Merge pull request #203122 from NixOS/backport-200354-to-release-22.11

          <literal>emacs-gtk</literal>.

        </para>

      </listitem>

      <listitem>

        <para>

          <literal>kanidm</literal> has been updated to 1.1.0-alpha.10

          and now requires a tls certificate and key. It will always

          start an https and – if enabled – an ldaps server and no http

          and ldap server anymore.

        </para>

      </listitem>

      <listitem>

        <para>

          riak package removed along with

- Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues.

  Users who still wish to remain using GTK can do so by using `emacs-gtk`.

- `kanidm` has been updated to 1.1.0-alpha.10 and now requires a tls certificate and key. It will always start an https and – if enabled – an ldaps server and no http and ldap server anymore.

- riak package removed along with `services.riak` module, due to lack of maintainer to update the package.

- ppd files in `pkgs.cups-drv-rastertosag-gdi` are now gzipped.  If you refer to such a ppd file with its path (e.g. via [hardware.printers.ensurePrinters](options.html#opt-hardware.printers.ensurePrinters)) you will need to append `.gz` to the path.

            readOnly = true;

            type = lib.types.path;

          };

          tls_chain = lib.mkOption {

            description = lib.mdDoc "TLS chain in pem format.";

            type = lib.types.path;

          };

          tls_key = lib.mkOption {

            description = lib.mdDoc "TLS key in pem format.";

            type = lib.types.path;

          };

          log_level = lib.mkOption {

            description = lib.mdDoc "Log level of the server.";

            default = "default";

        serverSettings = {

          origin = "https://${serverDomain}";

          domain = serverDomain;

          bindaddress = "[::1]:8443";

          bindaddress = "[::]:443";

          ldapbindaddress = "[::1]:636";

        };

      };

      services.nginx = {

        enable = true;

        recommendedProxySettings = true;

        virtualHosts."${serverDomain}" = {

          forceSSL = true;

          sslCertificate = certs."${serverDomain}".cert;

          sslCertificateKey = certs."${serverDomain}".key;

          locations."/".proxyPass = "http://[::1]:8443";

          tls_chain = certs."${serverDomain}".cert;

          tls_key = certs."${serverDomain}".key;

        };

      };

      security.pki.certificateFiles = [ certs.ca.cert ];

      networking.hosts."::1" = [ serverDomain ];

      networking.firewall.allowedTCPPorts = [ 80 443 ];

      networking.firewall.allowedTCPPorts = [ 443 ];

      users.users.kanidm.shell = pkgs.bashInteractive;

        start_all()

        server.wait_for_unit("kanidm.service")

        server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")

        server.succeed("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'")

        server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'")

        client.succeed("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")

        rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")

        assert rv == 0

in

rustPlatform.buildRustPackage rec {

  pname = "kanidm";

  version = "1.1.0-alpha.9";

  version = "1.1.0-alpha.10";

  src = fetchFromGitHub {

    owner = pname;

    repo = pname;

    rev = "985462590b1c49b26a0b0ee01e24b1eb01942165";

    hash = "sha256-JtoDuA3NCKmX+wDqav30VwrLeDALYat1iKFWpbYOO1s=";

    rev = "fb76326234bffd9c9f3f24808d113f2c335c86fe";

    hash = "sha256-nE3zyigorAbDp5mgXzoyXWGOG+GaFC//SS/7Z9zj1Ps=";

  };

  cargoSha256 = "sha256-pkBkXIG2PF5YMeighQwHwhURWbJabfveyszRIdrQjcA=";

  cargoSha256 = "sha256-/CcmKYPtBHNdhJnO0OmZtW/39HH58qmCE9hFbIiNsaE=";

  KANIDM_BUILD_PROFILE = "release_nixos_${arch}";