Jan/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Filter out locally defined users and groups

Browse Source
This commit is contained in:
Jan-Bulthuis 2025-06-10 00:07:22 +02:00
parent 4e08366901
commit 7d4ee43283
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/nixos/domain.nix
View File

@ -85,10 +85,14 @@ in
config_file_version = 2 config_file_version = 2
services = nss, pam, ssh services = nss, pam, ssh
[nss]
filter_users = ${concatStringsSep "," (lib.attrNames config.users.users)}
filter_groups = ${concatStringsSep "," (lib.attrNames config.users.groups)}
[domain/${domain}] [domain/${domain}]
enumerate = False enumerate = False
ad_domain = ${domain} ad_domain = ${domain}
krb5_realm = ${domainUpper} krb5_realm = ${domainUpper}H
id_provider = ad id_provider = ad
auth_provider = ad auth_provider = ad
access_provider = ad access_provider = ad
@ -121,6 +125,7 @@ in
{ {
extraConfig = '' extraConfig = ''
%${admin_group} ALL=(ALL) SETENV: ALL %${admin_group} ALL=(ALL) SETENV: ALL
%${domainUpper}${admin_group} ALL=(ALL) SETENV: ALL
''; '';
}; };
@ -129,6 +134,7 @@ in
security.pam.services.sshd.makeHomeDir = true; security.pam.services.sshd.makeHomeDir = true;
environment.etc.profile.text = environment.etc.profile.text =
let let
# TODO: Activate configuration based on AD group
homeConfiguration = inputs.home-manager.lib.homeManagerConfiguration { homeConfiguration = inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs; inherit pkgs;
modules = [ modules = [