diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index 554b1580810a..d0f470f836ed 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -1,25 +1,23 @@ { pkgs, config, lib, ... } : let - inherit (lib) mkIf concatStringsSep concatMapStrings toList mapAttrs' - nameValuePair attrNames attrValues; + inherit (lib) mkIf concatStringsSep concatMapStrings toList mapAttrs + mapAttrsToList attrValues; cfg = config.services.kerberos_server; kerberos = config.krb5.kerberos; stateDir = "/var/heimdal"; - aclFiles = mapAttrs' - (name: {acl, ...}: nameValuePair "${name}.acl" ( - pkgs.writeText "${name}.acl" (concatMapStrings (( - {principal, access, target, ...} : - "${principal}\t${concatStringsSep "," (toList access)}\t${target}\n" - )) acl) - )) cfg.realms; + aclFiles = mapAttrs + (name: {acl, ...}: pkgs.writeText "${name}.acl" (concatMapStrings (( + {principal, access, target, ...} : + "${principal}\t${concatStringsSep "," (toList access)}\t${target}\n" + )) acl)) cfg.realms; - kdcConfigs = map (name: '' + kdcConfigs = mapAttrsToList (name: value: '' database = { dbname = ${stateDir}/heimdal - acl_file = /etc/heimdal-kdc/${name}.acl + acl_file = ${value} } - '') (attrNames cfg.realms); + '') aclFiles; kdcConfFile = pkgs.writeText "kdc.conf" '' [kdc] ${concatStringsSep "\n" kdcConfigs} @@ -38,7 +36,7 @@ in ''; serviceConfig.ExecStart = "${kerberos}/libexec/heimdal/kadmind --config-file=/etc/heimdal-kdc/kdc.conf"; - restartTriggers = [ kdcConfFile ] ++ (attrValues aclFiles); + restartTriggers = [ kdcConfFile ]; }; systemd.services.kdc = { @@ -59,16 +57,12 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = "${kerberos}/libexec/heimdal/kpasswdd"; - restartTriggers = [ kdcConfFile ] ++ (attrValues aclFiles); + restartTriggers = [ kdcConfFile ]; }; environment.etc = { # Can be set via the --config-file option to KDC "heimdal-kdc/kdc.conf".source = kdcConfFile; - } // ( - mapAttrs' - (name: value: nameValuePair "heimdal-kdc/${name}" {source = value;}) - aclFiles - ); + }; }; } diff --git a/nixos/modules/services/system/kerberos/mit.nix b/nixos/modules/services/system/kerberos/mit.nix index 9ff67f647284..a53d9dd0c6b5 100644 --- a/nixos/modules/services/system/kerberos/mit.nix +++ b/nixos/modules/services/system/kerberos/mit.nix @@ -2,7 +2,7 @@ let inherit (lib) mkIf concatStrings concatStringsSep concatMapStrings toList - mapAttrs' nameValuePair attrNames attrValues; + mapAttrs mapAttrsToList attrValues; cfg = config.services.kerberos_server; kerberos = config.krb5.kerberos; stateDir = "/var/lib/krb5kdc"; @@ -11,19 +11,17 @@ let add = "a"; cpw = "c"; delete = "d"; get = "i"; list = "l"; modify = "m"; all = "*"; }; - aclFiles = mapAttrs' - (name: {acl, ...}: nameValuePair "${name}.acl" ( - pkgs.writeText "${name}.acl" (concatMapStrings ( - {principal, access, target, ...} : - let access_code = map (a: aclMap.${a}) (toList access); in - "${principal} ${concatStrings access_code} ${target}\n" - ) acl) - )) cfg.realms; - kdcConfigs = map (name: '' + aclFiles = mapAttrs + (name: {acl, ...}: (pkgs.writeText "${name}.acl" (concatMapStrings ( + {principal, access, target, ...} : + let access_code = map (a: aclMap.${a}) (toList access); in + "${principal} ${concatStrings access_code} ${target}\n" + ) acl))) cfg.realms; + kdcConfigs = mapAttrsToList (name: value: '' ${name} = { - acl_file = /etc/krb5kdc/${name}.acl + acl_file = ${value} } - '') (attrNames cfg.realms); + '') aclFiles; kdcConfFile = pkgs.writeText "kdc.conf" '' [realms] ${concatStringsSep "\n" kdcConfigs} @@ -43,7 +41,7 @@ in mkdir -m 0755 -p ${stateDir} ''; serviceConfig.ExecStart = "${kerberos}/bin/kadmind -nofork"; - restartTriggers = [ kdcConfFile ] ++ (attrValues aclFiles); + restartTriggers = [ kdcConfFile ]; environment = env; }; @@ -64,11 +62,7 @@ in environment.etc = { "krb5kdc/kdc.conf".source = kdcConfFile; - } // ( - mapAttrs' - (name: value: nameValuePair "krb5kdc/${name}" {source = value;}) - aclFiles - ); + }; environment.variables = env; }; }