mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 22:50:49 +00:00
227229653a
It's a helper for NixOS systems to make it easier to handle CA certificate signing, similar to what taskd provides but comes preseeded with the values from the system configuration. The tool is very limited at the moment and only allows to *add* organisations, users and groups. Deletion and suspension however is much simpler to implement, because we don't need to handle certificate signing. Another limitation is that we don't take into account whether certificates and keys are already set in the system configuration and if they're set it will fail spectacularly. For passing the commands to the taskd command, we're using a small C program which does setuid() and setgid() to the Taskserver user and group, because runuser(1) needs PAM (quite pointless if you're already root) and su(1) doesn't allow for setting the group and setgid()s to the default group of the user, so it even doesn't work in conjunction with sg(1). In summary, we now have a shiny nixos-taskdctl command, which lets us do things like: nixos-taskdctl add-org NixOS nixos-taskdctl add-user NixOS alice nixos-taskdctl export-user NixOS alice The last command writes a series of shell commands to stdout, which then can be imported on the client by piping it into a shell as well as doing it for example via SSH: ssh root@server nixos-taskdctl export-user NixOS alice | sh Of course, in terms of security we need to improve this even further so that we generate the private key on the client and just send a CSR to the server so that we don't need to push any secrets over the wire. Signed-off-by: aszlig <aszlig@redmoonstudios.org> |
||
|---|---|---|
| .. | ||
| amqp | ||
| audio | ||
| backup | ||
| cluster | ||
| computing | ||
| continuous-integration/jenkins | ||
| databases | ||
| desktops | ||
| games | ||
| hardware | ||
| logging | ||
| misc | ||
| monitoring | ||
| network-filesystems | ||
| networking | ||
| printing | ||
| scheduling | ||
| search | ||
| security | ||
| system | ||
| torrent | ||
| ttys | ||
| web-apps | ||
| web-servers | ||
| x11 | ||