diff options
Diffstat (limited to 'guix/vkraus/systems/webid-oidc.scm')
-rw-r--r-- | guix/vkraus/systems/webid-oidc.scm | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/guix/vkraus/systems/webid-oidc.scm b/guix/vkraus/systems/webid-oidc.scm new file mode 100644 index 0000000..704c746 --- /dev/null +++ b/guix/vkraus/systems/webid-oidc.scm @@ -0,0 +1,80 @@ +(define-module (vkraus systems webid-oidc) + #:use-module (gnu) + #:use-module (guix) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (vkraus services webid-oidc) + #:use-module (vkraus packages webid-oidc) + #:use-module (gnu services web)) + +(operating-system + (locale "fr_FR.utf8") + (timezone "Europe/Paris") + (keyboard-layout (keyboard-layout "fr")) + (host-name "webid-oidc-issuer") + (users %base-user-accounts) + (packages + (append + (list (specification->package "nss-certs")) + %base-packages)) + (services + (append + (cons* + (service webid-oidc-issuer-service-type + (webid-oidc-issuer-configuration + (webid-oidc webid-oidc-snapshot) + (issuer "http://localhost:8080") + (subject "http://localhost:8080/profile/card#me") + (password "p4ssw0rd") + (jwks-uri "http://localhost:8080/keys") + (authorization-endpoint-uri "http://localhost:8080/authorize") + (token-endpoint-uri "http://localhost:8080/token") + (port 8080))) + (service webid-oidc-hello-service-type + (webid-oidc-hello-configuration + (webid-oidc webid-oidc-snapshot) + (port 8081))) + (service nginx-service-type + (nginx-configuration + (upstream-blocks + (list + (nginx-upstream-configuration + (name "issuer") + (servers (list "localhost:8080"))) + (nginx-upstream-configuration + (name "server") + (servers (list "localhost:8081"))))) + (server-blocks + (list + (nginx-server-configuration + (server-name '("localhost")) + (listen '("80")) + (locations + (list + (nginx-location-configuration + (uri "/profile/card") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/keys") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/authorize") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/token") + (body (list "proxy_pass http://issuer;"))) + (nginx-location-configuration + (uri "/") + (body (list "proxy_pass http://server;")))))))))) + %base-services))) + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (target "/boot/efi") + (keyboard-layout keyboard-layout))) + (file-systems + (cons* (file-system + (mount-point "/") + (device "/dev/sda") + (type "ext4")) + %base-file-systems))) |