jetomit/monguix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
monguix/services/sssd.scm
Timotej Lazar f83d4d2b0e Add sssd services
2022-07-31 18:40:34 +02:00

105 lines
3.8 KiB
Scheme
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

(define-module (services sssd)
#:use-module (gnu)
#:use-module (gnu packages sssd)
#:use-module (gnu services dbus)
#:use-module (gnu services shepherd)
#:use-module (guix modules)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (srfi srfi-1)
#:export (pam-sss-service-type sssd-service-type sssd-configuration))
;;;
;;; System Security Services Daemon.
;;;
(define-record-type* <sssd-configuration>
sssd-configuration make-sssd-configuration
sssd-configuration?
(package sssd-configuration-package (default sssd))
(config-file sssd-configuration-config-file (default "/etc/sssd/sssd.conf")))
(define (sssd-shepherd-service config)
"Return a <shepherd-service> for SSSD with CONFIG."
(let ((sssd (sssd-configuration-package config)))
(list
(shepherd-service
(requirement '(dbus-system))
(provision '(sssd))
(documentation "Start sssd")
(start #~(make-forkexec-constructor
(list (string-append #$sssd "/sbin/sssd")
"-c" #$(sssd-configuration-config-file config)
"--logger=files")
#:pid-file "/var/run/sssd.pid"
#:log-file "/var/log/sssd/daemon.log"))
(stop #~(make-kill-destructor))))))
(define sssd-activation
;; Create data directories for sssd.
#~(begin
(use-modules (guix build utils))
(mkdir-p "/var/log/sssd")
(for-each (lambda (dir) (mkdir-p (string-append "/var/lib/sss/" dir)))
'("db" "gpo_cache" "mc" "pipes/private" "pubconf"))))
(define sssd-service-type
(service-type
(name 'sssd)
(extensions
(list (service-extension activation-service-type
(const sssd-activation))
(service-extension dbus-root-service-type
(compose list sssd-configuration-package))
(service-extension nscd-service-type
(compose list sssd-configuration-package))
(service-extension profile-service-type
(compose list sssd-configuration-package))
(service-extension shepherd-root-service-type
sssd-shepherd-service)))
(default-value (sssd-configuration))
(description "Run @command{sssd}.")))
(define-record-type* <pam-sss-configuration>
pam-sss-configuration make-pam-sss-configuration
pam-sss-configuration?
(sssd pam-sss-configuration-sssd (default sssd)))
;;;
;;; SSSD PAM service.
;;;
(define (pam-sss-pam-service config)
(let ((module #~(string-append #$(pam-sss-configuration-sssd config)
"/lib/security/pam_sss.so")))
(list
(lambda (pam)
(pam-service
(inherit pam)
(auth (cons* (pam-entry
(control "sufficient")
(module module))
;(arguments (list "use_first_pass")))
(pam-service-auth pam)))
(account (cons* (pam-entry
(control "[default=bad success=ok user_unknown=ignore]")
(module module))
(pam-service-account pam)))
(password (cons* (pam-entry
(control "sufficient")
(module module))
;(arguments (list "use_authtok")))
(pam-service-password pam)))
(session (cons* (pam-entry
(control "optional")
(module module))
(pam-service-session pam))))))))
(define pam-sss-service-type
(service-type
(name 'pam-sss)
(extensions
(list (service-extension pam-root-service-type pam-sss-pam-service)))
(default-value (pam-sss-configuration))
(description "Activate PAM SSSD support.")))
Reference in a new issue View git blame Copy permalink