diff options
| -rw-r--r-- | setup_kanidm.sh | 56 | ||||
| -rw-r--r-- | user_configuration.json | 4 |
2 files changed, 60 insertions, 0 deletions
diff --git a/setup_kanidm.sh b/setup_kanidm.sh new file mode 100644 index 0000000..d6d50ab --- /dev/null +++ b/setup_kanidm.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +UNIXERS_GROUP = {{ unixers }} + +/etc/kanidm/config +<<< +uri = "https://{{ idm_domain }}" +verify_ca = true +verify_hostnames = true +>>> + +/etc/kanidm/unixd +<<< +version = '2' + +default_shell = "/bin/zsh" + +home_attr = "uuid" +home_alias = "name" +home_prefix = "/home/" + +[kanidm] +pam_allowed_login_groups = ["{{ unixers }}"] + +[[kanidm.map_group]] +local = "admins" +with = "coffee_admins" +>>> + +/etc/sudo +<<< +%admins ALL=(ALL:ALL) ALL +>>> + +systemctl enable --now kanidm-unixd +systemctl enable --now kanidm-unixd-tasks + +add_line /etc/nsswitch.conf +<<< +passwd: kanidm files systemd +group: kanidm [SUCCESS=merge] files systemd +>>> + +add_line /etc/ssh/sshd_config.d/10-kanidm-keys.conf +<<< +PubkeyAuthentication yes +UsePAM yes + +Match Group {{ unixers_group }} + AuthorizedKeysCommand /usr/sbin/kanidm_ssh_authorizedkeys %u + AuthorizedKeysCommandUser nobody +>>> + +# PAM +add_line /etc/pam.d/common-account +<<< diff --git a/user_configuration.json b/user_configuration.json index c177030..08eb15d 100644 --- a/user_configuration.json +++ b/user_configuration.json @@ -74,6 +74,7 @@ "git", "gnome-keyring", "graphite-grub-theme", + "kanidm-unixd-clients", "libmpeg2", "librewolf-bin", "mpv", @@ -90,8 +91,10 @@ "polkit", "polkit-kde-agent", "reflector", + "rustup", "sshfs", "starship", + "sudo", "swaybg", "swayidle", "swaylock", @@ -109,6 +112,7 @@ "ttf-mononoki-nerd", "ttf-nerd-fonts-symbols", "ttf-space-mono-nerd", + "tmux", "waybar", "wezterm", "x264", |