about summary refs log tree commit diff
path: root/nixos/modules/security/krb5/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/security/krb5/default.nix')
-rw-r--r--nixos/modules/security/krb5/default.nix18
1 files changed, 16 insertions, 2 deletions
diff --git a/nixos/modules/security/krb5/default.nix b/nixos/modules/security/krb5/default.nix
index 78426c07cbc98..6714c41d8a07c 100644
--- a/nixos/modules/security/krb5/default.nix
+++ b/nixos/modules/security/krb5/default.nix
@@ -77,8 +77,22 @@ in {
     };
   };
 
-  config = mkIf cfg.enable {
-    environment = {
+  config = {
+    assertions = mkIf (cfg.enable || config.services.kerberos_server.enable) [(let
+      implementation = cfg.package.passthru.implementation or "<NOT SET>";
+    in {
+      assertion = lib.elem implementation [ "krb5" "heimdal" ];
+      message = ''
+        `security.krb5.package` must be one of:
+
+          - krb5
+          - heimdal
+
+        Currently chosen implementation: ${implementation}
+      '';
+    })];
+
+    environment = mkIf cfg.enable {
       systemPackages = [ cfg.package ];
       etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-01 16:02:10 +0000