Add certs(nss and le) to system profile

master
noah metz 2023-12-02 14:49:40 -07:00
parent 8b3be603f9
commit 92c10ab3ee
1 changed files with 12 additions and 15 deletions

@ -5,6 +5,7 @@
(guix gexp)
(guix modules)
(gnu services shepherd)
(gnu packages certs)
(guix packages)
(guix build-system trivial)
(gnu system shadow)
@ -45,35 +46,26 @@
#~(begin
(use-modules (ice-9
receive)
(guix
build
download)
(web
uri)
(web
client)
(ice-9
binary-ports))
(call-with-output-file "/etc/ssh/authorized_keys.d/aws"
(lambda (port)
(begin
(format (current-error-port)
"opened-file\n")
(put-bytevector
port
(receive (header
body)
(let ((uri
"http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key"))
(http-get
uri
#:port (open-connection-for-uri
@ -94,13 +86,16 @@
(respawn? #t)
(start #~(make-forkexec-constructor (list #$aws-pubkey-prog))))))
(define aws-pubkey-service-type
(service-type (name 'aws-pubkey)
(define aws-service-type
(service-type (name 'aws)
(description "AWS public key service")
(extensions (list (service-extension
(extensions (list (service-extension profile-service-type
(lambda (val)
val))
(service-extension
shepherd-root-service-type
aws-pubkey-service)))
(default-value '())))
(default-value (list le-certs nss-certs))))
(operating-system
(host-name "guix-ami")
@ -133,7 +128,9 @@
(services
(cons* (service dhcp-client-service-type)
(service aws-pubkey-service-type)
(service aws-service-type)
(service openssh-service-type
(openssh-configuration (port-number 22) (password-authentication? #f))) %base-services)))
(openssh-configuration (port-number 22)
(password-authentication? #f)))
%base-services)))