nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-22 03:53:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #219700 from h7x4/kanidm-add-package-option

Browse Source 
nixos/kanidm: add package option
This commit is contained in:
Kerstin 2023-08-15 12:06:11 +02:00 committed by GitHub
commit f65301cdd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/security/kanidm.nix
View File

@ -69,6 +69,8 @@ in
enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server"); enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration"); enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");
package = lib.mkPackageOptionMD pkgs "kanidm" {};
serverSettings = lib.mkOption { serverSettings = lib.mkOption {
type = lib.types.submodule { type = lib.types.submodule {
freeformType = settingsFormat.type; freeformType = settingsFormat.type;
@ -222,7 +224,7 @@ in
} }
]; ];
environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ]; environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ];
systemd.services.kanidm = lib.mkIf cfg.enableServer { systemd.services.kanidm = lib.mkIf cfg.enableServer {
description = "kanidm identity management daemon"; description = "kanidm identity management daemon";
@ -237,7 +239,7 @@ in
StateDirectory = "kanidm"; StateDirectory = "kanidm";
StateDirectoryMode = "0700"; StateDirectoryMode = "0700";
RuntimeDirectory = "kanidmd"; RuntimeDirectory = "kanidmd";
ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}"; ExecStart = "${cfg.package}/bin/kanidmd server -c ${serverConfigFile}";
User = "kanidm"; User = "kanidm";
Group = "kanidm"; Group = "kanidm";
@ -270,7 +272,7 @@ in
CacheDirectory = "kanidm-unixd"; CacheDirectory = "kanidm-unixd";
CacheDirectoryMode = "0700"; CacheDirectoryMode = "0700";
RuntimeDirectory = "kanidm-unixd"; RuntimeDirectory = "kanidm-unixd";
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd"; ExecStart = "${cfg.package}/bin/kanidm_unixd";
User = "kanidm-unixd"; User = "kanidm-unixd";
Group = "kanidm-unixd"; Group = "kanidm-unixd";
@ -302,7 +304,7 @@ in
partOf = [ "kanidm-unixd.service" ]; partOf = [ "kanidm-unixd.service" ];
restartTriggers = [ unixConfigFile clientConfigFile ]; restartTriggers = [ unixConfigFile clientConfigFile ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks"; ExecStart = "${cfg.package}/bin/kanidm_unixd_tasks";
BindReadOnlyPaths = [ BindReadOnlyPaths = [
"/nix/store" "/nix/store"
@ -346,7 +348,7 @@ in
}) })
]; ];
system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ]; system.nssModules = lib.mkIf cfg.enablePam [ cfg.package ];
system.nssDatabases.group = lib.optional cfg.enablePam "kanidm"; system.nssDatabases.group = lib.optional cfg.enablePam "kanidm";
system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm"; system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
@ -365,7 +367,7 @@ in
description = "Kanidm server"; description = "Kanidm server";
isSystemUser = true; isSystemUser = true;
group = "kanidm"; group = "kanidm";
packages = with pkgs; [ kanidm ]; packages = [ cfg.package ];
}; };
}) })
(lib.mkIf cfg.enablePam { (lib.mkIf cfg.enablePam {