From fc1b7db2912e7c5878a2892d1b9db12a29552169 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sun, 3 Dec 2023 05:46:27 +0100
Subject: [PATCH] WIP: kerberos

---
 hosts/bekkalokk/configuration.nix |  1 +
 modules/kerberos_auth.nix         | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 modules/kerberos_auth.nix

diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix
index 358c43eb..f92eee7c 100644
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -5,6 +5,7 @@
 
     ../../base.nix
     ../../misc/metrics-exporters.nix
+    ../../modules/kerberos_auth.nix
 
     #./services/keycloak.nix
 
diff --git a/modules/kerberos_auth.nix b/modules/kerberos_auth.nix
new file mode 100644
index 00000000..015c2ca3
--- /dev/null
+++ b/modules/kerberos_auth.nix
@@ -0,0 +1,25 @@
+{ pkgs, lib, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    heimdal
+  ];
+
+  security.pam.krb5.enable = true;
+
+  environment.etc."krb5.conf".text = ''
+    [libdefaults]
+      default_realm = PVV.NTNU.NO
+      dns_lookup_realm = yes
+      dns_lookup_kdc = yes
+
+    [appdefaults]
+      pam = {
+        ignore_k5login = yes
+      }
+
+    [realms]
+      PVV.NTNU.NO = {
+        admin_server = kdc.pvv.ntnu.no
+      }
+  '';
+}