From 8e90b1032c2a67b868b3ad117172d5c12e344c75 Mon Sep 17 00:00:00 2001 From: Dan Callaghan Date: Sat, 13 Dec 2025 13:17:59 +1100 Subject: [PATCH 1/2] nixos/sssd: remove --uid and --gid options for sssd-kcm The --uid and --gid command line options were removed from sssd-kcm in 2.10.0: https://sssd.io/release-notes/sssd-2.10.0.html https://github.com/SSSD/sssd/commit/dd7aaaf2fb41f283b20c3a1a86990367f6141360 Fixes #470330. --- nixos/modules/services/misc/sssd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/sssd.nix b/nixos/modules/services/misc/sssd.nix index 05351a040916..d069978c26dd 100644 --- a/nixos/modules/services/misc/sssd.nix +++ b/nixos/modules/services/misc/sssd.nix @@ -209,7 +209,7 @@ in requires = [ "sssd-kcm.socket" ]; serviceConfig = { ExecStartPre = "-${pkgs.sssd}/bin/sssd --genconf-section=kcm"; - ExecStart = "${pkgs.sssd}/libexec/sssd/sssd_kcm --uid 0 --gid 0"; + ExecStart = "${pkgs.sssd}/libexec/sssd/sssd_kcm"; CapabilityBoundingSet = [ "CAP_IPC_LOCK" "CAP_CHOWN" From 24d631ea574a58fc844fb235044e5f32909530d2 Mon Sep 17 00:00:00 2001 From: Dan Callaghan Date: Sat, 13 Dec 2025 13:42:36 +1100 Subject: [PATCH 2/2] nixos/sssd: remove --genconf-section for sssd-kcm The --genconf-section option was removed from sssd in 2.10.0: https://sssd.io/release-notes/sssd-2.10.0.html https://github.com/SSSD/sssd/commit/0485342f73ef839c2007e7118c222e02b9804369 --- nixos/modules/services/misc/sssd.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/services/misc/sssd.nix b/nixos/modules/services/misc/sssd.nix index d069978c26dd..4658f01ff5ac 100644 --- a/nixos/modules/services/misc/sssd.nix +++ b/nixos/modules/services/misc/sssd.nix @@ -208,7 +208,6 @@ in description = "SSSD Kerberos Cache Manager"; requires = [ "sssd-kcm.socket" ]; serviceConfig = { - ExecStartPre = "-${pkgs.sssd}/bin/sssd --genconf-section=kcm"; ExecStart = "${pkgs.sssd}/libexec/sssd/sssd_kcm"; CapabilityBoundingSet = [ "CAP_IPC_LOCK"