From 4f1abdd876e3e55ac9bb753121b38fef79b0337c Mon Sep 17 00:00:00 2001 From: Noah Metz Date: Sun, 3 Dec 2023 14:22:51 -0700 Subject: [PATCH] Added ldap-services, and made root password disabled by default --- metznet/machines/ldap.scm | 33 +++++++++++++-------------------- metznet/system/base-system.scm | 6 ++++-- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/metznet/machines/ldap.scm b/metznet/machines/ldap.scm index 3e9dc9e..2ed581d 100644 --- a/metznet/machines/ldap.scm +++ b/metznet/machines/ldap.scm @@ -7,29 +7,22 @@ #:use-module (gnu services certbot) #:use-module (gnu services slapd) - #:export (ldap.metznet.ca)) + #:export (ldap.metznet.ca ldap-services)) + +(define-public ldap-services + (append (list (service certbot-service-type + (certbot-configuration (email "admin@metznet.ca") + (certificates (list (certificate-configuration + (domains ' + ("ldap.guix.metznet.ca"))))))) + (service slapd-service-type + (slapd-configuration (uris + "ldap:// ldapi:// ldaps:// ldapis://")))) + %metznet-server-services)) (define-public ldap.metznet.ca (operating-system (inherit %metznet-base-server-system) (host-name "ldap.guix.metznet.ca") (services - (append (list (service certbot-service-type - (certbot-configuration (email "admin@metznet.ca") - (certificates (list (certificate-configuration - (domains ' - ("ldap.guix.metznet.ca"))))))) - (service slapd-service-type - (slapd-configuration (uris - "ldap:// ldapi:// ldaps:// ldapis://") - (backups (let ((slapd-seeds (getenv - "SLAPD_SEEDS"))) - (if slapd-seeds - (map (lambda (ldif) - (local-file - ldif)) - (string-split - slapd-seeds - #\:)) - '())))))) - %metznet-server-services)))) + ldap-services))) diff --git a/metznet/system/base-system.scm b/metznet/system/base-system.scm index bb674a2..cb96245 100644 --- a/metznet/system/base-system.scm +++ b/metznet/system/base-system.scm @@ -76,8 +76,10 @@ (name "root") (group "root") (uid 0) - (password (crypt (or (getenv "GUIX_ROOT_PW") "root") - "$6$salt")) + (password (let ((env-pw (getenv "GUIX_ROOT_PW"))) + (if env-pw + (crypt env-pw "$6$salt") + "!"))) (shell (file-append zsh "/bin/zsh")))) %base-user-accounts)) (define %metznet-base-groups