MetzNet
/
metznet-channel
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

reorganized, ldap nsswitch not working

master
noah metz 2023-11-21 19:05:13 -07:00
parent d6e48ff25a
commit 3722bb85f0
4 changed files with 81 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
machines/base-desktop.scm
Unescape Escape View File

@ -0,0 +1,4 @@
(define-module (machines base-desktop)
#:use-module (system base-system))
%metznet-base-desktop-system

16
system/clients/otto.scm → machines/otto.scm
Unescape Escape View File

@ -1,8 +1,7 @@
(define-module (system clients otto) (define-module (machines otto)
#:use-module (gnu) #:use-module (gnu)
#:use-module (system base-system) #:use-module (system base-system)
#:use-module (gnu packages tex) #:use-module (gnu packages )
#:use-module (nongnu packages mozilla)
#:use-module (nongnu packages nvidia) #:use-module (nongnu packages nvidia)
#:use-module (gnu packages networking) #:use-module (gnu packages networking)
#:use-module (gnu packages shells) #:use-module (gnu packages shells)
@ -36,11 +35,11 @@
(define otto-operating-system (define otto-operating-system
(operating-system (operating-system
(inherit base-desktop-system) (inherit %metznet-base-desktop-system)
(host-name "otto") (host-name "otto")
(kernel-arguments '("modprobe.blacklist=nouveau")) (kernel-arguments '("modprobe.blacklist=nouveau"))
(packages (append (list blueman bluez bluez-alsa pulseaudio docker python openvswitch (packages (append (list blueman bluez bluez-alsa pulseaudio docker python openvswitch
qemu texlive firefox pavucontrol mupdf gcc-toolchain gnu-make qemu pavucontrol mupdf gcc-toolchain gnu-make
gcc-arm-none-eabi-7-2018-q2-update sane-backends-minimal xsane gcc-arm-none-eabi-7-2018-q2-update sane-backends-minimal xsane
cups xf86-video-nv xf86-input-libinput vulkan-loader vulkan-tools cups xf86-video-nv xf86-input-libinput vulkan-loader vulkan-tools
(list isc-bind "utils")) %metznet-desktop-packages)) (list isc-bind "utils")) %metznet-desktop-packages))
@ -63,14 +62,14 @@
%usb-udev-rule) %usb-udev-rule)
(udev-configuration-rules config)))))))) (udev-configuration-rules config))))))))
(users (cons* (user-account (users (cons* (user-account
(name "nmetz") (name "noah")
(comment "Noah Metz") (comment "Noah Metz")
(group "users") (group "users")
(home-directory "/home/nmetz") (home-directory "/home/noah")
(shell (file-append zsh "/bin/zsh")) (shell (file-append zsh "/bin/zsh"))
(supplementary-groups (supplementary-groups
`("wheel" "netdev" "audio" "video" "usb" "kvm" "lp" "docker"))) `("wheel" "netdev" "audio" "video" "usb" "kvm" "lp" "docker")))
%my-base-user-accounts)) %metznet-base-user-accounts))
(file-systems (file-systems
(cons* (file-system (cons* (file-system
(mount-point "/boot/efi") (mount-point "/boot/efi")
@ -84,3 +83,4 @@
(type "ext4")) (type "ext4"))
%base-file-systems)))) %base-file-systems))))
otto-operating-system

119
system/base-system.scm
Unescape Escape View File

@ -7,6 +7,7 @@
#:use-module (gnu system nss) #:use-module (gnu system nss)
#:use-module (gnu packages certs) #:use-module (gnu packages certs)
#:use-module (gnu services pm) #:use-module (gnu services pm)
#:use-module (gnu services authentication)
#:use-module (gnu services vpn) #:use-module (gnu services vpn)
#:use-module (gnu packages vpn) #:use-module (gnu packages vpn)
#:use-module (gnu services networking) #:use-module (gnu services networking)
@ -29,30 +30,35 @@
#:use-module (gnu packages version-control) #:use-module (gnu packages version-control)
#:use-module (nongnu system linux-initrd) #:use-module (nongnu system linux-initrd)
#:use-module (gnu system setuid) #:use-module (gnu system setuid)
#:use-module (ice-9 exceptions)) #:use-module (ice-9 exceptions)
#:export (get-env-default)
(define-public get-env-default #:export (%domain-realm)
(lambda (env default) #:export (%domain-name)
(or #:export (%domain-kadmin)
(getenv env) #:export (%domain-kdc)
default))) #:export (%metznet-base-user-accounts)
#:export (%metznet-base-groups)
(define kadmin-prefix #:export (%metznet-base-packages)
(get-env-default "KADMIN_PREFIX" "kadmin.")) #:export (%metznet-desktop-packages)
#:export (%metznet-server-packages)
(define kdc-prefix #:export (%metznet-setuid-programs)
(get-env-default "KDC_PREFIX" "kadmin.")) #:export (%default-keyboard-layout)
#:export (%kvm-udev-rule)
(define-public %domain-caps #:export (%usb-udev-rule)
(get-env-default "DOMAIN_CAPS" "METZNET.CA")) #:export (%tun-udev-rule)
#:export (%metznet-desktop-services)
(define-public %domain-name #:export (%metznet-server-services)
(get-env-default "DOMAIN_NAME" "metznet.ca")) #:export (%metznet-base-server-system)
#:export (%metznet-base-desktop-system))
(define-public %domain-kadmin (string-append kadmin-prefix %domain-name))
(define-public %domain-kdc (string-append kdc-prefix %domain-name)) (define %domain-realm "METZNET.CA")
(define-public %my-base-user-accounts (append (list (define %domain-name "metznet.ca")
(define %domain-kadmin (string-append "kerberos." %domain-name))
(define %domain-kdc (string-append "kerberos." %domain-name))
(define %metznet-base-user-accounts (append (list
(user-account (user-account
(name "root") (name "root")
(group "root") (group "root")
@ -61,7 +67,7 @@
(shell (file-append zsh "/bin/zsh")))) (shell (file-append zsh "/bin/zsh"))))
%base-user-accounts)) %base-user-accounts))
(define-public %my-base-groups (append (list (define %metznet-base-groups (append (list
(user-group (user-group
(system? #t) (system? #t)
(name "realtime")) (name "realtime"))
@ -70,13 +76,13 @@
(name "usb"))) (name "usb")))
%base-groups)) %base-groups))
(define-public %my-base-packages (append (list openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages)) (define %metznet-base-packages (append (list nss-pam-ldapd openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define-public %metznet-desktop-packages (append (list i3-wm i3status dmenu alacritty icecat) %my-base-packages)) (define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))
(define-public %metznet-server-packages (append (list isc-dhcp) %my-base-packages)) (define %metznet-server-packages (append (list isc-dhcp) %metznet-base-packages))
(define-public %desktop-setuid-programs (append (define %desktop-setuid-programs (append
(list (setuid-program (list (setuid-program
(program #~(string-append #$openvpn "/sbin/openvpn"))) (program #~(string-append #$openvpn "/sbin/openvpn")))
(setuid-program (setuid-program
@ -84,11 +90,11 @@
%setuid-programs)) %setuid-programs))
(define (krb5-config kdc-server kadmin) (krb5-configuration (define (krb5-config kdc-server kadmin) (krb5-configuration
(default-realm %domain-caps) (default-realm %domain-realm)
(allow-weak-crypto? #t) (allow-weak-crypto? #t)
(rdns? #f) (rdns? #f)
(realms (list (krb5-realm (realms (list (krb5-realm
(name %domain-caps) (name %domain-realm)
(admin-server kadmin) (admin-server kadmin)
(kdc kdc-server)))))) (kdc kdc-server))))))
@ -96,14 +102,14 @@
(pam-krb5 pam-krb5) (pam-krb5 pam-krb5)
(minimum-uid 1000))) (minimum-uid 1000)))
(define-public %default-keyboard-layout (keyboard-layout "us")) (define %default-keyboard-layout (keyboard-layout "us"))
(define-public %kvm-udev-rule (define %kvm-udev-rule
(udev-rule (udev-rule
"65-kvm.rules" "65-kvm.rules"
"KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\"")) "KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\""))
(define-public %usb-udev-rule (define %usb-udev-rule
(udev-rule (udev-rule
"51-usb.rules" "51-usb.rules"
(string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n" (string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n"
@ -119,10 +125,21 @@
"55-backlight.rules" "55-backlight.rules"
"RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\"")) "RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\""))
(define-public %metznet-desktop-services (define %metznet-name-service-switch
(let ((services (list (name-service (name "files"))
(name-service (name "ldap")))))
(name-service-switch
(password services)
(shadow services)
(group services))))
(define %metznet-desktop-services
(append (list (service openssh-service-type) (append (list (service openssh-service-type)
(service krb5-service-type (krb5-config %domain-kdc %domain-kadmin)) (service krb5-service-type (krb5-config %domain-kdc %domain-kadmin))
(service pam-krb5-service-type pam-krb5-config) (service pam-krb5-service-type pam-krb5-config)
(service nslcd-service-type (nslcd-configuration (base "dc=metznet,dc=ca")
(nss-pam-ldapd nss-pam-ldapd)
(uri (list "ldaps://ldap.metznet.ca/"))))
;(set-xorg-configuration ;(set-xorg-configuration
; (xorg-configuration ; (xorg-configuration
; (keyboard-layout %default-keyboard-layout))) ; (keyboard-layout %default-keyboard-layout)))
@ -152,13 +169,10 @@
(network-manager-configuration (inherit config) (network-manager-configuration (inherit config)
(vpn-plugins (list network-manager-openvpn))))))) (vpn-plugins (list network-manager-openvpn)))))))
(define-public %my-base-services (append (list (define %metznet-server-services (append (list
(service openssh-service-type) (service openssh-service-type)
(service krb5-service-type (krb5-config %domain-kdc %domain-kadmin)) (service krb5-service-type (krb5-config %domain-kdc %domain-kadmin))
(service pam-krb5-service-type pam-krb5-config)) (service pam-krb5-service-type pam-krb5-config)
%base-services))
(define-public %metznet-server-services (append (list
(service dhcp-client-service-type) (service dhcp-client-service-type)
(openvpn-client-service (openvpn-client-service
#:config (openvpn-client-configuration #:config (openvpn-client-configuration
@ -166,15 +180,16 @@
(pid-file "/var/run/openvpn/client.pid") (pid-file "/var/run/openvpn/client.pid")
(persist-key? #f) (persist-key? #f)
(tls-auth "/etc/openvpn/ta.key")))) (tls-auth "/etc/openvpn/ta.key"))))
%my-base-services)) %base-services))
(define-public base-operating-system (define %metznet-base-operating-system
(operating-system (operating-system
;; Hostname and localization information ;; Hostname and localization information
(host-name "base") (host-name "base")
(timezone "America/Edmonton") (timezone "America/Edmonton")
(locale "en_CA.utf8") (locale "en_CA.utf8")
(keyboard-layout %default-keyboard-layout) (keyboard-layout %default-keyboard-layout)
(name-service-switch %metznet-name-service-switch)
;; Kernel and firmware definitions ;; Kernel and firmware definitions
(kernel linux) (kernel linux)
(kernel-arguments (append '("console=ttyS0") %default-kernel-arguments)) (kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
@ -198,22 +213,22 @@
(type "xfs") (type "xfs")
(check? #f)) (check? #f))
%base-file-systems)) %base-file-systems))
(users %my-base-user-accounts) (users %metznet-base-user-accounts)
(groups %my-base-groups) (groups %metznet-base-groups)
(packages %my-base-packages) (packages %metznet-base-packages)
(services %my-base-services))) (services %metznet-base-services)))
(define-public base-server-system (define %metznet-base-server-system
(operating-system (operating-system
(inherit base-operating-system) (inherit %metznet-base-operating-system)
(host-name "base-server") (host-name "metznet-base-server")
(packages %metznet-server-packages) (packages %metznet-server-packages)
(services %metznet-server-services))) (services %metznet-server-services)))
(define-public base-desktop-system (define %metznet-base-desktop-system
(operating-system (operating-system
(inherit base-operating-system) (inherit %metznet-base-operating-system)
(host-name "base-desktop") (host-name "metznet-base-desktop")
(setuid-programs %desktop-setuid-programs) (setuid-programs %desktop-setuid-programs)
(packages %metznet-desktop-packages) (packages %metznet-desktop-packages)
(services %metznet-desktop-services))) (services %metznet-desktop-services)))

38
system/servers/ci.scm
Unescape Escape View File

@ -1,38 +0,0 @@
(define-module (system servers ci)
#:use-module (gnu)
#:use-module (gnu packages ci)
#:use-module (gnu services cuirass)
#:use-module (system base-system)
#:use-module (guix gexp)
#:export (ci-operating-system))
(define ci-operating-system
(operating-system
(inherit base-server-system)
(host-name "ci")
(packages (append (list cuirass) %metznet-server-packages))
(services (append (list
(service cuirass-service-type
(cuirass-configuration
(specifications #~(list (specification
(name "metznet-channel")
(build '(channels metznet-channel))
(channels
(cons (channel
(name 'metznet-channel)
(url "git://git.metznet.ca:metznet-channel.git"))
%default-channels)))))))) %metznet-server-services))
(file-systems
(cons* (file-system
(mount-point "/boot/efi")
(device (uuid "6E88-FE62" 'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device
(uuid "ba93a043-9e58-466f-b90f-bf2a6bbf91fe"
'ext4))
(type "ext4"))
%base-file-systems))))
ci-operating-system