guix style, organized packages/services, and removed unused dependencies(also got ldap seeding working)
parent
189af1124a
commit
3e7e1c203f
@ -1,17 +1,11 @@
|
|||||||
NONGUIX_DIR ?= ~/Code/nonguix
|
NONGUIX_DIR ?= ~/Code/nonguix
|
||||||
GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org'
|
GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org'
|
||||||
GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR)
|
GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR)
|
||||||
GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS)
|
|
||||||
LIBVIRT_GROUP ?= libvirt
|
|
||||||
|
|
||||||
machines/%.qcow2: machines/%.scm
|
|
||||||
$(eval RO := $(shell $(GUIX_IMAGE_CMD) $<))
|
|
||||||
install -C -m 666 -o $(USER) -g $(LIBVIRT_GROUP) $(RO) $@
|
|
||||||
|
|
||||||
VM_RAM ?= 4000
|
VM_RAM ?= 4000
|
||||||
VM_CPU ?= 4
|
VM_CPU ?= 4
|
||||||
|
|
||||||
.PHONY: machines/%
|
.PHONY: machines/%
|
||||||
machines/%: machines/%.qcow2
|
machines/%: machines/%.scm
|
||||||
$(eval OVMF := $(shell guix build $(GUIX_SUBSTITUTE_FLAG) ovmf))
|
$(eval VM_SCRIPT := $(shell guix system $(GUIX_LIB_FLAGS) $(GUIX_SUBSTITUTE_FLAG) vm $<))
|
||||||
qemu-system-x86_64 -nic bridge,br=virbr0 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin
|
$(VM_SCRIPT) -m $(VM_RAM) -smp $(VM_CPU) -nic user,model=virtio-net-pci
|
||||||
|
@ -0,0 +1,97 @@
|
|||||||
|
(define-module (gnu packages slapd)
|
||||||
|
#:use-module (guix gexp)
|
||||||
|
#:use-module (guix packages)
|
||||||
|
#:use-module (guix download)
|
||||||
|
#:use-module (guix build-system gnu)
|
||||||
|
#:use-module ((guix licenses)
|
||||||
|
#:prefix license:)
|
||||||
|
#:use-module (gnu packages dbm)
|
||||||
|
#:use-module (gnu packages cyrus-sasl)
|
||||||
|
#:use-module (gnu packages tls)
|
||||||
|
#:use-module (gnu packages gnupg)
|
||||||
|
#:use-module (gnu packages compression)
|
||||||
|
#:use-module (gnu packages autotools)
|
||||||
|
#:use-module (gnu packages groff)
|
||||||
|
#:export (openldap-slapd))
|
||||||
|
|
||||||
|
(define-public openldap-slapd
|
||||||
|
(package
|
||||||
|
(name "openldap-slapd")
|
||||||
|
(version "2.6.4")
|
||||||
|
(source (origin
|
||||||
|
(method url-fetch)
|
||||||
|
;; See <http://www.openldap.org/software/download/> for a list of
|
||||||
|
;; mirrors.
|
||||||
|
(uri (list (string-append
|
||||||
|
"http://repository.linagora.org/OpenLDAP"
|
||||||
|
"/openldap-release/openldap-" version ".tgz")
|
||||||
|
(string-append
|
||||||
|
"https://www.openldap.org/software/download/OpenLDAP/"
|
||||||
|
"openldap-release/openldap-" version ".tgz")
|
||||||
|
(string-append
|
||||||
|
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
|
||||||
|
"openldap-release/openldap-" version ".tgz")))
|
||||||
|
(sha256
|
||||||
|
(base32
|
||||||
|
"1489li52sjxm1f97v927jxaxzfk6v9sa32ixrw30qhvq07jh85ym"))))
|
||||||
|
(build-system gnu-build-system)
|
||||||
|
(inputs (list bdb-5.3
|
||||||
|
cyrus-sasl
|
||||||
|
openssl
|
||||||
|
gnutls
|
||||||
|
libgcrypt
|
||||||
|
zlib))
|
||||||
|
(native-inputs (list libltdl libtool groff bdb-5.3))
|
||||||
|
(arguments
|
||||||
|
(list #:tests? #f
|
||||||
|
#:configure-flags #~(list "--disable-static"
|
||||||
|
"--with-tls=openssl"
|
||||||
|
"--enable-slapd"
|
||||||
|
"--enable-crypt"
|
||||||
|
"--enable-modules"
|
||||||
|
"--enable-ldap"
|
||||||
|
"--enable-slapi"
|
||||||
|
"--enable-mdb"
|
||||||
|
"--enable-meta"
|
||||||
|
"--enable-passwd"
|
||||||
|
"--enable-overlays"
|
||||||
|
"--enable-shared"
|
||||||
|
"--with-cyrus-sasl"
|
||||||
|
#$@(if (%current-target-system)
|
||||||
|
'("--with-yielding_select=yes"
|
||||||
|
"ac_cv_func_memcmp_working=yes")
|
||||||
|
'()))
|
||||||
|
;; Disable install stripping as it breaks cross-compiling.
|
||||||
|
#:make-flags #~(list "STRIP=")
|
||||||
|
#:phases #~(modify-phases %standard-phases
|
||||||
|
(add-after 'install 'build-slapd-totp-module
|
||||||
|
(lambda* (#:key source #:allow-other-keys)
|
||||||
|
(begin
|
||||||
|
(chdir "./contrib/slapd-modules/passwd/totp")
|
||||||
|
(mkdir-p (string-append #$output
|
||||||
|
"/libexec/openldap"))
|
||||||
|
(invoke "make" "slapd-totp.lo")
|
||||||
|
(invoke "../../../../libtool"
|
||||||
|
"--mode=link"
|
||||||
|
"gcc"
|
||||||
|
"-rpath"
|
||||||
|
"/libexec/openldap"
|
||||||
|
"-version-info"
|
||||||
|
"0:0:0"
|
||||||
|
"-module"
|
||||||
|
"-o"
|
||||||
|
"pw-totp.la"
|
||||||
|
"slapd-totp.lo"
|
||||||
|
"../../../../libraries/libldap/libldap.la"
|
||||||
|
"../../../../libraries/liblber/liblber.la")
|
||||||
|
(invoke "../../../../libtool" "--mode=install"
|
||||||
|
"cp" "pw-totp.la"
|
||||||
|
(string-append #$output
|
||||||
|
"/libexec/openldap"))
|
||||||
|
(chdir "../../../../")))))))
|
||||||
|
(synopsis "Implementation of the Lightweight Directory Access Protocol")
|
||||||
|
(description
|
||||||
|
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
|
||||||
|
(license license:openldap2.8)
|
||||||
|
(home-page "https://www.openldap.org/")))
|
||||||
|
|
@ -0,0 +1,160 @@
|
|||||||
|
(define-module (gnu services slapd)
|
||||||
|
#:use-module (guix gexp)
|
||||||
|
#:use-module (gnu packages slapd)
|
||||||
|
#:use-module (gnu packages admin)
|
||||||
|
#:use-module (gnu system shadow)
|
||||||
|
#:use-module (gnu services configuration)
|
||||||
|
#:use-module (gnu services shepherd)
|
||||||
|
#:use-module (gnu services base)
|
||||||
|
#:use-module (gnu services)
|
||||||
|
#:use-module (srfi srfi-19)
|
||||||
|
#:export (slapd-configuration slapd-service-type))
|
||||||
|
|
||||||
|
(define list-of-file-like?
|
||||||
|
(list-of file-like?))
|
||||||
|
|
||||||
|
(define-configuration/no-serialization slapd-configuration
|
||||||
|
(openldap (file-like openldap-slapd)
|
||||||
|
"openldap package to use")
|
||||||
|
(home (string "/var/lib/slapd")
|
||||||
|
"slapd home directory")
|
||||||
|
(backups (list-of-file-like '())
|
||||||
|
"alist of databases and their backup ldif files")
|
||||||
|
(backup-date (date (current-date))
|
||||||
|
"date that backup(seed) is from, to not use the same/older seed")
|
||||||
|
(uris (string "ldap:// ldapi://")
|
||||||
|
"slapd uris to accept connections to"))
|
||||||
|
|
||||||
|
(define (slapd-accounts config)
|
||||||
|
(list (user-group
|
||||||
|
(name "slapd")
|
||||||
|
(system? #t))
|
||||||
|
(user-account
|
||||||
|
(name "slapd")
|
||||||
|
(group "slapd")
|
||||||
|
(system? #t)
|
||||||
|
(comment "openldap service account")
|
||||||
|
(home-directory "/var/lib/slapd")
|
||||||
|
(shell #~(string-append #$shadow "/sbin/nologin")))))
|
||||||
|
|
||||||
|
(define (slapd-activation config)
|
||||||
|
(let ((homedir (slapd-configuration-home config))
|
||||||
|
(backups (slapd-configuration-backups config))
|
||||||
|
(ldapdir (slapd-configuration-openldap config)))
|
||||||
|
(with-imported-modules '((srfi srfi-19)
|
||||||
|
(ice-9 textual-ports))
|
||||||
|
#~(begin
|
||||||
|
(use-modules (srfi srfi-19)
|
||||||
|
(ice-9 textual-ports))
|
||||||
|
(define (range n m)
|
||||||
|
(if (>= n m)
|
||||||
|
'()
|
||||||
|
(cons n
|
||||||
|
(range (+ n 1) m))))
|
||||||
|
(define (slapadd-seeds e)
|
||||||
|
(begin
|
||||||
|
(format (current-error-port)
|
||||||
|
"SLAPADD Exception: ~s\n" e)
|
||||||
|
(for-each (lambda (ldif dbno)
|
||||||
|
(begin
|
||||||
|
(invoke (string-append #$sudo
|
||||||
|
"/bin/sudo")
|
||||||
|
"-u"
|
||||||
|
"slapd"
|
||||||
|
"-g"
|
||||||
|
"slapd"
|
||||||
|
(string-append #$ldapdir
|
||||||
|
"/sbin/slapadd")
|
||||||
|
"-F"
|
||||||
|
(string-append #$homedir
|
||||||
|
"/slapd.d")
|
||||||
|
"-n"
|
||||||
|
(number->string dbno)
|
||||||
|
"-l"
|
||||||
|
ldif)))
|
||||||
|
'#+backups
|
||||||
|
(range 0
|
||||||
|
(length `#+backups)))
|
||||||
|
(let ((port (open-output-file (string-append #$homedir
|
||||||
|
"/.last_slapadd_restore")))
|
||||||
|
(time-str #$(date->string (slapd-configuration-backup-date
|
||||||
|
config)
|
||||||
|
"~4")))
|
||||||
|
(begin
|
||||||
|
(put-string port time-str)
|
||||||
|
(close-port port)))))
|
||||||
|
(define (check-slapadd-seed-date)
|
||||||
|
(let* ((verfile (string-append #$homedir
|
||||||
|
"/.last_slapadd_restore"))
|
||||||
|
(port (open-input-file verfile))
|
||||||
|
(date-string (get-string-all port)))
|
||||||
|
(begin
|
||||||
|
(display date-string)
|
||||||
|
(close-port port)
|
||||||
|
(if (> #$(time-second (date->time-utc (slapd-configuration-backup-date
|
||||||
|
config)))
|
||||||
|
(time-second (date->time-utc (string->date
|
||||||
|
date-string
|
||||||
|
"~Y-~m-~dT~H:~M:~S~z"))))
|
||||||
|
(raise-exception (make-message
|
||||||
|
"configured backups newer than last restored"))
|
||||||
|
(display
|
||||||
|
"database seed older than last used seed")))))
|
||||||
|
(let ((user (getpw "slapd")))
|
||||||
|
(mkdir-p/perms "/var/run/slapd" user 493)
|
||||||
|
(mkdir-p/perms #$homedir user 493)
|
||||||
|
(mkdir-p/perms (string-append #$homedir
|
||||||
|
"/slapd.d")
|
||||||
|
user 488)
|
||||||
|
(install-file (string-append #$ldapdir
|
||||||
|
"/libexec/openldap/pw-totp.so")
|
||||||
|
(string-append #$homedir
|
||||||
|
"/modules"))
|
||||||
|
(mkdir-p/perms (string-append #$homedir
|
||||||
|
"/modules")
|
||||||
|
user 488)
|
||||||
|
(mkdir-p/perms (string-append #$homedir
|
||||||
|
"/data") user
|
||||||
|
488))
|
||||||
|
(with-exception-handler slapadd-seeds
|
||||||
|
check-slapadd-seed-date
|
||||||
|
#:unwind? #t)))))
|
||||||
|
|
||||||
|
(define (slapd-shepherd-service config)
|
||||||
|
(list (shepherd-service (documentation "")
|
||||||
|
(provision '(slapd))
|
||||||
|
(requirement '(networking user-processes))
|
||||||
|
(start #~(make-forkexec-constructor (list (string-append #$
|
||||||
|
(slapd-configuration-openldap
|
||||||
|
config)
|
||||||
|
"/libexec/slapd")
|
||||||
|
"-d"
|
||||||
|
"-1"
|
||||||
|
"-F"
|
||||||
|
"/var/lib/slapd/slapd.d"
|
||||||
|
"-u"
|
||||||
|
"slapd"
|
||||||
|
"-g"
|
||||||
|
"slapd")
|
||||||
|
#:environment-variables
|
||||||
|
(list (string-append
|
||||||
|
"LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:"
|
||||||
|
#$(slapd-configuration-home
|
||||||
|
config)
|
||||||
|
"/modules"))
|
||||||
|
#:user "root"
|
||||||
|
#:group "root"))
|
||||||
|
(stop #~(make-kill-destructor)))))
|
||||||
|
|
||||||
|
(define slapd-service-type
|
||||||
|
(service-type (name 'slapd)
|
||||||
|
(description "openldap slapd service")
|
||||||
|
(extensions (list (service-extension account-service-type
|
||||||
|
slapd-accounts)
|
||||||
|
(service-extension activation-service-type
|
||||||
|
slapd-activation)
|
||||||
|
(service-extension
|
||||||
|
shepherd-root-service-type
|
||||||
|
slapd-shepherd-service)))
|
||||||
|
(default-value (slapd-configuration))))
|
||||||
|
|
@ -0,0 +1,109 @@
|
|||||||
|
(define-module (gnu services sssd)
|
||||||
|
#:use-module (guix gexp)
|
||||||
|
#:use-module (gnu system pam)
|
||||||
|
#:use-module (gnu services dbus)
|
||||||
|
#:use-module (gnu services base)
|
||||||
|
#:use-module (gnu services shepherd)
|
||||||
|
#:use-module (gnu packages sssd)
|
||||||
|
#:use-module (gnu services)
|
||||||
|
#:use-module (gnu services configuration)
|
||||||
|
#:export (sssd-configuration sssd-service-type))
|
||||||
|
|
||||||
|
(define-configuration/no-serialization sssd-configuration
|
||||||
|
(sssd (file-like sssd)
|
||||||
|
"SSSD Package to use")
|
||||||
|
(pam-services (list-of-strings '())
|
||||||
|
"List of pam services to use sssd for")
|
||||||
|
(config (file-like
|
||||||
|
default-sssd-conf-file)
|
||||||
|
"sssd.conf file"))
|
||||||
|
|
||||||
|
(define default-sssd-conf-file
|
||||||
|
(plain-file "sssd.conf"
|
||||||
|
(string-join (list "[sssd]"
|
||||||
|
"domains = metznet.ca"
|
||||||
|
"services = nss, sudo, pam, ssh, ifp"
|
||||||
|
""
|
||||||
|
"[domain/metznet.ca]"
|
||||||
|
"id_provider = ldap"
|
||||||
|
"auth_provider = ldap"
|
||||||
|
"cache_credentials = True"
|
||||||
|
"ldap_uri = ldaps://ldap.metznet.ca"
|
||||||
|
"ldap_tls_reqcert = never"
|
||||||
|
"ldap_tls_cacertdir = /etc/ssl/certs"
|
||||||
|
"ldap_search_base = ou=users,ou=accounts,dc=metznet,dc=ca"
|
||||||
|
(string-append "ldap_default_bind_dn = "
|
||||||
|
(or (getenv "LDAP_BINDDN") ""))
|
||||||
|
"ldap_default_authtok_type = password"
|
||||||
|
(string-append "ldap_default_authtok = "
|
||||||
|
(or (getenv "LDAP_BINDPW") ""))
|
||||||
|
"") "\n")))
|
||||||
|
|
||||||
|
(define (sssd-pam-service config)
|
||||||
|
(define sssd-pam-module
|
||||||
|
(file-append (sssd-configuration-sssd config) "/lib/security/pam_sss.so"))
|
||||||
|
(lambda (pam)
|
||||||
|
(if (member (pam-service-name pam)
|
||||||
|
(sssd-configuration-pam-services config))
|
||||||
|
(let ((sufficient (pam-entry (control "sufficient")
|
||||||
|
(module sssd-pam-module))))
|
||||||
|
(pam-service (inherit pam)
|
||||||
|
(auth (cons sufficient
|
||||||
|
(pam-service-auth pam)))
|
||||||
|
(account (cons sufficient
|
||||||
|
(pam-service-account pam)))
|
||||||
|
(password (cons sufficient
|
||||||
|
(pam-service-password pam)))
|
||||||
|
(session (cons sufficient
|
||||||
|
(pam-service-session pam))))) pam)))
|
||||||
|
|
||||||
|
(define (sssd-pam-services config)
|
||||||
|
(list (sssd-pam-service config)))
|
||||||
|
|
||||||
|
(define (sssd-shepherd-service config)
|
||||||
|
(list (shepherd-service (documentation "")
|
||||||
|
(provision '(sssd))
|
||||||
|
(requirement '(networking user-processes))
|
||||||
|
(start #~(make-forkexec-constructor (list (string-append #$
|
||||||
|
(sssd-configuration-sssd
|
||||||
|
config)
|
||||||
|
"/sbin/sssd")
|
||||||
|
"-i"
|
||||||
|
"-c/var/lib/sss/sssd.conf")
|
||||||
|
#:user "root"
|
||||||
|
#:group "root"
|
||||||
|
#:environment-variables
|
||||||
|
(list (string-append
|
||||||
|
"LD_LIBRARY_PATH="
|
||||||
|
#$(sssd-configuration-sssd
|
||||||
|
config)
|
||||||
|
"/lib"))))
|
||||||
|
(stop #~(make-kill-destructor)))))
|
||||||
|
|
||||||
|
(define (sssd-activation config)
|
||||||
|
#~(begin
|
||||||
|
(let ((dbdir "/var/lib/sss/db")
|
||||||
|
(dbusdir "/var/lib/sss/pipes/private")
|
||||||
|
(user (getpw "root")))
|
||||||
|
(mkdir-p/perms dbusdir user 493)
|
||||||
|
(mkdir-p/perms dbdir user 493)
|
||||||
|
(copy-file #$(sssd-configuration-config config)
|
||||||
|
"/var/lib/sss/sssd.conf")
|
||||||
|
(chmod "/var/lib/sss/sssd.conf" #o600))))
|
||||||
|
|
||||||
|
(define-public sssd-service-type
|
||||||
|
(service-type (name 'sssd)
|
||||||
|
(description "SSSD Service")
|
||||||
|
(extensions (list (service-extension pam-root-service-type
|
||||||
|
sssd-pam-services)
|
||||||
|
(service-extension dbus-root-service-type
|
||||||
|
(compose list
|
||||||
|
sssd-configuration-sssd))
|
||||||
|
(service-extension activation-service-type
|
||||||
|
sssd-activation)
|
||||||
|
(service-extension nscd-service-type
|
||||||
|
(const (list sssd)))
|
||||||
|
(service-extension
|
||||||
|
shepherd-root-service-type
|
||||||
|
sssd-shepherd-service)))
|
||||||
|
(default-value (sssd-configuration))))
|
@ -1,169 +1,24 @@
|
|||||||
(define-module (machines base-desktop)
|
(define-module (machines base-desktop)
|
||||||
#:use-module (system base-system)
|
#:use-module (gnu system)
|
||||||
#:use-module (guix gexp)
|
#:use-module (guix gexp)
|
||||||
#:use-module (guix build utils)
|
#:use-module (system base-system)
|
||||||
#:use-module (guix packages)
|
#:use-module (gnu packages slapd)
|
||||||
#:use-module (guix download)
|
#:use-module (gnu services)
|
||||||
#:use-module (guix build-system gnu)
|
|
||||||
#:use-module (guix build-system copy)
|
|
||||||
#:use-module ((guix licenses) #:prefix license:)
|
|
||||||
#:use-module (gnu)
|
|
||||||
#:use-module (gnu services configuration)
|
|
||||||
#:use-module (gnu services shepherd)
|
|
||||||
#:use-module (gnu services certbot)
|
#:use-module (gnu services certbot)
|
||||||
#:use-module (gnu packages openldap)
|
#:use-module (gnu services slapd))
|
||||||
#:use-module (gnu packages dbm)
|
|
||||||
#:use-module (gnu packages groff)
|
|
||||||
#:use-module (gnu packages autotools)
|
|
||||||
#:use-module (gnu packages cyrus-sasl)
|
|
||||||
#:use-module (gnu packages tls)
|
|
||||||
#:use-module (gnu packages perl)
|
|
||||||
#:use-module (gnu packages python)
|
|
||||||
#:use-module (gnu packages gnupg)
|
|
||||||
#:use-module (gnu packages base)
|
|
||||||
#:use-module (gnu packages compression)
|
|
||||||
#:use-module (gnu packages admin))
|
|
||||||
|
|
||||||
(define-public openldap-slapd
|
|
||||||
(package
|
|
||||||
(name "openldap-slapd")
|
|
||||||
(version "2.6.4")
|
|
||||||
(source (origin
|
|
||||||
(method url-fetch)
|
|
||||||
;; See <http://www.openldap.org/software/download/> for a list of
|
|
||||||
;; mirrors.
|
|
||||||
(uri (list (string-append
|
|
||||||
"http://repository.linagora.org/OpenLDAP"
|
|
||||||
"/openldap-release/openldap-" version ".tgz")
|
|
||||||
(string-append
|
|
||||||
"https://www.openldap.org/software/download/OpenLDAP/"
|
|
||||||
"openldap-release/openldap-" version ".tgz")
|
|
||||||
(string-append
|
|
||||||
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
|
|
||||||
"openldap-release/openldap-" version ".tgz")))
|
|
||||||
(sha256
|
|
||||||
(base32
|
|
||||||
"1489li52sjxm1f97v927jxaxzfk6v9sa32ixrw30qhvq07jh85ym"))))
|
|
||||||
(build-system gnu-build-system)
|
|
||||||
(inputs (list bdb-5.3 cyrus-sasl openssl gnutls libgcrypt zlib))
|
|
||||||
(native-inputs (list libltdl libtool groff bdb-5.3))
|
|
||||||
(arguments
|
|
||||||
(list
|
|
||||||
#:tests? #f
|
|
||||||
#:configure-flags
|
|
||||||
#~(list "--disable-static"
|
|
||||||
"--with-tls=openssl"
|
|
||||||
"--enable-slapd"
|
|
||||||
"--enable-crypt"
|
|
||||||
"--enable-modules"
|
|
||||||
"--enable-ldap"
|
|
||||||
"--enable-slapi"
|
|
||||||
"--enable-mdb"
|
|
||||||
"--enable-meta"
|
|
||||||
"--enable-passwd"
|
|
||||||
"--enable-overlays"
|
|
||||||
"--enable-shared"
|
|
||||||
"--with-cyrus-sasl"
|
|
||||||
#$@(if (%current-target-system)
|
|
||||||
'("--with-yielding_select=yes"
|
|
||||||
"ac_cv_func_memcmp_working=yes")
|
|
||||||
'()))
|
|
||||||
;; Disable install stripping as it breaks cross-compiling.
|
|
||||||
#:make-flags
|
|
||||||
#~(list "STRIP=")
|
|
||||||
#:phases
|
|
||||||
#~(modify-phases %standard-phases (add-after 'install 'build-slapd-totp-module
|
|
||||||
(lambda* (#:key source #:allow-other-keys)
|
|
||||||
(begin
|
|
||||||
(chdir "./contrib/slapd-modules/passwd/totp")
|
|
||||||
(mkdir-p (string-append #$output "/libexec/openldap"))
|
|
||||||
(invoke "make" "slapd-totp.lo")
|
|
||||||
(invoke "../../../../libtool" "--mode=link" "gcc" "-rpath" "/libexec/openldap" "-version-info" "0:0:0" "-module" "-o" "pw-totp.la" "slapd-totp.lo" "../../../../libraries/libldap/libldap.la" "../../../../libraries/liblber/liblber.la")
|
|
||||||
(invoke "../../../../libtool" "--mode=install" "cp" "pw-totp.la" (string-append #$output "/libexec/openldap"))
|
|
||||||
(chdir "../../../../")))))))
|
|
||||||
(synopsis "Implementation of the Lightweight Directory Access Protocol")
|
|
||||||
(description
|
|
||||||
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
|
|
||||||
(license license:openldap2.8)
|
|
||||||
(home-page "https://www.openldap.org/")))
|
|
||||||
|
|
||||||
|
|
||||||
(define list-of-file-like?
|
|
||||||
(list-of file-like?))
|
|
||||||
|
|
||||||
(define-configuration/no-serialization slapd-configuration
|
|
||||||
(openldap (file-like openldap-slapd)
|
|
||||||
"openldap package to use")
|
|
||||||
(home (string "/var/lib/slapd") "slapd home directory")
|
|
||||||
(backups (list-of-file-like '()) "alist of databases and their backup ldif files")
|
|
||||||
(uris (string "ldap:// ldapi://")
|
|
||||||
"slapd uris to accept connections to"))
|
|
||||||
|
|
||||||
|
|
||||||
(define (slapd-accounts config)
|
|
||||||
(list (user-group
|
|
||||||
(name "slapd")
|
|
||||||
(system? #t))
|
|
||||||
(user-account
|
|
||||||
(name "slapd")
|
|
||||||
(group "slapd")
|
|
||||||
(system? #t)
|
|
||||||
(comment "openldap service account")
|
|
||||||
(home-directory "/var/lib/slapd")
|
|
||||||
(shell #~(string-append #$shadow "/sbin/nologin")))))
|
|
||||||
|
|
||||||
(define (slapd-activation config)
|
|
||||||
(let
|
|
||||||
((homedir (slapd-configuration-home config))
|
|
||||||
(backups (slapd-configuration-backups config))
|
|
||||||
(ldapdir (slapd-configuration-openldap config)))
|
|
||||||
#~(begin
|
|
||||||
(define (range n m)
|
|
||||||
(if (>= n m) '() (cons n (range (+ n 1) m))))
|
|
||||||
(let ((user (getpw "slapd")))
|
|
||||||
(mkdir-p/perms "/var/run/slapd" user #o755)
|
|
||||||
(mkdir-p/perms #$homedir user #o755)
|
|
||||||
(mkdir-p/perms (string-append #$homedir "/slapd.d") user #o750)
|
|
||||||
(install-file (string-append #$ldapdir "/libexec/openldap/pw-totp.so") (string-append #$homedir "/modules"))
|
|
||||||
(mkdir-p/perms (string-append #$homedir "/modules") user #o750)
|
|
||||||
(mkdir-p/perms (string-append #$homedir "/data") user #o750))
|
|
||||||
; TODO: read the time of the last written backups to check if slapadd needs to happen, and after slapadd write the "time" from the config of the backups so that they don't get applied again to the same directory
|
|
||||||
(for-each (lambda (ldif dbno) (invoke (string-append #$sudo "/bin/sudo") "-u" "slapd" "-g" "slapd" (string-append #$ldapdir "/sbin/slapadd") "-F" (string-append #$homedir "/slapd.d") "-n" (number->string dbno) "-l" ldif)) '#+backups (range 0 (length `#+backups))))))
|
|
||||||
|
|
||||||
(define (slapd-shepherd-service config)
|
|
||||||
(list (shepherd-service
|
|
||||||
(documentation "")
|
|
||||||
(provision '(slapd))
|
|
||||||
(requirement '(networking user-processes))
|
|
||||||
(start #~(make-forkexec-constructor
|
|
||||||
(list (string-append #$(slapd-configuration-openldap config) "/libexec/slapd") "-d" "-1" "-F" "/var/lib/slapd/slapd.d" "-u" "slapd" "-g" "slapd")
|
|
||||||
#:environment-variables (list (string-append "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:" #$(slapd-configuration-openldap config) "/libexec/openldap"))
|
|
||||||
#:user "root"
|
|
||||||
#:group "root"))
|
|
||||||
(stop #~(make-kill-destructor)))))
|
|
||||||
|
|
||||||
(define slapd-service-type
|
|
||||||
(service-type (name 'slapd)
|
|
||||||
(description "openldap slapd service")
|
|
||||||
(extensions (list
|
|
||||||
(service-extension account-service-type slapd-accounts)
|
|
||||||
(service-extension activation-service-type slapd-activation)
|
|
||||||
(service-extension shepherd-root-service-type slapd-shepherd-service)))
|
|
||||||
(default-value (slapd-configuration))))
|
|
||||||
|
|
||||||
(operating-system
|
(operating-system
|
||||||
(inherit %metznet-base-server-system)
|
(inherit %metznet-base-server-system)
|
||||||
(host-name "ldap-guix.metznet.ca")
|
(host-name "ldap-guix.metznet.ca")
|
||||||
(packages %metznet-server-packages)
|
|
||||||
(services
|
(services
|
||||||
(append (list
|
(append (list (service certbot-service-type
|
||||||
(service certbot-service-type
|
(certbot-configuration (email "noah@metznet.ca")
|
||||||
(certbot-configuration
|
(certificates (list (certificate-configuration
|
||||||
(email "noah@metznet.ca")
|
(domains '
|
||||||
(certificates
|
("ldap-guix.metznet.ca")))))))
|
||||||
(list
|
(service slapd-service-type
|
||||||
(certificate-configuration
|
(slapd-configuration (backups (list (local-file
|
||||||
(domains '("ldap-guix.metznet.ca")))))))
|
"0.ldif")
|
||||||
(service slapd-service-type
|
(local-file
|
||||||
(slapd-configuration
|
"1.ldif"))))))
|
||||||
(backups (list (local-file "0.ldif") (local-file "1.ldif")))))) %metznet-server-services)))
|
%metznet-server-services)))
|
||||||
|
Loading…
Reference in New Issue