nixos/modules/security/krb5/default.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / security / krb5 / default.nix
at 24.11-pre 2.5 kB view raw
 1{ config, lib, pkgs, ... }:
 2let
 3  inherit (lib) mkIf mkOption mkPackageOption mkRemovedOptionModule;
 4  inherit (lib.types) bool;
 5
 6  mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason;
 7  mkRemovedOptionModuleCfg = name: mkRemovedOptionModule' name ''
 8    The option `krb5.${name}' has been removed. Use
 9    `security.krb5.settings.${name}' for structured configuration.
10  '';
11
12  cfg = config.security.krb5;
13  format = import ./krb5-conf-format.nix { inherit pkgs lib; } { };
14in {
15  imports = [
16    (mkRemovedOptionModuleCfg "libdefaults")
17    (mkRemovedOptionModuleCfg "realms")
18    (mkRemovedOptionModuleCfg "domain_realm")
19    (mkRemovedOptionModuleCfg "capaths")
20    (mkRemovedOptionModuleCfg "appdefaults")
21    (mkRemovedOptionModuleCfg "plugins")
22    (mkRemovedOptionModuleCfg "config")
23    (mkRemovedOptionModuleCfg "extraConfig")
24    (mkRemovedOptionModule' "kerberos" ''
25      The option `krb5.kerberos' has been moved to `security.krb5.package'.
26    '')
27  ];
28
29  options = {
30    security.krb5 = {
31      enable = mkOption {
32        default = false;
33        description = "Enable and configure Kerberos utilities";
34        type = bool;
35      };
36
37      package = mkPackageOption pkgs "krb5" {
38        example = "heimdal";
39      };
40
41      settings = mkOption {
42        default = { };
43        type = format.type;
44        description = ''
45          Structured contents of the {file}`krb5.conf` file. See
46          {manpage}`krb5.conf(5)` for details about configuration.
47        '';
48        example = {
49          include = [ "/run/secrets/secret-krb5.conf" ];
50          includedir = [ "/run/secrets/secret-krb5.conf.d" ];
51
52          libdefaults = {
53            default_realm = "ATHENA.MIT.EDU";
54          };
55
56          realms = {
57            "ATHENA.MIT.EDU" = {
58              admin_server = "athena.mit.edu";
59              kdc = [
60                "athena01.mit.edu"
61                "athena02.mit.edu"
62              ];
63            };
64          };
65
66          domain_realm = {
67            "mit.edu" = "ATHENA.MIT.EDU";
68          };
69
70          logging = {
71            kdc = "SYSLOG:NOTICE";
72            admin_server = "SYSLOG:NOTICE";
73            default = "SYSLOG:NOTICE";
74          };
75        };
76      };
77    };
78  };
79
80  config = mkIf cfg.enable {
81    environment = {
82      systemPackages = [ cfg.package ];
83      etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
84    };
85  };
86
87  meta.maintainers = builtins.attrValues {
88    inherit (lib.maintainers) dblsaiko h7x4;
89  };
90}