torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

docs: add home directory and enabled hosts info

Browse Source 
- Document UUID-based home directories with symlinks
- List currently enabled hosts (testvm01-03)
- Add cache-invalidate command to troubleshooting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-08 14:45:37 +01:00
parent 8bc4eee38e
commit cae1663526
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/user-management.md
View File

@@ -89,6 +89,12 @@ This configures:
- `services.kanidm.enablePam = true` - `services.kanidm.enablePam = true`
- Client connection to auth.home.2rjus.net - Client connection to auth.home.2rjus.net
- Login authorization for `ssh-users` group - Login authorization for `ssh-users` group
- Short usernames (`torjus` instead of `torjus@home.2rjus.net`)
- Home directory symlinks (`/home/torjus` → UUID-based directory)
### Enabled Hosts
- testvm01, testvm02, testvm03 (test tier)
### Options ### Options
@@ -100,6 +106,17 @@ homelab.kanidm = {
}; };
``` ```
### Home Directories
Home directories use UUID-based paths for stability (so renaming a user doesn't
require moving their home directory). Symlinks provide convenient access:
```
/home/torjus -> /home/e4f4c56c-4aee-4c20-846f-90cb69807733
```
The symlinks are created by `kanidm-unixd-tasks` on first login.
## Testing ## Testing
### Verify NSS Resolution ### Verify NSS Resolution
@@ -174,6 +191,11 @@ kanidm group posix set ssh-users --gidnumber 68000
systemctl restart nscd systemctl restart nscd
``` ```
6. Invalidate kanidm cache:
```bash
kanidm-unix cache-invalidate
```
### Changes not taking effect after deployment ### Changes not taking effect after deployment
NixOS uses nsncd (a Rust reimplementation of nscd) for NSS caching. After deploying NixOS uses nsncd (a Rust reimplementation of nscd) for NSS caching. After deploying