privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

modules/enterprise: remove kerberos config

Browse source
This commit is contained in:
Max Headroom 2023-06-11 17:30:03 +02:00
parent 640eb9df23
commit e34287cd05
1 changed files with 0 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
modules/enterprise/default.nix
View file

@ -1,31 +1,8 @@
{ config, depot, lib, tools, ... }: { config, depot, lib, tools, ... }:
let let
orgDomain = tools.meta.domain; orgDomain = tools.meta.domain;
orgRealm = lib.toUpper orgDomain;
host = depot.reflection; host = depot.reflection;
in { in {
krb5 = {
enable = true;
domain_realm = {
${orgDomain} = orgRealm;
".${orgDomain}" = orgRealm;
};
libdefaults = {
default_realm = orgRealm;
dns_lookup_kdc = true;
rdns = false;
forwardable = true;
default_ccache_name = "KEYRING:persistent:%{uid}";
};
realms = {
"${orgRealm}" = rec {
inherit (tools.identity.kerberos) kdc;
admin_server = kdc;
kpasswd_server = kdc;
default_domain = orgDomain;
};
};
};
networking.domain = lib.mkDefault "${host.enterprise.subdomain or "services"}.${orgDomain}"; networking.domain = lib.mkDefault "${host.enterprise.subdomain or "services"}.${orgDomain}";
networking.search = [ config.networking.domain "search.${orgDomain}" ]; networking.search = [ config.networking.domain "search.${orgDomain}" ];
security.pki.certificates = [ (builtins.readFile ../../data/ca.crt) ]; security.pki.certificates = [ (builtins.readFile ../../data/ca.crt) ];