(use-modules (gnu) (metznet aws) (gnu services kdc) (gnu services certbot) (gnu packages kdc) (metznet system base-system) (gnu packages vim) (gnu packages version-control) (gnu packages shells)) (define %kerberos-dn "uid=kerberos,ou=system,ou=accounts,dc=metznet,dc=ca") (operating-system (inherit %metznet-base-server-system) (host-name "kerberos.metznet.ca") (bootloader (bootloader-configuration (bootloader grub-minimal-bootloader) (targets '("/dev/nvme0n1")))) (swap-devices (list (swap-space (target (file-system-label "krb-guix-swap"))))) (file-systems (cons (file-system (device (file-system-label "krb-guix-data")) (mount-point "/") (type "ext4")) %base-file-systems)) (groups (cons (user-group (system? #t) (name "aws")) %metznet-base-groups)) (users (cons (user-account (name "aws") (group "aws") (shell (file-append zsh "/bin/zsh"))) %metznet-base-user-accounts)) (sudoers-file (plain-file "sudoers" (string-join (list "root ALL=(ALL:ALL) NOPASSWD:ALL" "%aws ALL=(ALL:ALL) ALL" "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) (packages (cons* git neovim %metznet-base-packages)) (services (append (list (service aws-service-type) (service kdc-service-type (kdc-configuration (dbdefaults '("ldap_kerberos_container_dn = cn=kerberos,dc=metznet,dc=ca")) (logging '("kdc = SYSLOG:DEBUG:DAEMON")) (dbmodules (list (cons "openldap_ldapconf" (kldap-configuration (ldap_kdc_dn %kerberos-dn) (ldap_kadmind_dn %kerberos-dn) (ldap_servers "ldaps://ldap.metznet.ca") (ldap_service_password_file "/var/lib/kerberos/service.keyfile"))))) (realms (list (kdc-realm-configuration (name "METZNET.CA") (database_module "openldap_ldapconf") (default_principal_flags "+preauth") (acl_file (plain-file "kadm5.acl" "*/admin@METZNET.CA *\n"))))))) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration (domains ' ("kerberos.metznet.ca")))))))) %metznet-server-services)))