MetzNet
/
metznet-channel
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolved warnings

master
noah metz 2023-12-04 16:11:40 -07:00
parent 6860c0f312
commit d947bafcc4
3 changed files with 85 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gnu/services/slapd.scm
Unescape Escape View File

@ -42,8 +42,6 @@
(let ((homedir (slapd-configuration-home config)) (let ((homedir (slapd-configuration-home config))
(backups (slapd-configuration-backups config)) (backups (slapd-configuration-backups config))
(ldapdir (slapd-configuration-openldap config))) (ldapdir (slapd-configuration-openldap config)))
(with-imported-modules '((srfi srfi-19)
(ice-9 textual-ports))
#~(begin #~(begin
(use-modules (srfi srfi-19) (use-modules (srfi srfi-19)
(ice-9 textual-ports)) (ice-9 textual-ports))
@ -119,7 +117,7 @@
488)) 488))
(with-exception-handler slapadd-seeds (with-exception-handler slapadd-seeds
check-slapadd-seed-date check-slapadd-seed-date
#:unwind? #t))))) #:unwind? #t))))
(define (slapd-shepherd-service config) (define (slapd-shepherd-service config)
(list (shepherd-service (documentation "") (list (shepherd-service (documentation "")

83
gnu/services/sssd.scm
Unescape Escape View File

@ -26,20 +26,16 @@
(if val "True" "False")))) (if val "True" "False"))))
(define-configuration sssd-domain-configuration (define-configuration sssd-domain-configuration
(id_provider maybe-string "id provider") (id_provider maybe-string "id provider")
(auth_provider maybe-string "auth provider") (auth_provider maybe-string "auth provider")
(cache_credentials maybe-boolean "cache credentials") (cache_credentials maybe-boolean "cache credentials")
(ldap_uri maybe-string "ldap server uri") (ldap_uri maybe-string "ldap server uri")
(ldap_tls_reqcert maybe-string "tls_reqcert") (ldap_tls_reqcert maybe-string "tls_reqcert")
(ldap_tls_cacertdir maybe-string (ldap_tls_cacertdir maybe-string "ca certificate directory")
"ca certificate directory") (ldap_search_base maybe-string "base dn for search")
(ldap_search_base maybe-string "base dn for search") (ldap_default_bind_dn maybe-string "dn to bind for search")
(ldap_default_bind_dn maybe-string (ldap_default_authtok_type maybe-string "ldap auth token type")
"dn to bind for search") (ldap_default_authtok maybe-string "token to use for ldap bind"))
(ldap_default_authtok_type maybe-string
"ldap auth token type")
(ldap_default_authtok maybe-string
"token to use for ldap bind"))
(define (sssd-domain-configuration-with-name? val) (define (sssd-domain-configuration-with-name? val)
(if (pair? val) (if (pair? val)
@ -69,36 +65,39 @@
(string-join value ", ")))) (string-join value ", "))))
(define-configuration sssd-configuration (define-configuration sssd-configuration
(sssd (file-like sssd) "sssd package to use") (sssd (file-like sssd) "sssd package to use")
(pam-services (list-of-strings (list "su" "gdm-password" (pam-services (list-of-strings (list "su" "gdm-password" "login" "sshd"
"login" "sshd" "passwd"))
"passwd")) "list of pam services to configure login for"
"list of pam services to configure login for" (lambda (a b)
(lambda (a b) ""))
"")) (services (list-of-strings (list "nss" "sudo" "pam" "ssh" "ifp"))
(services (list-of-strings (list "nss" "sudo" "pam" "list of services")
"ssh" "ifp")) (domains (list-of-sssd-domain-configurations '())
"list of services") "sssd domains to configure"))
(domains (list-of-sssd-domain-configurations '())
"sssd domains to configure"))
(define (sssd-pam-service config) (define (sssd-pam-service config)
(define sssd-pam-module (let ((sufficient (pam-entry (control "sufficient")
(file-append (sssd-configuration-sssd config) "/lib/security/pam_sss.so")) (module (file-append (sssd-configuration-sssd
(lambda (pam) config)
(if (member (pam-service-name pam) "/lib/security/pam_sss.so")))))
(sssd-configuration-pam-services config)) (pam-extension (transformer (lambda (pam)
(let ((sufficient (pam-entry (control "sufficient") (if (member (pam-service-name pam)
(module sssd-pam-module)))) (sssd-configuration-pam-services
(pam-service (inherit pam) config))
(auth (cons sufficient (pam-service (inherit pam)
(pam-service-auth pam))) (auth (cons sufficient
(account (cons sufficient (pam-service-auth
(pam-service-account pam))) pam)))
(password (cons sufficient (account (cons sufficient
(pam-service-password pam))) (pam-service-account
(session (cons sufficient pam)))
(pam-service-session pam))))) pam))) (password (cons sufficient
(pam-service-password
pam)))
(session (cons sufficient
(pam-service-session
pam)))) pam))))))
(define (sssd-pam-services config) (define (sssd-pam-services config)
(list (sssd-pam-service config))) (list (sssd-pam-service config)))

73
metznet/system/base-system.scm
Unescape Escape View File

@ -79,9 +79,8 @@
(group "root") (group "root")
(uid 0) (uid 0)
(password (let ((env-pw (getenv "GUIX_ROOT_PW"))) (password (let ((env-pw (getenv "GUIX_ROOT_PW")))
(if env-pw (if env-pw
(crypt env-pw "$6$salt") (crypt env-pw "$6$salt") "!")))
"!")))
(shell (file-append zsh "/bin/zsh")))) %base-user-accounts)) (shell (file-append zsh "/bin/zsh")))) %base-user-accounts))
(define %metznet-base-groups (define %metznet-base-groups
@ -182,14 +181,19 @@
"list of pam services to configure")) "list of pam services to configure"))
(define (pam-mkhomedir-service configuration) (define (pam-mkhomedir-service configuration)
(lambda (pam) (pam-extension (transformer (lambda (pam)
(if (member (pam-service-name pam) (if (member (pam-service-name pam)
(metznet-system-configuration-pam-services configuration)) (metznet-system-configuration-pam-services
(let ((required (pam-entry (control "required") configuration))
(module "pam_mkhomedir.so")))) (let ((required (pam-entry (control
(pam-service (inherit pam) "required")
(session (cons required (module
(pam-service-account pam))))) pam))) "pam_mkhomedir.so"))))
(pam-service (inherit pam)
(session (cons required
(pam-service-account
pam)))))
pam)))))
(define (pam-mkhomedir-services configuration) (define (pam-mkhomedir-services configuration)
(list (pam-mkhomedir-service configuration))) (list (pam-mkhomedir-service configuration)))
@ -253,12 +257,14 @@
"LDAP_AUTHTOK") "LDAP_AUTHTOK")
%unset-value)))))))) %unset-value))))))))
(define pubkey-command (define pubkey-command
(program-file "pubkey-command" (program-file "pubkey-command"
(with-imported-modules '((guix build utils)) (with-imported-modules '((guix build utils))
#~(begin #~(begin
(use-modules (guix build utils) (ice-9 format) (ice-9 popen) (ice-9 textual-ports)) (use-modules (guix build utils)
(ice-9 format)
(ice-9 popen)
(ice-9 textual-ports))
(define* (shell-command-to-string (define* (shell-command-to-string
cmd) cmd)
(catch 'shell-command-error (catch 'shell-command-error
@ -285,27 +291,34 @@
cmd str)))) cmd str))))
(display (shell-command-to-string (string-join (display (shell-command-to-string (string-join
(list #$(file-append (list #$
metznet-pubkey (file-append
"/bin/pubkey") metznet-pubkey
"ldaps://ldap.metznet.ca" "/bin/pubkey")
"uid=guix,ou=system,ou=accounts,dc=metznet,dc=ca" "ldaps://ldap.metznet.ca"
#$(or (getenv "LDAP_AUTHTOK") "") "uid=guix,ou=system,ou=accounts,dc=metznet,dc=ca"
"dc=metznet,dc=ca" #$
(list-ref (command-line) 1)) (or
" "))))))) (getenv
"LDAP_AUTHTOK")
"")
"dc=metznet,dc=ca"
(list-ref
(command-line)
1))
" ")))))))
(define %metznet-services (define %metznet-services
(list (service openssh-service-type (list (service openssh-service-type
(openssh-configuration (password-authentication? #f) (openssh-configuration (password-authentication? #f)
(extra-content #~(string-join (extra-content #~(string-join (list
(list "AuthorizedKeysCommandUser root"
"AuthorizedKeysCommandUser root" (string-append
(string-append "AuthorizedKeysCommand "
"AuthorizedKeysCommand " #$pubkey-command)
#$pubkey-command) "KerberosAuthentication yes")
"KerberosAuthentication yes") "\n"))))
"\n"))))
(service krb5-service-type %metznet-krb5-config) (service krb5-service-type %metznet-krb5-config)
(service pam-krb5-service-type (service pam-krb5-service-type
(pam-krb5-configuration (pam-krb5 pam-krb5) (pam-krb5-configuration (pam-krb5 pam-krb5)