MetzNet
/
metznet-channel
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolved warnings

master
noah metz 2023-12-04 16:11:40 -07:00
parent 6860c0f312
commit d947bafcc4
3 changed files with 85 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gnu/services/slapd.scm
Unescape Escape View File

@ -42,8 +42,6 @@
(let ((homedir (slapd-configuration-home config))
(backups (slapd-configuration-backups config))
(ldapdir (slapd-configuration-openldap config)))
(with-imported-modules '((srfi srfi-19)
(ice-9 textual-ports))
#~(begin
(use-modules (srfi srfi-19)
(ice-9 textual-ports))
@ -119,7 +117,7 @@
488))
(with-exception-handler slapadd-seeds
check-slapadd-seed-date
#:unwind? #t)))))
#:unwind? #t))))
(define (slapd-shepherd-service config)
(list (shepherd-service (documentation "")

83
gnu/services/sssd.scm
Unescape Escape View File

@ -26,20 +26,16 @@
(if val "True" "False"))))
(define-configuration sssd-domain-configuration
(id_provider maybe-string "id provider")
(auth_provider maybe-string "auth provider")
(cache_credentials maybe-boolean "cache credentials")
(ldap_uri maybe-string "ldap server uri")
(ldap_tls_reqcert maybe-string "tls_reqcert")
(ldap_tls_cacertdir maybe-string
"ca certificate directory")
(ldap_search_base maybe-string "base dn for search")
(ldap_default_bind_dn maybe-string
"dn to bind for search")
(ldap_default_authtok_type maybe-string
"ldap auth token type")
(ldap_default_authtok maybe-string
"token to use for ldap bind"))
(id_provider maybe-string "id provider")
(auth_provider maybe-string "auth provider")
(cache_credentials maybe-boolean "cache credentials")
(ldap_uri maybe-string "ldap server uri")
(ldap_tls_reqcert maybe-string "tls_reqcert")
(ldap_tls_cacertdir maybe-string "ca certificate directory")
(ldap_search_base maybe-string "base dn for search")
(ldap_default_bind_dn maybe-string "dn to bind for search")
(ldap_default_authtok_type maybe-string "ldap auth token type")
(ldap_default_authtok maybe-string "token to use for ldap bind"))
(define (sssd-domain-configuration-with-name? val)
(if (pair? val)
@ -69,36 +65,39 @@
(string-join value ", "))))
(define-configuration sssd-configuration
(sssd (file-like sssd) "sssd package to use")
(pam-services (list-of-strings (list "su" "gdm-password"
"login" "sshd"
"passwd"))
"list of pam services to configure login for"
(lambda (a b)
""))
(services (list-of-strings (list "nss" "sudo" "pam"
"ssh" "ifp"))
"list of services")
(domains (list-of-sssd-domain-configurations '())
"sssd domains to configure"))
(sssd (file-like sssd) "sssd package to use")
(pam-services (list-of-strings (list "su" "gdm-password" "login" "sshd"
"passwd"))
"list of pam services to configure login for"
(lambda (a b)
""))
(services (list-of-strings (list "nss" "sudo" "pam" "ssh" "ifp"))
"list of services")
(domains (list-of-sssd-domain-configurations '())
"sssd domains to configure"))
(define (sssd-pam-service config)
(define sssd-pam-module
(file-append (sssd-configuration-sssd config) "/lib/security/pam_sss.so"))
(lambda (pam)
(if (member (pam-service-name pam)
(sssd-configuration-pam-services config))
(let ((sufficient (pam-entry (control "sufficient")
(module sssd-pam-module))))
(pam-service (inherit pam)
(auth (cons sufficient
(pam-service-auth pam)))
(account (cons sufficient
(pam-service-account pam)))
(password (cons sufficient
(pam-service-password pam)))
(session (cons sufficient
(pam-service-session pam))))) pam)))
(let ((sufficient (pam-entry (control "sufficient")
(module (file-append (sssd-configuration-sssd
config)
"/lib/security/pam_sss.so")))))
(pam-extension (transformer (lambda (pam)
(if (member (pam-service-name pam)
(sssd-configuration-pam-services
config))
(pam-service (inherit pam)
(auth (cons sufficient
(pam-service-auth
pam)))
(account (cons sufficient
(pam-service-account
pam)))
(password (cons sufficient
(pam-service-password
pam)))
(session (cons sufficient
(pam-service-session
pam)))) pam))))))
(define (sssd-pam-services config)
(list (sssd-pam-service config)))

73
metznet/system/base-system.scm
Unescape Escape View File

@ -79,9 +79,8 @@
(group "root")
(uid 0)
(password (let ((env-pw (getenv "GUIX_ROOT_PW")))
(if env-pw
(crypt env-pw "$6$salt")
"!")))
(if env-pw
(crypt env-pw "$6$salt") "!")))
(shell (file-append zsh "/bin/zsh")))) %base-user-accounts))
(define %metznet-base-groups
@ -182,14 +181,19 @@
"list of pam services to configure"))
(define (pam-mkhomedir-service configuration)
(lambda (pam)
(if (member (pam-service-name pam)
(metznet-system-configuration-pam-services configuration))
(let ((required (pam-entry (control "required")
(module "pam_mkhomedir.so"))))
(pam-service (inherit pam)
(session (cons required
(pam-service-account pam))))) pam)))
(pam-extension (transformer (lambda (pam)
(if (member (pam-service-name pam)
(metznet-system-configuration-pam-services
configuration))
(let ((required (pam-entry (control
"required")
(module
"pam_mkhomedir.so"))))
(pam-service (inherit pam)
(session (cons required
(pam-service-account
pam)))))
pam)))))
(define (pam-mkhomedir-services configuration)
(list (pam-mkhomedir-service configuration)))
@ -253,12 +257,14 @@
"LDAP_AUTHTOK")
%unset-value))))))))
(define pubkey-command
(program-file "pubkey-command"
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils) (ice-9 format) (ice-9 popen) (ice-9 textual-ports))
(use-modules (guix build utils)
(ice-9 format)
(ice-9 popen)
(ice-9 textual-ports))
(define* (shell-command-to-string
cmd)
(catch 'shell-command-error
@ -285,27 +291,34 @@
cmd str))))
(display (shell-command-to-string (string-join
(list #$(file-append
metznet-pubkey
"/bin/pubkey")
"ldaps://ldap.metznet.ca"
"uid=guix,ou=system,ou=accounts,dc=metznet,dc=ca"
#$(or (getenv "LDAP_AUTHTOK") "")
"dc=metznet,dc=ca"
(list-ref (command-line) 1))
" ")))))))
(list #$
(file-append
metznet-pubkey
"/bin/pubkey")
"ldaps://ldap.metznet.ca"
"uid=guix,ou=system,ou=accounts,dc=metznet,dc=ca"
#$
(or
(getenv
"LDAP_AUTHTOK")
"")
"dc=metznet,dc=ca"
(list-ref
(command-line)
1))
" ")))))))
(define %metznet-services
(list (service openssh-service-type
(openssh-configuration (password-authentication? #f)
(extra-content #~(string-join
(list
"AuthorizedKeysCommandUser root"
(string-append
"AuthorizedKeysCommand "
#$pubkey-command)
"KerberosAuthentication yes")
"\n"))))
(extra-content #~(string-join (list
"AuthorizedKeysCommandUser root"
(string-append
"AuthorizedKeysCommand "
#$pubkey-command)
"KerberosAuthentication yes")
"\n"))))
(service krb5-service-type %metznet-krb5-config)
(service pam-krb5-service-type
(pam-krb5-configuration (pam-krb5 pam-krb5)