cluster/services/idm: add policy for soda

2023-06-11 17:07:45 +02:00 · 2023-06-11 17:07:45 +02:00 · a9801c3308
commit a9801c3308
parent 6dcdf7aeaa
2 changed files with 12 additions and 0 deletions
--- a/cluster/services/idm/default.nix
+++ b/cluster/services/idm/default.nix
@ -11,6 +11,7 @@
    nodes = {
      server = [ "VEGAS" ];
      client = [ "checkmate" "VEGAS" "prophet" "soda" "thunderskin" ];
+      client-soda = [ "soda" ];
    };
    nixos = {
      server = ./server.nix;
@ -18,6 +19,9 @@
        ./client.nix
        ./policies/infra-admins.nix
      ];
+      client-soda = [
+        ./policies/soda.nix
+      ];
    };
  };
 }
--- a/cluster/services/idm/policies/soda.nix
+++ b/cluster/services/idm/policies/soda.nix
@ -0,0 +1,8 @@
+{
+  services.kanidm.unixSettings = {
+    pam_allowed_login_groups = [
+      "soda"
+      "soda-admins"
+    ];
+  };
+}