summaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
authorVivien Kraus <vivien@planete-kraus.eu>2021-07-30 11:58:08 +0200
committerVivien Kraus <vivien@planete-kraus.eu>2021-08-01 15:25:08 +0200
commited64c545c4723dc0efdb1265b05d682e11e4c1f6 (patch)
tree4c4393adc62bff130840c41d9fb137c939f12246 /guix
parentc6f9d0a4878b2e94e92cc8fce5800fb43185be4d (diff)
Change the name!
Diffstat (limited to 'guix')
-rw-r--r--guix/vkraus/packages/disfluid.scm (renamed from guix/vkraus/packages/webid-oidc.scm)44
-rw-r--r--guix/vkraus/services/disfluid.scm520
-rw-r--r--guix/vkraus/services/webid-oidc.scm520
3 files changed, 543 insertions, 541 deletions
diff --git a/guix/vkraus/packages/webid-oidc.scm b/guix/vkraus/packages/disfluid.scm
index 223438b..f372315 100644
--- a/guix/vkraus/packages/webid-oidc.scm
+++ b/guix/vkraus/packages/disfluid.scm
@@ -1,4 +1,4 @@
-;; webid-oidc, implementation of the Solid specification
+;; disfluid, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
@@ -14,7 +14,7 @@
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-(define-module (vkraus packages webid-oidc)
+(define-module (vkraus packages disfluid)
#:use-module (guix packages)
#:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
@@ -33,11 +33,11 @@
#:use-module (gnu packages man)
#:use-module (gnu packages tls))
-(define-public webid-oidc-snapshot
+(define-public disfluid-snapshot
(package
- (name "webid-oidc-snapshot")
+ (name "disfluid-snapshot")
(version "SNAPSHOT")
- (source "./webid-oidc-SNAPSHOT.tar.gz")
+ (source "./disfluid-SNAPSHOT.tar.gz")
(build-system gnu-build-system)
(arguments
'(#:modules ((guix build utils)
@@ -90,13 +90,15 @@
prop-input effective-version))
guile-propagated-inputs))))
(wrap-program
- (format #f "~a/bin/webid-oidc" out)
+ (format #f "~a/bin/disfluid" out)
`("GUILE_LOAD_PATH" ":" = ,mod-paths)
`("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))
+ (symlink (format #f "~a/bin/disfluid" out)
+ (format #f "~a/bin/webid-oidc" out))
(for-each
(lambda (program)
(wrap-program
- (format #f "~a/bin/webid-oidc-~a" out program)
+ (format #f "~a/bin/disfluid-~a" out program)
`("GUILE_LOAD_PATH" ":" = ,mod-paths)
`("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths)))
'(example-app hello))))))))
@@ -121,8 +123,8 @@
("guile-jsonld" ,guile-rdf)
("gnutls" ,gnutls)
("nettle" ,nettle)))
- (synopsis "")
- (description "")
+ (synopsis "Demanding Interoperability to Strengthen the Free (Libre) Web: Introducing Disfluid")
+ (description "Demanding Interoperability to Strengthen the Free (Libre) Web: Introducing Disfluid")
(home-page "https://labo.planete-kraus.eu/webid-oidc.git")
(license license:agpl3+)
(native-search-paths
@@ -130,10 +132,10 @@
(variable "LTDL_LIBRARY_PATH")
(files '("lib")))))))
-(define-public (webid-oidc-release version release-date commit hash)
+(define-public (disfluid-release version release-date commit hash)
(package
- (inherit webid-oidc-snapshot)
- (name "webid-oidc")
+ (inherit disfluid-snapshot)
+ (name "disfluid")
(version version)
(source
(origin
@@ -150,10 +152,10 @@
(lambda _ (format #t "~a~%" ,release-date)))
#t))))))
-(define-public (webid-oidc-htmlize webid-oidc)
+(define-public (disfluid-htmlize disfluid)
(package
- (inherit webid-oidc)
- (name "webid-oidc-html")
+ (inherit disfluid)
+ (name "disfluid-html")
(arguments
'(#:modules ((guix build utils)
(guix build gnu-build-system)
@@ -192,14 +194,14 @@
get-string-all)
#\newline))))
(copy-file (string-append
- "webid-oidc-" version ".tar.gz")
+ "disfluid-" version ".tar.gz")
(string-append
(assoc-ref outputs "out")
- "/share/doc/webid-oidc/webid-oidc.html/complete-corresponding-source.tar.gz"))))))))
- (synopsis "HTML documentation for webid-oidc")
- (description "The manual for webid-oidc is provided as a texinfo
+ "/share/doc/disfluid/disfluid.html/complete-corresponding-source.tar.gz"))))))))
+ (synopsis "HTML documentation for Disfluid")
+ (description "The manual for disfluid is provided as a texinfo
file, which is exported to HTML. Also include the complete
corresponding source, as an AGPL requirement.")))
-(define-public (make-website webid-oidc)
- (file-append (webid-oidc-htmlize webid-oidc) "/share/doc/webid-oidc/webid-oidc.html"))
+(define-public (make-website disfluid)
+ (file-append (disfluid-htmlize disfluid) "/share/doc/disfluid/disfluid.html"))
diff --git a/guix/vkraus/services/disfluid.scm b/guix/vkraus/services/disfluid.scm
new file mode 100644
index 0000000..ba2e976
--- /dev/null
+++ b/guix/vkraus/services/disfluid.scm
@@ -0,0 +1,520 @@
+;; disfluid, implementation of the Solid specification
+;; Copyright (C) 2020, 2021 Vivien Kraus
+
+;; This program is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU Affero General Public License as
+;; published by the Free Software Foundation, either version 3 of the
+;; License, or (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU Affero General Public License for more details.
+
+;; You should have received a copy of the GNU Affero General Public License
+;; along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+(define-module (vkraus services disfluid)
+ #:use-module (gnu services)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu services admin)
+ #:use-module (gnu services web)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages admin)
+ #:use-module (vkraus packages disfluid)
+ #:use-module (guix gexp)
+ #:use-module (guix modules)
+ #:use-module (guix records)
+ #:use-module (ice-9 match)
+ #:use-module (ice-9 optargs))
+
+(define-record-type* <disfluid-issuer-configuration>
+ disfluid-issuer-configuration
+ make-disfluid-issuer-configuration
+ disfluid-issuer-configuration?
+ (disfluid disfluid-issuer-configuration-disfluid
+ (default disfluid))
+ (complete-corresponding-source
+ disfluid-issuer-configuration-complete-corresponding-source)
+ (issuer disfluid-issuer-configuration-issuer)
+ (key-file disfluid-issuer-configuration-key-file
+ (default "/var/lib/disfluid/issuer/key.jwk"))
+ (subject disfluid-issuer-configuration-subject)
+ (encrypted-password disfluid-issuer-configuration-encrypted-password)
+ (jwks-uri disfluid-issuer-configuration-jwks-uri)
+ (authorization-endpoint-uri
+ disfluid-issuer-configuration-authorization-endpoint-uri)
+ (token-endpoint-uri
+ disfluid-issuer-configuration-token-endpoint-uri)
+ (port disfluid-issuer-configuration-port (default 8088))
+ (extra-options
+ disfluid-issuer-configuration-extra-options
+ (default '())))
+
+(define-record-type* <disfluid-reverse-proxy-configuration>
+ disfluid-reverse-proxy-configuration
+ make-disfluid-reverse-proxy-configuration
+ disfluid-reverse-proxy-configuration?
+ (disfluid disfluid-reverse-proxy-configuration-disfluid
+ (default disfluid))
+ (complete-corresponding-source
+ disfluid-reverse-proxy-configuration-complete-corresponding-source)
+ (port disfluid-reverse-proxy-port (default 8090))
+ (inbound-uri disfluid-reverse-proxy-configuration-inbound-uri)
+ (outbound-uri disfluid-reverse-proxy-configuration-outbound-uri)
+ (header disfluid-reverse-proxy-configuration-header
+ (default "XXX-Agent"))
+ (extra-options
+ disfluid-reverse-proxy-extra-options
+ (default '())))
+
+(define-record-type* <disfluid-hello-configuration>
+ disfluid-hello-configuration
+ make-disfluid-hello-configuration
+ disfluid-hello-configuration?
+ (disfluid disfluid-hello-configuration-disfluid
+ (default disfluid))
+ (complete-corresponding-source
+ disfluid-hello-configuration-complete-corresponding-source)
+ (port disfluid-hello-configuration-port (default 8089))
+ (extra-options
+ disfluid-hello-configuration-extra-options
+ (default '())))
+
+(define-record-type* <disfluid-client-service-configuration>
+ disfluid-client-service-configuration
+ make-disfluid-client-service-configuration
+ disfluid-client-service-configuration?
+ (disfluid disfluid-client-service-configuration-disfluid
+ (default disfluid))
+ (complete-corresponding-source
+ disfluid-client-service-configuration-complete-corresponding-source)
+ (client-id disfluid-client-service-configuration-client-id)
+ (redirect-uri disfluid-client-service-configuration-redirect-uri)
+ (client-name disfluid-client-service-configuration-client-name (default "Example Solid App"))
+ (client-uri disfluid-client-service-configuration-client-uri (default "https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client"))
+ (port disfluid-client-service-configuration-port (default 8088))
+ (extra-options
+ disfluid-client-service-configuration-extra-options
+ (default '())))
+
+(define-record-type* <disfluid-server-configuration>
+ disfluid-server-configuration
+ make-disfluid-server-configuration
+ disfluid-server-configuration?
+ (disfluid disfluid-server-configuration-disfluid
+ (default disfluid))
+ (complete-corresponding-source
+ disfluid-server-configuration-complete-corresponding-source)
+ (server-name disfluid-server-configuration-server-name)
+ (key-file disfluid-server-configuration-key-file
+ (default "/var/lib/disfluid/server/key.jwk"))
+ (subject disfluid-server-configuration-subject)
+ (encrypted-password disfluid-server-configuration-encrypted-password)
+ (jwks-uri disfluid-server-configuration-jwks-uri)
+ (authorization-endpoint-uri
+ disfluid-server-configuration-authorization-endpoint-uri)
+ (token-endpoint-uri
+ disfluid-server-configuration-token-endpoint-uri)
+ (port disfluid-server-configuration-port (default 8088))
+ (extra-options
+ disfluid-issuer-configuration-extra-options
+ (default '())))
+
+(export <disfluid-issuer-configuration>
+ disfluid-issuer-configuration
+ make-disfluid-issuer-configuration
+ disfluid-issuer-configuration?
+ disfluid-issuer-configuration-disfluid
+ disfluid-issuer-configuration-complete-corresponding-source
+ disfluid-issuer-configuration-issuer
+ disfluid-issuer-configuration-key-file
+ disfluid-issuer-configuration-subject
+ disfluid-issuer-configuration-encrypted-password
+ disfluid-issuer-configuration-jwks-uri
+ disfluid-issuer-configuration-authorization-endpoint-uri
+ disfluid-issuer-configuration-token-endpoint-uri
+ disfluid-issuer-configuration-port
+ disfluid-issuer-configuration-extra-options
+ <disfluid-reverse-proxy-configuration>
+ disfluid-reverse-proxy-configuration
+ make-disfluid-reverse-proxy-configuration
+ disfluid-reverse-proxy-configuration?
+ disfluid-reverse-proxy-configuration-disfluid
+ disfluid-reverse-proxy-configuration-complete-corresponding-source
+ disfluid-reverse-proxy-configuration-port
+ disfluid-reverse-proxy-configuration-inbound-uri
+ disfluid-reverse-proxy-configuration-outbound-uri
+ disfluid-reverse-proxy-configuration-header
+ disfluid-reverse-proxy-configuration-extra-options
+ <disfluid-hello-configuration>
+ disfluid-hello-configuration
+ make-disfluid-hello-configuration
+ disfluid-hello-configuration?
+ disfluid-hello-configuration-disfluid
+ disfluid-hello-configuration-complete-corresponding-source
+ disfluid-hello-configuration-port
+ disfluid-hello-configuration-extra-options
+ <disfluid-client-service-configuration>
+ disfluid-client-service-configuration
+ make-disfluid-client-service-configuration
+ disfluid-client-service-configuration?
+ disfluid-client-service-configuration-disfluid
+ disfluid-client-service-configuration-complete-corresponding-source
+ disfluid-client-service-configuration-client-id
+ disfluid-client-service-configuration-redirect-uri
+ disfluid-client-service-configuration-client-name
+ disfluid-client-service-configuration-client-uri
+ disfluid-client-service-configuration-port
+ disfluid-client-service-configuration-extra-options
+ <disfluid-server-configuration>
+ disfluid-server-configuration
+ make-disfluid-server-configuration
+ disfluid-server-configuration?
+ disfluid-server-configuration-disfluid
+ disfluid-server-configuration-complete-corresponding-source
+ disfluid-server-configuration-server-name
+ disfluid-server-configuration-key-file
+ disfluid-server-configuration-subject
+ disfluid-server-configuration-encrypted-password
+ disfluid-server-configuration-jwks-uri
+ disfluid-server-configuration-authorization-endpoint-uri
+ disfluid-server-configuration-token-endpoint-uri
+ disfluid-server-configuration-port
+ disfluid-server-configuration-extra-options)
+
+(define disfluid-issuer-shepherd-service
+ (match-lambda
+ (($ <disfluid-issuer-configuration>
+ disfluid ccs issuer key-file subject encrypted-password jwks-uri
+ authorization-endpoint-uri token-endpoint-uri port
+ extra-options)
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ (list (shepherd-service
+ (provision '(disfluid-issuer))
+ (documentation "Run the Solid identity provider.")
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory "/var/lib/disfluid")
+ (prepare-directory "/var/cache/disfluid"))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "identity-provider"
+ "--complete-corresponding-source" #$ccs
+ "--server-name" #$issuer
+ "--key-file" #$key-file
+ "--subject" #$subject
+ "--encrypted-password" #$encrypted-password
+ "--jwks-uri" #$jwks-uri
+ "--authorization-endpoint-uri" #$authorization-endpoint-uri
+ "--token-endpoint-uri" #$token-endpoint-uri
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" "issuer.log"
+ "--error-file" "issuer.err"
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ `("XDG_DATA_HOME=/var/lib"
+ "XDG_CACHE_HOME=/var/cache"
+ "LANG=C"))))
+ (stop #~(make-kill-destructor))))))))
+
+(define disfluid-reverse-proxy-shepherd-service
+ (match-lambda
+ (($ <disfluid-reverse-proxy-configuration>
+ disfluid ccs port inbound-uri outbound-uri header
+ extra-options)
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ (list (shepherd-service
+ (provision '(disfluid-reverse-proxy))
+ (documentation "Run a proxy to authenticate with Solid.")
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory "/var/lib/disfluid")
+ (prepare-directory "/var/cache/disfluid"))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "reverse-proxy"
+ "--complete-corresponding-source" #$ccs
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--server-name" #$inbound-uri
+ "--backend-uri" #$outbound-uri
+ "--header" #$header
+ "--log-file" "reverse-proxy.log"
+ "--error-file" "reverse-proxy.err"
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ `("XDG_DATA_HOME=/var/lib"
+ "XDG_CACHE_HOME=/var/cache"
+ "LANG=C"))))
+ (stop #~(make-kill-destructor))))))))
+
+(define disfluid-hello-shepherd-service
+ (match-lambda
+ (($ <disfluid-hello-configuration>
+ disfluid ccs port extra-options)
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ (list (shepherd-service
+ (provision '(disfluid-hello))
+ (documentation "Run a demonstration Solid server.")
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory "/var/lib/disfluid")
+ (prepare-directory "/var/cache/disfluid"))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid-hello")
+ "--complete-corresponding-source" #$ccs
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" "hello.log"
+ "--error-file" "hello.err"
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ `("XDG_DATA_HOME=/var/lib"
+ "XDG_CACHE_HOME=/var/cache"
+ "LANG=C"))))
+ (stop #~(make-kill-destructor))))))))
+
+(define disfluid-client-service-shepherd-service
+ (match-lambda
+ (($ <disfluid-client-service-configuration>
+ disfluid ccs client-id redirect-uri client-name client-uri port
+ extra-options)
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ (list (shepherd-service
+ (provision '(disfluid-client-service))
+ (documentation "Run a server for a Solid application.")
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid"))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "client-service"
+ "--complete-corresponding-source" #$ccs
+ "--client-id" #$client-id
+ "--redirect-uri" #$redirect-uri
+ "--client-name" #$client-name
+ "--client-uri" #$client-uri
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" "client-service.log"
+ "--error-file" "client-service.err"
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ `("LANG=C"))))
+ (stop #~(make-kill-destructor))))))))
+
+(define disfluid-server-shepherd-service
+ (match-lambda
+ (($ <disfluid-server-configuration>
+ disfluid ccs server-name key-file subject encrypted-password jwks-uri
+ authorization-endpoint-uri token-endpoint-uri port
+ extra-options)
+ (with-imported-modules
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ (list (shepherd-service
+ (provision '(disfluid-server))
+ (documentation "Run the full Solid server.")
+ (requirement '(user-processes))
+ (modules '((gnu build shepherd)
+ (gnu system file-systems)))
+ (start
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory "/var/lib/disfluid")
+ (prepare-directory "/var/cache/disfluid"))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "server"
+ "--complete-corresponding-source" #$ccs
+ "--server-name" #$server-name
+ "--key-file" #$key-file
+ "--subject" #$subject
+ "--encrypted-password" #$encrypted-password
+ "--jwks-uri" #$jwks-uri
+ "--authorization-endpoint-uri" #$authorization-endpoint-uri
+ "--token-endpoint-uri" #$token-endpoint-uri
+ "--port" (with-output-to-string (lambda () (display #$port)))
+ "--log-file" "server.log"
+ "--error-file" "server.err"
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ `("XDG_DATA_HOME=/var/lib"
+ "XDG_CACHE_HOME=/var/cache"
+ "LANG=C"))))
+ (stop #~(make-kill-destructor))))))))
+
+(define %disfluid-accounts
+ (list (user-group (name "disfluid")
+ (system? #t))
+ (user-account
+ (name "disfluid")
+ (group "disfluid")
+ (system? #t)
+ (comment "The user that runs the disfluid issuer and resource server.")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define (%disfluid-log-rotation file)
+ (list (log-rotation
+ (frequency 'daily)
+ (files
+ (map (lambda (ext) (string-append "/var/log/disfluid/" file "." ext))
+ '("log" "err")))
+ (options '("sharedscripts"
+ "storedir /var/log/disfluid")))))
+
+(define-public disfluid-issuer-service-type
+ (service-type
+ (name 'disfluid-issuer)
+ (extensions
+ (list
+ (service-extension account-service-type
+ (const %disfluid-accounts))
+ (service-extension rottlog-service-type
+ (const (%disfluid-log-rotation "issuer")))
+ (service-extension
+ shepherd-root-service-type
+ disfluid-issuer-shepherd-service)))))
+
+(define-public disfluid-reverse-proxy-service-type
+ (service-type
+ (name 'disfluid-reverse-proxy)
+ (extensions
+ (list
+ (service-extension account-service-type
+ (const %disfluid-accounts))
+ (service-extension rottlog-service-type
+ (const (%disfluid-log-rotation "reverse-proxy")))
+ (service-extension
+ shepherd-root-service-type
+ disfluid-reverse-proxy-shepherd-service)))))
+
+(define-public disfluid-hello-service-type
+ (service-type
+ (name 'disfluid-hello)
+ (extensions
+ (list
+ (service-extension account-service-type
+ (const %disfluid-accounts))
+ (service-extension rottlog-service-type
+ (const (%disfluid-log-rotation "hello")))
+ (service-extension
+ shepherd-root-service-type
+ disfluid-hello-shepherd-service)))))
+
+(define-public disfluid-client-service-service-type
+ (service-type
+ (name 'disfluid-client-service)
+ (extensions
+ (list
+ (service-extension account-service-type
+ (const %disfluid-accounts))
+ (service-extension rottlog-service-type
+ (const (%disfluid-log-rotation "client-service")))
+ (service-extension
+ shepherd-root-service-type
+ disfluid-client-service-shepherd-service)))))
+
+(define-public disfluid-server-service-type
+ (service-type
+ (name 'disfluid-server)
+ (extensions
+ (list
+ (service-extension account-service-type
+ (const %disfluid-accounts))
+ (service-extension rottlog-service-type
+ (const (%disfluid-log-rotation "server")))
+ (service-extension
+ shepherd-root-service-type
+ disfluid-server-shepherd-service)))))
+
+(define-public disfluid-website
+ (nginx-server-configuration
+ (server-name '("disfluid.planete-kraus.eu" "webid-oidc.planete-kraus.eu"))
+ (listen '("443 ssl" "[::]:443 ssl"))
+ (ssl-certificate "/etc/letsencrypt/live/planete-kraus.eu/fullchain.pem")
+ (ssl-certificate-key "/etc/letsencrypt/live/planete-kraus.eu/privkey.pem")
+ (root disfluid:website)
+ (locations
+ (list
+ (nginx-location-configuration
+ (uri "/project")
+ (body
+ (list "default_type text/turtle ;")))))))
diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm
deleted file mode 100644
index c20c550..0000000
--- a/guix/vkraus/services/webid-oidc.scm
+++ /dev/null
@@ -1,520 +0,0 @@
-;; webid-oidc, implementation of the Solid specification
-;; Copyright (C) 2020, 2021 Vivien Kraus
-
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU Affero General Public License as
-;; published by the Free Software Foundation, either version 3 of the
-;; License, or (at your option) any later version.
-
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;; GNU Affero General Public License for more details.
-
-;; You should have received a copy of the GNU Affero General Public License
-;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-(define-module (vkraus services webid-oidc)
- #:use-module (gnu services)
- #:use-module (gnu services shepherd)
- #:use-module (gnu services admin)
- #:use-module (gnu services web)
- #:use-module (gnu system shadow)
- #:use-module (gnu packages admin)
- #:use-module (vkraus packages webid-oidc)
- #:use-module (guix gexp)
- #:use-module (guix modules)
- #:use-module (guix records)
- #:use-module (ice-9 match)
- #:use-module (ice-9 optargs))
-
-(define-record-type* <webid-oidc-issuer-configuration>
- webid-oidc-issuer-configuration
- make-webid-oidc-issuer-configuration
- webid-oidc-issuer-configuration?
- (webid-oidc webid-oidc-issuer-configuration-webid-oidc
- (default webid-oidc))
- (complete-corresponding-source
- webid-oidc-issuer-configuration-complete-corresponding-source)
- (issuer webid-oidc-issuer-configuration-issuer)
- (key-file webid-oidc-issuer-configuration-key-file
- (default "/var/lib/webid-oidc/issuer/key.jwk"))
- (subject webid-oidc-issuer-configuration-subject)
- (encrypted-password webid-oidc-issuer-configuration-encrypted-password)
- (jwks-uri webid-oidc-issuer-configuration-jwks-uri)
- (authorization-endpoint-uri
- webid-oidc-issuer-configuration-authorization-endpoint-uri)
- (token-endpoint-uri
- webid-oidc-issuer-configuration-token-endpoint-uri)
- (port webid-oidc-issuer-configuration-port (default 8088))
- (extra-options
- webid-oidc-issuer-configuration-extra-options
- (default '())))
-
-(define-record-type* <webid-oidc-reverse-proxy-configuration>
- webid-oidc-reverse-proxy-configuration
- make-webid-oidc-reverse-proxy-configuration
- webid-oidc-reverse-proxy-configuration?
- (webid-oidc webid-oidc-reverse-proxy-configuration-webid-oidc
- (default webid-oidc))
- (complete-corresponding-source
- webid-oidc-reverse-proxy-configuration-complete-corresponding-source)
- (port webid-oidc-reverse-proxy-port (default 8090))
- (inbound-uri webid-oidc-reverse-proxy-configuration-inbound-uri)
- (outbound-uri webid-oidc-reverse-proxy-configuration-outbound-uri)
- (header webid-oidc-reverse-proxy-configuration-header
- (default "XXX-Agent"))
- (extra-options
- webid-oidc-reverse-proxy-extra-options
- (default '())))
-
-(define-record-type* <webid-oidc-hello-configuration>
- webid-oidc-hello-configuration
- make-webid-oidc-hello-configuration
- webid-oidc-hello-configuration?
- (webid-oidc webid-oidc-hello-configuration-webid-oidc
- (default webid-oidc))
- (complete-corresponding-source
- webid-oidc-hello-configuration-complete-corresponding-source)
- (port webid-oidc-hello-configuration-port (default 8089))
- (extra-options
- webid-oidc-hello-configuration-extra-options
- (default '())))
-
-(define-record-type* <webid-oidc-client-service-configuration>
- webid-oidc-client-service-configuration
- make-webid-oidc-client-service-configuration
- webid-oidc-client-service-configuration?
- (webid-oidc webid-oidc-client-service-configuration-webid-oidc
- (default webid-oidc))
- (complete-corresponding-source
- webid-oidc-client-service-configuration-complete-corresponding-source)
- (client-id webid-oidc-client-service-configuration-client-id)
- (redirect-uri webid-oidc-client-service-configuration-redirect-uri)
- (client-name webid-oidc-client-service-configuration-client-name (default "Example Solid App"))
- (client-uri webid-oidc-client-service-configuration-client-uri (default "https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client"))
- (port webid-oidc-client-service-configuration-port (default 8088))
- (extra-options
- webid-oidc-client-service-configuration-extra-options
- (default '())))
-
-(define-record-type* <webid-oidc-server-configuration>
- webid-oidc-server-configuration
- make-webid-oidc-server-configuration
- webid-oidc-server-configuration?
- (webid-oidc webid-oidc-server-configuration-webid-oidc
- (default webid-oidc))
- (complete-corresponding-source
- webid-oidc-server-configuration-complete-corresponding-source)
- (server-name webid-oidc-server-configuration-server-name)
- (key-file webid-oidc-server-configuration-key-file
- (default "/var/lib/webid-oidc/server/key.jwk"))
- (subject webid-oidc-server-configuration-subject)
- (encrypted-password webid-oidc-server-configuration-encrypted-password)
- (jwks-uri webid-oidc-server-configuration-jwks-uri)
- (authorization-endpoint-uri
- webid-oidc-server-configuration-authorization-endpoint-uri)
- (token-endpoint-uri
- webid-oidc-server-configuration-token-endpoint-uri)
- (port webid-oidc-server-configuration-port (default 8088))
- (extra-options
- webid-oidc-issuer-configuration-extra-options
- (default '())))
-
-(export <webid-oidc-issuer-configuration>
- webid-oidc-issuer-configuration
- make-webid-oidc-issuer-configuration
- webid-oidc-issuer-configuration?
- webid-oidc-issuer-configuration-webid-oidc
- webid-oidc-issuer-configuration-complete-corresponding-source
- webid-oidc-issuer-configuration-issuer
- webid-oidc-issuer-configuration-key-file
- webid-oidc-issuer-configuration-subject
- webid-oidc-issuer-configuration-encrypted-password
- webid-oidc-issuer-configuration-jwks-uri
- webid-oidc-issuer-configuration-authorization-endpoint-uri
- webid-oidc-issuer-configuration-token-endpoint-uri
- webid-oidc-issuer-configuration-port
- webid-oidc-issuer-configuration-extra-options
- <webid-oidc-reverse-proxy-configuration>
- webid-oidc-reverse-proxy-configuration
- make-webid-oidc-reverse-proxy-configuration
- webid-oidc-reverse-proxy-configuration?
- webid-oidc-reverse-proxy-configuration-webid-oidc
- webid-oidc-reverse-proxy-configuration-complete-corresponding-source
- webid-oidc-reverse-proxy-configuration-port
- webid-oidc-reverse-proxy-configuration-inbound-uri
- webid-oidc-reverse-proxy-configuration-outbound-uri
- webid-oidc-reverse-proxy-configuration-header
- webid-oidc-reverse-proxy-configuration-extra-options
- <webid-oidc-hello-configuration>
- webid-oidc-hello-configuration
- make-webid-oidc-hello-configuration
- webid-oidc-hello-configuration?
- webid-oidc-hello-configuration-webid-oidc
- webid-oidc-hello-configuration-complete-corresponding-source
- webid-oidc-hello-configuration-port
- webid-oidc-hello-configuration-extra-options
- <webid-oidc-client-service-configuration>
- webid-oidc-client-service-configuration
- make-webid-oidc-client-service-configuration
- webid-oidc-client-service-configuration?
- webid-oidc-client-service-configuration-webid-oidc
- webid-oidc-client-service-configuration-complete-corresponding-source
- webid-oidc-client-service-configuration-client-id
- webid-oidc-client-service-configuration-redirect-uri
- webid-oidc-client-service-configuration-client-name
- webid-oidc-client-service-configuration-client-uri
- webid-oidc-client-service-configuration-port
- webid-oidc-client-service-configuration-extra-options
- <webid-oidc-server-configuration>
- webid-oidc-server-configuration
- make-webid-oidc-server-configuration
- webid-oidc-server-configuration?
- webid-oidc-server-configuration-webid-oidc
- webid-oidc-server-configuration-complete-corresponding-source
- webid-oidc-server-configuration-server-name
- webid-oidc-server-configuration-key-file
- webid-oidc-server-configuration-subject
- webid-oidc-server-configuration-encrypted-password
- webid-oidc-server-configuration-jwks-uri
- webid-oidc-server-configuration-authorization-endpoint-uri
- webid-oidc-server-configuration-token-endpoint-uri
- webid-oidc-server-configuration-port
- webid-oidc-server-configuration-extra-options)
-
-(define webid-oidc-issuer-shepherd-service
- (match-lambda
- (($ <webid-oidc-issuer-configuration>
- webid-oidc ccs issuer key-file subject encrypted-password jwks-uri
- authorization-endpoint-uri token-endpoint-uri port
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(webid-oidc-issuer))
- (documentation "Run the Solid identity provider.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "webid-oidc"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/webid-oidc")
- (prepare-directory "/var/lib/webid-oidc")
- (prepare-directory "/var/cache/webid-oidc"))
- (make-forkexec-constructor
- (list
- (string-append #$webid-oidc "/bin/webid-oidc")
- "identity-provider"
- "--complete-corresponding-source" #$ccs
- "--server-name" #$issuer
- "--key-file" #$key-file
- "--subject" #$subject
- "--encrypted-password" #$encrypted-password
- "--jwks-uri" #$jwks-uri
- "--authorization-endpoint-uri" #$authorization-endpoint-uri
- "--token-endpoint-uri" #$token-endpoint-uri
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "issuer.log"
- "--error-file" "issuer.err"
- #$@extra-options)
- #:user "webid-oidc"
- #:group "webid-oidc"
- #:directory "/var/log/webid-oidc"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define webid-oidc-reverse-proxy-shepherd-service
- (match-lambda
- (($ <webid-oidc-reverse-proxy-configuration>
- webid-oidc ccs port inbound-uri outbound-uri header
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(webid-oidc-reverse-proxy))
- (documentation "Run a proxy to authenticate with Solid.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "webid-oidc"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/webid-oidc")
- (prepare-directory "/var/lib/webid-oidc")
- (prepare-directory "/var/cache/webid-oidc"))
- (make-forkexec-constructor
- (list
- (string-append #$webid-oidc "/bin/webid-oidc")
- "reverse-proxy"
- "--complete-corresponding-source" #$ccs
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--server-name" #$inbound-uri
- "--backend-uri" #$outbound-uri
- "--header" #$header
- "--log-file" "reverse-proxy.log"
- "--error-file" "reverse-proxy.err"
- #$@extra-options)
- #:user "webid-oidc"
- #:group "webid-oidc"
- #:directory "/var/log/webid-oidc"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define webid-oidc-hello-shepherd-service
- (match-lambda
- (($ <webid-oidc-hello-configuration>
- webid-oidc ccs port extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(webid-oidc-hello))
- (documentation "Run a demonstration Solid server.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "webid-oidc"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/webid-oidc")
- (prepare-directory "/var/lib/webid-oidc")
- (prepare-directory "/var/cache/webid-oidc"))
- (make-forkexec-constructor
- (list
- (string-append #$webid-oidc "/bin/webid-oidc-hello")
- "--complete-corresponding-source" #$ccs
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "hello.log"
- "--error-file" "hello.err"
- #$@extra-options)
- #:user "webid-oidc"
- #:group "webid-oidc"
- #:directory "/var/log/webid-oidc"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define webid-oidc-client-service-shepherd-service
- (match-lambda
- (($ <webid-oidc-client-service-configuration>
- webid-oidc ccs client-id redirect-uri client-name client-uri port
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(webid-oidc-client-service))
- (documentation "Run a server for a Solid application.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "webid-oidc"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/webid-oidc"))
- (make-forkexec-constructor
- (list
- (string-append #$webid-oidc "/bin/webid-oidc")
- "client-service"
- "--complete-corresponding-source" #$ccs
- "--client-id" #$client-id
- "--redirect-uri" #$redirect-uri
- "--client-name" #$client-name
- "--client-uri" #$client-uri
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "client-service.log"
- "--error-file" "client-service.err"
- #$@extra-options)
- #:user "webid-oidc"
- #:group "webid-oidc"
- #:directory "/var/log/webid-oidc"
- #:environment-variables
- `("LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define webid-oidc-server-shepherd-service
- (match-lambda
- (($ <webid-oidc-server-configuration>
- webid-oidc ccs server-name key-file subject encrypted-password jwks-uri
- authorization-endpoint-uri token-endpoint-uri port
- extra-options)
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- (list (shepherd-service
- (provision '(webid-oidc-server))
- (documentation "Run the full Solid server.")
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- #~(begin
- (let* ((user (getpwnam "webid-oidc"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/webid-oidc")
- (prepare-directory "/var/lib/webid-oidc")
- (prepare-directory "/var/cache/webid-oidc"))
- (make-forkexec-constructor
- (list
- (string-append #$webid-oidc "/bin/webid-oidc")
- "server"
- "--complete-corresponding-source" #$ccs
- "--server-name" #$server-name
- "--key-file" #$key-file
- "--subject" #$subject
- "--encrypted-password" #$encrypted-password
- "--jwks-uri" #$jwks-uri
- "--authorization-endpoint-uri" #$authorization-endpoint-uri
- "--token-endpoint-uri" #$token-endpoint-uri
- "--port" (with-output-to-string (lambda () (display #$port)))
- "--log-file" "server.log"
- "--error-file" "server.err"
- #$@extra-options)
- #:user "webid-oidc"
- #:group "webid-oidc"
- #:directory "/var/log/webid-oidc"
- #:environment-variables
- `("XDG_DATA_HOME=/var/lib"
- "XDG_CACHE_HOME=/var/cache"
- "LANG=C"))))
- (stop #~(make-kill-destructor))))))))
-
-(define %webid-oidc-accounts
- (list (user-group (name "webid-oidc")
- (system? #t))
- (user-account
- (name "webid-oidc")
- (group "webid-oidc")
- (system? #t)
- (comment "The user that runs the webid-oidc issuer and resource server.")
- (home-directory "/var/empty")
- (shell (file-append shadow "/sbin/nologin")))))
-
-(define (%webid-oidc-log-rotation file)
- (list (log-rotation
- (frequency 'daily)
- (files
- (map (lambda (ext) (string-append "/var/log/webid-oidc/" file "." ext))
- '("log" "err")))
- (options '("sharedscripts"
- "storedir /var/log/webid-oidc")))))
-
-(define-public webid-oidc-issuer-service-type
- (service-type
- (name 'webid-oidc-issuer)
- (extensions
- (list
- (service-extension account-service-type
- (const %webid-oidc-accounts))
- (service-extension rottlog-service-type
- (const (%webid-oidc-log-rotation "issuer")))
- (service-extension
- shepherd-root-service-type
- webid-oidc-issuer-shepherd-service)))))
-
-(define-public webid-oidc-reverse-proxy-service-type
- (service-type
- (name 'webid-oidc-reverse-proxy)
- (extensions
- (list
- (service-extension account-service-type
- (const %webid-oidc-accounts))
- (service-extension rottlog-service-type
- (const (%webid-oidc-log-rotation "reverse-proxy")))
- (service-extension
- shepherd-root-service-type
- webid-oidc-reverse-proxy-shepherd-service)))))
-
-(define-public webid-oidc-hello-service-type
- (service-type
- (name 'webid-oidc-hello)
- (extensions
- (list
- (service-extension account-service-type
- (const %webid-oidc-accounts))
- (service-extension rottlog-service-type
- (const (%webid-oidc-log-rotation "hello")))
- (service-extension
- shepherd-root-service-type
- webid-oidc-hello-shepherd-service)))))
-
-(define-public webid-oidc-client-service-service-type
- (service-type
- (name 'webid-oidc-client-service)
- (extensions
- (list
- (service-extension account-service-type
- (const %webid-oidc-accounts))
- (service-extension rottlog-service-type
- (const (%webid-oidc-log-rotation "client-service")))
- (service-extension
- shepherd-root-service-type
- webid-oidc-client-service-shepherd-service)))))
-
-(define-public webid-oidc-server-service-type
- (service-type
- (name 'webid-oidc-server)
- (extensions
- (list
- (service-extension account-service-type
- (const %webid-oidc-accounts))
- (service-extension rottlog-service-type
- (const (%webid-oidc-log-rotation "server")))
- (service-extension
- shepherd-root-service-type
- webid-oidc-server-shepherd-service)))))
-
-(define-public webid-oidc-website
- (nginx-server-configuration
- (server-name '("webid-oidc.planete-kraus.eu"))
- (listen '("443 ssl" "[::]:443 ssl"))
- (ssl-certificate "/etc/letsencrypt/live/planete-kraus.eu/fullchain.pem")
- (ssl-certificate-key "/etc/letsencrypt/live/planete-kraus.eu/privkey.pem")
- (root webid-oidc:website)
- (locations
- (list
- (nginx-location-configuration
- (uri "/project")
- (body
- (list "default_type text/turtle ;")))))))
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-20 00:41:22 +0000