nixos/tests/krb5/example-config.nix

   1 # Verifies that the configuration suggested in (non-deprecated) example values
   2 # will result in the expected output.
   3
   4 import ../make-test-python.nix (
   5   { pkgs, ... }:
   6   {
   7     name = "krb5-with-example-config";
   8     meta = with pkgs.lib.maintainers; {
   9       maintainers = [
  10         eqyiel
  11         dblsaiko
  12       ];
  13     };
  14
  15     nodes.machine =
  16       { pkgs, ... }:
  17       {
  18         security.krb5 = {
  19           enable = true;
  20           package = pkgs.krb5;
  21           settings = {
  22             includedir = [
  23               "/etc/krb5.conf.d"
  24             ];
  25             include = [
  26               "/etc/krb5-extra.conf"
  27             ];
  28             libdefaults = {
  29               default_realm = "ATHENA.MIT.EDU";
  30             };
  31             realms = {
  32               "ATHENA.MIT.EDU" = {
  33                 admin_server = "athena.mit.edu";
  34                 kdc = [
  35                   "athena01.mit.edu"
  36                   "athena02.mit.edu"
  37                 ];
  38               };
  39             };
  40             domain_realm = {
  41               "example.com" = "EXAMPLE.COM";
  42               ".example.com" = "EXAMPLE.COM";
  43             };
  44             capaths = {
  45               "ATHENA.MIT.EDU" = {
  46                 "EXAMPLE.COM" = ".";
  47               };
  48               "EXAMPLE.COM" = {
  49                 "ATHENA.MIT.EDU" = ".";
  50               };
  51             };
  52             appdefaults = {
  53               pam = {
  54                 debug = false;
  55                 ticket_lifetime = 36000;
  56                 renew_lifetime = 36000;
  57                 max_timeout = 30;
  58                 timeout_shift = 2;
  59                 initial_timeout = 1;
  60               };
  61             };
  62             plugins.ccselect.disable = "k5identity";
  63             logging = {
  64               kdc = "SYSLOG:NOTICE";
  65               admin_server = "SYSLOG:NOTICE";
  66               default = "SYSLOG:NOTICE";
  67             };
  68           };
  69         };
  70       };
  71
  72     testScript =
  73       let
  74         snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
  75           [appdefaults]
  76             pam = {
  77               debug = false
  78               initial_timeout = 1
  79               max_timeout = 30
  80               renew_lifetime = 36000
  81               ticket_lifetime = 36000
  82               timeout_shift = 2
  83             }
  84
  85           [capaths]
  86             ATHENA.MIT.EDU = {
  87               EXAMPLE.COM = .
  88             }
  89             EXAMPLE.COM = {
  90               ATHENA.MIT.EDU = .
  91             }
  92
  93           [domain_realm]
  94             .example.com = EXAMPLE.COM
  95             example.com = EXAMPLE.COM
  96
  97           [libdefaults]
  98             default_realm = ATHENA.MIT.EDU
  99
 100           [logging]
 101             admin_server = SYSLOG:NOTICE
 102             default = SYSLOG:NOTICE
 103             kdc = SYSLOG:NOTICE
 104
 105           [plugins]
 106             ccselect = {
 107               disable = k5identity
 108             }
 109
 110           [realms]
 111             ATHENA.MIT.EDU = {
 112               admin_server = athena.mit.edu
 113               kdc = athena01.mit.edu
 114               kdc = athena02.mit.edu
 115             }
 116
 117           include /etc/krb5-extra.conf
 118           includedir /etc/krb5.conf.d
 119         '';
 120       in
 121       ''
 122         machine.succeed(
 123             "diff /etc/krb5.conf ${snapshot}"
 124         )
 125       '';
 126   }
 127 )