jetomit/monguix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
monguix/services/sssd.scm

122 lines
4.6 KiB
Scheme
Raw Normal View History

Add sssd services
2022-07-31 18:05:42 +02:00
(define-module (services sssd)
#:use-module (gnu)
#:use-module (gnu packages sssd)
#:use-module (gnu services dbus)
#:use-module (gnu services shepherd)
#:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (srfi srfi-1)
#:export (pam-sss-service-type sssd-service-type sssd-configuration))
;;;
;;; System Security Services Daemon.
;;;
(define-record-type* <sssd-configuration>
sssd-configuration make-sssd-configuration
sssd-configuration?
(package sssd-configuration-package (default sssd))
services/sssd: create config file with correct permissions in /etc The sssd.conf must be readable only by root for sssd to start.
2022-10-01 12:28:26 +02:00
(configuration sssd-configuration-configuration (default ""))
Add sssd services
2022-07-31 18:05:42 +02:00
(config-file sssd-configuration-config-file (default "/etc/sssd/sssd.conf")))
(define (sssd-shepherd-service config)
"Return a <shepherd-service> for SSSD with CONFIG."
services/sssd: create config file with correct permissions in /etc The sssd.conf must be readable only by root for sssd to start.
2022-10-01 12:28:26 +02:00
(let ((sssd (sssd-configuration-package config))
(config-file (sssd-configuration-config-file config)))
Add sssd services
2022-07-31 18:05:42 +02:00
(list
(shepherd-service
(requirement '(dbus-system))
(provision '(sssd))
(documentation "Start sssd")
(start #~(make-forkexec-constructor
(list (string-append #$sssd "/sbin/sssd")
services/sssd: create config file with correct permissions in /etc The sssd.conf must be readable only by root for sssd to start.
2022-10-01 12:28:26 +02:00
"--config" #$config-file
Add sssd services
2022-07-31 18:05:42 +02:00
"--logger=files")
#:pid-file "/var/run/sssd.pid"
#:log-file "/var/log/sssd/daemon.log"))
(stop #~(make-kill-destructor))))))
services/sssd: create config file with correct permissions in /etc The sssd.conf must be readable only by root for sssd to start.
2022-10-01 12:28:26 +02:00
(define (sssd-activation config)
(let ((configuration (sssd-configuration-configuration config))
(config-file (sssd-configuration-config-file config)))
#~(begin
(use-modules (guix build utils))
;; Create data directories for sssd.
(mkdir-p "/var/log/sssd")
(for-each (lambda (dir) (mkdir-p (string-append "/var/lib/sss/" dir)))
'("db" "gpo_cache" "mc" "pipes/private" "pubconf"))
;; Create config file if a configuration is given; otherwise we assume
;; the file is managed externally.
(unless (string-null? #$configuration)
(mkdir-p (dirname #$config-file))
(with-output-to-file #$config-file
(lambda _ (display #$configuration))))
;; Must be a regular file readable only by root.
(chmod #$config-file #o600))))
Add sssd services
2022-07-31 18:05:42 +02:00
(define sssd-service-type
(service-type
(name 'sssd)
(extensions
(list (service-extension activation-service-type
services/sssd: create config file with correct permissions in /etc The sssd.conf must be readable only by root for sssd to start.
2022-10-01 12:28:26 +02:00
sssd-activation)
Add sssd services
2022-07-31 18:05:42 +02:00
(service-extension dbus-root-service-type
(compose list sssd-configuration-package))
(service-extension nscd-service-type
(compose list sssd-configuration-package))
(service-extension profile-service-type
(compose list sssd-configuration-package))
(service-extension shepherd-root-service-type
sssd-shepherd-service)))
(default-value (sssd-configuration))
(description "Run @command{sssd}.")))
(define-record-type* <pam-sss-configuration>
pam-sss-configuration make-pam-sss-configuration
pam-sss-configuration?
(sssd pam-sss-configuration-sssd (default sssd)))
;;;
;;; SSSD PAM service.
;;;
(define (pam-sss-pam-service config)
services/sssd: modernize
2023-05-20 14:55:59 +02:00
"Return a PAM service for SSSD authentication."
(list
(pam-extension
(transformer
Add sssd services
2022-07-31 18:05:42 +02:00
(lambda (pam)
services/sssd: modernize
2023-05-20 14:55:59 +02:00
(define pam-sss-module
#~(string-append #$(pam-sss-configuration-sssd config)
"/lib/security/pam_sss.so"))
Add sssd services
2022-07-31 18:05:42 +02:00
(pam-service
(inherit pam)
(auth (cons* (pam-entry
(control "sufficient")
services/sssd: modernize
2023-05-20 14:55:59 +02:00
(module pam-sss-module))
Add sssd services
2022-07-31 18:05:42 +02:00
;(arguments (list "use_first_pass")))
(pam-service-auth pam)))
(account (cons* (pam-entry
(control "[default=bad success=ok user_unknown=ignore]")
services/sssd: modernize
2023-05-20 14:55:59 +02:00
(module pam-sss-module))
Add sssd services
2022-07-31 18:05:42 +02:00
(pam-service-account pam)))
(password (cons* (pam-entry
(control "sufficient")
services/sssd: modernize
2023-05-20 14:55:59 +02:00
(module pam-sss-module))
Add sssd services
2022-07-31 18:05:42 +02:00
;(arguments (list "use_authtok")))
(pam-service-password pam)))
(session (cons* (pam-entry
(control "optional")
services/sssd: modernize
2023-05-20 14:55:59 +02:00
(module pam-sss-module))
(pam-service-session pam)))))))))
Add sssd services
2022-07-31 18:05:42 +02:00
(define pam-sss-service-type
(service-type
(name 'pam-sss)
(extensions
(list (service-extension pam-root-service-type pam-sss-pam-service)))
(default-value (pam-sss-configuration))
(description "Activate PAM SSSD support.")))
Reference in a new issue Copy permalink