diff options
author | Marco Rebhan <me@dblsaiko.net> | 2023-07-24 23:12:29 +0200 |
---|---|---|
committer | Marco Rebhan <me@dblsaiko.net> | 2023-12-21 11:35:26 +0100 |
commit | fed77d170513ea7a09c8ed5ec5d3eaa8fdd0fd87 (patch) | |
tree | 43f760a290596a1426515ea61de35b057e44ae9e /nixos/modules | |
parent | 92a541c0ed590db1e8bee7436a6130cb5d589a6c (diff) |
nixos/krb5: move to security.krb5
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/ipa.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/krb5/default.nix (renamed from nixos/modules/config/krb5/default.nix) | 10 | ||||
-rw-r--r-- | nixos/modules/security/krb5/krb5-conf-format.nix (renamed from nixos/modules/config/krb5/krb5-conf-format.nix) | 0 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/system/kerberos/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/system/kerberos/heimdal.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/system/kerberos/mit.nix | 2 |
8 files changed, 14 insertions, 14 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 52c6fe5028f18..b9dce250087b1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -10,7 +10,6 @@ ./config/gtk/gtk-icon-cache.nix ./config/i18n.nix ./config/iproute2.nix - ./config/krb5/default.nix ./config/ldap.nix ./config/ldso.nix ./config/locale.nix @@ -308,6 +307,7 @@ ./security/duosec.nix ./security/google_oslogin.nix ./security/ipa.nix + ./security/krb5 ./security/lock-kernel-modules.nix ./security/misc.nix ./security/oath.nix diff --git a/nixos/modules/security/ipa.nix b/nixos/modules/security/ipa.nix index 69a670cd5e4a3..df59d1e754140 100644 --- a/nixos/modules/security/ipa.nix +++ b/nixos/modules/security/ipa.nix @@ -117,8 +117,8 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = !config.krb5.enable; - message = "krb5 must be disabled through `krb5.enable` for FreeIPA integration to work."; + assertion = !config.security.krb5.enable; + message = "krb5 must be disabled through `security.krb5.enable` for FreeIPA integration to work."; } { assertion = !config.users.ldap.enable; diff --git a/nixos/modules/config/krb5/default.nix b/nixos/modules/security/krb5/default.nix index 7e00b5b340a75..5f0cfe3e23b0a 100644 --- a/nixos/modules/config/krb5/default.nix +++ b/nixos/modules/security/krb5/default.nix @@ -5,11 +5,11 @@ let mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason; mkRemovedOptionModuleCfg = name: mkRemovedOptionModule' name '' - The option `krb5.${name}' has been removed. Use `krb5.settings.${name}' for - structured configuration. + The option `krb5.${name}' has been removed. Use + `security.krb5.settings.${name}' for structured configuration. ''; - cfg = config.krb5; + cfg = config.security.krb5; format = import ./krb5-conf-format.nix { inherit pkgs lib; } { }; in { imports = [ @@ -22,12 +22,12 @@ in { (mkRemovedOptionModuleCfg "config") (mkRemovedOptionModuleCfg "extraConfig") (mkRemovedOptionModule' "kerberos" '' - The option `krb5.kerberos' has been moved to `krb5.package'. + The option `krb5.kerberos' has been moved to `security.krb5.package'. '') ]; options = { - krb5 = { + security.krb5 = { enable = mkOption { default = false; description = mdDoc "Enable and configure Kerberos utilities"; diff --git a/nixos/modules/config/krb5/krb5-conf-format.nix b/nixos/modules/security/krb5/krb5-conf-format.nix index d01e47a40be05..d01e47a40be05 100644 --- a/nixos/modules/config/krb5/krb5-conf-format.nix +++ b/nixos/modules/security/krb5/krb5-conf-format.nix diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index c99615d5a6362..b5e5dcb24426a 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -1067,8 +1067,8 @@ in security.pam.krb5 = { enable = mkOption { - default = config.krb5.enable; - defaultText = literalExpression "config.krb5.enable"; + default = config.security.krb5.enable; + defaultText = literalExpression "config.security.krb5.enable"; type = types.bool; description = lib.mdDoc '' Enables Kerberos PAM modules (`pam-krb5`, @@ -1076,7 +1076,7 @@ in If set, users can authenticate with their Kerberos password. This requires a valid Kerberos configuration - (`config.krb5.enable` should be set to + (`config.security.krb5.enable` should be set to `true`). Note that the Kerberos PAM modules are not necessary when using SSS diff --git a/nixos/modules/services/system/kerberos/default.nix b/nixos/modules/services/system/kerberos/default.nix index e3185eb6409ca..486d4b49c195a 100644 --- a/nixos/modules/services/system/kerberos/default.nix +++ b/nixos/modules/services/system/kerberos/default.nix @@ -3,7 +3,7 @@ let inherit (lib) mkOption mkIf types length attrNames; cfg = config.services.kerberos_server; - kerberos = config.krb5.package; + kerberos = config.security.krb5.package; aclEntry = { options = { diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index c9a951caa1aec..4789e4790b4bc 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -4,7 +4,7 @@ let inherit (lib) mkIf concatStringsSep concatMapStrings toList mapAttrs mapAttrsToList; cfg = config.services.kerberos_server; - kerberos = config.krb5.package; + kerberos = config.security.krb5.package; stateDir = "/var/heimdal"; aclFiles = mapAttrs (name: {acl, ...}: pkgs.writeText "${name}.acl" (concatMapStrings (( diff --git a/nixos/modules/services/system/kerberos/mit.nix b/nixos/modules/services/system/kerberos/mit.nix index 5f8ac6b7fa342..a654bd1fe7e1b 100644 --- a/nixos/modules/services/system/kerberos/mit.nix +++ b/nixos/modules/services/system/kerberos/mit.nix @@ -4,7 +4,7 @@ let inherit (lib) mkIf concatStrings concatStringsSep concatMapStrings toList mapAttrs mapAttrsToList; cfg = config.services.kerberos_server; - kerberos = config.krb5.package; + kerberos = config.security.krb5.package; stateDir = "/var/lib/krb5kdc"; PIDFile = "/run/kdc.pid"; aclMap = { |