updated soduoers, added group for aws

master
noah metz 2023-12-03 18:17:19 -07:00
parent b3a25143d6
commit 68a831da2b
3 changed files with 34 additions and 26 deletions

@ -6,8 +6,7 @@
(metznet machines kerberos) (metznet machines kerberos)
(metznet system base-system) (metznet system base-system)
(gnu packages vim) (gnu packages vim)
(gnu packages ssh) (gnu packages version-control)
(gnu packages python-web)
(gnu packages shells)) (gnu packages shells))
(operating-system (operating-system
@ -19,19 +18,22 @@
(device (file-system-label "krb-guix-data")) (device (file-system-label "krb-guix-data"))
(mount-point "/") (mount-point "/")
(type "ext4")) %base-file-systems)) (type "ext4")) %base-file-systems))
(groups (cons (user-group
(system? #t)
(name "aws")) %metznet-base-groups))
(users (cons (user-account (users (cons (user-account
(name "aws") (name "aws")
(group "root") (group "aws")
(shell (file-append zsh "/bin/zsh"))) (shell (file-append zsh "/bin/zsh")))
%metznet-base-user-accounts)) %metznet-base-user-accounts))
(sudoers-file (plain-file "sudoers" (sudoers-file (plain-file "sudoers"
(string-join (list "Defaults mail_badpass" (string-join (list
"root ALL=(ALL:ALL) NOPASSWD:ALL" "root ALL=(ALL:ALL) NOPASSWD:ALL"
"%root ALL=(ALL:ALL) NOPASSWD:ALL" "") "%aws ALL=(ALL:ALL) ALL"
"\n"))) "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n")))
(packages (cons* openssh awscli neovim %metznet-base-packages)) (packages (cons* git neovim %metznet-base-packages))
(services (services
(cons* (service aws-service-type) kerberos-services))) (cons* (service aws-service-type) kerberos-services)))

@ -6,8 +6,7 @@
(metznet machines ldap) (metznet machines ldap)
(metznet system base-system) (metznet system base-system)
(gnu packages vim) (gnu packages vim)
(gnu packages ssh) (gnu packages version-control)
(gnu packages python-web)
(gnu packages shells)) (gnu packages shells))
(operating-system (operating-system
@ -19,18 +18,22 @@
(device (file-system-label "ldap-guix-data")) (device (file-system-label "ldap-guix-data"))
(mount-point "/") (mount-point "/")
(type "ext4")) %base-file-systems)) (type "ext4")) %base-file-systems))
(groups (cons (user-group
(system? #t)
(name "aws")) %metznet-base-groups))
(users (cons (user-account (users (cons (user-account
(name "aws") (name "aws")
(group "root") (group "aws")
(shell (file-append zsh "/bin/zsh"))) %metznet-base-user-accounts)) (shell (file-append zsh "/bin/zsh")))
%metznet-base-user-accounts))
(sudoers-file (plain-file "sudoers" (sudoers-file (plain-file "sudoers"
(string-join (list "Defaults mail_badpass" (string-join (list
"root ALL=(ALL:ALL) NOPASSWD:ALL" "root ALL=(ALL:ALL) NOPASSWD:ALL"
"%root ALL=(ALL:ALL) NOPASSWD:ALL" "") "%aws ALL=(ALL:ALL) ALL"
"\n"))) "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n")))
(packages (cons* openssh awscli neovim %metznet-base-packages)) (packages (cons* git neovim %metznet-base-packages))
(services (services
(cons* (service aws-service-type) ldap-services))) (cons* (service aws-service-type) ldap-services)))

@ -6,8 +6,7 @@
(metznet machines vpn) (metznet machines vpn)
(metznet system base-system) (metznet system base-system)
(gnu packages vim) (gnu packages vim)
(gnu packages ssh) (gnu packages version-control)
(gnu packages python-web)
(gnu packages shells)) (gnu packages shells))
(operating-system (operating-system
@ -19,18 +18,22 @@
(device (file-system-label "vpn-guix-data")) (device (file-system-label "vpn-guix-data"))
(mount-point "/") (mount-point "/")
(type "ext4")) %base-file-systems)) (type "ext4")) %base-file-systems))
(groups (cons (user-group
(system? #t)
(name "aws")) %metznet-base-groups))
(users (cons (user-account (users (cons (user-account
(name "aws") (name "aws")
(group "root") (group "aws")
(shell (file-append zsh "/bin/zsh"))) %metznet-base-user-accounts)) (shell (file-append zsh "/bin/zsh")))
%metznet-base-user-accounts))
(sudoers-file (plain-file "sudoers" (sudoers-file (plain-file "sudoers"
(string-join (list "Defaults mail_badpass" (string-join (list
"root ALL=(ALL:ALL) NOPASSWD:ALL" "root ALL=(ALL:ALL) NOPASSWD:ALL"
"%root ALL=(ALL:ALL) NOPASSWD:ALL" "") "%aws ALL=(ALL:ALL) ALL"
"\n"))) "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n")))
(packages (cons* openssh awscli neovim %metznet-base-packages)) (packages (cons* git neovim %metznet-base-packages))
(services (services
(cons* (service aws-service-type) vpn-services))) (cons* (service aws-service-type) vpn-services)))