nixos/tests/krb5/example-config.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / krb5 / example-config.nix
at master 3.2 kB view raw
  1# Verifies that the configuration suggested in (non-deprecated) example values
  2# will result in the expected output.
  3
  4import ../make-test-python.nix (
  5  { pkgs, ... }:
  6  {
  7    name = "krb5-with-example-config";
  8    meta = with pkgs.lib.maintainers; {
  9      maintainers = [
 10        eqyiel
 11        dblsaiko
 12      ];
 13    };
 14
 15    nodes.machine =
 16      { pkgs, ... }:
 17      {
 18        security.krb5 = {
 19          enable = true;
 20          package = pkgs.krb5;
 21          settings = {
 22            includedir = [
 23              "/etc/krb5.conf.d"
 24            ];
 25            include = [
 26              "/etc/krb5-extra.conf"
 27            ];
 28            libdefaults = {
 29              default_realm = "ATHENA.MIT.EDU";
 30            };
 31            realms = {
 32              "ATHENA.MIT.EDU" = {
 33                admin_server = "athena.mit.edu";
 34                kdc = [
 35                  "athena01.mit.edu"
 36                  "athena02.mit.edu"
 37                ];
 38              };
 39            };
 40            domain_realm = {
 41              "example.com" = "EXAMPLE.COM";
 42              ".example.com" = "EXAMPLE.COM";
 43            };
 44            capaths = {
 45              "ATHENA.MIT.EDU" = {
 46                "EXAMPLE.COM" = ".";
 47              };
 48              "EXAMPLE.COM" = {
 49                "ATHENA.MIT.EDU" = ".";
 50              };
 51            };
 52            appdefaults = {
 53              pam = {
 54                debug = false;
 55                ticket_lifetime = 36000;
 56                renew_lifetime = 36000;
 57                max_timeout = 30;
 58                timeout_shift = 2;
 59                initial_timeout = 1;
 60              };
 61            };
 62            plugins.ccselect.disable = "k5identity";
 63            logging = {
 64              kdc = "SYSLOG:NOTICE";
 65              admin_server = "SYSLOG:NOTICE";
 66              default = "SYSLOG:NOTICE";
 67            };
 68          };
 69        };
 70      };
 71
 72    testScript =
 73      let
 74        snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
 75          [appdefaults]
 76            pam = {
 77              debug = false
 78              initial_timeout = 1
 79              max_timeout = 30
 80              renew_lifetime = 36000
 81              ticket_lifetime = 36000
 82              timeout_shift = 2
 83            }
 84
 85          [capaths]
 86            ATHENA.MIT.EDU = {
 87              EXAMPLE.COM = .
 88            }
 89            EXAMPLE.COM = {
 90              ATHENA.MIT.EDU = .
 91            }
 92
 93          [domain_realm]
 94            .example.com = EXAMPLE.COM
 95            example.com = EXAMPLE.COM
 96
 97          [libdefaults]
 98            default_realm = ATHENA.MIT.EDU
 99
100          [logging]
101            admin_server = SYSLOG:NOTICE
102            default = SYSLOG:NOTICE
103            kdc = SYSLOG:NOTICE
104
105          [plugins]
106            ccselect = {
107              disable = k5identity
108            }
109
110          [realms]
111            ATHENA.MIT.EDU = {
112              admin_server = athena.mit.edu
113              kdc = athena01.mit.edu
114              kdc = athena02.mit.edu
115            }
116
117          include /etc/krb5-extra.conf
118          includedir /etc/krb5.conf.d
119        '';
120      in
121      ''
122        machine.succeed(
123            "diff /etc/krb5.conf ${snapshot}"
124        )
125      '';
126  }
127)