From b43be9d4b05af12a22a97210b35885a3727e4a86 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Sun, 1 Aug 2021 23:15:56 +0200 Subject: Make only one service type, but accept multiple configurations. --- NEWS | 4 + README | 33 +++ doc/disfluid.texi | 36 +++ guix/vkraus/services/disfluid.scm | 578 ++++++++++++++++++-------------------- guix/vkraus/systems/test.scm | 88 ++++++ 5 files changed, 437 insertions(+), 302 deletions(-) create mode 100644 guix/vkraus/systems/test.scm diff --git a/NEWS b/NEWS index d777d56..ac7f7f9 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,10 @@ #+author: Vivien Kraus #+email: vivien@planete-kraus.eu +* The Guix service now accepts multiple instance of the service +It still runs one process per server, but it is now possible to run +two servers. This is useful for testing with 2 different users. + * The server can now load the encrypted password from a file This means that the encrypted password can be hidden from the other users. diff --git a/README b/README index c3c9597..2ad0530 100644 --- a/README +++ b/README @@ -46,6 +46,39 @@ To build, first run the =bootstrap= script, then =./configure=, Once installed, you get a program named =disfluid=. Run it with =-h= to get the options. +* Running as a docker image +The =guix/vkraus/systems/test.scm= contains a couple of servers, one +for [[http://localhost:8081/alice#me]] (the password is "alice"), and one +for [[http://localhost:8082/bob#me]] (the password is "bob"). Both servers +running on localhost:8081 and localhost:8082 are aware that they are +http-only and run on these ports. + +Once you have the Guix channel installed, you can build the image as: + +#+begin_src shell + sudo docker load -i $(guix system docker-image guix/vkraus/systems/test.scm) \ + && sudo docker tag guix:latest vivienkraus/disfluid:test-bench +#+end_src + +I try to publish recent versions of the test bench on Docker Hub, but +I may forget. Don’t forget to remind me if you think it’s too old. + +Then, you will need to start the container: + +#+begin_src shell + export container_id="$(sudo docker create vivienkraus/disfluid:test-bench)" + sudo docker start $container_id +#+end_src + +You can enter the container to check the log files, for instance: + +#+begin_src shell + sudo docker exec -it $container_id /run/current-system/profile/bin/bash --login +#+end_src + +Unfortunately, I don’t know how to let the host access the 8081 and +8082 ports. + # Local Variables: # mode: org # End: diff --git a/doc/disfluid.texi b/doc/disfluid.texi index d18c8e9..93128c1 100644 --- a/doc/disfluid.texi +++ b/doc/disfluid.texi @@ -48,6 +48,7 @@ Free Documentation License'' @menu * Decentralized Authentication on the Web:: * Invoking disfluid:: +* Running disfluid with GNU Guix:: * The Json Web Token:: * Caching on server side:: * Content negociation:: @@ -233,6 +234,41 @@ set the name of the application. set an URI where to find more information about the client. @end table +@node Running disfluid with GNU Guix +@chapter Running disfluid with GNU Guix + +The channel at +@url{https://labo.planete-kraus.eu/webid-oidc-channel.git} can be used +with guix. It defines the package at the latest commit, and a service +definition in @emph{(vkraus services disfluid)}. + +@defvr {service type} disfluid-service-type +This service runs a bunch of disfluid servers with the @emph{disfluid} +system user, each with a unique name. The value it takes is an alist +of service configurations: the keys are unique names (to differenciate +the generated shepherd services), and the values are configuration +records for an issuer, reverse proxy, server, or client service. +@end defvr + +@deftp {configuration record} [@var{disfluid}] @var{complete-corresponding-source} @var{issuer} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}] +The configuration for the identity provider. The optional +@var{disfluid} argument is the package containing the binary to run, +if you want to apply some patches, and @var{extra-options} is an empty +list by default. +@end deftp + +@deftp {configuration record} [@var{disfluid}] @var{complete-corresponding-source} @var{port} @var{inbound-uri} @var{outbound-uri} @var{header} [@var{extra-options}] +This record configures an authenticating reverse proxy. +@end deftp + +@deftp {configuration record} [@var{disfluid}] @var{complete-corresponding-source} @var{client-id} @var{redirect-uri} [@var{client-name}] [@var{client-uri}] @var{port} [@var{extra-options}] +This record configures a server to serve public application pages. +@end deftp + +@deftp {configuration record} [@var{disfluid}] @var{complete-corresponding-source} @var{server-name} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}] +The configuration for the full server. +@end deftp + @node The Json Web Token @chapter The Json Web Token diff --git a/guix/vkraus/services/disfluid.scm b/guix/vkraus/services/disfluid.scm index bf7078c..fdc9443 100644 --- a/guix/vkraus/services/disfluid.scm +++ b/guix/vkraus/services/disfluid.scm @@ -37,8 +37,7 @@ (complete-corresponding-source disfluid-issuer-configuration-complete-corresponding-source) (issuer disfluid-issuer-configuration-issuer) - (key-file disfluid-issuer-configuration-key-file - (default "/var/lib/disfluid/issuer/key.jwk")) + (key-file disfluid-issuer-configuration-key-file) (subject disfluid-issuer-configuration-subject) (encrypted-password-file disfluid-issuer-configuration-encrypted-password-file) (jwks-uri disfluid-issuer-configuration-jwks-uri) @@ -107,8 +106,7 @@ (complete-corresponding-source disfluid-server-configuration-complete-corresponding-source) (server-name disfluid-server-configuration-server-name) - (key-file disfluid-server-configuration-key-file - (default "/var/lib/disfluid/server/key.jwk")) + (key-file disfluid-server-configuration-key-file) (subject disfluid-server-configuration-subject) (encrypted-password-file disfluid-server-configuration-encrypted-password-file) (jwks-uri disfluid-server-configuration-jwks-uri) @@ -183,242 +181,234 @@ disfluid-server-configuration-port disfluid-server-configuration-extra-options) -(define disfluid-issuer-shepherd-service +(define configuration->shepherd-service (match-lambda - (($ - disfluid ccs issuer key-file subject encrypted-password-file jwks-uri - authorization-endpoint-uri token-endpoint-uri port - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(disfluid-issuer)) - (documentation "Run the Solid identity provider.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "disfluid")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/disfluid") - (prepare-directory "/var/lib/disfluid") - (prepare-directory "/var/cache/disfluid")) - (make-forkexec-constructor - (list - (string-append #$disfluid "/bin/disfluid") - "identity-provider" - "--complete-corresponding-source" #$ccs - "--server-name" #$issuer - "--key-file" #$key-file - "--subject" #$subject - "--encrypted-password-from-file" #$encrypted-password-file - "--jwks-uri" #$jwks-uri - "--authorization-endpoint-uri" #$authorization-endpoint-uri - "--token-endpoint-uri" #$token-endpoint-uri - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "issuer.log" - "--error-file" "issuer.err" - #$@extra-options) - #:user "disfluid" - #:group "disfluid" - #:directory "/var/log/disfluid" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define disfluid-reverse-proxy-shepherd-service - (match-lambda - (($ - disfluid ccs port inbound-uri outbound-uri header - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(disfluid-reverse-proxy)) - (documentation "Run a proxy to authenticate with Solid.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "disfluid")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/disfluid") - (prepare-directory "/var/lib/disfluid") - (prepare-directory "/var/cache/disfluid")) - (make-forkexec-constructor - (list - (string-append #$disfluid "/bin/disfluid") - "reverse-proxy" - "--complete-corresponding-source" #$ccs - "--port" (with-output-to-string (lambda () (display #$port))) - "--server-name" #$inbound-uri - "--backend-uri" #$outbound-uri - "--header" #$header - "--log-file" "reverse-proxy.log" - "--error-file" "reverse-proxy.err" - #$@extra-options) - #:user "disfluid" - #:group "disfluid" - #:directory "/var/log/disfluid" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define disfluid-hello-shepherd-service - (match-lambda - (($ - disfluid ccs port extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(disfluid-hello)) - (documentation "Run a demonstration Solid server.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "disfluid")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/disfluid") - (prepare-directory "/var/lib/disfluid") - (prepare-directory "/var/cache/disfluid")) - (make-forkexec-constructor - (list - (string-append #$disfluid "/bin/disfluid-hello") - "--complete-corresponding-source" #$ccs - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "hello.log" - "--error-file" "hello.err" - #$@extra-options) - #:user "disfluid" - #:group "disfluid" - #:directory "/var/log/disfluid" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define disfluid-client-service-shepherd-service - (match-lambda - (($ - disfluid ccs client-id redirect-uri client-name client-uri port - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(disfluid-client-service)) - (documentation "Run a server for a Solid application.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "disfluid")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/disfluid")) - (make-forkexec-constructor - (list - (string-append #$disfluid "/bin/disfluid") - "client-service" - "--complete-corresponding-source" #$ccs - "--client-id" #$client-id - "--redirect-uri" #$redirect-uri - "--client-name" #$client-name - "--client-uri" #$client-uri - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "client-service.log" - "--error-file" "client-service.err" - #$@extra-options) - #:user "disfluid" - #:group "disfluid" - #:directory "/var/log/disfluid" - #:environment-variables - `("LANG=C")))) - (stop #~(make-kill-destructor)))))))) - -(define disfluid-server-shepherd-service - (match-lambda - (($ - disfluid ccs server-name key-file subject encrypted-password-file jwks-uri - authorization-endpoint-uri token-endpoint-uri port - extra-options) - (with-imported-modules - (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) - (list (shepherd-service - (provision '(disfluid-server)) - (documentation "Run the full Solid server.") - (requirement '(user-processes)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start - #~(begin - (let* ((user (getpwnam "disfluid")) - (prepare-directory - (lambda (dir) - (mkdir-p dir) - (chown dir (passwd:uid user) (passwd:gid user)) - (chmod dir #o700)))) - (prepare-directory "/var/log/disfluid") - (prepare-directory "/var/lib/disfluid") - (prepare-directory "/var/cache/disfluid")) - (make-forkexec-constructor - (list - (string-append #$disfluid "/bin/disfluid") - "server" - "--complete-corresponding-source" #$ccs - "--server-name" #$server-name - "--key-file" #$key-file - "--subject" #$subject - "--encrypted-password-from-file" #$encrypted-password-file - "--jwks-uri" #$jwks-uri - "--authorization-endpoint-uri" #$authorization-endpoint-uri - "--token-endpoint-uri" #$token-endpoint-uri - "--port" (with-output-to-string (lambda () (display #$port))) - "--log-file" "server.log" - "--error-file" "server.err" - #$@extra-options) - #:user "disfluid" - #:group "disfluid" - #:directory "/var/log/disfluid" - #:environment-variables - `("XDG_DATA_HOME=/var/lib" - "XDG_CACHE_HOME=/var/cache" - "LANG=C")))) - (stop #~(make-kill-destructor)))))))) + ((id . ($ + disfluid ccs issuer key-file subject encrypted-password-file jwks-uri + authorization-endpoint-uri token-endpoint-uri port extra-options)) + `(,(shepherd-service + (provision (list (string->symbol (format #f "disfluid-~a" id)))) + (documentation (format #f "Run a Solid identity provider (~a)" id)) + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory #$(format #f "/var/lib/disfluid/~a" id)) + (prepare-directory #$(format #f "/var/cache/disfluid/~a" id))) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "identity-provider" + "--complete-corresponding-source" #$ccs + "--server-name" #$issuer + "--key-file" #$key-file + "--subject" #$subject + "--encrypted-password-from-file" #$encrypted-password-file + "--jwks-uri" #$jwks-uri + "--authorization-endpoint-uri" #$authorization-endpoint-uri + "--token-endpoint-uri" #$token-endpoint-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" #$(format #f "issuer-~a.log" id) + "--error-file" #$(format #f "issuer-~a.err" id) + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id) + #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id) + "LANG=C"))))) + (stop #~(make-kill-destructor))))) + ((id . ($ + disfluid ccs port inbound-uri outbound-uri header extra-options)) + `(,(shepherd-service + (provision (list (string->symbol (format #f "disfluid-~a" id)))) + (documentation (format #f "Run a Solid reverse proxy (~a)" id)) + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory #$(format #f "/var/lib/disfluid/~a" id)) + (prepare-directory #$(format #f "/var/cache/disfluid/~a" id))) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "reverse-proxy" + "--complete-corresponding-source" #$ccs + "--port" (with-output-to-string (lambda () (display #$port))) + "--server-name" #$inbound-uri + "--backend-uri" #$outbound-uri + "--header" #$header + "--log-file" #$(format #f "reverse-proxy-~a.log" id) + "--error-file" #$(format #f "reverse-proxy-~a.err" id) + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id) + #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id) + "LANG=C"))))) + (stop #~(make-kill-destructor))))) + ((id . ($ + disfluid ccs port extra-options)) + `(,(shepherd-service + (provision (list (string->symbol (format #f "disfluid-~a" id)))) + (documentation (format #f "Run a demonstration Solid server (~a)" id)) + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory #$(format #f "/var/lib/disfluid/~a" id)) + (prepare-directory #$(format #f "/var/cache/disfluid/~a" id))) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid-hello") + "--complete-corresponding-source" #$ccs + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" #$(format #f "hello-~a.log" id) + "--error-file" #$(format #f "hello-~a.err" id) + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id) + #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id) + "LANG=C"))))) + (stop #~(make-kill-destructor))))) + ((id . ($ + disfluid ccs client-id redirect-uri client-name client-uri port + extra-options)) + `(,(shepherd-service + (provision (list (string->symbol (format #f "disfluid-~a" id)))) + (documentation (format #f "Serve the public page for an application (~a)" id)) + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory #$(format #f "/var/lib/disfluid/~a" id)) + (prepare-directory #$(format #f "/var/cache/disfluid/~a" id))) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "client-service" + "--complete-corresponding-source" #$ccs + "--client-id" #$client-id + "--redirect-uri" #$redirect-uri + "--client-name" #$client-name + "--client-uri" #$client-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" #$(format #f "client-service-~a.log" id) + "--error-file" #$(format #f "client-service-~a.err" id) + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id) + #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id) + "LANG=C"))))) + (stop #~(make-kill-destructor))))) + ((id . ($ + disfluid ccs server-name key-file subject encrypted-password-file jwks-uri + authorization-endpoint-uri token-endpoint-uri port + extra-options)) + `(,(shepherd-service + (provision (list (string->symbol (format #f "disfluid-~a" id)))) + (documentation (format #f "Run a full server (~a)" id)) + (requirement '(user-processes)) + (modules '((gnu build shepherd) + (gnu system file-systems))) + (start + (with-imported-modules + (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + #~(begin + (let* ((user (getpwnam "disfluid")) + (prepare-directory + (lambda (dir) + (mkdir-p dir) + (chown dir (passwd:uid user) (passwd:gid user)) + (chmod dir #o700)))) + (prepare-directory "/var/log/disfluid") + (prepare-directory #$(format #f "/var/lib/disfluid/~a" id)) + (prepare-directory #$(format #f "/var/cache/disfluid/~a" id))) + (make-forkexec-constructor + (list + (string-append #$disfluid "/bin/disfluid") + "server" + "--complete-corresponding-source" #$ccs + "--server-name" #$server-name + "--key-file" #$key-file + "--subject" #$subject + "--encrypted-password-from-file" #$encrypted-password-file + "--jwks-uri" #$jwks-uri + "--authorization-endpoint-uri" #$authorization-endpoint-uri + "--token-endpoint-uri" #$token-endpoint-uri + "--port" (with-output-to-string (lambda () (display #$port))) + "--log-file" #$(format #f "server-~a.log" id) + "--error-file" #$(format #f "server-~a.err" id) + #$@extra-options) + #:user "disfluid" + #:group "disfluid" + #:directory "/var/log/disfluid" + #:environment-variables + '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id) + #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id) + "LANG=C"))))) + (stop #~(make-kill-destructor))))) + ((items ...) + (apply append (map configuration->shepherd-service items))))) (define %disfluid-accounts (list (user-group (name "disfluid") @@ -427,83 +417,67 @@ (name "disfluid") (group "disfluid") (system? #t) - (comment "The user that runs the disfluid issuer and resource server.") + (comment "The user that runs the disfluid servers.") (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) -(define (%disfluid-log-rotation file) - (list (log-rotation +(define configuration->log-rotation + (match-lambda + ((id . ($ )) + `(,(log-rotation (frequency 'daily) (files - (map (lambda (ext) (string-append "/var/log/disfluid/" file "." ext)) - '("log" "err"))) - (options '("sharedscripts" - "storedir /var/log/disfluid"))))) - -(define-public disfluid-issuer-service-type - (service-type - (name 'disfluid-issuer) - (extensions - (list - (service-extension account-service-type - (const %disfluid-accounts)) - (service-extension rottlog-service-type - (const (%disfluid-log-rotation "issuer"))) - (service-extension - shepherd-root-service-type - disfluid-issuer-shepherd-service))))) - -(define-public disfluid-reverse-proxy-service-type - (service-type - (name 'disfluid-reverse-proxy) - (extensions - (list - (service-extension account-service-type - (const %disfluid-accounts)) - (service-extension rottlog-service-type - (const (%disfluid-log-rotation "reverse-proxy"))) - (service-extension - shepherd-root-service-type - disfluid-reverse-proxy-shepherd-service))))) - -(define-public disfluid-hello-service-type - (service-type - (name 'disfluid-hello) - (extensions - (list - (service-extension account-service-type - (const %disfluid-accounts)) - (service-extension rottlog-service-type - (const (%disfluid-log-rotation "hello"))) - (service-extension - shepherd-root-service-type - disfluid-hello-shepherd-service))))) - -(define-public disfluid-client-service-service-type - (service-type - (name 'disfluid-client-service) - (extensions - (list - (service-extension account-service-type - (const %disfluid-accounts)) - (service-extension rottlog-service-type - (const (%disfluid-log-rotation "client-service"))) - (service-extension - shepherd-root-service-type - disfluid-client-service-shepherd-service))))) + (map (lambda (ext) + (format #f "/var/log/disfluid/issuer-~a.~a" id ext)) + '("log err"))) + (options '("sharedscripts" "storedir /var/log/disfluid"))))) + ((id . ($ )) + `(,(log-rotation + (frequency 'daily) + (files + (map (lambda (ext) + (format #f "/var/log/disfluid/reverse-proxy-~a.~a" id ext)) + '("log err"))) + (options '("sharedscripts" "storedir /var/log/disfluid"))))) + ((id . ($ )) + `(,(log-rotation + (frequency 'daily) + (files + (map (lambda (ext) + (format #f "/var/log/disfluid/hello-~a.~a" id ext)) + '("log err"))) + (options '("sharedscripts" "storedir /var/log/disfluid"))))) + ((id . ($ )) + `(,(log-rotation + (frequency 'daily) + (files + (map (lambda (ext) + (format #f "/var/log/disfluid/client-service-~a.~a" id ext)) + '("log err"))) + (options '("sharedscripts" "storedir /var/log/disfluid"))))) + ((id . ($ )) + `(,(log-rotation + (frequency 'daily) + (files + (map (lambda (ext) + (format #f "/var/log/disfluid/server-~a.~a" id ext)) + '("log err"))) + (options '("sharedscripts" "storedir /var/log/disfluid"))))) + ((items ...) + (apply append (map configuration->log-rotation items))))) -(define-public disfluid-server-service-type +(define-public disfluid-service-type (service-type - (name 'disfluid-server) + (name 'disfluid) (extensions (list (service-extension account-service-type (const %disfluid-accounts)) (service-extension rottlog-service-type - (const (%disfluid-log-rotation "server"))) + configuration->log-rotation) (service-extension shepherd-root-service-type - disfluid-server-shepherd-service))))) + configuration->shepherd-service))))) (define-public disfluid-website (nginx-server-configuration diff --git a/guix/vkraus/systems/test.scm b/guix/vkraus/systems/test.scm new file mode 100644 index 0000000..1bfc2b8 --- /dev/null +++ b/guix/vkraus/systems/test.scm @@ -0,0 +1,88 @@ +;; disfluid, implementation of the Solid specification +;; Copyright (C) 2021 Vivien Kraus + +;; This program is free software: you can redistribute it and/or modify +;; it under the terms of the GNU Affero General Public License as +;; published by the Free Software Foundation, either version 3 of the +;; License, or (at your option) any later version. + +;; This program is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU Affero General Public License for more details. + +;; You should have received a copy of the GNU Affero General Public License +;; along with this program. If not, see . + +(define-module (vkraus systems test) + #:use-module (gnu) + #:use-module (guix gexp) + #:use-module (gnu packages certs) + #:use-module (vkraus packages disfluid) + #:use-module (vkraus services disfluid)) + +(operating-system + (host-name "disfluid-test-system") + (hosts-file + (plain-file "hosts" + "127.0.0.1 localhost +::1 localhost +")) + (users %base-user-accounts) + (packages + `(,disfluid + ,nss-certs + ,@%base-packages)) + (services + (append + (list + (service disfluid-service-type + `(("alice" + . ,(disfluid-server-configuration + (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz") + (server-name "http://localhost:8081") + (subject "http://localhost:8081/alice#me") + (encrypted-password-file + (computed-file "alice-password" + #~(let ((salt "$6$.salt.for.Alice.") + (password "alice")) + (call-with-output-file #$output + (lambda (port) + (format port "~a\n" + (crypt password salt))))))) + (key-file "/var/lib/disfluid/alice/key.jwk") + (jwks-uri "http://localhost:8081/keys") + (authorization-endpoint-uri "http://localhost:8081/authorize") + (token-endpoint-uri "http://localhost:8081/token") + (port 8081))) + ("bob" + . ,(disfluid-server-configuration + (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz") + (server-name "http://localhost:8082") + (subject "http://localhost:8082/bob#me") + (encrypted-password-file + (computed-file "bob-password" + #~(let ((salt "$6$And.salt.for.Bob") + (password "bob")) + (call-with-output-file #$output + (lambda (port) + (format port "~a\n" + (crypt password salt))))))) + (key-file "/var/lib/disfluid/bob/key.jwk") + (jwks-uri "http://localhost:8082/keys") + (authorization-endpoint-uri "http://localhost:8082/authorize") + (token-endpoint-uri "http://localhost:8082/token") + (port 8082)))))) + %base-services)) + (timezone "Europe/Paris") + (bootloader + (bootloader-configuration + (bootloader grub-efi-bootloader) + (target "/boot/efi"))) + (mapped-devices '()) + (file-systems + `(,(file-system + (mount-point "/") + (device "/dev/sda") + (type "ext4")) + ,@%base-file-systems))) -- cgit v1.2.3