From 77a3f34addaeb444e3e2b143570cf25eb9339494 Mon Sep 17 00:00:00 2001 From: Noah Metz Date: Mon, 27 Nov 2023 11:26:54 -0700 Subject: [PATCH] Configured PAM correctly to login desktop users --- Makefile | 4 +- system/base-system.scm | 84 ++++++++++++++++++++++-------------------- 2 files changed, 46 insertions(+), 42 deletions(-) diff --git a/Makefile b/Makefile index 44bfc11..15ba7f4 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NONGUIX_DIR ?= ~/Code/nonguix -GUIX_IMAGE_CMD ?= guix system image --image-type=qcow2 -L ./ -L $(NONGUIX_DIR) +GUIX_IMAGE_CMD ?= guix system image --substitute-urls='https://bordeaux.guix.gnu.org' --image-type=qcow2 -L ./ -L $(NONGUIX_DIR) LIBVIRT_GROUP ?= libvirt machines/%.qcow2: machines/%.scm @@ -11,5 +11,5 @@ VM_CPU ?= 4 .PHONY: machines/% machines/%: machines/%.qcow2 - $(eval OVMF := $(shell guix build ovmf)) + $(eval OVMF := $(shell guix build --substitute-urls='https://bordeaux.guix.gnu.org' ovmf)) qemu-system-x86_64 -nic bridge,br=virbr0 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin diff --git a/system/base-system.scm b/system/base-system.scm index f540945..3ac65ff 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -96,7 +96,7 @@ (name "usb"))) %base-groups)) -(define %metznet-base-packages (append (list binutils openssh nss-pam-ldapd strace openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages)) +(define %metznet-base-packages (append (list openssh nss-pam-ldapd openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages)) (define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages)) @@ -180,10 +180,12 @@ (list (service-extension pam-root-service-type metznet-pam-services))) (default-value '()))) +(define pam-service-list (list "su" "gdm-password" "login" "sshd" "passwd")) + (define %metznet-nslcd-config (nslcd-configuration (base "dc=metznet,dc=ca") (log '("/var/log/nslcd" debug)) - (pam-services (list "su" "login" "sshd" "passwd")) + (pam-services pam-service-list) (filters (list '(group "(objectClass=posixGroupAux)"))) (binddn (or (getenv "LDAP_BINDDN") "")) (bindpw (or (getenv "LDAP_BINDPW") "")) @@ -197,7 +199,7 @@ (service krb5-service-type %metznet-krb5-config) (service pam-krb5-service-type (pam-krb5-configuration (pam-krb5 pam-krb5) (minimum-uid 1000))) (service nslcd-service-type %metznet-nslcd-config) - (service metznet-service-type (list "su" "login" "sshd" "passwd")))) + (service metznet-service-type pam-service-list))) (define %metznet-nscd-configuration (nscd-configuration (caches (append (list @@ -215,44 +217,46 @@ %nscd-default-caches)))) (define %metznet-desktop-services - (append %metznet-services - (modify-services %desktop-services - (nscd-service-type config => %metznet-nscd-configuration) - (guix-service-type config => (guix-configuration - (inherit config) - (substitute-urls - (append (list "https://substitutes.nonguix.org") - %default-substitute-urls)) - (authorized-keys - (append (list (plain-file "nonguix.pub" - "(public-key - (ecc - (curve Ed25519) - (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) - %default-authorized-guix-keys)))) - (elogind-service-type config => - (elogind-configuration (inherit config) - (handle-lid-switch-external-power 'suspend))) - (udev-service-type config => - (udev-configuration (inherit config) - (rules (append (list %tun-udev-rule - %backlight-udev-rule) - (udev-configuration-rules config))))) - (network-manager-service-type config => - (network-manager-configuration (inherit config) - (vpn-plugins (list network-manager-openvpn))))))) + (append + %metznet-services + (modify-services %desktop-services + (nscd-service-type config => %metznet-nscd-configuration) + (elogind-service-type config => + (elogind-configuration (inherit config) + (handle-lid-switch-external-power 'suspend))) + (guix-service-type config => (guix-configuration + (inherit config) + (substitute-urls + (append (list "https://substitutes.nonguix.org") + %default-substitute-urls)) + (authorized-keys + (append (list (plain-file "nonguix.pub" + "(public-key + (ecc + (curve Ed25519) + (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) + %default-authorized-guix-keys)))) + (udev-service-type config => + (udev-configuration (inherit config) + (rules (append (list %tun-udev-rule + %backlight-udev-rule) + (udev-configuration-rules config))))) + (network-manager-service-type config => + (network-manager-configuration (inherit config) + (vpn-plugins (list network-manager-openvpn))))))) -(define %metznet-server-services (append (append %metznet-services - (list - (service dhcp-client-service-type) - (openvpn-client-service - #:config (openvpn-client-configuration - (openvpn openvpn) - (pid-file "/var/run/openvpn/client.pid") - (persist-key? #f) - (tls-auth "/etc/openvpn/ta.key")))) - (modify-services %base-services - (nscd-service-type config => %metznet-nscd-configuration))))) +(define %metznet-server-services + (append %metznet-services + (list + (service dhcp-client-service-type) + (openvpn-client-service + #:config (openvpn-client-configuration + (openvpn openvpn) + (pid-file "/var/run/openvpn/client.pid") + (persist-key? #f) + (tls-auth "/etc/openvpn/ta.key")))) + (modify-services %base-services + (nscd-service-type config => %metznet-nscd-configuration)))) (define %metznet-base-operating-system (operating-system