From bb84ade958a354af46054ae4659a06279400cd1f Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Wed, 5 Jun 2024 13:28:45 -0700
Subject: [PATCH] Remove filters, rather than specifying an ldap filter

---
 paris-container.nix | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/paris-container.nix b/paris-container.nix
index d8c8e15..5d50300 100644
--- a/paris-container.nix
+++ b/paris-container.nix
@@ -35,6 +35,18 @@ in {
       default = [ ];
     };
 
+    kerberos = mkOption {
+      type = nullOr (submodule {
+        options = {
+          keytab = mkOption {
+            type = str;
+            description = "Location of Paris keytab.";
+          };
+        };
+      });
+      default = null;
+    };
+
     ldap = {
       image = mkOption {
         type = str;
@@ -266,11 +278,7 @@ in {
 
               pam = { reconnection_retries = 3; };
 
-              nss = {
-                filter_groups = "root";
-                filter_users = "root";
-                reconnection_retries = 3;
-              };
+              nss.reconnection_retries = 3;
 
               "domain/${cfg.ldap.domain}" = {
                 cache_credentials = true;