diff --git a/nixos/modules/services/system/kerberos/default.nix b/nixos/modules/services/system/kerberos/default.nix
index 90be7e8d551a..26ac85de402f 100644
--- a/nixos/modules/services/system/kerberos/default.nix
+++ b/nixos/modules/services/system/kerberos/default.nix
@@ -1,7 +1,7 @@
 {pkgs, config, lib, ...}:
 
 let
-  inherit (lib) mkOption mkIf types;
+  inherit (lib) mkOption mkIf types length attrNames;
   cfg = config.services.kerberos_server;
   kerberos = config.krb5.kerberos;
 
@@ -72,5 +72,9 @@ in
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ kerberos ];
+    assertions = [{
+      assertion = length (attrNames cfg.realms) <= 1;
+      message = "Only one realm per server is currently supported.";
+    }];
   };
 }