From f5b4918de42917469d359d3f2e019a7d174e9c1e Mon Sep 17 00:00:00 2001
From: Kai Wohlfahrt <kai.scorpio@gmail.com>
Date: Sun, 19 Nov 2017 15:13:48 +0000
Subject: [PATCH] kerberos_server: ensure only one realm configured

Leave options for multiple realms for similarity to krb5, and future
expansion. Currently not tested because I can't make it work and don't need
it.
---
 nixos/modules/services/system/kerberos/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/system/kerberos/default.nix b/nixos/modules/services/system/kerberos/default.nix
index 90be7e8d551..26ac85de402 100644
--- a/nixos/modules/services/system/kerberos/default.nix
+++ b/nixos/modules/services/system/kerberos/default.nix
@@ -1,7 +1,7 @@
 {pkgs, config, lib, ...}:
 
 let
-  inherit (lib) mkOption mkIf types;
+  inherit (lib) mkOption mkIf types length attrNames;
   cfg = config.services.kerberos_server;
   kerberos = config.krb5.kerberos;
 
@@ -72,5 +72,9 @@ in
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ kerberos ];
+    assertions = [{
+      assertion = length (attrNames cfg.realms) <= 1;
+      message = "Only one realm per server is currently supported.";
+    }];
   };
 }