(define-module (vkraus systems webid-oidc)
  #:use-module (gnu)
  #:use-module (guix)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (vkraus services webid-oidc)
  #:use-module (vkraus packages webid-oidc)
  #:use-module (gnu services web))

(operating-system
 (locale "fr_FR.utf8")
 (timezone "Europe/Paris")
 (keyboard-layout (keyboard-layout "fr"))
 (host-name "webid-oidc-issuer")
 (users %base-user-accounts)
 (packages
  (append
   (list (specification->package "nss-certs"))
   %base-packages))
 (services
  (append
   (cons*
    (service webid-oidc-issuer-service-type
	     (webid-oidc-issuer-configuration
	      (webid-oidc webid-oidc-snapshot)
	      (issuer "http://localhost:8080")
	      (subject "http://localhost:8080/profile/card#me")
	      (password "p4ssw0rd")
	      (jwks-uri "http://localhost:8080/keys")
	      (authorization-endpoint-uri "http://localhost:8080/authorize")
	      (token-endpoint-uri "http://localhost:8080/token")
	      (port 8080)))
    (service webid-oidc-hello-service-type
	     (webid-oidc-hello-configuration
	      (webid-oidc webid-oidc-snapshot)
	      (port 8081)))
    (service nginx-service-type
	     (nginx-configuration
	      (upstream-blocks
	       (list
		(nginx-upstream-configuration
		 (name "issuer")
		 (servers (list "localhost:8080")))
		(nginx-upstream-configuration
		 (name "server")
		 (servers (list "localhost:8081")))))
	      (server-blocks
	       (list
		(nginx-server-configuration
		 (server-name '("localhost"))
		 (listen '("80"))
		 (locations
		  (list
		   (nginx-location-configuration
		    (uri "/profile/card")
		    (body (list "proxy_pass http://issuer;")))
		   (nginx-location-configuration
		    (uri "/keys")
		    (body (list "proxy_pass http://issuer;")))
		   (nginx-location-configuration
		    (uri "/authorize")
		    (body (list "proxy_pass http://issuer;")))
		   (nginx-location-configuration
		    (uri "/token")
		    (body (list "proxy_pass http://issuer;")))
		   (nginx-location-configuration
		    (uri "/")
		    (body (list "proxy_pass http://server;"))))))))))
    %base-services)))
 (bootloader
  (bootloader-configuration
   (bootloader grub-efi-bootloader)
   (target "/boot/efi")
   (keyboard-layout keyboard-layout)))
 (file-systems
  (cons* (file-system
          (mount-point "/")
          (device "/dev/sda")
          (type "ext4"))
         %base-file-systems)))