Jan/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set up request-key.conf

Browse Source
This commit is contained in:
Jan-Bulthuis 2025-06-09 13:54:31 +02:00
parent d9dab5b9d3
commit 32e7d99292
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/vm-oddjob/configuration.nix
View File

@ -24,6 +24,26 @@
samba samba
keyutils keyutils
]; ];
environment.etc."request-key.conf".text =
let
upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
keyctl = "${pkgs.keyutils}/bin/keyctl";
in
''
#OP TYPE DESCRIPTION CALLOUT_INFO PROGRAM
# -t is required for DFS share servers...
create cifs.spnego * * ${upcall} -t %k
create dns_resolver * * ${upcall} %k
# Everything below this is essentially the
# defualt configuration
create user debug:* negate ${keyctl} negate %k 30 %S
create user debug:* rejected ${keyctl} reject %k 30 %c %S
create user debug:* expired ${keyctl} reject %k 30 %c %S
create user debug:* revoked ${keyctl} reject %k 30 %c %S
create user debug:loop:* * |${pkgs.coreutils}/bin/cat
create user debug:* * ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S
negate * * * ${keyctl} negate %k 30 %S
'';
sops.secrets."smb-credentials" = { sops.secrets."smb-credentials" = {
sopsFile = "${inputs.secrets}/secrets/vm-oddjob.enc.yaml"; sopsFile = "${inputs.secrets}/secrets/vm-oddjob.enc.yaml";
}; };