MetzNet
/
system-configs
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
system-configs/kerberos.metznet.ca.scm

67 lines
3.7 KiB
Scheme
Raw Permalink Blame History

(use-modules (gnu)
(metznet aws)
(metznet services kdc)
(gnu services certbot)
(metznet packages kdc)
(metznet system base-system)
(gnu packages vim)
(gnu packages version-control)
(gnu packages shells))
(define %kerberos-dn
"uid=kerberos,ou=system,ou=accounts,dc=metznet,dc=ca")
(operating-system
(inherit %metznet-base-server-system)
(host-name "kerberos.metznet.ca")
(bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader)
(targets '("/dev/nvme0n1"))))
(swap-devices (list (swap-space
(target (file-system-label "krb-guix-swap")))))
(file-systems (cons (file-system
(device (file-system-label "krb-guix-data"))
(mount-point "/")
(type "ext4")) %base-file-systems))
(sudoers-file (plain-file "sudoers"
(string-join (list
"root ALL=(ALL:ALL) NOPASSWD:ALL"
"%aws ALL=(ALL:ALL) ALL"
"%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd"
"") "\n")))
(packages (cons* git neovim %metznet-base-packages))
(services
(append (list (service aws-service-type)
(service kdc-service-type
(kdc-configuration (dbdefaults '("ldap_kerberos_container_dn = cn=kerberos,dc=metznet,dc=ca"))
(logging '("kdc = SYSLOG:DEBUG:DAEMON"))
(dbmodules (list (cons
"openldap_ldapconf"
(kldap-configuration
(ldap_kdc_dn
%kerberos-dn)
(ldap_kadmind_dn
%kerberos-dn)
(ldap_servers
"ldaps://ldap.metznet.ca")
(ldap_service_password_file
"/var/lib/kerberos/service.keyfile")))))
(realms (list (kdc-realm-configuration
(name "METZNET.CA")
(database_module
"openldap_ldapconf")
(default_principal_flags
"+preauth")
(acl_file (plain-file
"kadm5.acl"
"*/admin@METZNET.CA *\n")))))))
(service certbot-service-type
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
(domains '
("kerberos.metznet.ca"))))))))
%metznet-server-services)))
Reference in New Issue View Git Blame Copy Permalink