From 68a831da2b210d3b80f5f9414b3ab247355ea4eb Mon Sep 17 00:00:00 2001 From: Noah Metz Date: Sun, 3 Dec 2023 18:17:19 -0700 Subject: [PATCH] updated soduoers, added group for aws --- kerberos.metznet.ca.scm | 18 ++++++++++-------- ldap.metznet.ca.scm | 21 ++++++++++++--------- vpn.metznet.ca.scm | 21 ++++++++++++--------- 3 files changed, 34 insertions(+), 26 deletions(-) diff --git a/kerberos.metznet.ca.scm b/kerberos.metznet.ca.scm index 00be04e..6e7a6fb 100644 --- a/kerberos.metznet.ca.scm +++ b/kerberos.metznet.ca.scm @@ -6,8 +6,7 @@ (metznet machines kerberos) (metznet system base-system) (gnu packages vim) - (gnu packages ssh) - (gnu packages python-web) + (gnu packages version-control) (gnu packages shells)) (operating-system @@ -19,19 +18,22 @@ (device (file-system-label "krb-guix-data")) (mount-point "/") (type "ext4")) %base-file-systems)) + (groups (cons (user-group + (system? #t) + (name "aws")) %metznet-base-groups)) (users (cons (user-account (name "aws") - (group "root") + (group "aws") (shell (file-append zsh "/bin/zsh"))) %metznet-base-user-accounts)) (sudoers-file (plain-file "sudoers" - (string-join (list "Defaults mail_badpass" - "root ALL=(ALL:ALL) NOPASSWD:ALL" - "%root ALL=(ALL:ALL) NOPASSWD:ALL" "") - "\n"))) + (string-join (list + "root ALL=(ALL:ALL) NOPASSWD:ALL" + "%aws ALL=(ALL:ALL) ALL" + "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) - (packages (cons* openssh awscli neovim %metznet-base-packages)) + (packages (cons* git neovim %metznet-base-packages)) (services (cons* (service aws-service-type) kerberos-services))) diff --git a/ldap.metznet.ca.scm b/ldap.metznet.ca.scm index 0e09b0d..f346648 100644 --- a/ldap.metznet.ca.scm +++ b/ldap.metznet.ca.scm @@ -6,8 +6,7 @@ (metznet machines ldap) (metznet system base-system) (gnu packages vim) - (gnu packages ssh) - (gnu packages python-web) + (gnu packages version-control) (gnu packages shells)) (operating-system @@ -19,18 +18,22 @@ (device (file-system-label "ldap-guix-data")) (mount-point "/") (type "ext4")) %base-file-systems)) + (groups (cons (user-group + (system? #t) + (name "aws")) %metznet-base-groups)) (users (cons (user-account (name "aws") - (group "root") - (shell (file-append zsh "/bin/zsh"))) %metznet-base-user-accounts)) + (group "aws") + (shell (file-append zsh "/bin/zsh"))) + %metznet-base-user-accounts)) (sudoers-file (plain-file "sudoers" - (string-join (list "Defaults mail_badpass" - "root ALL=(ALL:ALL) NOPASSWD:ALL" - "%root ALL=(ALL:ALL) NOPASSWD:ALL" "") - "\n"))) + (string-join (list + "root ALL=(ALL:ALL) NOPASSWD:ALL" + "%aws ALL=(ALL:ALL) ALL" + "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) - (packages (cons* openssh awscli neovim %metznet-base-packages)) + (packages (cons* git neovim %metznet-base-packages)) (services (cons* (service aws-service-type) ldap-services))) diff --git a/vpn.metznet.ca.scm b/vpn.metznet.ca.scm index 6b01ce2..6fe0454 100644 --- a/vpn.metznet.ca.scm +++ b/vpn.metznet.ca.scm @@ -6,8 +6,7 @@ (metznet machines vpn) (metznet system base-system) (gnu packages vim) - (gnu packages ssh) - (gnu packages python-web) + (gnu packages version-control) (gnu packages shells)) (operating-system @@ -19,18 +18,22 @@ (device (file-system-label "vpn-guix-data")) (mount-point "/") (type "ext4")) %base-file-systems)) + (groups (cons (user-group + (system? #t) + (name "aws")) %metznet-base-groups)) (users (cons (user-account (name "aws") - (group "root") - (shell (file-append zsh "/bin/zsh"))) %metznet-base-user-accounts)) + (group "aws") + (shell (file-append zsh "/bin/zsh"))) + %metznet-base-user-accounts)) (sudoers-file (plain-file "sudoers" - (string-join (list "Defaults mail_badpass" - "root ALL=(ALL:ALL) NOPASSWD:ALL" - "%root ALL=(ALL:ALL) NOPASSWD:ALL" "") - "\n"))) + (string-join (list + "root ALL=(ALL:ALL) NOPASSWD:ALL" + "%aws ALL=(ALL:ALL) ALL" + "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) - (packages (cons* openssh awscli neovim %metznet-base-packages)) + (packages (cons* git neovim %metznet-base-packages)) (services (cons* (service aws-service-type) vpn-services)))