28 lines
774 B
Nix
28 lines
774 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
hostname = config.instance.hostname;
|
|
has-secret-files = hasAttr "files" config.fudo.secrets;
|
|
try-attr = attr: set: if (hasAttr attr set) then set.${attr} else null;
|
|
|
|
in {
|
|
config = mkIf has-secret-files (let
|
|
keytab-file = try-attr hostname config.fudo.secrets.files.host-keytabs;
|
|
in {
|
|
environment.etc."krb5.keytab" = mkIf (keytab-file != null) {
|
|
source =
|
|
config.fudo.secrets.host-secrets.${hostname}.host-keytab.target-file;
|
|
user = "root";
|
|
group = "root";
|
|
mode = "0400";
|
|
};
|
|
|
|
fudo.secrets.host-secrets.${hostname}.host-keytab = mkIf (keytab-file != null) {
|
|
source-file = keytab-file;
|
|
target-file = "/run/kerberos/krb5.keytab";
|
|
user = "root";
|
|
};
|
|
});
|
|
}
|