MetzNet
/
metznet-channel
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed makefile, and moved sssd configuration from a string variable to a guix configuration

master
noah metz 2023-12-03 01:00:53 -07:00
parent 5c5704e988
commit 5d42b8e470
3 changed files with 127 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
Makefile
Unescape Escape View File

@ -1,103 +1,21 @@
GUIX_SUBSTITUTE_FLAG
=
--substitute-urls='https://ci.guix.gnu.org
https://substitutes.nonguix.org'
GUIX_LIB_FLAGS
?=
-L
./
LIBVIRT_GROUP
?=
libvirt
LIBVIRT_USER
?=
$
(USER)
GUIX_IMAGE_CMD
?=
guix
system
image
$
(GUIX_SUBSTITUTE_FLAG)
--image-type=qcow2
$
(GUIX_LIB_FLAGS)
GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org'
GUIX_LIB_FLAGS ?= -L ./
LIBVIRT_GROUP ?= libvirt
LIBVIRT_USER ?= $(USER)
GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS)
VM_RAM
?=
4000
VM_CPU
?=
4
VM_RAM ?= 4000
VM_CPU ?= 4
%.qcow2:
%.scm
$
(eval RO := $
(shell $
(GUIX_IMAGE_CMD) $<))
install
-C
-m
666
-o
$
(LIBVIRT_USER)
-g
$
(LIBVIRT_GROUP)
$
(RO)
$@
%.qcow2: %.scm
$(eval RO := $(shell $(GUIX_IMAGE_CMD) $<))
install -C -m 666 -o $(LIBVIRT_USER) -g $(LIBVIRT_GROUP) $(RO) $@
%:
%.qcow2
$
(eval OVMF := $
(shell guix build $
(GUIX_SUBSTITUTE_FLAG) ovmf))
qemu-system-x86_64
-nic
user,model=virtio-net-pci
-enable-kvm
-hda
$<
-m
$
(VM_RAM)
-smp
$
(VM_CPU)
-bios
$
(OVMF)
/share/firmware/ovmf_x64.bin
%: %.qcow2
$(eval OVMF := $(shell guix build $(GUIX_SUBSTITUTE_FLAG) ovmf))
qemu-system-x86_64 -nic user,model=virtio-net-pci -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin
.PHONY:
%
%-ro:
%.scm
$
(eval VM_SCRIPT := $
(shell guix
system
$
(GUIX_LIB_FLAGS)
$
(GUIX_SUBSTITUTE_FLAG)
vm
$<
--expose=$
(PWD)
/pki=/var/lib/openvpn))
$
(VM_SCRIPT)
-m
$
(VM_RAM)
-smp
$
(VM_CPU)
-nic
user,model=virtio-net-pci
.PHONY: %
%-ro: %.scm
$(eval VM_SCRIPT := $(shell guix system $(GUIX_LIB_FLAGS) $(GUIX_SUBSTITUTE_FLAG) vm $< --expose=$(PWD)/pki=/var/lib/openvpn))
$(VM_SCRIPT) -m $(VM_RAM) -smp $(VM_CPU) -nic user,model=virtio-net-pci

115
gnu/services/sssd.scm
Unescape Escape View File

@ -7,40 +7,80 @@
#:use-module (gnu packages sssd)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:export (sssd-configuration sssd-service-type))
(define default-sssd-conf-file
(plain-file "sssd.conf"
(string-join (list "[sssd]"
"domains = metznet.ca"
"services = nss, sudo, pam, ssh, ifp"
""
"[domain/metznet.ca]"
"id_provider = ldap"
"auth_provider = ldap"
"cache_credentials = True"
"ldap_uri = ldaps://ldap.metznet.ca"
"ldap_tls_reqcert = never"
"ldap_tls_cacertdir = /etc/ssl/certs"
"ldap_search_base = ou=users,ou=accounts,dc=metznet,dc=ca"
(string-append "ldap_default_bind_dn = "
(or (getenv "LDAP_BINDDN") ""))
"ldap_default_authtok_type = password"
(string-append "ldap_default_authtok = "
(or (getenv "LDAP_BINDPW") ""))
"") "\n")))
(define-configuration/no-serialization sssd-configuration
(sssd (file-like sssd)
"SSSD Package to use")
(pam-services (list-of-strings (list "su" "gdm-password"
"login" "sshd"
"passwd"))
"List of pam services to use sssd for")
(config (file-like
default-sssd-conf-file)
"sssd.conf file"))
#:export (sssd-domain-configuration sssd-configuration sssd-service-type))
(define-maybe string)
(define (serialize-field conv)
(lambda (name value)
(string-append (symbol->string name) " = "
(conv value) "\n")))
(define serialize-string
(serialize-field (lambda (val)
val)))
(define-maybe boolean)
(define serialize-boolean
(serialize-field (lambda (val)
(if val "True" "False"))))
(define-configuration sssd-domain-configuration
(id_provider maybe-string "id provider")
(auth_provider maybe-string "auth provider")
(cache_credentials maybe-boolean "cache credentials")
(ldap_uri maybe-string "ldap server uri")
(ldap_tls_reqcert maybe-string "tls_reqcert")
(ldap_tls_cacertdir maybe-string
"ca certificate directory")
(ldap_search_base maybe-string "base dn for search")
(ldap_default_bind_dn maybe-string
"dn to bind for search")
(ldap_default_authtok_type maybe-string
"ldap auth token type")
(ldap_default_authtok maybe-string
"token to use for ldap bind"))
(define (sssd-domain-configuration-with-name? val)
(if (pair? val)
(if (string? (car val))
(if (sssd-domain-configuration? (cdr val)) #t) #t) #f))
(define list-of-sssd-domain-configurations?
(list-of sssd-domain-configuration-with-name?))
(define (serialize-sssd-domain-and-name value)
(let ((name (car value))
(config (cdr value)))
#~(string-append "[domain/"
#$name "]\n"
#$(serialize-configuration config
sssd-domain-configuration-fields))))
(define (serialize-list-of-sssd-domain-configurations name value)
#~(string-append "domains = "
(string-join (list #$@(map (lambda (x)
(car x)) value)) ", ") "\n\n"
(string-join (list #$@(map serialize-sssd-domain-and-name
value)) "\n")))
(define serialize-list-of-strings
(serialize-field (lambda (value)
(string-join value ", "))))
(define-configuration sssd-configuration
(sssd (file-like sssd) "sssd package to use")
(pam-services (list-of-strings (list "su" "gdm-password"
"login" "sshd"
"passwd"))
"list of pam services to configure login for"
(lambda (a b)
""))
(services (list-of-strings (list "nss" "sudo" "pam"
"ssh" "ifp"))
"list of services")
(domains (list-of-sssd-domain-configurations '())
"sssd domains to configure"))
(define (sssd-pam-service config)
(define sssd-pam-module
@ -83,6 +123,12 @@
"/lib"))))
(stop #~(make-kill-destructor)))))
(define (sssd-configuration-file config)
(mixed-text-file "sssd.conf"
#~(string-append "[sssd]\n"
#$(serialize-configuration config
sssd-configuration-fields))))
(define (sssd-activation config)
#~(begin
(let ((dbdir "/var/lib/sss/db")
@ -90,8 +136,7 @@
(user (getpw "root")))
(mkdir-p/perms dbusdir user 493)
(mkdir-p/perms dbdir user 493)
(copy-file #$(sssd-configuration-config config)
"/var/lib/sss/sssd.conf")
(copy-file #$(sssd-configuration-file config) "/var/lib/sss/sssd.conf")
(chmod "/var/lib/sss/sssd.conf" #o600))))
(define-public sssd-service-type

31
metznet/system/base-system.scm
Unescape Escape View File

@ -220,6 +220,35 @@
pam-mkhomedir-services)))
(default-value (metznet-system-configuration))))
(define %metznet-sssd-configuration
(sssd-configuration (domains (list (cons "metznet.ca"
(sssd-domain-configuration (id_provider
"ldap")
(auth_provider
"ldap")
(cache_credentials
#t)
(ldap_uri
"ldaps://ldap.metznet.ca")
(ldap_tls_reqcert
"never")
(ldap_tls_cacertdir
"/etc/ssl/certs")
(ldap_search_base
"dc=metznet,dc=ca")
(ldap_default_bind_dn
(or (getenv
"LDAP_BIND_DN")
"uid=guix,ou=system,ou=accounts,dc=metznet,dc=ca"))
(ldap_default_authtok_type
(or (getenv
"LDAP_AUTHTOK_TYPE")
"password"))
(ldap_default_authtok
(or (getenv
"LDAP_AUTHTOK")
%unset-value))))))))
(define %metznet-services
(list (service openssh-service-type
(openssh-configuration (extra-content
@ -228,7 +257,7 @@
(service pam-krb5-service-type
(pam-krb5-configuration (pam-krb5 pam-krb5)
(minimum-uid 1000)))
(service sssd-service-type)
(service sssd-service-type %metznet-sssd-configuration)
(service metznet-service-type)))
(define %metznet-nscd-configuration