nixos/kanidm: require explicit version from all users (741dd145) · Commits · nix / nixpkgs

nixos/modules/services/security/kanidm.nix

+2 −12

Original line number	Diff line number	Diff line
		@@ -238,8 +238,8 @@ in
		enablePam = mkEnableOption "the Kanidm PAM and NSS integration";

		package = mkPackageOption pkgs "kanidm" {
		example = "kanidm_1_4";
		extraDescription = "If not set will receive a specific version based on stateVersion. Set to `pkgs.kanidm` to always receive the latest version, with the understanding that this could introduce breaking changes.";
		example = "kanidm_1_8";
		extraDescription = "Must be set to an explicit version.";
		};

		serverSettings = mkOption {
		@@ -874,16 +874,6 @@ in
		)
		);

		services.kanidm.package =
		let
		pkg =
		if lib.versionAtLeast config.system.stateVersion "24.11" then
		pkgs.kanidm_1_4
		else
		lib.warn "No default kanidm package found for stateVersion = '${config.system.stateVersion}'. Using unpinned version. Consider setting `services.kanidm.package = pkgs.kanidm_1_x` to avoid upgrades introducing breaking changes." pkgs.kanidm;
		in
		lib.mkDefault pkg;

		environment.systemPackages = mkIf cfg.enableClient [ cfg.package ];

		systemd.tmpfiles.settings."10-kanidm" = mkIf enableServerBackup {