nix
/
lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fuckin copy the primary job def

This commit is contained in:
niten 2024-01-13 14:19:08 -08:00
parent 168dc68251
commit 16a105a24e
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/fudo/auth/kerberos/kdc.nix
View File

@ -288,6 +288,7 @@ let
ProtectKernelLogs = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
PermissionsStartOnly = false;
LimitNOFILE = 4096;
User = cfg.user;
Group = cfg.group;
@ -295,7 +296,12 @@ let
RestartSec = "5s";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
SecureBits = "keep-caps";
RuntimeDirectory = "heimdal-kdc-secondary";
ExecStartPre = let
chownScript = pkgs.writeShellScript "kerberos-chown.sh" ''
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.kdc.database}
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.kdc.state-directory}/kerberos.log
'';
in "+${chownScript}";
ExecStart = let
ips = if (cfg.kdc.bind-addresses != [ ]) then
cfg.kdc.bind-addresses
@ -304,8 +310,7 @@ let
bindClause = "--addresses=${concatStringsSep "," ips}";
in "${pkgs.heimdal}/libexec/heimdal/kdc --config-file=${kdcConf} --ports=88 ${bindClause}";
};
unitConfig.ConditionPathExists =
[ cfg.kdc.database cfg.kdc.secondary.keytabs.hpropd ];
unitConfig.ConditionPathExists = [ cfg.kdc.database ];
};
"heimdal-hpropd@" = {