wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

ldap: switch to sssd on quitte

Browse source
This commit is contained in:
Rouven Seifert 2024-03-04 22:14:24 +01:00
parent b454ad2437
commit a1bfa3f7e1
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 1 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -78,6 +78,7 @@
./modules/ese-website.nix ./modules/ese-website.nix
./modules/ldap ./modules/ldap
./modules/sssd.nix
./modules/mail ./modules/mail
./modules/mailman.nix ./modules/mailman.nix
./modules/mysql.nix ./modules/mysql.nix

17
modules/ldap/default.nix
View file

@ -47,10 +47,6 @@ in
"portunus/admin-password".owner = config.services.portunus.user; "portunus/admin-password".owner = config.services.portunus.user;
"portunus/search-password".owner = config.services.portunus.user; "portunus/search-password".owner = config.services.portunus.user;
"dex/environment".owner = config.systemd.services.dex.serviceConfig.User; "dex/environment".owner = config.systemd.services.dex.serviceConfig.User;
nslcd_ldap_search = {
key = "portunus/search-password";
owner = config.systemd.services.nslcd.serviceConfig.User;
};
}; };
services.portunus = { services.portunus = {
@ -97,19 +93,6 @@ in
isSystemUser = true; isSystemUser = true;
}; };
groups.dex = { }; groups.dex = { };
ldap =
let portunus = config.services.portunus; in
rec {
enable = true;
server = "ldap://localhost";
base = "${portunus.ldap.suffix}";
bind = {
distinguishedName = "uid=${portunus.ldap.searchUserName},ou=users,${base}";
passwordFile = config.sops.secrets.nslcd_ldap_search.path;
};
daemon.enable = true;
};
}; };
security.pam.services.sshd.makeHomeDir = true; security.pam.services.sshd.makeHomeDir = true;