Implement a reverse proxy

2 files changed, 89 insertions, 8 deletions

diff --git a/guix/vkraus/packages/webid-oidc.scm b/guix/vkraus/packages/webid-oidc.scm
index 2f53487..0148dbb 100644
--- a/guix/vkraus/packages/webid-oidc.scm
+++ b/guix/vkraus/packages/webid-oidc.scm
@@ -61,14 +61,13 @@
                          (format #f "~a/lib/guile/~a/site-ccache"
                                  prop-input effective-version))
                        guile-propagated-inputs)))
-            (wrap-program
-             (format #f "~a/bin/webid-oidc-issuer" out)
-             `("GUILE_LOAD_PATH" ":" = ,mod-paths)
-             `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))
-            (wrap-program
-             (format #f "~a/bin/webid-oidc-hello" out)
-             `("GUILE_LOAD_PATH" ":" = ,mod-paths)
-             `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))))))))
+            (for-each
+             (lambda (program)
+               (wrap-program
+                (format #f "~a/bin/webid-oidc-~a" out program)
+                `("GUILE_LOAD_PATH" ":" = ,mod-paths)
+                `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths)))
+             '(issuer reverse-proxy hello))))))))
    (native-inputs
     `(("pkg-config" ,pkg-config)
       ("guile" ,guile-3.0)
diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm
index 931e96a..33b4fae 100644
--- a/guix/vkraus/services/webid-oidc.scm
+++ b/guix/vkraus/services/webid-oidc.scm
@@ -31,6 +31,21 @@
    webid-oidc-issuer-configuration-extra-options
    (default '())))
 
+(define-record-type* <webid-oidc-reverse-proxy-configuration>
+  webid-oidc-reverse-proxy-configuration
+  make-webid-oidc-reverse-proxy-configuration
+  webid-oidc-reverse-proxy-configuration?
+  (webid-oidc webid-oidc-reverse-proxy-configuration-webid-oidc
+              (default webid-oidc))
+  (port webid-oidc-reverse-proxy-port (default 8090))
+  (inbound-uri webid-oidc-reverse-proxy-configuration-inbound-uri)
+  (outbound-uri webid-oidc-reverse-proxy-configuration-outbound-uri)
+  (header webid-oidc-reverse-proxy-configuration-header
+          (default "XXX-Agent"))
+  (extra-options
+   webid-oidc-reverse-proxy-extra-options
+   (default '())))
+
 (define-record-type* <webid-oidc-hello-configuration>
   webid-oidc-hello-configuration
   make-webid-oidc-hello-configuration
@@ -56,6 +71,17 @@
         webid-oidc-issuer-configuration-token-endpoint-uri
         webid-oidc-issuer-configuration-port
         webid-oidc-issuer-configuration-extra-options
+        <webid-oidc-reverse-proxy-configuration>
+        webid-oidc-reverse-proxy-configuration
+        make-webid-oidc-reverse-proxy-configuration
+        webid-oidc-reverse-proxy-configuration?
+        webid-oidc-reverse-proxy-configuration-webid-oidc
+        webid-oidc-reverse-proxy-configuration-port
+        webid-oidc-reverse-proxy-configuration-inbound-uri
+        webid-oidc-reverse-proxy-configuration-outbound-uri
+        webid-oidc-reverse-proxy-configuration-header
+        webid-oidc-reverse-proxy-configuration-extra-options
+        <webid-oidc-hello-configuration>
         webid-oidc-hello-configuration
         make-webid-oidc-hello-configuration
         webid-oidc-hello-configuration?
@@ -113,6 +139,51 @@
                      "LANG=C"))))
              (stop #~(make-kill-destructor))))))))
 
+(define webid-oidc-reverse-proxy-shepherd-service
+  (match-lambda
+    (($ <webid-oidc-reverse-proxy-configuration>
+        webid-oidc port inbound-uri outbound-uri header
+        extra-options)
+     (with-imported-modules
+      (source-module-closure
+       '((gnu build shepherd)
+         (gnu system file-systems)))
+      (list (shepherd-service
+             (provision '(webid-oidc-reverse-proxy))
+             (documentation "Run a proxy to authenticate with Solid.")
+             (requirement '(user-processes))
+             (modules '((gnu build shepherd)
+                        (gnu system file-systems)))
+             (start
+              #~(begin
+                  (let* ((user (getpwnam "webid-oidc"))
+                         (prepare-directory
+                          (lambda (dir)
+                            (mkdir-p dir)
+                            (chown dir (passwd:uid user) (passwd:gid user))
+                            (chmod dir #o700))))
+                    (prepare-directory "/var/log/webid-oidc")
+                    (prepare-directory "/var/lib/webid-oidc")
+                    (prepare-directory "/var/cache/webid-oidc"))
+                  (make-forkexec-constructor
+                   (list
+                    (string-append #$webid-oidc "/bin/webid-oidc-reverse-proxy")
+                    "--port" (with-output-to-string (lambda () (display #$port)))
+                    "--inbound-uri" #$inbound-uri
+                    "--outbound-uri" #$outbound-uri
+                    "--header" #$header
+                    "--log-file" "reverse-proxy.log"
+                    "--error-file" "reverse-proxy.err"
+                    #$@extra-options)
+                   #:user "webid-oidc"
+                   #:group "webid-oidc"
+                   #:directory "/var/log/webid-oidc"
+                   #:environment-variables
+                   `("XDG_DATA_HOME=/var/lib"
+                     "XDG_CACHE_HOME=/var/cache"
+                     "LANG=C"))))
+             (stop #~(make-kill-destructor))))))))
+
 (define webid-oidc-hello-shepherd-service
   (match-lambda
     (($ <webid-oidc-hello-configuration>
@@ -174,6 +245,17 @@
       shepherd-root-service-type
       webid-oidc-issuer-shepherd-service)))))
 
+(define-public webid-oidc-reverse-proxy-service-type
+  (service-type
+   (name 'webid-oidc-reverse-proxy)
+   (extensions
+    (list
+     (service-extension account-service-type
+                        (const %webid-oidc-accounts))
+     (service-extension
+      shepherd-root-service-type
+      webid-oidc-reverse-proxy-shepherd-service)))))
+
 (define-public webid-oidc-hello-service-type
   (service-type
    (name 'webid-oidc-hello)