ldap: client is properly working now

2023-05-21 01:38:19 +01:00 · 2023-05-21 01:38:19 +01:00 · e73e15f524
commit e73e15f524
parent 67a0d1b8bf
4 changed files with 123 additions and 58 deletions
--- a/machines/optimus.nix
+++ b/machines/optimus.nix
@ -25,6 +25,9 @@ in {
    ../applications/dns.nix
    ../applications/games.nix

+
+    ../applications/ldap_client.nix
+
    # for testing
    ../applications/ldap.nix
  ];
@ -66,47 +69,11 @@ in {
    };
  };

-  services.sssd = {
+
+  services.skynet_ldap_client = {
    enable = true;
-
-    sshAuthorizedKeysIntegration = true;
-
-    config = ''
-      [domain/skynet.ie]
-      debug_level = 4
-
-      id_provider = ldap
-      auth_provider = ldap
-      sudo_provider = ldap
-
-      ldap_uri = ldap://193.1.99.112:389
-
-      ldap_search_base = dc=skynet,dc=ie
-      # thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d
-      ldap_user_search_base = ou=users,dc=skynet,dc=ie?sub?(|(skMemberOf=cn=skynet-users,ou=groups,dc=skynet,dc=ie))
-      ldap_group_search_base = ou=groups,dc=skynet,dc=ie
-      ldap_sudo_search_base = cn=skynet-admins,ou=groups,dc=skynet,dc=ie
-
-      ldap_group_nesting_level = 5
-
-      cache_credentials = false
-      entry_cache_timeout = 1
-
-      ldap_user_member_of = skMemberOf
-
-      [sssd]
-      config_file_version = 2
-      services = nss, pam, sudo, ssh
-      domains = skynet.ie
-
-      [nss]
-
-      [pam]
-
-      [sudo]
-
-      [autofs]
-    '';
+    # skynet-admin will always be added
+    groups = [ "skynet-users"];
  };

-}
+}