Loading nixos/modules/services/security/kanidm.nix +17 −3 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ let mkIf mkMerge mkOption mkOrder mkPackageOption optional optionals Loading Loading @@ -368,7 +369,7 @@ in freeformType = settingsFormat.type; options = { pam_allowed_login_groups = mkOption { kanidm.pam_allowed_login_groups = mkOption { description = "Kanidm groups that are allowed to login using PAM."; example = "my_pam_group"; type = types.listOf types.str; Loading Loading @@ -673,6 +674,10 @@ in config = mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) { warnings = lib.optionals (cfg.package.eolMessage != "") [ cfg.package.eolMessage ]; services.kanidm = { unixSettings.version = "2"; serverSettings.version = "2"; }; assertions = let Loading Loading @@ -710,6 +715,14 @@ in }; in [ { assertion = cfg.enablePam -> !(cfg.unixSettings ? pam_allowed_login_groups); message = '' <option>services.kanidm.unixSettings.pam_allowed_login_groups</option> has been renamed to <option>services.kanidm.unixSettings.kanidm.pam_allowed_login_groups</option>. Please change your usage. ''; } { assertion = !cfg.enableServer Loading Loading @@ -1040,8 +1053,9 @@ in system.nssModules = mkIf cfg.enablePam [ cfg.package ]; system.nssDatabases.group = optional cfg.enablePam "kanidm"; system.nssDatabases.passwd = optional cfg.enablePam "kanidm"; # Needs to be before "files" which is `mkBefore` system.nssDatabases.group = mkOrder 490 (optional cfg.enablePam "kanidm"); system.nssDatabases.passwd = mkOrder 490 (optional cfg.enablePam "kanidm"); users.groups = mkMerge [ (mkIf cfg.enableServer { kanidm = { }; }) Loading nixos/tests/kanidm.nix +1 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ in }; enablePam = true; unixSettings = { pam_allowed_login_groups = [ "shell" ]; kanidm.pam_allowed_login_groups = [ "shell" ]; }; }; Loading Loading
nixos/modules/services/security/kanidm.nix +17 −3 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ let mkIf mkMerge mkOption mkOrder mkPackageOption optional optionals Loading Loading @@ -368,7 +369,7 @@ in freeformType = settingsFormat.type; options = { pam_allowed_login_groups = mkOption { kanidm.pam_allowed_login_groups = mkOption { description = "Kanidm groups that are allowed to login using PAM."; example = "my_pam_group"; type = types.listOf types.str; Loading Loading @@ -673,6 +674,10 @@ in config = mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) { warnings = lib.optionals (cfg.package.eolMessage != "") [ cfg.package.eolMessage ]; services.kanidm = { unixSettings.version = "2"; serverSettings.version = "2"; }; assertions = let Loading Loading @@ -710,6 +715,14 @@ in }; in [ { assertion = cfg.enablePam -> !(cfg.unixSettings ? pam_allowed_login_groups); message = '' <option>services.kanidm.unixSettings.pam_allowed_login_groups</option> has been renamed to <option>services.kanidm.unixSettings.kanidm.pam_allowed_login_groups</option>. Please change your usage. ''; } { assertion = !cfg.enableServer Loading Loading @@ -1040,8 +1053,9 @@ in system.nssModules = mkIf cfg.enablePam [ cfg.package ]; system.nssDatabases.group = optional cfg.enablePam "kanidm"; system.nssDatabases.passwd = optional cfg.enablePam "kanidm"; # Needs to be before "files" which is `mkBefore` system.nssDatabases.group = mkOrder 490 (optional cfg.enablePam "kanidm"); system.nssDatabases.passwd = mkOrder 490 (optional cfg.enablePam "kanidm"); users.groups = mkMerge [ (mkIf cfg.enableServer { kanidm = { }; }) Loading
nixos/tests/kanidm.nix +1 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ in }; enablePam = true; unixSettings = { pam_allowed_login_groups = [ "shell" ]; kanidm.pam_allowed_login_groups = [ "shell" ]; }; }; Loading
