From a8c67fdd4bd6a1102076f9a7223b8d468f6c41ec Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 21 Dec 2024 12:46:43 +0100
Subject: [PATCH] Tweak more sssd/FreeIPA/Debian stuff

---
 personal_infra/puppet/site/01-ipa.pp              | 15 ---------------
 .../puppet/site/hideo.mad.int.pdp7.net.pp         | 10 ++++++++++
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/personal_infra/puppet/site/01-ipa.pp b/personal_infra/puppet/site/01-ipa.pp
index 3e76d28..2f4aab4 100644
--- a/personal_infra/puppet/site/01-ipa.pp
+++ b/personal_infra/puppet/site/01-ipa.pp
@@ -15,21 +15,6 @@ if $facts['os']['family'] == 'Debian' and $facts['os']['release']['major'] == "1
   }
 }
 
-# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026008
-#
-# systems which were originally Debian 11 seem to not have this problem,
-# so I'll add hacks to new systems in their manifest :(
-if $facts['os']['family'] == 'Debian' and $facts['os']['release']['major'] == "12" {
-  Package[$ipa_client_package]
-  ->
-  service {['sssd-ssh.socket', 'sssd-nss.socket', 'sssd-sudo.socket', 'sssd-pam-priv.socket']:
-    ensure => stopped,
-    enable => mask,
-  }
-  ~>
-  Exec['/usr/bin/systemctl reset-failed']
-}
-
 package {$ipa_client_package:}
 package {'sudo':}
 
diff --git a/personal_infra/puppet/site/hideo.mad.int.pdp7.net.pp b/personal_infra/puppet/site/hideo.mad.int.pdp7.net.pp
index 0f453dd..f7a1a79 100644
--- a/personal_infra/puppet/site/hideo.mad.int.pdp7.net.pp
+++ b/personal_infra/puppet/site/hideo.mad.int.pdp7.net.pp
@@ -3,4 +3,14 @@ node 'hideo.mad.int.pdp7.net' {
   class {'incus':}
   class {'steam':}
   package {['zfs-dkms', 'sanoid']:}
+
+  # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026008
+  Package[$ipa_client_package]
+  ->
+  service {['sssd-pam-priv.socket", "sssd-sudo.socket", "sssd-nss.socket']:
+    ensure => stopped,
+    enable => mask,
+  }
+  ~>
+  Exec['/usr/bin/systemctl reset-failed']
 }
-- 
2.47.3