From e0e74e154084f40bbc327d6137c766c8be2445f5 Mon Sep 17 00:00:00 2001
From: Adrian Cybulski <adrian@cybulski.cc>
Date: Tue, 12 May 2026 12:12:46 +0100
Subject: [PATCH] New package: kanidm-1.10.1

---
 srcpkgs/kanidm-client                         |   1 +
 srcpkgs/kanidm-server                         |   1 +
 .../kanidm/files/kanidm-unixd-tasks/log/run   |   2 +
 srcpkgs/kanidm/files/kanidm-unixd-tasks/run   |   6 +
 srcpkgs/kanidm/files/kanidm-unixd/log/run     |   2 +
 srcpkgs/kanidm/files/kanidm-unixd/run         |   6 +
 srcpkgs/kanidm/files/kanidm/log/run           |   2 +
 srcpkgs/kanidm/files/kanidm/run               |   6 +
 srcpkgs/kanidm/files/server.toml              |  11 ++
 srcpkgs/kanidm/files/unixd                    |   2 +
 srcpkgs/kanidm/template                       | 142 ++++++++++++++++++
 11 files changed, 181 insertions(+)
 create mode 120000 srcpkgs/kanidm-client
 create mode 120000 srcpkgs/kanidm-server
 create mode 100644 srcpkgs/kanidm/files/kanidm-unixd-tasks/log/run
 create mode 100644 srcpkgs/kanidm/files/kanidm-unixd-tasks/run
 create mode 100644 srcpkgs/kanidm/files/kanidm-unixd/log/run
 create mode 100644 srcpkgs/kanidm/files/kanidm-unixd/run
 create mode 100644 srcpkgs/kanidm/files/kanidm/log/run
 create mode 100644 srcpkgs/kanidm/files/kanidm/run
 create mode 100644 srcpkgs/kanidm/files/server.toml
 create mode 100644 srcpkgs/kanidm/files/unixd
 create mode 100644 srcpkgs/kanidm/template

diff --git a/srcpkgs/kanidm-client b/srcpkgs/kanidm-client
new file mode 120000
index 00000000000000..d41cdd301582ea
--- /dev/null
+++ b/srcpkgs/kanidm-client
@@ -0,0 +1 @@
+kanidm
\ No newline at end of file
diff --git a/srcpkgs/kanidm-server b/srcpkgs/kanidm-server
new file mode 120000
index 00000000000000..d41cdd301582ea
--- /dev/null
+++ b/srcpkgs/kanidm-server
@@ -0,0 +1 @@
+kanidm
\ No newline at end of file
diff --git a/srcpkgs/kanidm/files/kanidm-unixd-tasks/log/run b/srcpkgs/kanidm/files/kanidm-unixd-tasks/log/run
new file mode 100644
index 00000000000000..42463e212d64d3
--- /dev/null
+++ b/srcpkgs/kanidm/files/kanidm-unixd-tasks/log/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt /var/log/kanidm-unixd-tasks
diff --git a/srcpkgs/kanidm/files/kanidm-unixd-tasks/run b/srcpkgs/kanidm/files/kanidm-unixd-tasks/run
new file mode 100644
index 00000000000000..599535579b289d
--- /dev/null
+++ b/srcpkgs/kanidm/files/kanidm-unixd-tasks/run
@@ -0,0 +1,6 @@
+#!/bin/sh
+exec 2>&1
+[ -r ./conf ] && . ./conf
+
+exec kanidm_unixd_tasks \
+	-c "${KANIDM_UNIXD_CONFIG:-/etc/kanidm/unixd}" ${OPTS}
diff --git a/srcpkgs/kanidm/files/kanidm-unixd/log/run b/srcpkgs/kanidm/files/kanidm-unixd/log/run
new file mode 100644
index 00000000000000..0ae9fee74886d1
--- /dev/null
+++ b/srcpkgs/kanidm/files/kanidm-unixd/log/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt /var/log/kanidm-unixd
diff --git a/srcpkgs/kanidm/files/kanidm-unixd/run b/srcpkgs/kanidm/files/kanidm-unixd/run
new file mode 100644
index 00000000000000..9d87b198ed058f
--- /dev/null
+++ b/srcpkgs/kanidm/files/kanidm-unixd/run
@@ -0,0 +1,6 @@
+#!/bin/sh
+exec 2>&1
+[ -r ./conf ] && . ./conf
+
+exec chpst -u _kanidm_unixd:_kanidm_unixd kanidm_unixd \
+	-c "${KANIDM_UNIXD_CONFIG:-/etc/kanidm/unixd}" ${OPTS}
diff --git a/srcpkgs/kanidm/files/kanidm/log/run b/srcpkgs/kanidm/files/kanidm/log/run
new file mode 100644
index 00000000000000..596eb2bc0392da
--- /dev/null
+++ b/srcpkgs/kanidm/files/kanidm/log/run
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt /var/log/kanidm
diff --git a/srcpkgs/kanidm/files/kanidm/run b/srcpkgs/kanidm/files/kanidm/run
new file mode 100644
index 00000000000000..9fd179c9dc133e
--- /dev/null
+++ b/srcpkgs/kanidm/files/kanidm/run
@@ -0,0 +1,6 @@
+#!/bin/sh
+exec 2>&1
+[ -r ./conf ] && . ./conf
+
+exec chpst -u _kanidm:_kanidm kanidmd server \
+	-c "${KANIDM_CONFIG:-/etc/kanidm/server.toml}" ${OPTS}
diff --git a/srcpkgs/kanidm/files/server.toml b/srcpkgs/kanidm/files/server.toml
new file mode 100644
index 00000000000000..d172206111f718
--- /dev/null
+++ b/srcpkgs/kanidm/files/server.toml
@@ -0,0 +1,11 @@
+bindaddress = "[::]:8443"
+ldapbindaddress = "[::]:3636"
+db_path = "/var/lib/kanidm/kanidm.db"
+
+domain = "idm.example.com"
+origin = "https://idm.example.com:8443"
+
+tls_chain = "/etc/kanidm/chain.pem"
+tls_key = "/etc/kanidm/key.pem"
+
+log_level = "info"
diff --git a/srcpkgs/kanidm/files/unixd b/srcpkgs/kanidm/files/unixd
new file mode 100644
index 00000000000000..1db8ef3a47bdc8
--- /dev/null
+++ b/srcpkgs/kanidm/files/unixd
@@ -0,0 +1,2 @@
+[kanidm]
+pam_allowed_login_groups = ["unix-login"]
diff --git a/srcpkgs/kanidm/template b/srcpkgs/kanidm/template
new file mode 100644
index 00000000000000..ad5670f4d75100
--- /dev/null
+++ b/srcpkgs/kanidm/template
@@ -0,0 +1,142 @@
+# Template file for 'kanidm'
+pkgname=kanidm
+version=1.10.1
+revision=1
+build_style=cargo
+metapackage="yes"
+hostmakedepends="pkg-config protobuf clang lld sqlite-devel"
+makedepends="sqlite-devel openssl-devel pam-devel eudev-libudev-devel"
+depends="kanidm-client>=${version}_${revision} kanidm-server>=${version}_${revision}"
+short_desc="Simple and secure identity management platform"
+maintainer="Adrian Cybulski <adrian@cybulski.cc>"
+license="MPL-2.0"
+homepage="https://kanidm.com/"
+distfiles="https://github.com/kanidm/kanidm/archive/refs/tags/v${version}.tar.gz"
+checksum=338911c568f44957ef2d0f2136c6dc71218701b5f018e359720289238a3b8e86
+
+make_install_args="--path ."
+
+system_accounts="_kanidm _kanidm_unixd"
+
+_kanidm_homedir="/var/lib/kanidm"
+_kanidm_descr="Kanidm server user"
+
+_kanidm_unixd_homedir="/var/lib/kanidm-unixd"
+_kanidm_unixd_descr="Kanidm UNIX integration daemon"
+
+make_dirs="
+ /var/lib/kanidm 0750 _kanidm _kanidm
+ /var/lib/kanidm-unixd 0750 _kanidm_unixd _kanidm_unixd
+ /var/log/kanidm 0750 _kanidm _kanidm
+ /var/log/kanidm-unixd 0755 root root
+ /var/log/kanidm-unixd-tasks 0755 root root
+ /etc/kanidm 0755 root root
+"
+
+
+subpackages="kanidm-server kanidm-client"
+
+do_build() {
+	if [ "$CROSS_BUILD" ]; then
+		export CC_${RUST_TARGET//-/_}="${CC}"
+		export CXX_${RUST_TARGET//-/_}="${CXX}"
+		export CFLAGS_${RUST_TARGET//-/_}="${CFLAGS}"
+		export CXXFLAGS_${RUST_TARGET//-/_}="${CXXFLAGS}"
+
+		export CC_${RUST_BUILD//-/_}="${BUILD_CC}"
+		export CXX_${RUST_BUILD//-/_}="${BUILD_CXX}"
+		export CFLAGS_${RUST_BUILD//-/_}="${BUILD_CFLAGS}"
+		export CXXFLAGS_${RUST_BUILD//-/_}="${BUILD_CXXFLAGS}"
+
+		export CC="${BUILD_CC}"
+		export CXX="${BUILD_CXX}"
+		export CFLAGS="${BUILD_CFLAGS}"
+		export CXXFLAGS="${BUILD_CXXFLAGS}"
+	fi
+
+	if [ -z "$CROSS_BUILD" ]; then
+		export CC=clang
+		export CXX=clang++
+		export RUSTFLAGS="${RUSTFLAGS:+$RUSTFLAGS }-C linker=clang -C link-arg=-fuse-ld=lld"
+	fi
+
+	# Client tools
+	cargo build --release --locked --target "${RUST_TARGET}" \
+		-p kanidm_tools \
+		--bin kanidm \
+		--bin kanidm_ssh_authorizedkeys_direct
+
+	# Server daemon
+	cargo build --release --locked --target "${RUST_TARGET}" \
+		--bin kanidmd
+
+	# Unix integration daemon/tools
+	cargo build --release --locked --target "${RUST_TARGET}" \
+		-p kanidm_unix_int \
+		--bin kanidm_unixd \
+		--bin kanidm_unixd_tasks \
+		--bin kanidm_ssh_authorizedkeys
+
+	# NSS/PAM shared objects
+	cargo build --release --locked --target "${RUST_TARGET}" \
+		-p nss_kanidm \
+		-p pam_kanidm
+
+}
+
+do_install() {
+	local cargo_target_dir="target/${RUST_TARGET}/release"
+
+	vbin "${cargo_target_dir}/kanidm"
+	vbin "${cargo_target_dir}/kanidmd"
+	vbin "${cargo_target_dir}/kanidm_ssh_authorizedkeys_direct"
+
+	vbin "${cargo_target_dir}/kanidm_unixd"
+	vbin "${cargo_target_dir}/kanidm_unixd_tasks"
+	vbin "${cargo_target_dir}/kanidm_ssh_authorizedkeys"
+
+	# NSS wants .so.2
+	vinstall "${cargo_target_dir}/libnss_kanidm.so" 0755 usr/lib libnss_kanidm.so.2
+
+	# PAM module path on Void/glibc should be this
+	vinstall "${cargo_target_dir}/libpam_kanidm.so" 0755 usr/lib/security pam_kanidm.so
+
+	vinstall "${FILESDIR}/server.toml" 0644 etc/kanidm server.toml
+	vinstall "${FILESDIR}/unixd" 0644 etc/kanidm unixd
+
+	vsv kanidm
+	vsv kanidm-unixd
+	vsv kanidm-unixd-tasks
+	#vdoc "${FILESDIR}/README.voidlinux"
+}
+
+kanidm-client_package() {
+	short_desc+=" - client tools"
+	conf_files="/etc/kanidm/unixd"
+
+	pkg_install() {
+		vmove usr/bin/kanidm
+		vmove usr/bin/kanidm_ssh_authorizedkeys_direct
+		vmove usr/bin/kanidm_unixd
+		vmove usr/bin/kanidm_unixd_tasks
+		vmove usr/bin/kanidm_ssh_authorizedkeys
+
+		vmove usr/lib/libnss_kanidm.so.2
+		vmove usr/lib/security/pam_kanidm.so
+
+		vmove etc/kanidm/unixd
+		vmove etc/sv/kanidm-unixd
+		vmove etc/sv/kanidm-unixd-tasks
+	}
+}
+
+kanidm-server_package() {
+	short_desc+=" - server daemon"
+	conf_files="/etc/kanidm/server.toml"
+
+	pkg_install() {
+		vmove usr/bin/kanidmd
+		vmove etc/kanidm/server.toml
+		vmove etc/sv/kanidm
+	}
+}