pyrox.dev
1{pkgs, config, lib, ...}:
2
3let
4
5 inherit (lib) mkOption mkIf singleton;
6
7 inherit (pkgs) heimdalFull;
8
9 stateDir = "/var/heimdal";
10in
11
12{
13
14 ###### interface
15
16 options = {
17
18 services.kerberos_server = {
19
20 enable = mkOption {
21 default = false;
22 description = ''
23 Enable the kerberos authentification server.
24 '';
25 };
26
27 };
28
29 };
30
31
32 ###### implementation
33
34 config = mkIf config.services.kerberos_server.enable {
35
36 environment.systemPackages = [ heimdalFull ];
37
38 services.xinetd.enable = true;
39 services.xinetd.services = lib.singleton
40 { name = "kerberos-adm";
41 flags = "REUSE NAMEINARGS";
42 protocol = "tcp";
43 user = "root";
44 server = "${pkgs.tcp_wrappers}/sbin/tcpd";
45 serverArgs = "${pkgs.heimdalFull}/sbin/kadmind";
46 };
47
48 systemd.services.kdc = {
49 description = "Key Distribution Center daemon";
50 wantedBy = [ "multi-user.target" ];
51 preStart = ''
52 mkdir -m 0755 -p ${stateDir}
53 '';
54 script = "${heimdalFull}/sbin/kdc";
55 };
56
57 systemd.services.kpasswdd = {
58 description = "Kerberos Password Changing daemon";
59 wantedBy = [ "multi-user.target" ];
60 script = "${heimdalFull}/sbin/kpasswdd";
61 };
62 };
63
64}