From f894e7a16a49287b5943269e2d5e45a12cf6db5e Mon Sep 17 00:00:00 2001 From: Noah Metz Date: Sat, 17 Sep 2022 19:58:39 -0600 Subject: [PATCH] Removed others to focues on otto and updated otto --- system/clients/otto.scm | 68 ++++---- system/clients/patrache.scm | 67 -------- system/files/ldap/nmetz.ldif | 23 --- system/servers/base.scm | 5 - system/servers/hypervisor.scm | 12 -- system/servers/kadmin.scm | 126 --------------- system/servers/ldap.scm | 290 ---------------------------------- 7 files changed, 34 insertions(+), 557 deletions(-) delete mode 100644 system/clients/patrache.scm delete mode 100644 system/files/ldap/nmetz.ldif delete mode 100644 system/servers/base.scm delete mode 100644 system/servers/hypervisor.scm delete mode 100644 system/servers/kadmin.scm delete mode 100644 system/servers/ldap.scm diff --git a/system/clients/otto.scm b/system/clients/otto.scm index bad0f00..f2313f4 100644 --- a/system/clients/otto.scm +++ b/system/clients/otto.scm @@ -1,37 +1,37 @@ -(use-modules - (gnu) - (system base-system) - (gnu packages tex) - (nongnu packages mozilla) - (nongnu packages nvidia) - (gnu packages networking) - (gnu packages shells) - (gnu packages pulseaudio) - (gnu packages virtualization) - (gnu packages spice) - (gnu packages vulkan) - (gnu packages pdf) - (gnu packages commencement) - (gnu packages base) - (gnu packages embedded) - (gnu packages linux) - (gnu packages docker) - (gnu services docker) - (gnu packages audio) - (gnu services cups) - (gnu services virtualization) - (gnu services networking) - (gnu services xorg) - (gnu services desktop) - (gnu services dbus) - (gnu services linux) - (gnu packages cups) - (gnu packages python) - (gnu packages xorg) - (gnu packages scanner) - (gnu packages dns) - (gnu services shepherd) - (gnu services base)) +(define-module (system clients otto) + #:use-module (gnu) + #:use-module (system base-system) + #:use-module (gnu packages tex) + #:use-module (nongnu packages mozilla) + #:use-module (nongnu packages nvidia) + #:use-module (gnu packages networking) + #:use-module (gnu packages shells) + #:use-module (gnu packages pulseaudio) + #:use-module (gnu packages virtualization) + #:use-module (gnu packages spice) + #:use-module (gnu packages vulkan) + #:use-module (gnu packages pdf) + #:use-module (gnu packages commencement) + #:use-module (gnu packages base) + #:use-module (gnu packages embedded) + #:use-module (gnu packages linux) + #:use-module (gnu packages docker) + #:use-module (gnu services docker) + #:use-module (gnu packages audio) + #:use-module (gnu services cups) + #:use-module (gnu services virtualization) + #:use-module (gnu services networking) + #:use-module (gnu services xorg) + #:use-module (gnu services desktop) + #:use-module (gnu services dbus) + #:use-module (gnu services linux) + #:use-module (gnu packages cups) + #:use-module (gnu packages python) + #:use-module (gnu packages xorg) + #:use-module (gnu packages scanner) + #:use-module (gnu packages dns) + #:use-module (gnu services shepherd) + #:use-module (gnu services base)) ; (define (nvidia-insmod-shepherd-service config) ; (list (shepherd-service diff --git a/system/clients/patrache.scm b/system/clients/patrache.scm deleted file mode 100644 index 291a105..0000000 --- a/system/clients/patrache.scm +++ /dev/null @@ -1,67 +0,0 @@ -(use-modules - (gnu) - (system base-system) - (gnu packages tex) - (nongnu packages mozilla) - (gnu packages networking) - (gnu packages shells) - (gnu packages pulseaudio) - (gnu packages virtualization) - (gnu packages spice) - (gnu packages vulkan) - (gnu packages pdf) - (gnu packages commencement) - (gnu packages base) - (gnu packages embedded) - (gnu services cups) - (gnu services virtualization) - (gnu services xorg) - (gnu services desktop) - (gnu services linux) - (gnu packages cups) - (gnu packages xorg) - (gnu packages scanner) - (gnu packages dns) - (gnu services shepherd) - (gnu services base)) - -(operating-system - (inherit base-desktop-system) - (host-name "patrache") - (packages (append (list autoconf automake qemu texlive firefox pavucontrol mupdf gcc-toolchain gnu-make gcc-arm-none-eabi-7-2018-q2-update sane-backends-minimal xsane cups (list isc-bind "utils")) %my-desktop-packages)) - (services (append (list - (set-xorg-configuration - (xorg-configuration - (keyboard-layout %default-keyboard-layout))) - (service sane-service-type) - (service cups-service-type - (cups-configuration - (web-interface? #t)))) - (modify-services %my-desktop-services - (udev-service-type config => - (udev-configuration (inherit config) - (rules (append (list - %usb-udev-rule) - (udev-configuration-rules config)))))))) - (users (cons* (user-account - (name "nmetz") - (comment "Noah Metz") - (group "users") - (home-directory "/home/nmetz") - (shell (file-append zsh "/bin/zsh")) - (supplementary-groups - `("wheel" "netdev" "audio" "video" "usb" "kvm"))) - %my-base-user-accounts)) - (file-systems - (cons* (file-system - (mount-point "/boot/efi") - (device (uuid "50C2-89C6" 'fat32)) - (type "vfat")) - (file-system - (mount-point "/") - (device - (uuid "817a54a1-a8a9-49b5-883d-33fdfd06404d" - 'ext4)) - (type "ext4")) - %base-file-systems))) - diff --git a/system/files/ldap/nmetz.ldif b/system/files/ldap/nmetz.ldif deleted file mode 100644 index 8e5219e..0000000 --- a/system/files/ldap/nmetz.ldif +++ /dev/null @@ -1,23 +0,0 @@ -dn: cn=nmetz,ou=user,dc=metznet,dc=ca -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -objectClass: posixAccount -objectClass: shadowAccount -uid: nmetz -cn: Noah Metz -sn: Metz -givenName: Noah -userPassword: {SSHA}yUiQKwuRpADPzuT8W9M6gCbnw914VIOD -loginShell: /bin/bash -uidNumber: 1001 -gidNumber: 1001 -homeDirectory: /home/nmetz/ - - -dn: cn=nmetz,ou=group,dc=metznet,dc=ca -objectClass: top -objectClass: posixGroup -cn: nmetz -gidNumber: 1001 diff --git a/system/servers/base.scm b/system/servers/base.scm deleted file mode 100644 index 26a9299..0000000 --- a/system/servers/base.scm +++ /dev/null @@ -1,5 +0,0 @@ -(use-modules (gnu) (system base-system)) - -(operating-system - (inherit base-server-system) - (host-name "server")) diff --git a/system/servers/hypervisor.scm b/system/servers/hypervisor.scm deleted file mode 100644 index 2c831f8..0000000 --- a/system/servers/hypervisor.scm +++ /dev/null @@ -1,12 +0,0 @@ -(use-modules (system base-system) - (guix gexp) - (guix records) - (gnu packages virtualization) - (gnu services shepherd) - (ice-9 match)) - -(operating-system - (inherit base-server-system) - (host-name (string-append "qemu." %domain-name)) - (packages (append (list qemu) %my-server-packages)) - (services (append (list (service )) %my-server-services))) diff --git a/system/servers/kadmin.scm b/system/servers/kadmin.scm deleted file mode 100644 index 4dc9778..0000000 --- a/system/servers/kadmin.scm +++ /dev/null @@ -1,126 +0,0 @@ -(use-modules (system base-system) - (guix records) - (guix gexp) - (gnu packages admin) - (gnu packages kerberos) - (gnu packages linux) - (gnu services kerberos) - (gnu services configuration) - (gnu services shepherd) - (ice-9 match)) - -(define-record-type* - kadmin-configuration make-kadmin-configuration - kadmin-configuration? - (pidfile kadmin-configuration-pidfile - (default "/var/run/krb5kdc")) - (package kadmin-configuration-package - (default mit-krb5)) - (directory kadmin-configuration-directory - (default "/var/krb5kdc")) - (kdb-password kadmin-configuration-kdb-password - (default "password")) - (realm kadmin-configuration-realm - (default %domain-caps)) - (root-princ kadmin-configuration-root-princ - (default "root/admin")) - (root-princ-pw kadmin-configuration-root-princ-pw - (default "password"))) - -(define-gexp-compiler (kadmin-configuration-compiler - (file ) system target) - - (match file - (($ pidfile package directory kdb-password realm root-princ root-princ-pw) - (gexp->derivation - "kdc.conf" - #~(call-with-output-file (ungexp output "out") - (lambda (port) - (display (string-append - (ungexp-splicing `( - ,@`("[kdcdefaults]\n") - ,@`(" kdc_ports = 750,88\n") - ,@`("[realms]\n") - ,@`(" " ,realm " = {\n") - ,@`(" database_name = " ,directory "/principal\n") - ,@`(" acl_file = " ,directory "/kadm5.acl\n") - ,@`(" key_stash_file = " ,directory "/.k5." ,realm "\n") - ,@`(" kdc_ports = 750,88\n") - ,@`(" max_life = 10h 0m 0s\n") - ,@`(" max_renewable_life = 7d 0h 0m 0s\n") - ,@`("}\n")))) - port))) - #:local-build? #t)))) - -(define %kadmin-accounts - (list (user-group (name "krb5") (system? #t)) - (user-account (name "krb5") - (group "krb5") - (system? #t) - (comment "kadmin/kdc user account") - (home-directory "/var/krb5kdc") - (shell (file-append shadow "/sbin/nologin"))))) - -(define kadmin-activation-service - (lambda (arg) (match arg - (($ pidfile package directory kdb-password realm root-princ root-princ-pw) - #~(begin - (use-modules (guix build utils)) - (let* ((user (getpw "krb5"))) - (mkdir-p/perms #$directory user #o700) - (symlink #$arg #$(string-append directory "/kdc.conf")))))))) - -(define kadmin-shepherd-services - (match-lambda - (($ pidfile package directory kdb-password realm root-princ root-princ-pw) - (list (shepherd-service - (documentation "Runs the kdc service") - (provision '(kdc)) - (requirement '(user-processes syslogd)) - (start #~(lambda () - (if (system (string-append #$package "/sbin/kdb5_util -r " #$realm " list_mkeys &> /dev/null")) - (begin - (system (string-join (list - #$(file-append package "/sbin/kdb5_util") - "-r" #$realm - "create" "-s" - "-P" #$kdb-password))) - (system (string-join (list - #$(file-append package "/sbin/kadmin.local") - "-r" #$realm - "add_principal" - "-pw" #$root-princ-pw - #$(string-append root-princ "@" %domain-caps)))) - (system (string-join (list - "echo" (string-append "\"" #$root-princ "@" #$realm " *\n\"") - ">" (string-append #$directory "/kadm5.acl")))) - (display "Kdc already initialized, skipping..."))) - (fork+exec-command (list - #$(file-append package "/sbin/krb5kdc") - "-n" - "-P" #$pidfile)))) - (stop #~(make-kill-destructor))) - (shepherd-service - (documentation "Runs the kadmin service") - (provision '(kadmin)) - (requirement '(kdc user-processes syslogd)) - (start #~(make-forkexec-constructor (list - #$(file-append package "/sbin/kadmind") - "-nofork"))) - (stop #~(make-kill-destructor))))))) - -(define kadmin-service-type - (service-type (name 'kadmin) - (description - "Runs the @command{kadmin} server") - (extensions - (list (service-extension shepherd-root-service-type kadmin-shepherd-services) - (service-extension activation-service-type kadmin-activation-service) - (service-extension account-service-type (const %kadmin-accounts)))) - (default-value (kadmin-configuration)))) - -(operating-system - (inherit base-server-system) - (host-name (string-append "kadmin." %domain-name)) - (packages (append (list strace) %my-server-packages)) - (services (append (list (service kadmin-service-type)) %my-server-services))) diff --git a/system/servers/ldap.scm b/system/servers/ldap.scm deleted file mode 100644 index fb51754..0000000 --- a/system/servers/ldap.scm +++ /dev/null @@ -1,290 +0,0 @@ -(use-modules (system base-system) - (gnu build activation) - (gnu services authentication) - (gnu packages openldap) - (gnu system shadow) - (gnu system pam) - (gnu services) - (gnu services shepherd) - (gnu packages admin) - (gnu packages autotools) - (gnu packages databases) - (gnu packages linux) - (gnu packages pkg-config) - (gnu packages compression) - (gnu packages perl) - (guix packages) - (guix gexp) - (guix utils) - (guix records) - (ice-9 match) - (ice-9 format) - (ice-9 popen) - (ice-9 textual-ports) - (srfi srfi-1)) - -(define domain-to-dc - (lambda (domain) - (string-drop-right (apply string-append (map (lambda (component) (string-append "dc=" component ",")) (string-split domain #\.))) 1))) - -(define %domain-dc (domain-to-dc %domain-name)) - -(define slapd-rootpw - (get-env-default "SLAPD_ROOTPW" "root")) - -(define %slapd-accounts - (list (user-group (name "slapd") (system? #t)) - (user-account (name "slapd") - (group "slapd") - (system? #t) - (comment "OpenLDAP server user") - (home-directory "/var/lib/slapd") - (shell (file-append shadow "/sbin/nologin"))))) - -(define openldap-2.6-slapd - (package - (inherit openldap-2.6) - (name "openldap-2.6-slapd") - (native-inputs (modify-inputs (package-native-inputs openldap-2.6) - (append libltdl unixodbc pkg-config wiredtiger perl lz4 snappy))) - (arguments - (substitute-keyword-arguments (package-arguments openldap-2.6) - ((#:configure-flags flags) - `(append '("--enable-modules" "--enable-backends" "--sharedstatedir=/var/lib/slapd" "--localstatedir=/var/lib/slapd" "--runstatedir=/var/run/slapd") ,flags )))))) - -(define %slapd-package openldap-2.6-slapd) -(define %ldap-prefix #~(file-append #$%slapd-package "/etc/openldap/schema/")) - -(define-record-type* - slapd-config-ldif make-slapd-config-ldif - slapd-config-ldif? - (package slapd-config-ldif-package - (default %slapd-package)) - (argsfile slapd-config-ldif-argsfile - (default "/var/run/slapd/args")) - (pidfile slapd-config-ldif-pidfile - (default "/var/run/slapd/pid")) - (schema-prefix slapd-config-ldif-schema-prefix - (default "/var/lib/slapd/schema")) - (schemas slapd-config-ldif-schemas - (default '("core.ldif"))) - (basedn slapd-config-ldif-basedn - (default %domain-dc)) - (rootdn slapd-config-ldif-rootdn - (default "admin")) - (rootpw slapd-config-ldif-rootpw - (default "password")) - (rootpwhash slapd-config-ldif-rootpwhash - (default "secret")) - (data-directory slapd-config-ldif-data-directory - (default "/var/lib/slapd/data")) - (conf-directory slapd-config-ldif-conf-directory - (default "/var/lib/slapd/config")) - (indices slapd-config-ldif-indices - (default '("objectClass eq"))) - (extra-config slapd-config-ldif-extra-config - (default '()))) - -(define-gexp-compiler (slapd-config-ldif-compiler - (file ) system target) - - (match file - (($ package argsfile pidfile schema-prefix schemas basedn rootdn rootpw rootpwhash data-directory conf-directory indices extra-config) - (gexp->derivation - "cn=config.ldif" - #~(call-with-output-file (ungexp output "out") - (lambda (port) - (display (string-append - (ungexp-splicing `( - ,@`("dn: cn=config\n") - ,@`("objectClass: olcGlobal\n") - ,@`("cn: config\n") - ,@`("olcArgsFile: " ,argsfile "\n") - ,@`("olcPidFile: " ,pidfile "\n\n") - ,@`("dn: cn=schema,cn=config\n") - ,@`("objectClass: olcSchemaConfig\n") - ,@`("cn: schema\n\n") - ,@(append-map - (lambda (schema) - `("include: file://" ,schema-prefix ,schema "\n")) - schemas) - ,@`("\ndn: olcDatabase=config,cn=config\n") - ,@`("objectClass: olcDatabaseConfig\n") - ,@`("olcDatabase: config\n") - ,@`("olcRootDN: cn=" ,rootdn "," ,basedn "\n\n") - ,@`("dn: olcDatabase=mdb,cn=config\n") - ,@`("objectClass: olcDatabaseConfig\n") - ,@`("objectClass: olcMdbConfig\n") - ,@`("olcDatabase: mdb\n") - ,@`("olcSuffix: " ,basedn "\n") - ,@`("olcRootDN: cn=" ,rootdn "," ,basedn "\n") - ,@`("olcRootPW: " ,rootpwhash "\n") - ,@`("olcDbDirectory: " ,data-directory "\n") - ,@(append-map - (lambda (index) - `("olcDbIndex: " ,index "\n")) - indices) - ,@`("\n") - ,@extra-config))) - - port))) - #:local-build? #t)))) - -(define-record-type* - slapd-configuration make-slapd-configuration - slapd-configuration? - (pidfile slapd-configuration-pidfile - (default "/var/run/slapd.pid")) - (urls slapd-configuration-urls - (default "ldap:/// ldapi:///")) - (config slapd-configuration-config - (default (slapd-config-ldif))) - (extra-slapadd slapd-configuration-extra-slapadd - (default "")) - (extra-ldapadd slapd-configuration-extra-ldapadd - (default ""))) - -(define slapd-shepherd-service - (match-lambda - (($ pidfile urls config extra-slapadd extra-ldapadd) - (match-record - config - - (package conf-directory rootdn rootpw basedn) - (list (shepherd-service - (documentation "Run the slapd daemon") - (provision '(slapd)) - (requirement '(networking user-processes syslogd)) - (start #~(lambda () - (if (directory-exists? (string-append #$conf-directory "/cn=config")) - (display "slapd already configured, skipping...") - (begin - (system (string-join (list - #$(file-append sudo "/bin/sudo") - "--user=slapd" - #$(file-append package "/sbin/slapadd") - "-n" "0" - "-F" #$conf-directory - "-l" #$config))) - (system (string-join (list - #$(file-append sudo "/bin/sudo") - "--user=slapd" - #$(file-append package "/sbin/slapadd") - "-n" "1" - "-F" #$conf-directory - "-l" #$(plain-file "base-slap.ldif" extra-slapadd)))))) - (fork+exec-command (list #$(file-append package "/libexec/slapd") - "-d" "-1" - "-F" #$conf-directory - "-u" "slapd" - "-g" "slapd")) - ; TODO figure out how to make it wait for slapd to be ready - (if (file-exists? (string-append #$conf-directory "/.initialized")) - (display "slapd already initialzed, skipping...") - (begin - (system (string-join (list - #$(file-append sudo "/bin/sudo") - "--user=slapd" - #$(file-append package "/bin/ldapadd") - "-D" (string-append "cn=" #$rootdn "," #$basedn) - "-w" #$rootpw - "-f" #$(plain-file "base-ldap.ldif" extra-ldapadd)))) - (mknod (string-append #$conf-directory "/.initialized") 'regular #o400 0))))) - (stop #~(make-kill-destructor)))))))) - -(define slapd-activation - (match-lambda - (($ pidfile urls config extra-slapadd) - (match-record - config - - (package conf-directory data-directory) - #~(begin - (use-modules (guix build utils)) - (let* ((user (getpw "slapd"))) - (mkdir-p/perms "/var/run/slapd" user #o700) - (mkdir-p/perms #$data-directory user #o700) - (mkdir-p/perms #$conf-directory user #o700))))))) - - -(define slapd-service-type - (service-type - (name 'slapd) - (description "OpenLDAP server daemon") - (extensions - (list (service-extension shepherd-root-service-type slapd-shepherd-service) - (service-extension activation-service-type slapd-activation) - (service-extension account-service-type (const %slapd-accounts)))) - (default-value - (slapd-configuration)))) - -(define (shell% proc fmt . args) - (let* ((port (open-input-pipe (format #f "~?" fmt args))) - (output (proc port))) - (close-pipe port) - output)) - -(define-public (shell . args) - (apply shell% (cons get-string-all args))) - -(define-public (shell$ . args) - (apply shell% (cons get-line args))) - -(define %slapd-conf - (slapd-configuration - (extra-ldapadd - (string-join (list - "dn: olcDatabase={1}mdb,cn=config" - "changetype: modify" - "replace: olcAccess" - (string-append "olcAccess: {0}to attrs=cn,givenName,sn,userPassword,shadowLastChange,mail,loginShell,photo" - "by self write by anonymous auth by dn.base=\"cn=admin," - %domain-dc - "\" write by * none") - (string-append "olcAccess: {1}to * by self read by dn.base=\"cn=admin," - %domain-dc - "\" write by * read") - ""))) - (extra-slapadd - (string-join (list - "dn: dc=metznet,dc=ca" - "dc: metznet" - "o: Organization" - "objectClass: dcObject" - "objectClass: organization" - "" - "dn: cn=admin,dc=metznet,dc=ca" - "cn: admin" - "description: LDAP Administrator" - "objectClass: organizationalRole" - "objectClass: top" - "roleOccupant: dc=metznet,dc=ca" - "" - "dn: ou=user,dc=metznet,dc=ca" - "ou: user" - "description: LDAP User" - "objectClass: top" - "objectClass: organizationalUnit" - "" - "dn: ou=group,dc=metznet,dc=ca" - "ou: group" - "description: LDAP Group" - "objectClass: top" - "objectClass: organizationalUnit" - "") "\n")) - (config - (slapd-config-ldif - (rootpw "password") - (rootpwhash "{SSHA}620erGNXKg4D67G1xS0hNhr7h75VaIJl") - (indices '("objectClass eq" "uid pres,eq" "mail pres,sub,eq" "cn,sn pres,sub,eq" "dc eq")) - (schemas '("core.ldif" "cosine.ldif" "inetorgperson.ldif" "nis.ldif")) - (schema-prefix #~(string-append #$%slapd-package "/etc/openldap/schema/")))))) - - -(operating-system - (inherit base-server-system) - (host-name (string-append "ldap." %domain-name)) - (packages (append (list strace %slapd-package) %my-server-packages)) - (services (append (list - (service slapd-service-type %slapd-conf)) - %my-server-services)))