2 Commits
5ad108a0ab
...
70cf1d8dd0
Author | SHA1 | Message | Date |
---|---|---|---|
Dustin Frisch |
70cf1d8dd0
|
Add user management scripts
|
7 months ago |
Dustin Frisch |
44af03af7c
|
Less FHS user env
|
8 months ago |
9 changed files with 191 additions and 40 deletions
-
2machines/manager/default.nix
-
6machines/manager/secrets/ldap-sync.conf
-
20machines/manager/users.nix
-
4machines/node/users.nix
-
23packages/usermgr/default.nix
-
12packages/usermgr/pyproject.toml
-
83packages/usermgr/usermgr.py
-
1shared/default.nix
-
80shared/userenv.nix
@ -0,0 +1,23 @@ |
|||||
|
{ python3Packages |
||||
|
, ... |
||||
|
}: |
||||
|
|
||||
|
with python3Packages; |
||||
|
|
||||
|
buildPythonApplication { |
||||
|
pname = "usermgr"; |
||||
|
version = "0.1"; |
||||
|
|
||||
|
format = "pyproject"; |
||||
|
|
||||
|
nativeBuildInputs = [ |
||||
|
setuptools |
||||
|
]; |
||||
|
propagatedBuildInputs = [ |
||||
|
click |
||||
|
ldap3 |
||||
|
]; |
||||
|
|
||||
|
src = ./.; |
||||
|
} |
||||
|
|
@ -0,0 +1,12 @@ |
|||||
|
[project] |
||||
|
name = "usermgr" |
||||
|
version = "0.1" |
||||
|
requires-python = ">=3.9" |
||||
|
dependencies = [ |
||||
|
"click>=8", |
||||
|
"ldap3>=2.9" |
||||
|
] |
||||
|
|
||||
|
[project.scripts] |
||||
|
usermgr = "usermgr:cli" |
||||
|
|
@ -0,0 +1,83 @@ |
|||||
|
import click |
||||
|
import ssl |
||||
|
from ldap3 import Server, Connection, Tls |
||||
|
|
||||
|
|
||||
|
@click.group() |
||||
|
@click.option('--server', default='edir1.rz.hs-fulda.de', help='LDAP server URL') |
||||
|
@click.option('--username', prompt=True, default='cn=fdhpc,ou=AI,o=FH-Fulda', help='LDAP bind username') |
||||
|
@click.option('--password', prompt=True, hide_input=True, help='LDAP bind password') |
||||
|
@click.pass_context |
||||
|
def cli(ctx, server, username, password): |
||||
|
tls = Tls(validate=ssl.CERT_REQUIRED, |
||||
|
version=ssl.PROTOCOL_TLSv1_2, |
||||
|
ciphers="AES256-GCM-SHA384") |
||||
|
server = Server(server, tls=tls, get_info="ALL") |
||||
|
ctx.obj = Connection(server, |
||||
|
username, |
||||
|
password, |
||||
|
auto_bind=True) |
||||
|
|
||||
|
|
||||
|
@cli.command() |
||||
|
@click.pass_context |
||||
|
def list(ctx): |
||||
|
ctx.obj.search('o=FH-Fulda', '''(& |
||||
|
(cn=fd*) |
||||
|
(objectClass=inetOrgPerson) |
||||
|
(groupMembership=cn=ORG-AI-HPC,ou=AI,o=FH-Fulda) |
||||
|
(! |
||||
|
(| |
||||
|
(description=*funktion*) |
||||
|
(loginDisabled=true) |
||||
|
(sn=fd*) |
||||
|
) |
||||
|
) |
||||
|
)''', |
||||
|
attributes = ['cn', 'member', 'sn', 'givenName']) |
||||
|
|
||||
|
for e in ctx.obj.entries: |
||||
|
click.echo(f'{click.style(e.cn, fg="blue", bold=True)}: {e.sn}, {e.givenName}') |
||||
|
|
||||
|
|
||||
|
def find(ctx, name): |
||||
|
from ldap3.utils.conv import escape_filter_chars |
||||
|
|
||||
|
ctx.obj.search('o=FH-Fulda', f'''(& |
||||
|
(cn={escape_filter_chars(name)}) |
||||
|
(objectClass=inetOrgPerson) |
||||
|
(! |
||||
|
(| |
||||
|
(description=*funktion*) |
||||
|
(loginDisabled=true) |
||||
|
(sn=fd*) |
||||
|
) |
||||
|
) |
||||
|
)''') |
||||
|
|
||||
|
if not ctx.obj.entries: |
||||
|
ctx.fail(f'No user found: {name}') |
||||
|
|
||||
|
return ctx.obj.entries[0].entry_dn |
||||
|
|
||||
|
|
||||
|
|
||||
|
@cli.command() |
||||
|
@click.argument('name', nargs=-1, required=True) |
||||
|
@click.pass_context |
||||
|
def add(ctx, name): |
||||
|
members = [find(ctx, name) for name in name] |
||||
|
ctx.obj.extend.novell.add_members_to_groups(members, 'cn=ORG-AI-HPC,ou=AI,o=FH-Fulda') |
||||
|
|
||||
|
|
||||
|
@cli.command() |
||||
|
@click.pass_context |
||||
|
@click.argument('name', nargs=-1, required=True) |
||||
|
def remove(ctx, name): |
||||
|
members = [find(ctx, name) for name in name] |
||||
|
ctx.obj.extend.novell.remove_members_from_groups(members, 'cn=ORG-AI-HPC,ou=AI,o=FH-Fulda') |
||||
|
|
||||
|
|
||||
|
if __name__ == '__main__': |
||||
|
cli() |
||||
|
|
@ -1,51 +1,73 @@ |
|||||
{ pkgs, lib, ... }: |
|
||||
|
# This is the environment that we show for the users. |
||||
|
# Hear me out... I already regrett doing this while writing this, but (l)users |
||||
|
# are not willing to pick up the nix-struggle for the greater benefit. So, here |
||||
|
# I am building this shit that I know will fall apart soon. |
||||
|
|
||||
|
{ pkgs, lib, config, ... }: |
||||
|
|
||||
with lib; |
with lib; |
||||
|
|
||||
let |
let |
||||
userenv = pkgs.buildFHSUserEnv { |
|
||||
|
userenv = pkgs.buildEnv { |
||||
name = "userenv"; |
name = "userenv"; |
||||
targetPkgs = pkgs: with pkgs; [ |
|
||||
git |
|
||||
postgresql |
|
||||
postgresql.lib |
|
||||
papi |
|
||||
gcc |
|
||||
gdb |
|
||||
gnumake |
|
||||
valgrind |
|
||||
|
paths = with pkgs; [ |
||||
autoconf |
autoconf |
||||
automake |
automake |
||||
perl |
|
||||
zlib |
|
||||
python3 |
|
||||
libtool |
|
||||
|
bash |
||||
|
coreutils |
||||
|
curl |
||||
|
fd |
||||
flex |
flex |
||||
pandoc |
|
||||
|
gcc |
||||
|
gdb |
||||
|
git |
||||
|
gnumake |
||||
hwloc |
hwloc |
||||
munge |
|
||||
numactl |
|
||||
libbfd |
libbfd |
||||
libiberty |
libiberty |
||||
|
libtool |
||||
|
munge |
||||
|
nano |
||||
|
numactl |
||||
|
openmpi |
||||
|
openssh |
||||
|
pandoc |
||||
|
papi |
||||
|
perl |
||||
pkgconfig |
pkgconfig |
||||
|
postgresql |
||||
|
postgresql.lib |
||||
|
python3 |
||||
|
ripgrep |
||||
|
tmux |
||||
ucx |
ucx |
||||
openmpi |
|
||||
|
valgrind |
||||
vim |
vim |
||||
nano |
|
||||
wget |
wget |
||||
curl |
|
||||
tmux |
|
||||
fd |
|
||||
ripgrep |
|
||||
bash |
|
||||
|
zlib |
||||
]; |
]; |
||||
|
|
||||
|
ignoreCollisions = false; |
||||
|
|
||||
|
inherit (config.environment) pathsToLink extraOutputsToInstall; |
||||
}; |
}; |
||||
|
|
||||
in |
in |
||||
{ |
{ |
||||
environment.systemPackages = [ userenv ]; |
|
||||
|
# environment.systemPackages = [ userenv ]; |
||||
|
|
||||
# Install userenv to a well-known path |
|
||||
system.systemBuilderCommands = '' |
|
||||
ln -s ${userenv}/bin/userenv $out/userenv |
|
||||
|
environment.extraInit = '' |
||||
|
if [[ "$(id -gn)" -eq "cluster" ]]; then |
||||
|
export PKG_CONFIG_PATH="${makeSearchPath "lib/pkgconfig" config.environment.profiles}" |
||||
|
fi |
||||
''; |
''; |
||||
|
|
||||
|
environment.profiles = [ |
||||
|
"/etc/profiles/per-group/$(id -gn)" |
||||
|
]; |
||||
|
|
||||
|
environment.etc."userenv" = { |
||||
|
target = "profiles/per-group/cluster"; |
||||
|
source = userenv; |
||||
|
}; |
||||
} |
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue