finish up idm_server hostclass

author: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
commit: 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree: 9279f7a330affbb5da6a1f147739b8dfd92d4a19 /vars
parent: d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download: infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz
4 files changed, 10 insertions, 7 deletions
diff --git a/vars/common b/vars/common
index 845b0b8..20c7976 100644
--- a/vars/common
+++ b/vars/common
@@ -6,6 +6,7 @@ email_domain=example.com
 locale=en_US.UTF-8
 ntp_pools='pool.ntp.org'
 root_password=changeme
+boxconf_password=changeme
 root_authorized_keys='ssh-ed25519 changeme
 ssh-ed25519 changeme'
 root_mail_alias="you@${email_domain}"
@@ -28,16 +29,13 @@ nproc=$(nproc)
 allowed_tcp_ports=ssh
 bootstrap_resolvers='1.1.1.1'
 desktop_type=kde
-fqdn="${BOXCONF_HOSTNAME}.${domain}"
 graphics_type=intel
-idm_admin_username='s-boxconf'
-idm_admin_uid='20000'
-idm_admin_groupname='sysadmins'
-idm_admin_gid='30000'
+boxconf_username='s-boxconf'
+krb5_ticket_lifetime=24h
+krb5_renew_lifetime=7d
 nslcd_min_uid=1000
 nscd_ttl=600
 nscd_negative_ttl=20
-smtp_host="smtp.${domain}"
 ssh_authzkeys_user=_authzkeys
 tcp_buffer_size=2097152  # suitable for 1 GigE
 
diff --git a/vars/hostclass/idm_server b/vars/hostclass/idm_server
index eec6d1c..dec58b7 100644
--- a/vars/hostclass/idm_server
+++ b/vars/hostclass/idm_server
@@ -3,7 +3,9 @@
 allowed_tcp_ports='ssh ldap ldaps domain kerberos-sec kerberos-adm'
 allowed_udp_ports='domain kerberos-sec kpasswd'
 
+kdc_master_key='changeme'
+
 ssh_authorized_keys_user=nobody
 
 unbound_blocklists="\
-https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/pro.plus.blacklist.conf"
+hagezi-pro  https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/pro.txt"
diff --git a/vars/hostclass/roadwarrior_laptop b/vars/hostclass/roadwarrior_laptop
index 1889a77..45bade8 100644
--- a/vars/hostclass/roadwarrior_laptop
+++ b/vars/hostclass/roadwarrior_laptop
@@ -1,3 +1,4 @@
 #!/bin/sh
 resolvers=$bootstrap_resolvers
 pf_skip_interfaces=wg
+see_other_uids=1
diff --git a/vars/os/freebsd b/vars/os/freebsd
index 17e7edb..9f5f068 100644
--- a/vars/os/freebsd
+++ b/vars/os/freebsd
@@ -6,12 +6,14 @@ cx_lowest=Cmax
 enable_pf=true
 install_packages='sudo tmux vim'
 intel_epp=50
+see_other_uids=0
 
 export ASSUME_ALWAYS_YES=yes
 acme_standalone_port=9080
 acme_uid=169
 keytab_dir=/var/db/keytabs
 nfscbd_port=7745
+nslcd_user=nslcd
 python_version=311
 saslauthd_runtime_dir=/var/run/saslauthd
 saslauthd_user=cyrus
author	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
commit	6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree	9279f7a330affbb5da6a1f147739b8dfd92d4a19 /vars
parent	d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download	infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz