Set up ssh client, temporarily removed network home mount
This commit is contained in:
Jan-Bulthuis
parent
66b2662030
commit
cf4a324617
@ -126,8 +126,14 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Set up SSH
|
# Set up SSH
|
||||||
|
programs.ssh = {
|
||||||
|
package = pkgs.openssh_gssapi;
|
||||||
|
extraConfig = ''
|
||||||
|
GSSAPIAuthentication yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
package = pkgs.opensshWithKerberos;
|
package = pkgs.openssh_gssapi;
|
||||||
settings = {
|
settings = {
|
||||||
GSSAPIAuthentication = true;
|
GSSAPIAuthentication = true;
|
||||||
GSSAPICleanupCredentials = true;
|
GSSAPICleanupCredentials = true;
|
||||||
@ -154,30 +160,30 @@ in
|
|||||||
modules.profiles.base.enable = true;
|
modules.profiles.base.enable = true;
|
||||||
|
|
||||||
# Mount the directories from the network share
|
# Mount the directories from the network share
|
||||||
home.activation.dirMount =
|
# home.activation.dirMount =
|
||||||
let
|
# let
|
||||||
bindScript = dir: ''
|
# bindScript = dir: ''
|
||||||
mkdir -p /network/$USER/${dir}
|
# mkdir -p /network/$USER/${dir}
|
||||||
mkdir -p $HOME/${dir}
|
# mkdir -p $HOME/${dir}
|
||||||
${pkgs.bindfs}/bin/bindfs /network/$USER/${dir} $HOME/${dir}
|
# ${pkgs.bindfs}/bin/bindfs /network/$USER/${dir} $HOME/${dir}
|
||||||
'';
|
# '';
|
||||||
in
|
# in
|
||||||
lib.hm.dag.entryAfter [ "writeBoundary" ] ''
|
# lib.hm.dag.entryAfter [ "writeBoundary" ] ''
|
||||||
if ! ${pkgs.krb5}/bin/klist -s; then
|
# if ! ${pkgs.krb5}/bin/klist -s; then
|
||||||
echo "No kerberos ticket found"
|
# echo "No kerberos ticket found"
|
||||||
${pkgs.krb5}/bin/kinit
|
# ${pkgs.krb5}/bin/kinit
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
if ${pkgs.krb5}/bin/klist -s; then
|
# if ${pkgs.krb5}/bin/klist -s; then
|
||||||
echo "Kerberos ticket found, mounting home directory"
|
# echo "Kerberos ticket found, mounting home directory"
|
||||||
${bindScript "Documents"}
|
# ${bindScript "Documents"}
|
||||||
${bindScript "Music"}
|
# ${bindScript "Music"}
|
||||||
${bindScript "Pictures"}
|
# ${bindScript "Pictures"}
|
||||||
${bindScript "Video"}
|
# ${bindScript "Video"}
|
||||||
else
|
# else
|
||||||
echo "Still no kerberos ticket found, skipping home directory mount"
|
# echo "Still no kerberos ticket found, skipping home directory mount"
|
||||||
fi
|
# fi
|
||||||
'';
|
# '';
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
] ++ config.home-manager.sharedModules;
|
] ++ config.home-manager.sharedModules;
|
||||||
@ -196,17 +202,17 @@ in
|
|||||||
|
|
||||||
# Automatically mount home share
|
# Automatically mount home share
|
||||||
# Can be accessed at /network/$USER
|
# Can be accessed at /network/$USER
|
||||||
services.autofs = {
|
# services.autofs = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
autoMaster =
|
# autoMaster =
|
||||||
let
|
# let
|
||||||
networkMap = pkgs.writeText "auto" ''
|
# networkMap = pkgs.writeText "auto" ''
|
||||||
* -fstype=cifs,sec=krb5,user=&,uid=$UID,gid=$GID,cruid=$UID ://${inputs.secrets.lab.nas.host}/home
|
# * -fstype=cifs,sec=krb5,user=&,uid=$UID,gid=$GID,cruid=$UID ://${inputs.secrets.lab.nas.host}/home
|
||||||
'';
|
# '';
|
||||||
in
|
# in
|
||||||
''
|
# ''
|
||||||
/network ${networkMap} --timeout=30
|
# /network ${networkMap} --timeout=30
|
||||||
'';
|
# '';
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user