Configured PAM correctly to login desktop users

master
noah metz 2023-11-27 11:26:54 -07:00
parent 59e7e380ad
commit 77a3f34add
2 changed files with 46 additions and 42 deletions

@ -1,5 +1,5 @@
NONGUIX_DIR ?= ~/Code/nonguix NONGUIX_DIR ?= ~/Code/nonguix
GUIX_IMAGE_CMD ?= guix system image --image-type=qcow2 -L ./ -L $(NONGUIX_DIR) GUIX_IMAGE_CMD ?= guix system image --substitute-urls='https://bordeaux.guix.gnu.org' --image-type=qcow2 -L ./ -L $(NONGUIX_DIR)
LIBVIRT_GROUP ?= libvirt LIBVIRT_GROUP ?= libvirt
machines/%.qcow2: machines/%.scm machines/%.qcow2: machines/%.scm
@ -11,5 +11,5 @@ VM_CPU ?= 4
.PHONY: machines/% .PHONY: machines/%
machines/%: machines/%.qcow2 machines/%: machines/%.qcow2
$(eval OVMF := $(shell guix build ovmf)) $(eval OVMF := $(shell guix build --substitute-urls='https://bordeaux.guix.gnu.org' ovmf))
qemu-system-x86_64 -nic bridge,br=virbr0 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin qemu-system-x86_64 -nic bridge,br=virbr0 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin

@ -96,7 +96,7 @@
(name "usb"))) (name "usb")))
%base-groups)) %base-groups))
(define %metznet-base-packages (append (list binutils openssh nss-pam-ldapd strace openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages)) (define %metznet-base-packages (append (list openssh nss-pam-ldapd openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages)) (define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))
@ -180,10 +180,12 @@
(list (service-extension pam-root-service-type metznet-pam-services))) (list (service-extension pam-root-service-type metznet-pam-services)))
(default-value '()))) (default-value '())))
(define pam-service-list (list "su" "gdm-password" "login" "sshd" "passwd"))
(define %metznet-nslcd-config (nslcd-configuration (define %metznet-nslcd-config (nslcd-configuration
(base "dc=metznet,dc=ca") (base "dc=metznet,dc=ca")
(log '("/var/log/nslcd" debug)) (log '("/var/log/nslcd" debug))
(pam-services (list "su" "login" "sshd" "passwd")) (pam-services pam-service-list)
(filters (list '(group "(objectClass=posixGroupAux)"))) (filters (list '(group "(objectClass=posixGroupAux)")))
(binddn (or (getenv "LDAP_BINDDN") "")) (binddn (or (getenv "LDAP_BINDDN") ""))
(bindpw (or (getenv "LDAP_BINDPW") "")) (bindpw (or (getenv "LDAP_BINDPW") ""))
@ -197,7 +199,7 @@
(service krb5-service-type %metznet-krb5-config) (service krb5-service-type %metznet-krb5-config)
(service pam-krb5-service-type (pam-krb5-configuration (pam-krb5 pam-krb5) (minimum-uid 1000))) (service pam-krb5-service-type (pam-krb5-configuration (pam-krb5 pam-krb5) (minimum-uid 1000)))
(service nslcd-service-type %metznet-nslcd-config) (service nslcd-service-type %metznet-nslcd-config)
(service metznet-service-type (list "su" "login" "sshd" "passwd")))) (service metznet-service-type pam-service-list)))
(define %metznet-nscd-configuration (nscd-configuration (define %metznet-nscd-configuration (nscd-configuration
(caches (append (list (caches (append (list
@ -215,44 +217,46 @@
%nscd-default-caches)))) %nscd-default-caches))))
(define %metznet-desktop-services (define %metznet-desktop-services
(append %metznet-services (append
(modify-services %desktop-services %metznet-services
(nscd-service-type config => %metznet-nscd-configuration) (modify-services %desktop-services
(guix-service-type config => (guix-configuration (nscd-service-type config => %metznet-nscd-configuration)
(inherit config) (elogind-service-type config =>
(substitute-urls (elogind-configuration (inherit config)
(append (list "https://substitutes.nonguix.org") (handle-lid-switch-external-power 'suspend)))
%default-substitute-urls)) (guix-service-type config => (guix-configuration
(authorized-keys (inherit config)
(append (list (plain-file "nonguix.pub" (substitute-urls
"(public-key (append (list "https://substitutes.nonguix.org")
(ecc %default-substitute-urls))
(curve Ed25519) (authorized-keys
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))")) (append (list (plain-file "nonguix.pub"
%default-authorized-guix-keys)))) "(public-key
(elogind-service-type config => (ecc
(elogind-configuration (inherit config) (curve Ed25519)
(handle-lid-switch-external-power 'suspend))) (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
(udev-service-type config => %default-authorized-guix-keys))))
(udev-configuration (inherit config) (udev-service-type config =>
(rules (append (list %tun-udev-rule (udev-configuration (inherit config)
%backlight-udev-rule) (rules (append (list %tun-udev-rule
(udev-configuration-rules config))))) %backlight-udev-rule)
(network-manager-service-type config => (udev-configuration-rules config)))))
(network-manager-configuration (inherit config) (network-manager-service-type config =>
(vpn-plugins (list network-manager-openvpn))))))) (network-manager-configuration (inherit config)
(vpn-plugins (list network-manager-openvpn)))))))
(define %metznet-server-services (append (append %metznet-services (define %metznet-server-services
(list (append %metznet-services
(service dhcp-client-service-type) (list
(openvpn-client-service (service dhcp-client-service-type)
#:config (openvpn-client-configuration (openvpn-client-service
(openvpn openvpn) #:config (openvpn-client-configuration
(pid-file "/var/run/openvpn/client.pid") (openvpn openvpn)
(persist-key? #f) (pid-file "/var/run/openvpn/client.pid")
(tls-auth "/etc/openvpn/ta.key")))) (persist-key? #f)
(modify-services %base-services (tls-auth "/etc/openvpn/ta.key"))))
(nscd-service-type config => %metznet-nscd-configuration))))) (modify-services %base-services
(nscd-service-type config => %metznet-nscd-configuration))))
(define %metznet-base-operating-system (define %metznet-base-operating-system
(operating-system (operating-system