2014-05-05 19:58:51 +01:00
|
|
|
{pkgs, config, lib, ...}:
|
2010-08-06 09:49:08 +01:00
|
|
|
|
|
|
|
let
|
|
|
|
|
2014-05-05 19:58:51 +01:00
|
|
|
inherit (lib) mkOption mkIf singleton;
|
2010-08-06 09:49:08 +01:00
|
|
|
|
2016-04-24 20:56:15 +01:00
|
|
|
inherit (pkgs) heimdalFull;
|
2010-08-06 09:49:08 +01:00
|
|
|
|
|
|
|
stateDir = "/var/heimdal";
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
###### interface
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2010-08-06 09:49:08 +01:00
|
|
|
options = {
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2010-08-06 09:49:08 +01:00
|
|
|
services.kerberos_server = {
|
|
|
|
|
|
|
|
enable = mkOption {
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Enable the kerberos authentification server.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
|
|
config = mkIf config.services.kerberos_server.enable {
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2016-04-24 20:56:15 +01:00
|
|
|
environment.systemPackages = [ heimdalFull ];
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2010-08-06 09:49:08 +01:00
|
|
|
services.xinetd.enable = true;
|
2014-05-05 19:58:51 +01:00
|
|
|
services.xinetd.services = lib.singleton
|
2010-08-06 09:49:08 +01:00
|
|
|
{ name = "kerberos-adm";
|
|
|
|
flags = "REUSE NAMEINARGS";
|
|
|
|
protocol = "tcp";
|
|
|
|
user = "root";
|
2012-11-29 14:16:30 +00:00
|
|
|
server = "${pkgs.tcp_wrappers}/sbin/tcpd";
|
2016-04-24 20:56:15 +01:00
|
|
|
serverArgs = "${pkgs.heimdalFull}/sbin/kadmind";
|
2010-08-06 09:49:08 +01:00
|
|
|
};
|
|
|
|
|
2016-01-06 06:50:18 +00:00
|
|
|
systemd.services.kdc = {
|
2016-03-07 20:04:34 +00:00
|
|
|
description = "Key Distribution Center daemon";
|
2016-01-06 06:50:18 +00:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
preStart = ''
|
|
|
|
mkdir -m 0755 -p ${stateDir}
|
|
|
|
'';
|
2016-04-24 20:56:15 +01:00
|
|
|
script = "${heimdalFull}/sbin/kdc";
|
2016-01-06 06:50:18 +00:00
|
|
|
};
|
2010-08-06 09:49:08 +01:00
|
|
|
|
2016-01-06 06:50:18 +00:00
|
|
|
systemd.services.kpasswdd = {
|
2016-03-07 20:04:34 +00:00
|
|
|
description = "Kerberos Password Changing daemon";
|
2016-01-06 06:50:18 +00:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2016-04-24 20:56:15 +01:00
|
|
|
script = "${heimdalFull}/sbin/kpasswdd";
|
2016-01-06 06:50:18 +00:00
|
|
|
};
|
2010-08-06 09:49:08 +01:00
|
|
|
};
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2010-08-06 09:49:08 +01:00
|
|
|
}
|