170 lines
8.0 KiB
Scheme
170 lines
8.0 KiB
Scheme
(define-module (machines base-desktop)
|
|
#:use-module (system base-system)
|
|
#:use-module (guix gexp)
|
|
#:use-module (guix build utils)
|
|
#:use-module (guix packages)
|
|
#:use-module (guix download)
|
|
#:use-module (guix build-system gnu)
|
|
#:use-module (guix build-system copy)
|
|
#:use-module ((guix licenses) #:prefix license:)
|
|
#:use-module (gnu)
|
|
#:use-module (gnu services configuration)
|
|
#:use-module (gnu services shepherd)
|
|
#:use-module (gnu services certbot)
|
|
#:use-module (gnu packages openldap)
|
|
#:use-module (gnu packages dbm)
|
|
#:use-module (gnu packages groff)
|
|
#:use-module (gnu packages autotools)
|
|
#:use-module (gnu packages cyrus-sasl)
|
|
#:use-module (gnu packages tls)
|
|
#:use-module (gnu packages perl)
|
|
#:use-module (gnu packages python)
|
|
#:use-module (gnu packages gnupg)
|
|
#:use-module (gnu packages base)
|
|
#:use-module (gnu packages compression)
|
|
#:use-module (gnu packages admin))
|
|
|
|
(define-public openldap-slapd
|
|
(package
|
|
(name "openldap-slapd")
|
|
(version "2.6.4")
|
|
(source (origin
|
|
(method url-fetch)
|
|
;; See <http://www.openldap.org/software/download/> for a list of
|
|
;; mirrors.
|
|
(uri (list (string-append
|
|
"http://repository.linagora.org/OpenLDAP"
|
|
"/openldap-release/openldap-" version ".tgz")
|
|
(string-append
|
|
"https://www.openldap.org/software/download/OpenLDAP/"
|
|
"openldap-release/openldap-" version ".tgz")
|
|
(string-append
|
|
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
|
|
"openldap-release/openldap-" version ".tgz")))
|
|
(sha256
|
|
(base32
|
|
"1489li52sjxm1f97v927jxaxzfk6v9sa32ixrw30qhvq07jh85ym"))))
|
|
(build-system gnu-build-system)
|
|
(inputs (list bdb-5.3 cyrus-sasl openssl gnutls libgcrypt zlib))
|
|
(native-inputs (list libltdl libtool groff bdb-5.3))
|
|
(arguments
|
|
(list
|
|
#:tests? #f
|
|
#:configure-flags
|
|
#~(list "--disable-static"
|
|
"--with-tls=openssl"
|
|
"--enable-slapd"
|
|
"--enable-crypt"
|
|
"--enable-modules"
|
|
"--enable-ldap"
|
|
"--enable-slapi"
|
|
"--enable-mdb"
|
|
"--enable-meta"
|
|
"--enable-passwd"
|
|
"--enable-overlays"
|
|
"--enable-shared"
|
|
"--with-cyrus-sasl"
|
|
#$@(if (%current-target-system)
|
|
'("--with-yielding_select=yes"
|
|
"ac_cv_func_memcmp_working=yes")
|
|
'()))
|
|
;; Disable install stripping as it breaks cross-compiling.
|
|
#:make-flags
|
|
#~(list "STRIP=")
|
|
#:phases
|
|
#~(modify-phases %standard-phases (add-after 'install 'build-slapd-totp-module
|
|
(lambda* (#:key source #:allow-other-keys)
|
|
(begin
|
|
(chdir "./contrib/slapd-modules/passwd/totp")
|
|
(mkdir-p (string-append #$output "/libexec/openldap"))
|
|
(invoke "make" "slapd-totp.lo")
|
|
(invoke "../../../../libtool" "--mode=link" "gcc" "-rpath" "/libexec/openldap" "-version-info" "0:0:0" "-module" "-o" "pw-totp.la" "slapd-totp.lo" "../../../../libraries/libldap/libldap.la" "../../../../libraries/liblber/liblber.la")
|
|
(invoke "../../../../libtool" "--mode=install" "cp" "pw-totp.la" (string-append #$output "/libexec/openldap"))
|
|
(chdir "../../../../")))))))
|
|
(synopsis "Implementation of the Lightweight Directory Access Protocol")
|
|
(description
|
|
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
|
|
(license license:openldap2.8)
|
|
(home-page "https://www.openldap.org/")))
|
|
|
|
|
|
(define list-of-file-like?
|
|
(list-of file-like?))
|
|
|
|
(define-configuration/no-serialization slapd-configuration
|
|
(openldap (file-like openldap-slapd)
|
|
"openldap package to use")
|
|
(home (string "/var/lib/slapd") "slapd home directory")
|
|
(backups (list-of-file-like '()) "alist of databases and their backup ldif files")
|
|
(uris (string "ldap:// ldapi://")
|
|
"slapd uris to accept connections to"))
|
|
|
|
|
|
(define (slapd-accounts config)
|
|
(list (user-group
|
|
(name "slapd")
|
|
(system? #t))
|
|
(user-account
|
|
(name "slapd")
|
|
(group "slapd")
|
|
(system? #t)
|
|
(comment "openldap service account")
|
|
(home-directory "/var/lib/slapd")
|
|
(shell #~(string-append #$shadow "/sbin/nologin")))))
|
|
|
|
(define (slapd-activation config)
|
|
(let
|
|
((homedir (slapd-configuration-home config))
|
|
(backups (slapd-configuration-backups config))
|
|
(ldapdir (slapd-configuration-openldap config)))
|
|
#~(begin
|
|
(define (range n m)
|
|
(if (>= n m) '() (cons n (range (+ n 1) m))))
|
|
(let ((user (getpw "slapd")))
|
|
(mkdir-p/perms "/var/run/slapd" user #o755)
|
|
(mkdir-p/perms #$homedir user #o755)
|
|
(mkdir-p/perms (string-append #$homedir "/slapd.d") user #o750)
|
|
(install-file (string-append #$ldapdir "/libexec/openldap/pw-totp.so") (string-append #$homedir "/modules"))
|
|
(mkdir-p/perms (string-append #$homedir "/modules") user #o750)
|
|
(mkdir-p/perms (string-append #$homedir "/data") user #o750))
|
|
; TODO: read the time of the last written backups to check if slapadd needs to happen, and after slapadd write the "time" from the config of the backups so that they don't get applied again to the same directory
|
|
(for-each (lambda (ldif dbno) (invoke (string-append #$sudo "/bin/sudo") "-u" "slapd" "-g" "slapd" (string-append #$ldapdir "/sbin/slapadd") "-F" (string-append #$homedir "/slapd.d") "-n" (number->string dbno) "-l" ldif)) '#+backups (range 0 (length `#+backups))))))
|
|
|
|
(define (slapd-shepherd-service config)
|
|
(list (shepherd-service
|
|
(documentation "")
|
|
(provision '(slapd))
|
|
(requirement '(networking user-processes))
|
|
(start #~(make-forkexec-constructor
|
|
(list (string-append #$(slapd-configuration-openldap config) "/libexec/slapd") "-d" "-1" "-F" "/var/lib/slapd/slapd.d" "-u" "slapd" "-g" "slapd")
|
|
#:environment-variables (list (string-append "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:" #$(slapd-configuration-openldap config) "/libexec/openldap"))
|
|
#:user "root"
|
|
#:group "root"))
|
|
(stop #~(make-kill-destructor)))))
|
|
|
|
(define slapd-service-type
|
|
(service-type (name 'slapd)
|
|
(description "openldap slapd service")
|
|
(extensions (list
|
|
(service-extension account-service-type slapd-accounts)
|
|
(service-extension activation-service-type slapd-activation)
|
|
(service-extension shepherd-root-service-type slapd-shepherd-service)))
|
|
(default-value (slapd-configuration))))
|
|
|
|
(operating-system
|
|
(inherit %metznet-base-server-system)
|
|
(host-name "ldap-guix.metznet.ca")
|
|
(packages %metznet-server-packages)
|
|
(services
|
|
(append (list
|
|
(service certbot-service-type
|
|
(certbot-configuration
|
|
(email "noah@metznet.ca")
|
|
(certificates
|
|
(list
|
|
(certificate-configuration
|
|
(domains '("ldap-guix.metznet.ca")))))))
|
|
(service slapd-service-type
|
|
(slapd-configuration
|
|
(backups (list (local-file "0.ldif") (local-file "1.ldif")))))) %metznet-server-services)))
|