pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / kerberos / mit.nix
at master 1.5 kB view raw
1import ../make-test-python.nix ( 2 { pkgs, ... }: 3 { 4 name = "kerberos_server-mit"; 5 6 nodes.machine = 7 { 8 config, 9 libs, 10 pkgs, 11 ... 12 }: 13 { 14 services.kerberos_server = { 15 enable = true; 16 settings.realms = { 17 "FOO.BAR".acl = [ 18 { 19 principal = "admin"; 20 access = [ 21 "add" 22 "cpw" 23 ]; 24 } 25 ]; 26 }; 27 }; 28 security.krb5 = { 29 enable = true; 30 package = pkgs.krb5; 31 settings = { 32 libdefaults = { 33 default_realm = "FOO.BAR"; 34 }; 35 realms = { 36 "FOO.BAR" = { 37 admin_server = "machine"; 38 kdc = "machine"; 39 }; 40 }; 41 }; 42 }; 43 users.extraUsers.alice = { 44 isNormalUser = true; 45 }; 46 }; 47 48 testScript = '' 49 machine.succeed( 50 "kdb5_util create -s -r FOO.BAR -P master_key", 51 "systemctl restart kadmind.service kdc.service", 52 ) 53 54 for unit in ["kadmind", "kdc"]: 55 machine.wait_for_unit(f"{unit}.service") 56 57 machine.succeed( 58 "kadmin.local add_principal -pw admin_pw admin", 59 "kadmin -p admin -w admin_pw addprinc -pw alice_pw alice", 60 "echo alice_pw | sudo -u alice kinit", 61 ) 62 ''; 63 64 meta.maintainers = [ pkgs.lib.maintainers.dblsaiko ]; 65 } 66)