Merge pull request #219700 from h7x4/kanidm-add-package-option

nixos/kanidm: add package option
2025-02-21 19:44:09 +00:00 · 2023-08-15 12:06:11 +02:00 · 2023-08-15 12:06:11 +02:00 · f65301cdd3
commit f65301cdd3
parent 78188e2b61 655a04a8fa
1 changed files with 8 additions and 6 deletions
--- a/nixos/modules/services/security/kanidm.nix
+++ b/nixos/modules/services/security/kanidm.nix
@ -69,6 +69,8 @@ in
    enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
    enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");

+    package = lib.mkPackageOptionMD pkgs "kanidm" {};
+
    serverSettings = lib.mkOption {
      type = lib.types.submodule {
        freeformType = settingsFormat.type;
@ -222,7 +224,7 @@ in
        }
      ];

-    environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ];
+    environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ];

    systemd.services.kanidm = lib.mkIf cfg.enableServer {
      description = "kanidm identity management daemon";
@ -237,7 +239,7 @@ in
          StateDirectory = "kanidm";
          StateDirectoryMode = "0700";
          RuntimeDirectory = "kanidmd";
-          ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}";
+          ExecStart = "${cfg.package}/bin/kanidmd server -c ${serverConfigFile}";
          User = "kanidm";
          Group = "kanidm";

@ -270,7 +272,7 @@ in
          CacheDirectory = "kanidm-unixd";
          CacheDirectoryMode = "0700";
          RuntimeDirectory = "kanidm-unixd";
-          ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd";
+          ExecStart = "${cfg.package}/bin/kanidm_unixd";
          User = "kanidm-unixd";
          Group = "kanidm-unixd";

@ -302,7 +304,7 @@ in
      partOf = [ "kanidm-unixd.service" ];
      restartTriggers = [ unixConfigFile clientConfigFile ];
      serviceConfig = {
-        ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks";
+        ExecStart = "${cfg.package}/bin/kanidm_unixd_tasks";

        BindReadOnlyPaths = [
          "/nix/store"
@ -346,7 +348,7 @@ in
      })
    ];

-    system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ];
+    system.nssModules = lib.mkIf cfg.enablePam [ cfg.package ];

    system.nssDatabases.group = lib.optional cfg.enablePam "kanidm";
    system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
@ -365,7 +367,7 @@ in
          description = "Kanidm server";
          isSystemUser = true;
          group = "kanidm";
-          packages = with pkgs; [ kanidm ];
+          packages = [ cfg.package ];
        };
      })
      (lib.mkIf cfg.enablePam {