From c18c50a42e68e5327d8612d5aed2e25d094205d3 Mon Sep 17 00:00:00 2001 From: roblabla Date: Tue, 6 Jun 2017 12:59:47 +0200 Subject: [PATCH 1/2] cyrus-sasl: Add saslauthd service support --- nixos/modules/module-list.nix | 1 + nixos/modules/services/system/saslauthd.nix | 63 +++++++++++++++++++ .../libraries/cyrus-sasl/default.nix | 1 - 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/services/system/saslauthd.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f7608a57d71..4ab70707d72 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -534,6 +534,7 @@ ./services/system/earlyoom.nix ./services/system/kerberos.nix ./services/system/nscd.nix + ./services/system/saslauthd.nix ./services/system/uptimed.nix ./services/torrent/deluge.nix ./services/torrent/flexget.nix diff --git a/nixos/modules/services/system/saslauthd.nix b/nixos/modules/services/system/saslauthd.nix new file mode 100644 index 00000000000..281716cf186 --- /dev/null +++ b/nixos/modules/services/system/saslauthd.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + nssModulesPath = config.system.nssModules.path; + cfg = config.services.saslauthd; + +in + +{ + + ###### interface + + options = { + + services.saslauthd = { + + enable = mkEnableOption "Whether to enable the Cyrus SASL authentication daemon."; + + package = mkOption { + default = pkgs.cyrus_sasl.bin; + defaultText = "pkgs.cyrus_sasl.bin"; + type = types.package; + description = "Cyrus SASL package to use."; + }; + + mechanism = mkOption { + type = types.str; + default = "pam"; + description = "Auth mechanism to use"; + }; + + config = mkOption { + type = types.lines; + default = ""; + description = "Configuration to use for Cyrus SASL authentication daemon."; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + systemd.services.saslauthd = { + description = "Cyrus SASL authentication daemon"; + + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "@${cfg.package}/sbin/saslauthd saslauthd -a ${cfg.mechanism} -O ${pkgs.writeText "saslauthd.conf" cfg.config}"; + Type = "forking"; + PIDFile = "/run/saslauthd/saslauthd.pid"; + Restart = "always"; + }; + }; + }; +} diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix index 05eb575547d..590092e988c 100644 --- a/pkgs/development/libraries/cyrus-sasl/default.nix +++ b/pkgs/development/libraries/cyrus-sasl/default.nix @@ -34,7 +34,6 @@ stdenv.mkDerivation rec { # Set this variable at build-time to make sure $out can be evaluated. preConfigure = '' configureFlagsArray=( --with-plugindir=$out/lib/sasl2 - --with-configdir=$out/lib/sasl2 --with-saslauthd=/run/saslauthd --enable-login ) From c3150412c3ed95ff55dd55180c02e227f5d0d371 Mon Sep 17 00:00:00 2001 From: roblabla Date: Tue, 6 Jun 2017 13:00:28 +0200 Subject: [PATCH 2/2] cyrus-sasl: Add optional LDAP support --- pkgs/development/libraries/cyrus-sasl/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix index 590092e988c..4bdd12eb685 100644 --- a/pkgs/development/libraries/cyrus-sasl/default.nix +++ b/pkgs/development/libraries/cyrus-sasl/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, openssl, kerberos, db, gettext, pam, fixDarwinDylibNames, autoreconfHook }: +{ lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false }: with stdenv.lib; stdenv.mkDerivation rec { @@ -14,6 +14,7 @@ stdenv.mkDerivation rec { buildInputs = [ openssl db gettext kerberos ] + ++ lib.optional enableLdap openldap ++ lib.optional stdenv.isFreeBSD autoreconfHook ++ lib.optional stdenv.isLinux pam ++ lib.optional stdenv.isDarwin fixDarwinDylibNames; @@ -29,7 +30,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-openssl=${openssl.dev}" - ]; + ] ++ lib.optional enableLdap "--with-ldap=${openldap.dev}"; # Set this variable at build-time to make sure $out can be evaluated. preConfigure = ''