mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
26 lines
698 B
Nix
26 lines
698 B
Nix
{ config, lib, ... }: let
|
|
inherit (lib.modules) mkDefault;
|
|
in {
|
|
# NOTE: requires manual post-install setup...
|
|
# :; kinit admin
|
|
# :; ipa-join --hostname=${config.networking.fqdn} -k /tmp/krb5.keytab -s idp.${domain}
|
|
# then to authorize it for a specific service...
|
|
# :; ipa-getkeytab -k /tmp/krb5.keytab -s idp.${domain} -p ${serviceName}/idp.${domain}@${toUpper domain}
|
|
# once the sops secret has been updated with keytab...
|
|
# :; systemctl restart sssd
|
|
|
|
imports = [
|
|
./krb5.nix
|
|
./sssd.nix
|
|
];
|
|
|
|
config = {
|
|
security.ipa = {
|
|
enable = mkDefault true;
|
|
overrideConfigs = {
|
|
krb5 = mkDefault false;
|
|
sssd = mkDefault false;
|
|
};
|
|
};
|
|
};
|
|
}
|