2 Commits
5ad108a0ab
...
70cf1d8dd0
Author | SHA1 | Message | Date |
---|---|---|---|
Dustin Frisch |
70cf1d8dd0
|
Add user management scripts
|
7 months ago |
Dustin Frisch |
44af03af7c
|
Less FHS user env
|
8 months ago |
9 changed files with 191 additions and 40 deletions
-
2machines/manager/default.nix
-
6machines/manager/secrets/ldap-sync.conf
-
20machines/manager/users.nix
-
4machines/node/users.nix
-
23packages/usermgr/default.nix
-
12packages/usermgr/pyproject.toml
-
83packages/usermgr/usermgr.py
-
1shared/default.nix
-
80shared/userenv.nix
@ -0,0 +1,23 @@ |
|||
{ python3Packages |
|||
, ... |
|||
}: |
|||
|
|||
with python3Packages; |
|||
|
|||
buildPythonApplication { |
|||
pname = "usermgr"; |
|||
version = "0.1"; |
|||
|
|||
format = "pyproject"; |
|||
|
|||
nativeBuildInputs = [ |
|||
setuptools |
|||
]; |
|||
propagatedBuildInputs = [ |
|||
click |
|||
ldap3 |
|||
]; |
|||
|
|||
src = ./.; |
|||
} |
|||
|
@ -0,0 +1,12 @@ |
|||
[project] |
|||
name = "usermgr" |
|||
version = "0.1" |
|||
requires-python = ">=3.9" |
|||
dependencies = [ |
|||
"click>=8", |
|||
"ldap3>=2.9" |
|||
] |
|||
|
|||
[project.scripts] |
|||
usermgr = "usermgr:cli" |
|||
|
@ -0,0 +1,83 @@ |
|||
import click |
|||
import ssl |
|||
from ldap3 import Server, Connection, Tls |
|||
|
|||
|
|||
@click.group() |
|||
@click.option('--server', default='edir1.rz.hs-fulda.de', help='LDAP server URL') |
|||
@click.option('--username', prompt=True, default='cn=fdhpc,ou=AI,o=FH-Fulda', help='LDAP bind username') |
|||
@click.option('--password', prompt=True, hide_input=True, help='LDAP bind password') |
|||
@click.pass_context |
|||
def cli(ctx, server, username, password): |
|||
tls = Tls(validate=ssl.CERT_REQUIRED, |
|||
version=ssl.PROTOCOL_TLSv1_2, |
|||
ciphers="AES256-GCM-SHA384") |
|||
server = Server(server, tls=tls, get_info="ALL") |
|||
ctx.obj = Connection(server, |
|||
username, |
|||
password, |
|||
auto_bind=True) |
|||
|
|||
|
|||
@cli.command() |
|||
@click.pass_context |
|||
def list(ctx): |
|||
ctx.obj.search('o=FH-Fulda', '''(& |
|||
(cn=fd*) |
|||
(objectClass=inetOrgPerson) |
|||
(groupMembership=cn=ORG-AI-HPC,ou=AI,o=FH-Fulda) |
|||
(! |
|||
(| |
|||
(description=*funktion*) |
|||
(loginDisabled=true) |
|||
(sn=fd*) |
|||
) |
|||
) |
|||
)''', |
|||
attributes = ['cn', 'member', 'sn', 'givenName']) |
|||
|
|||
for e in ctx.obj.entries: |
|||
click.echo(f'{click.style(e.cn, fg="blue", bold=True)}: {e.sn}, {e.givenName}') |
|||
|
|||
|
|||
def find(ctx, name): |
|||
from ldap3.utils.conv import escape_filter_chars |
|||
|
|||
ctx.obj.search('o=FH-Fulda', f'''(& |
|||
(cn={escape_filter_chars(name)}) |
|||
(objectClass=inetOrgPerson) |
|||
(! |
|||
(| |
|||
(description=*funktion*) |
|||
(loginDisabled=true) |
|||
(sn=fd*) |
|||
) |
|||
) |
|||
)''') |
|||
|
|||
if not ctx.obj.entries: |
|||
ctx.fail(f'No user found: {name}') |
|||
|
|||
return ctx.obj.entries[0].entry_dn |
|||
|
|||
|
|||
|
|||
@cli.command() |
|||
@click.argument('name', nargs=-1, required=True) |
|||
@click.pass_context |
|||
def add(ctx, name): |
|||
members = [find(ctx, name) for name in name] |
|||
ctx.obj.extend.novell.add_members_to_groups(members, 'cn=ORG-AI-HPC,ou=AI,o=FH-Fulda') |
|||
|
|||
|
|||
@cli.command() |
|||
@click.pass_context |
|||
@click.argument('name', nargs=-1, required=True) |
|||
def remove(ctx, name): |
|||
members = [find(ctx, name) for name in name] |
|||
ctx.obj.extend.novell.remove_members_from_groups(members, 'cn=ORG-AI-HPC,ou=AI,o=FH-Fulda') |
|||
|
|||
|
|||
if __name__ == '__main__': |
|||
cli() |
|||
|
@ -1,51 +1,73 @@ |
|||
{ pkgs, lib, ... }: |
|||
# This is the environment that we show for the users. |
|||
# Hear me out... I already regrett doing this while writing this, but (l)users |
|||
# are not willing to pick up the nix-struggle for the greater benefit. So, here |
|||
# I am building this shit that I know will fall apart soon. |
|||
|
|||
{ pkgs, lib, config, ... }: |
|||
|
|||
with lib; |
|||
|
|||
let |
|||
userenv = pkgs.buildFHSUserEnv { |
|||
userenv = pkgs.buildEnv { |
|||
name = "userenv"; |
|||
targetPkgs = pkgs: with pkgs; [ |
|||
git |
|||
postgresql |
|||
postgresql.lib |
|||
papi |
|||
gcc |
|||
gdb |
|||
gnumake |
|||
valgrind |
|||
paths = with pkgs; [ |
|||
autoconf |
|||
automake |
|||
perl |
|||
zlib |
|||
python3 |
|||
libtool |
|||
bash |
|||
coreutils |
|||
curl |
|||
fd |
|||
flex |
|||
pandoc |
|||
gcc |
|||
gdb |
|||
git |
|||
gnumake |
|||
hwloc |
|||
munge |
|||
numactl |
|||
libbfd |
|||
libiberty |
|||
libtool |
|||
munge |
|||
nano |
|||
numactl |
|||
openmpi |
|||
openssh |
|||
pandoc |
|||
papi |
|||
perl |
|||
pkgconfig |
|||
postgresql |
|||
postgresql.lib |
|||
python3 |
|||
ripgrep |
|||
tmux |
|||
ucx |
|||
openmpi |
|||
valgrind |
|||
vim |
|||
nano |
|||
wget |
|||
curl |
|||
tmux |
|||
fd |
|||
ripgrep |
|||
bash |
|||
zlib |
|||
]; |
|||
|
|||
ignoreCollisions = false; |
|||
|
|||
inherit (config.environment) pathsToLink extraOutputsToInstall; |
|||
}; |
|||
|
|||
in |
|||
{ |
|||
environment.systemPackages = [ userenv ]; |
|||
# environment.systemPackages = [ userenv ]; |
|||
|
|||
# Install userenv to a well-known path |
|||
system.systemBuilderCommands = '' |
|||
ln -s ${userenv}/bin/userenv $out/userenv |
|||
environment.extraInit = '' |
|||
if [[ "$(id -gn)" -eq "cluster" ]]; then |
|||
export PKG_CONFIG_PATH="${makeSearchPath "lib/pkgconfig" config.environment.profiles}" |
|||
fi |
|||
''; |
|||
|
|||
environment.profiles = [ |
|||
"/etc/profiles/per-group/$(id -gn)" |
|||
]; |
|||
|
|||
environment.etc."userenv" = { |
|||
target = "profiles/per-group/cluster"; |
|||
source = userenv; |
|||
}; |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue