diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-03-30 20:25:01 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-06-19 15:44:36 +0200 |
commit | 1c2c188dc3544bd4df571ce06d24784640db43d5 (patch) | |
tree | 61fdc8538c03468ff0bf1a3682cc84faf83686e4 /guix | |
parent | 1cd51a1728a34aaf85b964bff7636733ef732999 (diff) |
Implement a reverse proxy
Diffstat (limited to 'guix')
-rw-r--r-- | guix/vkraus/packages/webid-oidc.scm | 2 | ||||
-rw-r--r-- | guix/vkraus/services/webid-oidc.scm | 82 |
2 files changed, 83 insertions, 1 deletions
diff --git a/guix/vkraus/packages/webid-oidc.scm b/guix/vkraus/packages/webid-oidc.scm index 58e5913..f5ef57f 100644 --- a/guix/vkraus/packages/webid-oidc.scm +++ b/guix/vkraus/packages/webid-oidc.scm @@ -79,7 +79,7 @@ (format #f "~a/bin/webid-oidc-~a" out program) `("GUILE_LOAD_PATH" ":" = ,mod-paths) `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))) - '(hello issuer)))))))) + '(hello issuer reverse-proxy)))))))) (native-inputs `(("pkg-config" ,pkg-config) ("guile" ,guile-3.0) diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm index 931e96a..33b4fae 100644 --- a/guix/vkraus/services/webid-oidc.scm +++ b/guix/vkraus/services/webid-oidc.scm @@ -31,6 +31,21 @@ webid-oidc-issuer-configuration-extra-options (default '()))) +(define-record-type* <webid-oidc-reverse-proxy-configuration> + webid-oidc-reverse-proxy-configuration + make-webid-oidc-reverse-proxy-configuration + webid-oidc-reverse-proxy-configuration? + (webid-oidc webid-oidc-reverse-proxy-configuration-webid-oidc + (default webid-oidc)) + (port webid-oidc-reverse-proxy-port (default 8090)) + (inbound-uri webid-oidc-reverse-proxy-configuration-inbound-uri) + (outbound-uri webid-oidc-reverse-proxy-configuration-outbound-uri) + (header webid-oidc-reverse-proxy-configuration-header + (default "XXX-Agent")) + (extra-options + webid-oidc-reverse-proxy-extra-options + (default '()))) + (define-record-type* <webid-oidc-hello-configuration> webid-oidc-hello-configuration make-webid-oidc-hello-configuration @@ -56,6 +71,17 @@ webid-oidc-issuer-configuration-token-endpoint-uri webid-oidc-issuer-configuration-port webid-oidc-issuer-configuration-extra-options + <webid-oidc-reverse-proxy-configuration> + webid-oidc-reverse-proxy-configuration + make-webid-oidc-reverse-proxy-configuration + webid-oidc-reverse-proxy-configuration? + webid-oidc-reverse-proxy-configuration-webid-oidc + webid-oidc-reverse-proxy-configuration-port + webid-oidc-reverse-proxy-configuration-inbound-uri + webid-oidc-reverse-proxy-configuration-outbound-uri + webid-oidc-reverse-proxy-configuration-header + webid-oidc-reverse-proxy-configuration-extra-options + <webid-oidc-hello-configuration> webid-oidc-hello-configuration make-webid-oidc-hello-configuration webid-oidc-hello-configuration? @@ -113,6 +139,51 @@ "LANG=C")))) (stop #~(make-kill-destructor)))))))) +(define webid-oidc-reverse-proxy-shepherd-service + (match-lambda + (($ <webid-oidc-reverse-proxy-configuration> + webid-oidc port inbound-uri outbound-uri header + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-reverse-proxy)) + (documentation "Run a proxy to authenticate with Solid.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-reverse-proxy") + "--port" (with-output-to-string (lambda () (display #$port))) + "--inbound-uri" #$inbound-uri + "--outbound-uri" #$outbound-uri + "--header" #$header + "--log-file" "reverse-proxy.log" + "--error-file" "reverse-proxy.err" + #$@extra-options) + #:user "webid-oidc" + #:group "webid-oidc" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + (define webid-oidc-hello-shepherd-service (match-lambda (($ <webid-oidc-hello-configuration> @@ -174,6 +245,17 @@ shepherd-root-service-type webid-oidc-issuer-shepherd-service))))) +(define-public webid-oidc-reverse-proxy-service-type + (service-type + (name 'webid-oidc-reverse-proxy) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-reverse-proxy-shepherd-service))))) + (define-public webid-oidc-hello-service-type (service-type (name 'webid-oidc-hello) |