Jan/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added service to set up user keytab

Browse Source
This commit is contained in:
Jan-Bulthuis 2025-06-09 14:23:11 +02:00
parent 32e7d99292
commit d4e6283c2f
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/vm-oddjob/configuration.nix
View File

@ -19,11 +19,6 @@
}; };
# Setup NAS backups # Setup NAS backups
environment.systemPackages = with pkgs; [
cifs-utils
samba
keyutils
];
environment.etc."request-key.conf".text = environment.etc."request-key.conf".text =
let let
upcall = "${pkgs.cifs-utils}/bin/cifs.upcall"; upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
@ -47,6 +42,16 @@
sops.secrets."smb-credentials" = { sops.secrets."smb-credentials" = {
sopsFile = "${inputs.secrets}/secrets/vm-oddjob.enc.yaml"; sopsFile = "${inputs.secrets}/secrets/vm-oddjob.enc.yaml";
}; };
systemd.services.mnt-nas-krb5 = {
description = "Set up Kerberos credentials for mnt-nas";
before = [ "mnt-nas.mount" ];
requiredBy = [ "mnt-nas.mount" ];
serviceConfig.type = "oneshot";
script = ''
. ${config.sops.secrets."smb-credentials".path}
echo $password | kinit $username
'';
};
fileSystems."/mnt/nas" = { fileSystems."/mnt/nas" = {
device = "//${inputs.secrets.lab.nas.host}/Backup"; device = "//${inputs.secrets.lab.nas.host}/Backup";
fsType = "cifs"; fsType = "cifs";