nix/lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Put launcher in script

Browse Source
This commit is contained in:
niten 2024-01-06 11:06:05 -08:00
parent 12d62caf25
commit 8ba0e155d3
1 changed files with 8 additions and 7 deletions

9
lib/fudo/auth/kerberos/kdc.nix
View File

@ -326,16 +326,17 @@ let
LimitNOFILE = 4096; LimitNOFILE = 4096;
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
Restart = # Server will retry -- this results in stacking
"never"; # Server will retry -- this results in stacking Restart = "never";
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
SecureBits = "keep-caps"; SecureBits = "keep-caps";
ReadWritePaths = [ "${dirOf cfg.kdc.database}" ]; ReadWritePaths = [ "${dirOf cfg.kdc.database}" ];
ExecStart = concatStringsSep " " [ ExecStart = writeShellScript "launch-heimdal-hpropd.sh"
(concatStringsSep " " [
"${pkgs.heimdal}/libexec/heimdal/hpropd" "${pkgs.heimdal}/libexec/heimdal/hpropd"
"--database=sqlite:${cfg.kdc.database}" "--database=sqlite:${cfg.kdc.database}"
"--keytab=${cfg.kdc.secondary.keytabs.hpropd}" "--keytab=${cfg.kdc.secondary.keytabs.hpropd}"
]; ]);
}; };
unitConfig.ConditionPathExists = unitConfig.ConditionPathExists =
[ cfg.kdc.database cfg.kdc.secondary.keytabs.hpropd ]; [ cfg.kdc.database cfg.kdc.secondary.keytabs.hpropd ];