diff options
Diffstat (limited to 'doc/disfluid.texi')
| -rw-r--r-- | doc/disfluid.texi | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/doc/disfluid.texi b/doc/disfluid.texi index d18c8e9..93128c1 100644 --- a/doc/disfluid.texi +++ b/doc/disfluid.texi @@ -48,6 +48,7 @@ Free Documentation License'' @menu * Decentralized Authentication on the Web:: * Invoking disfluid:: +* Running disfluid with GNU Guix:: * The Json Web Token:: * Caching on server side:: * Content negociation:: @@ -233,6 +234,41 @@ set the name of the application. set an URI where to find more information about the client. @end table +@node Running disfluid with GNU Guix +@chapter Running disfluid with GNU Guix + +The channel at +@url{https://labo.planete-kraus.eu/webid-oidc-channel.git} can be used +with guix. It defines the package at the latest commit, and a service +definition in @emph{(vkraus services disfluid)}. + +@defvr {service type} disfluid-service-type +This service runs a bunch of disfluid servers with the @emph{disfluid} +system user, each with a unique name. The value it takes is an alist +of service configurations: the keys are unique names (to differenciate +the generated shepherd services), and the values are configuration +records for an issuer, reverse proxy, server, or client service. +@end defvr + +@deftp {configuration record} <disfluid-issuer-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{issuer} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}] +The configuration for the identity provider. The optional +@var{disfluid} argument is the package containing the binary to run, +if you want to apply some patches, and @var{extra-options} is an empty +list by default. +@end deftp + +@deftp {configuration record} <disfluid-reverse-proxy-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{port} @var{inbound-uri} @var{outbound-uri} @var{header} [@var{extra-options}] +This record configures an authenticating reverse proxy. +@end deftp + +@deftp {configuration record} <disfluid-client-service-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{client-id} @var{redirect-uri} [@var{client-name}] [@var{client-uri}] @var{port} [@var{extra-options}] +This record configures a server to serve public application pages. +@end deftp + +@deftp {configuration record} <disfluid-server-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{server-name} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}] +The configuration for the full server. +@end deftp + @node The Json Web Token @chapter The Json Web Token |