MetzNet
/
metznet-channel
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working)

master
noah metz 2023-11-29 17:52:49 -07:00
parent 189af1124a
commit 3e7e1c203f
7 changed files with 684 additions and 559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
Unescape Escape View File

@ -1,17 +1,11 @@
NONGUIX_DIR ?= ~/Code/nonguix NONGUIX_DIR ?= ~/Code/nonguix
GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org' GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org'
GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR) GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR)
GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS)
LIBVIRT_GROUP ?= libvirt
machines/%.qcow2: machines/%.scm
$(eval RO := $(shell $(GUIX_IMAGE_CMD) $<))
install -C -m 666 -o $(USER) -g $(LIBVIRT_GROUP) $(RO) $@
VM_RAM ?= 4000 VM_RAM ?= 4000
VM_CPU ?= 4 VM_CPU ?= 4
.PHONY: machines/% .PHONY: machines/%
machines/%: machines/%.qcow2 machines/%: machines/%.scm
$(eval OVMF := $(shell guix build $(GUIX_SUBSTITUTE_FLAG) ovmf)) $(eval VM_SCRIPT := $(shell guix system $(GUIX_LIB_FLAGS) $(GUIX_SUBSTITUTE_FLAG) vm $<))
qemu-system-x86_64 -nic bridge,br=virbr0 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin $(VM_SCRIPT) -m $(VM_RAM) -smp $(VM_CPU) -nic user,model=virtio-net-pci

97
gnu/packages/slapd.scm
Unescape Escape View File

@ -0,0 +1,97 @@
(define-module (gnu packages slapd)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module ((guix licenses)
#:prefix license:)
#:use-module (gnu packages dbm)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages tls)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages compression)
#:use-module (gnu packages autotools)
#:use-module (gnu packages groff)
#:export (openldap-slapd))
(define-public openldap-slapd
(package
(name "openldap-slapd")
(version "2.6.4")
(source (origin
(method url-fetch)
;; See <http://www.openldap.org/software/download/> for a list of
;; mirrors.
(uri (list (string-append
"http://repository.linagora.org/OpenLDAP"
"/openldap-release/openldap-" version ".tgz")
(string-append
"https://www.openldap.org/software/download/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")
(string-append
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")))
(sha256
(base32
"1489li52sjxm1f97v927jxaxzfk6v9sa32ixrw30qhvq07jh85ym"))))
(build-system gnu-build-system)
(inputs (list bdb-5.3
cyrus-sasl
openssl
gnutls
libgcrypt
zlib))
(native-inputs (list libltdl libtool groff bdb-5.3))
(arguments
(list #:tests? #f
#:configure-flags #~(list "--disable-static"
"--with-tls=openssl"
"--enable-slapd"
"--enable-crypt"
"--enable-modules"
"--enable-ldap"
"--enable-slapi"
"--enable-mdb"
"--enable-meta"
"--enable-passwd"
"--enable-overlays"
"--enable-shared"
"--with-cyrus-sasl"
#$@(if (%current-target-system)
'("--with-yielding_select=yes"
"ac_cv_func_memcmp_working=yes")
'()))
;; Disable install stripping as it breaks cross-compiling.
#:make-flags #~(list "STRIP=")
#:phases #~(modify-phases %standard-phases
(add-after 'install 'build-slapd-totp-module
(lambda* (#:key source #:allow-other-keys)
(begin
(chdir "./contrib/slapd-modules/passwd/totp")
(mkdir-p (string-append #$output
"/libexec/openldap"))
(invoke "make" "slapd-totp.lo")
(invoke "../../../../libtool"
"--mode=link"
"gcc"
"-rpath"
"/libexec/openldap"
"-version-info"
"0:0:0"
"-module"
"-o"
"pw-totp.la"
"slapd-totp.lo"
"../../../../libraries/libldap/libldap.la"
"../../../../libraries/liblber/liblber.la")
(invoke "../../../../libtool" "--mode=install"
"cp" "pw-totp.la"
(string-append #$output
"/libexec/openldap"))
(chdir "../../../../")))))))
(synopsis "Implementation of the Lightweight Directory Access Protocol")
(description
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
(license license:openldap2.8)
(home-page "https://www.openldap.org/")))

160
gnu/services/slapd.scm
Unescape Escape View File

@ -0,0 +1,160 @@
(define-module (gnu services slapd)
#:use-module (guix gexp)
#:use-module (gnu packages slapd)
#:use-module (gnu packages admin)
#:use-module (gnu system shadow)
#:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu services base)
#:use-module (gnu services)
#:use-module (srfi srfi-19)
#:export (slapd-configuration slapd-service-type))
(define list-of-file-like?
(list-of file-like?))
(define-configuration/no-serialization slapd-configuration
(openldap (file-like openldap-slapd)
"openldap package to use")
(home (string "/var/lib/slapd")
"slapd home directory")
(backups (list-of-file-like '())
"alist of databases and their backup ldif files")
(backup-date (date (current-date))
"date that backup(seed) is from, to not use the same/older seed")
(uris (string "ldap:// ldapi://")
"slapd uris to accept connections to"))
(define (slapd-accounts config)
(list (user-group
(name "slapd")
(system? #t))
(user-account
(name "slapd")
(group "slapd")
(system? #t)
(comment "openldap service account")
(home-directory "/var/lib/slapd")
(shell #~(string-append #$shadow "/sbin/nologin")))))
(define (slapd-activation config)
(let ((homedir (slapd-configuration-home config))
(backups (slapd-configuration-backups config))
(ldapdir (slapd-configuration-openldap config)))
(with-imported-modules '((srfi srfi-19)
(ice-9 textual-ports))
#~(begin
(use-modules (srfi srfi-19)
(ice-9 textual-ports))
(define (range n m)
(if (>= n m)
'()
(cons n
(range (+ n 1) m))))
(define (slapadd-seeds e)
(begin
(format (current-error-port)
"SLAPADD Exception: ~s\n" e)
(for-each (lambda (ldif dbno)
(begin
(invoke (string-append #$sudo
"/bin/sudo")
"-u"
"slapd"
"-g"
"slapd"
(string-append #$ldapdir
"/sbin/slapadd")
"-F"
(string-append #$homedir
"/slapd.d")
"-n"
(number->string dbno)
"-l"
ldif)))
'#+backups
(range 0
(length `#+backups)))
(let ((port (open-output-file (string-append #$homedir
"/.last_slapadd_restore")))
(time-str #$(date->string (slapd-configuration-backup-date
config)
"~4")))
(begin
(put-string port time-str)
(close-port port)))))
(define (check-slapadd-seed-date)
(let* ((verfile (string-append #$homedir
"/.last_slapadd_restore"))
(port (open-input-file verfile))
(date-string (get-string-all port)))
(begin
(display date-string)
(close-port port)
(if (> #$(time-second (date->time-utc (slapd-configuration-backup-date
config)))
(time-second (date->time-utc (string->date
date-string
"~Y-~m-~dT~H:~M:~S~z"))))
(raise-exception (make-message
"configured backups newer than last restored"))
(display
"database seed older than last used seed")))))
(let ((user (getpw "slapd")))
(mkdir-p/perms "/var/run/slapd" user 493)
(mkdir-p/perms #$homedir user 493)
(mkdir-p/perms (string-append #$homedir
"/slapd.d")
user 488)
(install-file (string-append #$ldapdir
"/libexec/openldap/pw-totp.so")
(string-append #$homedir
"/modules"))
(mkdir-p/perms (string-append #$homedir
"/modules")
user 488)
(mkdir-p/perms (string-append #$homedir
"/data") user
488))
(with-exception-handler slapadd-seeds
check-slapadd-seed-date
#:unwind? #t)))))
(define (slapd-shepherd-service config)
(list (shepherd-service (documentation "")
(provision '(slapd))
(requirement '(networking user-processes))
(start #~(make-forkexec-constructor (list (string-append #$
(slapd-configuration-openldap
config)
"/libexec/slapd")
"-d"
"-1"
"-F"
"/var/lib/slapd/slapd.d"
"-u"
"slapd"
"-g"
"slapd")
#:environment-variables
(list (string-append
"LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:"
#$(slapd-configuration-home
config)
"/modules"))
#:user "root"
#:group "root"))
(stop #~(make-kill-destructor)))))
(define slapd-service-type
(service-type (name 'slapd)
(description "openldap slapd service")
(extensions (list (service-extension account-service-type
slapd-accounts)
(service-extension activation-service-type
slapd-activation)
(service-extension
shepherd-root-service-type
slapd-shepherd-service)))
(default-value (slapd-configuration))))

109
gnu/services/sssd.scm
Unescape Escape View File

@ -0,0 +1,109 @@
(define-module (gnu services sssd)
#:use-module (guix gexp)
#:use-module (gnu system pam)
#:use-module (gnu services dbus)
#:use-module (gnu services base)
#:use-module (gnu services shepherd)
#:use-module (gnu packages sssd)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:export (sssd-configuration sssd-service-type))
(define-configuration/no-serialization sssd-configuration
(sssd (file-like sssd)
"SSSD Package to use")
(pam-services (list-of-strings '())
"List of pam services to use sssd for")
(config (file-like
default-sssd-conf-file)
"sssd.conf file"))
(define default-sssd-conf-file
(plain-file "sssd.conf"
(string-join (list "[sssd]"
"domains = metznet.ca"
"services = nss, sudo, pam, ssh, ifp"
""
"[domain/metznet.ca]"
"id_provider = ldap"
"auth_provider = ldap"
"cache_credentials = True"
"ldap_uri = ldaps://ldap.metznet.ca"
"ldap_tls_reqcert = never"
"ldap_tls_cacertdir = /etc/ssl/certs"
"ldap_search_base = ou=users,ou=accounts,dc=metznet,dc=ca"
(string-append "ldap_default_bind_dn = "
(or (getenv "LDAP_BINDDN") ""))
"ldap_default_authtok_type = password"
(string-append "ldap_default_authtok = "
(or (getenv "LDAP_BINDPW") ""))
"") "\n")))
(define (sssd-pam-service config)
(define sssd-pam-module
(file-append (sssd-configuration-sssd config) "/lib/security/pam_sss.so"))
(lambda (pam)
(if (member (pam-service-name pam)
(sssd-configuration-pam-services config))
(let ((sufficient (pam-entry (control "sufficient")
(module sssd-pam-module))))
(pam-service (inherit pam)
(auth (cons sufficient
(pam-service-auth pam)))
(account (cons sufficient
(pam-service-account pam)))
(password (cons sufficient
(pam-service-password pam)))
(session (cons sufficient
(pam-service-session pam))))) pam)))
(define (sssd-pam-services config)
(list (sssd-pam-service config)))
(define (sssd-shepherd-service config)
(list (shepherd-service (documentation "")
(provision '(sssd))
(requirement '(networking user-processes))
(start #~(make-forkexec-constructor (list (string-append #$
(sssd-configuration-sssd
config)
"/sbin/sssd")
"-i"
"-c/var/lib/sss/sssd.conf")
#:user "root"
#:group "root"
#:environment-variables
(list (string-append
"LD_LIBRARY_PATH="
#$(sssd-configuration-sssd
config)
"/lib"))))
(stop #~(make-kill-destructor)))))
(define (sssd-activation config)
#~(begin
(let ((dbdir "/var/lib/sss/db")
(dbusdir "/var/lib/sss/pipes/private")
(user (getpw "root")))
(mkdir-p/perms dbusdir user 493)
(mkdir-p/perms dbdir user 493)
(copy-file #$(sssd-configuration-config config)
"/var/lib/sss/sssd.conf")
(chmod "/var/lib/sss/sssd.conf" #o600))))
(define-public sssd-service-type
(service-type (name 'sssd)
(description "SSSD Service")
(extensions (list (service-extension pam-root-service-type
sssd-pam-services)
(service-extension dbus-root-service-type
(compose list
sssd-configuration-sssd))
(service-extension activation-service-type
sssd-activation)
(service-extension nscd-service-type
(const (list sssd)))
(service-extension
shepherd-root-service-type
sssd-shepherd-service)))
(default-value (sssd-configuration))))

177
machines/ldap.metznet.ca.scm
Unescape Escape View File

@ -1,169 +1,24 @@
(define-module (machines base-desktop) (define-module (machines base-desktop)
#:use-module (system base-system) #:use-module (gnu system)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (guix build utils) #:use-module (system base-system)
#:use-module (guix packages) #:use-module (gnu packages slapd)
#:use-module (guix download) #:use-module (gnu services)
#:use-module (guix build-system gnu)
#:use-module (guix build-system copy)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu)
#:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu services certbot) #:use-module (gnu services certbot)
#:use-module (gnu packages openldap) #:use-module (gnu services slapd))
#:use-module (gnu packages dbm)
#:use-module (gnu packages groff)
#:use-module (gnu packages autotools)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages tls)
#:use-module (gnu packages perl)
#:use-module (gnu packages python)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages base)
#:use-module (gnu packages compression)
#:use-module (gnu packages admin))
(define-public openldap-slapd
(package
(name "openldap-slapd")
(version "2.6.4")
(source (origin
(method url-fetch)
;; See <http://www.openldap.org/software/download/> for a list of
;; mirrors.
(uri (list (string-append
"http://repository.linagora.org/OpenLDAP"
"/openldap-release/openldap-" version ".tgz")
(string-append
"https://www.openldap.org/software/download/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")
(string-append
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")))
(sha256
(base32
"1489li52sjxm1f97v927jxaxzfk6v9sa32ixrw30qhvq07jh85ym"))))
(build-system gnu-build-system)
(inputs (list bdb-5.3 cyrus-sasl openssl gnutls libgcrypt zlib))
(native-inputs (list libltdl libtool groff bdb-5.3))
(arguments
(list
#:tests? #f
#:configure-flags
#~(list "--disable-static"
"--with-tls=openssl"
"--enable-slapd"
"--enable-crypt"
"--enable-modules"
"--enable-ldap"
"--enable-slapi"
"--enable-mdb"
"--enable-meta"
"--enable-passwd"
"--enable-overlays"
"--enable-shared"
"--with-cyrus-sasl"
#$@(if (%current-target-system)
'("--with-yielding_select=yes"
"ac_cv_func_memcmp_working=yes")
'()))
;; Disable install stripping as it breaks cross-compiling.
#:make-flags
#~(list "STRIP=")
#:phases
#~(modify-phases %standard-phases (add-after 'install 'build-slapd-totp-module
(lambda* (#:key source #:allow-other-keys)
(begin
(chdir "./contrib/slapd-modules/passwd/totp")
(mkdir-p (string-append #$output "/libexec/openldap"))
(invoke "make" "slapd-totp.lo")
(invoke "../../../../libtool" "--mode=link" "gcc" "-rpath" "/libexec/openldap" "-version-info" "0:0:0" "-module" "-o" "pw-totp.la" "slapd-totp.lo" "../../../../libraries/libldap/libldap.la" "../../../../libraries/liblber/liblber.la")
(invoke "../../../../libtool" "--mode=install" "cp" "pw-totp.la" (string-append #$output "/libexec/openldap"))
(chdir "../../../../")))))))
(synopsis "Implementation of the Lightweight Directory Access Protocol")
(description
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
(license license:openldap2.8)
(home-page "https://www.openldap.org/")))
(define list-of-file-like?
(list-of file-like?))
(define-configuration/no-serialization slapd-configuration
(openldap (file-like openldap-slapd)
"openldap package to use")
(home (string "/var/lib/slapd") "slapd home directory")
(backups (list-of-file-like '()) "alist of databases and their backup ldif files")
(uris (string "ldap:// ldapi://")
"slapd uris to accept connections to"))
(define (slapd-accounts config)
(list (user-group
(name "slapd")
(system? #t))
(user-account
(name "slapd")
(group "slapd")
(system? #t)
(comment "openldap service account")
(home-directory "/var/lib/slapd")
(shell #~(string-append #$shadow "/sbin/nologin")))))
(define (slapd-activation config)
(let
((homedir (slapd-configuration-home config))
(backups (slapd-configuration-backups config))
(ldapdir (slapd-configuration-openldap config)))
#~(begin
(define (range n m)
(if (>= n m) '() (cons n (range (+ n 1) m))))
(let ((user (getpw "slapd")))
(mkdir-p/perms "/var/run/slapd" user #o755)
(mkdir-p/perms #$homedir user #o755)
(mkdir-p/perms (string-append #$homedir "/slapd.d") user #o750)
(install-file (string-append #$ldapdir "/libexec/openldap/pw-totp.so") (string-append #$homedir "/modules"))
(mkdir-p/perms (string-append #$homedir "/modules") user #o750)
(mkdir-p/perms (string-append #$homedir "/data") user #o750))
; TODO: read the time of the last written backups to check if slapadd needs to happen, and after slapadd write the "time" from the config of the backups so that they don't get applied again to the same directory
(for-each (lambda (ldif dbno) (invoke (string-append #$sudo "/bin/sudo") "-u" "slapd" "-g" "slapd" (string-append #$ldapdir "/sbin/slapadd") "-F" (string-append #$homedir "/slapd.d") "-n" (number->string dbno) "-l" ldif)) '#+backups (range 0 (length `#+backups))))))
(define (slapd-shepherd-service config)
(list (shepherd-service
(documentation "")
(provision '(slapd))
(requirement '(networking user-processes))
(start #~(make-forkexec-constructor
(list (string-append #$(slapd-configuration-openldap config) "/libexec/slapd") "-d" "-1" "-F" "/var/lib/slapd/slapd.d" "-u" "slapd" "-g" "slapd")
#:environment-variables (list (string-append "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:" #$(slapd-configuration-openldap config) "/libexec/openldap"))
#:user "root"
#:group "root"))
(stop #~(make-kill-destructor)))))
(define slapd-service-type
(service-type (name 'slapd)
(description "openldap slapd service")
(extensions (list
(service-extension account-service-type slapd-accounts)
(service-extension activation-service-type slapd-activation)
(service-extension shepherd-root-service-type slapd-shepherd-service)))
(default-value (slapd-configuration))))
(operating-system (operating-system
(inherit %metznet-base-server-system) (inherit %metznet-base-server-system)
(host-name "ldap-guix.metznet.ca") (host-name "ldap-guix.metznet.ca")
(packages %metznet-server-packages)
(services (services
(append (list (append (list (service certbot-service-type
(service certbot-service-type (certbot-configuration (email "noah@metznet.ca")
(certbot-configuration (certificates (list (certificate-configuration
(email "noah@metznet.ca") (domains '
(certificates ("ldap-guix.metznet.ca")))))))
(list (service slapd-service-type
(certificate-configuration (slapd-configuration (backups (list (local-file
(domains '("ldap-guix.metznet.ca"))))))) "0.ldif")
(service slapd-service-type (local-file
(slapd-configuration "1.ldif"))))))
(backups (list (local-file "0.ldif") (local-file "1.ldif")))))) %metznet-server-services))) %metznet-server-services)))

167
metznet.scm
Unescape Escape View File

@ -1,5 +1,6 @@
(define-module (metznet) (define-module (metznet)
#:use-module ((guix licenses) #:prefix licenses:) #:use-module ((guix licenses)
#:prefix licenses:)
#:use-module (gnu packages) #:use-module (gnu packages)
#:use-module (gnu packages base) #:use-module (gnu packages base)
#:use-module (gnu packages autotools) #:use-module (gnu packages autotools)
@ -30,10 +31,8 @@
(package (package
(name "metznet-system") (name "metznet-system")
(version "0.3") (version "0.3")
(source (source (git-checkout (url "git://git.metznet.ca/system.git")
(git-checkout (commit (string-append "v" version))))
(url "git://git.metznet.ca/system.git")
(commit (string-append "v" version))))
(build-system copy-build-system) (build-system copy-build-system)
(synopsis "metznet GUIX system definitions") (synopsis "metznet GUIX system definitions")
(description "metznet GUIX system definitions") (description "metznet GUIX system definitions")
@ -41,10 +40,11 @@
(license licenses:gpl3+))) (license licenses:gpl3+)))
(define-record-type* <metznet-system-configuration> (define-record-type* <metznet-system-configuration>
metznet-system-configuration make-metznet-system-configuration metznet-system-configuration
make-metznet-system-configuration
metznet-system-configuration? metznet-system-configuration?
(repo metznet-system-configuration-repo (repo metznet-system-configuration-repo
(default metznet-system)) (default metznet-system))
(directory metznet-system-configuration-directory (directory metznet-system-configuration-directory
(default "/etc/system"))) (default "/etc/system")))
@ -55,55 +55,54 @@
(use-modules (guix build utils)) (use-modules (guix build utils))
(if (directory-exists? #$directory) (if (directory-exists? #$directory)
(rmdir #$directory)) (rmdir #$directory))
(symlink #$repo #$directory))))) (symlink #$repo
#$directory)))))
(define-public metznet-system-service-type (define-public metznet-system-service-type
(service-type (service-type (name 'metznet-system)
(name 'metznet-system) (description "GUIX System service using metznet files")
(description "GUIX System service using metznet files") (extensions (list (service-extension activation-service-type
(extensions (list metznet-system-activation)))
(service-extension activation-service-type metznet-system-activation))) (default-value (metznet-system-configuration))))
(default-value (metznet-system-configuration))))
(define-public nvim-vimtex (define-public nvim-vimtex
(package (package
(name "nvim-vimtex") (name "nvim-vimtex")
(version "2.10") (version "2.10")
(source (source (origin
(origin (method git-fetch)
(method git-fetch) (uri (git-reference
(uri (git-reference (url "https://github.com/lervag/vimtex")
(url "https://github.com/lervag/vimtex") (commit (string-append "v" version))))
(commit (string-append "v" version)))) (file-name (git-file-name name version))
(file-name (git-file-name name version)) (sha256
(sha256 (base32
(base32 "1d16rlnp3rszx451nqrax15z46swa7cg4krbn840dcsspigx3ybl")))) "1d16rlnp3rszx451nqrax15z46swa7cg4krbn840dcsspigx3ybl"))))
(build-system copy-build-system) (build-system copy-build-system)
(arguments (arguments
'(#:install-plan '(#:install-plan '(("." "share/nvim/site/pack/lervag/start/vimtex"))))
'(("." "share/nvim/site/pack/lervag/start/vimtex"))))
(home-page "") (home-page "")
(synopsis "LaTeX plugin for neovim") (synopsis "LaTeX plugin for neovim")
(description "Neovim plugin which provides highlighting for latex, along with bindings for auto-compilation") (description
"Neovim plugin which provides highlighting for latex, along with bindings for auto-compilation")
(license licenses:gpl3+))) (license licenses:gpl3+)))
(define-public vim-guile (define-public vim-guile
(package (package
(name "vim-guile") (name "vim-guile")
(version "1.0") (version "1.0")
(source (source (git-checkout (url "https://gitlab.com/HiPhish/guile.vim.git")
(git-checkout (commit "f76959a9dbdc69cde018901de82ac5a3d443843c")))
(url "https://gitlab.com/HiPhish/guile.vim.git")
(commit "f76959a9dbdc69cde018901de82ac5a3d443843c")))
(build-system copy-build-system) (build-system copy-build-system)
(arguments (arguments
'(#:install-plan '(#:install-plan '(("autoload" "share/vim/vimfiles/")
'(("autoload" "share/vim/vimfiles/") ("ftdetect" "share/vim/vimfiles/")
("ftdetect" "share/vim/vimfiles/") ("syntax" "share/vim/vimfiles/")
("syntax" "share/vim/vimfiles/") ("test" "share/vim/vimfiles/"))))
("test" "share/vim/vimfiles/")))) (synopsis
(synopsis "Syntax highlighting and file type detect of GNU Guile code in Vim") "Syntax highlighting and file type detect of GNU Guile code in Vim")
(description "Provides syntax highlighting and file type detection for GNU Guile files with the .scm extension.") (description
"Provides syntax highlighting and file type detection for GNU Guile files with the .scm extension.")
(home-page "https://gitlab.com/HiPhish/guile.vim") (home-page "https://gitlab.com/HiPhish/guile.vim")
(license licenses:gpl3+))) (license licenses:gpl3+)))
@ -111,23 +110,21 @@
(package (package
(name "vimwiki") (name "vimwiki")
(version "2.5") (version "2.5")
(source (source (git-checkout (url "https://github.com/vimwiki/vimwiki")
(git-checkout (commit (string-append "v" version))))
(url "https://github.com/vimwiki/vimwiki")
(commit (string-append "v" version))))
(build-system copy-build-system) (build-system copy-build-system)
(arguments (arguments
'(#:install-plan '(#:install-plan '(("autoload" "share/vim/vimfiles/")
'(("autoload" "share/vim/vimfiles/") ("doc" "share/vim/vimfiles/")
("doc" "share/vim/vimfiles/") ("ftplugin" "share/vim/vimfiles/")
("ftplugin" "share/vim/vimfiles/") ("plugin" "share/vim/vimfiles/")
("plugin" "share/vim/vimfiles/") ("syntax" "share/vim/vimfiles/")
("syntax" "share/vim/vimfiles/") ("test" "share/vim/vimfiles/"))))
("test" "share/vim/vimfiles/"))))
(synopsis "A personal wiki plugin for vim") (synopsis "A personal wiki plugin for vim")
(license licenses:gpl3+) (license licenses:gpl3+)
(home-page "https://github.com/vimwiki/vimwiki") (home-page "https://github.com/vimwiki/vimwiki")
(description "VimWiki is a personal wiki for Vim -- a number of linked text files that have their own syntax highlighting. With VimWiki, you can: (description
"VimWiki is a personal wiki for Vim -- a number of linked text files that have their own syntax highlighting. With VimWiki, you can:
- Organize notes and ideas - Organize notes and ideas
- Manage to-do lists - Manage to-do lists
- Write documentation - Write documentation
@ -139,17 +136,24 @@
(name "starsector") (name "starsector")
(version "0.95.1a-RC6") (version "0.95.1a-RC6")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://s3.amazonaws.com/fractalsoftworks/starsector/starsector_linux-" version ".zip")) (uri (string-append
(sha256 "https://s3.amazonaws.com/fractalsoftworks/starsector/starsector_linux-"
(base32 "14zxzs7xfrrq3apiyslk2cy29yp6qirikwbzanmka74a37aqpa1x")))) version ".zip"))
(sha256
(base32
"14zxzs7xfrrq3apiyslk2cy29yp6qirikwbzanmka74a37aqpa1x"))))
(native-inputs (list unzip)) (native-inputs (list unzip))
(inputs (list openjdk17 libxcursor libxrandr libxxf86vm mesa openal)) (inputs (list openjdk17
libxcursor
libxrandr
libxxf86vm
mesa
openal))
(propagated-inputs (list xrandr)) (propagated-inputs (list xrandr))
(build-system copy-build-system) (build-system copy-build-system)
(arguments (arguments
'(#:install-plan '(#:install-plan '(("." "share/starsector"))))
'(("." "share/starsector"))))
(synopsis "A space game.") (synopsis "A space game.")
(description "A very good space game. You will spend hours playing.") (description "A very good space game. You will spend hours playing.")
(home-page "https://fractalsoftworks.com") (home-page "https://fractalsoftworks.com")
@ -159,38 +163,39 @@
(package (package
(name "libutp") (name "libutp")
(version "2") (version "2")
(source (source (origin
(origin (method git-fetch)
(method git-fetch) (uri (git-reference
(uri (git-reference (url "https://github.com/bittorrent/libutp")
(url "https://github.com/bittorrent/libutp") (commit "2b364cbb0650bdab64a5de2abb4518f9f228ec44")))
(commit "2b364cbb0650bdab64a5de2abb4518f9f228ec44"))) (file-name (git-file-name name version))
(file-name (git-file-name name version)) (sha256
(sha256 (base32
(base32 "0yaiqksimnhwh14kmsq4kcyq6662b4ask36ni6p5n14dbyq1h2s6"))))
"0yaiqksimnhwh14kmsq4kcyq6662b4ask36ni6p5n14dbyq1h2s6"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
`(#:phases (modify-phases %standard-phases `(#:phases (modify-phases %standard-phases
(delete 'configure) (delete 'configure)
(replace 'install (replace 'install
(lambda* (#:key outputs #:allow-other-keys) (lambda* (#:key outputs #:allow-other-keys)
(let ((lib (string-append (assoc-ref outputs "out") "/lib")) (let ((lib (string-append (assoc-ref outputs "out")
(include (string-append (assoc-ref outputs "out") "/include"))) "/lib"))
(install-file "libutp.so" lib) (include (string-append (assoc-ref outputs "out")
(install-file "utp.h" include) "/include")))
(install-file "utp_types.h" include) (install-file "libutp.so" lib)
#t)))) (install-file "utp.h" include)
#:make-flags '("libutp.so") (install-file "utp_types.h" include) #t))))
#:tests? #f)) #:make-flags '("libutp.so")
#:tests? #f))
(home-page "https://github.com/bittorrent/libutp") (home-page "https://github.com/bittorrent/libutp")
(synopsis "Shared library for libutp implementation of the LEDBAT protocol") (synopsis
"Shared library for libutp implementation of the LEDBAT protocol")
(description (description
"uTP is a TCP-like implementation of LEDBAT documented as a BitTorrent "uTP is a TCP-like implementation of LEDBAT documented as a BitTorrent
extension in BEP-29. uTP provides reliable, ordered delivery while extension in BEP-29. uTP provides reliable, ordered delivery while
maintaining minimum extra delay. It is implemented on top of UDP to be maintaining minimum extra delay. It is implemented on top of UDP to be
cross-platform and functional today. As a result, uTP is the primary cross-platform and functional today. As a result, uTP is the primary
transport for uTorrent peer-to-peer connections. transport for uTorrent peer-to-peer connections.
uTP is written in C++, but the external interface is strictly C (ANSI C89).") uTP is written in C++, but the external interface is strictly C (ANSI C89).")
(license licenses:expat))) (license licenses:expat)))

521
system/base-system.scm
Unescape Escape View File

@ -1,334 +1,239 @@
(define-module (system base-system) (define-module (system base-system)
#:use-module (metznet) #:use-module (guix gexp)
#:use-module (ice-9 exceptions)
#:use-module (nongnu system linux-initrd) #:use-module (nongnu system linux-initrd)
#:use-module (nongnu packages linux) #:use-module (nongnu packages linux)
#:use-module (guix gexp)
#:use-module (guix utils) #:use-module (gnu bootloader)
#:use-module (guix packages) #:use-module (gnu bootloader grub)
#:use-module (guix download) #:use-module (gnu system accounts)
#:use-module (guix build-system gnu) #:use-module (gnu system shadow)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu)
#:use-module (gnu system setuid) #:use-module (gnu system setuid)
#:use-module (gnu system file-systems)
#:use-module (gnu system)
#:use-module (gnu system nss) #:use-module (gnu system nss)
#:use-module (gnu system pam) #:use-module (gnu services kerberos)
#:use-module (gnu services sssd)
#:use-module (gnu services base)
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu services dbus) #:use-module (gnu services desktop)
#:use-module (gnu services pm)
#:use-module (gnu services shepherd)
#:use-module (gnu services authentication)
#:use-module (gnu services configuration)
#:use-module (gnu services vpn)
#:use-module (gnu services networking) #:use-module (gnu services networking)
#:use-module (gnu services ssh) #:use-module (gnu services ssh)
#:use-module (gnu services kerberos) #:use-module (gnu services vpn)
#:use-module (gnu services desktop) #:use-module (gnu system pam)
#:use-module (gnu services xorg) #:use-module (gnu services dbus)
#:use-module (gnu services base) #:use-module (gnu system keyboard)
#:use-module (gnu packages linux) #:use-module (gnu packages admin)
#:use-module (gnu packages shells)
#:use-module (gnu packages gnome)
#:use-module (gnu packages ssh) #:use-module (gnu packages ssh)
#:use-module (gnu packages sssd) #:use-module (gnu packages dns)
#:use-module (gnu packages compression) #:use-module (gnu packages version-control)
#:use-module (gnu packages libedit)
#:use-module (gnu packages hurd)
#:use-module (gnu packages tls)
#:use-module (gnu packages xorg)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages groff)
#:use-module (gnu packages gcc)
#:use-module (gnu packages commencement)
#:use-module (gnu packages security-token)
#:use-module (gnu packages vim) #:use-module (gnu packages vim)
#:use-module (gnu packages certs) #:use-module (gnu packages certs)
#:use-module (gnu packages vpn)
#:use-module (gnu packages networking)
#:use-module (gnu packages dns)
#:use-module (gnu packages base)
#:use-module (gnu packages openldap)
#:use-module (gnu packages kerberos) #:use-module (gnu packages kerberos)
#:use-module (gnu packages admin) #:use-module (gnu packages vpn)
#:use-module (gnu packages shells)
#:use-module (gnu packages gnome)
#:use-module (gnu packages wm) #:use-module (gnu packages wm)
#:use-module (gnu packages suckless) #:use-module (gnu packages suckless)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages terminals) #:use-module (gnu packages terminals)
#:use-module (gnu packages version-control) #:use-module (gnu packages gnuzilla)
#:export (%domain-realm)
#:export (%domain-name)
#:export (%domain-kadmin)
#:export (%domain-kdc)
#:export (%metznet-base-user-accounts) #:export (%metznet-base-user-accounts)
#:export (%metznet-base-groups) #:export (%metznet-base-groups)
#:export (%metznet-base-packages)
#:export (%metznet-desktop-packages) #:export (%metznet-desktop-packages)
#:export (%metznet-server-packages) #:export (%metznet-base-packages)
#:export (%metznet-setuid-programs)
#:export (%default-keyboard-layout)
#:export (%kvm-udev-rule) #:export (%kvm-udev-rule)
#:export (%usb-udev-rule) #:export (%usb-udev-rule)
#:export (%tun-udev-rule) #:export (%tun-udev-rule)
#:export (%metznet-desktop-services) #:export (%metznet-desktop-services)
#:export (%metznet-server-services) #:export (%metznet-server-services)
#:export (%metznet-base-server-system) #:export (%metznet-base-server-system)
#:export (%metznet-base-desktop-system)) #:export (%metznet-base-desktop-system))
(define %domain-realm "METZNET.CA") (define %domain-realm
"METZNET.CA")
(define %domain-name "metznet.ca")
(define %domain-name
(define %domain-kadmin (string-append "kerberos." %domain-name)) "metznet.ca")
(define %domain-kdc (string-append "kerberos." %domain-name)) (define %domain-kadmin
(string-append "kerberos." %domain-name))
(define %metznet-base-user-accounts (append (list
(user-account (define %domain-kdc
(name "root") (string-append "kerberos." %domain-name))
(group "root")
(uid 0) (define %metznet-base-user-accounts
(password (crypt "root" "$6$salt")) (append (list (user-account
(shell (file-append zsh "/bin/zsh")))) (name "root")
%base-user-accounts)) (group "root")
(uid 0)
(define %metznet-base-groups (append (list (password (crypt "root" "$6$salt"))
(user-group (shell (file-append zsh "/bin/zsh")))) %base-user-accounts))
(system? #t)
(name "realtime")) (define %metznet-base-groups
(user-group (append (list (user-group
(system? #t) (system? #t)
(name "usb"))) (name "realtime"))
%base-groups)) (user-group
(system? #t)
(define %metznet-base-packages (append (list openssh openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages)) (name "usb"))) %base-groups))
(define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages)) (define %metznet-base-packages
(append (list openssh
(define %metznet-server-packages (append (list isc-dhcp) %metznet-base-packages)) git
neovim
(define %desktop-setuid-programs (append zsh
(list (setuid-program le-certs
(program #~(string-append #$openvpn "/sbin/openvpn"))) nss-certs
(setuid-program mit-krb5) %base-packages))
(program #~(string-append #$openresolv "/sbin/resolvconf"))))
%setuid-programs)) (define %metznet-desktop-packages
(append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))
(define %metznet-krb5-config (krb5-configuration
(default-realm %domain-realm) (define %desktop-setuid-programs
(allow-weak-crypto? #t) (append (list (setuid-program
(rdns? #f) (program #~(string-append #$openvpn "/sbin/openvpn")))
(realms (list (krb5-realm (setuid-program
(name %domain-realm) (program #~(string-append #$openresolv "/sbin/resolvconf"))))
(admin-server %domain-kadmin) %setuid-programs))
(kdc %domain-kdc))))))
(define %metznet-krb5-config
(define %default-keyboard-layout (keyboard-layout "us")) (krb5-configuration (default-realm %domain-realm)
(allow-weak-crypto? #t)
(rdns? #f)
(realms (list (krb5-realm (name %domain-realm)
(admin-server %domain-kadmin)
(kdc %domain-kdc))))))
(define %default-keyboard-layout
(keyboard-layout "us"))
(define %kvm-udev-rule (define %kvm-udev-rule
(udev-rule (udev-rule "65-kvm.rules"
"65-kvm.rules" "KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\""))
"KERNEL==\"KVM\", GROUP=\"libvirt\", MODE=\"0660\""))
(define %usb-udev-rule (define %usb-udev-rule
(udev-rule (udev-rule "51-usb.rules"
"51-usb.rules" (string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n"
(string-append "SUBSYSTEM==\"usb\", GROUP=\"usb\"\n" "SUBSYSTEM==\"usbmisc\", GROUP=\"usb\"")))
"SUBSYSTEM==\"usbmisc\", GROUP=\"usb\"")))
(define %tun-udev-rule (define %tun-udev-rule
(udev-rule (udev-rule "90-tun.rules"
"90-tun.rules" "KERNEL==\"tun\", GROUP=\"netdev\", MODE=\"0660\", OPTIONS+=\"static_node=net/tun\""))
"KERNEL==\"tun\", GROUP=\"netdev\", MODE=\"0660\", OPTIONS+=\"static_node=net/tun\""))
(define %backlight-udev-rule (define %backlight-udev-rule
(udev-rule (udev-rule "55-backlight.rules"
"55-backlight.rules" "RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\""))
"RUN+=\"/bin/chgrp video /sys/class/backlight/intel_backlight/brightness\""))
(define %metznet-name-service-switch (define %metznet-name-service-switch
(let ((services (list (name-service (name "sss")) (let ((services (list (name-service (name "sss"))
(name-service (name "files"))))) (name-service (name "files")))))
(name-service-switch (name-service-switch (password services)
(password services) (shadow services)
(shadow services) (group services))))
(group services))))
(define (pam-mkhomedir-service config) (define (pam-mkhomedir-service config)
(lambda (pam) (lambda (pam)
(if (member (pam-service-name pam) config) (if (member (pam-service-name pam) config)
(let ((required (let ((required (pam-entry (control "required")
(pam-entry (module "pam_mkhomedir.so"))))
(control "required") (pam-service (inherit pam)
(module "pam_mkhomedir.so")))) (session (cons required
(pam-service (pam-service-account pam))))) pam)))
(inherit pam)
(session (cons required (pam-service-account pam)))))
pam)))
(define (pam-mkhomedir-services config) (define (pam-mkhomedir-services config)
(list (pam-mkhomedir-service config))) (list (pam-mkhomedir-service config)))
(define default-sssd-conf-file (plain-file "sssd.conf" (string-join (list (define (metznet-activation config)
"[sssd]" #~(if (access? "/bin/zsh" F_OK)
"domains = metznet.ca" (display "zsh already linked")
"services = nss, sudo, pam, ssh, ifp" (begin
"" (display "linking zsh")
"[domain/metznet.ca]" (symlink (string-append #$zsh "/bin/zsh") "/bin/zsh"))))
"id_provider = ldap"
"auth_provider = ldap"
"cache_credentials = True"
"ldap_uri = ldaps://ldap.metznet.ca"
"ldap_tls_reqcert = never"
"ldap_tls_cacertdir = /etc/ssl/certs"
"ldap_search_base = ou=users,ou=accounts,dc=metznet,dc=ca"
(string-append "ldap_default_bind_dn = " (or (getenv "LDAP_BINDDN") ""))
"ldap_default_authtok_type = password"
(string-append "ldap_default_authtok = " (or (getenv "LDAP_BINDPW") ""))
"") "\n")))
(define metznet-service-type (define metznet-service-type
(service-type (service-type (name 'metznet-service)
(name 'metznet-service) (description "MetzNet Services")
(description "MetzNet Services") (extensions (list (service-extension activation-service-type
(extensions metznet-activation)
(list (service-extension pam-root-service-type pam-mkhomedir-services))) (service-extension pam-root-service-type
(default-value '()))) pam-mkhomedir-services)))
(default-value '())))
(define-configuration sssd-configuration
(sssd (file-like sssd) "SSSD Package to use") (define pam-service-list
(config (file-like default-sssd-conf-file) "sssd.conf file")) (list "su" "gdm-password" "login" "sshd" "passwd"))
(define (sssd-pam-service config)
(define sssd-pam-module
(file-append (sssd-configuration-sssd config) "/lib/security/pam_sss.so"))
(lambda (pam)
(if (member (pam-service-name pam) pam-service-list)
(let ((sufficient
(pam-entry
(control "sufficient")
(module sssd-pam-module))))
(pam-service
(inherit pam)
(auth (cons sufficient (pam-service-auth pam)))
(account (cons sufficient (pam-service-account pam)))
(password (cons sufficient (pam-service-password pam)))
(session (cons sufficient (pam-service-session pam)))))
pam)))
(define (sssd-pam-services config)
(list (sssd-pam-service config)))
(define (sssd-shepherd-service config)
(list (shepherd-service
(documentation "")
(provision '(sssd))
(requirement '(networking user-processes))
(start #~(make-forkexec-constructor
(list (string-append #$(sssd-configuration-sssd config) "/sbin/sssd") "-i")
#:user "root"
#:group "root"
#:environment-variables
(list (string-append "LD_LIBRARY_PATH=" #$(sssd-configuration-sssd config) "/lib"))))
(stop #~(make-kill-destructor)))))
(define %sssd-activation
#~(begin
(let ((dbdir "/var/lib/sss/db")
(dbusdir "/var/lib/sss/pipes/private")
(user (getpw "root")))
(mkdir-p/perms dbusdir user #o755)
(mkdir-p/perms dbdir user #o755)
(chmod "/etc/sssd/sssd.conf" #o600))))
(define (sssd-etc-service config)
`(("sssd/sssd.conf" ,(sssd-configuration-config config))))
(define sssd-service-type
(service-type
(name 'sssd)
(description "MetzNet SSSD Service")
(extensions
(list (service-extension pam-root-service-type sssd-pam-services)
(service-extension dbus-root-service-type
(compose
list
sssd-configuration-sssd))
(service-extension etc-service-type sssd-etc-service)
(service-extension activation-service-type (const %sssd-activation))
(service-extension nscd-service-type (const (list sssd)))
(service-extension shepherd-root-service-type sssd-shepherd-service)))
(default-value (sssd-configuration))))
(define pam-service-list (list "su" "gdm-password" "login" "sshd" "passwd"))
(define %metznet-services (define %metznet-services
(list (list (service openssh-service-type
(simple-service 'metznet-ln-service activation-service-type #~(symlink "/run/current-system/profile/bin/zsh" "/bin/zsh")) (openssh-configuration (extra-content
(service openssh-service-type (openssh-configuration "KerberosAuthentication yes")))
(extra-content "KerberosAuthentication yes"))) (service krb5-service-type %metznet-krb5-config)
(service krb5-service-type %metznet-krb5-config) (service pam-krb5-service-type
(service pam-krb5-service-type (pam-krb5-configuration (pam-krb5 pam-krb5) (minimum-uid 1000))) (pam-krb5-configuration (pam-krb5 pam-krb5)
(service sssd-service-type) (minimum-uid 1000)))
(service metznet-service-type pam-service-list))) (service sssd-service-type
(sssd-configuration (pam-services pam-service-list)))
(define %metznet-nscd-configuration (nscd-configuration (service metznet-service-type pam-service-list)))
(caches (append (list
(nscd-cache (define %metznet-nscd-configuration
(database 'passwd) (nscd-configuration (caches (append (list (nscd-cache (database 'passwd)
(positive-time-to-live (* 3600 12)) (positive-time-to-live
(negative-time-to-live 20) (* 3600 12))
(persistent? #t)) (negative-time-to-live
(nscd-cache 20)
(database 'group) (persistent? #t))
(positive-time-to-live (* 3600 12)) (nscd-cache (database 'group)
(negative-time-to-live 20) (positive-time-to-live
(persistent? #t))) (* 3600 12))
%nscd-default-caches)))) (negative-time-to-live
20)
(persistent? #t)))
%nscd-default-caches))))
(define %metznet-desktop-services (define %metznet-desktop-services
(append (append %metznet-services
%metznet-services (modify-services %desktop-services
(modify-services %desktop-services (nscd-service-type config => %metznet-nscd-configuration)
(nscd-service-type config => %metznet-nscd-configuration) (guix-service-type config =>
(elogind-service-type config => (guix-configuration (inherit config)
(elogind-configuration (inherit config) (substitute-urls (append (list
(handle-lid-switch-external-power 'suspend))) "https://substitutes.nonguix.org")
(guix-service-type config => (guix-configuration %default-substitute-urls))
(inherit config) (authorized-keys (append (list
(substitute-urls (plain-file
(append (list "https://substitutes.nonguix.org") "nonguix.pub"
%default-substitute-urls)) "(public-key\n (ecc\n (curve Ed25519)\n (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
(authorized-keys %default-authorized-guix-keys))))
(append (list (plain-file "nonguix.pub" (udev-service-type config =>
"(public-key (udev-configuration (inherit config)
(ecc (rules (append (list
(curve Ed25519) %tun-udev-rule
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) %backlight-udev-rule)
%default-authorized-guix-keys)))) (udev-configuration-rules
(udev-service-type config => config)))))
(udev-configuration (inherit config) (network-manager-service-type config =>
(rules (append (list %tun-udev-rule (network-manager-configuration (inherit
%backlight-udev-rule) config)
(udev-configuration-rules config))))) (vpn-plugins
(network-manager-service-type config => (list
(network-manager-configuration (inherit config) network-manager-openvpn)))))))
(vpn-plugins (list network-manager-openvpn)))))))
(define %metznet-server-services (define %metznet-server-services
(append %metznet-services (append %metznet-services
(list (list (dbus-service)
(dbus-service) (service dhcp-client-service-type)
(service dhcp-client-service-type) (openvpn-client-service #:config (openvpn-client-configuration
(openvpn-client-service (openvpn openvpn)
#:config (openvpn-client-configuration (pid-file
(openvpn openvpn) "/var/run/openvpn/client.pid")
(pid-file "/var/run/openvpn/client.pid") (persist-key? #f)
(persist-key? #f) (tls-auth
(tls-auth "/etc/openvpn/ta.key")))) "/etc/openvpn/ta.key"))))
(modify-services %base-services (modify-services %base-services
(nscd-service-type config => %metznet-nscd-configuration)))) (nscd-service-type config => %metznet-nscd-configuration))))
(define %metznet-base-operating-system (define %metznet-base-operating-system
(operating-system (operating-system
@ -344,39 +249,39 @@
(firmware (list linux-firmware)) (firmware (list linux-firmware))
(initrd microcode-initrd) (initrd microcode-initrd)
;; Grub UEFI Bootloader installed to /boot/efi ;; Grub UEFI Bootloader installed to /boot/efi
(bootloader (bootloader (bootloader-configuration
(bootloader-configuration (bootloader grub-efi-bootloader)
(bootloader grub-efi-bootloader) (targets '("/boot/efi"))
(targets '("/boot/efi")) (keyboard-layout keyboard-layout)))
(keyboard-layout keyboard-layout))) (file-systems (cons* (file-system
(file-systems (cons* (mount-point "/boot/efi")
(file-system (device "/dev/vda1")
(mount-point "/boot/efi") (type "vfat")
(device "/dev/vda1") (check? #f))
(type "vfat") (file-system
(check? #f)) (mount-point "/")
(file-system (device "/dev/vda3")
(mount-point "/") (type "xfs")
(device "/dev/vda3") (check? #f)) %base-file-systems))
(type "xfs")
(check? #f))
%base-file-systems))
(users %metznet-base-user-accounts) (users %metznet-base-user-accounts)
(groups %metznet-base-groups) (groups %metznet-base-groups)
(packages %metznet-base-packages) (packages %metznet-base-packages)
(services (append %metznet-services %base-services)))) (services
(append %metznet-services %base-services))))
(define %metznet-base-server-system (define %metznet-base-server-system
(operating-system (operating-system
(inherit %metznet-base-operating-system) (inherit %metznet-base-operating-system)
(host-name "metznet-base-server") (host-name "metznet-base-server")
(packages %metznet-server-packages) (packages %metznet-base-packages)
(services %metznet-server-services))) (services
%metznet-server-services)))
(define %metznet-base-desktop-system (define %metznet-base-desktop-system
(operating-system (operating-system
(inherit %metznet-base-operating-system) (inherit %metznet-base-operating-system)
(host-name "metznet-base-desktop") (host-name "metznet-base-desktop")
(setuid-programs %desktop-setuid-programs) (setuid-programs %desktop-setuid-programs)
(packages %metznet-desktop-packages) (packages %metznet-desktop-packages)
(services %metznet-desktop-services))) (services
%metznet-desktop-services)))