perlPackages.TextWrapI18N: init at 0.06 perlPackages.Po4a: init at 0.47 jade: init at 1.2.1 ding-libs: init at 0.6.0 Switch nscd to no-caching mode if SSSD is enabled. abbradar: disable jade parallel building. Closes #21150wip/yesman
parent
40a9c37ff3
commit
61d125b842
@ -0,0 +1,36 @@ |
||||
server-user nscd |
||||
threads 1 |
||||
paranoia no |
||||
debug-level 0 |
||||
|
||||
enable-cache passwd yes |
||||
positive-time-to-live passwd 0 |
||||
negative-time-to-live passwd 0 |
||||
suggested-size passwd 211 |
||||
check-files passwd yes |
||||
persistent passwd no |
||||
shared passwd yes |
||||
|
||||
enable-cache group yes |
||||
positive-time-to-live group 0 |
||||
negative-time-to-live group 0 |
||||
suggested-size group 211 |
||||
check-files group yes |
||||
persistent group no |
||||
shared group yes |
||||
|
||||
enable-cache hosts yes |
||||
positive-time-to-live hosts 600 |
||||
negative-time-to-live hosts 5 |
||||
suggested-size hosts 211 |
||||
check-files hosts yes |
||||
persistent hosts no |
||||
shared hosts yes |
||||
|
||||
enable-cache services yes |
||||
positive-time-to-live services 0 |
||||
negative-time-to-live services 0 |
||||
suggested-size services 211 |
||||
check-files services yes |
||||
persistent services no |
||||
shared services yes |
@ -0,0 +1,97 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
with lib; |
||||
let |
||||
cfg = config.services.sssd; |
||||
nscd = config.services.nscd; |
||||
in { |
||||
options = { |
||||
services.sssd = { |
||||
enable = mkEnableOption "the System Security Services Daemon."; |
||||
|
||||
config = mkOption { |
||||
type = types.lines; |
||||
description = "Contents of <filename>sssd.conf</filename>."; |
||||
default = '' |
||||
[sssd] |
||||
config_file_version = 2 |
||||
services = nss, pam |
||||
domains = shadowutils |
||||
|
||||
[nss] |
||||
|
||||
[pam] |
||||
|
||||
[domain/shadowutils] |
||||
id_provider = proxy |
||||
proxy_lib_name = files |
||||
auth_provider = proxy |
||||
proxy_pam_target = sssd-shadowutils |
||||
proxy_fast_alias = True |
||||
''; |
||||
}; |
||||
|
||||
sshAuthorizedKeysIntegration = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = '' |
||||
Whether to make sshd look up authorized keys from SSS. |
||||
For this to work, the <literal>ssh</literal> SSS service must be enabled in the sssd configuration. |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
config = mkMerge [ |
||||
(mkIf cfg.enable { |
||||
assertions = singleton { |
||||
assertion = nscd.enable; |
||||
message = "nscd must be enabled through `services.nscd.enable` for SSSD to work."; |
||||
}; |
||||
|
||||
systemd.services.sssd = { |
||||
description = "System Security Services Daemon"; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
before = [ "systemd-user-sessions.service" "nss-user-lookup.target" ]; |
||||
after = [ "network-online.target" "nscd.service" ]; |
||||
requires = [ "network-online.target" "nscd.service" ]; |
||||
wants = [ "nss-user-lookup.target" ]; |
||||
restartTriggers = [ |
||||
config.environment.etc."nscd.conf".source |
||||
config.environment.etc."sssd/sssd.conf".source |
||||
]; |
||||
script = '' |
||||
export LDB_MODULES_PATH+="''${LDB_MODULES_PATH+:}${pkgs.ldb}/modules/ldb:${pkgs.sssd}/modules/ldb" |
||||
mkdir -p /var/lib/sss/{pubconf,db,mc,pipes,gpo_cache,secrets} /var/lib/sss/pipes/private /var/lib/sss/pubconf/krb5.include.d |
||||
${pkgs.sssd}/bin/sssd -D |
||||
''; |
||||
serviceConfig = { |
||||
Type = "forking"; |
||||
PIDFile = "/run/sssd.pid"; |
||||
}; |
||||
}; |
||||
|
||||
environment.etc."sssd/sssd.conf" = { |
||||
text = cfg.config; |
||||
mode = "0400"; |
||||
}; |
||||
|
||||
system.nssModules = optional cfg.enable pkgs.sssd; |
||||
services.nscd.config = builtins.readFile ./nscd-sssd.conf; |
||||
services.dbus.packages = [ pkgs.sssd ]; |
||||
}) |
||||
|
||||
(mkIf cfg.sshAuthorizedKeysIntegration { |
||||
# Ugly: sshd refuses to start if a store path is given because /nix/store is group-writable. |
||||
# So indirect by a symlink. |
||||
environment.etc."ssh/authorized_keys_command" = { |
||||
mode = "0755"; |
||||
text = '' |
||||
#!/bin/sh |
||||
exec ${pkgs.sssd}/bin/sss_ssh_authorizedkeys "$@" |
||||
''; |
||||
}; |
||||
services.openssh.extraConfig = '' |
||||
AuthorizedKeysCommand /etc/ssh/authorized_keys_command |
||||
AuthorizedKeysCommandUser nobody |
||||
''; |
||||
})]; |
||||
} |
@ -0,0 +1,87 @@ |
||||
{ stdenv, fetchurl, pkgs, lib, glibc, augeas, bind, c-ares, |
||||
cyrus_sasl, ding-libs, libnl, libunistring, nss, samba, libnfsidmap, doxygen, |
||||
python, python3, pam, popt, talloc, tdb, tevent, pkgconfig, ldb, openldap, |
||||
pcre, kerberos, cifs_utils, glib, keyutils, dbus, fakeroot, libxslt, libxml2, |
||||
docbook_xml_xslt, ldap, systemd, nspr, check, cmocka, uid_wrapper, |
||||
nss_wrapper, docbook_xml_dtd_44, ncurses, Po4a, http-parser, jansson }: |
||||
|
||||
let |
||||
name = "sssd-${version}"; |
||||
version = "1.14.2"; |
||||
|
||||
docbookFiles = "${pkgs.docbook_xml_xslt}/share/xml/docbook-xsl/catalog.xml:${pkgs.docbook_xml_dtd_44}/xml/dtd/docbook/catalog.xml"; |
||||
in |
||||
stdenv.mkDerivation { |
||||
inherit name; |
||||
inherit version; |
||||
|
||||
src = fetchurl { |
||||
url = "https://fedorahosted.org/released/sssd/${name}.tar.gz"; |
||||
sha1 = "167b2216c536035175ff041d0449e0a874c68601"; |
||||
}; |
||||
|
||||
preConfigure = '' |
||||
export SGML_CATALOG_FILES="${docbookFiles}" |
||||
export PYTHONPATH=${ldap}/lib/python2.7/site-packages |
||||
export PATH=$PATH:${pkgs.openldap}/libexec |
||||
export CPATH=${pkgs.libxml2.dev}/include/libxml2 |
||||
|
||||
configureFlagsArray=( |
||||
--prefix=$out |
||||
--sysconfdir=/etc |
||||
--localstatedir=/var |
||||
--enable-pammoddir=$out/lib/security |
||||
--with-os=fedora |
||||
--with-pid-path=/run |
||||
--with-python2-bindings |
||||
--with-python3-bindings |
||||
--with-syslog=journald |
||||
--without-selinux |
||||
--without-semanage |
||||
--with-xml-catalog-path=''${SGML_CATALOG_FILES%%:*} |
||||
--with-ldb-lib-dir=$out/modules/ldb |
||||
--with-nscd=${glibc.bin}/sbin/nscd |
||||
) |
||||
''; |
||||
|
||||
enableParallelBuilding = true; |
||||
buildInputs = [ augeas bind c-ares cyrus_sasl ding-libs libnl libunistring nss |
||||
samba libnfsidmap doxygen python python3 popt |
||||
talloc tdb tevent pkgconfig ldb pam openldap pcre kerberos |
||||
cifs_utils glib keyutils dbus fakeroot libxslt libxml2 |
||||
ldap systemd nspr check cmocka uid_wrapper |
||||
nss_wrapper ncurses Po4a http-parser jansson ]; |
||||
|
||||
makeFlags = [ |
||||
"SGML_CATALOG_FILES=${docbookFiles}" |
||||
]; |
||||
|
||||
installFlags = [ |
||||
"sysconfdir=$(out)/etc" |
||||
"localstatedir=$(out)/var" |
||||
"pidpath=$(out)/run" |
||||
"sss_statedir=$(out)/var/lib/sss" |
||||
"logpath=$(out)/var/log/sssd" |
||||
"pubconfpath=$(out)/var/lib/sss/pubconf" |
||||
"dbpath=$(out)/var/lib/sss/db" |
||||
"mcpath=$(out)/var/lib/sss/mc" |
||||
"pipepath=$(out)/var/lib/sss/pipes" |
||||
"gpocachepath=$(out)/var/lib/sss/gpo_cache" |
||||
"secdbpath=$(out)/var/lib/sss/secrets" |
||||
"initdir=$(out)/rc.d/init" |
||||
]; |
||||
|
||||
postInstall = '' |
||||
rm -rf "$out"/run |
||||
rm -rf "$out"/rc.d |
||||
rm -f "$out"/modules/ldb/memberof.la |
||||
find "$out" -depth -type d -exec rmdir --ignore-fail-on-non-empty {} \; |
||||
''; |
||||
|
||||
meta = with stdenv.lib; { |
||||
description = "System Security Services Daemon"; |
||||
homepage = https://fedorahosted.org/sssd/; |
||||
license = licenses.gpl3; |
||||
maintainers = [ maintainers.e-user ]; |
||||
}; |
||||
} |
@ -0,0 +1,27 @@ |
||||
{ stdenv, fetchurl, glibc, doxygen, check }: |
||||
|
||||
let |
||||
name = "ding-libs"; |
||||
version = "0.6.0"; |
||||
in stdenv.mkDerivation { |
||||
inherit name; |
||||
inherit version; |
||||
|
||||
src = fetchurl { |
||||
url = "https://fedorahosted.org/released/${name}/${name}-${version}.tar.gz"; |
||||
sha1 = "c8ec86cb93a26e013a13b12a7b0b3fbc1bca16c1"; |
||||
}; |
||||
|
||||
enableParallelBuilding = true; |
||||
buildInputs = [ glibc doxygen check ]; |
||||
|
||||
buildFlags = "docs"; |
||||
doCheck = true; |
||||
|
||||
meta = { |
||||
description = "'D is not GLib' utility libraries"; |
||||
homepage = https://fedorahosted.org/sssd/; |
||||
maintainers = with stdenv.lib.maintainers; [ e-user ]; |
||||
license = [ stdenv.lib.licenses.gpl3 stdenv.lib.licenses.lgpl3 ]; |
||||
}; |
||||
} |
@ -0,0 +1,38 @@ |
||||
{ stdenv, fetchurl, pkgs, gcc, gzip, gnum4 }: |
||||
|
||||
stdenv.mkDerivation (rec { |
||||
name = "jade"; |
||||
version = "1.2.1"; |
||||
debpatch = "47.3"; |
||||
|
||||
src = fetchurl { |
||||
url = "ftp://ftp.jclark.com/pub/${name}/${name}-${version}.tar.gz"; |
||||
sha256 = "84e2f8a2a87aab44f86a46b71405d4f919b219e4c73e03a83ab6c746a674b187"; |
||||
}; |
||||
|
||||
patchsrc = fetchurl { |
||||
url = "http://ftp.debian.org/debian/pool/main/j/jade/jade_${version}-${debpatch}.diff.gz"; |
||||
sha256 = "8e94486898e3503308805f856a65ba5b499a6f21994151270aa743de48305464"; |
||||
}; |
||||
|
||||
patches = [ patchsrc ]; |
||||
|
||||
buildInputs = [ gcc gzip gnum4 ]; |
||||
|
||||
NIX_CFLAGS_COMPILE = [ "-Wno-deprecated" ]; |
||||
|
||||
preInstall = '' |
||||
install -d -m755 "$out"/lib |
||||
''; |
||||
|
||||
postInstall = '' |
||||
mv "$out/bin/sx" "$out/bin/sgml2xml" |
||||
''; |
||||
|
||||
meta = { |
||||
description = "James Clark's DSSSL Engine"; |
||||
license = "custom"; |
||||
homepage = http://www.jclark.com/jade/; |
||||
maintainers = with stdenv.lib.maintainers; [ e-user ]; |
||||
}; |
||||
}) |
Loading…
Reference in new issue