public
/
paris-container
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't configure kerberos unless it's necessary

This commit is contained in:
niten 2024-06-05 14:07:24 -07:00
parent 2d01513547
commit 0272bcadd3
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
paris-container.nix
View File

@ -231,7 +231,7 @@ in {
};
systemd.services."container@paris".after =
[ config.fudo.secrets.secret-target ];
optional (!isNull cfg.kerberos) config.fudo.secrets.secret-target;
containers.paris = {
autoStart = true;
@ -276,7 +276,7 @@ in {
security.pam.krb5.enable = true;
krb5 = {
krb5 = mkIf (!isNull cfg.kerberos) {
enable = true;
kerberos = pkgs.heimdal;
libdefaults = config.krb5.libdefaults;
@ -296,7 +296,7 @@ in {
UseDns = true;
PermitRootLogin = "no";
};
extraConfig = ''
extraConfig = optionalString (!isNull cfg.kerberos) ''
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
'';