Compare commits
7 Commits
misc1
...
add-simple
Author | SHA1 | Date | |
---|---|---|---|
ee097c49a3 | |||
ce3aeb4e08 | |||
49a0b1a5f7 | |||
4c1966365b | |||
e0b3ce9378 | |||
50df317a26 | |||
1262bc7125 |
@@ -17,10 +17,6 @@ creation_rules:
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_jokum
|
||||
- *host_ildkule
|
||||
- *host_bekkalokk
|
||||
- *host_bicep
|
||||
|
||||
- *user_danio
|
||||
- *user_felixalb
|
||||
- *user_eirikwit
|
||||
|
25
base.nix
25
base.nix
@@ -3,8 +3,6 @@
|
||||
{
|
||||
imports = [
|
||||
./users
|
||||
./modules/snakeoil-certs.nix
|
||||
./modules/debug-locations.nix
|
||||
];
|
||||
|
||||
networking.domain = "pvv.ntnu.no";
|
||||
@@ -60,7 +58,6 @@
|
||||
gnupg
|
||||
htop
|
||||
nano
|
||||
ripgrep
|
||||
rsync
|
||||
screen
|
||||
tmux
|
||||
@@ -85,27 +82,5 @@
|
||||
settings.PermitRootLogin = "yes";
|
||||
};
|
||||
|
||||
sops.age = {
|
||||
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
generateKey = true;
|
||||
};
|
||||
|
||||
# nginx return 444 for all nonexistent virtualhosts
|
||||
|
||||
systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
|
||||
|
||||
environment.snakeoil-certs = lib.mkIf (config.services.nginx.enable) {
|
||||
"/etc/certs/nginx" = {
|
||||
owner = "nginx";
|
||||
group = "nginx";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."_" = lib.mkIf (config.services.nginx.enable) {
|
||||
sslCertificate = "/etc/certs/nginx.crt";
|
||||
sslCertificateKey = "/etc/certs/nginx.key";
|
||||
addSSL = true;
|
||||
extraConfig = "return 444;";
|
||||
};
|
||||
}
|
||||
|
19
flake.lock
generated
19
flake.lock
generated
@@ -155,7 +155,8 @@
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"pvv-calendar-bot": "pvv-calendar-bot",
|
||||
"sops-nix": "sops-nix"
|
||||
"sops-nix": "sops-nix",
|
||||
"ssp-theme": "ssp-theme"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
@@ -178,6 +179,22 @@
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ssp-theme": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1509201641,
|
||||
"narHash": "sha256-naNRyPL6PAsZKW2w1Vt9wrHT9inCL/yAFnvpy4glv+c=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "bda4314030be5f81aeaf2fb1927aee582f1194d9",
|
||||
"revCount": 5,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Drift/ssp-theme.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Drift/ssp-theme.git"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
30
flake.nix
30
flake.nix
@@ -21,9 +21,12 @@
|
||||
grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients";
|
||||
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
ssp-theme.url = "git+https://git.pvv.ntnu.no/Drift/ssp-theme.git";
|
||||
ssp-theme.flake = false;
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ssp-theme, ... }@inputs:
|
||||
let
|
||||
nixlib = nixpkgs.lib;
|
||||
systems = [
|
||||
@@ -42,7 +45,6 @@
|
||||
];
|
||||
in {
|
||||
nixosConfigurations = let
|
||||
unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
|
||||
nixosConfig = nixpkgs: name: config: nixpkgs.lib.nixosSystem (nixpkgs.lib.recursiveUpdate
|
||||
rec {
|
||||
system = "x86_64-linux";
|
||||
@@ -79,9 +81,15 @@
|
||||
bekkalokk = stableNixosConfig "bekkalokk" {
|
||||
overlays = [
|
||||
(final: prev: {
|
||||
heimdal = unstablePkgs.heimdal;
|
||||
heimdal = final.callPackage ./packages/heimdal {
|
||||
inherit (final.darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
|
||||
autoreconfHook = final.buildPackages.autoreconfHook269;
|
||||
};
|
||||
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
|
||||
simplesamlphp = final.callPackage ./packages/simplesamlphp { };
|
||||
ssp-theme = final.runCommandLocal "ssp-theme" { } ''
|
||||
ln -s ${ssp-theme} $out
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
@@ -117,16 +125,28 @@
|
||||
packages = {
|
||||
"x86_64-linux" = let
|
||||
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||
in rec {
|
||||
default = important-machines;
|
||||
in {
|
||||
default = self.packages.x86_64-linux.important-machines;
|
||||
important-machines = pkgs.linkFarm "important-machines"
|
||||
(nixlib.getAttrs importantMachines self.packages.x86_64-linux);
|
||||
all-machines = pkgs.linkFarm "all-machines"
|
||||
(nixlib.getAttrs allMachines self.packages.x86_64-linux);
|
||||
|
||||
#######################
|
||||
# TODO: remove this once nixos 24.05 gets released
|
||||
#######################
|
||||
heimdal = pkgs.callPackage ./packages/heimdal {
|
||||
inherit (pkgs.darwin.apple_sdk.frameworks) CoreFoundation Security SystemConfiguration;
|
||||
autoreconfHook = pkgs.buildPackages.autoreconfHook269;
|
||||
};
|
||||
|
||||
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
|
||||
|
||||
mediawiki-extensions = pkgs.callPackage ./packages/mediawiki-extensions { };
|
||||
|
||||
ssp-theme = pkgs.runCommandLocal "ssp-theme" { } ''
|
||||
ln -s ${ssp-theme} $out
|
||||
'';
|
||||
} // nixlib.genAttrs allMachines
|
||||
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel);
|
||||
};
|
||||
|
@@ -556,6 +556,7 @@ $config = [
|
||||
'module.enable' => [
|
||||
'admin' => true,
|
||||
'authpwauth' => true,
|
||||
'themepvv' => true,
|
||||
],
|
||||
|
||||
|
||||
@@ -858,7 +859,7 @@ $config = [
|
||||
/*
|
||||
* Which theme directory should be used?
|
||||
*/
|
||||
'theme.use' => 'default',
|
||||
'theme.use' => 'themepvv:pvv',
|
||||
|
||||
/*
|
||||
* Set this option to the text you would like to appear at the header of each page. Set to false if you don't want
|
||||
|
@@ -11,8 +11,7 @@ let
|
||||
read -r _
|
||||
exit 2
|
||||
fi
|
||||
kinit --password-file=STDIN "''${user1}@PVV.NTNU.NO" >/dev/null 2>/dev/null
|
||||
kdestroy >/dev/null 2>/dev/null
|
||||
kinit --password-file=STDIN "''${user1}@PVV.NTNU.NO"
|
||||
'';
|
||||
};
|
||||
|
||||
@@ -97,6 +96,8 @@ let
|
||||
'';
|
||||
|
||||
"modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php;
|
||||
|
||||
"modules/themepvv" = pkgs.ssp-theme;
|
||||
};
|
||||
};
|
||||
in
|
||||
|
@@ -33,19 +33,28 @@
|
||||
in {
|
||||
services.idp.sp-remote-metadata = [ "https://wiki2.pvv.ntnu.no/simplesaml/" ];
|
||||
|
||||
sops.secrets = lib.pipe [
|
||||
"mediawiki/password"
|
||||
"mediawiki/postgres_password"
|
||||
"mediawiki/simplesamlphp/postgres_password"
|
||||
"mediawiki/simplesamlphp/cookie_salt"
|
||||
"mediawiki/simplesamlphp/admin_password"
|
||||
] [
|
||||
(map (key: lib.nameValuePair key {
|
||||
sops.secrets = {
|
||||
"mediawiki/password" = {
|
||||
owner = user;
|
||||
group = group;
|
||||
}))
|
||||
lib.listToAttrs
|
||||
];
|
||||
};
|
||||
"mediawiki/postgres_password" = {
|
||||
owner = user;
|
||||
group = group;
|
||||
};
|
||||
"mediawiki/simplesamlphp/postgres_password" = {
|
||||
owner = user;
|
||||
group = group;
|
||||
};
|
||||
"mediawiki/simplesamlphp/cookie_salt" = {
|
||||
owner = user;
|
||||
group = group;
|
||||
};
|
||||
"mediawiki/simplesamlphp/admin_password" = {
|
||||
owner = user;
|
||||
group = group;
|
||||
};
|
||||
};
|
||||
|
||||
services.mediawiki = {
|
||||
enable = true;
|
||||
@@ -118,6 +127,7 @@ in {
|
||||
"2x" => "/PNG/PVV-logo.png",
|
||||
"icon" => "/PNG/PVV-logo.svg",
|
||||
);
|
||||
# wfLoadSkin('Timeless');
|
||||
$wgDefaultSkin = "vector-2022";
|
||||
# from https://github.com/wikimedia/mediawiki-skins-Vector/blob/master/skin.json
|
||||
$wgVectorDefaultSidebarVisibleForAnonymousUser = true;
|
||||
@@ -154,6 +164,37 @@ in {
|
||||
mode = "0770";
|
||||
};
|
||||
|
||||
# Override because of https://github.com/NixOS/nixpkgs/issues/183097
|
||||
systemd.services.mediawiki-init.script = let
|
||||
# According to module
|
||||
stateDir = "/var/lib/mediawiki";
|
||||
pkg = cfg.finalPackage;
|
||||
mediawikiConfig = config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG;
|
||||
inherit (lib) optionalString mkForce;
|
||||
in mkForce ''
|
||||
if ! test -e "${stateDir}/secret.key"; then
|
||||
tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
|
||||
fi
|
||||
|
||||
echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \
|
||||
--confpath /tmp \
|
||||
--scriptpath / \
|
||||
--dbserver "${cfg.database.host}" \
|
||||
--dbport ${toString cfg.database.port} \
|
||||
--dbname ${cfg.database.name} \
|
||||
${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \
|
||||
--dbuser ${cfg.database.user} \
|
||||
${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \
|
||||
--passfile ${cfg.passwordFile} \
|
||||
--dbtype ${cfg.database.type} \
|
||||
${cfg.name} \
|
||||
admin
|
||||
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
|
||||
'';
|
||||
|
||||
users.groups.mediawiki.members = [ "nginx" ];
|
||||
|
||||
services.nginx.virtualHosts."wiki2.pvv.ntnu.no" = {
|
||||
|
@@ -16,6 +16,12 @@
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
||||
virtualHosts."bekkalokk.pvv.ntnu.no" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".return = "301 $scheme://git.pvv.ntnu.no$request_uri";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
6
hosts/bekkalokk/services/openldap.nix
Normal file
6
hosts/bekkalokk/services/openldap.nix
Normal file
@@ -0,0 +1,6 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.openldap = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
@@ -1,13 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.environment.debug-locations;
|
||||
in
|
||||
{
|
||||
options.environment.debug-locations = lib.mkOption {
|
||||
description = "Paths and derivations to symlink in `/etc/debug`";
|
||||
type = with lib.types; attrsOf path;
|
||||
default = { };
|
||||
};
|
||||
|
||||
config.environment.etc = lib.mapAttrs' (k: v: lib.nameValuePair "debug/${k}" { source = v; }) cfg;
|
||||
}
|
@@ -1,83 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.environment.snakeoil-certs;
|
||||
in
|
||||
{
|
||||
options.environment.snakeoil-certs = lib.mkOption {
|
||||
default = { };
|
||||
description = "Self signed certs, which are rotated regularly";
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
|
||||
options = {
|
||||
owner = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "root";
|
||||
};
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "root";
|
||||
};
|
||||
mode = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "0660";
|
||||
};
|
||||
daysValid = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "90";
|
||||
};
|
||||
extraOpenSSLArgs = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
default = [ ];
|
||||
};
|
||||
certificate = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${name}.crt";
|
||||
};
|
||||
certificateKey = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${name}.key";
|
||||
};
|
||||
subject = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/C=NO/O=Programvareverkstedet/CN=*.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
config = {
|
||||
systemd.services."generate-snakeoil-certs" = {
|
||||
enable = true;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = let
|
||||
openssl = lib.getExe pkgs.openssl;
|
||||
in lib.concatMapStringsSep "\n----------------\n" ({ name, value }: ''
|
||||
mkdir -p $(dirname "${value.certificate}") $(dirname "${value.certificateKey}")
|
||||
if ! ${openssl} x509 -checkend 86400 -noout -in ${value.certificate}
|
||||
then
|
||||
echo "Regenerating '${value.certificate}'"
|
||||
${openssl} req \
|
||||
-newkey rsa:4096 \
|
||||
-new -x509 \
|
||||
-days "${toString value.daysValid}" \
|
||||
-nodes \
|
||||
-subj "${value.subject}" \
|
||||
-out "${value.certificate}" \
|
||||
-keyout "${value.certificateKey}" \
|
||||
${lib.escapeShellArgs value.extraOpenSSLArgs}
|
||||
fi
|
||||
chown "${value.owner}:${value.group}" "${value.certificate}"
|
||||
chown "${value.owner}:${value.group}" "${value.certificateKey}"
|
||||
chmod "${value.mode}" "${value.certificate}"
|
||||
chmod "${value.mode}" "${value.certificateKey}"
|
||||
'') (lib.attrsToList cfg);
|
||||
};
|
||||
systemd.timers."generate-snakeoil-certs" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 02:00:00";
|
||||
Persistent = true;
|
||||
Unit = "generate-snakeoil-certs.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
178
packages/heimdal/default.nix
Normal file
178
packages/heimdal/default.nix
Normal file
@@ -0,0 +1,178 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, autoreconfHook
|
||||
, pkg-config
|
||||
, python3
|
||||
, perl
|
||||
, bison
|
||||
, flex
|
||||
, texinfo
|
||||
, perlPackages
|
||||
|
||||
, openldap
|
||||
, libcap_ng
|
||||
, sqlite
|
||||
, openssl
|
||||
, db
|
||||
, libedit
|
||||
, pam
|
||||
, krb5
|
||||
, libmicrohttpd
|
||||
, cjson
|
||||
|
||||
, CoreFoundation
|
||||
, Security
|
||||
, SystemConfiguration
|
||||
|
||||
, curl
|
||||
, jdk
|
||||
, unzip
|
||||
, which
|
||||
|
||||
, nixosTests
|
||||
|
||||
, withCJSON ? true
|
||||
, withCapNG ? stdenv.isLinux
|
||||
# libmicrohttpd should theoretically work for darwin as well, but something is broken.
|
||||
# It affects tests check-bx509d and check-httpkadmind.
|
||||
, withMicroHTTPD ? stdenv.isLinux
|
||||
, withOpenLDAP ? true
|
||||
, withOpenLDAPAsHDBModule ? false
|
||||
, withOpenSSL ? true
|
||||
, withSQLite3 ? true
|
||||
}:
|
||||
|
||||
assert lib.assertMsg (withOpenLDAPAsHDBModule -> withOpenLDAP) ''
|
||||
OpenLDAP needs to be enabled in order to build the OpenLDAP HDB Module.
|
||||
'';
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "heimdal";
|
||||
version = "7.8.0-unstable-2023-11-29";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "heimdal";
|
||||
repo = "heimdal";
|
||||
rev = "3253c49544eacb33d5ad2f6f919b0696e5aab794";
|
||||
hash = "sha256-uljzQBzXrZCZjcIWfioqHN8YsbUUNy14Vo+A3vZIXzM=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" "man" "info" ];
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoreconfHook
|
||||
pkg-config
|
||||
python3
|
||||
perl
|
||||
bison
|
||||
flex
|
||||
texinfo
|
||||
]
|
||||
++ (with perlPackages; [ JSON ]);
|
||||
|
||||
buildInputs = [ db libedit pam ]
|
||||
++ lib.optionals (stdenv.isDarwin) [ CoreFoundation Security SystemConfiguration ]
|
||||
++ lib.optionals (withCJSON) [ cjson ]
|
||||
++ lib.optionals (withCapNG) [ libcap_ng ]
|
||||
++ lib.optionals (withMicroHTTPD) [ libmicrohttpd ]
|
||||
++ lib.optionals (withOpenLDAP) [ openldap ]
|
||||
++ lib.optionals (withOpenSSL) [ openssl ]
|
||||
++ lib.optionals (withSQLite3) [ sqlite ];
|
||||
|
||||
doCheck = true;
|
||||
nativeCheckInputs = [
|
||||
curl
|
||||
jdk
|
||||
unzip
|
||||
which
|
||||
];
|
||||
|
||||
configureFlags = [
|
||||
"--with-libedit-include=${libedit.dev}/include"
|
||||
"--with-libedit-lib=${libedit}/lib"
|
||||
"--with-berkeley-db-include=${db.dev}/include"
|
||||
"--with-berkeley-db"
|
||||
|
||||
"--without-x"
|
||||
"--disable-afs-string-to-key"
|
||||
] ++ lib.optionals (withCapNG) [
|
||||
"--with-capng"
|
||||
] ++ lib.optionals (withCJSON) [
|
||||
"--with-cjson=${cjson}"
|
||||
] ++ lib.optionals (withOpenLDAP) [
|
||||
"--with-openldap=${openldap.dev}"
|
||||
] ++ lib.optionals (withOpenLDAPAsHDBModule) [
|
||||
"--enable-hdb-openldap-module"
|
||||
] ++ lib.optionals (withSQLite3) [
|
||||
"--with-sqlite3=${sqlite.dev}"
|
||||
];
|
||||
|
||||
# (check-ldap) slapd resides within ${openldap}/libexec,
|
||||
# which is not part of $PATH by default.
|
||||
# (check-ldap) prepending ${openldap}/bin to the path to avoid
|
||||
# using the default installation of openldap on unsandboxed darwin systems,
|
||||
# which does not support the new mdb backend at the moment (2024-01-13).
|
||||
# (check-ldap) the bdb backend got deprecated in favour of mdb in openldap 2.5.0,
|
||||
# but the heimdal tests still seem to expect bdb as the openldap backend.
|
||||
# This might be fixed upstream in a future update.
|
||||
patchPhase = ''
|
||||
runHook prePatch
|
||||
|
||||
substituteInPlace tests/ldap/slapd-init.in \
|
||||
--replace 'SCHEMA_PATHS="' 'SCHEMA_PATHS="${openldap}/etc/schema '
|
||||
substituteInPlace tests/ldap/check-ldap.in \
|
||||
--replace 'PATH=' 'PATH=${openldap}/libexec:${openldap}/bin:'
|
||||
substituteInPlace tests/ldap/slapd.conf \
|
||||
--replace 'database bdb' 'database mdb'
|
||||
|
||||
runHook postPatch
|
||||
'';
|
||||
|
||||
# (test_cc) heimdal uses librokens implementation of `secure_getenv` on darwin,
|
||||
# which expects either USER or LOGNAME to be set.
|
||||
preCheck = lib.optionalString (stdenv.isDarwin) ''
|
||||
export USER=nix-builder
|
||||
'';
|
||||
|
||||
# We need to build hcrypt for applications like samba
|
||||
postBuild = ''
|
||||
(cd include/hcrypto; make -j $NIX_BUILD_CORES)
|
||||
(cd lib/hcrypto; make -j $NIX_BUILD_CORES)
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
# Install hcrypto
|
||||
(cd include/hcrypto; make -j $NIX_BUILD_CORES install)
|
||||
(cd lib/hcrypto; make -j $NIX_BUILD_CORES install)
|
||||
|
||||
mkdir -p $dev/bin
|
||||
mv $out/bin/krb5-config $dev/bin/
|
||||
|
||||
# asn1 compilers, move them to $dev
|
||||
mv $out/libexec/heimdal/* $dev/bin
|
||||
rmdir $out/libexec/heimdal
|
||||
|
||||
# compile_et is needed for cross-compiling this package and samba
|
||||
mv lib/com_err/.libs/compile_et $dev/bin
|
||||
'';
|
||||
|
||||
# Issues with hydra
|
||||
# In file included from hxtool.c:34:0:
|
||||
# hx_locl.h:67:25: fatal error: pkcs10_asn1.h: No such file or directory
|
||||
#enableParallelBuilding = true;
|
||||
|
||||
passthru = {
|
||||
implementation = "heimdal";
|
||||
tests.nixos = nixosTests.kerberos.heimdal;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://www.heimdal.software";
|
||||
changelog = "https://github.com/heimdal/heimdal/releases";
|
||||
description = "An implementation of Kerberos 5 (and some more stuff)";
|
||||
license = licenses.bsd3;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ h7x4 ];
|
||||
};
|
||||
}
|
Reference in New Issue
Block a user