Added Makefile, removed krb5 pam auth. Need to create user directory on login(pam_mkhomedir) and provide the shell binaries at the right path(/bin/zsh in most cases).

master
noah metz 2023-11-22 12:26:17 -07:00
parent 98a93735b3
commit 9aa657073d
2 changed files with 26 additions and 14 deletions

@ -0,0 +1,15 @@
NONGUIX_DIR ?= ~/Code/nonguix
GUIX_IMAGE_CMD ?= guix system image --image-type=qcow2 -L ./ -L $(NONGUIX_DIR)
LIBVIRT_GROUP ?= libvirt
machines/%.qcow2: machines/%.scm
$(eval RO := $(shell $(GUIX_IMAGE_CMD) $<))
install -C -m 666 -o $(USER) -g $(LIBVIRT_GROUP) $(RO) $@
VM_RAM ?= 4000
VM_CPU ?= 4
.PHONY: machines/%
machines/%: machines/%.qcow2
$(eval OVMF := $(shell guix build ovmf))
qemu-system-x86_64 -enable-kvm -hda $< -m $(VM_RAM) -smp $(VM_CPU) -bios $(OVMF)/share/firmware/ovmf_x64.bin

@ -3,6 +3,7 @@
#:use-module (gnu) #:use-module (gnu)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (nongnu packages linux) #:use-module (nongnu packages linux)
#:use-module (gnu packages linux)
#:use-module (gnu packages vim) #:use-module (gnu packages vim)
#:use-module (gnu system nss) #:use-module (gnu system nss)
#:use-module (gnu packages certs) #:use-module (gnu packages certs)
@ -14,6 +15,7 @@
#:use-module (gnu packages networking) #:use-module (gnu packages networking)
#:use-module (gnu services ssh) #:use-module (gnu services ssh)
#:use-module (gnu packages dns) #:use-module (gnu packages dns)
#:use-module (gnu packages base)
#:use-module (gnu packages openldap) #:use-module (gnu packages openldap)
#:use-module (gnu services kerberos) #:use-module (gnu services kerberos)
#:use-module (gnu packages kerberos) #:use-module (gnu packages kerberos)
@ -31,7 +33,6 @@
#:use-module (nongnu system linux-initrd) #:use-module (nongnu system linux-initrd)
#:use-module (gnu system setuid) #:use-module (gnu system setuid)
#:use-module (ice-9 exceptions) #:use-module (ice-9 exceptions)
#:export (get-env-default)
#:export (%domain-realm) #:export (%domain-realm)
#:export (%domain-name) #:export (%domain-name)
#:export (%domain-kadmin) #:export (%domain-kadmin)
@ -77,7 +78,7 @@
(name "usb"))) (name "usb")))
%base-groups)) %base-groups))
(define %metznet-base-packages (append (list nss-pam-ldapd openldap git neovim zsh nss-certs mit-krb5 openvpn openresolv) %base-packages)) (define %metznet-base-packages (append (list glibc openldap git neovim zsh le-certs nss-certs mit-krb5 openvpn openresolv) %base-packages))
(define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages)) (define %metznet-desktop-packages (append (list i3-wm i3status dmenu kitty icecat) %metznet-base-packages))
@ -99,10 +100,6 @@
(admin-server %domain-kadmin) (admin-server %domain-kadmin)
(kdc %domain-kdc)))))) (kdc %domain-kdc))))))
(define pam-krb5-config (pam-krb5-configuration
(pam-krb5 pam-krb5)
(minimum-uid 1000)))
(define %default-keyboard-layout (keyboard-layout "us")) (define %default-keyboard-layout (keyboard-layout "us"))
(define %kvm-udev-rule (define %kvm-udev-rule
@ -134,17 +131,18 @@
(shadow services) (shadow services)
(group services)))) (group services))))
; 1) need to create user directory on login
; 2) need to have /bin/zsh available to use as shell
(define %metznet-desktop-services (define %metznet-desktop-services
(append (list (service openssh-service-type) (append (list (service openssh-service-type)
(service krb5-service-type %metznet-krb5-config) (service krb5-service-type %metznet-krb5-config)
(service pam-krb5-service-type pam-krb5-config)
(service nslcd-service-type (nslcd-configuration (base "dc=metznet,dc=ca") (service nslcd-service-type (nslcd-configuration (base "dc=metznet,dc=ca")
(nss-pam-ldapd nss-pam-ldapd) (log '("/var/log/nslcd" debug))
(uri (list "ldaps://ldap.metznet.ca/")))) (pam-services (list "su" "login" "password" "ssh" "passwd"))
;(set-xorg-configuration (binddn (or (getenv "LDAP_BINDDN") ""))
; (xorg-configuration (bindpw (or (getenv "LDAP_BINDPW") ""))
; (keyboard-layout %default-keyboard-layout))) (uri (list "ldap://ldap.metznet.ca")))))
)
(modify-services %desktop-services (modify-services %desktop-services
(guix-service-type config => (guix-configuration (guix-service-type config => (guix-configuration
(inherit config) (inherit config)
@ -173,7 +171,6 @@
(define %metznet-server-services (append (list (define %metznet-server-services (append (list
(service openssh-service-type) (service openssh-service-type)
(service krb5-service-type %metznet-krb5-config) (service krb5-service-type %metznet-krb5-config)
(service pam-krb5-service-type pam-krb5-config)
(service dhcp-client-service-type) (service dhcp-client-service-type)
(openvpn-client-service (openvpn-client-service
#:config (openvpn-client-configuration #:config (openvpn-client-configuration