From d4e6283c2fd96887eb90da9cf92865838bfac50f Mon Sep 17 00:00:00 2001
From: Jan-Bulthuis <git@bulthuis.dev>
Date: Mon, 9 Jun 2025 14:23:11 +0200
Subject: [PATCH] Added service to set up user keytab

---
 hosts/vm-oddjob/configuration.nix | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/hosts/vm-oddjob/configuration.nix b/hosts/vm-oddjob/configuration.nix
index 0d2cd2c..7648cc6 100644
--- a/hosts/vm-oddjob/configuration.nix
+++ b/hosts/vm-oddjob/configuration.nix
@@ -19,11 +19,6 @@
   };
 
   # Setup NAS backups
-  environment.systemPackages = with pkgs; [
-    cifs-utils
-    samba
-    keyutils
-  ];
   environment.etc."request-key.conf".text =
     let
       upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
@@ -47,6 +42,16 @@
   sops.secrets."smb-credentials" = {
     sopsFile = "${inputs.secrets}/secrets/vm-oddjob.enc.yaml";
   };
+  systemd.services.mnt-nas-krb5 = {
+    description = "Set up Kerberos credentials for mnt-nas";
+    before = [ "mnt-nas.mount" ];
+    requiredBy = [ "mnt-nas.mount" ];
+    serviceConfig.type = "oneshot";
+    script = ''
+      . ${config.sops.secrets."smb-credentials".path}
+      echo $password | kinit $username
+    '';
+  };
   fileSystems."/mnt/nas" = {
     device = "//${inputs.secrets.lab.nas.host}/Backup";
     fsType = "cifs";