nixos/modules/services/system/nscd.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / system / nscd.nix
at 21.11-pre 2.3 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  nssModulesPath = config.system.nssModules.path;
 8  cfg = config.services.nscd;
 9
10  nscd = if pkgs.stdenv.hostPlatform.libc == "glibc"
11         then pkgs.stdenv.cc.libc.bin
12         else pkgs.glibc.bin;
13
14in
15
16{
17
18  ###### interface
19
20  options = {
21
22    services.nscd = {
23
24      enable = mkOption {
25        type = types.bool;
26        default = true;
27        description = ''
28          Whether to enable the Name Service Cache Daemon.
29          Disabling this is strongly discouraged, as this effectively disables NSS Lookups
30          from all non-glibc NSS modules, including the ones provided by systemd.
31        '';
32      };
33
34      config = mkOption {
35        type = types.lines;
36        default = builtins.readFile ./nscd.conf;
37        description = "Configuration to use for Name Service Cache Daemon.";
38      };
39
40    };
41
42  };
43
44
45  ###### implementation
46
47  config = mkIf cfg.enable {
48    environment.etc."nscd.conf".text = cfg.config;
49
50    systemd.services.nscd =
51      { description = "Name Service Cache Daemon";
52
53        wantedBy = [ "nss-lookup.target" "nss-user-lookup.target" ];
54
55        environment = { LD_LIBRARY_PATH = nssModulesPath; };
56
57        restartTriggers = [
58          config.environment.etc.hosts.source
59          config.environment.etc."nsswitch.conf".source
60          config.environment.etc."nscd.conf".source
61        ];
62
63        # We use DynamicUser because in default configurations nscd doesn't
64        # create any files that need to survive restarts. However, in some
65        # configurations, nscd needs to be started as root; it will drop
66        # privileges after all the NSS modules have read their configuration
67        # files. So prefix the ExecStart command with "!" to prevent systemd
68        # from dropping privileges early. See ExecStart in systemd.service(5).
69        serviceConfig =
70          { ExecStart = "!@${nscd}/sbin/nscd nscd";
71            Type = "forking";
72            DynamicUser = true;
73            RuntimeDirectory = "nscd";
74            PIDFile = "/run/nscd/nscd.pid";
75            Restart = "always";
76            ExecReload =
77              [ "${nscd}/sbin/nscd --invalidate passwd"
78                "${nscd}/sbin/nscd --invalidate group"
79                "${nscd}/sbin/nscd --invalidate hosts"
80              ];
81          };
82      };
83
84  };
85}