1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 21:50:55 +00:00
nixpkgs/nixos/modules/services/system/kerberos.nix

65 lines
1.2 KiB
Nix
Raw Normal View History

{pkgs, config, lib, ...}:
let
inherit (lib) mkOption mkIf singleton;
inherit (pkgs) heimdalFull;
stateDir = "/var/heimdal";
in
{
###### interface
options = {
services.kerberos_server = {
enable = mkOption {
default = false;
description = ''
Enable the kerberos authentification server.
'';
};
};
};
###### implementation
config = mkIf config.services.kerberos_server.enable {
environment.systemPackages = [ heimdalFull ];
services.xinetd.enable = true;
services.xinetd.services = lib.singleton
{ name = "kerberos-adm";
flags = "REUSE NAMEINARGS";
protocol = "tcp";
user = "root";
2012-11-29 14:16:30 +00:00
server = "${pkgs.tcp_wrappers}/sbin/tcpd";
serverArgs = "${pkgs.heimdalFull}/sbin/kadmind";
};
2016-01-06 06:50:18 +00:00
systemd.services.kdc = {
2016-03-07 20:04:34 +00:00
description = "Key Distribution Center daemon";
2016-01-06 06:50:18 +00:00
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
'';
script = "${heimdalFull}/sbin/kdc";
2016-01-06 06:50:18 +00:00
};
2016-01-06 06:50:18 +00:00
systemd.services.kpasswdd = {
2016-03-07 20:04:34 +00:00
description = "Kerberos Password Changing daemon";
2016-01-06 06:50:18 +00:00
wantedBy = [ "multi-user.target" ];
script = "${heimdalFull}/sbin/kpasswdd";
2016-01-06 06:50:18 +00:00
};
};
}