From 0272bcadd32e7453e0f146abbefe221208e12968 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Wed, 5 Jun 2024 14:07:24 -0700
Subject: [PATCH] Don't configure kerberos unless it's necessary

---
 paris-container.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/paris-container.nix b/paris-container.nix
index 0665dcf..5a289b5 100644
--- a/paris-container.nix
+++ b/paris-container.nix
@@ -231,7 +231,7 @@ in {
     };
 
     systemd.services."container@paris".after =
-      [ config.fudo.secrets.secret-target ];
+      optional (!isNull cfg.kerberos) config.fudo.secrets.secret-target;
 
     containers.paris = {
       autoStart = true;
@@ -276,7 +276,7 @@ in {
 
         security.pam.krb5.enable = true;
 
-        krb5 = {
+        krb5 = mkIf (!isNull cfg.kerberos) {
           enable = true;
           kerberos = pkgs.heimdal;
           libdefaults = config.krb5.libdefaults;
@@ -296,7 +296,7 @@ in {
               UseDns = true;
               PermitRootLogin = "no";
             };
-            extraConfig = ''
+            extraConfig = optionalString (!isNull cfg.kerberos) ''
               GSSAPIAuthentication yes
               GSSAPICleanupCredentials yes
             '';