Heimdal no longer stores kdc in libexec/heimdal/
This commit is contained in:
parent
60d5d50336
commit
6d08c1a790
|
|
@ -108,7 +108,7 @@ let
|
|||
else
|
||||
[ "0.0.0.0" ];
|
||||
bindClause = "--addresses=${concatStringsSep "," ips}";
|
||||
in "${pkgs.heimdal}/libexec/heimdal/kdc --config-file=${kdcConf} --ports=88 ${bindClause}";
|
||||
in "${pkgs.heimdal}/libexec/kdc --config-file=${kdcConf} --ports=88 ${bindClause}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -135,7 +135,7 @@ let
|
|||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
SecureBits = "keep-caps";
|
||||
ExecStart = concatStringsSep " " [
|
||||
"${pkgs.heimdal}/libexec/heimdal/kadmind"
|
||||
"${pkgs.heimdal}/libexec/kadmind"
|
||||
"--config-file=${kdcConf}"
|
||||
"--keytab=${cfg.kdc.primary.keytabs.kadmind}"
|
||||
"--realm=${cfg.realm}"
|
||||
|
|
@ -170,7 +170,7 @@ let
|
|||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
SecureBits = "keep-caps";
|
||||
ExecStart = concatStringsSep " " [
|
||||
"${pkgs.heimdal}/libexec/heimdal/kpasswdd"
|
||||
"${pkgs.heimdal}/libexec/kpasswdd"
|
||||
"--config-file=${kdcConf}"
|
||||
"--keytab=${cfg.kdc.primary.keytabs.kpasswdd}"
|
||||
"--realm=${cfg.realm}"
|
||||
|
|
@ -203,7 +203,7 @@ let
|
|||
|
||||
ExecStart = pkgs.writeShellScript "kdc-hprop.sh"
|
||||
(concatStringsSep " " ([
|
||||
"${pkgs.heimdal}/libexec/heimdal/hprop"
|
||||
"${pkgs.heimdal}/libexec/hprop"
|
||||
''--master-key="${cfg.kdc.master-key-file}"''
|
||||
#''--database="(echo "${staging-db}")"''
|
||||
"--database=sqlite:${cfg.kdc.database}"
|
||||
|
|
@ -308,7 +308,7 @@ let
|
|||
else
|
||||
[ "0.0.0.0" ];
|
||||
bindClause = "--addresses=${concatStringsSep "," ips}";
|
||||
in "${pkgs.heimdal}/libexec/heimdal/kdc --config-file=${kdcConf} --ports=88 ${bindClause}";
|
||||
in "${pkgs.heimdal}/libexec/kdc --config-file=${kdcConf} --ports=88 ${bindClause}";
|
||||
};
|
||||
unitConfig.ConditionPathExists = [ cfg.kdc.database ];
|
||||
};
|
||||
|
|
@ -342,7 +342,7 @@ let
|
|||
ExecStart = let
|
||||
startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"
|
||||
(concatStringsSep " " [
|
||||
"${pkgs.heimdal}/libexec/heimdal/hpropd"
|
||||
"${pkgs.heimdal}/libexec/hpropd"
|
||||
"--database=sqlite:$STATE_DIRECTORY/realm.db"
|
||||
"--keytab=${cfg.kdc.secondary.keytabs.hpropd}"
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -28,21 +28,6 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
ensure-certificates = hostname: user: key: cert:
|
||||
pkgs.writeShellScript "ensure-gemini-certificates.sh" ''
|
||||
if [[ ! -e ${key} ]]; then
|
||||
TARGET_CERT_DIR=$(${pkgs.coreutils}/bin/dirname ${cert})
|
||||
TARGET_KEY_DIR=$(${pkgs.coreutils}/bin/dirname ${key})
|
||||
if [[ ! -d $TARGET_CERT_DIR ]]; then mkdir -p $TARGET_CERT_DIR; fi
|
||||
if [[ ! -d $TARGET_KEY_DIR ]]; then mkdir -p $TARGET_KEY_DIR; fi
|
||||
${pkgs.openssl}/bin/openssl req -new -subj "/CN=.${hostname}" -addext "subjectAltName = DNS:${hostname}, DNS:.${hostname}" -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 3650 -nodes -out ${cert} -keyout ${key}
|
||||
${pkgs.coreutils}/bin/chown -R ${user}:nogroup ${cert}
|
||||
${pkgs.coreutils}/bin/chown -R ${user}:nogroup ${key}
|
||||
${pkgs.coreutils}/bin/chmod 0444 ${cert}
|
||||
${pkgs.coreutils}/bin/chmod 0400 ${key}
|
||||
fi
|
||||
'';
|
||||
|
||||
generate-feeds = feeds:
|
||||
let
|
||||
feed-strings = mapAttrsToList (feed-name: opts:
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
rec {
|
||||
gather-dependencies = pkg: unique (pkg.propagatedBuildInputs ++ (concatMap gather-dependencies pkg.propagatedBuildInputs));
|
||||
with pkgs.lib; rec {
|
||||
gather-dependencies = pkg:
|
||||
unique (pkg.propagatedBuildInputs
|
||||
++ (concatMap gather-dependencies pkg.propagatedBuildInputs));
|
||||
|
||||
lisp-source-registry = pkg: concatStringsSep ":" (map (p: "${p}//") (gather-dependencies pkg));
|
||||
lisp-source-registry = pkg:
|
||||
concatStringsSep ":" (map (p: "${p}//") (gather-dependencies pkg));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue