Add certs(nss and le) to system profile

2023-12-02 14:49:40 -07:00 · 2023-12-02 14:49:40 -07:00 · 92c10ab3ee
parent 8b3be603f9
commit 92c10ab3ee
1 changed files with 12 additions and 15 deletions
--- a/aws.scm
+++ b/aws.scm
@ -5,6 +5,7 @@
             (guix gexp)
             (guix modules)
             (gnu services shepherd)
             (gnu packages certs)
             (guix packages)
             (guix build-system trivial)
             (gnu system shadow)
@ -45,35 +46,26 @@
                                                        #~(begin
                                                            (use-modules (ice-9
                                                                          receive)
                                                                         (guix
                                                                          build
                                                                          download)
                                                                         (web
                                                                          uri)
                                                                         (web
                                                                          client)
                                                                         (ice-9
                                                                          binary-ports))
                                                            (call-with-output-file "/etc/ssh/authorized_keys.d/aws"
                                                              (lambda (port)
                                                                (begin
                                                                  (format (current-error-port)
                                                                   "opened-file\n")
                                                                  (put-bytevector
                                                                   port
                                                                   (receive (header
                                                                             body)
                                                                    (let ((uri
                                                                           "http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key"))
                                                                      (http-get
                                                                       uri
                                                                       #:port (open-connection-for-uri
@ -94,13 +86,16 @@
                          (respawn? #t)
                          (start #~(make-forkexec-constructor (list #$aws-pubkey-prog))))))
-(define aws-pubkey-service-type
+(define aws-service-type
-  (service-type (name 'aws-pubkey)
+  (service-type (name 'aws)
                (description "AWS public key service")
-                (extensions (list (service-extension
+                (extensions (list (service-extension profile-service-type
                                                     (lambda (val)
                                                       val))
                                  (service-extension
                                   shepherd-root-service-type
                                   aws-pubkey-service)))
-                (default-value '())))
+                (default-value (list le-certs nss-certs))))
 (operating-system
  (host-name "guix-ami")
@ -133,7 +128,9 @@
  (services
   (cons* (service dhcp-client-service-type)
-          (service aws-pubkey-service-type)
+          (service aws-service-type)
          (service openssh-service-type
-                   (openssh-configuration (port-number 22) (password-authentication? #f))) %base-services)))
+                   (openssh-configuration (port-number 22)
                                          (password-authentication? #f)))
          %base-services)))