Added ldap-services, and made root password disabled by default

master
noah metz 2023-12-03 14:22:51 -07:00
parent 6f1a7697b9
commit 4f1abdd876
2 changed files with 17 additions and 22 deletions

@ -7,13 +7,9 @@
#:use-module (gnu services certbot)
#:use-module (gnu services slapd)
#:export (ldap.metznet.ca))
#:export (ldap.metznet.ca ldap-services))
(define-public ldap.metznet.ca
(operating-system
(inherit %metznet-base-server-system)
(host-name "ldap.guix.metznet.ca")
(services
(define-public ldap-services
(append (list (service certbot-service-type
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
@ -21,15 +17,12 @@
("ldap.guix.metznet.ca")))))))
(service slapd-service-type
(slapd-configuration (uris
"ldap:// ldapi:// ldaps:// ldapis://")
(backups (let ((slapd-seeds (getenv
"SLAPD_SEEDS")))
(if slapd-seeds
(map (lambda (ldif)
(local-file
ldif))
(string-split
slapd-seeds
#\:))
'()))))))
%metznet-server-services))))
"ldap:// ldapi:// ldaps:// ldapis://"))))
%metznet-server-services))
(define-public ldap.metznet.ca
(operating-system
(inherit %metznet-base-server-system)
(host-name "ldap.guix.metznet.ca")
(services
ldap-services)))

@ -76,8 +76,10 @@
(name "root")
(group "root")
(uid 0)
(password (crypt (or (getenv "GUIX_ROOT_PW") "root")
"$6$salt"))
(password (let ((env-pw (getenv "GUIX_ROOT_PW")))
(if env-pw
(crypt env-pw "$6$salt")
"!")))
(shell (file-append zsh "/bin/zsh")))) %base-user-accounts))
(define %metznet-base-groups