diff options
Diffstat (limited to 'nixos/modules/services/system/kerberos.nix')
-rw-r--r-- | nixos/modules/services/system/kerberos.nix | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix new file mode 100644 index 000000000000..8fb5debd20e4 --- /dev/null +++ b/nixos/modules/services/system/kerberos.nix @@ -0,0 +1,71 @@ +{pkgs, config, ...}: + +let + + inherit (pkgs.lib) mkOption mkIf singleton; + + inherit (pkgs) heimdal; + + stateDir = "/var/heimdal"; +in + +{ + + ###### interface + + options = { + + services.kerberos_server = { + + enable = mkOption { + default = false; + description = '' + Enable the kerberos authentification server. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf config.services.kerberos_server.enable { + + environment.systemPackages = [ heimdal ]; + + services.xinetd.enable = true; + services.xinetd.services = pkgs.lib.singleton + { name = "kerberos-adm"; + flags = "REUSE NAMEINARGS"; + protocol = "tcp"; + user = "root"; + server = "${pkgs.tcp_wrappers}/sbin/tcpd"; + serverArgs = "${pkgs.heimdal}/sbin/kadmind"; + }; + + jobs.kdc = + { description = "Kerberos Domain Controller daemon"; + + startOn = "ip-up"; + + preStart = + '' + mkdir -m 0755 -p ${stateDir} + ''; + + exec = "${heimdal}/sbin/kdc"; + + }; + + jobs.kpasswdd = + { description = "Kerberos Domain Controller daemon"; + + startOn = "ip-up"; + + exec = "${heimdal}/sbin/kpasswdd"; + }; + }; + +} |