nixos/tests/krb5/example-config.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / krb5 / example-config.nix
at 18.09-beta 2.5 kB view raw
  1# Verifies that the configuration suggested in (non-deprecated) example values
  2# will result in the expected output.
  3
  4import ../make-test.nix ({ pkgs, ...} : {
  5  name = "krb5-with-example-config";
  6  meta = with pkgs.stdenv.lib.maintainers; {
  7    maintainers = [ eqyiel ];
  8  };
  9
 10  machine =
 11    { pkgs, ... }: {
 12      krb5 = {
 13        enable = true;
 14        kerberos = pkgs.krb5Full;
 15        libdefaults = {
 16          default_realm = "ATHENA.MIT.EDU";
 17        };
 18        realms = {
 19          "ATHENA.MIT.EDU" = {
 20            admin_server = "athena.mit.edu";
 21            kdc = "athena.mit.edu";
 22          };
 23        };
 24        domain_realm = {
 25          "example.com" = "EXAMPLE.COM";
 26          ".example.com" = "EXAMPLE.COM";
 27        };
 28        capaths = {
 29          "ATHENA.MIT.EDU" = {
 30            "EXAMPLE.COM" = ".";
 31          };
 32          "EXAMPLE.COM" = {
 33            "ATHENA.MIT.EDU" = ".";
 34          };
 35        };
 36        appdefaults = {
 37          pam = {
 38            debug = false;
 39            ticket_lifetime = 36000;
 40            renew_lifetime = 36000;
 41            max_timeout = 30;
 42            timeout_shift = 2;
 43            initial_timeout = 1;
 44          };
 45        };
 46        plugins = {
 47          ccselect = {
 48            disable = "k5identity";
 49          };
 50        };
 51        extraConfig = ''
 52          [logging]
 53            kdc          = SYSLOG:NOTICE
 54            admin_server = SYSLOG:NOTICE
 55            default      = SYSLOG:NOTICE
 56        '';
 57      };
 58    };
 59
 60  testScript =
 61    let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
 62      [libdefaults]
 63        default_realm = ATHENA.MIT.EDU
 64
 65      [realms]
 66        ATHENA.MIT.EDU = {
 67          admin_server = athena.mit.edu
 68          kdc = athena.mit.edu
 69        }
 70
 71      [domain_realm]
 72        .example.com = EXAMPLE.COM
 73        example.com = EXAMPLE.COM
 74
 75      [capaths]
 76        ATHENA.MIT.EDU = {
 77          EXAMPLE.COM = .
 78        }
 79        EXAMPLE.COM = {
 80          ATHENA.MIT.EDU = .
 81        }
 82
 83      [appdefaults]
 84        pam = {
 85          debug = false
 86          initial_timeout = 1
 87          max_timeout = 30
 88          renew_lifetime = 36000
 89          ticket_lifetime = 36000
 90          timeout_shift = 2
 91        }
 92
 93      [plugins]
 94        ccselect = {
 95          disable = k5identity
 96        }
 97
 98      [logging]
 99        kdc          = SYSLOG:NOTICE
100        admin_server = SYSLOG:NOTICE
101        default      = SYSLOG:NOTICE
102    '';
103  in ''
104    $machine->succeed("diff /etc/krb5.conf ${snapshot}");
105  '';
106})