(define-module (machines kerberos.metznet.ca) #:use-module (srfi srfi-9) #:use-module (srfi srfi-1) #:use-module (gnu system) #:use-module (guix gexp) #:use-module (system base-system) #:use-module (gnu packages kerberos) #:use-module (gnu packages base) #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu services certbot)) (define (realm-name? val) (string? val)) (define (serialize-string field-name val) (string-append " " (symbol->string field-name) " = " val "\n")) (define-maybe string) (define list-of-ports? (list-of integer?)) (define (serialize-list-of-ports field-name value) (string-append " " (symbol->string field-name) " = " (string-join (map number->string value) ", ") "\n")) (define (realm-serialize-list-of-ports field-name value) (string-append " " (symbol->string field-name) " = " (string-join (map number->string value) ", ") "\n")) (define-maybe list-of-ports) (define-maybe file-like) (define (serialize-file-like field-name value) #~(string-append " " #$(symbol->string field-name) " = " #$value "\n")) (define (serialize-none field-name value) "") (define-configuration kdc-realm-configuration (name (string "EXAMPLE.COM") "realm name" serialize-none) (database_module maybe-string "database module") (acl_file maybe-file-like "acl file") (key_stash_file maybe-file-like "key stash file") (kdc_ports (list-of-ports '(750 88)) "list of ports to listen on" realm-serialize-list-of-ports) (kadmind_ports (list-of-ports '(749)) "list of ports to listen on for kadmin connections" realm-serialize-list-of-ports) (max_life (string "10h 0m 0s") "maximum life of granted tickets") (max_renewable_type (string "7d 0h 0m 0s") "maximum time to renew ticket") (master_key_type (string "des3-hmac-sha1") "master key type") (default_principal_flags (string "+preauth") "default flag for new principals")) (define list-of-kdc-realm-configuration? (list-of kdc-realm-configuration?)) (define (serialize-kdc-realm-configuration realm) #~(string-append " " #$(kdc-realm-configuration-name realm) " = {\n" #$(serialize-configuration realm kdc-realm-configuration-fields) " }\n")) (define (serialize-list-of-strings field-name value) (string-join (append (list (string-append "[" (symbol->string field-name) "]" )) value) "\n")) (define (serialize-list-of-kdc-realm-configuration field-name value) #~(string-join (list "[realms]" #$@(map (lambda (realm) (serialize-kdc-realm-configuration realm)) value)) "\n")) (define-configuration kdc-configuration (krb5 (file-like mit-krb5) "krb5 package to use" serialize-none) (kdc_ports (list-of-ports '(750 88)) "list of ports to listen on") (realms (list-of-kdc-realm-configuration '()) "Realms to configure the KDC with") (extra (list-of-strings '()) "extra lines")) (define (serialize-kdc-configuration configuration) (mixed-text-file "kdc.conf" #~(string-append "[kdcdefaults]\n" #$(serialize-configuration configuration kdc-configuration-fields)))) (define (kdc-activation configuration) #~(symlink #$(serialize-kdc-configuration configuration) "/etc/kdc.conf")) (define kdc-service-type (service-type (name 'kdc-service) (description "KDC service") (extensions (list (service-extension activation-service-type kdc-activation))) (default-value (kdc-configuration)))) (operating-system (inherit %metznet-base-server-system) (host-name "kerberos-guix.metznet.ca") (services (append (list (service kdc-service-type (kdc-configuration (realms (list (kdc-realm-configuration (name "METZNET.CA") (database_module "openldap_ldapconf") (acl_file (plain-file "kadm5.acl" "*/admin@METZNET.CA *\n"))))))) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration (domains ' ("ldap-guix.metznet.ca")))))))) %metznet-server-services)))