nixpkgs/nixos/tests/krb5/example-config.nix

# Verifies that the configuration suggested in (non-deprecated) example values
# will result in the expected output.

import ../make-test.nix ({ pkgs, ...} : {
  name = "krb5-with-example-config";
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ eqyiel ];
  };

  machine =
    { config, pkgs, ... }: {
      krb5 = {
        enable = true;
        kerberos = pkgs.krb5Full;
        libdefaults = {
          default_realm = "ATHENA.MIT.EDU";
        };
        realms = {
          "ATHENA.MIT.EDU" = {
            admin_server = "athena.mit.edu";
            kdc = "athena.mit.edu";
          };
        };
        domain_realm = {
          "example.com" = "EXAMPLE.COM";
          ".example.com" = "EXAMPLE.COM";
        };
        capaths = {
          "ATHENA.MIT.EDU" = {
            "EXAMPLE.COM" = ".";
          };
          "EXAMPLE.COM" = {
            "ATHENA.MIT.EDU" = ".";
          };
        };
        appdefaults = {
          pam = {
            debug = false;
            ticket_lifetime = 36000;
            renew_lifetime = 36000;
            max_timeout = 30;
            timeout_shift = 2;
            initial_timeout = 1;
          };
        };
        plugins = {
          ccselect = {
            disable = "k5identity";
          };
        };
        extraConfig = ''
          [logging]
            kdc          = SYSLOG:NOTICE
            admin_server = SYSLOG:NOTICE
            default      = SYSLOG:NOTICE
        '';
      };
    };

  testScript =
    let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
      [libdefaults]
        default_realm = ATHENA.MIT.EDU

      [realms]
        ATHENA.MIT.EDU = {
          admin_server = athena.mit.edu
          kdc = athena.mit.edu
        }

      [domain_realm]
        .example.com = EXAMPLE.COM
        example.com = EXAMPLE.COM

      [capaths]
        ATHENA.MIT.EDU = {
          EXAMPLE.COM = .
        }
        EXAMPLE.COM = {
          ATHENA.MIT.EDU = .
        }

      [appdefaults]
        pam = {
          debug = false
          initial_timeout = 1
          max_timeout = 30
          renew_lifetime = 36000
          ticket_lifetime = 36000
          timeout_shift = 2
        }

      [plugins]
        ccselect = {
          disable = k5identity
        }

      [logging]
        kdc          = SYSLOG:NOTICE
        admin_server = SYSLOG:NOTICE
        default      = SYSLOG:NOTICE
    '';
  in ''
    $machine->succeed("diff /etc/krb5.conf ${snapshot}");
  '';
})
nixos/krb5: complete rewrite The `krb5` service was a bit lacking. Addresses NixOS/nixpkgs#11268, partially addresses NixOS/nixpkgs#29623. 2017-09-23 12:48:44 +09:30			`# Verifies that the configuration suggested in (non-deprecated) example values`
			`# will result in the expected output.`

			`import ../make-test.nix ({ pkgs, ...} : {`
			`name = "krb5-with-example-config";`
			`meta = with pkgs.stdenv.lib.maintainers; {`
			`maintainers = [ eqyiel ];`
			`};`

			`machine =`
			`{ config, pkgs, ... }: {`
			`krb5 = {`
			`enable = true;`
			`kerberos = pkgs.krb5Full;`
			`libdefaults = {`
			`default_realm = "ATHENA.MIT.EDU";`
			`};`
			`realms = {`
			`"ATHENA.MIT.EDU" = {`
			`admin_server = "athena.mit.edu";`
			`kdc = "athena.mit.edu";`
			`};`
			`};`
			`domain_realm = {`
			`"example.com" = "EXAMPLE.COM";`
			`".example.com" = "EXAMPLE.COM";`
			`};`
			`capaths = {`
			`"ATHENA.MIT.EDU" = {`
			`"EXAMPLE.COM" = ".";`
			`};`
			`"EXAMPLE.COM" = {`
			`"ATHENA.MIT.EDU" = ".";`
			`};`
			`};`
			`appdefaults = {`
			`pam = {`
			`debug = false;`
			`ticket_lifetime = 36000;`
			`renew_lifetime = 36000;`
			`max_timeout = 30;`
			`timeout_shift = 2;`
			`initial_timeout = 1;`
			`};`
			`};`
			`plugins = {`
			`ccselect = {`
			`disable = "k5identity";`
			`};`
			`};`
			`extraConfig = ''`
			`[logging]`
			`kdc = SYSLOG:NOTICE`
			`admin_server = SYSLOG:NOTICE`
			`default = SYSLOG:NOTICE`
			`'';`
			`};`
			`};`

			`testScript =`
			`let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''`
			`[libdefaults]`
			`default_realm = ATHENA.MIT.EDU`

			`[realms]`
			`ATHENA.MIT.EDU = {`
			`admin_server = athena.mit.edu`
			`kdc = athena.mit.edu`
			`}`

			`[domain_realm]`
			`.example.com = EXAMPLE.COM`
			`example.com = EXAMPLE.COM`

			`[capaths]`
			`ATHENA.MIT.EDU = {`
			`EXAMPLE.COM = .`
			`}`
			`EXAMPLE.COM = {`
			`ATHENA.MIT.EDU = .`
			`}`

			`[appdefaults]`
			`pam = {`
			`debug = false`
			`initial_timeout = 1`
			`max_timeout = 30`
			`renew_lifetime = 36000`
			`ticket_lifetime = 36000`
			`timeout_shift = 2`
			`}`

			`[plugins]`
			`ccselect = {`
			`disable = k5identity`
			`}`

			`[logging]`
			`kdc = SYSLOG:NOTICE`
			`admin_server = SYSLOG:NOTICE`
			`default = SYSLOG:NOTICE`
			`'';`
			`in ''`
			`$machine->succeed("diff /etc/krb5.conf ${snapshot}");`
			`'';`
			`})`