blob: 4c7834c5d3376a340a7b78ead6e808b5dbf8e750 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
(define-module (vkraus services webid-oidc)
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:use-module (gnu system shadow)
#:use-module (gnu packages admin)
#:use-module (vkraus packages webid-oidc)
#:use-module (guix gexp)
#:use-module (guix modules)
#:use-module (guix records)
#:use-module (ice-9 match)
#:use-module (ice-9 optargs))
(define-record-type* <webid-oidc-issuer-configuration>
webid-oidc-issuer-configuration
make-webid-oidc-issuer-configuration
webid-oidc-issuer-configuration?
(webid-oidc webid-oidc-issuer-configuration-webid-oidc
(default webid-oidc))
(issuer webid-oidc-issuer-configuration-issuer)
(key-file webid-oidc-issuer-configuration-key-file
(default "/var/lib/webid-oidc/issuer/key.jwk"))
(subject webid-oidc-issuer-configuration-subject)
(password webid-oidc-issuer-configuration-password)
(jwks-uri webid-oidc-issuer-configuration-jwks-uri)
(authorization-endpoint-uri
webid-oidc-issuer-configuration-authorization-endpoint-uri)
(token-endpoint-uri
webid-oidc-issuer-configuration-token-endpoint-uri)
(port webid-oidc-issuer-configuration-port (default 8088))
(extra-options
webid-oidc-issuer-configuration-extra-options
(default '())))
(export <webid-oidc-issuer-configuration>
webid-oidc-issuer-configuration
make-webid-oidc-issuer-configuration
webid-oidc-issuer-configuration?
webid-oidc-issuer-configuration-webid-oidc
webid-oidc-issuer-configuration-issuer
webid-oidc-issuer-configuration-key-file
webid-oidc-issuer-configuration-subject
webid-oidc-issuer-configuration-password
webid-oidc-issuer-configuration-jwks-uri
webid-oidc-issuer-configuration-authorization-endpoint-uri
webid-oidc-issuer-configuration-token-endpoint-uri
webid-oidc-issuer-configuration-port
webid-oidc-issuer-configuration-extra-options)
(define webid-oidc-issuer-shepherd-service
(match-lambda
(($ <webid-oidc-issuer-configuration>
webid-oidc issuer key-file subject password jwks-uri
authorization-endpoint-uri token-endpoint-uri port
extra-options)
(with-imported-modules
(source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(webid-oidc-issuer))
(documentation "Run the Solid identity provider.")
(requirement '(user-processes))
(modules '((gnu build shepherd)
(gnu system file-systems)))
(start
#~(begin
(let* ((user (getpwnam "webid-oidc-issuer"))
(prepare-directory
(lambda (dir)
(mkdir-p dir)
(chown dir (passwd:uid user) (passwd:gid user))
(chmod dir #o700))))
(prepare-directory "/var/log/webid-oidc")
(prepare-directory "/var/lib/webid-oidc")
(prepare-directory "/var/cache/webid-oidc"))
(make-forkexec-constructor
(list
(string-append #$webid-oidc "/bin/webid-oidc-issuer")
"--issuer" #$issuer
"--key-file" #$key-file
"--subject" #$subject
"--password" #$password
"--jwks-uri" #$jwks-uri
"--authorization-endpoint-uri" #$authorization-endpoint-uri
"--token-endpoint-uri" #$token-endpoint-uri
"--port" (with-output-to-string (lambda () (display #$port)))
"--log-file" "issuer.log"
"--error-file" "issuer.err"
#$@extra-options)
#:user "webid-oidc-issuer"
#:group "webid-oidc-issuer"
#:directory "/var/log/webid-oidc"
#:environment-variables
`("XDG_DATA_HOME=/var/lib"
"XDG_CACHE_HOME=/var/cache"
"LANG=C"))))
(stop #~(make-kill-destructor))))))))
(define %webid-oidc-issuer-accounts
(list (user-group (name "webid-oidc-issuer")
(system? #t))
(user-account
(name "webid-oidc-issuer")
(group "webid-oidc-issuer")
(system? #t)
(comment "The user that runs the webid-oidc issuer.")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define-public webid-oidc-issuer-service-type
(service-type
(name 'webid-oidc-issuer)
(extensions
(list
(service-extension account-service-type
(const %webid-oidc-issuer-accounts))
(service-extension
shepherd-root-service-type
webid-oidc-issuer-shepherd-service)))))
|