infra/nixos
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Removed some unnecessary stuff

Browse source
This commit is contained in:
mewp 2025-01-22 22:21:51 +00:00
parent df300154b3
commit cb662c7e45
1 changed files with 0 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
configuration.nix
View file

@ -37,36 +37,8 @@
"8.8.8.8"
];
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG599UildOrAq+LIOQjKqtGMwjgjIxozI1jtQQRKHtCP q3k@mimeomia"
"cert-authority ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPt2EXhvAwjMZ+5j8P0dCMaUdXeUQePeTv8tBdHXNly mewp"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQb3YQoiYFZLKwvHYKbu1bMqzNeDCAszQhAe1+QI5SLDOotclyY/vFmOReZOsmyMFl71G2d7d+FbYNusUnNNjTxRYQ021tVc+RkMdLJaORRURmQfEFEKbai6QSFTwErXzuoIzyEPK0lbsQuGgqT9WaVnRzHJ2Q/4+qQbxAS34PuR5NqEkmn4G6LMo3OyJ5mwPkCj9lsqz4BcxRaMWFO3mNcwGDfSW+sqgc3E8N6LKrTpZq3ke7xacpQmcG5DU9VO+2QVPdltl9jWbs3gXjmF92YRNOuKPVfAOZBBsp8JOznfx8s9wDgs7RwPmDpjIAJEyoABqW5hlXfqRbTnfnMvuR informatic@InformaticPC"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOccFr7RFddSB5kdvYCIdCyKgD3X79mC90cMImqziTd9 radex@radpro"
];
};
users.groups.ldap-access = {};
# users.ldap = {
# enable = true;
# loginPam = true;
# nsswitch = true;
# base = "ou=users,dc=cebula,dc=camp";
# server = "ldap://10.88.0.1:389/";
# timeLimit = 1;
# daemon.enable = true;
# bind = {
# distinguishedName = "cn=ldap-access,ou=users,dc=cebula,dc=camp";
# passwordFile = "/var/secrets/ldap-access";
# };
# };
services.sssd = {
enable = true;
sshAuthorizedKeysIntegration = true;
@ -75,20 +47,11 @@
serviceAccount = "ldap-access";
allowedGroup = "cn=orga-infra,ou=groups,${baseDN}";
in ''
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[sssd]
config_file_version = 2
reconnection_retries = 3
domains = LDAP
services = nss, pam, ssh
[pam]
reconnection_retries = 3
[domain/LDAP]
cache_credentials = True
id_provider = ldap