Unverified Commit 5af86e8c authored by Patrick's avatar Patrick
Browse files

nixos/kanidm: add support for kanidm unixd config v2 



Co-authored-by: default avatarSammy Etur <sammyetur11@gmail.com>
parent ff5d4dfb

nixos/modules/services/security/kanidm.nix

+13 −1
Original line number Diff line number Diff line
@@ -368,7 +368,7 @@ in 
        freeformType = settingsFormat.type;



        options = {

          pam_allowed_login_groups = mkOption {

          kanidm.pam_allowed_login_groups = mkOption {

            description = "Kanidm groups that are allowed to login using PAM.";

            example = "my_pam_group";

            type = types.listOf types.str;
@@ -673,6 +673,10 @@ in 


  config = mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) {

    warnings = lib.optionals (cfg.package.eolMessage != "") [ cfg.package.eolMessage ];

    services.kanidm = {

      unixSettings.version = "2";

      serverSettings.version = "2";

    };



    assertions =

      let
@@ -710,6 +714,14 @@ in 
          };

      in

      [

        {

          assertion = cfg.enablePam -> !(cfg.unixSettings ? pam_allowed_login_groups);

          message = ''

            <option>services.kanidm.unixSettings.pam_allowed_login_groups</option> has been renamed

            to <option>services.kanidm.unixSettings.kanidm.pam_allowed_login_groups</option>.

            Please change your usage.

          '';

        }

        {

          assertion =

            !cfg.enableServer

nixos/tests/kanidm.nix

+1 −1
Original line number Diff line number Diff line
@@ -66,7 +66,7 @@ in 
        };

        enablePam = true;

        unixSettings = {

          pam_allowed_login_groups = [ "shell" ];

          kanidm.pam_allowed_login_groups = [ "shell" ];

        };

      };