Jan/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added SSSD config

Browse Source
This commit is contained in:
Jan-Bulthuis 2025-06-08 03:39:12 +02:00
parent 417383f89b
commit 8b331ad3ae
1 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
modules/nixos/domain.nix
View File

@ -41,7 +41,10 @@ in
description = "Automatically join the domain"; description = "Automatically join the domain";
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
after = [ after = [
"network.target" "network-online.target"
];
requires = [
"network-online.target"
]; ];
serviceConfig = { serviceConfig = {
type = "oneshot"; type = "oneshot";
@ -55,5 +58,32 @@ in
--stdin-password < ${cfg.join.passwordFile} --stdin-password < ${cfg.join.passwordFile}
''; '';
}; };
# Set up SSSD
services.sssd = {
enable = true;
config = ''
[sssd]
domains = ${domain}
config_file_version = 2
services = nss, pam, ssh
[domain/${domain}]
enumerate = false
ad_domain = ${domain}
krb5_realm = ${domainUpper}
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
use_fully_qualified_names = false
ldap_id_mapping = true
ad_gpo_access_control = permissive
'';
};
systemd.services.sssd = {
after = [ "adcli-join.service" ];
requires = [ "adcli-join.service" ];
};
}; };
} }