pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / security / krb5 / default.nix
at master 3.1 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 inherit (lib) 9 mkIf 10 mkOption 11 mkPackageOption 12 mkRemovedOptionModule 13 ; 14 inherit (lib.types) bool; 15 16 mkRemovedOptionModule' = name: reason: mkRemovedOptionModule [ "krb5" name ] reason; 17 mkRemovedOptionModuleCfg = 18 name: 19 mkRemovedOptionModule' name '' 20 The option `krb5.${name}' has been removed. Use 21 `security.krb5.settings.${name}' for structured configuration. 22 ''; 23 24 cfg = config.security.krb5; 25 format = import ./krb5-conf-format.nix { inherit pkgs lib; } { }; 26in 27{ 28 imports = [ 29 (mkRemovedOptionModuleCfg "libdefaults") 30 (mkRemovedOptionModuleCfg "realms") 31 (mkRemovedOptionModuleCfg "domain_realm") 32 (mkRemovedOptionModuleCfg "capaths") 33 (mkRemovedOptionModuleCfg "appdefaults") 34 (mkRemovedOptionModuleCfg "plugins") 35 (mkRemovedOptionModuleCfg "config") 36 (mkRemovedOptionModuleCfg "extraConfig") 37 (mkRemovedOptionModule' "kerberos" '' 38 The option `krb5.kerberos' has been moved to `security.krb5.package'. 39 '') 40 ]; 41 42 options = { 43 security.krb5 = { 44 enable = mkOption { 45 default = false; 46 description = "Enable and configure Kerberos utilities"; 47 type = bool; 48 }; 49 50 package = mkPackageOption pkgs "krb5" { 51 example = "heimdal"; 52 }; 53 54 settings = mkOption { 55 default = { }; 56 type = format.type; 57 description = '' 58 Structured contents of the {file}`krb5.conf` file. See 59 {manpage}`krb5.conf(5)` for details about configuration. 60 ''; 61 example = { 62 include = [ "/run/secrets/secret-krb5.conf" ]; 63 includedir = [ "/run/secrets/secret-krb5.conf.d" ]; 64 65 libdefaults = { 66 default_realm = "ATHENA.MIT.EDU"; 67 }; 68 69 realms = { 70 "ATHENA.MIT.EDU" = { 71 admin_server = "athena.mit.edu"; 72 kdc = [ 73 "athena01.mit.edu" 74 "athena02.mit.edu" 75 ]; 76 }; 77 }; 78 79 domain_realm = { 80 "mit.edu" = "ATHENA.MIT.EDU"; 81 }; 82 83 logging = { 84 kdc = "SYSLOG:NOTICE"; 85 admin_server = "SYSLOG:NOTICE"; 86 default = "SYSLOG:NOTICE"; 87 }; 88 }; 89 }; 90 }; 91 }; 92 93 config = { 94 assertions = mkIf (cfg.enable || config.services.kerberos_server.enable) [ 95 ( 96 let 97 implementation = cfg.package.passthru.implementation or "<NOT SET>"; 98 in 99 { 100 assertion = lib.elem implementation [ 101 "krb5" 102 "heimdal" 103 ]; 104 message = '' 105 `security.krb5.package` must be one of: 106 107 - krb5 108 - heimdal 109 110 Currently chosen implementation: ${implementation} 111 ''; 112 } 113 ) 114 ]; 115 116 environment = mkIf cfg.enable { 117 systemPackages = [ cfg.package ]; 118 etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings; 119 }; 120 }; 121 122 meta.maintainers = builtins.attrValues { 123 inherit (lib.maintainers) dblsaiko h7x4; 124 }; 125}