mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 20:39:18 -08:00
30 lines
704 B
Nix
30 lines
704 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkDefault;
|
|
in {
|
|
# NOTE: requires manual post-install setup...
|
|
# :; kinit admin
|
|
# :; ipa-join --hostname=${config.networking.fqdn} -k /tmp/krb5.keytab -s idp.${domain}
|
|
# then to authorize it for a specific service...
|
|
# :; ipa-getkeytab -k /tmp/krb5.keytab -s idp.${domain} -p ${serviceName}/idp.${domain}@${toUpper domain}
|
|
# once the sops secret has been updated with keytab...
|
|
# :; systemctl restart sssd
|
|
|
|
imports = [
|
|
./krb5.nix
|
|
./sssd.nix
|
|
];
|
|
|
|
config = {
|
|
security.ipa = {
|
|
enable = mkDefault true;
|
|
overrideConfigs = {
|
|
krb5 = mkDefault false;
|
|
sssd = mkDefault false;
|
|
};
|
|
};
|
|
};
|
|
}
|