WIP: kerberos

hosts/bekkalokk/configuration.nix

@@ -5,7 +5,7 @@
 
     ../../base.nix
     ../../misc/metrics-exporters.nix
-    ../../modules/home-areas.nix
+    ../../modules/kerberos_auth.nix
 
     #./services/keycloak.nix
 

hosts/bicep/configuration.nix

@@ -5,7 +5,6 @@
 
     ../../base.nix
     ../../misc/metrics-exporters.nix
-    ../../modules/home-areas.nix
     ./services/nginx
 
     ./acmeCert.nix

hosts/buskerud/configuration.nix

@@ -5,7 +5,6 @@
       ./hardware-configuration.nix
       ../../base.nix
       ../../misc/metrics-exporters.nix
-      ../../modules/home-areas.nix
 
       ./services/openvpn-client.nix
     ];

hosts/ildkule/configuration.nix

@@ -5,7 +5,6 @@
       ./hardware-configuration.nix
       ../../base.nix
       ../../misc/metrics-exporters.nix
-      ../../modules/home-areas.nix
 
       ./services/nginx
       ./services/metrics

hosts/shark/configuration.nix

@@ -5,7 +5,6 @@
       ./hardware-configuration.nix
       ../../base.nix
       ../../misc/metrics-exporters.nix
-      ../../modules/home-areas.nix
     ];
 
   sops.defaultSopsFile = ../../secrets/shark/shark.yaml;

modules/home-areas.nix

@@ -1,27 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  fileSystems = let
-    shorthandAreas = {
-      # See toriel:/etc/exports
-      "/home/pvv/t/pederbs" = "homepvvt.pvv.ntnu.no:/export/home/pvv/t/pederbs";
-      "/home/pvv/t/yorinad" = "homepvvt.pvv.ntnu.no:/export/home/pvv/t/yorinad";
-    }
-    //
-    # See microbel:/etc/exports
-    (lib.listToAttrs (map
-      (l: lib.nameValuePair "/home/pvv/${l}" "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}")
-      [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ]));
-  in { }
-  //
-  (lib.mapAttrs (_: device: {
-    inherit device;
-    fsType = "nfs";
-    options = [
-      "nfsvers=3"
-      "noauto"
-      "proto=tcp"
-      "x-systemd.automount"
-      "x-systemd.idle-timeout=300"
-    ];
-  }) shorthandAreas);
-}

modules/kerberos_auth.nix

@@ -0,0 +1,25 @@
+{ pkgs, lib, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    heimdal
+  ];
+
+  security.pam.krb5.enable = true;
+
+  environment.etc."krb5.conf".text = ''
+    [libdefaults]
+      default_realm = PVV.NTNU.NO
+      dns_lookup_realm = yes
+      dns_lookup_kdc = yes
+
+    [appdefaults]
+      pam = {
+        ignore_k5login = yes
+      }
+
+    [realms]
+      PVV.NTNU.NO = {
+        admin_server = kdc.pvv.ntnu.no
+      }
+  '';
+}