nix
/
lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Perform hpropd merge outside of main dir

This commit is contained in:
niten 2024-01-12 16:51:09 -08:00
parent 2a27c0f7b1
commit e8a191908e
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/fudo/auth/kerberos/kdc.nix
View File

@ -331,16 +331,21 @@ let
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
SecureBits = "keep-caps";
ReadWritePaths = [ "${dirOf cfg.kdc.database}" ];
StateDirectory = "hemidal-hpropd";
ExecStartPre =
"cp ${cfg.kdc.database} $STATE_DIRECTORY/realm.db";
ExecStart = let
startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"
(concatStringsSep " " [
"${pkgs.heimdal}/libexec/heimdal/hpropd"
"--database=sqlite:${cfg.kdc.database}"
"--database=sqlite:$STATE_DIRECTORY/realm.db"
"--keytab=${cfg.kdc.secondary.keytabs.hpropd}"
]);
in "${startScript}";
ExecStartPost =
"chown ${cfg.user}:${cfg.group} ${cfg.kdc.database}";
ExecStartPost = ''
chown ${cfg.user}:${cfg.group} $STATE_DIRECTORY/realm.db
mv $STATE_DIRECTORY/realm.db ${cfg.kdc.database}
'';
};
unitConfig.ConditionPathExists =
[ cfg.kdc.database cfg.kdc.secondary.keytabs.hpropd ];