nixos/kanidm: add home_mount_prefix to BindPaths if set (#382915)

adamcstephens · web-flow · commit 223499992b3d · 2025-02-18T09:06:56.000-05:00
diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix
@@ -855,12 +855,16 @@ in
           User = "kanidm";
           Group = "kanidm";
 
-          BindPaths = [
-            # To create the socket
-            "/run/kanidmd:/run/kanidmd"
-            # To store backups
-            cfg.serverSettings.online_backup.path
-          ];
+          BindPaths =
+            [
+              # To create the socket
+              "/run/kanidmd:/run/kanidmd"
+              # To store backups
+              cfg.serverSettings.online_backup.path
+            ]
+            ++ optional (
+              cfg.enablePam && cfg.unixSettings ? home_mount_prefix
+            ) cfg.unixSettings.home_mount_prefix;
 
           AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
           CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
