fix(nfs): sec=krb5

2026-02-09 12:29:19 -08:00 · 2024-03-17 21:16:46 -07:00 · 2024-03-17 21:16:46 -07:00 · 88477df521
commit 88477df521
parent 7cbdb4c231
6 changed files with 336 additions and 64 deletions
--- a/modules/nixos/network/netgroups.nix
+++ b/modules/nixos/network/netgroups.nix
@ -0,0 +1,89 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.options) mkOption;
+  inherit (lib.modules) mkIf mkMerge mkBefore mkAfter mkOptionDefault;
+  inherit (lib.attrsets) mapAttrsToList;
+  inherit (lib.strings) concatStringsSep;
+  inherit (config.system) nssDatabases;
+  inherit (config) networking;
+  netgroupMemberModule = { config, name, ... }: {
+    options = with lib.types; {
+      hostname = mkOption {
+        type = str;
+        default = name;
+      };
+      user = mkOption {
+        type = either (enum [ null "-" ]) str;
+        default = "-";
+      };
+      domain = mkOption {
+        type = str;
+        default = networking.domain;
+        description = "NIS domain";
+      };
+      triple = mkOption {
+        type = str;
+      };
+    };
+    config = {
+      triple = mkOptionDefault "(${config.hostname},${toString config.user},${config.domain})";
+    };
+  };
+  netgroupModule = { config, name, ... }: {
+    options = with lib.types; {
+      name = mkOption {
+        type = str;
+        default = name;
+      };
+      members = mkOption {
+        type = attrsOf (submodule netgroupMemberModule);
+        default = { };
+      };
+      fileLine = mkOption {
+        type = str;
+      };
+    };
+    config = {
+      fileLine = mkOptionDefault (concatStringsSep " " ([ config.name ] ++ mapAttrsToList (_: member: member.triple) config.members));
+    };
+  };
+in {
+  options = with lib.types; {
+    system.nssDatabases = {
+      netgroup = mkOption {
+        type = listOf str;
+      };
+    };
+    networking = {
+      netgroups = mkOption {
+        type = attrsOf (submodule netgroupModule);
+        default = { };
+      };
+      extraNetgroups = mkOption {
+        type = lines;
+        default = "";
+      };
+    };
+  };
+  config = {
+    system.nssDatabases = {
+      netgroup = mkMerge [
+        (mkBefore [ "files" ])
+        (mkAfter [ "nis" ])
+        (mkIf config.services.sssd.enable [ "sss" ])
+      ];
+    };
+    environment.etc."nssswitch.conf".text = mkIf (nssDatabases.netgroup != [ ]) (mkAfter ''
+      netgroup: ${concatStringsSep " " nssDatabases.netgroup}
+    '');
+    environment.etc."netgroup" = mkIf (networking.netgroups != { } || networking.extraNetgroups != "") {
+      text = mkMerge (
+        mapAttrsToList (_: ng: ng.fileLine) networking.netgroups
+        ++ [ networking.extraNetgroups ]
+      );
+    };
+  };
+}