Removed others to focues on otto and updated otto
parent
71624f20fb
commit
f894e7a16a
@ -1,67 +0,0 @@
|
||||
(use-modules
|
||||
(gnu)
|
||||
(system base-system)
|
||||
(gnu packages tex)
|
||||
(nongnu packages mozilla)
|
||||
(gnu packages networking)
|
||||
(gnu packages shells)
|
||||
(gnu packages pulseaudio)
|
||||
(gnu packages virtualization)
|
||||
(gnu packages spice)
|
||||
(gnu packages vulkan)
|
||||
(gnu packages pdf)
|
||||
(gnu packages commencement)
|
||||
(gnu packages base)
|
||||
(gnu packages embedded)
|
||||
(gnu services cups)
|
||||
(gnu services virtualization)
|
||||
(gnu services xorg)
|
||||
(gnu services desktop)
|
||||
(gnu services linux)
|
||||
(gnu packages cups)
|
||||
(gnu packages xorg)
|
||||
(gnu packages scanner)
|
||||
(gnu packages dns)
|
||||
(gnu services shepherd)
|
||||
(gnu services base))
|
||||
|
||||
(operating-system
|
||||
(inherit base-desktop-system)
|
||||
(host-name "patrache")
|
||||
(packages (append (list autoconf automake qemu texlive firefox pavucontrol mupdf gcc-toolchain gnu-make gcc-arm-none-eabi-7-2018-q2-update sane-backends-minimal xsane cups (list isc-bind "utils")) %my-desktop-packages))
|
||||
(services (append (list
|
||||
(set-xorg-configuration
|
||||
(xorg-configuration
|
||||
(keyboard-layout %default-keyboard-layout)))
|
||||
(service sane-service-type)
|
||||
(service cups-service-type
|
||||
(cups-configuration
|
||||
(web-interface? #t))))
|
||||
(modify-services %my-desktop-services
|
||||
(udev-service-type config =>
|
||||
(udev-configuration (inherit config)
|
||||
(rules (append (list
|
||||
%usb-udev-rule)
|
||||
(udev-configuration-rules config))))))))
|
||||
(users (cons* (user-account
|
||||
(name "nmetz")
|
||||
(comment "Noah Metz")
|
||||
(group "users")
|
||||
(home-directory "/home/nmetz")
|
||||
(shell (file-append zsh "/bin/zsh"))
|
||||
(supplementary-groups
|
||||
`("wheel" "netdev" "audio" "video" "usb" "kvm")))
|
||||
%my-base-user-accounts))
|
||||
(file-systems
|
||||
(cons* (file-system
|
||||
(mount-point "/boot/efi")
|
||||
(device (uuid "50C2-89C6" 'fat32))
|
||||
(type "vfat"))
|
||||
(file-system
|
||||
(mount-point "/")
|
||||
(device
|
||||
(uuid "817a54a1-a8a9-49b5-883d-33fdfd06404d"
|
||||
'ext4))
|
||||
(type "ext4"))
|
||||
%base-file-systems)))
|
||||
|
@ -1,23 +0,0 @@
|
||||
dn: cn=nmetz,ou=user,dc=metznet,dc=ca
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: posixAccount
|
||||
objectClass: shadowAccount
|
||||
uid: nmetz
|
||||
cn: Noah Metz
|
||||
sn: Metz
|
||||
givenName: Noah
|
||||
userPassword: {SSHA}yUiQKwuRpADPzuT8W9M6gCbnw914VIOD
|
||||
loginShell: /bin/bash
|
||||
uidNumber: 1001
|
||||
gidNumber: 1001
|
||||
homeDirectory: /home/nmetz/
|
||||
|
||||
|
||||
dn: cn=nmetz,ou=group,dc=metznet,dc=ca
|
||||
objectClass: top
|
||||
objectClass: posixGroup
|
||||
cn: nmetz
|
||||
gidNumber: 1001
|
@ -1,5 +0,0 @@
|
||||
(use-modules (gnu) (system base-system))
|
||||
|
||||
(operating-system
|
||||
(inherit base-server-system)
|
||||
(host-name "server"))
|
@ -1,12 +0,0 @@
|
||||
(use-modules (system base-system)
|
||||
(guix gexp)
|
||||
(guix records)
|
||||
(gnu packages virtualization)
|
||||
(gnu services shepherd)
|
||||
(ice-9 match))
|
||||
|
||||
(operating-system
|
||||
(inherit base-server-system)
|
||||
(host-name (string-append "qemu." %domain-name))
|
||||
(packages (append (list qemu) %my-server-packages))
|
||||
(services (append (list (service )) %my-server-services)))
|
@ -1,126 +0,0 @@
|
||||
(use-modules (system base-system)
|
||||
(guix records)
|
||||
(guix gexp)
|
||||
(gnu packages admin)
|
||||
(gnu packages kerberos)
|
||||
(gnu packages linux)
|
||||
(gnu services kerberos)
|
||||
(gnu services configuration)
|
||||
(gnu services shepherd)
|
||||
(ice-9 match))
|
||||
|
||||
(define-record-type* <kadmin-configuration>
|
||||
kadmin-configuration make-kadmin-configuration
|
||||
kadmin-configuration?
|
||||
(pidfile kadmin-configuration-pidfile
|
||||
(default "/var/run/krb5kdc"))
|
||||
(package kadmin-configuration-package
|
||||
(default mit-krb5))
|
||||
(directory kadmin-configuration-directory
|
||||
(default "/var/krb5kdc"))
|
||||
(kdb-password kadmin-configuration-kdb-password
|
||||
(default "password"))
|
||||
(realm kadmin-configuration-realm
|
||||
(default %domain-caps))
|
||||
(root-princ kadmin-configuration-root-princ
|
||||
(default "root/admin"))
|
||||
(root-princ-pw kadmin-configuration-root-princ-pw
|
||||
(default "password")))
|
||||
|
||||
(define-gexp-compiler (kadmin-configuration-compiler
|
||||
(file <kadmin-configuration>) system target)
|
||||
|
||||
(match file
|
||||
(($ <kadmin-configuration> pidfile package directory kdb-password realm root-princ root-princ-pw)
|
||||
(gexp->derivation
|
||||
"kdc.conf"
|
||||
#~(call-with-output-file (ungexp output "out")
|
||||
(lambda (port)
|
||||
(display (string-append
|
||||
(ungexp-splicing `(
|
||||
,@`("[kdcdefaults]\n")
|
||||
,@`(" kdc_ports = 750,88\n")
|
||||
,@`("[realms]\n")
|
||||
,@`(" " ,realm " = {\n")
|
||||
,@`(" database_name = " ,directory "/principal\n")
|
||||
,@`(" acl_file = " ,directory "/kadm5.acl\n")
|
||||
,@`(" key_stash_file = " ,directory "/.k5." ,realm "\n")
|
||||
,@`(" kdc_ports = 750,88\n")
|
||||
,@`(" max_life = 10h 0m 0s\n")
|
||||
,@`(" max_renewable_life = 7d 0h 0m 0s\n")
|
||||
,@`("}\n"))))
|
||||
port)))
|
||||
#:local-build? #t))))
|
||||
|
||||
(define %kadmin-accounts
|
||||
(list (user-group (name "krb5") (system? #t))
|
||||
(user-account (name "krb5")
|
||||
(group "krb5")
|
||||
(system? #t)
|
||||
(comment "kadmin/kdc user account")
|
||||
(home-directory "/var/krb5kdc")
|
||||
(shell (file-append shadow "/sbin/nologin")))))
|
||||
|
||||
(define kadmin-activation-service
|
||||
(lambda (arg) (match arg
|
||||
(($ <kadmin-configuration> pidfile package directory kdb-password realm root-princ root-princ-pw)
|
||||
#~(begin
|
||||
(use-modules (guix build utils))
|
||||
(let* ((user (getpw "krb5")))
|
||||
(mkdir-p/perms #$directory user #o700)
|
||||
(symlink #$arg #$(string-append directory "/kdc.conf"))))))))
|
||||
|
||||
(define kadmin-shepherd-services
|
||||
(match-lambda
|
||||
(($ <kadmin-configuration> pidfile package directory kdb-password realm root-princ root-princ-pw)
|
||||
(list (shepherd-service
|
||||
(documentation "Runs the kdc service")
|
||||
(provision '(kdc))
|
||||
(requirement '(user-processes syslogd))
|
||||
(start #~(lambda ()
|
||||
(if (system (string-append #$package "/sbin/kdb5_util -r " #$realm " list_mkeys &> /dev/null"))
|
||||
(begin
|
||||
(system (string-join (list
|
||||
#$(file-append package "/sbin/kdb5_util")
|
||||
"-r" #$realm
|
||||
"create" "-s"
|
||||
"-P" #$kdb-password)))
|
||||
(system (string-join (list
|
||||
#$(file-append package "/sbin/kadmin.local")
|
||||
"-r" #$realm
|
||||
"add_principal"
|
||||
"-pw" #$root-princ-pw
|
||||
#$(string-append root-princ "@" %domain-caps))))
|
||||
(system (string-join (list
|
||||
"echo" (string-append "\"" #$root-princ "@" #$realm " *\n\"")
|
||||
">" (string-append #$directory "/kadm5.acl"))))
|
||||
(display "Kdc already initialized, skipping...")))
|
||||
(fork+exec-command (list
|
||||
#$(file-append package "/sbin/krb5kdc")
|
||||
"-n"
|
||||
"-P" #$pidfile))))
|
||||
(stop #~(make-kill-destructor)))
|
||||
(shepherd-service
|
||||
(documentation "Runs the kadmin service")
|
||||
(provision '(kadmin))
|
||||
(requirement '(kdc user-processes syslogd))
|
||||
(start #~(make-forkexec-constructor (list
|
||||
#$(file-append package "/sbin/kadmind")
|
||||
"-nofork")))
|
||||
(stop #~(make-kill-destructor)))))))
|
||||
|
||||
(define kadmin-service-type
|
||||
(service-type (name 'kadmin)
|
||||
(description
|
||||
"Runs the @command{kadmin} server")
|
||||
(extensions
|
||||
(list (service-extension shepherd-root-service-type kadmin-shepherd-services)
|
||||
(service-extension activation-service-type kadmin-activation-service)
|
||||
(service-extension account-service-type (const %kadmin-accounts))))
|
||||
(default-value (kadmin-configuration))))
|
||||
|
||||
(operating-system
|
||||
(inherit base-server-system)
|
||||
(host-name (string-append "kadmin." %domain-name))
|
||||
(packages (append (list strace) %my-server-packages))
|
||||
(services (append (list (service kadmin-service-type)) %my-server-services)))
|
@ -1,290 +0,0 @@
|
||||
(use-modules (system base-system)
|
||||
(gnu build activation)
|
||||
(gnu services authentication)
|
||||
(gnu packages openldap)
|
||||
(gnu system shadow)
|
||||
(gnu system pam)
|
||||
(gnu services)
|
||||
(gnu services shepherd)
|
||||
(gnu packages admin)
|
||||
(gnu packages autotools)
|
||||
(gnu packages databases)
|
||||
(gnu packages linux)
|
||||
(gnu packages pkg-config)
|
||||
(gnu packages compression)
|
||||
(gnu packages perl)
|
||||
(guix packages)
|
||||
(guix gexp)
|
||||
(guix utils)
|
||||
(guix records)
|
||||
(ice-9 match)
|
||||
(ice-9 format)
|
||||
(ice-9 popen)
|
||||
(ice-9 textual-ports)
|
||||
(srfi srfi-1))
|
||||
|
||||
(define domain-to-dc
|
||||
(lambda (domain)
|
||||
(string-drop-right (apply string-append (map (lambda (component) (string-append "dc=" component ",")) (string-split domain #\.))) 1)))
|
||||
|
||||
(define %domain-dc (domain-to-dc %domain-name))
|
||||
|
||||
(define slapd-rootpw
|
||||
(get-env-default "SLAPD_ROOTPW" "root"))
|
||||
|
||||
(define %slapd-accounts
|
||||
(list (user-group (name "slapd") (system? #t))
|
||||
(user-account (name "slapd")
|
||||
(group "slapd")
|
||||
(system? #t)
|
||||
(comment "OpenLDAP server user")
|
||||
(home-directory "/var/lib/slapd")
|
||||
(shell (file-append shadow "/sbin/nologin")))))
|
||||
|
||||
(define openldap-2.6-slapd
|
||||
(package
|
||||
(inherit openldap-2.6)
|
||||
(name "openldap-2.6-slapd")
|
||||
(native-inputs (modify-inputs (package-native-inputs openldap-2.6)
|
||||
(append libltdl unixodbc pkg-config wiredtiger perl lz4 snappy)))
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments openldap-2.6)
|
||||
((#:configure-flags flags)
|
||||
`(append '("--enable-modules" "--enable-backends" "--sharedstatedir=/var/lib/slapd" "--localstatedir=/var/lib/slapd" "--runstatedir=/var/run/slapd") ,flags ))))))
|
||||
|
||||
(define %slapd-package openldap-2.6-slapd)
|
||||
(define %ldap-prefix #~(file-append #$%slapd-package "/etc/openldap/schema/"))
|
||||
|
||||
(define-record-type* <slapd-config-ldif>
|
||||
slapd-config-ldif make-slapd-config-ldif
|
||||
slapd-config-ldif?
|
||||
(package slapd-config-ldif-package
|
||||
(default %slapd-package))
|
||||
(argsfile slapd-config-ldif-argsfile
|
||||
(default "/var/run/slapd/args"))
|
||||
(pidfile slapd-config-ldif-pidfile
|
||||
(default "/var/run/slapd/pid"))
|
||||
(schema-prefix slapd-config-ldif-schema-prefix
|
||||
(default "/var/lib/slapd/schema"))
|
||||
(schemas slapd-config-ldif-schemas
|
||||
(default '("core.ldif")))
|
||||
(basedn slapd-config-ldif-basedn
|
||||
(default %domain-dc))
|
||||
(rootdn slapd-config-ldif-rootdn
|
||||
(default "admin"))
|
||||
(rootpw slapd-config-ldif-rootpw
|
||||
(default "password"))
|
||||
(rootpwhash slapd-config-ldif-rootpwhash
|
||||
(default "secret"))
|
||||
(data-directory slapd-config-ldif-data-directory
|
||||
(default "/var/lib/slapd/data"))
|
||||
(conf-directory slapd-config-ldif-conf-directory
|
||||
(default "/var/lib/slapd/config"))
|
||||
(indices slapd-config-ldif-indices
|
||||
(default '("objectClass eq")))
|
||||
(extra-config slapd-config-ldif-extra-config
|
||||
(default '())))
|
||||
|
||||
(define-gexp-compiler (slapd-config-ldif-compiler
|
||||
(file <slapd-config-ldif>) system target)
|
||||
|
||||
(match file
|
||||
(($ <slapd-config-ldif> package argsfile pidfile schema-prefix schemas basedn rootdn rootpw rootpwhash data-directory conf-directory indices extra-config)
|
||||
(gexp->derivation
|
||||
"cn=config.ldif"
|
||||
#~(call-with-output-file (ungexp output "out")
|
||||
(lambda (port)
|
||||
(display (string-append
|
||||
(ungexp-splicing `(
|
||||
,@`("dn: cn=config\n")
|
||||
,@`("objectClass: olcGlobal\n")
|
||||
,@`("cn: config\n")
|
||||
,@`("olcArgsFile: " ,argsfile "\n")
|
||||
,@`("olcPidFile: " ,pidfile "\n\n")
|
||||
,@`("dn: cn=schema,cn=config\n")
|
||||
,@`("objectClass: olcSchemaConfig\n")
|
||||
,@`("cn: schema\n\n")
|
||||
,@(append-map
|
||||
(lambda (schema)
|
||||
`("include: file://" ,schema-prefix ,schema "\n"))
|
||||
schemas)
|
||||
,@`("\ndn: olcDatabase=config,cn=config\n")
|
||||
,@`("objectClass: olcDatabaseConfig\n")
|
||||
,@`("olcDatabase: config\n")
|
||||
,@`("olcRootDN: cn=" ,rootdn "," ,basedn "\n\n")
|
||||
,@`("dn: olcDatabase=mdb,cn=config\n")
|
||||
,@`("objectClass: olcDatabaseConfig\n")
|
||||
,@`("objectClass: olcMdbConfig\n")
|
||||
,@`("olcDatabase: mdb\n")
|
||||
,@`("olcSuffix: " ,basedn "\n")
|
||||
,@`("olcRootDN: cn=" ,rootdn "," ,basedn "\n")
|
||||
,@`("olcRootPW: " ,rootpwhash "\n")
|
||||
,@`("olcDbDirectory: " ,data-directory "\n")
|
||||
,@(append-map
|
||||
(lambda (index)
|
||||
`("olcDbIndex: " ,index "\n"))
|
||||
indices)
|
||||
,@`("\n")
|
||||
,@extra-config)))
|
||||
|
||||
port)))
|
||||
#:local-build? #t))))
|
||||
|
||||
(define-record-type* <slapd-configuration>
|
||||
slapd-configuration make-slapd-configuration
|
||||
slapd-configuration?
|
||||
(pidfile slapd-configuration-pidfile
|
||||
(default "/var/run/slapd.pid"))
|
||||
(urls slapd-configuration-urls
|
||||
(default "ldap:/// ldapi:///"))
|
||||
(config slapd-configuration-config
|
||||
(default (slapd-config-ldif)))
|
||||
(extra-slapadd slapd-configuration-extra-slapadd
|
||||
(default ""))
|
||||
(extra-ldapadd slapd-configuration-extra-ldapadd
|
||||
(default "")))
|
||||
|
||||
(define slapd-shepherd-service
|
||||
(match-lambda
|
||||
(($ <slapd-configuration> pidfile urls config extra-slapadd extra-ldapadd)
|
||||
(match-record
|
||||
config
|
||||
<slapd-config-ldif>
|
||||
(package conf-directory rootdn rootpw basedn)
|
||||
(list (shepherd-service
|
||||
(documentation "Run the slapd daemon")
|
||||
(provision '(slapd))
|
||||
(requirement '(networking user-processes syslogd))
|
||||
(start #~(lambda ()
|
||||
(if (directory-exists? (string-append #$conf-directory "/cn=config"))
|
||||
(display "slapd already configured, skipping...")
|
||||
(begin
|
||||
(system (string-join (list
|
||||
#$(file-append sudo "/bin/sudo")
|
||||
"--user=slapd"
|
||||
#$(file-append package "/sbin/slapadd")
|
||||
"-n" "0"
|
||||
"-F" #$conf-directory
|
||||
"-l" #$config)))
|
||||
(system (string-join (list
|
||||
#$(file-append sudo "/bin/sudo")
|
||||
"--user=slapd"
|
||||
#$(file-append package "/sbin/slapadd")
|
||||
"-n" "1"
|
||||
"-F" #$conf-directory
|
||||
"-l" #$(plain-file "base-slap.ldif" extra-slapadd))))))
|
||||
(fork+exec-command (list #$(file-append package "/libexec/slapd")
|
||||
"-d" "-1"
|
||||
"-F" #$conf-directory
|
||||
"-u" "slapd"
|
||||
"-g" "slapd"))
|
||||
; TODO figure out how to make it wait for slapd to be ready
|
||||
(if (file-exists? (string-append #$conf-directory "/.initialized"))
|
||||
(display "slapd already initialzed, skipping...")
|
||||
(begin
|
||||
(system (string-join (list
|
||||
#$(file-append sudo "/bin/sudo")
|
||||
"--user=slapd"
|
||||
#$(file-append package "/bin/ldapadd")
|
||||
"-D" (string-append "cn=" #$rootdn "," #$basedn)
|
||||
"-w" #$rootpw
|
||||
"-f" #$(plain-file "base-ldap.ldif" extra-ldapadd))))
|
||||
(mknod (string-append #$conf-directory "/.initialized") 'regular #o400 0)))))
|
||||
(stop #~(make-kill-destructor))))))))
|
||||
|
||||
(define slapd-activation
|
||||
(match-lambda
|
||||
(($ <slapd-configuration> pidfile urls config extra-slapadd)
|
||||
(match-record
|
||||
config
|
||||
<slapd-config-ldif>
|
||||
(package conf-directory data-directory)
|
||||
#~(begin
|
||||
(use-modules (guix build utils))
|
||||
(let* ((user (getpw "slapd")))
|
||||
(mkdir-p/perms "/var/run/slapd" user #o700)
|
||||
(mkdir-p/perms #$data-directory user #o700)
|
||||
(mkdir-p/perms #$conf-directory user #o700)))))))
|
||||
|
||||
|
||||
(define slapd-service-type
|
||||
(service-type
|
||||
(name 'slapd)
|
||||
(description "OpenLDAP server daemon")
|
||||
(extensions
|
||||
(list (service-extension shepherd-root-service-type slapd-shepherd-service)
|
||||
(service-extension activation-service-type slapd-activation)
|
||||
(service-extension account-service-type (const %slapd-accounts))))
|
||||
(default-value
|
||||
(slapd-configuration))))
|
||||
|
||||
(define (shell% proc fmt . args)
|
||||
(let* ((port (open-input-pipe (format #f "~?" fmt args)))
|
||||
(output (proc port)))
|
||||
(close-pipe port)
|
||||
output))
|
||||
|
||||
(define-public (shell . args)
|
||||
(apply shell% (cons get-string-all args)))
|
||||
|
||||
(define-public (shell$ . args)
|
||||
(apply shell% (cons get-line args)))
|
||||
|
||||
(define %slapd-conf
|
||||
(slapd-configuration
|
||||
(extra-ldapadd
|
||||
(string-join (list
|
||||
"dn: olcDatabase={1}mdb,cn=config"
|
||||
"changetype: modify"
|
||||
"replace: olcAccess"
|
||||
(string-append "olcAccess: {0}to attrs=cn,givenName,sn,userPassword,shadowLastChange,mail,loginShell,photo"
|
||||
"by self write by anonymous auth by dn.base=\"cn=admin,"
|
||||
%domain-dc
|
||||
"\" write by * none")
|
||||
(string-append "olcAccess: {1}to * by self read by dn.base=\"cn=admin,"
|
||||
%domain-dc
|
||||
"\" write by * read")
|
||||
"")))
|
||||
(extra-slapadd
|
||||
(string-join (list
|
||||
"dn: dc=metznet,dc=ca"
|
||||
"dc: metznet"
|
||||
"o: Organization"
|
||||
"objectClass: dcObject"
|
||||
"objectClass: organization"
|
||||
""
|
||||
"dn: cn=admin,dc=metznet,dc=ca"
|
||||
"cn: admin"
|
||||
"description: LDAP Administrator"
|
||||
"objectClass: organizationalRole"
|
||||
"objectClass: top"
|
||||
"roleOccupant: dc=metznet,dc=ca"
|
||||
""
|
||||
"dn: ou=user,dc=metznet,dc=ca"
|
||||
"ou: user"
|
||||
"description: LDAP User"
|
||||
"objectClass: top"
|
||||
"objectClass: organizationalUnit"
|
||||
""
|
||||
"dn: ou=group,dc=metznet,dc=ca"
|
||||
"ou: group"
|
||||
"description: LDAP Group"
|
||||
"objectClass: top"
|
||||
"objectClass: organizationalUnit"
|
||||
"") "\n"))
|
||||
(config
|
||||
(slapd-config-ldif
|
||||
(rootpw "password")
|
||||
(rootpwhash "{SSHA}620erGNXKg4D67G1xS0hNhr7h75VaIJl")
|
||||
(indices '("objectClass eq" "uid pres,eq" "mail pres,sub,eq" "cn,sn pres,sub,eq" "dc eq"))
|
||||
(schemas '("core.ldif" "cosine.ldif" "inetorgperson.ldif" "nis.ldif"))
|
||||
(schema-prefix #~(string-append #$%slapd-package "/etc/openldap/schema/"))))))
|
||||
|
||||
|
||||
(operating-system
|
||||
(inherit base-server-system)
|
||||
(host-name (string-append "ldap." %domain-name))
|
||||
(packages (append (list strace %slapd-package) %my-server-packages))
|
||||
(services (append (list
|
||||
(service slapd-service-type %slapd-conf))
|
||||
%my-server-services)))
|
Loading…
Reference in New Issue