Defining kdc configuration

master
noah metz 2023-11-29 23:32:16 -07:00
parent 815c0f146d
commit 398ff1be47
1 changed files with 86 additions and 1 deletions

@ -1,15 +1,100 @@
(define-module (machines kerberos.metznet.ca) (define-module (machines kerberos.metznet.ca)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-1)
#:use-module (gnu system) #:use-module (gnu system)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (system base-system) #:use-module (system base-system)
#:use-module (gnu packages kerberos)
#:use-module (gnu packages base)
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu services certbot)) #:use-module (gnu services certbot))
(define (realm-name? val)
(string? val))
(define (serialize-string field-name val)
(string-append " " (symbol->string field-name) " = " val "\n"))
(define-maybe string)
(define list-of-ports?
(list-of integer?))
(define (serialize-list-of-ports field-name value)
(string-append " " (symbol->string field-name) " = " (string-join (map number->string value) ", ") "\n"))
(define (realm-serialize-list-of-ports field-name value)
(string-append " " (symbol->string field-name) " = " (string-join (map number->string value) ", ") "\n"))
(define-maybe list-of-ports)
(define-maybe file-like)
(define (serialize-file-like field-name value)
#~(string-append " " #$(symbol->string field-name) " = " #$value "\n"))
(define (serialize-none field-name value) "")
(define-configuration kdc-realm-configuration
(name (string "EXAMPLE.COM") "realm name" serialize-none)
(database_module maybe-string "database module")
(acl_file maybe-file-like "acl file")
(key_stash_file maybe-file-like "key stash file")
(kdc_ports (list-of-ports '(750 88)) "list of ports to listen on" realm-serialize-list-of-ports)
(kadmind_ports (list-of-ports '(749)) "list of ports to listen on for kadmin connections" realm-serialize-list-of-ports)
(max_life (string "10h 0m 0s") "maximum life of granted tickets")
(max_renewable_type (string "7d 0h 0m 0s") "maximum time to renew ticket")
(master_key_type (string "des3-hmac-sha1") "master key type")
(default_principal_flags (string "+preauth") "default flag for new principals"))
(define list-of-kdc-realm-configuration?
(list-of kdc-realm-configuration?))
(define (serialize-kdc-realm-configuration realm)
#~(string-append " " #$(kdc-realm-configuration-name realm) " = {\n"
#$(serialize-configuration realm kdc-realm-configuration-fields)
" }\n"))
(define (serialize-list-of-strings field-name value)
(string-join (append (list (string-append "[" (symbol->string field-name) "]" )) value) "\n"))
(define (serialize-list-of-kdc-realm-configuration field-name value)
#~(string-join (list "[realms]"
#$@(map (lambda (realm) (serialize-kdc-realm-configuration realm)) value))
"\n"))
(define-configuration kdc-configuration
(krb5 (file-like mit-krb5) "krb5 package to use" serialize-none)
(kdc_ports (list-of-ports '(750 88)) "list of ports to listen on")
(realms (list-of-kdc-realm-configuration '()) "Realms to configure the KDC with")
(extra (list-of-strings '()) "extra lines"))
(define (serialize-kdc-configuration configuration)
(mixed-text-file
"kdc.conf"
#~(string-append "[kdcdefaults]\n"
#$(serialize-configuration configuration kdc-configuration-fields))))
(define (kdc-activation configuration)
#~(symlink #$(serialize-kdc-configuration configuration) "/etc/kdc.conf"))
(define kdc-service-type
(service-type (name 'kdc-service)
(description "KDC service")
(extensions (list (service-extension activation-service-type kdc-activation)))
(default-value (kdc-configuration))))
(operating-system (operating-system
(inherit %metznet-base-server-system) (inherit %metznet-base-server-system)
(host-name "kerberos-guix.metznet.ca") (host-name "kerberos-guix.metznet.ca")
(services (services
(append (list (service certbot-service-type (append (list (service kdc-service-type
(kdc-configuration
(realms (list
(kdc-realm-configuration
(name "METZNET.CA")
(database_module "openldap_ldapconf")
(acl_file (plain-file "kadm5.acl" "*/admin@METZNET.CA *\n")))))))
(service certbot-service-type
(certbot-configuration (email "admin@metznet.ca") (certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration (certificates (list (certificate-configuration
(domains ' (domains '