Skynet/nixos
6
1
Fork 0
Code Issues 42 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: got jones back working again

Browse source
This commit is contained in:
silver 2023-06-24 15:41:31 +01:00
parent 7dcda8021c
commit c756a1d03e
2 changed files with 25 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
applications/ldap_client.nix
View file

@ -77,41 +77,39 @@
sshAuthorizedKeysIntegration = true; sshAuthorizedKeysIntegration = true;
config = '' config = ''
[domain/skynet.ie] [domain/skynet.ie]
#debug_level = 4 id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
id_provider = ldap ldap_uri = ldaps://${cfg.address}:636
auth_provider = ldap
sudo_provider = ldap
ldap_uri = ldaps://${cfg.address}:636 ldap_search_base = ${cfg.base}
# thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d
ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups})
ldap_group_search_base = ou=groups,${cfg.base}
ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base}
ldap_search_base = ${cfg.base} ldap_group_nesting_level = 5
# thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d
ldap_user_search_base = ou=users,${cfg.base}?sub?(|${create_filter cfg.groups})
ldap_group_search_base = ou=groups,${cfg.base}
ldap_sudo_search_base = cn=skynet-admins-linux,ou=groups,${cfg.base}
ldap_group_nesting_level = 5 cache_credentials = false
entry_cache_timeout = 1
cache_credentials = false ldap_user_member_of = skMemberOf
entry_cache_timeout = 1
ldap_user_member_of = skMemberOf [sssd]
config_file_version = 2
services = nss, pam, sudo, ssh
domains = skynet.ie
[sssd] [nss]
config_file_version = 2 # override_homedir = /home/%u
services = nss, pam, sudo, ssh
domains = skynet.ie
[nss] [pam]
# override_homedir = /home/%u
[pam] [sudo]
[sudo] [autofs]
[autofs]
''; '';
}; };

4
machines/agentjones.nix
View file

@ -47,7 +47,7 @@ in {
# this has to be defined for any physical servers # this has to be defined for any physical servers
# vms are defined by teh vm host # vms are defined by teh vm host
networking.interfaces = { networking.interfaces = {
eno1 = { eno2 = {
ipv4.addresses = [ ipv4.addresses = [
{ {
address = "193.1.99.72"; address = "193.1.99.72";
@ -55,7 +55,7 @@ in {
} }
]; ];
}; };
eno2 = { eno1 = {
#useDHCP = false; #useDHCP = false;
ipv4.addresses = [ ipv4.addresses = [
{ {