pyrox.dev
1{pkgs, config, lib, ...}:
2
3let
4
5 inherit (lib) mkOption mkIf singleton;
6
7 inherit (pkgs) heimdal;
8
9 stateDir = "/var/heimdal";
10in
11
12{
13
14 ###### interface
15
16 options = {
17
18 services.kerberos_server = {
19
20 enable = mkOption {
21 default = false;
22 description = ''
23 Enable the kerberos authentification server.
24 '';
25 };
26
27 };
28
29 };
30
31
32 ###### implementation
33
34 config = mkIf config.services.kerberos_server.enable {
35
36 environment.systemPackages = [ heimdal ];
37
38 services.xinetd.enable = true;
39 services.xinetd.services = lib.singleton
40 { name = "kerberos-adm";
41 flags = "REUSE NAMEINARGS";
42 protocol = "tcp";
43 user = "root";
44 server = "${pkgs.tcp_wrappers}/sbin/tcpd";
45 serverArgs = "${pkgs.heimdal}/sbin/kadmind";
46 };
47
48 jobs.kdc =
49 { description = "Kerberos Domain Controller daemon";
50
51 startOn = "ip-up";
52
53 preStart =
54 ''
55 mkdir -m 0755 -p ${stateDir}
56 '';
57
58 exec = "${heimdal}/sbin/kdc";
59
60 };
61
62 jobs.kpasswdd =
63 { description = "Kerberos Domain Controller daemon";
64
65 startOn = "ip-up";
66
67 exec = "${heimdal}/sbin/kpasswdd";
68 };
69 };
70
71}