nixos/ipa: Make ipa_hostname configurable (#321588)

- `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can

  use the new `opensshWithKerberos` and `openssh_hpnWithKerberos` flavors (e.g. `programs.ssh.package = pkgs.openssh_gssapi`).

- `security.ipa.ipaHostname` now defaults to the value of `networking.fqdn` if

  it is set, instead of the previous hardcoded default of

  `${networking.hostName}.${security.ipa.domain}`.

- `nvimpager` was updated to version 0.13.0, which changes the order of user and

  nvimpager settings: user commands in `-c` and `--cmd` now override the

  respective default settings because they are executed later.

        description = "Whether to cache credentials.";

      };

      ipaHostname = mkOption {

        type = types.str;

        example = "myworkstation.example.com";

        default = if config.networking.domain != null then config.networking.fqdn

                  else "${config.networking.hostName}.${cfg.domain}";

        defaultText = literalExpression ''

          if config.networking.domain != null then config.networking.fqdn

          else "''${networking.hostName}.''${security.ipa.domain}"

        '';

        description = "Fully-qualified hostname used to identify this host in the IPA domain.";

      };

      ifpAllowedUids = mkOption {

        type = types.listOf types.str;

        default = ["root"];

      ipa_domain = ${cfg.domain}

      ipa_server = _srv_, ${cfg.server}

      ipa_hostname = ${config.networking.hostName}.${cfg.domain}

      ipa_hostname = ${cfg.ipaHostname}

      cache_credentials = ${pyBool cfg.cacheCredentials}

      krb5_store_password_if_offline = ${pyBool cfg.offlinePasswords}