider"
- "--complete-corresponding-source" #$ccs
- "--server-name" #$issuer
- "--key-file" #$key-file
- "--subject" #$subject
- "--encrypted-password-from-file" #$encrypted-password-file
- "--jwks-uri" #$jwks-uri
- "--authorization-endpoint-uri" #$authorization-endpoint-uri
- "--token-endpoint-uri" #$token-endpoint-uri
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "issuer.log"
- "--error-file" "issuer.err"
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define disfluid-reverse-proxy-shepherd-service
- (match-lambda
- (($ <disfluid-reverse-proxy-configuration>
- disfluid ccs port inbound-uri outbound-uri header
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(disfluid-reverse-proxy))
- (documentation "Run a proxy to authenticate with Solid.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory "/var/lib/disfluid")
- (prepare-directory "/var/cache/disfluid"))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "reverse-proxy"
- "--complete-corresponding-source" #$ccs
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--server-name" #$inbound-uri
- "--backend-uri" #$outbound-uri
- "--header" #$header
- "--log-file" "reverse-proxy.log"
- "--error-file" "reverse-proxy.err"
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define disfluid-hello-shepherd-service
- (match-lambda
- (($ <disfluid-hello-configuration>
- disfluid ccs port extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(disfluid-hello))
- (documentation "Run a demonstration Solid server.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory "/var/lib/disfluid")
- (prepare-directory "/var/cache/disfluid"))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid-hello")
- "--complete-corresponding-source" #$ccs
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "hello.log"
- "--error-file" "hello.err"
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define disfluid-client-service-shepherd-service
- (match-lambda
- (($ <disfluid-client-service-configuration>
- disfluid ccs client-id redirect-uri client-name client-uri port
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(disfluid-client-service))
- (documentation "Run a server for a Solid application.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid"))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "client-service"
- "--complete-corresponding-source" #$ccs
- "--client-id" #$client-id
- "--redirect-uri" #$redirect-uri
- "--client-name" #$client-name
- "--client-uri" #$client-uri
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "client-service.log"
- "--error-file" "client-service.err"
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- `("LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define disfluid-server-shepherd-service
- (match-lambda
- (($ <disfluid-server-configuration>
- disfluid ccs server-name key-file subject encrypted-password-file jwks-uri
- authorization-endpoint-uri token-endpoint-uri port
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(disfluid-server))
- (documentation "Run the full Solid server.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory "/var/lib/disfluid")
- (prepare-directory "/var/cache/disfluid"))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "server"
- "--complete-corresponding-source" #$ccs
- "--server-name" #$server-name
- "--key-file" #$key-file
- "--subject" #$subject
- "--encrypted-password-from-file" #$encrypted-password-file
- "--jwks-uri" #$jwks-uri
- "--authorization-endpoint-uri" #$authorization-endpoint-uri
- "--token-endpoint-uri" #$token-endpoint-uri
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "server.log"
- "--error-file" "server.err"
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
+ ((id . ($ <disfluid-issuer-configuration>
+ disfluid ccs issuer key-file subject encrypted-password-file jwks-uri
+ authorization-endpoint-uri token-endpoint-uri port extra-options))
+ `(,(shepherd-service
+ (provision (list (string->symbol (format #f "disfluid-~a" id))))
+ (documentation (format #f "Run a Solid identity provider (~a)" id))
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
+ (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "identity-provider"
+ "--complete-corresponding-source" #$ccs
+ "--server-name" #$issuer
+ "--key-file" #$key-file
+ "--subject" #$subject
+ "--encrypted-password-from-file" #$encrypted-password-file
+ "--jwks-uri" #$jwks-uri
+ "--authorization-endpoint-uri" #$authorization-endpoint-uri
+ "--token-endpoint-uri" #$token-endpoint-uri
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" #$(format #f "issuer-~a.log" id)
+ "--error-file" #$(format #f "issuer-~a.err" id)
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
+ #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id)
+ "LANG=C")))))
+ (stop #~(make-kill-destructor)))))
+ ((id . ($ <disfluid-reverse-proxy-configuration>
+ disfluid ccs port inbound-uri outbound-uri header extra-options))
+ `(,(shepherd-service
+ (provision (list (string->symbol (format #f "disfluid-~a" id))))
+ (documentation (format #f "Run a Solid reverse proxy (~a)" id))
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
+ (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "reverse-proxy"
+ "--complete-corresponding-source" #$ccs
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--server-name" #$inbound-uri
+ "--backend-uri" #$outbound-uri
+ "--header" #$header
+ "--log-file" #$(format #f "reverse-proxy-~a.log" id)
+ "--error-file" #$(format #f "reverse-proxy-~a.err" id)
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
+ #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id)
+ "LANG=C")))))
+ (stop #~(make-kill-destructor)))))
+ ((id . ($ <disfluid-hello-configuration>
+ disfluid ccs port extra-options))
+ `(,(shepherd-service
+ (provision (list (string->symbol (format #f "disfluid-~a" id))))
+ (documentation (format #f "Run a demonstration Solid server (~a)" id))
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
+ (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid-hello")
+ "--complete-corresponding-source" #$ccs
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" #$(format #f "hello-~a.log" id)
+ "--error-file" #$(format #f "hello-~a.err" id)
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
+ #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id)
+ "LANG=C")))))
+ (stop #~(make-kill-destructor)))))
+ ((id . ($ <disfluid-client-service-configuration>
+ disfluid ccs client-id redirect-uri client-name client-uri port
+ extra-options))
+ `(,(shepherd-service
+ (provision (list (string->symbol (format #f "disfluid-~a" id))))
+ (documentation (format #f "Serve the public page for an application (~a)" id))
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
+ (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "client-service"
+ "--complete-corresponding-source" #$ccs
+ "--client-id" #$client-id
+ "--redirect-uri" #$redirect-uri
+ "--client-name" #$client-name
+ "--client-uri" #$client-uri
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" #$(format #f "client-service-~a.log" id)
+ "--error-file" #$(format #f "client-service-~a.err" id)
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
+ #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id)
+ "LANG=C")))))
+ (stop #~(make-kill-destructor)))))
+ ((id . ($ <disfluid-server-configuration>
+ disfluid ccs server-name key-file subject encrypted-password-file jwks-uri
+ authorization-endpoint-uri token-endpoint-uri port
+ extra-options))
+ `(,(shepherd-service
+ (provision (list (string->symbol (format #f "disfluid-~a" id))))
+ (documentation (format #f "Run a full server (~a)" id))
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
+ (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "server"
+ "--complete-corresponding-source" #$ccs
+ "--server-name" #$server-name
+ "--key-file" #$key-file
+ "--subject" #$subject
+ "--encrypted-password-from-file" #$encrypted-password-file
+ "--jwks-uri" #$jwks-uri
+ "--authorization-endpoint-uri" #$authorization-endpoint-uri
+ "--token-endpoint-uri" #$token-endpoint-uri
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" #$(format #f "server-~a.log" id)
+ "--error-file" #$(format #f "server-~a.err" id)
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
+ #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id)
+ "LANG=C")))))
+ (stop #~(make-kill-destructor)))))
+ ((items ...)
+ (apply append (map configuration->shepherd-service items)))))
(define %disfluid-accounts
(list (user-group (name "disfluid")
@@ -427,83 +417,67 @@
(name "disfluid")
(group "disfluid")
(system? #t)
- (comment "The user that runs the disfluid issuer and resource server.")
+ (comment "The user that runs the disfluid servers.")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
-(define (%disfluid-log-rotation file)
- (list (log-rotation
+(define configuration->log-rotation
+ (match-lambda
+ ((id . ($ <disfluid-issuer-configuration>))
+ `(,(log-rotation
(frequency 'daily)
(files
- (map (lambda (ext) (string-append "/var/log/disfluid/" file "." ext))
- '("log" "err")))
- (options '("sharedscripts"
- "storedir /var/log/disfluid")))))
-
-(define-public disfluid-issuer-service-type
- (service-type
- (name 'disfluid-issuer)
- (extensions
- (list
- (service-extension account-service-type
- (const %disfluid-accounts))
- (service-extension rottlog-service-type
- (const (%disfluid-log-rotation "issuer")))
- (service-extension
- shepherd-root-service-type
- disfluid-issuer-shepherd-service)))))
-
-(define-public disfluid-reverse-proxy-service-type
- (service-type
- (name 'disfluid-reverse-proxy)
- (extensions
- (list
- (service-extension account-service-type
- (const %disfluid-accounts))
- (service-extension rottlog-service-type
- (const (%disfluid-log-rotation "reverse-proxy")))
- (service-extension
- shepherd-root-service-type
- disfluid-reverse-proxy-shepherd-service)))))
-
-(define-public disfluid-hello-service-type
- (service-type
- (name 'disfluid-hello)
- (extensions
- (list
- (service-extension account-service-type
- (const %disfluid-accounts))
- (service-extension rottlog-service-type
- (const (%disfluid-log-rotation "hello")))
- (service-extension
- shepherd-root-service-type
- disfluid-hello-shepherd-service)))))
-
-(define-public disfluid-client-service-service-type
- (service-type
- (name 'disfluid-client-service)
- (extensions
- (list
- (service-extension account-service-type
- (const %disfluid-accounts))
- (service-extension rottlog-service-type
- (const (%disfluid-log-rotation "client-service")))
- (service-extension
- shepherd-root-service-type
- disfluid-client-service-shepherd-service)))))
+ (map (lambda (ext)
+ (format #f "/var/log/disfluid/issuer-~a.~a" id ext))
+ '("log err")))
+ (options '("sharedscripts" "storedir /var/log/disfluid")))))
+ ((id . ($ <disfluid-reverse-proxy-configuration>))
+ `(,(log-rotation
+ (frequency 'daily)
+ (files
+ (map (lambda (ext)
+ (format #f "/var/log/disfluid/reverse-proxy-~a.~a" id ext))
+ '("log err")))
+ (options '("sharedscripts" "storedir /var/log/disfluid")))))
+ ((id . ($ <disfluid-hello-configuration>))
+ `(,(log-rotation
+ (frequency 'daily)
+ (files
+ (map (lambda (ext)
+ (format #f "/var/log/disfluid/hello-~a.~a" id ext))
+ '("log err")))
+ (options '("sharedscripts" "storedir /var/log/disfluid")))))
+ ((id . ($ <disfluid-client-service-configuration>))
+ `(,(log-rotation
+ (frequency 'daily)
+ (files
+ (map (lambda (ext)
+ (format #f "/var/log/disfluid/client-service-~a.~a" id ext))
+ '("log err")))
+ (options '("sharedscripts" "storedir /var/log/disfluid")))))
+ ((id . ($ <disfluid-server-configuration>))
+ `(,(log-rotation
+ (frequency 'daily)
+ (files
+ (map (lambda (ext)
+ (format #f "/var/log/disfluid/server-~a.~a" id ext))
+ '("log err")))
+ (options '("sharedscripts" "storedir /var/log/disfluid")))))
+ ((items ...)
+ (apply append (map configuration->log-rotation items)))))
-(define-public disfluid-server-service-type
+(define-public disfluid-service-type
(service-type
- (name 'disfluid-server)
+ (name 'disfluid)
(extensions
(list
(service-extension account-service-type
(const %disfluid-accounts))
(service-extension rottlog-service-type
- (const (%disfluid-log-rotation "server")))
+ configuration->log-rotation)
(service-extension
shepherd-root-service-type
- disfluid-server-shepherd-service)))))
+ configuration->shepherd-service)))))
(define-public disfluid-website
(nginx-server-configuration
diff --git a/guix/vkraus/systems/test.scm b/guix/vkraus/systems/test.scm
new file mode 100644
index 0000000..1bfc2b8
--- /dev/null
+++ b/guix/vkraus/systems/test.scm
@@ -0,0 +1,88 @@
+;; disfluid, implementation of the Solid specification
+;; Copyright (C) 2021 Vivien Kraus
+
+;; This program is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU Affero General Public License as
+;; published by the Free Software Foundation, either version 3 of the
+;; License, or (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU Affero General Public License for more details.
+
+;; You should have received a copy of the GNU Affero General Public License
+;; along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+(define-module (vkraus systems test)
+ #:use-module (gnu)
+ #:use-module (guix gexp)
+ #:use-module (gnu packages certs)
+ #:use-module (vkraus packages disfluid)
+ #:use-module (vkraus services disfluid))
+
+(operating-system
+ (host-name "disfluid-test-system")
+ (hosts-file
+ (plain-file "hosts"
+ "127.0.0.1 localhost
+::1 localhost
+"))
+ (users %base-user-accounts)
+ (packages
+ `(,disfluid
+ ,nss-certs
+ ,@%base-packages))
+ (services
+ (append
+ (list
+ (service disfluid-service-type
+ `(("alice"
+ . ,(disfluid-server-configuration
+ (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz")
+ (server-name "http://localhost:8081")
+ (subject "http://localhost:8081/alice#me")
+ (encrypted-password-file
+ (computed-file "alice-password"
+ #~(let ((salt "$6$.salt.for.Alice.")
+ (password "alice"))
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port "~a\n"
+ (crypt password salt)))))))
+ (key-file "/var/lib/disfluid/alice/key.jwk")
+ (jwks-uri "http://localhost:8081/keys")
+ (authorization-endpoint-uri "http://localhost:8081/authorize")
+ (token-endpoint-uri "http://localhost:8081/token")
+ (port 8081)))
+ ("bob"
+ . ,(disfluid-server-configuration
+ (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz")
+ (server-name "http://localhost:8082")
+ (subject "http://localhost:8082/bob#me")
+ (encrypted-password-file
+ (computed-file "bob-password"
+ #~(let ((salt "$6$And.salt.for.Bob")
+ (password "bob"))
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port "~a\n"
+ (crypt password salt)))))))
+ (key-file "/var/lib/disfluid/bob/key.jwk")
+ (jwks-uri "http://localhost:8082/keys")
+ (authorization-endpoint-uri "http://localhost:8082/authorize")
+ (token-endpoint-uri "http://localhost:8082/token")
+ (port 8082))))))
+ %base-services))
+ (timezone "Europe/Paris")
+ (bootloader
+ (bootloader-configuration
+ (bootloader grub-efi-bootloader)
+ (target "/boot/efi")))
+ (mapped-devices '())
+ (file-systems
+ `(,(file-system
+ (mount-point "/")
+ (device "/dev/sda")
+ (type "ext4"))
+ ,@%base-file-systems)))