nixos/krb5: Cleanup, fix and RFC42-ify

This replaces the krb5 module's options with RFC 42-style krb5.settings option*, while greatly simplifying the code and fixing a few bugs, namely: - NixOS#243068 krb5: Configuration silently gets ignored when set by multiple modules - not being able to use mkIf etc. inside subattributes of krb5.libdefaults, e.g. krb5.libdefaults.default_realm = mkIf ... * leaving an escape hatch in form of krb5.extraConfig in case extra syntax is needed (e.g. `include' directives) See NixOS#144575. Closes NixOS#243068.
2xsaiko · Dec 2, 2023 · f51ca03 · f51ca03
1 parent bf05dfb
commit f51ca03
Show file tree

Hide file tree

Showing 8 changed files with 190 additions and 455 deletions.
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md
@@ -589,6 +589,8 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2
   it's been unmaintained for several years and the author's website has
   vanished.
 
+- The `krb5` module has been rewritten, removing `krb5.libdefaults`, `krb5.realms`, `krb5.domain_realm`, `krb5.capaths`, `krb5.appdefaults` and `krb5.plugins`, which have been replaced by `krb5.settings`. Additionally, `krb5.config` has been replaced by `krb5.extraConfig`.
+
 - The `chrony` NixOS module now tracks the real-time clock drift from the
   system clock with `rtcfile` and automatically adjusts it with `rtcautotrim`
   when it exceeds the maximum error specified in