MetzNet
/
metznet-channel
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Configured PAM correctly to login desktop users

master
noah metz 2023-11-27 11:26:54 -07:00
parent 59e7e380ad
commit 77a3f34add
2 changed files with 46 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
Unescape Escape View File

@ -1,5 +1,5 @@
NONGUIX_DIR ?= ~/Code/nonguix
GUIX_IMAGE_CMD ?= guix system image --image-type=qcow2 -L ./ -L $(NONGUIX_DIR)
GUIX_IMAGE_CMD ?= guix system image --substitute-urls='https://bordeaux.guix.gnu.org' --image-type=qcow2 -L ./ -L $(NONGUIX_DIR)
LIBVIRT_GROUP ?= libvirt
machines/%.qcow2: machines/%.scm
@ -11,5 +11,5 @@ VM_CPU ?= 4
.PHONY: machines/%
machines/%: machines/%.qcow2
$(eval OVMF := $(shell guix build ovmf))
$(eval OVMF := $(shell guix build --substitute-urls='https://bordeaux.guix.gnu.org' ovmf))
qemu-system-x86_64 -nic bridge,br=virbr0 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin

84
system/base-system.scm
Unescape Escape View File

@ -96,7 +96,7 @@
(name "usb")))
%base-groups))
(define %metznet-base-packages (append (list binutils openssh nss-pam-ldapd strace openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define %metznet-base-packages (append (list openssh nss-pam-ldapd openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))
@ -180,10 +180,12 @@
(list (service-extension pam-root-service-type metznet-pam-services)))
(default-value '())))
(define pam-service-list (list "su" "gdm-password" "login" "sshd" "passwd"))
(define %metznet-nslcd-config (nslcd-configuration
(base "dc=metznet,dc=ca")
(log '("/var/log/nslcd" debug))
(pam-services (list "su" "login" "sshd" "passwd"))
(pam-services pam-service-list)
(filters (list '(group "(objectClass=posixGroupAux)")))
(binddn (or (getenv "LDAP_BINDDN") ""))
(bindpw (or (getenv "LDAP_BINDPW") ""))
@ -197,7 +199,7 @@
(service krb5-service-type %metznet-krb5-config)
(service pam-krb5-service-type (pam-krb5-configuration (pam-krb5 pam-krb5) (minimum-uid 1000)))
(service nslcd-service-type %metznet-nslcd-config)
(service metznet-service-type (list "su" "login" "sshd" "passwd"))))
(service metznet-service-type pam-service-list)))
(define %metznet-nscd-configuration (nscd-configuration
(caches (append (list
@ -215,44 +217,46 @@
%nscd-default-caches))))
(define %metznet-desktop-services
(append %metznet-services
(modify-services %desktop-services
(nscd-service-type config => %metznet-nscd-configuration)
(guix-service-type config => (guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append (list (plain-file "nonguix.pub"
"(public-key
(ecc
(curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
%default-authorized-guix-keys))))
(elogind-service-type config =>
(elogind-configuration (inherit config)
(handle-lid-switch-external-power 'suspend)))
(udev-service-type config =>
(udev-configuration (inherit config)
(rules (append (list %tun-udev-rule
%backlight-udev-rule)
(udev-configuration-rules config)))))
(network-manager-service-type config =>
(network-manager-configuration (inherit config)
(vpn-plugins (list network-manager-openvpn)))))))
(append
%metznet-services
(modify-services %desktop-services
(nscd-service-type config => %metznet-nscd-configuration)
(elogind-service-type config =>
(elogind-configuration (inherit config)
(handle-lid-switch-external-power 'suspend)))
(guix-service-type config => (guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append (list (plain-file "nonguix.pub"
"(public-key
(ecc
(curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
%default-authorized-guix-keys))))
(udev-service-type config =>
(udev-configuration (inherit config)
(rules (append (list %tun-udev-rule
%backlight-udev-rule)
(udev-configuration-rules config)))))
(network-manager-service-type config =>
(network-manager-configuration (inherit config)
(vpn-plugins (list network-manager-openvpn)))))))
(define %metznet-server-services (append (append %metznet-services
(list
(service dhcp-client-service-type)
(openvpn-client-service
#:config (openvpn-client-configuration
(openvpn openvpn)
(pid-file "/var/run/openvpn/client.pid")
(persist-key? #f)
(tls-auth "/etc/openvpn/ta.key"))))
(modify-services %base-services
(nscd-service-type config => %metznet-nscd-configuration)))))
(define %metznet-server-services
(append %metznet-services
(list
(service dhcp-client-service-type)
(openvpn-client-service
#:config (openvpn-client-configuration
(openvpn openvpn)
(pid-file "/var/run/openvpn/client.pid")
(persist-key? #f)
(tls-auth "/etc/openvpn/ta.key"))))
(modify-services %base-services
(nscd-service-type config => %metznet-nscd-configuration))))
(define %metznet-base-operating-system
(operating-system