Added ldap-services, and made root password disabled by default

master
noah metz 2023-12-03 14:22:51 -07:00
parent 6f1a7697b9
commit 4f1abdd876
2 changed files with 17 additions and 22 deletions

@ -7,29 +7,22 @@
#:use-module (gnu services certbot) #:use-module (gnu services certbot)
#:use-module (gnu services slapd) #:use-module (gnu services slapd)
#:export (ldap.metznet.ca)) #:export (ldap.metznet.ca ldap-services))
(define-public ldap-services
(append (list (service certbot-service-type
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
(domains '
("ldap.guix.metznet.ca")))))))
(service slapd-service-type
(slapd-configuration (uris
"ldap:// ldapi:// ldaps:// ldapis://"))))
%metznet-server-services))
(define-public ldap.metznet.ca (define-public ldap.metznet.ca
(operating-system (operating-system
(inherit %metznet-base-server-system) (inherit %metznet-base-server-system)
(host-name "ldap.guix.metznet.ca") (host-name "ldap.guix.metznet.ca")
(services (services
(append (list (service certbot-service-type ldap-services)))
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
(domains '
("ldap.guix.metznet.ca")))))))
(service slapd-service-type
(slapd-configuration (uris
"ldap:// ldapi:// ldaps:// ldapis://")
(backups (let ((slapd-seeds (getenv
"SLAPD_SEEDS")))
(if slapd-seeds
(map (lambda (ldif)
(local-file
ldif))
(string-split
slapd-seeds
#\:))
'()))))))
%metznet-server-services))))

@ -76,8 +76,10 @@
(name "root") (name "root")
(group "root") (group "root")
(uid 0) (uid 0)
(password (crypt (or (getenv "GUIX_ROOT_PW") "root") (password (let ((env-pw (getenv "GUIX_ROOT_PW")))
"$6$salt")) (if env-pw
(crypt env-pw "$6$salt")
"!")))
(shell (file-append zsh "/bin/zsh")))) %base-user-accounts)) (shell (file-append zsh "/bin/zsh")))) %base-user-accounts))
(define %metznet-base-groups (define %metznet-base-groups