taler-deployment

Deployment scripts and configuration files
Log | Files | Refs | README

people.scm (2605B)

      1 ;;; GNU Guix system administration tools.
      2 ;;;
      3 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
      4 ;;;
      5 ;;; This program is free software: you can redistribute it and/or modify
      6 ;;; it under the terms of the GNU General Public License as published by
      7 ;;; the Free Software Foundation, either version 3 of the License, or
      8 ;;; (at your option) any later version.
      9 ;;;
     10 ;;; This program is distributed in the hope that it will be useful,
     11 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 ;;; GNU General Public License for more details.
     14 ;;;
     15 ;;; You should have received a copy of the GNU General Public License
     16 ;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
     17 
     18 (define-module (sysadmin people)
     19   #:use-module (guix gexp)
     20   #:use-module (guix records)
     21   #:use-module (gnu services)
     22   #:use-module (gnu system shadow)
     23   #:use-module (gnu services ssh)
     24   #:use-module (gnu packages base)
     25   #:use-module (ice-9 match)
     26   #:export (sysadmin?
     27             sysadmin
     28             sysadmin-service-type))
     29 
     30 ;;; Commentary:
     31 ;;;
     32 ;;; Declaration of system administrator user accounts.
     33 ;;;
     34 ;;; Code:
     35 
     36 (define-record-type* <sysadmin> sysadmin make-sysadmin
     37   sysadmin?
     38   (name            sysadmin-name)
     39   (full-name       sysadmin-full-name)
     40   (ssh-public-key  sysadmin-ssh-public-key)
     41   (restricted?     sysadmin-restricted? (default #f)))
     42 
     43 (define (sysadmin->account sysadmin)
     44   "Return the user account for SYSADMIN."
     45   (match sysadmin
     46     (($ <sysadmin> name comment _ restricted?)
     47      (user-account
     48       (name name)
     49       (comment comment)
     50       (group "users")
     51       (supplementary-groups (if restricted?
     52                                 '()
     53                                 '("wheel" "kvm"))) ;sudoer
     54       (home-directory (string-append "/home/" name))))))
     55 
     56 (define (sysadmin->authorized-key sysadmin)
     57   "Return an authorized key tuple for SYSADMIN."
     58   (list (sysadmin-name sysadmin)
     59         (sysadmin-ssh-public-key sysadmin)))
     60 
     61 (define sysadmin-service-type
     62   ;; The service that initializes sysadmin accounts.
     63   (service-type
     64    (name 'sysadmin)
     65    (extensions (list (service-extension account-service-type
     66                                         (lambda (lst)
     67                                           (map sysadmin->account lst)))
     68                      (service-extension openssh-service-type
     69                                         (lambda (lst)
     70                                           (map sysadmin->authorized-key
     71                                                lst)))))))
     72 
     73 ;;; people.scm ends here