Moved system configs completely to this repo

master
noah metz 2023-12-04 00:53:02 -07:00
parent 60537fcb36
commit 183d884b26
4 changed files with 92 additions and 28 deletions

@ -1,6 +1,3 @@
;; This is an operating system configuration template
;; for a "bare bones" setup, with no X11 display server.
(use-modules (gnu) (use-modules (gnu)
(metznet aws) (metznet aws)
(gnu services shepherd) (gnu services shepherd)

@ -1,20 +1,24 @@
;; This is an operating system configuration template
;; for a "bare bones" setup, with no X11 display server.
(use-modules (gnu) (use-modules (gnu)
(metznet aws) (metznet aws)
(metznet machines kerberos) (gnu services kdc)
(gnu services certbot)
(gnu packages kdc)
(metznet system base-system) (metznet system base-system)
(gnu packages vim) (gnu packages vim)
(gnu packages version-control) (gnu packages version-control)
(gnu packages shells)) (gnu packages shells))
(define %kerberos-dn
"uid=kerberos,ou=system,ou=accounts,dc=metznet,dc=ca")
(operating-system (operating-system
(inherit kerberos.metznet.ca) (inherit %metznet-base-server-system)
(host-name "kerberos.metznet.ca")
(bootloader (bootloader-configuration (bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader) (bootloader grub-minimal-bootloader)
(targets '("/dev/nvme0n1")))) (targets '("/dev/nvme0n1"))))
(swap-devices (list (swap-space (target (file-system-label "krb-guix-swap"))))) (swap-devices (list (swap-space
(target (file-system-label "krb-guix-swap")))))
(file-systems (cons (file-system (file-systems (cons (file-system
(device (file-system-label "krb-guix-data")) (device (file-system-label "krb-guix-data"))
(mount-point "/") (mount-point "/")
@ -32,10 +36,40 @@
(string-join (list (string-join (list
"root ALL=(ALL:ALL) NOPASSWD:ALL" "root ALL=(ALL:ALL) NOPASSWD:ALL"
"%aws ALL=(ALL:ALL) ALL" "%aws ALL=(ALL:ALL) ALL"
"%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd"
"") "\n")))
(packages (cons* git neovim %metznet-base-packages)) (packages (cons* git neovim %metznet-base-packages))
(services (services
(cons* (service aws-service-type) kerberos-services))) (append (list (service aws-service-type)
(service kdc-service-type
(kdc-configuration (dbdefaults '("ldap_kerberos_container_dn = cn=kerberos,dc=metznet,dc=ca"))
(logging '("kdc = SYSLOG:DEBUG:DAEMON"))
(dbmodules (list (cons
"openldap_ldapconf"
(kldap-configuration
(ldap_kdc_dn
%kerberos-dn)
(ldap_kadmind_dn
%kerberos-dn)
(ldap_servers
"ldaps://ldap.metznet.ca")
(ldap_service_password_file
"/var/lib/kerberos/service.keyfile")))))
(realms (list (kdc-realm-configuration
(name "METZNET.CA")
(database_module
"openldap_ldapconf")
(default_principal_flags
"+preauth")
(acl_file (plain-file
"kadm5.acl"
"*/admin@METZNET.CA *\n")))))))
(service certbot-service-type
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
(domains '
("kerberos.metznet.ca"))))))))
%metznet-server-services)))

@ -1,20 +1,22 @@
;; This is an operating system configuration template
;; for a "bare bones" setup, with no X11 display server.
(use-modules (gnu) (use-modules (gnu)
(metznet aws) (metznet aws)
(metznet machines ldap) (gnu packages slapd)
(gnu services slapd)
(gnu services)
(gnu services certbot)
(metznet system base-system) (metznet system base-system)
(gnu packages vim) (gnu packages vim)
(gnu packages version-control) (gnu packages version-control)
(gnu packages shells)) (gnu packages shells))
(operating-system (operating-system
(inherit ldap.metznet.ca) (inherit %metznet-base-server-system)
(host-name "ldap.metznet.ca")
(bootloader (bootloader-configuration (bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader) (bootloader grub-minimal-bootloader)
(targets '("/dev/nvme0n1")))) (targets '("/dev/nvme0n1"))))
(swap-devices (list (swap-space (target (file-system-label "ldap-guix-swap"))))) (swap-devices (list (swap-space
(target (file-system-label "ldap-guix-swap")))))
(file-systems (cons (file-system (file-systems (cons (file-system
(device (file-system-label "ldap-guix-data")) (device (file-system-label "ldap-guix-data"))
(mount-point "/") (mount-point "/")
@ -32,10 +34,18 @@
(string-join (list (string-join (list
"root ALL=(ALL:ALL) NOPASSWD:ALL" "root ALL=(ALL:ALL) NOPASSWD:ALL"
"%aws ALL=(ALL:ALL) ALL" "%aws ALL=(ALL:ALL) ALL"
"%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd"
"") "\n")))
(packages (cons* git neovim %metznet-base-packages)) (packages (cons* git neovim %metznet-base-packages))
(services (services
(cons* (service aws-service-type) ldap-services))) (append (list (service aws-service-type)
(service certbot-service-type
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
(domains '
("ldap.metznet.ca")))))))
(service slapd-service-type
(slapd-configuration (uris "ldap:// ldaps://"))))
%metznet-server-services)))

@ -1,20 +1,20 @@
;; This is an operating system configuration template
;; for a "bare bones" setup, with no X11 display server.
(use-modules (gnu) (use-modules (gnu)
(metznet aws) (metznet aws)
(metznet machines vpn)
(metznet system base-system) (metznet system base-system)
(gnu services certbot)
(gnu services vpn)
(gnu packages vim) (gnu packages vim)
(gnu packages version-control) (gnu packages version-control)
(gnu packages shells)) (gnu packages shells))
(operating-system (operating-system
(inherit vpn.metznet.ca) (inherit %metznet-base-server-system)
(host-name "vpn.metznet.ca")
(bootloader (bootloader-configuration (bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader) (bootloader grub-minimal-bootloader)
(targets '("/dev/nvme0n1")))) (targets '("/dev/nvme0n1"))))
(swap-devices (list (swap-space (target (file-system-label "vpn-guix-swap"))))) (swap-devices (list (swap-space
(target (file-system-label "vpn-guix-swap")))))
(file-systems (cons (file-system (file-systems (cons (file-system
(device (file-system-label "vpn-guix-data")) (device (file-system-label "vpn-guix-data"))
(mount-point "/") (mount-point "/")
@ -32,10 +32,33 @@
(string-join (list (string-join (list
"root ALL=(ALL:ALL) NOPASSWD:ALL" "root ALL=(ALL:ALL) NOPASSWD:ALL"
"%aws ALL=(ALL:ALL) ALL" "%aws ALL=(ALL:ALL) ALL"
"%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd"
"") "\n")))
(packages (cons* git neovim %metznet-base-packages)) (packages (cons* git neovim %metznet-base-packages))
(services (services
(cons* (service aws-service-type) vpn-services))) (append (list (service aws-service-type)
(service openvpn-server-service-type
(openvpn-server-configuration (ca
"/var/lib/openvpn/ca.crt")
(cert
"/var/lib/openvpn/client.crt")
(key
"/var/lib/openvpn/client.key")
(tls-auth
"/var/lib/openvpn/ta.key")
(dh
"/var/lib/openvpn/dh2048.pem")
(ifconfig-pool-persist
"/var/lib/openvpn/ipp.txt")
(server
"10.0.80.0 255.255.255.0")))
(service certbot-service-type
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
(domains '
("vpn.metznet.ca"))))))))
(modify-services %metznet-server-services
(delete openvpn-client-service-type)))))