blob: 704c746cc47a963b3df7ba3bd7683a21dbe9beb3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
(define-module (vkraus systems webid-oidc)
#:use-module (gnu)
#:use-module (guix)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (vkraus services webid-oidc)
#:use-module (vkraus packages webid-oidc)
#:use-module (gnu services web))
(operating-system
(locale "fr_FR.utf8")
(timezone "Europe/Paris")
(keyboard-layout (keyboard-layout "fr"))
(host-name "webid-oidc-issuer")
(users %base-user-accounts)
(packages
(append
(list (specification->package "nss-certs"))
%base-packages))
(services
(append
(cons*
(service webid-oidc-issuer-service-type
(webid-oidc-issuer-configuration
(webid-oidc webid-oidc-snapshot)
(issuer "http://localhost:8080")
(subject "http://localhost:8080/profile/card#me")
(password "p4ssw0rd")
(jwks-uri "http://localhost:8080/keys")
(authorization-endpoint-uri "http://localhost:8080/authorize")
(token-endpoint-uri "http://localhost:8080/token")
(port 8080)))
(service webid-oidc-hello-service-type
(webid-oidc-hello-configuration
(webid-oidc webid-oidc-snapshot)
(port 8081)))
(service nginx-service-type
(nginx-configuration
(upstream-blocks
(list
(nginx-upstream-configuration
(name "issuer")
(servers (list "localhost:8080")))
(nginx-upstream-configuration
(name "server")
(servers (list "localhost:8081")))))
(server-blocks
(list
(nginx-server-configuration
(server-name '("localhost"))
(listen '("80"))
(locations
(list
(nginx-location-configuration
(uri "/profile/card")
(body (list "proxy_pass http://issuer;")))
(nginx-location-configuration
(uri "/keys")
(body (list "proxy_pass http://issuer;")))
(nginx-location-configuration
(uri "/authorize")
(body (list "proxy_pass http://issuer;")))
(nginx-location-configuration
(uri "/token")
(body (list "proxy_pass http://issuer;")))
(nginx-location-configuration
(uri "/")
(body (list "proxy_pass http://server;"))))))))))
%base-services)))
(bootloader
(bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")
(keyboard-layout keyboard-layout)))
(file-systems
(cons* (file-system
(mount-point "/")
(device "/dev/sda")
(type "ext4"))
%base-file-systems)))
|