metznet-channel/metznet/system/base-system.scm

(define-module (metznet system base-system)
  #:use-module (guix gexp)

  #:use-module (gnu bootloader)
  #:use-module (gnu bootloader grub)
  #:use-module (gnu system accounts)
  #:use-module (gnu system shadow)
  #:use-module (gnu system setuid)
  #:use-module (gnu services configuration)
  #:use-module (gnu system file-systems)
  #:use-module (gnu system)
  #:use-module (gnu system nss)
  #:use-module (gnu services kerberos)
  #:use-module (gnu services sssd)
  #:use-module (gnu services base)
  #:use-module (gnu services)
  #:use-module (gnu services desktop)
  #:use-module (gnu services networking)
  #:use-module (gnu services ssh)
  #:use-module (gnu services vpn)
  #:use-module (gnu system pam)
  #:use-module (gnu services dbus)
  #:use-module (gnu system keyboard)
  #:use-module (gnu packages admin)

  #:use-module (gnu packages slapd)
  #:use-module (gnu packages linux)

  #:use-module (gnu packages shells)
  #:use-module (gnu packages gnome)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages dns)
  #:use-module (gnu packages version-control)
  #:use-module (gnu packages vim)
  #:use-module (gnu packages certs)
  #:use-module (gnu packages kerberos)
  #:use-module (gnu packages vpn)
  #:use-module (gnu packages wm)
  #:use-module (gnu packages suckless)
  #:use-module (gnu packages terminals)
  #:use-module (gnu packages gnuzilla)

  #:export (%metznet-base-user-accounts)
  #:export (%metznet-base-groups)

  #:export (%metznet-desktop-packages)
  #:export (%metznet-base-packages)

  #:export (%kvm-udev-rule)
  #:export (%usb-udev-rule)
  #:export (%tun-udev-rule)

  #:export (%metznet-desktop-services)
  #:export (%metznet-server-services)

  #:export (metznet-service-type)
  #:export (metznet-system-configuration)

  #:export (%metznet-base-server-system)
  #:export (%metznet-base-desktop-system))

(define %domain-realm
  "METZNET.CA")

(define %domain-name
  "metznet.ca")

(define %domain-kadmin
  (string-append "kerberos." %domain-name))

(define %domain-kdc
  (string-append "kerberos." %domain-name))

(define %metznet-base-user-accounts
  (append (list (user-account
                  (name "root")
                  (group "root")
                  (uid 0)
                  (password (crypt (or (getenv "GUIX_ROOT_PW") "root")
                                   "$6$salt"))
                  (shell (file-append zsh "/bin/zsh")))) %base-user-accounts))

(define %metznet-base-groups
  (append (list (user-group
                  (system? #t)
                  (name "realtime"))
                (user-group
                  (system? #t)
                  (name "usb"))) %base-groups))

(define %metznet-base-packages
  (append (list openssh

                openldap-slapd
                strace

                git
                neovim
                zsh
                le-certs
                nss-certs
                mit-krb5) %base-packages))

(define %metznet-desktop-packages
  (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))

(define %desktop-setuid-programs
  (append (list (setuid-program
                  (program #~(string-append #$openvpn "/sbin/openvpn")))
                (setuid-program
                  (program #~(string-append #$openresolv "/sbin/resolvconf"))))
          %setuid-programs))

(define %metznet-krb5-config
  (krb5-configuration (default-realm %domain-realm)
                      (allow-weak-crypto? #t)
                      (rdns? #f)
                      (realms (list (krb5-realm (name %domain-realm)
                                                (admin-server %domain-kadmin)
                                                (kdc %domain-kdc))))))

(define %default-keyboard-layout
  (keyboard-layout "us"))

(define %kvm-udev-rule
  (udev-rule "65-kvm.rules"
             "KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\""))

(define %usb-udev-rule
  (udev-rule "51-usb.rules"
             (string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n"
                            "SUBSYSTEM==\"usbmisc\", GROUP=\"usb\"")))

(define %tun-udev-rule
  (udev-rule "90-tun.rules"
   "KERNEL==\"tun\", GROUP=\"netdev\", MODE=\"0660\", OPTIONS+=\"static_node=net/tun\""))

(define %backlight-udev-rule
  (udev-rule "55-backlight.rules"
   "RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\""))

(define %metznet-name-service-switch
  (let ((services (list (name-service (name "sss"))
                        (name-service (name "files")))))
    (name-service-switch (password services)
                         (shadow services)
                         (group services))))

(define list-of-strings?
  (list-of string?))

(define-maybe/no-serialization string)

(define (file-like-pair? val)
  (let ((name (car val))
        (file (cdr val)))
    (and (string? name)
         (file-like? file))))

(define alist-of-file-like?
  (list-of file-like-pair?))

(define-maybe file-like)

(define-configuration/no-serialization metznet-system-configuration
                                       (certs (file-like le-certs)
                                              "certificate package")
                                       (user-shells (alist-of-file-like (list (cons
                                                                               "/bin/zsh"
                                                                               zsh)))
                                                    "user shells to link")
                                       (pam-services (list-of-strings (list
                                                                       "su"
                                                                       "gdm-password"
                                                                       "login"
                                                                       "sshd"
                                                                       "passwd"))
                                        "list of pam services to configure"))

(define (pam-mkhomedir-service configuration)
  (lambda (pam)
    (if (member (pam-service-name pam)
                (metznet-system-configuration-pam-services configuration))
        (let ((required (pam-entry (control "required")
                                   (module "pam_mkhomedir.so"))))
          (pam-service (inherit pam)
                       (session (cons required
                                      (pam-service-account pam))))) pam)))

(define (pam-mkhomedir-services configuration)
  (list (pam-mkhomedir-service configuration)))

(define (shell-paths configuration)
  (map car
       (metznet-system-configuration-user-shells configuration)))

(define (shell-packages configuration)
  (map cdr
       (metznet-system-configuration-user-shells configuration)))

(define (metznet-activation configuration)
  #~(begin
      (let ((root (getpw "root")))
        (mkdir-p/perms "/var/lib/openvpn" root 448))
      (for-each (lambda (path package)
                  (unless (access? path F_OK)
                    (symlink (string-append package path) path)))
                (list #$@(shell-paths configuration))
                (list #$@(shell-packages configuration)))))

(define-public metznet-service-type
  (service-type (name 'metznet-service)
                (description "MetzNet Services")
                (extensions (list (service-extension activation-service-type
                                                     metznet-activation)
                                  (service-extension profile-service-type
                                                     (compose list
                                                      metznet-system-configuration-certs))
                                  (service-extension pam-root-service-type
                                                     pam-mkhomedir-services)))
                (default-value (metznet-system-configuration))))

(define %metznet-services
  (list (service openssh-service-type
                 (openssh-configuration (extra-content
                                         "KerberosAuthentication yes")))
        (service krb5-service-type %metznet-krb5-config)
        (service pam-krb5-service-type
                 (pam-krb5-configuration (pam-krb5 pam-krb5)
                                         (minimum-uid 1000)))
        (service sssd-service-type)
        (service metznet-service-type)))

(define %metznet-nscd-configuration
  (nscd-configuration (caches (append (list (nscd-cache (database 'passwd)
                                                        (positive-time-to-live
                                                         (* 3600 12))
                                                        (negative-time-to-live
                                                         20)
                                                        (persistent? #t))
                                            (nscd-cache (database 'group)
                                                        (positive-time-to-live
                                                         (* 3600 12))
                                                        (negative-time-to-live
                                                         20)
                                                        (persistent? #t)))
                                      %nscd-default-caches))))

(define %metznet-desktop-services
  (append %metznet-services
          (modify-services %desktop-services
            (nscd-service-type config => %metznet-nscd-configuration)
            (udev-service-type config =>
                               (udev-configuration (inherit config)
                                                   (rules (append (list
                                                                   %tun-udev-rule
                                                                   %backlight-udev-rule)
                                                                  (udev-configuration-rules
                                                                   config)))))
            (network-manager-service-type config =>
                                          (network-manager-configuration (inherit
                                                                          config)
                                                                         (vpn-plugins
                                                                          (list
                                                                           network-manager-openvpn)))))))

(define %base-services-nscd
  (modify-services %base-services
    (nscd-service-type config => %metznet-nscd-configuration)))

(define %server-services
  (append %metznet-services
          (list (service dbus-root-service-type)
                (service dhcp-client-service-type)
                (service openvpn-client-service-type
                         (openvpn-client-configuration (ca
                                                        "/var/lib/openvpn/ca.crt")
                                                       (cert
                                                        "/var/lib/openvpn/client.crt")
                                                       (key
                                                        "/var/lib/openvpn/client.key")
                                                       (tls-auth
                                                        "/var/lib/openvpn/ta.key")
                                                       (persist-key? #f)
                                                       (remote (list (openvpn-remote-configuration
                                                                      (name
                                                                       "vpn.metznet.ca")))))))))

(define %metznet-server-services
  (append %server-services %base-services-nscd))

(define %metznet-base-server-system
  (operating-system
    (host-name "metznet-base-server")
    (timezone "America/Edmonton")
    (locale "en_CA.utf8")
    (keyboard-layout %default-keyboard-layout)
    (name-service-switch %metznet-name-service-switch)
    (kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
    (bootloader (bootloader-configuration
                  (bootloader grub-efi-bootloader)
                  (targets '("/boot/efi"))
                  (keyboard-layout keyboard-layout)))
    (file-systems (cons* (file-system
                           (mount-point "/")
                           (device (file-system-label "guix-data"))
                           (type "ext4")
                           (check? #f))
                         (file-system
                           (mount-point "/boot/efi")
                           (device (file-system-label "guix-boot"))
                           (type "fat32")
                           (check? #f)) %base-file-systems))
    (users %metznet-base-user-accounts)
    (groups %metznet-base-groups)
    (packages %metznet-base-packages)
    (services
     %metznet-server-services)))

(define %metznet-base-desktop-system
  (operating-system
    (inherit %metznet-base-server-system)
    (host-name "metznet-base-desktop")
    (setuid-programs %desktop-setuid-programs)
    (packages %metznet-desktop-packages)
    (services
     %metznet-desktop-services)))
Moved machines/system under metznet, and removed nonguix dependency 2023-12-02 17:19:54 -07:00			`(define-module (metznet system base-system)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (guix gexp)`

			`#:use-module (gnu bootloader)`
			`#:use-module (gnu bootloader grub)`
			`#:use-module (gnu system accounts)`
			`#:use-module (gnu system shadow)`
Added openssh-ldap to test libnss-pam-ldapd as an propagated-input to openssh 2023-11-24 11:36:43 -07:00			`#:use-module (gnu system setuid)`
Got kdc working 2023-11-30 13:52:13 -07:00			`#:use-module (gnu services configuration)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu system file-systems)`
			`#:use-module (gnu system)`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00			`#:use-module (gnu system nss)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu services kerberos)`
			`#:use-module (gnu services sssd)`
			`#:use-module (gnu services base)`
Moved from nscd to sssd 2023-11-27 18:08:03 -07:00			`#:use-module (gnu services)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu services desktop)`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00			`#:use-module (gnu services networking)`
			`#:use-module (gnu services ssh)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu services vpn)`
			`#:use-module (gnu system pam)`
			`#:use-module (gnu services dbus)`
			`#:use-module (gnu system keyboard)`
			`#:use-module (gnu packages admin)`
Got kdc working 2023-11-30 13:52:13 -07:00
			`#:use-module (gnu packages slapd)`
			`#:use-module (gnu packages linux)`

guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu packages shells)`
			`#:use-module (gnu packages gnome)`
Got LDAP login working(needed to make sure nscd was the only app that loaded libnss_ldap.so) 2023-11-26 14:58:54 -07:00			`#:use-module (gnu packages ssh)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu packages dns)`
			`#:use-module (gnu packages version-control)`
Added openssh-ldap to test libnss-pam-ldapd as an propagated-input to openssh 2023-11-24 11:36:43 -07:00			`#:use-module (gnu packages vim)`
			`#:use-module (gnu packages certs)`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00			`#:use-module (gnu packages kerberos)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu packages vpn)`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00			`#:use-module (gnu packages wm)`
			`#:use-module (gnu packages suckless)`
			`#:use-module (gnu packages terminals)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:use-module (gnu packages gnuzilla)`

reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`#:export (%metznet-base-user-accounts)`
			`#:export (%metznet-base-groups)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`#:export (%metznet-desktop-packages)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`#:export (%metznet-base-packages)`

reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`#:export (%kvm-udev-rule)`
			`#:export (%usb-udev-rule)`
			`#:export (%tun-udev-rule)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`#:export (%metznet-desktop-services)`
			`#:export (%metznet-server-services)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00			`#:export (metznet-service-type)`
			`#:export (metznet-system-configuration)`

reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`#:export (%metznet-base-server-system)`
			`#:export (%metznet-base-desktop-system))`

guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(define %domain-realm`
			`"METZNET.CA")`

			`(define %domain-name`
			`"metznet.ca")`

			`(define %domain-kadmin`
			`(string-append "kerberos." %domain-name))`

			`(define %domain-kdc`
			`(string-append "kerberos." %domain-name))`

			`(define %metznet-base-user-accounts`
			`(append (list (user-account`
			`(name "root")`
			`(group "root")`
			`(uid 0)`
Moved all machines to defines, and styles 2023-11-30 18:26:00 -07:00			`(password (crypt (or (getenv "GUIX_ROOT_PW") "root")`
			`"$6$salt"))`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(shell (file-append zsh "/bin/zsh")))) %base-user-accounts))`

			`(define %metznet-base-groups`
			`(append (list (user-group`
			`(system? #t)`
			`(name "realtime"))`
			`(user-group`
			`(system? #t)`
			`(name "usb"))) %base-groups))`

			`(define %metznet-base-packages`
			`(append (list openssh`
Got kdc working 2023-11-30 13:52:13 -07:00
			`openldap-slapd`
			`strace`

guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`git`
			`neovim`
			`zsh`
			`le-certs`
			`nss-certs`
			`mit-krb5) %base-packages))`

			`(define %metznet-desktop-packages`
			`(append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))`

			`(define %desktop-setuid-programs`
			`(append (list (setuid-program`
			`(program #~(string-append #$openvpn "/sbin/openvpn")))`
			`(setuid-program`
			`(program #~(string-append #$openresolv "/sbin/resolvconf"))))`
			`%setuid-programs))`

			`(define %metznet-krb5-config`
			`(krb5-configuration (default-realm %domain-realm)`
			`(allow-weak-crypto? #t)`
			`(rdns? #f)`
			`(realms (list (krb5-realm (name %domain-realm)`
			`(admin-server %domain-kadmin)`
			`(kdc %domain-kdc))))))`

			`(define %default-keyboard-layout`
			`(keyboard-layout "us"))`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`(define %kvm-udev-rule`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(udev-rule "65-kvm.rules"`
			`"KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\""))`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`(define %usb-udev-rule`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(udev-rule "51-usb.rules"`
			`(string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n"`
			`"SUBSYSTEM==\"usbmisc\", GROUP=\"usb\"")))`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00
			`(define %tun-udev-rule`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(udev-rule "90-tun.rules"`
			`"KERNEL==\"tun\", GROUP=\"netdev\", MODE=\"0660\", OPTIONS+=\"static_node=net/tun\""))`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00
			`(define %backlight-udev-rule`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(udev-rule "55-backlight.rules"`
			`"RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\""))`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`(define %metznet-name-service-switch`
Moved from nscd to sssd 2023-11-27 18:08:03 -07:00			`(let ((services (list (name-service (name "sss"))`
Added openssh-ldap to test libnss-pam-ldapd as an propagated-input to openssh 2023-11-24 11:36:43 -07:00			`(name-service (name "files")))))`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(name-service-switch (password services)`
			`(shadow services)`
			`(group services))))`
Added Makefile, removed krb5 pam auth. Need to create user directory on login(pam_mkhomedir) and provide the shell binaries at the right path(/bin/zsh in most cases). 2023-11-22 12:26:17 -07:00
Moved all machines to defines, and styles 2023-11-30 18:26:00 -07:00			`(define list-of-strings?`
			`(list-of string?))`
Got kdc working 2023-11-30 13:52:13 -07:00
Use environment for paths 2023-12-01 01:27:39 -07:00			`(define-maybe/no-serialization string)`

			`(define (file-like-pair? val)`
			`(let ((name (car val))`
			`(file (cdr val)))`
Fixed channels.scm gexpr 2023-12-01 17:17:15 -07:00			`(and (string? name)`
			`(file-like? file))))`
Use environment for paths 2023-12-01 01:27:39 -07:00
Fixed channels.scm gexpr 2023-12-01 17:17:15 -07:00			`(define alist-of-file-like?`
			`(list-of file-like-pair?))`
Use environment for paths 2023-12-01 01:27:39 -07:00
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00			`(define-maybe file-like)`

Moved all machines to defines, and styles 2023-11-30 18:26:00 -07:00			`(define-configuration/no-serialization metznet-system-configuration`
			`(certs (file-like le-certs)`
			`"certificate package")`
Fixed channels.scm gexpr 2023-12-01 17:17:15 -07:00			`(user-shells (alist-of-file-like (list (cons`
			`"/bin/zsh"`
			`zsh)))`
			`"user shells to link")`
Updated base-system.scm 2023-11-30 19:56:49 -07:00			`(pam-services (list-of-strings (list`
			`"su"`
			`"gdm-password"`
			`"login"`
			`"sshd"`
			`"passwd"))`
			`"list of pam services to configure"))`
Got kdc working 2023-11-30 13:52:13 -07:00
			`(define (pam-mkhomedir-service configuration)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(lambda (pam)`
Moved all machines to defines, and styles 2023-11-30 18:26:00 -07:00			`(if (member (pam-service-name pam)`
			`(metznet-system-configuration-pam-services configuration))`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(let ((required (pam-entry (control "required")`
			`(module "pam_mkhomedir.so"))))`
			`(pam-service (inherit pam)`
			`(session (cons required`
			`(pam-service-account pam))))) pam)))`
Added openssh-ldap to test libnss-pam-ldapd as an propagated-input to openssh 2023-11-24 11:36:43 -07:00
Got kdc working 2023-11-30 13:52:13 -07:00			`(define (pam-mkhomedir-services configuration)`
			`(list (pam-mkhomedir-service configuration)))`
Added openssh-ldap to test libnss-pam-ldapd as an propagated-input to openssh 2023-11-24 11:36:43 -07:00
Use environment for paths 2023-12-01 01:27:39 -07:00			`(define (shell-paths configuration)`
Fixed channels.scm gexpr 2023-12-01 17:17:15 -07:00			`(map car`
			`(metznet-system-configuration-user-shells configuration)))`
Use environment for paths 2023-12-01 01:27:39 -07:00
			`(define (shell-packages configuration)`
Fixed channels.scm gexpr 2023-12-01 17:17:15 -07:00			`(map cdr`
			`(metznet-system-configuration-user-shells configuration)))`
Use environment for paths 2023-12-01 01:27:39 -07:00
Got kdc working 2023-11-30 13:52:13 -07:00			`(define (metznet-activation configuration)`
Removed copy of openvpn files to store, now expected to be at '/var/lib/openvpn' 2023-12-02 21:02:28 -07:00			`#~(begin`
			`(let ((root (getpw "root")))`
			`(mkdir-p/perms "/var/lib/openvpn" root 448))`
			`(for-each (lambda (path package)`
Fixed channels.scm gexpr 2023-12-01 17:17:15 -07:00			`(unless (access? path F_OK)`
Removed copy of openvpn files to store, now expected to be at '/var/lib/openvpn' 2023-12-02 21:02:28 -07:00			`(symlink (string-append package path) path)))`
			`(list #$@(shell-paths configuration))`
			`(list #$@(shell-packages configuration)))))`
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00
			`(define-public metznet-service-type`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(service-type (name 'metznet-service)`
			`(description "MetzNet Services")`
			`(extensions (list (service-extension activation-service-type`
			`metznet-activation)`
Got kdc working 2023-11-30 13:52:13 -07:00			`(service-extension profile-service-type`
Moved all machines to defines, and styles 2023-11-30 18:26:00 -07:00			`(compose list`
			`metznet-system-configuration-certs))`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(service-extension pam-root-service-type`
			`pam-mkhomedir-services)))`
Got kdc working 2023-11-30 13:52:13 -07:00			`(default-value (metznet-system-configuration))))`
added base-server.scm, and moved nslcd config to variable 2023-11-22 12:30:06 -07:00
Added openssh-ldap to test libnss-pam-ldapd as an propagated-input to openssh 2023-11-24 11:36:43 -07:00			`(define %metznet-services`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(list (service openssh-service-type`
			`(openssh-configuration (extra-content`
			`"KerberosAuthentication yes")))`
			`(service krb5-service-type %metznet-krb5-config)`
			`(service pam-krb5-service-type`
			`(pam-krb5-configuration (pam-krb5 pam-krb5)`
			`(minimum-uid 1000)))`
Fixed typo in openvpn and moved pam list for sssd to defaults 2023-12-02 19:12:12 -07:00			`(service sssd-service-type)`
Got kdc working 2023-11-30 13:52:13 -07:00			`(service metznet-service-type)))`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00
			`(define %metznet-nscd-configuration`
			`(nscd-configuration (caches (append (list (nscd-cache (database 'passwd)`
			`(positive-time-to-live`
			`(* 3600 12))`
			`(negative-time-to-live`
			`20)`
			`(persistent? #t))`
			`(nscd-cache (database 'group)`
			`(positive-time-to-live`
			`(* 3600 12))`
			`(negative-time-to-live`
			`20)`
			`(persistent? #t)))`
			`%nscd-default-caches))))`
Added openssh-ldap to test libnss-pam-ldapd as an propagated-input to openssh 2023-11-24 11:36:43 -07:00
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`(define %metznet-desktop-services`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(append %metznet-services`
			`(modify-services %desktop-services`
			`(nscd-service-type config => %metznet-nscd-configuration)`
			`(udev-service-type config =>`
			`(udev-configuration (inherit config)`
			`(rules (append (list`
			`%tun-udev-rule`
			`%backlight-udev-rule)`
			`(udev-configuration-rules`
			`config)))))`
			`(network-manager-service-type config =>`
			`(network-manager-configuration (inherit`
			`config)`
			`(vpn-plugins`
			`(list`
			`network-manager-openvpn)))))))`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00			`(define %base-services-nscd`
			`(modify-services %base-services`
			`(nscd-service-type config => %metznet-nscd-configuration)))`

			`(define %server-services`
Configured PAM correctly to login desktop users 2023-11-27 11:26:54 -07:00			`(append %metznet-services`
moved all files in config to file-likes 2023-12-02 02:49:54 -07:00			`(list (service dbus-root-service-type)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(service dhcp-client-service-type)`
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00			`(service openvpn-client-service-type`
Removed copy of openvpn files to store, now expected to be at '/var/lib/openvpn' 2023-12-02 21:02:28 -07:00			`(openvpn-client-configuration (ca`
			`"/var/lib/openvpn/ca.crt")`
			`(cert`
			`"/var/lib/openvpn/client.crt")`
			`(key`
			`"/var/lib/openvpn/client.key")`
			`(tls-auth`
			`"/var/lib/openvpn/ta.key")`
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00			`(persist-key? #f)`
			`(remote (list (openvpn-remote-configuration`
			`(name`
Removed copy of openvpn files to store, now expected to be at '/var/lib/openvpn' 2023-12-02 21:02:28 -07:00			`"vpn.metznet.ca")))))))))`
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00
			`(define %metznet-server-services`
			`(append %server-services %base-services-nscd))`

			`(define %metznet-base-server-system`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00			`(operating-system`
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00			`(host-name "metznet-base-server")`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00			`(timezone "America/Edmonton")`
			`(locale "en_CA.utf8")`
			`(keyboard-layout %default-keyboard-layout)`
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`(name-service-switch %metznet-name-service-switch)`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00			`(kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(bootloader (bootloader-configuration`
Removed grub-efi-fix 2023-12-01 15:10:16 -07:00			`(bootloader grub-efi-bootloader)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(targets '("/boot/efi"))`
			`(keyboard-layout keyboard-layout)))`
			`(file-systems (cons* (file-system`
			`(mount-point "/")`
Added efi partiton back 2023-11-30 17:52:15 -07:00			`(device (file-system-label "guix-data"))`
Changed xfs to ext4 2023-11-30 18:19:49 -07:00			`(type "ext4")`
Added efi partiton back 2023-11-30 17:52:15 -07:00			`(check? #f))`
Moved all machines to defines, and styles 2023-11-30 18:26:00 -07:00			`(file-system`
Added efi partiton back 2023-11-30 17:52:15 -07:00			`(mount-point "/boot/efi")`
			`(device (file-system-label "guix-boot"))`
			`(type "fat32")`
Moved all machines to defines, and styles 2023-11-30 18:26:00 -07:00			`(check? #f)) %base-file-systems))`
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`(users %metznet-base-user-accounts)`
			`(groups %metznet-base-groups)`
			`(packages %metznet-base-packages)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(services`
			`%metznet-server-services)))`
Moved system files to channel and added libutp 2022-09-17 19:28:48 -06:00
reorganized, ldap nsswitch not working 2023-11-21 19:05:13 -07:00			`(define %metznet-base-desktop-system`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(operating-system`
Fixed vm target(it didn't like me writing to etc/guix/channels.scm 2023-12-02 11:12:38 -07:00			`(inherit %metznet-base-server-system)`
guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working) 2023-11-29 17:52:49 -07:00			`(host-name "metznet-base-desktop")`
			`(setuid-programs %desktop-setuid-programs)`
			`(packages %metznet-desktop-packages)`
			`(services`
			`%metznet-desktop-services)))`