jetomit/monguix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
monguix/services/sssd.scm

106 lines
3.8 KiB
Scheme
Raw Normal View History

Add sssd services
2022-07-31 18:05:42 +02:00
(define-module (services sssd)
#:use-module (gnu)
#:use-module (gnu packages sssd)
#:use-module (gnu services dbus)
#:use-module (gnu services shepherd)
#:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (srfi srfi-1)
#:export (pam-sss-service-type sssd-service-type sssd-configuration))
;;;
;;; System Security Services Daemon.
;;;
(define-record-type* <sssd-configuration>
sssd-configuration make-sssd-configuration
sssd-configuration?
(package sssd-configuration-package (default sssd))
(config-file sssd-configuration-config-file (default "/etc/sssd/sssd.conf")))
(define (sssd-shepherd-service config)
"Return a <shepherd-service> for SSSD with CONFIG."
(let ((sssd (sssd-configuration-package config)))
(list
(shepherd-service
(requirement '(dbus-system))
(provision '(sssd))
(documentation "Start sssd")
(start #~(make-forkexec-constructor
(list (string-append #$sssd "/sbin/sssd")
"-c" #$(sssd-configuration-config-file config)
"--logger=files")
#:pid-file "/var/run/sssd.pid"
#:log-file "/var/log/sssd/daemon.log"))
(stop #~(make-kill-destructor))))))
(define sssd-activation
;; Create data directories for sssd.
#~(begin
(use-modules (guix build utils))
(mkdir-p "/var/log/sssd")
(for-each (lambda (dir) (mkdir-p (string-append "/var/lib/sss/" dir)))
'("db" "gpo_cache" "mc" "pipes/private" "pubconf"))))
(define sssd-service-type
(service-type
(name 'sssd)
(extensions
(list (service-extension activation-service-type
(const sssd-activation))
(service-extension dbus-root-service-type
(compose list sssd-configuration-package))
(service-extension nscd-service-type
(compose list sssd-configuration-package))
(service-extension profile-service-type
(compose list sssd-configuration-package))
(service-extension shepherd-root-service-type
sssd-shepherd-service)))
(default-value (sssd-configuration))
(description "Run @command{sssd}.")))
(define-record-type* <pam-sss-configuration>
pam-sss-configuration make-pam-sss-configuration
pam-sss-configuration?
(sssd pam-sss-configuration-sssd (default sssd)))
;;;
;;; SSSD PAM service.
;;;
(define (pam-sss-pam-service config)
(let ((module #~(string-append #$(pam-sss-configuration-sssd config)
"/lib/security/pam_sss.so")))
(list
(lambda (pam)
(pam-service
(inherit pam)
(auth (cons* (pam-entry
(control "sufficient")
(module module))
;(arguments (list "use_first_pass")))
(pam-service-auth pam)))
(account (cons* (pam-entry
(control "[default=bad success=ok user_unknown=ignore]")
(module module))
(pam-service-account pam)))
(password (cons* (pam-entry
(control "sufficient")
(module module))
;(arguments (list "use_authtok")))
(pam-service-password pam)))
(session (cons* (pam-entry
(control "optional")
(module module))
(pam-service-session pam))))))))
(define pam-sss-service-type
(service-type
(name 'pam-sss)
(extensions
(list (service-extension pam-root-service-type pam-sss-pam-service)))
(default-value (pam-sss-configuration))
(description "Activate PAM SSSD support.")))
Reference in a new issue Copy permalink