nixos/kerberos_server: add extraKDCArgs option

This commit is contained in:
Katalin Rebhan 2025-06-07 20:59:25 +02:00
parent be7ffb6cc3
commit b3af89dd38
No known key found for this signature in database
3 changed files with 30 additions and 2 deletions

View File

@ -7,6 +7,7 @@
let
inherit (lib) mkOption types;
inherit (lib.types) listOf str;
cfg = config.services.kerberos_server;
inherit (config.security.krb5) package;
@ -41,6 +42,14 @@ in
'';
default = { };
};
extraKDCArgs = mkOption {
type = listOf str;
description = ''
Extra arguments to pass to the KDC process. See {manpage}`kdc(8)`.
'';
default = [ ];
};
};
};

View File

@ -2,11 +2,14 @@
pkgs,
config,
lib,
utils,
...
}:
let
inherit (lib) mapAttrs;
inherit (utils) escapeSystemdExecArgs;
cfg = config.services.kerberos_server;
package = config.security.krb5.package;
@ -94,7 +97,13 @@ in
"info:heimdal"
];
serviceConfig = {
ExecStart = "${package}/libexec/kdc --config-file=/etc/heimdal-kdc/kdc.conf";
ExecStart = escapeSystemdExecArgs (
[
"${package}/libexec/kdc"
"--config-file=/etc/heimdal-kdc/kdc.conf"
]
++ cfg.extraKDCArgs
);
Slice = "system-kerberos-server.slice";
StateDirectory = "heimdal";
};

View File

@ -2,11 +2,14 @@
pkgs,
config,
lib,
utils,
...
}:
let
inherit (lib) mapAttrs;
inherit (utils) escapeSystemdExecArgs;
cfg = config.services.kerberos_server;
package = config.security.krb5.package;
PIDFile = "/run/kdc.pid";
@ -91,7 +94,14 @@ in
serviceConfig = {
Type = "forking";
PIDFile = PIDFile;
ExecStart = "${package}/bin/krb5kdc -P ${PIDFile}";
ExecStart = escapeSystemdExecArgs (
[
"${package}/bin/krb5kdc"
"-P"
"${PIDFile}"
]
++ cfg.extraKDCArgs
);
Slice = "system-kerberos-server.slice";
StateDirectory = "krb5kdc";
};