2023-12-02 20:00:21 -07:00
|
|
|
(define-module (metznet aws)
|
|
|
|
|
|
|
|
#:use-module (gnu services)
|
|
|
|
#:use-module (guix gexp)
|
|
|
|
#:use-module (guix modules)
|
|
|
|
#:use-module (gnu services shepherd)
|
|
|
|
#:use-module (gnu packages certs)
|
2023-12-04 01:00:47 -07:00
|
|
|
#:use-module (gnu packages shells)
|
|
|
|
#:use-module (gnu system shadow)
|
2023-12-02 20:00:21 -07:00
|
|
|
#:use-module (guix build download)
|
|
|
|
|
|
|
|
#:export (aws-service-type))
|
|
|
|
|
|
|
|
(define guile-json
|
|
|
|
(module-ref (resolve-interface '(gnu packages guile))
|
|
|
|
'guile-json-4))
|
|
|
|
|
|
|
|
(define guile-zlib
|
|
|
|
(module-ref (resolve-interface '(gnu packages guile))
|
|
|
|
'guile-zlib))
|
|
|
|
|
|
|
|
(define gnutls
|
|
|
|
(module-ref (resolve-interface '(gnu packages tls))
|
|
|
|
'gnutls))
|
|
|
|
|
|
|
|
(define aws-pubkey-prog
|
|
|
|
(program-file "aws-pubkey"
|
|
|
|
(with-imported-modules (source-module-closure '((ice-9 receive)
|
|
|
|
(guix build
|
|
|
|
utils)
|
|
|
|
(guix build
|
|
|
|
download)
|
|
|
|
(web uri)
|
|
|
|
(ice-9
|
|
|
|
binary-ports)
|
|
|
|
(web client)))
|
|
|
|
|
|
|
|
(with-extensions (list guile-json
|
|
|
|
gnutls
|
|
|
|
guile-zlib)
|
|
|
|
#~(begin
|
|
|
|
(use-modules (ice-9
|
|
|
|
receive)
|
|
|
|
(guix
|
|
|
|
build
|
|
|
|
download)
|
|
|
|
(web
|
|
|
|
uri)
|
|
|
|
(web
|
|
|
|
client)
|
|
|
|
(ice-9
|
|
|
|
binary-ports))
|
|
|
|
(call-with-output-file "/etc/ssh/authorized_keys.d/aws"
|
|
|
|
(lambda (port)
|
|
|
|
(begin
|
|
|
|
(format (current-error-port)
|
|
|
|
"opened-file\n")
|
|
|
|
(put-bytevector
|
|
|
|
port
|
|
|
|
(receive (header
|
|
|
|
body)
|
|
|
|
(let ((uri
|
|
|
|
"http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key"))
|
|
|
|
(http-get
|
|
|
|
uri
|
|
|
|
#:port (open-connection-for-uri
|
|
|
|
(string->uri
|
|
|
|
uri)
|
|
|
|
#:timeout
|
|
|
|
5)
|
|
|
|
#:decode-body?
|
|
|
|
#f))
|
|
|
|
body))))))))))
|
|
|
|
|
|
|
|
;; this should really be an extension of the openssh service
|
|
|
|
(define (aws-pubkey-service config)
|
|
|
|
(list (shepherd-service (documentation "")
|
|
|
|
(provision '(aws-pubkey))
|
|
|
|
(requirement '(networking user-processes))
|
|
|
|
(one-shot? #t)
|
|
|
|
(respawn? #t)
|
|
|
|
(start #~(make-forkexec-constructor (list #$aws-pubkey-prog))))))
|
|
|
|
|
2023-12-04 01:00:47 -07:00
|
|
|
(define (aws-account-service config)
|
|
|
|
(list (user-group
|
|
|
|
(system? #t)
|
|
|
|
(name "aws"))
|
|
|
|
(user-account
|
|
|
|
(name "aws")
|
|
|
|
(group "aws")
|
|
|
|
(password (crypt "aws" "$6$change"))
|
|
|
|
(shell (file-append zsh "/bin/zsh")))))
|
|
|
|
|
2023-12-02 20:00:21 -07:00
|
|
|
(define-public aws-service-type
|
|
|
|
(service-type (name 'aws)
|
|
|
|
(description "AWS public key service")
|
|
|
|
(extensions (list (service-extension profile-service-type
|
|
|
|
(lambda (val)
|
|
|
|
val))
|
2023-12-04 01:00:47 -07:00
|
|
|
(service-extension account-service-type aws-account-service)
|
2023-12-02 20:00:21 -07:00
|
|
|
(service-extension
|
|
|
|
shepherd-root-service-type
|
|
|
|
aws-pubkey-service)))
|
|
|
|
(default-value (list le-certs nss-certs))))
|