kanidm: set BindPaths when home_mount_prefix is set

[muradbu]

Describe the bug

As described in kanidm/kanidm#3214, when home_mount_prefix is set, kanidm-unixd-tasks fails to run due to a missing bind mount.

Steps To Reproduce

Steps to reproduce the behavior:

1. Setup a kanidm client where home_mount_prefix is set to a non-standard path, so anything other than /home

{
  systemd.services.kanidm-unixd-tasks.serviceConfig.ReadWritePaths = "/home /var/run/kanidm-unixd /custompath";
  services.kanidm = {
    enablePam = true;
    clientSettings = {
      uri = "https://example.com";
    };
    unixSettings = {
      default_shell = "${pkgs.bashInteractive}/bin/bash";
      uid_attr_map = "name";
      gid_attr_map = "name";
      home_alias = "name";
      home_attr = "uuid";
      home_mount_prefix = "/custompath/";
      home_prefix = "/home/";
      pam_allowed_login_groups = [ "pamgroup" ];
    };
  };
}

2. Rebuild and view logs: journalctl -eu kanidm-unixd-tasks

Expected behavior

kanidm-unixd-tasks should start successfully when home_mount_prefix is set

Screenshots

Additional context

Adding the bind mount yourself fixes the problem: systemd.services.kanidm-unixd-tasks.serviceConfig.BindPaths = "/custompath";

But it'd be nice if the bind mount was added by the module automatically when home_mount_prefix is set.

Metadata

Notify maintainers

@Flakebi
@oddlama

---

Note for maintainers: Please tag this issue in your PR.

---

Add a 👍 reaction to issues you find important.