b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #189975 from Tasqa/kanidm-cacerts-fix

Browse source 
nixos/kanidm: Add cacerts path to unixd service
This commit is contained in:
Kerstin 2022-09-15 16:28:21 +02:00 committed by GitHub
parent fd745268a4 fb3f7d70b4
commit 1637945189
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/security/kanidm.nix
View file

@ -248,6 +248,8 @@ in
"-/etc/localtime"
"-/etc/kanidm"
"-/etc/static/kanidm"
"-/etc/ssl"
"-/etc/static/ssl"
];
BindPaths = [
# To create the socket

12
nixos/tests/kanidm.nix
View file

@ -44,6 +44,12 @@ import ./make-test-python.nix ({ pkgs, ... }:
enableClient = true;
clientSettings = {
uri = "https://${serverDomain}";
verify_ca = true;
verify_hostnames = true;
};
enablePam = true;
unixSettings = {
pam_allowed_login_groups = [ "shell" ];
};
};
@ -67,9 +73,11 @@ import ./make-test-python.nix ({ pkgs, ... }:
start_all()
server.wait_for_unit("kanidm.service")
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
server.wait_until_succeeds("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'")
client.wait_until_succeeds("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
server.succeed("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'")
client.succeed("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
assert rv == 0
client.wait_for_unit("kanidm-unixd.service")
client.succeed("kanidm_unixd_status | grep working!")
'';
})