From 27b48e2c45c70f2c656ffe401fef926ee8fb3083 Mon Sep 17 00:00:00 2001 From: Noah Metz Date: Mon, 27 Nov 2023 23:12:23 -0700 Subject: [PATCH] Initial commit of ldap.metznet.ca --- Makefile | 6 ++- machines/ldap.metznet.ca.scm | 41 +++++++++++++++++ machines/otto.scm | 86 ------------------------------------ system/base-system.scm | 4 +- 4 files changed, 47 insertions(+), 90 deletions(-) create mode 100644 machines/ldap.metznet.ca.scm delete mode 100644 machines/otto.scm diff --git a/Makefile b/Makefile index 15ba7f4..a7f582c 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ NONGUIX_DIR ?= ~/Code/nonguix -GUIX_IMAGE_CMD ?= guix system image --substitute-urls='https://bordeaux.guix.gnu.org' --image-type=qcow2 -L ./ -L $(NONGUIX_DIR) +GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://bordeaux.guix.gnu.org https://substitutes.nonguix.org' +GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR) +GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS) LIBVIRT_GROUP ?= libvirt machines/%.qcow2: machines/%.scm @@ -11,5 +13,5 @@ VM_CPU ?= 4 .PHONY: machines/% machines/%: machines/%.qcow2 - $(eval OVMF := $(shell guix build --substitute-urls='https://bordeaux.guix.gnu.org' ovmf)) + $(eval OVMF := $(shell guix build $(GUIX_SUBSTITUTE_FLAG) ovmf)) qemu-system-x86_64 -nic bridge,br=virbr0 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin diff --git a/machines/ldap.metznet.ca.scm b/machines/ldap.metznet.ca.scm new file mode 100644 index 0000000..613ac96 --- /dev/null +++ b/machines/ldap.metznet.ca.scm @@ -0,0 +1,41 @@ +(define-module (machines base-desktop) + #:use-module (system base-system) + #:use-module (guix gexp) + #:use-module (gnu) + #:use-module (gnu services configuration) + #:use-module (gnu packages openldap) + #:use-module (gnu packages admin)) + +(define-configuration/no-serialization slapd-configuration + (openldap (file-like openldap) + "openldap package to use") + (slapd-uris (list-of-strings (list + "ldap://" + "ldapi://")) + "slapd uris to accept connections to")) + +(define (slapd-accounts config) + (list (user-group + (name "slapd") + (system? #t)) + (user-account + (name "slapd") + (group "slapd") + (system? #t) + (comment "openldap service account") + (home-directory "/var/lib/slapd") + (shell #~(string-append #$shadow "/sbin/nologin"))))) + +(define slapd-service-type + (service-type (name 'slapd) + (description "openldap slapd service") + (extensions (list (service-extension account-service-type + slapd-accounts))) + (default-value (slapd-configuration)))) + +(operating-system + (inherit %metznet-base-server-system) + (host-name "ldap.metznet.ca") + (packages %metznet-server-packages) + (services + (append (list (service slapd-service-type)) %metznet-server-services))) diff --git a/machines/otto.scm b/machines/otto.scm deleted file mode 100644 index d7ebb07..0000000 --- a/machines/otto.scm +++ /dev/null @@ -1,86 +0,0 @@ -(define-module (machines otto) - #:use-module (gnu) - #:use-module (system base-system) - #:use-module (gnu packages ) - #:use-module (nongnu packages nvidia) - #:use-module (gnu packages networking) - #:use-module (gnu packages shells) - #:use-module (gnu packages pulseaudio) - #:use-module (gnu packages virtualization) - #:use-module (gnu packages spice) - #:use-module (gnu packages vulkan) - #:use-module (gnu packages pdf) - #:use-module (gnu packages commencement) - #:use-module (gnu packages base) - #:use-module (gnu packages embedded) - #:use-module (gnu packages linux) - #:use-module (gnu packages docker) - #:use-module (gnu services docker) - #:use-module (gnu packages audio) - #:use-module (gnu services cups) - #:use-module (gnu services virtualization) - #:use-module (gnu services networking) - #:use-module (gnu services xorg) - #:use-module (gnu services desktop) - #:use-module (gnu services dbus) - #:use-module (gnu services linux) - #:use-module (gnu packages cups) - #:use-module (gnu packages python) - #:use-module (gnu packages xorg) - #:use-module (gnu packages scanner) - #:use-module (gnu packages dns) - #:use-module (gnu services shepherd) - #:use-module (gnu services base) - #:export (otto-operating-system)) - -(define otto-operating-system - (operating-system - (inherit %metznet-base-desktop-system) - (host-name "otto") - (kernel-arguments '("modprobe.blacklist=nouveau")) - (packages (append (list blueman bluez bluez-alsa pulseaudio docker python openvswitch - qemu pavucontrol mupdf gcc-toolchain gnu-make - gcc-arm-none-eabi-7-2018-q2-update sane-backends-minimal xsane - cups xf86-video-nv xf86-input-libinput vulkan-loader vulkan-tools - (list isc-bind "utils")) %metznet-desktop-packages)) - (services (append (list - (simple-service 'blueman dbus-root-service-type (list blueman)) - (bluetooth-service #:auto-enable? #t) - (service docker-service-type) - (service openvswitch-service-type) - (set-xorg-configuration - (xorg-configuration - (keyboard-layout %default-keyboard-layout))) - (service sane-service-type) - (service cups-service-type - (cups-configuration - (web-interface? #t)))) - (modify-services %metznet-desktop-services - (udev-service-type config => - (udev-configuration (inherit config) - (rules (append (list - %usb-udev-rule) - (udev-configuration-rules config)))))))) - (users (cons* (user-account - (name "noah") - (comment "Noah Metz") - (group "users") - (home-directory "/home/noah") - (shell (file-append zsh "/bin/zsh")) - (supplementary-groups - `("wheel" "netdev" "audio" "video" "usb" "kvm" "lp" "docker"))) - %metznet-base-user-accounts)) - (file-systems - (cons* (file-system - (mount-point "/boot/efi") - (device (uuid "6E88-FE62" 'fat32)) - (type "vfat")) - (file-system - (mount-point "/") - (device - (uuid "ba93a043-9e58-466f-b90f-bf2a6bbf91fe" - 'ext4)) - (type "ext4")) - %base-file-systems)))) - -otto-operating-system diff --git a/system/base-system.scm b/system/base-system.scm index 828d630..73d942c 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -183,9 +183,9 @@ "ldap_tls_reqcert = never" "ldap_tls_cacertdir = /etc/ssl/certs" "ldap_search_base = ou=users,ou=accounts,dc=metznet,dc=ca" - (string-append "ldap_default_bind_dn = " (getenv "LDAP_BINDDN")) + (string-append "ldap_default_bind_dn = " (or (getenv "LDAP_BINDDN") "")) "ldap_default_authtok_type = password" - (string-append "ldap_default_authtok = " (getenv "LDAP_BINDPW"))) "\n"))) + (string-append "ldap_default_authtok = " (or (getenv "LDAP_BINDPW") ""))) "\n"))) (define metznet-service-type (service-type