2021-06-25 05:12:02 +03:00
|
|
|
{ pkgs, lib, config, inputs, ... }:
|
2021-06-05 23:59:06 +03:00
|
|
|
let
|
|
|
|
|
orgDomain = "privatevoid.net";
|
|
|
|
|
orgRealm = "PRIVATEVOID.NET";
|
|
|
|
|
in {
|
|
|
|
|
krb5 = {
|
|
|
|
|
enable = true;
|
|
|
|
|
domain_realm = {
|
|
|
|
|
${orgDomain} = orgRealm;
|
|
|
|
|
".${orgDomain}" = orgRealm;
|
|
|
|
|
};
|
|
|
|
|
libdefaults = {
|
|
|
|
|
default_realm = orgRealm;
|
|
|
|
|
dns_lookup_kdc = true;
|
|
|
|
|
rdns = false;
|
|
|
|
|
forwardable = true;
|
|
|
|
|
default_ccache_name = "KEYRING:persistent:%{uid}";
|
|
|
|
|
pkinit_anchors = "FILE:${inputs.self.packages.x86_64-linux.privatevoid-smart-card-ca-bundle}";
|
|
|
|
|
};
|
|
|
|
|
realms = {
|
|
|
|
|
"${orgRealm}" = rec {
|
|
|
|
|
kdc = "authsys.virtual-machines.privatevoid.net";
|
|
|
|
|
admin_server = kdc;
|
|
|
|
|
kpasswd_server = kdc;
|
|
|
|
|
default_domain = orgDomain;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
services.pcscd.enable = true;
|
2021-06-25 05:12:02 +03:00
|
|
|
networking.domain = lib.mkDefault "services.privatevoid.net";
|
|
|
|
|
networking.search = [ config.networking.domain "search.privatevoid.net" ];
|
2021-06-05 23:59:06 +03:00
|
|
|
}
|
