Home

oidc @main - refs - log -
- 
https://git.jolheiser.com/oidc.git
Simple OIDC callback viewer
tree log patch
nix Signed-off-by: jolheiser <git@jolheiser.com>
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQOgIyJUb6JdsMfJohD4Jd9MmJtJx1NXcR4GyPpYIHGMcJx/AkqcPZkqsU7k7UFbNby dwYqqoYg44uVkQkd4ECAs= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
1 month ago
9 changed files, 229 additions(+), 2 deletions(-)
flake.lockflake.nixgo.mod.srimain.gonix/default.nixnix/module.nixnix/overlay.nixnix/pkg.nixnix/vm.nix
I flake.lock
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000000000000000000000000000000000000..41c3d3a237d67b8cd0f27f8e06280771229ccd4a
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1752012998,
+        "narHash": "sha256-Q82Ms+FQmgOBkdoSVm+FBpuFoeUAffNerR5yVV7SgT8=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "2a2130494ad647f953593c4e84ea4df839fbd68c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
I flake.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000000000000000000000000000000000000..b27572c6dbe6243a55b1dc9fee75af3ab3a684f5
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,55 @@
+{
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+  outputs =
+    {
+      self,
+      nixpkgs,
+    }:
+    let
+      systems = [
+        "x86_64-linux"
+        "i686-linux"
+        "x86_64-darwin"
+        "aarch64-linux"
+        "armv6l-linux"
+        "armv7l-linux"
+      ];
+      forAllSystems = f: nixpkgs.lib.genAttrs systems f;
+    in
+    {
+      overlays.default = import ./nix/overlay.nix;
+      nixosModules.oidc-playground = import ./nix/module.nix;
+      nixosModules.default = self.nixosModules.oidc-playground;
+      packages = forAllSystems (system: import ./nix { pkgs = import nixpkgs { inherit system; }; });
+      nixosConfigurations.oidcVM = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./nix/vm.nix
+          {
+            virtualisation.vmVariant.virtualisation = {
+              cores = 2;
+              memorySize = 2048;
+              graphics = false;
+            };
+            system.stateVersion = "23.11";
+          }
+        ];
+      };
+      apps = forAllSystems (
+        system:
+        let
+          pkgs = import nixpkgs { inherit system; };
+        in
+        {
+          vm = {
+            type = "app";
+            program = "${pkgs.writeShellScript "vm" ''
+              nixos-rebuild build-vm --flake .#oidcVM
+              ./result/bin/run-nixos-vm
+              rm nixos.qcow2
+            ''}";
+          };
+        }
+      );
+    };
+}
I go.mod.sri
1
2
3
4
5
6
7
8

diff --git a/go.mod.sri b/go.mod.sri
new file mode 100644
index 0000000000000000000000000000000000000000..8c1ef3bf8d1fc770d2a6b4716a8c3b5fcda7f847
--- /dev/null
+++ b/go.mod.sri
@@ -0,0 +1 @@
+sha256-e0SQe88PGnJ6R7sZFUagVdCoPkYDLM3zEL2u9RW1vw0=
\ No newline at end of file
M main.gomain.go
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

diff --git a/main.go b/main.go
index 0f4240dc0d1ab48969c9aab39a907c608344d64d..1058143487dfe29aad786849ecbaece9bac8bbb0 100644
--- a/main.go
+++ b/main.go
@@ -281,9 +281,9 @@ 	fs := flag.NewFlagSet("oidc", flag.ExitOnError)
 	fs.StringVar(&args.clientProvider, "client-provider", "", "Default client provider (e.g. https://accounts.google.com)")
 	fs.StringVar(&args.clientID, "client-id", "", "Default client ID")
 	fs.StringVar(&args.clientSecret, "client-secret", "", "Default client secret")
-	fs.IntVar(&args.port, "port", 8000, "Port to run on")
+	fs.IntVar(&args.port, "port", 6432, "Port to run on")
 	fs.StringVar(&args.scopes, "scopes", "profile email", "Default scopes")
-	fs.StringVar(&args.origin, "origin", "http://localhost:8000", "Web origin")
+	fs.StringVar(&args.origin, "origin", "http://localhost:6432", "Web origin")
 	fs.String("config", ".env", "Env config")
 	if err := ff.Parse(fs, os.Args[1:],
 		ff.WithEnvVarPrefix("OIDC"),
I nix/default.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

diff --git a/nix/default.nix b/nix/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..42268e486cb5bb39c7077934b059cd26829c8253
--- /dev/null
+++ b/nix/default.nix
@@ -0,0 +1,10 @@
+{
+  pkgs ? import <nixpkgs> { },
+}:
+let
+  oidc-playground = pkgs.callPackage ./pkg.nix { inherit pkgs; };
+in
+{
+  inherit oidc-playground;
+  default = oidc-playground;
+}
I nix/module.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

diff --git a/nix/module.nix b/nix/module.nix
new file mode 100644
index 0000000000000000000000000000000000000000..66c530d2035c34055508c7ce3725db4150248040
--- /dev/null
+++ b/nix/module.nix
@@ -0,0 +1,83 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.oidc-playground;
+  pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
+in
+{
+  options.services.oidc-playground = {
+    enable = lib.mkEnableOption "OIDC Playground";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkg;
+      description = "OIDC Playground package";
+    };
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "oidc-playground";
+      description = "User to run as";
+    };
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "oidc-playground";
+      description = "Group to run as";
+    };
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 6432;
+      description = "Port to serve on";
+    };
+    origin = lib.mkOption {
+      type = lib.types.str;
+      default = "http://localhost:6432";
+      description = "Web origin";
+    };
+    issuer = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      example = "https://auth.example.com";
+      description = "Default issuer URL";
+    };
+    scopes = lib.mkOption {
+      type = lib.types.str;
+      default = "profile email";
+      description = "Default OIDC scopes";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services.oidc-playground = {
+      description = "OIDC Playground Service";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart =
+          let
+            args =
+              [
+                "--port=${builtins.toString cfg.port}"
+                "--origin=${cfg.origin}"
+                "--scopes=${lib.escapeShellArg cfg.scopes}"
+              ]
+              ++ lib.optionals (cfg.issuer != null) [
+                "--client-provider=${cfg.issuer}"
+              ];
+          in
+          "${lib.getExe cfg.package} ${lib.concatStringsSep " " args}";
+        Restart = "always";
+        User = cfg.user;
+        Group = cfg.group;
+      };
+    };
+    users = {
+      users.${cfg.user} = {
+        isSystemUser = true;
+        group = cfg.group;
+      };
+      groups.${cfg.group} = { };
+    };
+  };
+}
I nix/overlay.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

diff --git a/nix/overlay.nix b/nix/overlay.nix
new file mode 100644
index 0000000000000000000000000000000000000000..9d261ab9edc39eb6a16231263786bc7a143b7421
--- /dev/null
+++ b/nix/overlay.nix
@@ -0,0 +1,7 @@
+final: prev: {
+  nixosModules = prev.nixosModules or { } // {
+    mazanoke = import ./module.nix;
+  };
+
+  oidc-playground = final.callPackage ./pkg.nix { };
+}
I nix/pkg.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

diff --git a/nix/pkg.nix b/nix/pkg.nix
new file mode 100644
index 0000000000000000000000000000000000000000..bbbb643b1860ba95c01da227eee367baa3d9d9c5
--- /dev/null
+++ b/nix/pkg.nix
@@ -0,0 +1,29 @@
+{
+  pkgs ? import <nixpkgs> { },
+}:
+let
+  name = "oidc-playground";
+in
+pkgs.buildGoModule {
+  pname = name;
+  version = "main";
+  src = pkgs.nix-gitignore.gitignoreSource [ ] (
+    builtins.path {
+      inherit name;
+      path = ../.;
+    }
+  );
+  vendorHash = pkgs.lib.fileContents ../go.mod.sri;
+  env.CGO_ENABLED = 0;
+  flags = [ "-trimpath" ];
+  ldflags = [
+    "-s"
+    "-w"
+    "-extldflags -static"
+  ];
+  meta = {
+    description = "OIDC Playground";
+    homepage = "https://git.jolheiser.com/oidc";
+    mainProgram = "oidc";
+  };
+}
I nix/vm.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

diff --git a/nix/vm.nix b/nix/vm.nix
new file mode 100644
index 0000000000000000000000000000000000000000..3e64d39e613ddc0e1e64f9eeb15809aa603368ad
--- /dev/null
+++ b/nix/vm.nix
@@ -0,0 +1,15 @@
+{
+  imports = [ ./module.nix ];
+  services.getty.autologinUser = "root";
+  services.oidc-playground =
+    let
+      port = 8080;
+    in
+    {
+      enable = true;
+      scopes = "email profile foo bar";
+      issuer = "https://accounts.google.com";
+      inherit port;
+      origin = "http://localhost:${builtins.toString port}";
+    };
+}