ideas that aren't done yet

2 files changed, 60 insertions, 0 deletions

diff --git a/setup_kanidm.sh b/setup_kanidm.sh
new file mode 100644
index 0000000..d6d50ab
--- /dev/null
+++ b/setup_kanidm.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+UNIXERS_GROUP = {{ unixers }}
+
+/etc/kanidm/config
+<<<
+uri = "https://{{ idm_domain }}"
+verify_ca = true
+verify_hostnames = true
+>>>
+
+/etc/kanidm/unixd
+<<<
+version = '2'
+
+default_shell = "/bin/zsh"
+
+home_attr = "uuid"
+home_alias = "name"
+home_prefix = "/home/"
+
+[kanidm]
+pam_allowed_login_groups = ["{{ unixers }}"]
+
+[[kanidm.map_group]]
+local = "admins"
+with = "coffee_admins"
+>>>
+
+/etc/sudo
+<<<
+%admins ALL=(ALL:ALL) ALL
+>>>
+
+systemctl enable --now kanidm-unixd
+systemctl enable --now kanidm-unixd-tasks
+
+add_line /etc/nsswitch.conf
+<<<
+passwd: kanidm files systemd
+group:  kanidm [SUCCESS=merge] files systemd
+>>>
+
+add_line /etc/ssh/sshd_config.d/10-kanidm-keys.conf
+<<<
+PubkeyAuthentication yes
+UsePAM yes
+
+Match Group {{ unixers_group }}
+	AuthorizedKeysCommand /usr/sbin/kanidm_ssh_authorizedkeys %u
+	AuthorizedKeysCommandUser nobody
+>>>
+
+# PAM
+add_line /etc/pam.d/common-account
+<<< 
diff --git a/user_configuration.json b/user_configuration.json
index c177030..08eb15d 100644
--- a/user_configuration.json
+++ b/user_configuration.json
@@ -74,6 +74,7 @@
     "git",
     "gnome-keyring",
     "graphite-grub-theme",
+    "kanidm-unixd-clients",
     "libmpeg2",
     "librewolf-bin",
     "mpv",
@@ -90,8 +91,10 @@
     "polkit",
     "polkit-kde-agent",
     "reflector",
+    "rustup",
     "sshfs",
     "starship",
+    "sudo",
     "swaybg",
     "swayidle",
     "swaylock",
@@ -109,6 +112,7 @@
     "ttf-mononoki-nerd",
     "ttf-nerd-fonts-symbols",
     "ttf-space-mono-nerd",
+    "tmux",
     "waybar",
     "wezterm",
     "x264",