Jan/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Jan:cc75c95ad4a8a354c70115a8ba1c9c497cf94243
Branches Tags
Jan:main
Jan:disko
..
compare: Jan:54677248afe8622a72e10b95c24761a59b71b183
Branches Tags
Jan:main
Jan:disko

No commits in common. "cc75c95ad4a8a354c70115a8ba1c9c497cf94243" and "54677248afe8622a72e10b95c24761a59b71b183" have entirely different histories.
cc75c95ad4 ... 54677248af

4 changed files with 14 additions and 75 deletions
Show Stats Expand all files Collapse all files

8
flake.lock generated
View File

@ -161,11 +161,11 @@
}, },
"secrets": { "secrets": {
"locked": { "locked": {
"lastModified": 1749344539, "lastModified": 1749332102,
"narHash": "sha256-DeiiLB9cl/DftwhEWxgdwNbTlMAPj10SkjJAZC6BZvI=", "narHash": "sha256-64n0gavIbrMXF4OJJMCLQ9YIZh14Nk95nXd8dz0Hb9I=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "48050bddb5c566acfca602ace655fb251f39b8fc", "rev": "2f57d921b9fd90a6807102ad305844a6402131ac",
"revCount": 12, "revCount": 10,
"type": "git", "type": "git",
"url": "ssh://gitea@git.bulthuis.dev/Jan/nixos-secrets" "url": "ssh://gitea@git.bulthuis.dev/Jan/nixos-secrets"
}, },

10
hosts/vm-oddjob/configuration.nix
View File

@ -19,6 +19,16 @@
}; };
# Setup NAS backups # Setup NAS backups
# TODO: Move kerberos setup to general module
security.krb5 = {
enable = true;
settings = {
libdefaults = {
rdns = false;
};
realms = (inputs.secrets.lab.krb5Realm);
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cifs-utils cifs-utils
samba samba

58
modules/nixos/domain.nix
View File

@ -1,58 +0,0 @@
{
inputs,
lib,
pkgs,
config,
...
}:
with lib;
let
cfg = config.modules.domain;
domain = inputs.secrets.lab.domain;
domainUpper = lib.strings.toUpper domain;
in
{
options.modules.domain = {
enable = mkEnableOption "Domain Integration";
join = {
userFile = mkOption {
type = types.str;
description = "File containing the user used to join the computer.";
};
passwordFile = mkOption {
type = types.str;
description = "File containing the password for the join user.";
};
domainOUFile = mkOption {
type = types.str;
description = "The OU to join the computer to.";
};
};
};
config = mkIf cfg.enable {
# Set network domain
networking.domain = domain;
networking.search = [ domain ];
# Automatically join the domain
systemd.services.adcli-join = {
description = "Automatically join the domain";
wantedBy = [ "default.target" ];
after = [
"network.target"
];
serviceConfig = {
type = "oneshot";
};
script = ''
ADCLI_JOIN_USER=$(cat ${cfg.join.userFile})
ADCLI_JOIN_OU=$(cat ${cfg.join.domainOUFile})
${pkgs.adcli}/bin/adcli join -D ${domain} \
-U $ADCLI_JOIN_USER \
-O $ADCLI_JOIN_OU < ${cfg.join.passwordFile}
'';
};
};
}

13
profiles/nixos/vm.nix
View File

@ -29,22 +29,9 @@ in
zfs rollback -r tank/root@blank zfs rollback -r tank/root@blank
''; '';
}; };
domain = {
enable = true;
join = {
userFile = config.sops.secrets."vm-join/user".path;
passwordFile = config.sops.secrets."vm-join/password".path;
domainOUFile = config.sops.secrets."vm-join/ou".path;
};
};
ssh.enable = true; ssh.enable = true;
}; };
# Initialize domain join secrets
sops.secrets."vm-join/user" = { };
sops.secrets."vm-join/password" = { };
sops.secrets."vm-join/ou" = { };
# Autologin to root for access from hypervisor # Autologin to root for access from hypervisor
services.getty.autologinUser = "root"; services.getty.autologinUser = "root";