nixos/tests/krb5/example-config.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / krb5 / example-config.nix
at 23.11-beta 2.6 kB view raw
  1# Verifies that the configuration suggested in (non-deprecated) example values
  2# will result in the expected output.
  3
  4import ../make-test-python.nix ({ pkgs, ...} : {
  5  name = "krb5-with-example-config";
  6  meta = with pkgs.lib.maintainers; {
  7    maintainers = [ eqyiel ];
  8  };
  9
 10  nodes.machine =
 11    { pkgs, ... }: {
 12      krb5 = {
 13        enable = true;
 14        kerberos = pkgs.krb5;
 15        libdefaults = {
 16          default_realm = "ATHENA.MIT.EDU";
 17        };
 18        realms = {
 19          "ATHENA.MIT.EDU" = {
 20            admin_server = "athena.mit.edu";
 21            kdc = [
 22              "athena01.mit.edu"
 23              "athena02.mit.edu"
 24            ];
 25          };
 26        };
 27        domain_realm = {
 28          "example.com" = "EXAMPLE.COM";
 29          ".example.com" = "EXAMPLE.COM";
 30        };
 31        capaths = {
 32          "ATHENA.MIT.EDU" = {
 33            "EXAMPLE.COM" = ".";
 34          };
 35          "EXAMPLE.COM" = {
 36            "ATHENA.MIT.EDU" = ".";
 37          };
 38        };
 39        appdefaults = {
 40          pam = {
 41            debug = false;
 42            ticket_lifetime = 36000;
 43            renew_lifetime = 36000;
 44            max_timeout = 30;
 45            timeout_shift = 2;
 46            initial_timeout = 1;
 47          };
 48        };
 49        plugins = {
 50          ccselect = {
 51            disable = "k5identity";
 52          };
 53        };
 54        extraConfig = ''
 55          [logging]
 56            kdc          = SYSLOG:NOTICE
 57            admin_server = SYSLOG:NOTICE
 58            default      = SYSLOG:NOTICE
 59        '';
 60      };
 61    };
 62
 63  testScript =
 64    let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
 65      [libdefaults]
 66        default_realm = ATHENA.MIT.EDU
 67
 68      [realms]
 69        ATHENA.MIT.EDU = {
 70          admin_server = athena.mit.edu
 71          kdc = athena01.mit.edu
 72          kdc = athena02.mit.edu
 73        }
 74
 75      [domain_realm]
 76        .example.com = EXAMPLE.COM
 77        example.com = EXAMPLE.COM
 78
 79      [capaths]
 80        ATHENA.MIT.EDU = {
 81          EXAMPLE.COM = .
 82        }
 83        EXAMPLE.COM = {
 84          ATHENA.MIT.EDU = .
 85        }
 86
 87      [appdefaults]
 88        pam = {
 89          debug = false
 90          initial_timeout = 1
 91          max_timeout = 30
 92          renew_lifetime = 36000
 93          ticket_lifetime = 36000
 94          timeout_shift = 2
 95        }
 96
 97      [plugins]
 98        ccselect = {
 99          disable = k5identity
100        }
101
102      [logging]
103        kdc          = SYSLOG:NOTICE
104        admin_server = SYSLOG:NOTICE
105        default      = SYSLOG:NOTICE
106    '';
107  in ''
108    machine.succeed(
109        "diff /etc/krb5.conf ${snapshot}"
110    )
111  '';
112})