net-nds/kanidmd-1.7.4 usable.

acct-group/kanidmd/kanidmd-0.ebuild

@@ -0,0 +1,10 @@
+# Copyright 2020-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit acct-group
+
+DESCRIPTION="gid for net-nds/kanidmd"
+
+ACCT_GROUP_ID=987

acct-user/kanidmd/kanidmd-0.ebuild

@@ -0,0 +1,13 @@
+# Copyright 2020-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit acct-user
+
+DESCRIPTION="uid for net-nds/kanidmd"
+ACCT_USER_ID=987
+ACCT_USER_HOME=/var/lib/private/kanidmd
+ACCT_USER_GROUPS=( kanidmd )
+
+acct-user_add_deps

net-nds/kanidmd/files/kanidm.initd

@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+# Copyright 2016-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Kanidm: simple, secure, and fast identity management platform"
+
+: ${KANIDM_CONF:=/etc/kanidm/server.toml}
+: ${KANIDM_USER:=kanidm}
+: ${KANIDM_GROUP:=kanidm}
+: ${KANIDM_WORK_DIR:=/var/lib/kanidm}
+: ${KANIDM_CUSTOM:=${KANIDM_WORK_DIR}/custom}
+
+command="/usr/bin/kanidmd"
+command_args="server --config ${KANIDM_CONF}"
+command_background="true"
+command_user="${KANIDM_USER}:${KANIDM_GROUP}"
+error_log="/var/log/${RC_SVCNAME}/${RC_SVCNAME}.err"
+pidfile="/run/${RC_SVCNAME}.pid"
+required_files="${KANIDM_CONF}"

net-nds/kanidmd/kanidmd-1.7.4.ebuild

@@ -730,7 +730,7 @@ CRATES="
 
 inherit cargo systemd
 
-DESCRIPTION="Kanidm Server Daemon"
+DESCRIPTION="Kanidm: A simple, secure, and fast identity management platform"
 HOMEPAGE="https://github.com/kanidm/kanidm/"
 SRC_URI="
 	${CARGO_CRATE_URIS}
@@ -746,6 +746,16 @@ LICENSE+="
 "
 SLOT="0"
 KEYWORDS="~amd64"
+IUSE="+acct pam server"
+RUST_MIN_VER="1.87"
+
+DEPEND="
+acct? (
+		acct-group/kanidmd
+		acct-user/kanidmd )
+pam? ( sys-libs/pam )
+"
+
 
 S="${WORKDIR}/kanidm-${PV}"
 
@@ -759,7 +769,7 @@ src_prepare() {
 src_install() {
 	cd target/release
 	dobin kanidm
-	dobin kanidmd
+	use server && dobin kanidmd
 	dobin kanidm-ipa-sync
 	dobin kanidm-ldap-sync
 	dobin kanidm_ssh_authorizedkeys
@@ -770,22 +780,44 @@ src_install() {
 
 	dolib.so libkanidmd_lib_macros.so
 	dolib.so libnss_kanidm.so
-	dolib.so libpam_kanidm.so
+#	dolib.so libtestkit_macros.so
-	dolib.so libtestkit_macros.so
+	use pam && dolib.so libpam_kanidm.so
-
-	mkdir -p ${ED}/usr/share/kanidm
-	cp -r ${S}/server/core/static ${ED}/usr/share/kanidm/
 
 	cd ${S}
-	sed -i -e 's!/usr/local/sbin/!/usr/bin/!' examples/systemd/*.service
-	systemd_newunit examples/systemd/kanidmd.service kanidmd.service
-	systemd_newunit examples/systemd/kanidm-unixd.service kanidm-unixd.service
-	systemd_newunit examples/systemd/kanidm-unixd-tasks.service kanidm-unixd-tasks.service
-
 	insinto /etc/kanidm
-	newins examples/server.toml server.toml
 	newins examples/kanidm config
 	newins examples/radius_full.toml radius.toml
 	newins examples/unixd  unixd
 
+	if use server; then
+		einfo "Installing kanidmd-server"
+		newins examples/server.toml server.toml
+
+		dodir /usr/share/kanidm
+		cp -R "${S}/server/core/static" "${ED}/usr/share/kanidm/" || die "Install failed!"
+
+		sed -i -e 's!/usr/local/sbin/!/usr/bin/!g' \
+				-e 's!/var/lib/kanidm!/var/lib/private/kanidmd!g'  examples/systemd/*.service
+		systemd_newunit examples/systemd/kanidmd.service kanidmd.service
+		systemd_newunit examples/systemd/kanidm-unixd.service kanidm-unixd.service
+		systemd_newunit examples/systemd/kanidm-unixd-tasks.service kanidm-unixd-tasks.service
+
+		newinitd "${FILESDIR}/kanidm.initd" kanidmd
+
+		cp examples/server.toml "${ED}/usr/share/kanidm/" || die "Install failed!"
+	fi
+
+	if use acct; then
+		fowners root:kanidmd /etc/kanidm/{,config,radius.toml,unixd}
+		fperms g+w,o-rwx /etc/kanidm/{,config,radius.toml,unixd}
+		if use server; then
+			fowners root:kanidmd /etc/kanidm/server.toml
+			fperms g+w,o-rwx /etc/kanidm/server.toml
+			diropts -m0750 -o kanidmd -g kanidmd
+			keepdir /var/lib/private/kanidmd
+			keepdir /var/log/kanidmd
+		fi
+	fi
+
+	einstalldocs
 }