From 8b331ad3ae9356f8e54f6c8dcf15727767d04953 Mon Sep 17 00:00:00 2001
From: Jan-Bulthuis <git@bulthuis.dev>
Date: Sun, 8 Jun 2025 03:39:12 +0200
Subject: [PATCH] Added SSSD config

---
 modules/nixos/domain.nix | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/domain.nix b/modules/nixos/domain.nix
index ed1ebe3..5f05bba 100644
--- a/modules/nixos/domain.nix
+++ b/modules/nixos/domain.nix
@@ -41,7 +41,10 @@ in
       description = "Automatically join the domain";
       wantedBy = [ "default.target" ];
       after = [
-        "network.target"
+        "network-online.target"
+      ];
+      requires = [
+        "network-online.target"
       ];
       serviceConfig = {
         type = "oneshot";
@@ -55,5 +58,32 @@ in
           --stdin-password < ${cfg.join.passwordFile}
       '';
     };
+
+    # Set up SSSD
+    services.sssd = {
+      enable = true;
+      config = ''
+        [sssd]
+        domains = ${domain}
+        config_file_version = 2
+        services = nss, pam, ssh
+
+        [domain/${domain}]
+        enumerate = false
+        ad_domain = ${domain}
+        krb5_realm = ${domainUpper}
+        id_provider = ad
+        auth_provider = ad
+        access_provider = ad
+        chpass_provider = ad
+        use_fully_qualified_names = false
+        ldap_id_mapping = true
+        ad_gpo_access_control = permissive
+      '';
+    };
+    systemd.services.sssd = {
+      after = [ "adcli-join.service" ];
+      requires = [ "adcli-join.service" ];
+    };
   };
 }