NixOS configuration for HPC cluster
https://docs.hpc.informatik.hs-fulda.de/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59 lines
1.3 KiB
59 lines
1.3 KiB
{ pkgs, lib, config, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
baseDN = concatMapStringsSep ","
|
|
(part: "dc=${part}")
|
|
(splitString "." config.networking.domain);
|
|
|
|
in
|
|
{
|
|
users.mutableUsers = false;
|
|
|
|
users.users."root" = {
|
|
hashedPassword = "$y$j9T$tz8ojZ2gVOQ5AUp6GMhoj.$mAeE0eTGGsKNGddC7ebk/zFr5IMDyIpOpMP/6o.GI6D";
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so"
|
|
];
|
|
};
|
|
|
|
users.ldap = {
|
|
enable = true;
|
|
|
|
useTLS = true;
|
|
|
|
server = "ldaps://ldap.${config.networking.domain}/";
|
|
base = "ou=users,${baseDN}";
|
|
|
|
daemon.enable = true;
|
|
|
|
bind = {
|
|
distinguishedName = "cn=login,${baseDN}";
|
|
passwordFile = config.sops.secrets."ldap/login/password".path;
|
|
};
|
|
};
|
|
|
|
users.groups."cluster" = {
|
|
gid = 1000; # Fixed, becaused it is used for LDAP users
|
|
};
|
|
|
|
security.pam.services."login".makeHomeDir = true;
|
|
security.pam.services."sshd".makeHomeDir = true;
|
|
security.pam.services."systemd-user".makeHomeDir = true;
|
|
|
|
security.pam.loginLimits = [
|
|
{
|
|
domain = "@cluster";
|
|
item = "memlock";
|
|
type = "-";
|
|
value = "unlimited";
|
|
}
|
|
];
|
|
|
|
sops.secrets."ldap/login/password" = {
|
|
owner = "nslcd";
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
}
|