Added slapd activation to write db backup, need to make conditional and set condition when written(date-of-backup-based)

master
noah metz 2023-11-29 01:39:08 -07:00
parent 27b48e2c45
commit 5fcef6d78a
3 changed files with 141 additions and 12 deletions

@ -1,5 +1,5 @@
NONGUIX_DIR ?= ~/Code/nonguix NONGUIX_DIR ?= ~/Code/nonguix
GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://bordeaux.guix.gnu.org https://substitutes.nonguix.org' GUIX_SUBSTITUTE_FLAG = --substitute-urls='https://ci.guix.gnu.org https://substitutes.nonguix.org'
GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR) GUIX_LIB_FLAGS = -L ./ -L $(NONGUIX_DIR)
GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS) GUIX_IMAGE_CMD ?= guix system image $(GUIX_SUBSTITUTE_FLAG) --image-type=qcow2 $(GUIX_LIB_FLAGS)
LIBVIRT_GROUP ?= libvirt LIBVIRT_GROUP ?= libvirt

@ -1,19 +1,105 @@
(define-module (machines base-desktop) (define-module (machines base-desktop)
#:use-module (system base-system) #:use-module (system base-system)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (guix build utils)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (guix build-system copy)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu) #:use-module (gnu)
#:use-module (gnu services configuration) #:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu services certbot)
#:use-module (gnu packages openldap) #:use-module (gnu packages openldap)
#:use-module (gnu packages dbm)
#:use-module (gnu packages groff)
#:use-module (gnu packages autotools)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages tls)
#:use-module (gnu packages perl)
#:use-module (gnu packages python)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages base)
#:use-module (gnu packages compression)
#:use-module (gnu packages admin)) #:use-module (gnu packages admin))
(define-public openldap-slapd
(package
(name "openldap-slapd")
(version "2.6.4")
(source (origin
(method url-fetch)
;; See <http://www.openldap.org/software/download/> for a list of
;; mirrors.
(uri (list (string-append
"http://repository.linagora.org/OpenLDAP"
"/openldap-release/openldap-" version ".tgz")
(string-append
"https://www.openldap.org/software/download/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")
(string-append
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")))
(sha256
(base32
"1489li52sjxm1f97v927jxaxzfk6v9sa32ixrw30qhvq07jh85ym"))))
(build-system gnu-build-system)
(inputs (list bdb-5.3 cyrus-sasl openssl gnutls libgcrypt zlib))
(native-inputs (list libltdl libtool groff bdb-5.3))
(arguments
(list
#:tests? #f
#:configure-flags
#~(list "--disable-static"
"--with-tls=openssl"
"--enable-slapd"
"--enable-crypt"
"--enable-modules"
"--enable-ldap"
"--enable-slapi"
"--enable-mdb"
"--enable-meta"
"--enable-passwd"
"--enable-overlays"
"--enable-shared"
"--with-cyrus-sasl"
#$@(if (%current-target-system)
'("--with-yielding_select=yes"
"ac_cv_func_memcmp_working=yes")
'()))
;; Disable install stripping as it breaks cross-compiling.
#:make-flags
#~(list "STRIP=")
#:phases
#~(modify-phases %standard-phases (add-after 'install 'build-slapd-totp-module
(lambda* (#:key source #:allow-other-keys)
(begin
(chdir "./contrib/slapd-modules/passwd/totp")
(mkdir-p (string-append #$output "/libexec/openldap"))
(invoke "make" "slapd-totp.lo")
(invoke "../../../../libtool" "--mode=link" "gcc" "-rpath" "/libexec/openldap" "-version-info" "0:0:0" "-module" "-o" "pw-totp.la" "slapd-totp.lo" "../../../../libraries/libldap/libldap.la" "../../../../libraries/liblber/liblber.la")
(invoke "../../../../libtool" "--mode=install" "cp" "pw-totp.la" (string-append #$output "/libexec/openldap"))
(chdir "../../../../")))))))
(synopsis "Implementation of the Lightweight Directory Access Protocol")
(description
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
(license license:openldap2.8)
(home-page "https://www.openldap.org/")))
(define list-of-file-like?
(list-of file-like?))
(define-configuration/no-serialization slapd-configuration (define-configuration/no-serialization slapd-configuration
(openldap (file-like openldap) (openldap (file-like openldap-slapd)
"openldap package to use") "openldap package to use")
(slapd-uris (list-of-strings (list (home (string "/var/lib/slapd") "slapd home directory")
"ldap://" (backups (list-of-file-like '()) "alist of databases and their backup ldif files")
"ldapi://")) (uris (string "ldap:// ldapi://")
"slapd uris to accept connections to")) "slapd uris to accept connections to"))
(define (slapd-accounts config) (define (slapd-accounts config)
(list (user-group (list (user-group
(name "slapd") (name "slapd")
@ -26,16 +112,59 @@
(home-directory "/var/lib/slapd") (home-directory "/var/lib/slapd")
(shell #~(string-append #$shadow "/sbin/nologin"))))) (shell #~(string-append #$shadow "/sbin/nologin")))))
(define (slapd-activation config)
(let
((homedir (slapd-configuration-home config))
(backups (slapd-configuration-backups config))
(ldapdir (slapd-configuration-openldap config)))
#~(begin
(define (range n m)
(if (>= n m) '() (cons n (range (+ n 1) m))))
(let ((user (getpw "slapd")))
(mkdir-p/perms "/var/run/slapd" user #o755)
(mkdir-p/perms #$homedir user #o755)
(mkdir-p/perms (string-append #$homedir "/slapd.d") user #o750)
(install-file (string-append #$ldapdir "/libexec/openldap/pw-totp.so") (string-append #$homedir "/modules"))
(mkdir-p/perms (string-append #$homedir "/modules") user #o750)
(mkdir-p/perms (string-append #$homedir "/data") user #o750))
; TODO: read the time of the last written backups to check if slapadd needs to happen, and after slapadd write the "time" from the config of the backups so that they don't get applied again to the same directory
(for-each (lambda (ldif dbno) (invoke (string-append #$sudo "/bin/sudo") "-u" "slapd" "-g" "slapd" (string-append #$ldapdir "/sbin/slapadd") "-F" (string-append #$homedir "/slapd.d") "-n" (number->string dbno) "-l" ldif)) '#+backups (range 0 (length `#+backups))))))
(define (slapd-shepherd-service config)
(list (shepherd-service
(documentation "")
(provision '(slapd))
(requirement '(networking user-processes))
(start #~(make-forkexec-constructor
(list (string-append #$(slapd-configuration-openldap config) "/libexec/slapd") "-d" "-1" "-F" "/var/lib/slapd/slapd.d" "-u" "slapd" "-g" "slapd")
#:environment-variables (list (string-append "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:" #$(slapd-configuration-openldap config) "/libexec/openldap"))
#:pidfile "/var/run/slapd/slapd.pid"
#:user "root"
#:group "root"))
(stop #~(make-kill-destructor)))))
(define slapd-service-type (define slapd-service-type
(service-type (name 'slapd) (service-type (name 'slapd)
(description "openldap slapd service") (description "openldap slapd service")
(extensions (list (service-extension account-service-type (extensions (list
slapd-accounts))) (service-extension account-service-type slapd-accounts)
(service-extension activation-service-type slapd-activation)
(service-extension shepherd-root-service-type slapd-shepherd-service)))
(default-value (slapd-configuration)))) (default-value (slapd-configuration))))
(operating-system (operating-system
(inherit %metznet-base-server-system) (inherit %metznet-base-server-system)
(host-name "ldap.metznet.ca") (host-name "ldap-guix.metznet.ca")
(packages %metznet-server-packages) (packages %metznet-server-packages)
(services (services
(append (list (service slapd-service-type)) %metznet-server-services))) (append (list
(service certbot-service-type
(certbot-configuration
(email "noah@metznet.ca")
(certificates
(list
(certificate-configuration
(domains '("ldap-guix.metznet.ca")))))))
(service slapd-service-type
(slapd-configuration
(backups (list (local-file "0.ldif") (local-file "1.ldif")))))) %metznet-server-services)))

@ -54,7 +54,6 @@
#:use-module (gnu packages suckless) #:use-module (gnu packages suckless)
#:use-module (gnu packages gnuzilla) #:use-module (gnu packages gnuzilla)
#:use-module (gnu packages terminals) #:use-module (gnu packages terminals)
#:use-module (gnu packages virtualization)
#:use-module (gnu packages version-control) #:use-module (gnu packages version-control)
#:export (%domain-realm) #:export (%domain-realm)
#:export (%domain-name) #:export (%domain-name)
@ -185,7 +184,8 @@
"ldap_search_base = ou=users,ou=accounts,dc=metznet,dc=ca" "ldap_search_base = ou=users,ou=accounts,dc=metznet,dc=ca"
(string-append "ldap_default_bind_dn = " (or (getenv "LDAP_BINDDN") "")) (string-append "ldap_default_bind_dn = " (or (getenv "LDAP_BINDDN") ""))
"ldap_default_authtok_type = password" "ldap_default_authtok_type = password"
(string-append "ldap_default_authtok = " (or (getenv "LDAP_BINDPW") ""))) "\n"))) (string-append "ldap_default_authtok = " (or (getenv "LDAP_BINDPW") ""))
"") "\n")))
(define metznet-service-type (define metznet-service-type
(service-type (service-type
@ -226,7 +226,7 @@
(provision '(sssd)) (provision '(sssd))
(requirement '(networking user-processes)) (requirement '(networking user-processes))
(start #~(make-forkexec-constructor (start #~(make-forkexec-constructor
(list (string-append #$(sssd-configuration-sssd config) "/sbin/sssd") "-i" "-d" "0x77f0") (list (string-append #$(sssd-configuration-sssd config) "/sbin/sssd") "-i")
#:user "root" #:user "root"
#:group "root" #:group "root"
#:environment-variables #:environment-variables