torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

system: fix kanidm unixd config structure for v1.8
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m1s
Details

Browse Source 
Kanidm 1.8 requires:
- version = "2" at top level
- pam_allowed_login_groups inside [kanidm] section

The NixOS module also requires pam_allowed_login_groups at top level,
so we provide it at both places.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-08 14:00:55 +01:00
parent bab59665fd
commit 64dc10c6cd
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
system/kanidm-client.nix
View File

@@ -29,10 +29,16 @@ in
}; };
unixSettings = { unixSettings = {
pam_allowed_login_groups = cfg.allowedLoginGroups; version = "2";
# Use short names (e.g., "torjus") instead of SPN (e.g., "torjus@home.2rjus.net") # Use short names (e.g., "torjus") instead of SPN (e.g., "torjus@home.2rjus.net")
uid_attr_map = "name"; uid_attr_map = "name";
gid_attr_map = "name"; gid_attr_map = "name";
# Required by NixOS module (will be in TOML but kanidm section is what matters)
pam_allowed_login_groups = cfg.allowedLoginGroups;
# Kanidm provider section (this is what unixd actually reads)
kanidm = {
pam_allowed_login_groups = cfg.allowedLoginGroups;
};
}; };
}; };
}; };