nix
/
lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Heimdal no longer stores kdc in libexec/heimdal/

This commit is contained in:
niten 2024-06-02 13:34:57 -07:00
parent 60d5d50336
commit 6d08c1a790
3 changed files with 13 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/fudo/auth/kerberos/kdc.nix
View File

@ -108,7 +108,7 @@ let
else else
[ "0.0.0.0" ]; [ "0.0.0.0" ];
bindClause = "--addresses=${concatStringsSep "," ips}"; bindClause = "--addresses=${concatStringsSep "," ips}";
in "${pkgs.heimdal}/libexec/heimdal/kdc --config-file=${kdcConf} --ports=88 ${bindClause}"; in "${pkgs.heimdal}/libexec/kdc --config-file=${kdcConf} --ports=88 ${bindClause}";
}; };
}; };
@ -135,7 +135,7 @@ let
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
SecureBits = "keep-caps"; SecureBits = "keep-caps";
ExecStart = concatStringsSep " " [ ExecStart = concatStringsSep " " [
"${pkgs.heimdal}/libexec/heimdal/kadmind" "${pkgs.heimdal}/libexec/kadmind"
"--config-file=${kdcConf}" "--config-file=${kdcConf}"
"--keytab=${cfg.kdc.primary.keytabs.kadmind}" "--keytab=${cfg.kdc.primary.keytabs.kadmind}"
"--realm=${cfg.realm}" "--realm=${cfg.realm}"
@ -170,7 +170,7 @@ let
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
SecureBits = "keep-caps"; SecureBits = "keep-caps";
ExecStart = concatStringsSep " " [ ExecStart = concatStringsSep " " [
"${pkgs.heimdal}/libexec/heimdal/kpasswdd" "${pkgs.heimdal}/libexec/kpasswdd"
"--config-file=${kdcConf}" "--config-file=${kdcConf}"
"--keytab=${cfg.kdc.primary.keytabs.kpasswdd}" "--keytab=${cfg.kdc.primary.keytabs.kpasswdd}"
"--realm=${cfg.realm}" "--realm=${cfg.realm}"
@ -203,7 +203,7 @@ let
ExecStart = pkgs.writeShellScript "kdc-hprop.sh" ExecStart = pkgs.writeShellScript "kdc-hprop.sh"
(concatStringsSep " " ([ (concatStringsSep " " ([
"${pkgs.heimdal}/libexec/heimdal/hprop" "${pkgs.heimdal}/libexec/hprop"
''--master-key="${cfg.kdc.master-key-file}"'' ''--master-key="${cfg.kdc.master-key-file}"''
#''--database="(echo "${staging-db}")"'' #''--database="(echo "${staging-db}")"''
"--database=sqlite:${cfg.kdc.database}" "--database=sqlite:${cfg.kdc.database}"
@ -308,7 +308,7 @@ let
else else
[ "0.0.0.0" ]; [ "0.0.0.0" ];
bindClause = "--addresses=${concatStringsSep "," ips}"; bindClause = "--addresses=${concatStringsSep "," ips}";
in "${pkgs.heimdal}/libexec/heimdal/kdc --config-file=${kdcConf} --ports=88 ${bindClause}"; in "${pkgs.heimdal}/libexec/kdc --config-file=${kdcConf} --ports=88 ${bindClause}";
}; };
unitConfig.ConditionPathExists = [ cfg.kdc.database ]; unitConfig.ConditionPathExists = [ cfg.kdc.database ];
}; };
@ -342,7 +342,7 @@ let
ExecStart = let ExecStart = let
startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh" startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"
(concatStringsSep " " [ (concatStringsSep " " [
"${pkgs.heimdal}/libexec/heimdal/hpropd" "${pkgs.heimdal}/libexec/hpropd"
"--database=sqlite:$STATE_DIRECTORY/realm.db" "--database=sqlite:$STATE_DIRECTORY/realm.db"
"--keytab=${cfg.kdc.secondary.keytabs.hpropd}" "--keytab=${cfg.kdc.secondary.keytabs.hpropd}"
]); ]);

15
lib/informis/cl-gemini.nix
View File

@ -28,21 +28,6 @@ let
}; };
}; };
ensure-certificates = hostname: user: key: cert:
pkgs.writeShellScript "ensure-gemini-certificates.sh" ''
if [[ ! -e ${key} ]]; then
TARGET_CERT_DIR=$(${pkgs.coreutils}/bin/dirname ${cert})
TARGET_KEY_DIR=$(${pkgs.coreutils}/bin/dirname ${key})
if [[ ! -d $TARGET_CERT_DIR ]]; then mkdir -p $TARGET_CERT_DIR; fi
if [[ ! -d $TARGET_KEY_DIR ]]; then mkdir -p $TARGET_KEY_DIR; fi
${pkgs.openssl}/bin/openssl req -new -subj "/CN=.${hostname}" -addext "subjectAltName = DNS:${hostname}, DNS:.${hostname}" -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 3650 -nodes -out ${cert} -keyout ${key}
${pkgs.coreutils}/bin/chown -R ${user}:nogroup ${cert}
${pkgs.coreutils}/bin/chown -R ${user}:nogroup ${key}
${pkgs.coreutils}/bin/chmod 0444 ${cert}
${pkgs.coreutils}/bin/chmod 0400 ${key}
fi
'';
generate-feeds = feeds: generate-feeds = feeds:
let let
feed-strings = mapAttrsToList (feed-name: opts: feed-strings = mapAttrsToList (feed-name: opts:

12
lib/lib/lisp.nix
View File

@ -1,8 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
with pkgs.lib; with pkgs.lib; rec {
rec { gather-dependencies = pkg:
gather-dependencies = pkg: unique (pkg.propagatedBuildInputs ++ (concatMap gather-dependencies pkg.propagatedBuildInputs)); unique (pkg.propagatedBuildInputs
++ (concatMap gather-dependencies pkg.propagatedBuildInputs));
lisp-source-registry = pkg: concatStringsSep ":" (map (p: "${p}//") (gather-dependencies pkg));
lisp-source-registry = pkg:
concatStringsSep ":" (map (p: "${p}//") (gather-dependencies pkg));
} }