dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/services.sssd: remove with lib;

Browse Source
This commit is contained in:
Felix Buehler 2024-08-30 00:46:49 +02:00
parent 4a435c16d2
commit 269e2407e9
1 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
nixos/modules/services/misc/sssd.nix
View File

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.services.sssd; cfg = config.services.sssd;
nscd = config.services.nscd; nscd = config.services.nscd;
@ -10,10 +9,10 @@ let
in { in {
options = { options = {
services.sssd = { services.sssd = {
enable = mkEnableOption "the System Security Services Daemon"; enable = lib.mkEnableOption "the System Security Services Daemon";
config = mkOption { config = lib.mkOption {
type = types.lines; type = lib.types.lines;
description = "Contents of {file}`sssd.conf`."; description = "Contents of {file}`sssd.conf`.";
default = '' default = ''
[sssd] [sssd]
@ -34,8 +33,8 @@ in {
''; '';
}; };
sshAuthorizedKeysIntegration = mkOption { sshAuthorizedKeysIntegration = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to make sshd look up authorized keys from SSS. Whether to make sshd look up authorized keys from SSS.
@ -43,16 +42,16 @@ in {
''; '';
}; };
kcm = mkOption { kcm = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to use SSS as a Kerberos Cache Manager (KCM). Whether to use SSS as a Kerberos Cache Manager (KCM).
Kerberos will be configured to cache credentials in SSS. Kerberos will be configured to cache credentials in SSS.
''; '';
}; };
environmentFile = mkOption { environmentFile = lib.mkOption {
type = types.nullOr types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
description = '' description = ''
Environment file as defined in {manpage}`systemd.exec(5)`. Environment file as defined in {manpage}`systemd.exec(5)`.
@ -75,8 +74,8 @@ in {
}; };
}; };
}; };
config = mkMerge [ config = lib.mkMerge [
(mkIf cfg.enable { (lib.mkIf cfg.enable {
# For `sssctl` to work. # For `sssctl` to work.
environment.etc."sssd/sssd.conf".source = settingsFile; environment.etc."sssd/sssd.conf".source = settingsFile;
environment.etc."sssd/conf.d".source = "${dataDir}/conf.d"; environment.etc."sssd/conf.d".source = "${dataDir}/conf.d";
@ -126,7 +125,7 @@ in {
services.dbus.packages = [ pkgs.sssd ]; services.dbus.packages = [ pkgs.sssd ];
}) })
(mkIf cfg.kcm { (lib.mkIf cfg.kcm {
systemd.services.sssd-kcm = { systemd.services.sssd-kcm = {
description = "SSSD Kerberos Cache Manager"; description = "SSSD Kerberos Cache Manager";
requires = [ "sssd-kcm.socket" ]; requires = [ "sssd-kcm.socket" ];
@ -148,7 +147,7 @@ in {
security.krb5.settings.libdefaults.default_ccache_name = "KCM:"; security.krb5.settings.libdefaults.default_ccache_name = "KCM:";
}) })
(mkIf cfg.sshAuthorizedKeysIntegration { (lib.mkIf cfg.sshAuthorizedKeysIntegration {
# Ugly: sshd refuses to start if a store path is given because /nix/store is group-writable. # Ugly: sshd refuses to start if a store path is given because /nix/store is group-writable.
# So indirect by a symlink. # So indirect by a symlink.
environment.etc."ssh/authorized_keys_command" = { environment.etc."ssh/authorized_keys_command" = {
@ -162,5 +161,5 @@ in {
services.openssh.authorizedKeysCommandUser = "nobody"; services.openssh.authorizedKeysCommandUser = "nobody";
})]; })];
meta.maintainers = with maintainers; [ bbigras ]; meta.maintainers = with lib.maintainers; [ bbigras ];
} }