xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

modules: add kanidm-client module

Browse source
This commit is contained in:
xinyangli 2024-01-09 12:27:51 +08:00
parent 45abb88221
commit 5da958c996
No known key found for this signature in database
8 changed files with 124 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

26
machines/dolomite/default.nix
View file

@ -46,6 +46,32 @@
};
};
custom.kanidm-client = {
enable = true;
uri = "https://auth.xinyang.life/";
asSSHAuth = {
enable = true;
allowedGroups = [ "linux_users" ];
};
sudoers = [ "xin@auth.xinyang.life" ];
};
services.openssh = {
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkForce "no";
GSSAPIAuthentication = "no";
KerberosAuthentication = "no";
};
};
services.fail2ban.enable = true;
security.sudo = {
execWheelOnly = true;
wheelNeedsPassword = false;
};
services.sing-box = let
singTls = {
enabled = true;