From b7d38c4f5fa54bb11e956478decb69aa81aa6b39 Mon Sep 17 00:00:00 2001 From: Artemis Tosini Date: Wed, 22 Nov 2023 20:51:14 +0000 Subject: [PATCH] Remove kerberos, try tpm2 on rainbowdash --- sets/krb5.nix | 16 ---------------- sets/tpm.nix | 9 +++++++++ system/rainbowdash/default.nix | 2 +- system/starlight/default.nix | 1 - 4 files changed, 10 insertions(+), 18 deletions(-) delete mode 100644 sets/krb5.nix create mode 100644 sets/tpm.nix diff --git a/sets/krb5.nix b/sets/krb5.nix deleted file mode 100644 index 6e88501..0000000 --- a/sets/krb5.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: - -{ - krb5 = { - enable = true; - libdefaults.default_realm = "MANEHATTAN.ARTEM.IST"; - domain_realm = { - "manehattan.artem.ist" = "MANEHATTAN.ARTEM.IST"; - ".manehattan.artem.ist" = "MANEHATTAN.ARTEM.IST"; - }; - realms."MANEHATTAN.ARTEM.IST" = { - admin_server = "luna.manehattan.artem.ist"; - kdc = "luna.manehattan.artem.ist"; - }; - }; -} diff --git a/sets/tpm.nix b/sets/tpm.nix new file mode 100644 index 0000000..18ea0a7 --- /dev/null +++ b/sets/tpm.nix @@ -0,0 +1,9 @@ +{ ... }: { + security.tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + + users.users.artemis.extraGroups = [ "tss" ]; +} diff --git a/system/rainbowdash/default.nix b/system/rainbowdash/default.nix index 72343b7..ddfb088 100644 --- a/system/rainbowdash/default.nix +++ b/system/rainbowdash/default.nix @@ -7,9 +7,9 @@ ../../sets/buildMachines.nix ../../sets/hacking.nix ../../sets/hardware.nix - ../../sets/krb5.nix ../../sets/laptop.nix ../../sets/secureBoot.nix + ../../sets/tpm.nix ../../sets/virtualization.nix ../../sets/workstation.nix inputs.nixos-hardware.nixosModules.common-cpu-intel diff --git a/system/starlight/default.nix b/system/starlight/default.nix index 512e100..d96c2ee 100644 --- a/system/starlight/default.nix +++ b/system/starlight/default.nix @@ -10,7 +10,6 @@ ../../sets/fpga.nix ../../sets/hacking.nix ../../sets/hardware.nix - ../../sets/krb5.nix ../../sets/music.nix ../../sets/radio.nix ../../sets/secureBoot.nix