movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

nixos/ipa: Make ipa_hostname configurable (#321588)

Browse source 
Some sites put hosts in domains outside of the IPA server's default
domain, so this needs to be user-configurable.  The default is to use
the system's FQDN if it is configured, otherwise fallback to the
previous default behaviour of assuming the IPA's server's domain.
This commit is contained in:
Benjamin Staffin 2024-06-22 11:29:54 -04:00 committed by GitHub
parent 7546a9d9de
commit e93ccda887
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
nixos/modules/security/ipa.nix
View file

@ -85,6 +85,18 @@ in {
description = "Whether to cache credentials.";
};
ipaHostname = mkOption {
type = types.str;
example = "myworkstation.example.com";
default = if config.networking.domain != null then config.networking.fqdn
else "${config.networking.hostName}.${cfg.domain}";
defaultText = literalExpression ''
if config.networking.domain != null then config.networking.fqdn
else "''${networking.hostName}.''${security.ipa.domain}"
'';
description = "Fully-qualified hostname used to identify this host in the IPA domain.";
};
ifpAllowedUids = mkOption {
type = types.listOf types.str;
default = ["root"];
@ -218,7 +230,7 @@ in {
ipa_domain = ${cfg.domain}
ipa_server = _srv_, ${cfg.server}
ipa_hostname = ${config.networking.hostName}.${cfg.domain}
ipa_hostname = ${cfg.ipaHostname}
cache_credentials = ${pyBool cfg.cacheCredentials}
krb5_store_password_if_offline = ${pyBool cfg.offlinePasswords}