diff options
Diffstat (limited to 'nixos/modules/security/ipa.nix')
-rw-r--r-- | nixos/modules/security/ipa.nix | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/nixos/modules/security/ipa.nix b/nixos/modules/security/ipa.nix index 543b1abfa672c..e746ca75724a1 100644 --- a/nixos/modules/security/ipa.nix +++ b/nixos/modules/security/ipa.nix @@ -85,6 +85,18 @@ in { description = "Whether to cache credentials."; }; + ipaHostname = mkOption { + type = types.str; + example = "myworkstation.example.com"; + default = if config.networking.domain != null then config.networking.fqdn + else "${config.networking.hostName}.${cfg.domain}"; + defaultText = literalExpression '' + if config.networking.domain != null then config.networking.fqdn + else "''${networking.hostName}.''${security.ipa.domain}" + ''; + description = "Fully-qualified hostname used to identify this host in the IPA domain."; + }; + ifpAllowedUids = mkOption { type = types.listOf types.str; default = ["root"]; @@ -218,7 +230,7 @@ in { ipa_domain = ${cfg.domain} ipa_server = _srv_, ${cfg.server} - ipa_hostname = ${config.networking.hostName}.${cfg.domain} + ipa_hostname = ${cfg.ipaHostname} cache_credentials = ${pyBool cfg.cacheCredentials} krb5_store_password_if_offline = ${pyBool cfg.offlinePasswords} @@ -232,7 +244,6 @@ in { ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname, telephoneNumber:telephoneNumber, lock:nsaccountlock [sssd] - debug_level = 65510 services = nss, sudo, pam, ssh, ifp domains = ${cfg.domain} @@ -244,7 +255,6 @@ in { pam_verbosity = 3 [sudo] - debug_level = 65510 [autofs] |