nix/lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ahh, maybe it's the fact that it's a path

Browse Source
This commit is contained in:
niten 2024-01-07 09:22:44 -08:00
parent 1186de6c36
commit 4196468cf8
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/fudo/auth/kerberos/kdc.nix
View File

@ -323,20 +323,22 @@ let
ProtectKernelLogs = true; ProtectKernelLogs = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
RestrictRealtime = true; RestrictRealtime = true;
# LimitNOFILE = 4096; LimitNOFILE = 4096;
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
# Server will retry -- this results in stacking # Server will retry -- this results in stacking
Restart = "never"; Restart = "never";
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
SecureBits = "keep-caps"; SecureBits = "keep-caps";
# ReadWritePaths = [ "${dirOf cfg.kdc.database}" ]; ReadWritePaths = [ "${dirOf cfg.kdc.database}" ];
ExecStart = pkgs.writeShellScript "launch-heimdal-hpropd.sh" ExecStart = let
startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"
(concatStringsSep " " [ (concatStringsSep " " [
"${pkgs.heimdal}/libexec/heimdal/hpropd" "${pkgs.heimdal}/libexec/heimdal/hpropd"
"--database=sqlite:${cfg.kdc.database}" "--database=sqlite:${cfg.kdc.database}"
"--keytab=${cfg.kdc.secondary.keytabs.hpropd}" "--keytab=${cfg.kdc.secondary.keytabs.hpropd}"
]); ]);
in "${startScript}";
}; };
unitConfig.ConditionPathExists = unitConfig.ConditionPathExists =
[ cfg.kdc.database cfg.kdc.secondary.keytabs.hpropd ]; [ cfg.kdc.database cfg.kdc.secondary.keytabs.hpropd ];