2021-10-16 15:27:20 +03:00
|
|
|
{ config, pkgs, hosts, inputs, lib, tools, ... }:
|
2021-06-05 23:59:06 +03:00
|
|
|
let
|
2021-10-16 15:27:20 +03:00
|
|
|
orgDomain = tools.meta.domain;
|
|
|
|
orgRealm = lib.toUpper orgDomain;
|
|
|
|
host = hosts.${config.networking.hostName} or null;
|
2021-06-05 23:59:06 +03:00
|
|
|
in {
|
|
|
|
krb5 = {
|
|
|
|
enable = true;
|
|
|
|
domain_realm = {
|
|
|
|
${orgDomain} = orgRealm;
|
|
|
|
".${orgDomain}" = orgRealm;
|
|
|
|
};
|
|
|
|
libdefaults = {
|
|
|
|
default_realm = orgRealm;
|
|
|
|
dns_lookup_kdc = true;
|
|
|
|
rdns = false;
|
|
|
|
forwardable = true;
|
|
|
|
default_ccache_name = "KEYRING:persistent:%{uid}";
|
2022-02-03 21:20:59 +02:00
|
|
|
pkinit_anchors = "FILE:${inputs.self.packages.${pkgs.system}.privatevoid-smart-card-ca-bundle}";
|
2021-06-05 23:59:06 +03:00
|
|
|
};
|
|
|
|
realms = {
|
|
|
|
"${orgRealm}" = rec {
|
2021-10-16 15:27:20 +03:00
|
|
|
inherit (tools.identity.kerberos) kdc;
|
2021-06-05 23:59:06 +03:00
|
|
|
admin_server = kdc;
|
|
|
|
kpasswd_server = kdc;
|
|
|
|
default_domain = orgDomain;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services.pcscd.enable = true;
|
2021-10-16 15:27:20 +03:00
|
|
|
networking.domain = lib.mkDefault "${host.enterprise.subdomain or "services"}.${orgDomain}";
|
|
|
|
networking.search = [ config.networking.domain "search.${orgDomain}" ];
|
2021-10-16 15:27:30 +03:00
|
|
|
security.pki.certificates = [ (builtins.readFile ../../data/ca.crt) ];
|
2021-06-05 23:59:06 +03:00
|
|
|
}
|