hpc
/
nixcfg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
NixOS configuration for HPC cluster https://docs.hpc.informatik.hs-fulda.de/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
1 Branch
0 Tags
314 KiB
Tree: 07d610b6f0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07d610b6f0'
${ noResults }
nixcfg/shared/users.nix

59 lines
1.3 KiB
Raw Normal View History

Unlimited locks for cluster users
9 months ago
SSH host based auth
1 year ago
Secrets, netinstall, ldap and stuff
11 months ago
SSH host based auth
1 year ago
Inital import
1 year ago
Progress
1 year ago
Inital import
1 year ago
SSH host based auth
1 year ago
Secrets, netinstall, ldap and stuff
11 months ago
SSH host based auth
1 year ago
LDAP login
1 year ago
Secrets, netinstall, ldap and stuff
11 months ago
LDAP login
1 year ago
SSH host based auth
1 year ago
LDAP login
1 year ago
Unlimited locks for cluster users
9 months ago
LDAP login
1 year ago
Secrets, netinstall, ldap and stuff
11 months ago
SSH host based auth
1 year ago
Inital import
1 year ago
  1. { pkgs, lib, config, ... }:
  3. with lib;
  5. let
  6. baseDN = concatMapStringsSep ","
  7. (part: "dc=${part}")
  8. (splitString "." config.networking.domain);
  10. in
  11. {
  12. users.mutableUsers = false;
  14. users.users."root" = {
  15. hashedPassword = "$y$j9T$tz8ojZ2gVOQ5AUp6GMhoj.$mAeE0eTGGsKNGddC7ebk/zFr5IMDyIpOpMP/6o.GI6D";
  17. openssh.authorizedKeys.keys = [
  18. "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so"
  19. ];
  20. };
  22. users.ldap = {
  23. enable = true;
  25. useTLS = true;
  27. server = "ldaps://ldap.${config.networking.domain}/";
  28. base = "ou=users,${baseDN}";
  30. daemon.enable = true;
  32. bind = {
  33. distinguishedName = "cn=login,${baseDN}";
  34. passwordFile = config.sops.secrets."ldap/login/password".path;
  35. };
  36. };
  38. users.groups."cluster" = {
  39. gid = 1000; # Fixed, becaused it is used for LDAP users
  40. };
  42. security.pam.services."login".makeHomeDir = true;
  43. security.pam.services."sshd".makeHomeDir = true;
  44. security.pam.services."systemd-user".makeHomeDir = true;
  46. security.pam.loginLimits = [
  47. {
  48. domain = "@cluster";
  49. item = "memlock";
  50. type = "-";
  51. value = "unlimited";
  52. }
  53. ];
  55. sops.secrets."ldap/login/password" = {
  56. owner = "nslcd";
  57. sopsFile = ./secrets.yaml;
  58. };
  59. }