about summary refs log tree commit diff
path: root/nixos/modules/services/security
diff options
context:
space:
mode:
authorh7x4 <h7x4@nani.wtf>2023-03-05 16:53:26 +0100
committerh7x4 <h7x4@nani.wtf>2023-08-15 10:05:44 +0200
commit655a04a8fa43507f1642be4732926b2d1cec5128 (patch)
treecd03ddcb9e1e0b1bf555939fcaa1886b2cb14c56 /nixos/modules/services/security
parent67bcf01c471217a9a1ac7e8aac3e5dde182ed6e9 (diff)
downloadnixlib-655a04a8fa43507f1642be4732926b2d1cec5128.tar
nixlib-655a04a8fa43507f1642be4732926b2d1cec5128.tar.gz
nixlib-655a04a8fa43507f1642be4732926b2d1cec5128.tar.bz2
nixlib-655a04a8fa43507f1642be4732926b2d1cec5128.tar.lz
nixlib-655a04a8fa43507f1642be4732926b2d1cec5128.tar.xz
nixlib-655a04a8fa43507f1642be4732926b2d1cec5128.tar.zst
nixlib-655a04a8fa43507f1642be4732926b2d1cec5128.zip
nixos/kanidm: add package option
Signed-off-by: h7x4 <h7x4@nani.wtf>
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r--nixos/modules/services/security/kanidm.nix14
1 files changed, 8 insertions, 6 deletions
diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix
index 6fb9f71a489e..d8a99dee59f4 100644
--- a/nixos/modules/services/security/kanidm.nix
+++ b/nixos/modules/services/security/kanidm.nix
@@ -69,6 +69,8 @@ in
     enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server");
     enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration");
 
+    package = lib.mkPackageOptionMD pkgs "kanidm" {};
+
     serverSettings = lib.mkOption {
       type = lib.types.submodule {
         freeformType = settingsFormat.type;
@@ -222,7 +224,7 @@ in
         }
       ];
 
-    environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ];
+    environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ];
 
     systemd.services.kanidm = lib.mkIf cfg.enableServer {
       description = "kanidm identity management daemon";
@@ -237,7 +239,7 @@ in
           StateDirectory = "kanidm";
           StateDirectoryMode = "0700";
           RuntimeDirectory = "kanidmd";
-          ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}";
+          ExecStart = "${cfg.package}/bin/kanidmd server -c ${serverConfigFile}";
           User = "kanidm";
           Group = "kanidm";
 
@@ -270,7 +272,7 @@ in
           CacheDirectory = "kanidm-unixd";
           CacheDirectoryMode = "0700";
           RuntimeDirectory = "kanidm-unixd";
-          ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd";
+          ExecStart = "${cfg.package}/bin/kanidm_unixd";
           User = "kanidm-unixd";
           Group = "kanidm-unixd";
 
@@ -302,7 +304,7 @@ in
       partOf = [ "kanidm-unixd.service" ];
       restartTriggers = [ unixConfigFile clientConfigFile ];
       serviceConfig = {
-        ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks";
+        ExecStart = "${cfg.package}/bin/kanidm_unixd_tasks";
 
         BindReadOnlyPaths = [
           "/nix/store"
@@ -346,7 +348,7 @@ in
       })
     ];
 
-    system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ];
+    system.nssModules = lib.mkIf cfg.enablePam [ cfg.package ];
 
     system.nssDatabases.group = lib.optional cfg.enablePam "kanidm";
     system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
@@ -365,7 +367,7 @@ in
           description = "Kanidm server";
           isSystemUser = true;
           group = "kanidm";
-          packages = with pkgs; [ kanidm ];
+          packages = [ cfg.package ];
         };
       })
       (lib.mkIf cfg.enablePam {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-12 15:43:22 +0000