diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-30 11:58:08 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-08-01 15:25:08 +0200 |
commit | ed64c545c4723dc0efdb1265b05d682e11e4c1f6 (patch) | |
tree | 4c4393adc62bff130840c41d9fb137c939f12246 /guix | |
parent | c6f9d0a4878b2e94e92cc8fce5800fb43185be4d (diff) |
Change the name!
Diffstat (limited to 'guix')
-rw-r--r-- | guix/vkraus/packages/disfluid.scm (renamed from guix/vkraus/packages/webid-oidc.scm) | 44 | ||||
-rw-r--r-- | guix/vkraus/services/disfluid.scm | 520 | ||||
-rw-r--r-- | guix/vkraus/services/webid-oidc.scm | 520 |
3 files changed, 543 insertions, 541 deletions
diff --git a/guix/vkraus/packages/webid-oidc.scm b/guix/vkraus/packages/disfluid.scm index 223438b..f372315 100644 --- a/guix/vkraus/packages/webid-oidc.scm +++ b/guix/vkraus/packages/disfluid.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -14,7 +14,7 @@ ;; You should have received a copy of the GNU Affero General Public License ;; along with this program. If not, see <https://www.gnu.org/licenses/>. -(define-module (vkraus packages webid-oidc) +(define-module (vkraus packages disfluid) #:use-module (guix packages) #:use-module (guix gexp) #:use-module ((guix licenses) #:prefix license:) @@ -33,11 +33,11 @@ #:use-module (gnu packages man) #:use-module (gnu packages tls)) -(define-public webid-oidc-snapshot +(define-public disfluid-snapshot (package - (name "webid-oidc-snapshot") + (name "disfluid-snapshot") (version "SNAPSHOT") - (source "./webid-oidc-SNAPSHOT.tar.gz") + (source "./disfluid-SNAPSHOT.tar.gz") (build-system gnu-build-system) (arguments '(#:modules ((guix build utils) @@ -90,13 +90,15 @@ prop-input effective-version)) guile-propagated-inputs)))) (wrap-program - (format #f "~a/bin/webid-oidc" out) + (format #f "~a/bin/disfluid" out) `("GUILE_LOAD_PATH" ":" = ,mod-paths) `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths)) + (symlink (format #f "~a/bin/disfluid" out) + (format #f "~a/bin/webid-oidc" out)) (for-each (lambda (program) (wrap-program - (format #f "~a/bin/webid-oidc-~a" out program) + (format #f "~a/bin/disfluid-~a" out program) `("GUILE_LOAD_PATH" ":" = ,mod-paths) `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))) '(example-app hello)))))))) @@ -121,8 +123,8 @@ ("guile-jsonld" ,guile-rdf) ("gnutls" ,gnutls) ("nettle" ,nettle))) - (synopsis "") - (description "") + (synopsis "Demanding Interoperability to Strengthen the Free (Libre) Web: Introducing Disfluid") + (description "Demanding Interoperability to Strengthen the Free (Libre) Web: Introducing Disfluid") (home-page "https://labo.planete-kraus.eu/webid-oidc.git") (license license:agpl3+) (native-search-paths @@ -130,10 +132,10 @@ (variable "LTDL_LIBRARY_PATH") (files '("lib"))))))) -(define-public (webid-oidc-release version release-date commit hash) +(define-public (disfluid-release version release-date commit hash) (package - (inherit webid-oidc-snapshot) - (name "webid-oidc") + (inherit disfluid-snapshot) + (name "disfluid") (version version) (source (origin @@ -150,10 +152,10 @@ (lambda _ (format #t "~a~%" ,release-date))) #t)))))) -(define-public (webid-oidc-htmlize webid-oidc) +(define-public (disfluid-htmlize disfluid) (package - (inherit webid-oidc) - (name "webid-oidc-html") + (inherit disfluid) + (name "disfluid-html") (arguments '(#:modules ((guix build utils) (guix build gnu-build-system) @@ -192,14 +194,14 @@ get-string-all) #\newline)))) (copy-file (string-append - "webid-oidc-" version ".tar.gz") + "disfluid-" version ".tar.gz") (string-append (assoc-ref outputs "out") - "/share/doc/webid-oidc/webid-oidc.html/complete-corresponding-source.tar.gz")))))))) - (synopsis "HTML documentation for webid-oidc") - (description "The manual for webid-oidc is provided as a texinfo + "/share/doc/disfluid/disfluid.html/complete-corresponding-source.tar.gz")))))))) + (synopsis "HTML documentation for Disfluid") + (description "The manual for disfluid is provided as a texinfo file, which is exported to HTML. Also include the complete corresponding source, as an AGPL requirement."))) -(define-public (make-website webid-oidc) - (file-append (webid-oidc-htmlize webid-oidc) "/share/doc/webid-oidc/webid-oidc.html")) +(define-public (make-website disfluid) + (file-append (disfluid-htmlize disfluid) "/share/doc/disfluid/disfluid.html")) diff --git a/guix/vkraus/services/disfluid.scm b/guix/vkraus/services/disfluid.scm new file mode 100644 index 0000000..ba2e976 --- /dev/null +++ b/guix/vkraus/services/disfluid.scm @@ -0,0 +1,520 @@ +;; disfluid, implementation of the Solid specification +;; Copyright (C) 2020, 2021 Vivien Kraus + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU Affero General Public License as +;; published by the Free Software Foundation, either version 3 of the +;; License, or (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU Affero General Public License for more details. + +;; You should have received a copy of the GNU Affero General Public License +;; along with this program. If not, see <https://www.gnu.org/licenses/>. + +(define-module (vkraus services disfluid) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu services admin) + #:use-module (gnu services web) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (vkraus packages disfluid) + #:use-module (guix gexp) + #:use-module (guix modules) + #:use-module (guix records) + #:use-module (ice-9 match) + #:use-module (ice-9 optargs)) + +(define-record-type* <disfluid-issuer-configuration> + disfluid-issuer-configuration + make-disfluid-issuer-configuration + disfluid-issuer-configuration? + (disfluid disfluid-issuer-configuration-disfluid + (default disfluid)) + (complete-corresponding-source + disfluid-issuer-configuration-complete-corresponding-source) + (issuer disfluid-issuer-configuration-issuer) + (key-file disfluid-issuer-configuration-key-file + (default "/var/lib/disfluid/issuer/key.jwk")) + (subject disfluid-issuer-configuration-subject) + (encrypted-password disfluid-issuer-configuration-encrypted-password) + (jwks-uri disfluid-issuer-configuration-jwks-uri) + (authorization-endpoint-uri + disfluid-issuer-configuration-authorization-endpoint-uri) + (token-endpoint-uri + disfluid-issuer-configuration-token-endpoint-uri) + (port disfluid-issuer-configuration-port (default 8088)) + (extra-options + disfluid-issuer-configuration-extra-options + (default '()))) + +(define-record-type* <disfluid-reverse-proxy-configuration> + disfluid-reverse-proxy-configuration + make-disfluid-reverse-proxy-configuration + disfluid-reverse-proxy-configuration? + (disfluid disfluid-reverse-proxy-configuration-disfluid + (default disfluid)) + (complete-corresponding-source + disfluid-reverse-proxy-configuration-complete-corresponding-source) + (port disfluid-reverse-proxy-port (default 8090)) + (inbound-uri disfluid-reverse-proxy-configuration-inbound-uri) + (outbound-uri disfluid-reverse-proxy-configuration-outbound-uri) + (header disfluid-reverse-proxy-configuration-header + (default "XXX-Agent")) + (extra-options + disfluid-reverse-proxy-extra-options + (default '()))) + +(define-record-type* <disfluid-hello-configuration> + disfluid-hello-configuration + make-disfluid-hello-configuration + disfluid-hello-configuration? + (disfluid disfluid-hello-configuration-disfluid + (default disfluid)) + (complete-corresponding-source + disfluid-hello-configuration-complete-corresponding-source) + (port disfluid-hello-configuration-port (default 8089)) + (extra-options + disfluid-hello-configuration-extra-options + (default '()))) + +(define-record-type* <disfluid-client-service-configuration> + disfluid-client-service-configuration + make-disfluid-client-service-configuration + disfluid-client-service-configuration? + (disfluid disfluid-client-service-configuration-disfluid + (default disfluid)) + (complete-corresponding-source + disfluid-client-service-configuration-complete-corresponding-source) + (client-id disfluid-client-service-configuration-client-id) + (redirect-uri disfluid-client-service-configuration-redirect-uri) + (client-name disfluid-client-service-configuration-client-name (default "Example Solid App")) + (client-uri disfluid-client-service-configuration-client-uri (default "https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client")) + (port disfluid-client-service-configuration-port (default 8088)) + (extra-options + disfluid-client-service-configuration-extra-options + (default '()))) + +(define-record-type* <disfluid-server-configuration> + disfluid-server-configuration + make-disfluid-server-configuration + disfluid-server-configuration? + (disfluid disfluid-server-configuration-disfluid + (default disfluid)) + (complete-corresponding-source + disfluid-server-configuration-complete-corresponding-source) + (server-name disfluid-server-configuration-server-name) + (key-file disfluid-server-configuration-key-file + (default "/var/lib/disfluid/server/key.jwk")) + (subject disfluid-server-configuration-subject) + (encrypted-password disfluid-server-configuration-encrypted-password) + (jwks-uri disfluid-server-configuration-jwks-uri) + (authorization-endpoint-uri + disfluid-server-configuration-authorization-endpoint-uri) + (token-endpoint-uri + disfluid-server-configuration-token-endpoint-uri) + (port disfluid-server-configuration-port (default 8088)) + (extra-options + disfluid-issuer-configuration-extra-options + (default '()))) + +(export <disfluid-issuer-configuration> + disfluid-issuer-configuration + make-disfluid-issuer-configuration + disfluid-issuer-configuration? + disfluid-issuer-configuration-disfluid + disfluid-issuer-configuration-complete-corresponding-source + disfluid-issuer-configuration-issuer + disfluid-issuer-configuration-key-file + disfluid-issuer-configuration-subject + disfluid-issuer-configuration-encrypted-password + disfluid-issuer-configuration-jwks-uri + disfluid-issuer-configuration-authorization-endpoint-uri + disfluid-issuer-configuration-token-endpoint-uri + disfluid-issuer-configuration-port + disfluid-issuer-configuration-extra-options + <disfluid-reverse-proxy-configuration> + disfluid-reverse-proxy-configuration + make-disfluid-reverse-proxy-configuration + disfluid-reverse-proxy-configuration? + disfluid-reverse-proxy-configuration-disfluid + disfluid-reverse-proxy-configuration-complete-corresponding-source + disfluid-reverse-proxy-configuration-port + disfluid-reverse-proxy-configuration-inbound-uri + disfluid-reverse-proxy-configuration-outbound-uri + disfluid-reverse-proxy-configuration-header + disfluid-reverse-proxy-configuration-extra-options + <disfluid-hello-configuration> + disfluid-hello-configuration + make-disfluid-hello-configuration + disfluid-hello-configuration? + disfluid-hello-configuration-disfluid + disfluid-hello-configuration-complete-corresponding-source + disfluid-hello-configuration-port + disfluid-hello-configuration-extra-options + <disfluid-client-service-configuration> + disfluid-client-service-configuration + make-disfluid-client-service-configuration + disfluid-client-service-configuration? + disfluid-client-service-configuration-disfluid + disfluid-client-service-configuration-complete-corresponding-source + disfluid-client-service-configuration-client-id + disfluid-client-service-configuration-redirect-uri + disfluid-client-service-configuration-client-name + disfluid-client-service-configuration-client-uri + disfluid-client-service-configuration-port + disfluid-client-service-configuration-extra-options + <disfluid-server-configuration> + disfluid-server-configuration + make-disfluid-server-configuration + disfluid-server-configuration? + disfluid-server-configuration-disfluid + disfluid-server-configuration-complete-corresponding-source + disfluid-server-configuration-server-name + disfluid-server-configuration-key-file + disfluid-server-configuration-subject + disfluid-server-configuration-encrypted-password + disfluid-server-configuration-jwks-uri + disfluid-server-configuration-authorization-endpoint-uri + disfluid-server-configuration-token-endpoint-uri + disfluid-server-configuration-port + disfluid-server-configuration-extra-options) + +(define disfluid-issuer-shepherd-service + (match-lambda + (($ <disfluid-issuer-configuration> + disfluid ccs issuer key-file subject encrypted-password jwks-uri + authorization-endpoint-uri token-endpoint-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(disfluid-issuer)) + (documentation "Run the Solid identity provider.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory "/var/lib/disfluid") + (prepare-directory "/var/cache/disfluid")) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "identity-provider" + "--complete-corresponding-source" #$ccs + "--server-name" #$issuer + "--key-file" #$key-file + "--subject" #$subject + "--encrypted-password" #$encrypted-password + "--jwks-uri" #$jwks-uri + "--authorization-endpoint-uri" #$authorization-endpoint-uri + "--token-endpoint-uri" #$token-endpoint-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "issuer.log" + "--error-file" "issuer.err" + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define disfluid-reverse-proxy-shepherd-service + (match-lambda + (($ <disfluid-reverse-proxy-configuration> + disfluid ccs port inbound-uri outbound-uri header + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(disfluid-reverse-proxy)) + (documentation "Run a proxy to authenticate with Solid.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory "/var/lib/disfluid") + (prepare-directory "/var/cache/disfluid")) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "reverse-proxy" + "--complete-corresponding-source" #$ccs + "--port" (with-output-to-string (lambda () (display #$port))) + "--server-name" #$inbound-uri + "--backend-uri" #$outbound-uri + "--header" #$header + "--log-file" "reverse-proxy.log" + "--error-file" "reverse-proxy.err" + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define disfluid-hello-shepherd-service + (match-lambda + (($ <disfluid-hello-configuration> + disfluid ccs port extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(disfluid-hello)) + (documentation "Run a demonstration Solid server.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory "/var/lib/disfluid") + (prepare-directory "/var/cache/disfluid")) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid-hello") + "--complete-corresponding-source" #$ccs + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "hello.log" + "--error-file" "hello.err" + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define disfluid-client-service-shepherd-service + (match-lambda + (($ <disfluid-client-service-configuration> + disfluid ccs client-id redirect-uri client-name client-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(disfluid-client-service)) + (documentation "Run a server for a Solid application.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid")) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "client-service" + "--complete-corresponding-source" #$ccs + "--client-id" #$client-id + "--redirect-uri" #$redirect-uri + "--client-name" #$client-name + "--client-uri" #$client-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "client-service.log" + "--error-file" "client-service.err" + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + `("LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define disfluid-server-shepherd-service + (match-lambda + (($ <disfluid-server-configuration> + disfluid ccs server-name key-file subject encrypted-password jwks-uri + authorization-endpoint-uri token-endpoint-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(disfluid-server)) + (documentation "Run the full Solid server.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory "/var/lib/disfluid") + (prepare-directory "/var/cache/disfluid")) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "server" + "--complete-corresponding-source" #$ccs + "--server-name" #$server-name + "--key-file" #$key-file + "--subject" #$subject + "--encrypted-password" #$encrypted-password + "--jwks-uri" #$jwks-uri + "--authorization-endpoint-uri" #$authorization-endpoint-uri + "--token-endpoint-uri" #$token-endpoint-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "server.log" + "--error-file" "server.err" + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define %disfluid-accounts + (list (user-group (name "disfluid") + (system? #t)) + (user-account + (name "disfluid") + (group "disfluid") + (system? #t) + (comment "The user that runs the disfluid issuer and resource server.") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define (%disfluid-log-rotation file) + (list (log-rotation + (frequency 'daily) + (files + (map (lambda (ext) (string-append "/var/log/disfluid/" file "." ext)) + '("log" "err"))) + (options '("sharedscripts" + "storedir /var/log/disfluid"))))) + +(define-public disfluid-issuer-service-type + (service-type + (name 'disfluid-issuer) + (extensions + (list + (service-extension account-service-type + (const %disfluid-accounts)) + (service-extension rottlog-service-type + (const (%disfluid-log-rotation "issuer"))) + (service-extension + shepherd-root-service-type + disfluid-issuer-shepherd-service))))) + +(define-public disfluid-reverse-proxy-service-type + (service-type + (name 'disfluid-reverse-proxy) + (extensions + (list + (service-extension account-service-type + (const %disfluid-accounts)) + (service-extension rottlog-service-type + (const (%disfluid-log-rotation "reverse-proxy"))) + (service-extension + shepherd-root-service-type + disfluid-reverse-proxy-shepherd-service))))) + +(define-public disfluid-hello-service-type + (service-type + (name 'disfluid-hello) + (extensions + (list + (service-extension account-service-type + (const %disfluid-accounts)) + (service-extension rottlog-service-type + (const (%disfluid-log-rotation "hello"))) + (service-extension + shepherd-root-service-type + disfluid-hello-shepherd-service))))) + +(define-public disfluid-client-service-service-type + (service-type + (name 'disfluid-client-service) + (extensions + (list + (service-extension account-service-type + (const %disfluid-accounts)) + (service-extension rottlog-service-type + (const (%disfluid-log-rotation "client-service"))) + (service-extension + shepherd-root-service-type + disfluid-client-service-shepherd-service))))) + +(define-public disfluid-server-service-type + (service-type + (name 'disfluid-server) + (extensions + (list + (service-extension account-service-type + (const %disfluid-accounts)) + (service-extension rottlog-service-type + (const (%disfluid-log-rotation "server"))) + (service-extension + shepherd-root-service-type + disfluid-server-shepherd-service))))) + +(define-public disfluid-website + (nginx-server-configuration + (server-name '("disfluid.planete-kraus.eu" "webid-oidc.planete-kraus.eu")) + (listen '("443 ssl" "[::]:443 ssl")) + (ssl-certificate "/etc/letsencrypt/live/planete-kraus.eu/fullchain.pem") + (ssl-certificate-key "/etc/letsencrypt/live/planete-kraus.eu/privkey.pem") + (root disfluid:website) + (locations + (list + (nginx-location-configuration + (uri "/project") + (body + (list "default_type text/turtle ;"))))))) diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm deleted file mode 100644 index c20c550..0000000 --- a/guix/vkraus/services/webid-oidc.scm +++ /dev/null @@ -1,520 +0,0 @@ -;; webid-oidc, implementation of the Solid specification -;; Copyright (C) 2020, 2021 Vivien Kraus - -;; This program is free software: you can redistribute it and/or modify -;; it under the terms of the GNU Affero General Public License as -;; published by the Free Software Foundation, either version 3 of the -;; License, or (at your option) any later version. - -;; This program is distributed in the hope that it will be useful, -;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;; GNU Affero General Public License for more details. - -;; You should have received a copy of the GNU Affero General Public License -;; along with this program. If not, see <https://www.gnu.org/licenses/>. - -(define-module (vkraus services webid-oidc) - #:use-module (gnu services) - #:use-module (gnu services shepherd) - #:use-module (gnu services admin) - #:use-module (gnu services web) - #:use-module (gnu system shadow) - #:use-module (gnu packages admin) - #:use-module (vkraus packages webid-oidc) - #:use-module (guix gexp) - #:use-module (guix modules) - #:use-module (guix records) - #:use-module (ice-9 match) - #:use-module (ice-9 optargs)) - -(define-record-type* <webid-oidc-issuer-configuration> - webid-oidc-issuer-configuration - make-webid-oidc-issuer-configuration - webid-oidc-issuer-configuration? - (webid-oidc webid-oidc-issuer-configuration-webid-oidc - (default webid-oidc)) - (complete-corresponding-source - webid-oidc-issuer-configuration-complete-corresponding-source) - (issuer webid-oidc-issuer-configuration-issuer) - (key-file webid-oidc-issuer-configuration-key-file - (default "/var/lib/webid-oidc/issuer/key.jwk")) - (subject webid-oidc-issuer-configuration-subject) - (encrypted-password webid-oidc-issuer-configuration-encrypted-password) - (jwks-uri webid-oidc-issuer-configuration-jwks-uri) - (authorization-endpoint-uri - webid-oidc-issuer-configuration-authorization-endpoint-uri) - (token-endpoint-uri - webid-oidc-issuer-configuration-token-endpoint-uri) - (port webid-oidc-issuer-configuration-port (default 8088)) - (extra-options - webid-oidc-issuer-configuration-extra-options - (default '()))) - -(define-record-type* <webid-oidc-reverse-proxy-configuration> - webid-oidc-reverse-proxy-configuration - make-webid-oidc-reverse-proxy-configuration - webid-oidc-reverse-proxy-configuration? - (webid-oidc webid-oidc-reverse-proxy-configuration-webid-oidc - (default webid-oidc)) - (complete-corresponding-source - webid-oidc-reverse-proxy-configuration-complete-corresponding-source) - (port webid-oidc-reverse-proxy-port (default 8090)) - (inbound-uri webid-oidc-reverse-proxy-configuration-inbound-uri) - (outbound-uri webid-oidc-reverse-proxy-configuration-outbound-uri) - (header webid-oidc-reverse-proxy-configuration-header - (default "XXX-Agent")) - (extra-options - webid-oidc-reverse-proxy-extra-options - (default '()))) - -(define-record-type* <webid-oidc-hello-configuration> - webid-oidc-hello-configuration - make-webid-oidc-hello-configuration - webid-oidc-hello-configuration? - (webid-oidc webid-oidc-hello-configuration-webid-oidc - (default webid-oidc)) - (complete-corresponding-source - webid-oidc-hello-configuration-complete-corresponding-source) - (port webid-oidc-hello-configuration-port (default 8089)) - (extra-options - webid-oidc-hello-configuration-extra-options - (default '()))) - -(define-record-type* <webid-oidc-client-service-configuration> - webid-oidc-client-service-configuration - make-webid-oidc-client-service-configuration - webid-oidc-client-service-configuration? - (webid-oidc webid-oidc-client-service-configuration-webid-oidc - (default webid-oidc)) - (complete-corresponding-source - webid-oidc-client-service-configuration-complete-corresponding-source) - (client-id webid-oidc-client-service-configuration-client-id) - (redirect-uri webid-oidc-client-service-configuration-redirect-uri) - (client-name webid-oidc-client-service-configuration-client-name (default "Example Solid App")) - (client-uri webid-oidc-client-service-configuration-client-uri (default "https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client")) - (port webid-oidc-client-service-configuration-port (default 8088)) - (extra-options - webid-oidc-client-service-configuration-extra-options - (default '()))) - -(define-record-type* <webid-oidc-server-configuration> - webid-oidc-server-configuration - make-webid-oidc-server-configuration - webid-oidc-server-configuration? - (webid-oidc webid-oidc-server-configuration-webid-oidc - (default webid-oidc)) - (complete-corresponding-source - webid-oidc-server-configuration-complete-corresponding-source) - (server-name webid-oidc-server-configuration-server-name) - (key-file webid-oidc-server-configuration-key-file - (default "/var/lib/webid-oidc/server/key.jwk")) - (subject webid-oidc-server-configuration-subject) - (encrypted-password webid-oidc-server-configuration-encrypted-password) - (jwks-uri webid-oidc-server-configuration-jwks-uri) - (authorization-endpoint-uri - webid-oidc-server-configuration-authorization-endpoint-uri) - (token-endpoint-uri - webid-oidc-server-configuration-token-endpoint-uri) - (port webid-oidc-server-configuration-port (default 8088)) - (extra-options - webid-oidc-issuer-configuration-extra-options - (default '()))) - -(export <webid-oidc-issuer-configuration> - webid-oidc-issuer-configuration - make-webid-oidc-issuer-configuration - webid-oidc-issuer-configuration? - webid-oidc-issuer-configuration-webid-oidc - webid-oidc-issuer-configuration-complete-corresponding-source - webid-oidc-issuer-configuration-issuer - webid-oidc-issuer-configuration-key-file - webid-oidc-issuer-configuration-subject - webid-oidc-issuer-configuration-encrypted-password - webid-oidc-issuer-configuration-jwks-uri - webid-oidc-issuer-configuration-authorization-endpoint-uri - webid-oidc-issuer-configuration-token-endpoint-uri - webid-oidc-issuer-configuration-port - webid-oidc-issuer-configuration-extra-options - <webid-oidc-reverse-proxy-configuration> - webid-oidc-reverse-proxy-configuration - make-webid-oidc-reverse-proxy-configuration - webid-oidc-reverse-proxy-configuration? - webid-oidc-reverse-proxy-configuration-webid-oidc - webid-oidc-reverse-proxy-configuration-complete-corresponding-source - webid-oidc-reverse-proxy-configuration-port - webid-oidc-reverse-proxy-configuration-inbound-uri - webid-oidc-reverse-proxy-configuration-outbound-uri - webid-oidc-reverse-proxy-configuration-header - webid-oidc-reverse-proxy-configuration-extra-options - <webid-oidc-hello-configuration> - webid-oidc-hello-configuration - make-webid-oidc-hello-configuration - webid-oidc-hello-configuration? - webid-oidc-hello-configuration-webid-oidc - webid-oidc-hello-configuration-complete-corresponding-source - webid-oidc-hello-configuration-port - webid-oidc-hello-configuration-extra-options - <webid-oidc-client-service-configuration> - webid-oidc-client-service-configuration - make-webid-oidc-client-service-configuration - webid-oidc-client-service-configuration? - webid-oidc-client-service-configuration-webid-oidc - webid-oidc-client-service-configuration-complete-corresponding-source - webid-oidc-client-service-configuration-client-id - webid-oidc-client-service-configuration-redirect-uri - webid-oidc-client-service-configuration-client-name - webid-oidc-client-service-configuration-client-uri - webid-oidc-client-service-configuration-port - webid-oidc-client-service-configuration-extra-options - <webid-oidc-server-configuration> - webid-oidc-server-configuration - make-webid-oidc-server-configuration - webid-oidc-server-configuration? - webid-oidc-server-configuration-webid-oidc - webid-oidc-server-configuration-complete-corresponding-source - webid-oidc-server-configuration-server-name - webid-oidc-server-configuration-key-file - webid-oidc-server-configuration-subject - webid-oidc-server-configuration-encrypted-password - webid-oidc-server-configuration-jwks-uri - webid-oidc-server-configuration-authorization-endpoint-uri - webid-oidc-server-configuration-token-endpoint-uri - webid-oidc-server-configuration-port - webid-oidc-server-configuration-extra-options) - -(define webid-oidc-issuer-shepherd-service - (match-lambda - (($ <webid-oidc-issuer-configuration> - webid-oidc ccs issuer key-file subject encrypted-password jwks-uri - authorization-endpoint-uri token-endpoint-uri port - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(webid-oidc-issuer)) - (documentation "Run the Solid identity provider.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "webid-oidc")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/webid-oidc") - (prepare-directory "/var/lib/webid-oidc") - (prepare-directory "/var/cache/webid-oidc")) - (make-forkexec-constructor - (list - (string-append #$webid-oidc "/bin/webid-oidc") - "identity-provider" - "--complete-corresponding-source" #$ccs - "--server-name" #$issuer - "--key-file" #$key-file - "--subject" #$subject - "--encrypted-password" #$encrypted-password - "--jwks-uri" #$jwks-uri - "--authorization-endpoint-uri" #$authorization-endpoint-uri - "--token-endpoint-uri" #$token-endpoint-uri - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "issuer.log" - "--error-file" "issuer.err" - #$@extra-options) - #:user "webid-oidc" - #:group "webid-oidc" - #:directory "/var/log/webid-oidc" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define webid-oidc-reverse-proxy-shepherd-service - (match-lambda - (($ <webid-oidc-reverse-proxy-configuration> - webid-oidc ccs port inbound-uri outbound-uri header - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(webid-oidc-reverse-proxy)) - (documentation "Run a proxy to authenticate with Solid.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "webid-oidc")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/webid-oidc") - (prepare-directory "/var/lib/webid-oidc") - (prepare-directory "/var/cache/webid-oidc")) - (make-forkexec-constructor - (list - (string-append #$webid-oidc "/bin/webid-oidc") - "reverse-proxy" - "--complete-corresponding-source" #$ccs - "--port" (with-output-to-string (lambda () (display #$port))) - "--server-name" #$inbound-uri - "--backend-uri" #$outbound-uri - "--header" #$header - "--log-file" "reverse-proxy.log" - "--error-file" "reverse-proxy.err" - #$@extra-options) - #:user "webid-oidc" - #:group "webid-oidc" - #:directory "/var/log/webid-oidc" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define webid-oidc-hello-shepherd-service - (match-lambda - (($ <webid-oidc-hello-configuration> - webid-oidc ccs port extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(webid-oidc-hello)) - (documentation "Run a demonstration Solid server.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "webid-oidc")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/webid-oidc") - (prepare-directory "/var/lib/webid-oidc") - (prepare-directory "/var/cache/webid-oidc")) - (make-forkexec-constructor - (list - (string-append #$webid-oidc "/bin/webid-oidc-hello") - "--complete-corresponding-source" #$ccs - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "hello.log" - "--error-file" "hello.err" - #$@extra-options) - #:user "webid-oidc" - #:group "webid-oidc" - #:directory "/var/log/webid-oidc" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define webid-oidc-client-service-shepherd-service - (match-lambda - (($ <webid-oidc-client-service-configuration> - webid-oidc ccs client-id redirect-uri client-name client-uri port - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(webid-oidc-client-service)) - (documentation "Run a server for a Solid application.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "webid-oidc")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/webid-oidc")) - (make-forkexec-constructor - (list - (string-append #$webid-oidc "/bin/webid-oidc") - "client-service" - "--complete-corresponding-source" #$ccs - "--client-id" #$client-id - "--redirect-uri" #$redirect-uri - "--client-name" #$client-name - "--client-uri" #$client-uri - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "client-service.log" - "--error-file" "client-service.err" - #$@extra-options) - #:user "webid-oidc" - #:group "webid-oidc" - #:directory "/var/log/webid-oidc" - #:environment-variables - `("LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define webid-oidc-server-shepherd-service - (match-lambda - (($ <webid-oidc-server-configuration> - webid-oidc ccs server-name key-file subject encrypted-password jwks-uri - authorization-endpoint-uri token-endpoint-uri port - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(webid-oidc-server)) - (documentation "Run the full Solid server.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "webid-oidc")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/webid-oidc") - (prepare-directory "/var/lib/webid-oidc") - (prepare-directory "/var/cache/webid-oidc")) - (make-forkexec-constructor - (list - (string-append #$webid-oidc "/bin/webid-oidc") - "server" - "--complete-corresponding-source" #$ccs - "--server-name" #$server-name - "--key-file" #$key-file - "--subject" #$subject - "--encrypted-password" #$encrypted-password - "--jwks-uri" #$jwks-uri - "--authorization-endpoint-uri" #$authorization-endpoint-uri - "--token-endpoint-uri" #$token-endpoint-uri - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "server.log" - "--error-file" "server.err" - #$@extra-options) - #:user "webid-oidc" - #:group "webid-oidc" - #:directory "/var/log/webid-oidc" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define %webid-oidc-accounts - (list (user-group (name "webid-oidc") - (system? #t)) - (user-account - (name "webid-oidc") - (group "webid-oidc") - (system? #t) - (comment "The user that runs the webid-oidc issuer and resource server.") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin"))))) - -(define (%webid-oidc-log-rotation file) - (list (log-rotation - (frequency 'daily) - (files - (map (lambda (ext) (string-append "/var/log/webid-oidc/" file "." ext)) - '("log" "err"))) - (options '("sharedscripts" - "storedir /var/log/webid-oidc"))))) - -(define-public webid-oidc-issuer-service-type - (service-type - (name 'webid-oidc-issuer) - (extensions - (list - (service-extension account-service-type - (const %webid-oidc-accounts)) - (service-extension rottlog-service-type - (const (%webid-oidc-log-rotation "issuer"))) - (service-extension - shepherd-root-service-type - webid-oidc-issuer-shepherd-service))))) - -(define-public webid-oidc-reverse-proxy-service-type - (service-type - (name 'webid-oidc-reverse-proxy) - (extensions - (list - (service-extension account-service-type - (const %webid-oidc-accounts)) - (service-extension rottlog-service-type - (const (%webid-oidc-log-rotation "reverse-proxy"))) - (service-extension - shepherd-root-service-type - webid-oidc-reverse-proxy-shepherd-service))))) - -(define-public webid-oidc-hello-service-type - (service-type - (name 'webid-oidc-hello) - (extensions - (list - (service-extension account-service-type - (const %webid-oidc-accounts)) - (service-extension rottlog-service-type - (const (%webid-oidc-log-rotation "hello"))) - (service-extension - shepherd-root-service-type - webid-oidc-hello-shepherd-service))))) - -(define-public webid-oidc-client-service-service-type - (service-type - (name 'webid-oidc-client-service) - (extensions - (list - (service-extension account-service-type - (const %webid-oidc-accounts)) - (service-extension rottlog-service-type - (const (%webid-oidc-log-rotation "client-service"))) - (service-extension - shepherd-root-service-type - webid-oidc-client-service-shepherd-service))))) - -(define-public webid-oidc-server-service-type - (service-type - (name 'webid-oidc-server) - (extensions - (list - (service-extension account-service-type - (const %webid-oidc-accounts)) - (service-extension rottlog-service-type - (const (%webid-oidc-log-rotation "server"))) - (service-extension - shepherd-root-service-type - webid-oidc-server-shepherd-service))))) - -(define-public webid-oidc-website - (nginx-server-configuration - (server-name '("webid-oidc.planete-kraus.eu")) - (listen '("443 ssl" "[::]:443 ssl")) - (ssl-certificate "/etc/letsencrypt/live/planete-kraus.eu/fullchain.pem") - (ssl-certificate-key "/etc/letsencrypt/live/planete-kraus.eu/privkey.pem") - (root webid-oidc:website) - (locations - (list - (nginx-location-configuration - (uri "/project") - (body - (list "default_type text/turtle ;"))))))) |