torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
847 Commits 9 Branches 0 Tags
74cdfae596dd958ca081cad974135fa5d2b38633
Commit Graph

4 Commits

Author SHA1 Message Date
Torjus Håkestad
74cdfae596 system: revert kanidm config to minimal for debugging
Some checks failed
Run nix flake check / flake-check (push) Failing after 15m9s
Details
2026-02-08 14:04:59 +01:00
Torjus Håkestad
64dc10c6cd system: fix kanidm unixd config structure for v1.8
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m1s
Details 
Kanidm 1.8 requires:
- version = "2" at top level
- pam_allowed_login_groups inside [kanidm] section

The NixOS module also requires pam_allowed_login_groups at top level,
so we provide it at both places.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-08 14:00:55 +01:00
Torjus Håkestad
bab59665fd system: fix kanidm PAM user mismatch
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m1s
Details 
Configure uid_attr_map and gid_attr_map to use short names instead of
SPN format. This fixes SSH failing with "PAM user mismatch" because
getent returned "torjus@home.2rjus.net" instead of "torjus".

Also add user-management documentation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-08 13:55:11 +01:00
Torjus Håkestad
1d7eec7ad3 system: add kanidm PAM/NSS client module
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Details 
Add homelab.kanidm.enable option for central authentication via Kanidm.
The module configures:
- PAM/NSS integration with kanidm-unixd
- Client connection to auth.home.2rjus.net
- Login authorization for ssh-users group

Enable on testvm01-03 for testing.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-08 13:43:41 +01:00