nixos/krb5: move to security.krb5

2 files changed, 0 insertions, 174 deletions

diff --git a/nixos/modules/config/krb5/default.nix b/nixos/modules/config/krb5/default.nix
deleted file mode 100644
index 7e00b5b340a75..0000000000000
--- a/nixos/modules/config/krb5/default.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  inherit (lib) mdDoc mkIf mkOption mkPackageOption mkRemovedOptionModule;
-  inherit (lib.types) bool;
-
-  mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason;
-  mkRemovedOptionModuleCfg = name: mkRemovedOptionModule' name ''
-    The option `krb5.${name}' has been removed. Use `krb5.settings.${name}' for
-    structured configuration.
-  '';
-
-  cfg = config.krb5;
-  format = import ./krb5-conf-format.nix { inherit pkgs lib; } { };
-in {
-  imports = [
-    (mkRemovedOptionModuleCfg "libdefaults")
-    (mkRemovedOptionModuleCfg "realms")
-    (mkRemovedOptionModuleCfg "domain_realm")
-    (mkRemovedOptionModuleCfg "capaths")
-    (mkRemovedOptionModuleCfg "appdefaults")
-    (mkRemovedOptionModuleCfg "plugins")
-    (mkRemovedOptionModuleCfg "config")
-    (mkRemovedOptionModuleCfg "extraConfig")
-    (mkRemovedOptionModule' "kerberos" ''
-      The option `krb5.kerberos' has been moved to `krb5.package'.
-    '')
-  ];
-
-  options = {
-    krb5 = {
-      enable = mkOption {
-        default = false;
-        description = mdDoc "Enable and configure Kerberos utilities";
-        type = bool;
-      };
-
-      package = mkPackageOption pkgs "krb5" {
-        example = "heimdal";
-      };
-
-      settings = mkOption {
-        default = { };
-        type = format.type;
-        description = mdDoc ''
-          Structured contents of the {file}`krb5.conf` file. See
-          {manpage}`krb5.conf(5)` for details about configuration.
-        '';
-        example = {
-          include = [ "/run/secrets/secret-krb5.conf" ];
-          includedir = [ "/run/secrets/secret-krb5.conf.d" ];
-
-          libdefaults = {
-            default_realm = "ATHENA.MIT.EDU";
-          };
-
-          realms = {
-            "ATHENA.MIT.EDU" = {
-              admin_server = "athena.mit.edu";
-              kdc = [
-                "athena01.mit.edu"
-                "athena02.mit.edu"
-              ];
-            };
-          };
-
-          domain_realm = {
-            "mit.edu" = "ATHENA.MIT.EDU";
-          };
-
-          logging = {
-            kdc = "SYSLOG:NOTICE";
-            admin_server = "SYSLOG:NOTICE";
-            default = "SYSLOG:NOTICE";
-          };
-        };
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    environment = {
-      systemPackages = [ cfg.package ];
-      etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
-    };
-  };
-}
diff --git a/nixos/modules/config/krb5/krb5-conf-format.nix b/nixos/modules/config/krb5/krb5-conf-format.nix
deleted file mode 100644
index d01e47a40be05..0000000000000
--- a/nixos/modules/config/krb5/krb5-conf-format.nix
+++ /dev/null
@@ -1,88 +0,0 @@
-{ pkgs, lib, ... }:
-
-# Based on
-# - https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
-# - https://manpages.debian.org/unstable/heimdal-docs/krb5.conf.5heimdal.en.html
-
-let
-  inherit (lib) boolToString concatMapStringsSep concatStringsSep filter
-    isAttrs isBool isList mapAttrsToList mdDoc mkOption singleton splitString;
-  inherit (lib.types) attrsOf bool coercedTo either int listOf oneOf path
-    str submodule;
-in
-{ }: {
-  type = let
-    section = attrsOf relation;
-    relation = either (attrsOf value) value;
-    value = either (listOf atom) atom;
-    atom = oneOf [int str bool];
-  in submodule {
-    freeformType = attrsOf section;
-    options = {
-      include = mkOption {
-        default = [ ];
-        description = mdDoc ''
-          Files to include in the Kerberos configuration.
-        '';
-        type = coercedTo path singleton (listOf path);
-      };
-      includedir = mkOption {
-        default = [ ];
-        description = mdDoc ''
-          Directories containing files to include in the Kerberos configuration.
-        '';
-        type = coercedTo path singleton (listOf path);
-      };
-      module = mkOption {
-        default = [ ];
-        description = mdDoc ''
-          Modules to obtain Kerberos configuration from.
-        '';
-        type = coercedTo path singleton (listOf path);
-      };
-    };
-  };
-
-  generate = let
-    indent = str: concatMapStringsSep "\n" (line: "  " + line) (splitString "\n" str);
-
-    formatToplevel = args @ {
-      include ? [ ],
-      includedir ? [ ],
-      module ? [ ],
-      ...
-    }: let
-      sections = removeAttrs args [ "include" "includedir" "module" ];
-    in concatStringsSep "\n" (filter (x: x != "") [
-      (concatStringsSep "\n" (mapAttrsToList formatSection sections))
-      (concatMapStringsSep "\n" (m: "module ${m}") module)
-      (concatMapStringsSep "\n" (i: "include ${i}") include)
-      (concatMapStringsSep "\n" (i: "includedir ${i}") includedir)
-    ]);
-
-    formatSection = name: section: ''
-      [${name}]
-      ${indent (concatStringsSep "\n" (mapAttrsToList formatRelation section))}
-    '';
-
-    formatRelation = name: relation:
-      if isAttrs relation
-      then ''
-        ${name} = {
-        ${indent (concatStringsSep "\n" (mapAttrsToList formatValue relation))}
-        }''
-      else formatValue name relation;
-
-    formatValue = name: value:
-      if isList value
-      then concatMapStringsSep "\n" (formatAtom name) value
-      else formatAtom name value;
-
-    formatAtom = name: atom: let
-      v = if isBool atom then boolToString atom else toString atom;
-    in "${name} = ${v}";
-  in
-    name: value: pkgs.writeText name ''
-      ${formatToplevel value}
-    '';
-}