From 97497a5a3134c3c95e47a43f12b3b05cb17b82aa Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Sat, 5 Dec 2020 22:03:21 +0100 Subject: Create a guix service for the identity provider. --- guix/vkraus/services/webid-oidc.scm | 119 ++++++++++++++++++++++++++++++ guix/vkraus/systems/webid-oidc-issuer.scm | 50 +++++++++++++ po/fr.po | 2 +- po/webid-oidc.pot | 2 +- 4 files changed, 171 insertions(+), 2 deletions(-) create mode 100644 guix/vkraus/services/webid-oidc.scm create mode 100644 guix/vkraus/systems/webid-oidc-issuer.scm diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm new file mode 100644 index 0000000..4c7834c --- /dev/null +++ b/guix/vkraus/services/webid-oidc.scm @@ -0,0 +1,119 @@ +(define-module (vkraus services webid-oidc) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (vkraus packages webid-oidc) + #:use-module (guix gexp) + #:use-module (guix modules) + #:use-module (guix records) + #:use-module (ice-9 match) + #:use-module (ice-9 optargs)) + +(define-record-type* + webid-oidc-issuer-configuration + make-webid-oidc-issuer-configuration + webid-oidc-issuer-configuration? + (webid-oidc webid-oidc-issuer-configuration-webid-oidc + (default webid-oidc)) + (issuer webid-oidc-issuer-configuration-issuer) + (key-file webid-oidc-issuer-configuration-key-file + (default "/var/lib/webid-oidc/issuer/key.jwk")) + (subject webid-oidc-issuer-configuration-subject) + (password webid-oidc-issuer-configuration-password) + (jwks-uri webid-oidc-issuer-configuration-jwks-uri) + (authorization-endpoint-uri + webid-oidc-issuer-configuration-authorization-endpoint-uri) + (token-endpoint-uri + webid-oidc-issuer-configuration-token-endpoint-uri) + (port webid-oidc-issuer-configuration-port (default 8088)) + (extra-options + webid-oidc-issuer-configuration-extra-options + (default '()))) + +(export + webid-oidc-issuer-configuration + make-webid-oidc-issuer-configuration + webid-oidc-issuer-configuration? + webid-oidc-issuer-configuration-webid-oidc + webid-oidc-issuer-configuration-issuer + webid-oidc-issuer-configuration-key-file + webid-oidc-issuer-configuration-subject + webid-oidc-issuer-configuration-password + webid-oidc-issuer-configuration-jwks-uri + webid-oidc-issuer-configuration-authorization-endpoint-uri + webid-oidc-issuer-configuration-token-endpoint-uri + webid-oidc-issuer-configuration-port + webid-oidc-issuer-configuration-extra-options) + +(define webid-oidc-issuer-shepherd-service + (match-lambda + (($ + webid-oidc issuer key-file subject password jwks-uri + authorization-endpoint-uri token-endpoint-uri port + extra-options) + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(webid-oidc-issuer)) + (documentation "Run the Solid identity provider.") + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + #~(begin + (let* ((user (getpwnam "webid-oidc-issuer")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/webid-oidc") + (prepare-directory "/var/lib/webid-oidc") + (prepare-directory "/var/cache/webid-oidc")) + (make-forkexec-constructor + (list + (string-append #$webid-oidc "/bin/webid-oidc-issuer") + "--issuer" #$issuer + "--key-file" #$key-file + "--subject" #$subject + "--password" #$password + "--jwks-uri" #$jwks-uri + "--authorization-endpoint-uri" #$authorization-endpoint-uri + "--token-endpoint-uri" #$token-endpoint-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" "issuer.log" + "--error-file" "issuer.err" + #$@extra-options) + #:user "webid-oidc-issuer" + #:group "webid-oidc-issuer" + #:directory "/var/log/webid-oidc" + #:environment-variables + `("XDG_DATA_HOME=/var/lib" + "XDG_CACHE_HOME=/var/cache" + "LANG=C")))) + (stop #~(make-kill-destructor)))))))) + +(define %webid-oidc-issuer-accounts + (list (user-group (name "webid-oidc-issuer") + (system? #t)) + (user-account + (name "webid-oidc-issuer") + (group "webid-oidc-issuer") + (system? #t) + (comment "The user that runs the webid-oidc issuer.") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define-public webid-oidc-issuer-service-type + (service-type + (name 'webid-oidc-issuer) + (extensions + (list + (service-extension account-service-type + (const %webid-oidc-issuer-accounts)) + (service-extension + shepherd-root-service-type + webid-oidc-issuer-shepherd-service))))) diff --git a/guix/vkraus/systems/webid-oidc-issuer.scm b/guix/vkraus/systems/webid-oidc-issuer.scm new file mode 100644 index 0000000..103f49f --- /dev/null +++ b/guix/vkraus/systems/webid-oidc-issuer.scm @@ -0,0 +1,50 @@ +(define-module (vkraus systems webid-oidc-issuer) + #:use-module (gnu) + #:use-module (guix) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (vkraus services webid-oidc) + #:use-module (vkraus packages webid-oidc)) + +(operating-system + (locale "fr_FR.utf8") + (timezone "Europe/Paris") + (keyboard-layout (keyboard-layout "fr")) + (host-name "webid-oidc-issuer") + (users (cons* (user-account + (name "admin") + (comment "Administrator") + (group "users") + (home-directory "/home/admin") + (supplementary-groups + '("wheel" "netdev"))) + %base-user-accounts)) + (packages + (append + (list (specification->package "nss-certs")) + %base-packages)) + (services + (append + (cons* + (service webid-oidc-issuer-service-type + (webid-oidc-issuer-configuration + (webid-oidc webid-oidc-snapshot) + (issuer "http://localhost:8080") + (subject "http://localhost:8080/profile/card#me") + (password "p4ssw0rd") + (jwks-uri "http://localhost:8080/keys") + (authorization-endpoint-uri "http://localhost:8080/authorize") + (token-endpoint-uri "http://localhost:8080/token") + (port 8080))) + %base-services))) + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (target "/boot/efi") + (keyboard-layout keyboard-layout))) + (file-systems + (cons* (file-system + (mount-point "/") + (device "/dev/sda") + (type "ext4")) + %base-file-systems))) diff --git a/po/fr.po b/po/fr.po index e9fdaa3..561e910 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2,7 +2,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc 0.0.0\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-05 16:17+0200\n" +"POT-Creation-Date: 2021-06-05 16:18+0200\n" "PO-Revision-Date: 2021-06-05 11:07+0200\n" "Last-Translator: Vivien Kraus \n" "Language-Team: French \n" diff --git a/po/webid-oidc.pot b/po/webid-oidc.pot index 9168393..c5b6815 100644 --- a/po/webid-oidc.pot +++ b/po/webid-oidc.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc SNAPSHOT\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-05 16:17+0200\n" +"POT-Creation-Date: 2021-06-05 16:18+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" -- cgit v1.2.3