colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/kanidm: add package option

Browse Source 
Signed-off-by: h7x4 <h7x4@nani.wtf>
This commit is contained in:
h7x4 2023-03-05 16:53:26 +01:00
parent 67bcf01c47
commit 655a04a8fa
No known key found for this signature in database
GPG Key ID: 9F2F7D8250F35146
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/security/kanidm.nix
View File

@ -69,6 +69,8 @@ in
enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");
package = lib.mkPackageOptionMD pkgs "kanidm" {};
serverSettings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
@ -222,7 +224,7 @@ in
}
];
environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ];
environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ];
systemd.services.kanidm = lib.mkIf cfg.enableServer {
description = "kanidm identity management daemon";
@ -237,7 +239,7 @@ in
StateDirectory = "kanidm";
StateDirectoryMode = "0700";
RuntimeDirectory = "kanidmd";
ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}";
ExecStart = "${cfg.package}/bin/kanidmd server -c ${serverConfigFile}";
User = "kanidm";
Group = "kanidm";
@ -270,7 +272,7 @@ in
CacheDirectory = "kanidm-unixd";
CacheDirectoryMode = "0700";
RuntimeDirectory = "kanidm-unixd";
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd";
ExecStart = "${cfg.package}/bin/kanidm_unixd";
User = "kanidm-unixd";
Group = "kanidm-unixd";
@ -302,7 +304,7 @@ in
partOf = [ "kanidm-unixd.service" ];
restartTriggers = [ unixConfigFile clientConfigFile ];
serviceConfig = {
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks";
ExecStart = "${cfg.package}/bin/kanidm_unixd_tasks";
BindReadOnlyPaths = [
"/nix/store"
@ -346,7 +348,7 @@ in
})
];
system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ];
system.nssModules = lib.mkIf cfg.enablePam [ cfg.package ];
system.nssDatabases.group = lib.optional cfg.enablePam "kanidm";
system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
@ -365,7 +367,7 @@ in
description = "Kanidm server";
isSystemUser = true;
group = "kanidm";
packages = with pkgs; [ kanidm ];
packages = [ cfg.package ];
};
})
(lib.mkIf cfg.enablePam {