mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
chore: nf-fmt-nix
This commit is contained in:
arcnmx
parent
7486517713
commit
9903866044
160 changed files with 4570 additions and 3019 deletions
|
|
@ -14,7 +14,7 @@
|
|||
cfg = config.security.ipa;
|
||||
in {
|
||||
options.security.ipa = with lib.types; {
|
||||
package = mkPackageOption pkgs "freeipa" { };
|
||||
package = mkPackageOption pkgs "freeipa" {};
|
||||
overrideConfigs = {
|
||||
krb5 = mkOption {
|
||||
type = bool;
|
||||
|
|
@ -36,67 +36,70 @@ in {
|
|||
config.services.sssd = let
|
||||
inherit (config.services) sssd;
|
||||
ipaDebugLevel = 65510;
|
||||
in mkIf cfg.enable {
|
||||
debugLevel = mkAlmostOptionDefault ipaDebugLevel;
|
||||
domains = {
|
||||
${cfg.domain} = {
|
||||
ldap.extraAttrs.user = {
|
||||
mail = "mail";
|
||||
sn = "sn";
|
||||
givenname = "givenname";
|
||||
telephoneNumber = "telephoneNumber";
|
||||
lock = "nsaccountlock";
|
||||
};
|
||||
settings = mapOptionDefaults {
|
||||
id_provider = "ipa";
|
||||
auth_provider = "ipa";
|
||||
access_provider = "ipa";
|
||||
chpass_provider = "ipa";
|
||||
ipa_domain = cfg.domain;
|
||||
in
|
||||
mkIf cfg.enable {
|
||||
debugLevel = mkAlmostOptionDefault ipaDebugLevel;
|
||||
domains = {
|
||||
${cfg.domain} = {
|
||||
ldap.extraAttrs.user = {
|
||||
mail = "mail";
|
||||
sn = "sn";
|
||||
givenname = "givenname";
|
||||
telephoneNumber = "telephoneNumber";
|
||||
lock = "nsaccountlock";
|
||||
};
|
||||
settings =
|
||||
mapOptionDefaults {
|
||||
id_provider = "ipa";
|
||||
auth_provider = "ipa";
|
||||
access_provider = "ipa";
|
||||
chpass_provider = "ipa";
|
||||
ipa_domain = cfg.domain;
|
||||
|
||||
ipa_server = [ "_srv_" cfg.server ];
|
||||
ipa_server = ["_srv_" cfg.server];
|
||||
|
||||
ipa_hostname = "${config.networking.hostName}.${cfg.domain}";
|
||||
ipa_hostname = "${config.networking.hostName}.${cfg.domain}";
|
||||
|
||||
cache_credentials = cfg.cacheCredentials;
|
||||
cache_credentials = cfg.cacheCredentials;
|
||||
|
||||
krb5_store_password_if_offline = cfg.offlinePasswords;
|
||||
krb5_store_password_if_offline = cfg.offlinePasswords;
|
||||
|
||||
dyndns_update = cfg.dyndns.enable;
|
||||
dyndns_update = cfg.dyndns.enable;
|
||||
|
||||
dyndns_iface = cfg.dyndns.interface;
|
||||
dyndns_iface = cfg.dyndns.interface;
|
||||
|
||||
ldap_tls_cacert = "/etc/ipa/ca.crt";
|
||||
} // {
|
||||
krb5_realm = mkIf (toLower cfg.domain != toLower cfg.realm) (mkOptionDefault cfg.realm);
|
||||
ldap_tls_cacert = "/etc/ipa/ca.crt";
|
||||
}
|
||||
// {
|
||||
krb5_realm = mkIf (toLower cfg.domain != toLower cfg.realm) (mkOptionDefault cfg.realm);
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
nss.settings = mapOptionDefaults {
|
||||
homedir_substring = "/home";
|
||||
};
|
||||
pam.settings = mapOptionDefaults {
|
||||
pam_pwd_expiration_warning = 3;
|
||||
pam_verbosity = 3;
|
||||
};
|
||||
sudo = {
|
||||
enable = mkAlmostOptionDefault true;
|
||||
settings = mapOptionDefaults {
|
||||
debug_level = ipaDebugLevel;
|
||||
};
|
||||
};
|
||||
ssh.enable = mkAlmostOptionDefault true;
|
||||
ifp = {
|
||||
enable = mkAlmostOptionDefault true;
|
||||
settings = mapOptionDefaults {
|
||||
allowed_uids = cfg.ifpAllowedUids;
|
||||
};
|
||||
};
|
||||
};
|
||||
configText = mkIf (cfg.overrideConfigs.sssd) (mkAlmostOptionDefault null);
|
||||
config = mkIf (sssd.configText != null) (mkAlmostForce sssd.configText);
|
||||
};
|
||||
services = {
|
||||
nss.settings = mapOptionDefaults {
|
||||
homedir_substring = "/home";
|
||||
};
|
||||
pam.settings = mapOptionDefaults {
|
||||
pam_pwd_expiration_warning = 3;
|
||||
pam_verbosity = 3;
|
||||
};
|
||||
sudo = {
|
||||
enable = mkAlmostOptionDefault true;
|
||||
settings = mapOptionDefaults {
|
||||
debug_level = ipaDebugLevel;
|
||||
};
|
||||
};
|
||||
ssh.enable = mkAlmostOptionDefault true;
|
||||
ifp = {
|
||||
enable = mkAlmostOptionDefault true;
|
||||
settings = mapOptionDefaults {
|
||||
allowed_uids = cfg.ifpAllowedUids;
|
||||
};
|
||||
};
|
||||
};
|
||||
configText = mkIf (cfg.overrideConfigs.sssd) (mkAlmostOptionDefault null);
|
||||
config = mkIf (sssd.configText != null) (mkAlmostForce sssd.configText);
|
||||
};
|
||||
config.security.krb5 = mkIf cfg.enable {
|
||||
enable = mkAlmostForce false;
|
||||
package = mkAlmostOptionDefault pkgs.krb5Full;
|
||||
|
|
@ -136,8 +139,9 @@ in {
|
|||
};
|
||||
config.environment.etc."krb5.conf" = let
|
||||
inherit (config.security) krb5;
|
||||
format = import (modulesPath + "/security/krb5/krb5-conf-format.nix") { inherit pkgs lib; } { };
|
||||
in mkIf (cfg.enable && !cfg.overrideConfigs.krb5) {
|
||||
text = mkForce (format.generate "krb5.conf" krb5.settings).text;
|
||||
};
|
||||
format = import (modulesPath + "/security/krb5/krb5-conf-format.nix") {inherit pkgs lib;} {};
|
||||
in
|
||||
mkIf (cfg.enable && !cfg.overrideConfigs.krb5) {
|
||||
text = mkForce (format.generate "krb5.conf" krb5.settings).text;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue