|
|
@ -1,6 +1,8 @@
|
|
|
|
(define-module (metznet system base-system)
|
|
|
|
(define-module (metznet system base-system)
|
|
|
|
#:use-module (guix gexp)
|
|
|
|
#:use-module (guix gexp)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#:use-module (metznet golang)
|
|
|
|
|
|
|
|
|
|
|
|
#:use-module (gnu bootloader)
|
|
|
|
#:use-module (gnu bootloader)
|
|
|
|
#:use-module (gnu bootloader grub)
|
|
|
|
#:use-module (gnu bootloader grub)
|
|
|
|
#:use-module (gnu system accounts)
|
|
|
|
#:use-module (gnu system accounts)
|
|
|
@ -251,11 +253,59 @@
|
|
|
|
"LDAP_AUTHTOK")
|
|
|
|
"LDAP_AUTHTOK")
|
|
|
|
%unset-value))))))))
|
|
|
|
%unset-value))))))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(define pubkey-command
|
|
|
|
|
|
|
|
(program-file "pubkey-command"
|
|
|
|
|
|
|
|
(with-imported-modules '((guix build utils))
|
|
|
|
|
|
|
|
#~(begin
|
|
|
|
|
|
|
|
(use-modules (guix build utils) (ice-9 format) (ice-9 popen) (ice-9 textual-ports))
|
|
|
|
|
|
|
|
(define* (shell-command-to-string
|
|
|
|
|
|
|
|
cmd)
|
|
|
|
|
|
|
|
(catch 'shell-command-error
|
|
|
|
|
|
|
|
(lambda ()
|
|
|
|
|
|
|
|
(let* ((port (open-pipe
|
|
|
|
|
|
|
|
cmd
|
|
|
|
|
|
|
|
OPEN_READ))
|
|
|
|
|
|
|
|
(str (get-string-all
|
|
|
|
|
|
|
|
port))
|
|
|
|
|
|
|
|
(wtpd (close-pipe
|
|
|
|
|
|
|
|
port))
|
|
|
|
|
|
|
|
(xval (status:exit-val
|
|
|
|
|
|
|
|
wtpd)))
|
|
|
|
|
|
|
|
(if (or (eqv? xval #f)
|
|
|
|
|
|
|
|
(> xval 0))
|
|
|
|
|
|
|
|
(throw 'shell-command-error
|
|
|
|
|
|
|
|
cmd str))
|
|
|
|
|
|
|
|
str))
|
|
|
|
|
|
|
|
(lambda (key cmd str)
|
|
|
|
|
|
|
|
(simple-format #t
|
|
|
|
|
|
|
|
"ERROR: in command ~a\nstring: ~a\n"
|
|
|
|
|
|
|
|
cmd str)
|
|
|
|
|
|
|
|
(throw 'error-in-shell-command-to-string
|
|
|
|
|
|
|
|
cmd str))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(display (shell-command-to-string (string-join
|
|
|
|
|
|
|
|
(list #$(file-append
|
|
|
|
|
|
|
|
metznet-pubkey
|
|
|
|
|
|
|
|
"/bin/pubkey")
|
|
|
|
|
|
|
|
"ldaps://ldap.metznet.ca"
|
|
|
|
|
|
|
|
"uid=guix,ou=system,ou=accounts,dc=metznet,dc=ca"
|
|
|
|
|
|
|
|
#$(or (getenv "LDAP_AUTHTOK") "")
|
|
|
|
|
|
|
|
"dc=metznet,dc=ca"
|
|
|
|
|
|
|
|
(list-ref (command-line) 1))
|
|
|
|
|
|
|
|
" ")))))))
|
|
|
|
|
|
|
|
|
|
|
|
(define %metznet-services
|
|
|
|
(define %metznet-services
|
|
|
|
(list (service openssh-service-type
|
|
|
|
(list (service openssh-service-type
|
|
|
|
(openssh-configuration (password-authentication? #f)
|
|
|
|
(openssh-configuration (password-authentication? #f)
|
|
|
|
(extra-content
|
|
|
|
(extra-content #~(string-join
|
|
|
|
"KerberosAuthentication yes")))
|
|
|
|
(list
|
|
|
|
|
|
|
|
"AuthorizedKeysCommandUser root"
|
|
|
|
|
|
|
|
(string-append
|
|
|
|
|
|
|
|
"AuthorizedKeysCommand "
|
|
|
|
|
|
|
|
#$pubkey-command)
|
|
|
|
|
|
|
|
"KerberosAuthentication yes")
|
|
|
|
|
|
|
|
"\n"))))
|
|
|
|
(service krb5-service-type %metznet-krb5-config)
|
|
|
|
(service krb5-service-type %metznet-krb5-config)
|
|
|
|
(service pam-krb5-service-type
|
|
|
|
(service pam-krb5-service-type
|
|
|
|
(pam-krb5-configuration (pam-krb5 pam-krb5)
|
|
|
|
(pam-krb5-configuration (pam-krb5 pam-krb5)
|
|
|
|