MetzNet
/
metznet-channel
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed others to focues on otto and updated otto

master
Noah Metz 2022-09-17 19:58:39 -06:00
parent 71624f20fb
commit f894e7a16a
7 changed files with 34 additions and 557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
system/clients/otto.scm
Unescape Escape View File

@ -1,37 +1,37 @@
(use-modules (define-module (system clients otto)
(gnu) #:use-module (gnu)
(system base-system) #:use-module (system base-system)
(gnu packages tex) #:use-module (gnu packages tex)
(nongnu packages mozilla) #:use-module (nongnu packages mozilla)
(nongnu packages nvidia) #:use-module (nongnu packages nvidia)
(gnu packages networking) #:use-module (gnu packages networking)
(gnu packages shells) #:use-module (gnu packages shells)
(gnu packages pulseaudio) #:use-module (gnu packages pulseaudio)
(gnu packages virtualization) #:use-module (gnu packages virtualization)
(gnu packages spice) #:use-module (gnu packages spice)
(gnu packages vulkan) #:use-module (gnu packages vulkan)
(gnu packages pdf) #:use-module (gnu packages pdf)
(gnu packages commencement) #:use-module (gnu packages commencement)
(gnu packages base) #:use-module (gnu packages base)
(gnu packages embedded) #:use-module (gnu packages embedded)
(gnu packages linux) #:use-module (gnu packages linux)
(gnu packages docker) #:use-module (gnu packages docker)
(gnu services docker) #:use-module (gnu services docker)
(gnu packages audio) #:use-module (gnu packages audio)
(gnu services cups) #:use-module (gnu services cups)
(gnu services virtualization) #:use-module (gnu services virtualization)
(gnu services networking) #:use-module (gnu services networking)
(gnu services xorg) #:use-module (gnu services xorg)
(gnu services desktop) #:use-module (gnu services desktop)
(gnu services dbus) #:use-module (gnu services dbus)
(gnu services linux) #:use-module (gnu services linux)
(gnu packages cups) #:use-module (gnu packages cups)
(gnu packages python) #:use-module (gnu packages python)
(gnu packages xorg) #:use-module (gnu packages xorg)
(gnu packages scanner) #:use-module (gnu packages scanner)
(gnu packages dns) #:use-module (gnu packages dns)
(gnu services shepherd) #:use-module (gnu services shepherd)
(gnu services base)) #:use-module (gnu services base))
; (define (nvidia-insmod-shepherd-service config) ; (define (nvidia-insmod-shepherd-service config)
; (list (shepherd-service ; (list (shepherd-service

67
system/clients/patrache.scm
Unescape Escape View File

@ -1,67 +0,0 @@
(use-modules
(gnu)
(system base-system)
(gnu packages tex)
(nongnu packages mozilla)
(gnu packages networking)
(gnu packages shells)
(gnu packages pulseaudio)
(gnu packages virtualization)
(gnu packages spice)
(gnu packages vulkan)
(gnu packages pdf)
(gnu packages commencement)
(gnu packages base)
(gnu packages embedded)
(gnu services cups)
(gnu services virtualization)
(gnu services xorg)
(gnu services desktop)
(gnu services linux)
(gnu packages cups)
(gnu packages xorg)
(gnu packages scanner)
(gnu packages dns)
(gnu services shepherd)
(gnu services base))
(operating-system
(inherit base-desktop-system)
(host-name "patrache")
(packages (append (list autoconf automake qemu texlive firefox pavucontrol mupdf gcc-toolchain gnu-make gcc-arm-none-eabi-7-2018-q2-update sane-backends-minimal xsane cups (list isc-bind "utils")) %my-desktop-packages))
(services (append (list
(set-xorg-configuration
(xorg-configuration
(keyboard-layout %default-keyboard-layout)))
(service sane-service-type)
(service cups-service-type
(cups-configuration
(web-interface? #t))))
(modify-services %my-desktop-services
(udev-service-type config =>
(udev-configuration (inherit config)
(rules (append (list
%usb-udev-rule)
(udev-configuration-rules config))))))))
(users (cons* (user-account
(name "nmetz")
(comment "Noah Metz")
(group "users")
(home-directory "/home/nmetz")
(shell (file-append zsh "/bin/zsh"))
(supplementary-groups
`("wheel" "netdev" "audio" "video" "usb" "kvm")))
%my-base-user-accounts))
(file-systems
(cons* (file-system
(mount-point "/boot/efi")
(device (uuid "50C2-89C6" 'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device
(uuid "817a54a1-a8a9-49b5-883d-33fdfd06404d"
'ext4))
(type "ext4"))
%base-file-systems)))

23
system/files/ldap/nmetz.ldif
Unescape Escape View File

@ -1,23 +0,0 @@
dn: cn=nmetz,ou=user,dc=metznet,dc=ca
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: nmetz
cn: Noah Metz
sn: Metz
givenName: Noah
userPassword: {SSHA}yUiQKwuRpADPzuT8W9M6gCbnw914VIOD
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/nmetz/
dn: cn=nmetz,ou=group,dc=metznet,dc=ca
objectClass: top
objectClass: posixGroup
cn: nmetz
gidNumber: 1001

5
system/servers/base.scm
Unescape Escape View File

@ -1,5 +0,0 @@
(use-modules (gnu) (system base-system))
(operating-system
(inherit base-server-system)
(host-name "server"))

12
system/servers/hypervisor.scm
Unescape Escape View File

@ -1,12 +0,0 @@
(use-modules (system base-system)
(guix gexp)
(guix records)
(gnu packages virtualization)
(gnu services shepherd)
(ice-9 match))
(operating-system
(inherit base-server-system)
(host-name (string-append "qemu." %domain-name))
(packages (append (list qemu) %my-server-packages))
(services (append (list (service )) %my-server-services)))

126
system/servers/kadmin.scm
Unescape Escape View File

@ -1,126 +0,0 @@
(use-modules (system base-system)
(guix records)
(guix gexp)
(gnu packages admin)
(gnu packages kerberos)
(gnu packages linux)
(gnu services kerberos)
(gnu services configuration)
(gnu services shepherd)
(ice-9 match))
(define-record-type* <kadmin-configuration>
kadmin-configuration make-kadmin-configuration
kadmin-configuration?
(pidfile kadmin-configuration-pidfile
(default "/var/run/krb5kdc"))
(package kadmin-configuration-package
(default mit-krb5))
(directory kadmin-configuration-directory
(default "/var/krb5kdc"))
(kdb-password kadmin-configuration-kdb-password
(default "password"))
(realm kadmin-configuration-realm
(default %domain-caps))
(root-princ kadmin-configuration-root-princ
(default "root/admin"))
(root-princ-pw kadmin-configuration-root-princ-pw
(default "password")))
(define-gexp-compiler (kadmin-configuration-compiler
(file <kadmin-configuration>) system target)
(match file
(($ <kadmin-configuration> pidfile package directory kdb-password realm root-princ root-princ-pw)
(gexp->derivation
"kdc.conf"
#~(call-with-output-file (ungexp output "out")
(lambda (port)
(display (string-append
(ungexp-splicing `(
,@`("[kdcdefaults]\n")
,@`(" kdc_ports = 750,88\n")
,@`("[realms]\n")
,@`(" " ,realm " = {\n")
,@`(" database_name = " ,directory "/principal\n")
,@`(" acl_file = " ,directory "/kadm5.acl\n")
,@`(" key_stash_file = " ,directory "/.k5." ,realm "\n")
,@`(" kdc_ports = 750,88\n")
,@`(" max_life = 10h 0m 0s\n")
,@`(" max_renewable_life = 7d 0h 0m 0s\n")
,@`("}\n"))))
port)))
#:local-build? #t))))
(define %kadmin-accounts
(list (user-group (name "krb5") (system? #t))
(user-account (name "krb5")
(group "krb5")
(system? #t)
(comment "kadmin/kdc user account")
(home-directory "/var/krb5kdc")
(shell (file-append shadow "/sbin/nologin")))))
(define kadmin-activation-service
(lambda (arg) (match arg
(($ <kadmin-configuration> pidfile package directory kdb-password realm root-princ root-princ-pw)
#~(begin
(use-modules (guix build utils))
(let* ((user (getpw "krb5")))
(mkdir-p/perms #$directory user #o700)
(symlink #$arg #$(string-append directory "/kdc.conf"))))))))
(define kadmin-shepherd-services
(match-lambda
(($ <kadmin-configuration> pidfile package directory kdb-password realm root-princ root-princ-pw)
(list (shepherd-service
(documentation "Runs the kdc service")
(provision '(kdc))
(requirement '(user-processes syslogd))
(start #~(lambda ()
(if (system (string-append #$package "/sbin/kdb5_util -r " #$realm " list_mkeys &> /dev/null"))
(begin
(system (string-join (list
#$(file-append package "/sbin/kdb5_util")
"-r" #$realm
"create" "-s"
"-P" #$kdb-password)))
(system (string-join (list
#$(file-append package "/sbin/kadmin.local")
"-r" #$realm
"add_principal"
"-pw" #$root-princ-pw
#$(string-append root-princ "@" %domain-caps))))
(system (string-join (list
"echo" (string-append "\"" #$root-princ "@" #$realm " *\n\"")
">" (string-append #$directory "/kadm5.acl"))))
(display "Kdc already initialized, skipping...")))
(fork+exec-command (list
#$(file-append package "/sbin/krb5kdc")
"-n"
"-P" #$pidfile))))
(stop #~(make-kill-destructor)))
(shepherd-service
(documentation "Runs the kadmin service")
(provision '(kadmin))
(requirement '(kdc user-processes syslogd))
(start #~(make-forkexec-constructor (list
#$(file-append package "/sbin/kadmind")
"-nofork")))
(stop #~(make-kill-destructor)))))))
(define kadmin-service-type
(service-type (name 'kadmin)
(description
"Runs the @command{kadmin} server")
(extensions
(list (service-extension shepherd-root-service-type kadmin-shepherd-services)
(service-extension activation-service-type kadmin-activation-service)
(service-extension account-service-type (const %kadmin-accounts))))
(default-value (kadmin-configuration))))
(operating-system
(inherit base-server-system)
(host-name (string-append "kadmin." %domain-name))
(packages (append (list strace) %my-server-packages))
(services (append (list (service kadmin-service-type)) %my-server-services)))

290
system/servers/ldap.scm
Unescape Escape View File

@ -1,290 +0,0 @@
(use-modules (system base-system)
(gnu build activation)
(gnu services authentication)
(gnu packages openldap)
(gnu system shadow)
(gnu system pam)
(gnu services)
(gnu services shepherd)
(gnu packages admin)
(gnu packages autotools)
(gnu packages databases)
(gnu packages linux)
(gnu packages pkg-config)
(gnu packages compression)
(gnu packages perl)
(guix packages)
(guix gexp)
(guix utils)
(guix records)
(ice-9 match)
(ice-9 format)
(ice-9 popen)
(ice-9 textual-ports)
(srfi srfi-1))
(define domain-to-dc
(lambda (domain)
(string-drop-right (apply string-append (map (lambda (component) (string-append "dc=" component ",")) (string-split domain #\.))) 1)))
(define %domain-dc (domain-to-dc %domain-name))
(define slapd-rootpw
(get-env-default "SLAPD_ROOTPW" "root"))
(define %slapd-accounts
(list (user-group (name "slapd") (system? #t))
(user-account (name "slapd")
(group "slapd")
(system? #t)
(comment "OpenLDAP server user")
(home-directory "/var/lib/slapd")
(shell (file-append shadow "/sbin/nologin")))))
(define openldap-2.6-slapd
(package
(inherit openldap-2.6)
(name "openldap-2.6-slapd")
(native-inputs (modify-inputs (package-native-inputs openldap-2.6)
(append libltdl unixodbc pkg-config wiredtiger perl lz4 snappy)))
(arguments
(substitute-keyword-arguments (package-arguments openldap-2.6)
((#:configure-flags flags)
`(append '("--enable-modules" "--enable-backends" "--sharedstatedir=/var/lib/slapd" "--localstatedir=/var/lib/slapd" "--runstatedir=/var/run/slapd") ,flags ))))))
(define %slapd-package openldap-2.6-slapd)
(define %ldap-prefix #~(file-append #$%slapd-package "/etc/openldap/schema/"))
(define-record-type* <slapd-config-ldif>
slapd-config-ldif make-slapd-config-ldif
slapd-config-ldif?
(package slapd-config-ldif-package
(default %slapd-package))
(argsfile slapd-config-ldif-argsfile
(default "/var/run/slapd/args"))
(pidfile slapd-config-ldif-pidfile
(default "/var/run/slapd/pid"))
(schema-prefix slapd-config-ldif-schema-prefix
(default "/var/lib/slapd/schema"))
(schemas slapd-config-ldif-schemas
(default '("core.ldif")))
(basedn slapd-config-ldif-basedn
(default %domain-dc))
(rootdn slapd-config-ldif-rootdn
(default "admin"))
(rootpw slapd-config-ldif-rootpw
(default "password"))
(rootpwhash slapd-config-ldif-rootpwhash
(default "secret"))
(data-directory slapd-config-ldif-data-directory
(default "/var/lib/slapd/data"))
(conf-directory slapd-config-ldif-conf-directory
(default "/var/lib/slapd/config"))
(indices slapd-config-ldif-indices
(default '("objectClass eq")))
(extra-config slapd-config-ldif-extra-config
(default '())))
(define-gexp-compiler (slapd-config-ldif-compiler
(file <slapd-config-ldif>) system target)
(match file
(($ <slapd-config-ldif> package argsfile pidfile schema-prefix schemas basedn rootdn rootpw rootpwhash data-directory conf-directory indices extra-config)
(gexp->derivation
"cn=config.ldif"
#~(call-with-output-file (ungexp output "out")
(lambda (port)
(display (string-append
(ungexp-splicing `(
,@`("dn: cn=config\n")
,@`("objectClass: olcGlobal\n")
,@`("cn: config\n")
,@`("olcArgsFile: " ,argsfile "\n")
,@`("olcPidFile: " ,pidfile "\n\n")
,@`("dn: cn=schema,cn=config\n")
,@`("objectClass: olcSchemaConfig\n")
,@`("cn: schema\n\n")
,@(append-map
(lambda (schema)
`("include: file://" ,schema-prefix ,schema "\n"))
schemas)
,@`("\ndn: olcDatabase=config,cn=config\n")
,@`("objectClass: olcDatabaseConfig\n")
,@`("olcDatabase: config\n")
,@`("olcRootDN: cn=" ,rootdn "," ,basedn "\n\n")
,@`("dn: olcDatabase=mdb,cn=config\n")
,@`("objectClass: olcDatabaseConfig\n")
,@`("objectClass: olcMdbConfig\n")
,@`("olcDatabase: mdb\n")
,@`("olcSuffix: " ,basedn "\n")
,@`("olcRootDN: cn=" ,rootdn "," ,basedn "\n")
,@`("olcRootPW: " ,rootpwhash "\n")
,@`("olcDbDirectory: " ,data-directory "\n")
,@(append-map
(lambda (index)
`("olcDbIndex: " ,index "\n"))
indices)
,@`("\n")
,@extra-config)))
port)))
#:local-build? #t))))
(define-record-type* <slapd-configuration>
slapd-configuration make-slapd-configuration
slapd-configuration?
(pidfile slapd-configuration-pidfile
(default "/var/run/slapd.pid"))
(urls slapd-configuration-urls
(default "ldap:/// ldapi:///"))
(config slapd-configuration-config
(default (slapd-config-ldif)))
(extra-slapadd slapd-configuration-extra-slapadd
(default ""))
(extra-ldapadd slapd-configuration-extra-ldapadd
(default "")))
(define slapd-shepherd-service
(match-lambda
(($ <slapd-configuration> pidfile urls config extra-slapadd extra-ldapadd)
(match-record
config
<slapd-config-ldif>
(package conf-directory rootdn rootpw basedn)
(list (shepherd-service
(documentation "Run the slapd daemon")
(provision '(slapd))
(requirement '(networking user-processes syslogd))
(start #~(lambda ()
(if (directory-exists? (string-append #$conf-directory "/cn=config"))
(display "slapd already configured, skipping...")
(begin
(system (string-join (list
#$(file-append sudo "/bin/sudo")
"--user=slapd"
#$(file-append package "/sbin/slapadd")
"-n" "0"
"-F" #$conf-directory
"-l" #$config)))
(system (string-join (list
#$(file-append sudo "/bin/sudo")
"--user=slapd"
#$(file-append package "/sbin/slapadd")
"-n" "1"
"-F" #$conf-directory
"-l" #$(plain-file "base-slap.ldif" extra-slapadd))))))
(fork+exec-command (list #$(file-append package "/libexec/slapd")
"-d" "-1"
"-F" #$conf-directory
"-u" "slapd"
"-g" "slapd"))
; TODO figure out how to make it wait for slapd to be ready
(if (file-exists? (string-append #$conf-directory "/.initialized"))
(display "slapd already initialzed, skipping...")
(begin
(system (string-join (list
#$(file-append sudo "/bin/sudo")
"--user=slapd"
#$(file-append package "/bin/ldapadd")
"-D" (string-append "cn=" #$rootdn "," #$basedn)
"-w" #$rootpw
"-f" #$(plain-file "base-ldap.ldif" extra-ldapadd))))
(mknod (string-append #$conf-directory "/.initialized") 'regular #o400 0)))))
(stop #~(make-kill-destructor))))))))
(define slapd-activation
(match-lambda
(($ <slapd-configuration> pidfile urls config extra-slapadd)
(match-record
config
<slapd-config-ldif>
(package conf-directory data-directory)
#~(begin
(use-modules (guix build utils))
(let* ((user (getpw "slapd")))
(mkdir-p/perms "/var/run/slapd" user #o700)
(mkdir-p/perms #$data-directory user #o700)
(mkdir-p/perms #$conf-directory user #o700)))))))
(define slapd-service-type
(service-type
(name 'slapd)
(description "OpenLDAP server daemon")
(extensions
(list (service-extension shepherd-root-service-type slapd-shepherd-service)
(service-extension activation-service-type slapd-activation)
(service-extension account-service-type (const %slapd-accounts))))
(default-value
(slapd-configuration))))
(define (shell% proc fmt . args)
(let* ((port (open-input-pipe (format #f "~?" fmt args)))
(output (proc port)))
(close-pipe port)
output))
(define-public (shell . args)
(apply shell% (cons get-string-all args)))
(define-public (shell$ . args)
(apply shell% (cons get-line args)))
(define %slapd-conf
(slapd-configuration
(extra-ldapadd
(string-join (list
"dn: olcDatabase={1}mdb,cn=config"
"changetype: modify"
"replace: olcAccess"
(string-append "olcAccess: {0}to attrs=cn,givenName,sn,userPassword,shadowLastChange,mail,loginShell,photo"
"by self write by anonymous auth by dn.base=\"cn=admin,"
%domain-dc
"\" write by * none")
(string-append "olcAccess: {1}to * by self read by dn.base=\"cn=admin,"
%domain-dc
"\" write by * read")
"")))
(extra-slapadd
(string-join (list
"dn: dc=metznet,dc=ca"
"dc: metznet"
"o: Organization"
"objectClass: dcObject"
"objectClass: organization"
""
"dn: cn=admin,dc=metznet,dc=ca"
"cn: admin"
"description: LDAP Administrator"
"objectClass: organizationalRole"
"objectClass: top"
"roleOccupant: dc=metznet,dc=ca"
""
"dn: ou=user,dc=metznet,dc=ca"
"ou: user"
"description: LDAP User"
"objectClass: top"
"objectClass: organizationalUnit"
""
"dn: ou=group,dc=metznet,dc=ca"
"ou: group"
"description: LDAP Group"
"objectClass: top"
"objectClass: organizationalUnit"
"") "\n"))
(config
(slapd-config-ldif
(rootpw "password")
(rootpwhash "{SSHA}620erGNXKg4D67G1xS0hNhr7h75VaIJl")
(indices '("objectClass eq" "uid pres,eq" "mail pres,sub,eq" "cn,sn pres,sub,eq" "dc eq"))
(schemas '("core.ldif" "cosine.ldif" "inetorgperson.ldif" "nis.ldif"))
(schema-prefix #~(string-append #$%slapd-package "/etc/openldap/schema/"))))))
(operating-system
(inherit base-server-system)
(host-name (string-append "ldap." %domain-name))
(packages (append (list strace %slapd-package) %my-server-packages))
(services (append (list
(service slapd-service-type %slapd-conf))
%my-server-services)))