Added ldap-services, and made root password disabled by default

master
noah metz 2023-12-03 14:22:51 -07:00
parent 6f1a7697b9
commit 4f1abdd876
2 changed files with 17 additions and 22 deletions

@ -7,13 +7,9 @@
#:use-module (gnu services certbot) #:use-module (gnu services certbot)
#:use-module (gnu services slapd) #:use-module (gnu services slapd)
#:export (ldap.metznet.ca)) #:export (ldap.metznet.ca ldap-services))
(define-public ldap.metznet.ca (define-public ldap-services
(operating-system
(inherit %metznet-base-server-system)
(host-name "ldap.guix.metznet.ca")
(services
(append (list (service certbot-service-type (append (list (service certbot-service-type
(certbot-configuration (email "admin@metznet.ca") (certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration (certificates (list (certificate-configuration
@ -21,15 +17,12 @@
("ldap.guix.metznet.ca"))))))) ("ldap.guix.metznet.ca")))))))
(service slapd-service-type (service slapd-service-type
(slapd-configuration (uris (slapd-configuration (uris
"ldap:// ldapi:// ldaps:// ldapis://") "ldap:// ldapi:// ldaps:// ldapis://"))))
(backups (let ((slapd-seeds (getenv %metznet-server-services))
"SLAPD_SEEDS")))
(if slapd-seeds (define-public ldap.metznet.ca
(map (lambda (ldif) (operating-system
(local-file (inherit %metznet-base-server-system)
ldif)) (host-name "ldap.guix.metznet.ca")
(string-split (services
slapd-seeds ldap-services)))
#\:))
'()))))))
%metznet-server-services))))

@ -76,8 +76,10 @@
(name "root") (name "root")
(group "root") (group "root")
(uid 0) (uid 0)
(password (crypt (or (getenv "GUIX_ROOT_PW") "root") (password (let ((env-pw (getenv "GUIX_ROOT_PW")))
"$6$salt")) (if env-pw
(crypt env-pw "$6$salt")
"!")))
(shell (file-append zsh "/bin/zsh")))) %base-user-accounts)) (shell (file-append zsh "/bin/zsh")))) %base-user-accounts))
(define %metznet-base-groups (define %metznet-base-groups