From 49009f67e7ac58c1ed088629837d42469104c5c8 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Fri, 22 Sep 2023 23:20:44 -0700
Subject: [PATCH] Figured out how to correctly change ownership

---
 lib/fudo/auth/kerberos/kdc.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/fudo/auth/kerberos/kdc.nix b/lib/fudo/auth/kerberos/kdc.nix
index 1b80014..b759167 100644
--- a/lib/fudo/auth/kerberos/kdc.nix
+++ b/lib/fudo/auth/kerberos/kdc.nix
@@ -74,7 +74,7 @@ let
               after = [ "network-online.target" ];
               description =
                 "Heimdal Kerberos Key Distribution Center (primary ticket server).";
-              path = with pkgs; [ heimdal ];
+              path = with pkgs; [ heimdal coreutils ];
               serviceConfig = {
                 PrivateDevices = true;
                 PrivateTmp = true;
@@ -97,10 +97,12 @@ let
                 RestartSec = "5s";
                 AmbientCapabilities = "CAP_NET_BIND_SERVICE";
                 SecureBits = "keep-caps";
-                ExecStartPre = ''
-                  chown ${cfg.user}:${cfg.group} ${cfg.kdc.database}
-                  chown ${cfg.user}:${cfg.group} ${cfg.kdc.state-directory}/kerberos.log
-                '';
+                ExecStartPre = let
+                  chownScript = ''
+                    chown ${cfg.user}:${cfg.group} ${cfg.kdc.database}
+                    chown ${cfg.user}:${cfg.group} ${cfg.kdc.state-directory}/kerberos.log
+                  '';
+                in "+${chownScript}";
                 ExecStart = let
                   ips = if (cfg.kdc.bind-addresses != [ ]) then
                     cfg.kdc.bind-addresses