pvv-nixos-config/hosts/dagali/services/cyrus-sasl.nix

{ config, ... }:
let
  cfg = config.services.saslauthd;
in
{
  # TODO: This is seemingly required for openldap to authenticate
  #       against kerberos, but I have no idea how to configure it as
  #       such. Does it need a keytab? There's a binary "testsaslauthd"
  #       that follows with `pkgs.cyrus_sasl` that might be useful.
  services.saslauthd = {
    enable = true;
    mechanism = "kerberos5";
    config = ''
      mech_list: gs2-krb5 gssapi
      keytab: /etc/krb5.keytab
    '';
  };

  # TODO: maybe the upstream module should consider doing this?
  environment.systemPackages = [ cfg.package ];
}
WIP: set up heimdal-openldap-sasl stack 2024-07-06 13:08:05 +02:00			`{ config, ... }:`
			`let`
			`cfg = config.services.saslauthd;`
			`in`
			`{`
			`# TODO: This is seemingly required for openldap to authenticate`
			`# against kerberos, but I have no idea how to configure it as`
			`# such. Does it need a keytab? There's a binary "testsaslauthd"`
			# that follows with `pkgs.cyrus_sasl` that might be useful.
			`services.saslauthd = {`
			`enable = true;`
			`mechanism = "kerberos5";`
			`config = ''`
			`mech_list: gs2-krb5 gssapi`
			`keytab: /etc/krb5.keytab`
			`'';`
			`};`

			`# TODO: maybe the upstream module should consider doing this?`
			`environment.systemPackages = [ cfg.package ];`
			`}`