depot/modules/enterprise/default.nix

35 lines
1.1 KiB
Nix
Raw Normal View History

2021-10-16 15:27:20 +03:00
{ config, pkgs, hosts, inputs, lib, tools, ... }:
2021-06-05 23:59:06 +03:00
let
2021-10-16 15:27:20 +03:00
orgDomain = tools.meta.domain;
orgRealm = lib.toUpper orgDomain;
host = hosts.${config.networking.hostName} or null;
2021-06-05 23:59:06 +03:00
in {
krb5 = {
enable = true;
domain_realm = {
${orgDomain} = orgRealm;
".${orgDomain}" = orgRealm;
};
libdefaults = {
default_realm = orgRealm;
dns_lookup_kdc = true;
rdns = false;
forwardable = true;
default_ccache_name = "KEYRING:persistent:%{uid}";
pkinit_anchors = "FILE:${inputs.self.packages.x86_64-linux.privatevoid-smart-card-ca-bundle}";
};
realms = {
"${orgRealm}" = rec {
2021-10-16 15:27:20 +03:00
inherit (tools.identity.kerberos) kdc;
2021-06-05 23:59:06 +03:00
admin_server = kdc;
kpasswd_server = kdc;
default_domain = orgDomain;
};
};
};
services.pcscd.enable = true;
2021-10-16 15:27:20 +03:00
networking.domain = lib.mkDefault "${host.enterprise.subdomain or "services"}.${orgDomain}";
networking.search = [ config.networking.domain "search.${orgDomain}" ];
security.pki.certificates = [ (builtins.readFile ../../data/ca.crt) ];
2021-06-05 23:59:06 +03:00
}