gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(extern): krb5+nfs

Browse source
This commit is contained in:
arcnmx 2024-04-09 13:51:35 -07:00
parent 8d1ab4405d
commit f91179a2d8
6 changed files with 158 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/ipa.nix
View file

@ -98,6 +98,7 @@ in {
config = mkIf (sssd.configText != null) (mkAlmostForce sssd.configText);
};
config.security.krb5 = mkIf cfg.enable {
enable = mkAlmostForce false;
package = mkAlmostOptionDefault pkgs.krb5Full;
settings = {
libdefaults = mapOptionDefaults {

35
modules/nixos/sssd/pam.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
gensokyo-zone,
...
}: let
inherit (gensokyo-zone.lib) mkAlmostForce;
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf;
inherit (lib.attrsets) genAttrs;
cfg = config.services.sssd;
pamRulesModule = { ... }: let
rules = [ "account" "auth" "password" "session" ];
mkRuleConfig = ruleName: {
sss = mkIf cfg.enable {
enable = mkIf (!cfg.services.pam.enable) (mkAlmostForce false);
};
};
in {
config = genAttrs rules mkRuleConfig;
};
pamServiceModule = { ... }: {
options = with lib.types; {
rules = mkOption {
type = submodule pamRulesModule;
};
};
};
in {
options.security.pam = with lib.types; {
services = mkOption {
type = attrsOf (submodule pamServiceModule);
};
};
}