nixos/services.sssd: remove with lib;

2024-08-30 00:46:49 +02:00 · 2024-08-30 00:46:49 +02:00 · 269e2407e9
commit 269e2407e9
parent 4a435c16d2
1 changed files with 14 additions and 15 deletions
--- a/nixos/modules/services/misc/sssd.nix
+++ b/nixos/modules/services/misc/sssd.nix
@ -1,5 +1,4 @@
 { config, lib, pkgs, ... }:
-with lib;
 let
  cfg = config.services.sssd;
  nscd = config.services.nscd;
@ -10,10 +9,10 @@ let
 in {
  options = {
    services.sssd = {
-      enable = mkEnableOption "the System Security Services Daemon";
+      enable = lib.mkEnableOption "the System Security Services Daemon";

-      config = mkOption {
-        type = types.lines;
+      config = lib.mkOption {
+        type = lib.types.lines;
        description = "Contents of {file}`sssd.conf`.";
        default = ''
          [sssd]
@ -34,8 +33,8 @@ in {
        '';
      };

-      sshAuthorizedKeysIntegration = mkOption {
-        type = types.bool;
+      sshAuthorizedKeysIntegration = lib.mkOption {
+        type = lib.types.bool;
        default = false;
        description = ''
          Whether to make sshd look up authorized keys from SSS.
@ -43,16 +42,16 @@ in {
        '';
      };

-      kcm = mkOption {
-        type = types.bool;
+      kcm = lib.mkOption {
+        type = lib.types.bool;
        default = false;
        description = ''
          Whether to use SSS as a Kerberos Cache Manager (KCM).
          Kerberos will be configured to cache credentials in SSS.
        '';
      };
-      environmentFile = mkOption {
-        type = types.nullOr types.path;
+      environmentFile = lib.mkOption {
+        type = lib.types.nullOr lib.types.path;
        default = null;
        description = ''
          Environment file as defined in {manpage}`systemd.exec(5)`.
@ -75,8 +74,8 @@ in {
      };
    };
  };
-  config = mkMerge [
-    (mkIf cfg.enable {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
      # For `sssctl` to work.
      environment.etc."sssd/sssd.conf".source = settingsFile;
      environment.etc."sssd/conf.d".source = "${dataDir}/conf.d";
@ -126,7 +125,7 @@ in {
      services.dbus.packages = [ pkgs.sssd ];
    })

-    (mkIf cfg.kcm {
+    (lib.mkIf cfg.kcm {
      systemd.services.sssd-kcm = {
        description = "SSSD Kerberos Cache Manager";
        requires = [ "sssd-kcm.socket" ];
@ -148,7 +147,7 @@ in {
      security.krb5.settings.libdefaults.default_ccache_name = "KCM:";
    })

-    (mkIf cfg.sshAuthorizedKeysIntegration {
+    (lib.mkIf cfg.sshAuthorizedKeysIntegration {
    # Ugly: sshd refuses to start if a store path is given because /nix/store is group-writable.
    # So indirect by a symlink.
    environment.etc."ssh/authorized_keys_command" = {
@ -162,5 +161,5 @@ in {
    services.openssh.authorizedKeysCommandUser = "nobody";
  })];

-  meta.maintainers = with maintainers; [ bbigras ];
+  meta.maintainers = with lib.maintainers; [ bbigras ];
 }