Skip to content

nixos/kerberos_server: split between server roles and make them activatable separately #337364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

nixos/kerberos_server: split between server roles and make them activatable separately #337364

wants to merge 1 commit into from

Conversation

nessdoor
Copy link
Contributor

Description of changes

Allow for the separate (de)activation of the different server daemons that constitute a Kerberos server (krb5kdc, kadmind and kpasswdd).

This is useful both for replicated deployments, where there should be only one instance of the administration server running within the realm, and for LDAP-backed deployments, where server functionalities can be flexibly split and replicated among many different computers.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Aug 26, 2024
@nessdoor nessdoor requested review from h7x4 and dblsaiko August 26, 2024 00:17
@nessdoor nessdoor changed the title nixos/kerberos_server: separate server roles and make them activatable separately nixos/kerberos_server: split between server roles and make them activatable separately Aug 26, 2024
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Aug 26, 2024
@wegank wegank added the 2.status: merge conflict This PR has merge conflicts with the target branch label Dec 10, 2024
@nessdoor nessdoor force-pushed the kerberos_server-roles branch from 46a4c6f to 6af6801 Compare February 13, 2025 01:25
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 13, 2025
dblsaiko
dblsaiko approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@dblsaiko dblsaiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for leaving this unreviewed for so long, it kinda fell off my radar!

@wegank wegank added the 12.approvals: 1 This PR was reviewed and approved by one person. label Feb 14, 2025
@nessdoor
nixos/kerberos_server: add roles.{kdc,administrationServer,passwordCh…
2e132e5 
…angeServer} option

Allow for the separate (de)activation of the different server daemons that
compose a Kerberos server.
@nessdoor nessdoor force-pushed the kerberos_server-roles branch from 6af6801 to 2e132e5 Compare February 14, 2025 15:56
@nessdoor nessdoor requested a review from dblsaiko February 14, 2025 16:00
@nessdoor
Copy link
Contributor Author

nessdoor commented Feb 14, 2025
edited
Loading

Don't worry, I had imagined! I was actually thinking about pinging you, but it wasn't necessary.
I have implemented your suggested modifications, please see if you still approve of them and re-approve.

Thank you for coming back!
This (and my other PR on Kerberos) are just 2 out of 4 PRs I had opened last August which still haven't been merged. I sincerely hope that, with your reviews, at least these two will finally be able to move forward.

@nixpkgs-ci nixpkgs-ci bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Aug 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h7x4 h7x4 Awaiting requested review from h7x4

1 more reviewer

@dblsaiko dblsaiko dblsaiko approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nessdoor @dblsaiko @wegank