cst1/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(vault01/radius): declare user vlans

Browse source
This commit is contained in:
catvayor 2025-01-27 20:35:35 +01:00
parent c97db7609d
commit 93a26c26f9
Signed by untrusted user: lbailly
GPG key ID: CE3E645251AC63F3
1 changed files with 5 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
machines/nixos/vault01/k-radius/default.nix
View file

@ -40,16 +40,13 @@
radius_required_groups = [ "radius_access@sso.dgnum.eu" ]; radius_required_groups = [ "radius_access@sso.dgnum.eu" ];
# A mapping between Kanidm groups and VLANS # A mapping between Kanidm groups and VLANS
radius_groups = [ radius_groups = map (
{ vlan, ... }:
{ {
spn = "dgnum_members@sso.dgnum.eu"; inherit vlan;
vlan = 1; spn = "vlan_${toString vlan}@sso.dgnum.eu";
} }
{ ) config.networking.vlans-info;
spn = "dgnum_clients@sso.dgnum.eu";
vlan = 2;
}
];
}; };
authTokenFile = config.age.secrets."radius-auth_token_file".path; authTokenFile = config.age.secrets."radius-auth_token_file".path;