|
|
|
@ -7,6 +7,7 @@
|
|
|
|
|
#:use-module (gnu system nss)
|
|
|
|
|
#:use-module (gnu packages certs)
|
|
|
|
|
#:use-module (gnu services pm)
|
|
|
|
|
#:use-module (gnu services authentication)
|
|
|
|
|
#:use-module (gnu services vpn)
|
|
|
|
|
#:use-module (gnu packages vpn)
|
|
|
|
|
#:use-module (gnu services networking)
|
|
|
|
@ -29,30 +30,35 @@
|
|
|
|
|
#:use-module (gnu packages version-control)
|
|
|
|
|
#:use-module (nongnu system linux-initrd)
|
|
|
|
|
#:use-module (gnu system setuid)
|
|
|
|
|
#:use-module (ice-9 exceptions))
|
|
|
|
|
|
|
|
|
|
(define-public get-env-default
|
|
|
|
|
(lambda (env default)
|
|
|
|
|
(or
|
|
|
|
|
(getenv env)
|
|
|
|
|
default)))
|
|
|
|
|
|
|
|
|
|
(define kadmin-prefix
|
|
|
|
|
(get-env-default "KADMIN_PREFIX" "kadmin."))
|
|
|
|
|
|
|
|
|
|
(define kdc-prefix
|
|
|
|
|
(get-env-default "KDC_PREFIX" "kadmin."))
|
|
|
|
|
|
|
|
|
|
(define-public %domain-caps
|
|
|
|
|
(get-env-default "DOMAIN_CAPS" "METZNET.CA"))
|
|
|
|
|
|
|
|
|
|
(define-public %domain-name
|
|
|
|
|
(get-env-default "DOMAIN_NAME" "metznet.ca"))
|
|
|
|
|
|
|
|
|
|
(define-public %domain-kadmin (string-append kadmin-prefix %domain-name))
|
|
|
|
|
(define-public %domain-kdc (string-append kdc-prefix %domain-name))
|
|
|
|
|
|
|
|
|
|
(define-public %my-base-user-accounts (append (list
|
|
|
|
|
#:use-module (ice-9 exceptions)
|
|
|
|
|
#:export (get-env-default)
|
|
|
|
|
#:export (%domain-realm)
|
|
|
|
|
#:export (%domain-name)
|
|
|
|
|
#:export (%domain-kadmin)
|
|
|
|
|
#:export (%domain-kdc)
|
|
|
|
|
#:export (%metznet-base-user-accounts)
|
|
|
|
|
#:export (%metznet-base-groups)
|
|
|
|
|
#:export (%metznet-base-packages)
|
|
|
|
|
#:export (%metznet-desktop-packages)
|
|
|
|
|
#:export (%metznet-server-packages)
|
|
|
|
|
#:export (%metznet-setuid-programs)
|
|
|
|
|
#:export (%default-keyboard-layout)
|
|
|
|
|
#:export (%kvm-udev-rule)
|
|
|
|
|
#:export (%usb-udev-rule)
|
|
|
|
|
#:export (%tun-udev-rule)
|
|
|
|
|
#:export (%metznet-desktop-services)
|
|
|
|
|
#:export (%metznet-server-services)
|
|
|
|
|
#:export (%metznet-base-server-system)
|
|
|
|
|
#:export (%metznet-base-desktop-system))
|
|
|
|
|
|
|
|
|
|
(define %domain-realm "METZNET.CA")
|
|
|
|
|
|
|
|
|
|
(define %domain-name "metznet.ca")
|
|
|
|
|
|
|
|
|
|
(define %domain-kadmin (string-append "kerberos." %domain-name))
|
|
|
|
|
(define %domain-kdc (string-append "kerberos." %domain-name))
|
|
|
|
|
|
|
|
|
|
(define %metznet-base-user-accounts (append (list
|
|
|
|
|
(user-account
|
|
|
|
|
(name "root")
|
|
|
|
|
(group "root")
|
|
|
|
@ -61,7 +67,7 @@
|
|
|
|
|
(shell (file-append zsh "/bin/zsh"))))
|
|
|
|
|
%base-user-accounts))
|
|
|
|
|
|
|
|
|
|
(define-public %my-base-groups (append (list
|
|
|
|
|
(define %metznet-base-groups (append (list
|
|
|
|
|
(user-group
|
|
|
|
|
(system? #t)
|
|
|
|
|
(name "realtime"))
|
|
|
|
@ -70,13 +76,13 @@
|
|
|
|
|
(name "usb")))
|
|
|
|
|
%base-groups))
|
|
|
|
|
|
|
|
|
|
(define-public %my-base-packages (append (list openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages))
|
|
|
|
|
(define %metznet-base-packages (append (list nss-pam-ldapd openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages))
|
|
|
|
|
|
|
|
|
|
(define-public %metznet-desktop-packages (append (list i3-wm i3status dmenu alacritty icecat) %my-base-packages))
|
|
|
|
|
(define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))
|
|
|
|
|
|
|
|
|
|
(define-public %metznet-server-packages (append (list isc-dhcp) %my-base-packages))
|
|
|
|
|
(define %metznet-server-packages (append (list isc-dhcp) %metznet-base-packages))
|
|
|
|
|
|
|
|
|
|
(define-public %desktop-setuid-programs (append
|
|
|
|
|
(define %desktop-setuid-programs (append
|
|
|
|
|
(list (setuid-program
|
|
|
|
|
(program #~(string-append #$openvpn "/sbin/openvpn")))
|
|
|
|
|
(setuid-program
|
|
|
|
@ -84,11 +90,11 @@
|
|
|
|
|
%setuid-programs))
|
|
|
|
|
|
|
|
|
|
(define (krb5-config kdc-server kadmin) (krb5-configuration
|
|
|
|
|
(default-realm %domain-caps)
|
|
|
|
|
(default-realm %domain-realm)
|
|
|
|
|
(allow-weak-crypto? #t)
|
|
|
|
|
(rdns? #f)
|
|
|
|
|
(realms (list (krb5-realm
|
|
|
|
|
(name %domain-caps)
|
|
|
|
|
(name %domain-realm)
|
|
|
|
|
(admin-server kadmin)
|
|
|
|
|
(kdc kdc-server))))))
|
|
|
|
|
|
|
|
|
@ -96,14 +102,14 @@
|
|
|
|
|
(pam-krb5 pam-krb5)
|
|
|
|
|
(minimum-uid 1000)))
|
|
|
|
|
|
|
|
|
|
(define-public %default-keyboard-layout (keyboard-layout "us"))
|
|
|
|
|
(define %default-keyboard-layout (keyboard-layout "us"))
|
|
|
|
|
|
|
|
|
|
(define-public %kvm-udev-rule
|
|
|
|
|
(define %kvm-udev-rule
|
|
|
|
|
(udev-rule
|
|
|
|
|
"65-kvm.rules"
|
|
|
|
|
"KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\""))
|
|
|
|
|
|
|
|
|
|
(define-public %usb-udev-rule
|
|
|
|
|
(define %usb-udev-rule
|
|
|
|
|
(udev-rule
|
|
|
|
|
"51-usb.rules"
|
|
|
|
|
(string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n"
|
|
|
|
@ -119,10 +125,21 @@
|
|
|
|
|
"55-backlight.rules"
|
|
|
|
|
"RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\""))
|
|
|
|
|
|
|
|
|
|
(define-public %metznet-desktop-services
|
|
|
|
|
(define %metznet-name-service-switch
|
|
|
|
|
(let ((services (list (name-service (name "files"))
|
|
|
|
|
(name-service (name "ldap")))))
|
|
|
|
|
(name-service-switch
|
|
|
|
|
(password services)
|
|
|
|
|
(shadow services)
|
|
|
|
|
(group services))))
|
|
|
|
|
|
|
|
|
|
(define %metznet-desktop-services
|
|
|
|
|
(append (list (service openssh-service-type)
|
|
|
|
|
(service krb5-service-type (krb5-config %domain-kdc %domain-kadmin))
|
|
|
|
|
(service pam-krb5-service-type pam-krb5-config)
|
|
|
|
|
(service nslcd-service-type (nslcd-configuration (base "dc=metznet,dc=ca")
|
|
|
|
|
(nss-pam-ldapd nss-pam-ldapd)
|
|
|
|
|
(uri (list "ldaps://ldap.metznet.ca/"))))
|
|
|
|
|
;(set-xorg-configuration
|
|
|
|
|
; (xorg-configuration
|
|
|
|
|
; (keyboard-layout %default-keyboard-layout)))
|
|
|
|
@ -152,13 +169,10 @@
|
|
|
|
|
(network-manager-configuration (inherit config)
|
|
|
|
|
(vpn-plugins (list network-manager-openvpn)))))))
|
|
|
|
|
|
|
|
|
|
(define-public %my-base-services (append (list
|
|
|
|
|
(define %metznet-server-services (append (list
|
|
|
|
|
(service openssh-service-type)
|
|
|
|
|
(service krb5-service-type (krb5-config %domain-kdc %domain-kadmin))
|
|
|
|
|
(service pam-krb5-service-type pam-krb5-config))
|
|
|
|
|
%base-services))
|
|
|
|
|
|
|
|
|
|
(define-public %metznet-server-services (append (list
|
|
|
|
|
(service pam-krb5-service-type pam-krb5-config)
|
|
|
|
|
(service dhcp-client-service-type)
|
|
|
|
|
(openvpn-client-service
|
|
|
|
|
#:config (openvpn-client-configuration
|
|
|
|
@ -166,15 +180,16 @@
|
|
|
|
|
(pid-file "/var/run/openvpn/client.pid")
|
|
|
|
|
(persist-key? #f)
|
|
|
|
|
(tls-auth "/etc/openvpn/ta.key"))))
|
|
|
|
|
%my-base-services))
|
|
|
|
|
%base-services))
|
|
|
|
|
|
|
|
|
|
(define-public base-operating-system
|
|
|
|
|
(define %metznet-base-operating-system
|
|
|
|
|
(operating-system
|
|
|
|
|
;; Hostname and localization information
|
|
|
|
|
(host-name "base")
|
|
|
|
|
(timezone "America/Edmonton")
|
|
|
|
|
(locale "en_CA.utf8")
|
|
|
|
|
(keyboard-layout %default-keyboard-layout)
|
|
|
|
|
(name-service-switch %metznet-name-service-switch)
|
|
|
|
|
;; Kernel and firmware definitions
|
|
|
|
|
(kernel linux)
|
|
|
|
|
(kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
|
|
|
|
@ -198,22 +213,22 @@
|
|
|
|
|
(type "xfs")
|
|
|
|
|
(check? #f))
|
|
|
|
|
%base-file-systems))
|
|
|
|
|
(users %my-base-user-accounts)
|
|
|
|
|
(groups %my-base-groups)
|
|
|
|
|
(packages %my-base-packages)
|
|
|
|
|
(services %my-base-services)))
|
|
|
|
|
(users %metznet-base-user-accounts)
|
|
|
|
|
(groups %metznet-base-groups)
|
|
|
|
|
(packages %metznet-base-packages)
|
|
|
|
|
(services %metznet-base-services)))
|
|
|
|
|
|
|
|
|
|
(define-public base-server-system
|
|
|
|
|
(define %metznet-base-server-system
|
|
|
|
|
(operating-system
|
|
|
|
|
(inherit base-operating-system)
|
|
|
|
|
(host-name "base-server")
|
|
|
|
|
(inherit %metznet-base-operating-system)
|
|
|
|
|
(host-name "metznet-base-server")
|
|
|
|
|
(packages %metznet-server-packages)
|
|
|
|
|
(services %metznet-server-services)))
|
|
|
|
|
|
|
|
|
|
(define-public base-desktop-system
|
|
|
|
|
(define %metznet-base-desktop-system
|
|
|
|
|
(operating-system
|
|
|
|
|
(inherit base-operating-system)
|
|
|
|
|
(host-name "base-desktop")
|
|
|
|
|
(inherit %metznet-base-operating-system)
|
|
|
|
|
(host-name "metznet-base-desktop")
|
|
|
|
|
(setuid-programs %desktop-setuid-programs)
|
|
|
|
|
(packages %metznet-desktop-packages)
|
|
|
|
|
(services %metznet-desktop-services)))
|
|
|
|
|