Added metznet/aws.scm, and made ta key come from local file by default
parent
ccc6c43d7a
commit
da404b26a6
@ -0,0 +1,91 @@
|
|||||||
|
(define-module (metznet aws)
|
||||||
|
|
||||||
|
#:use-module (gnu services)
|
||||||
|
#:use-module (guix gexp)
|
||||||
|
#:use-module (guix modules)
|
||||||
|
#:use-module (gnu services shepherd)
|
||||||
|
#:use-module (gnu packages certs)
|
||||||
|
#:use-module (guix build download)
|
||||||
|
|
||||||
|
#:export (aws-service-type))
|
||||||
|
|
||||||
|
(define guile-json
|
||||||
|
(module-ref (resolve-interface '(gnu packages guile))
|
||||||
|
'guile-json-4))
|
||||||
|
|
||||||
|
(define guile-zlib
|
||||||
|
(module-ref (resolve-interface '(gnu packages guile))
|
||||||
|
'guile-zlib))
|
||||||
|
|
||||||
|
(define gnutls
|
||||||
|
(module-ref (resolve-interface '(gnu packages tls))
|
||||||
|
'gnutls))
|
||||||
|
|
||||||
|
(define aws-pubkey-prog
|
||||||
|
(program-file "aws-pubkey"
|
||||||
|
(with-imported-modules (source-module-closure '((ice-9 receive)
|
||||||
|
(guix build
|
||||||
|
utils)
|
||||||
|
(guix build
|
||||||
|
download)
|
||||||
|
(web uri)
|
||||||
|
(ice-9
|
||||||
|
binary-ports)
|
||||||
|
(web client)))
|
||||||
|
|
||||||
|
(with-extensions (list guile-json
|
||||||
|
gnutls
|
||||||
|
guile-zlib)
|
||||||
|
#~(begin
|
||||||
|
(use-modules (ice-9
|
||||||
|
receive)
|
||||||
|
(guix
|
||||||
|
build
|
||||||
|
download)
|
||||||
|
(web
|
||||||
|
uri)
|
||||||
|
(web
|
||||||
|
client)
|
||||||
|
(ice-9
|
||||||
|
binary-ports))
|
||||||
|
(call-with-output-file "/etc/ssh/authorized_keys.d/aws"
|
||||||
|
(lambda (port)
|
||||||
|
(begin
|
||||||
|
(format (current-error-port)
|
||||||
|
"opened-file\n")
|
||||||
|
(put-bytevector
|
||||||
|
port
|
||||||
|
(receive (header
|
||||||
|
body)
|
||||||
|
(let ((uri
|
||||||
|
"http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key"))
|
||||||
|
(http-get
|
||||||
|
uri
|
||||||
|
#:port (open-connection-for-uri
|
||||||
|
(string->uri
|
||||||
|
uri)
|
||||||
|
#:timeout
|
||||||
|
5)
|
||||||
|
#:decode-body?
|
||||||
|
#f))
|
||||||
|
body))))))))))
|
||||||
|
|
||||||
|
;; this should really be an extension of the openssh service
|
||||||
|
(define (aws-pubkey-service config)
|
||||||
|
(list (shepherd-service (documentation "")
|
||||||
|
(provision '(aws-pubkey))
|
||||||
|
(requirement '(networking user-processes))
|
||||||
|
(one-shot? #t)
|
||||||
|
(respawn? #t)
|
||||||
|
(start #~(make-forkexec-constructor (list #$aws-pubkey-prog))))))
|
||||||
|
|
||||||
|
(define-public aws-service-type
|
||||||
|
(service-type (name 'aws)
|
||||||
|
(description "AWS public key service")
|
||||||
|
(extensions (list (service-extension profile-service-type
|
||||||
|
(lambda (val)
|
||||||
|
val))
|
||||||
|
(service-extension
|
||||||
|
shepherd-root-service-type
|
||||||
|
aws-pubkey-service)))
|
||||||
|
(default-value (list le-certs nss-certs))))
|
Loading…
Reference in New Issue