pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / config / nsswitch.nix
at 23.05-pre 4.0 kB view raw
1# Configuration for the Name Service Switch (/etc/nsswitch.conf). 2 3{ config, lib, pkgs, ... }: 4 5with lib; 6 7{ 8 options = { 9 10 # NSS modules. Hacky! 11 # Only works with nscd! 12 system.nssModules = mkOption { 13 type = types.listOf types.path; 14 internal = true; 15 default = []; 16 description = lib.mdDoc '' 17 Search path for NSS (Name Service Switch) modules. This allows 18 several DNS resolution methods to be specified via 19 {file}`/etc/nsswitch.conf`. 20 ''; 21 apply = list: 22 { 23 inherit list; 24 path = makeLibraryPath list; 25 }; 26 }; 27 28 system.nssDatabases = { 29 passwd = mkOption { 30 type = types.listOf types.str; 31 description = lib.mdDoc '' 32 List of passwd entries to configure in {file}`/etc/nsswitch.conf`. 33 34 Note that "files" is always prepended while "systemd" is appended if nscd is enabled. 35 36 This option only takes effect if nscd is enabled. 37 ''; 38 default = []; 39 }; 40 41 group = mkOption { 42 type = types.listOf types.str; 43 description = lib.mdDoc '' 44 List of group entries to configure in {file}`/etc/nsswitch.conf`. 45 46 Note that "files" is always prepended while "systemd" is appended if nscd is enabled. 47 48 This option only takes effect if nscd is enabled. 49 ''; 50 default = []; 51 }; 52 53 shadow = mkOption { 54 type = types.listOf types.str; 55 description = lib.mdDoc '' 56 List of shadow entries to configure in {file}`/etc/nsswitch.conf`. 57 58 Note that "files" is always prepended. 59 60 This option only takes effect if nscd is enabled. 61 ''; 62 default = []; 63 }; 64 65 hosts = mkOption { 66 type = types.listOf types.str; 67 description = lib.mdDoc '' 68 List of hosts entries to configure in {file}`/etc/nsswitch.conf`. 69 70 Note that "files" is always prepended, and "dns" and "myhostname" are always appended. 71 72 This option only takes effect if nscd is enabled. 73 ''; 74 default = []; 75 }; 76 77 services = mkOption { 78 type = types.listOf types.str; 79 description = lib.mdDoc '' 80 List of services entries to configure in {file}`/etc/nsswitch.conf`. 81 82 Note that "files" is always prepended. 83 84 This option only takes effect if nscd is enabled. 85 ''; 86 default = []; 87 }; 88 }; 89 }; 90 91 imports = [ 92 (mkRenamedOptionModule [ "system" "nssHosts" ] [ "system" "nssDatabases" "hosts" ]) 93 ]; 94 95 config = { 96 assertions = [ 97 { 98 assertion = config.system.nssModules.path != "" -> config.services.nscd.enable; 99 message = '' 100 Loading NSS modules from system.nssModules (${config.system.nssModules.path}), 101 requires services.nscd.enable being set to true. 102 103 If disabling nscd is really necessary, it is possible to disable loading NSS modules 104 by setting `system.nssModules = lib.mkForce [];` in your configuration.nix. 105 ''; 106 } 107 ]; 108 109 # Name Service Switch configuration file. Required by the C 110 # library. 111 environment.etc."nsswitch.conf".text = '' 112 passwd: ${concatStringsSep " " config.system.nssDatabases.passwd} 113 group: ${concatStringsSep " " config.system.nssDatabases.group} 114 shadow: ${concatStringsSep " " config.system.nssDatabases.shadow} 115 116 hosts: ${concatStringsSep " " config.system.nssDatabases.hosts} 117 networks: files 118 119 ethers: files 120 services: ${concatStringsSep " " config.system.nssDatabases.services} 121 protocols: files 122 rpc: files 123 ''; 124 125 system.nssDatabases = { 126 passwd = mkBefore [ "files" ]; 127 group = mkBefore [ "files" ]; 128 shadow = mkBefore [ "files" ]; 129 hosts = mkMerge [ 130 (mkOrder 998 [ "files" ]) 131 (mkOrder 1499 [ "dns" ]) 132 ]; 133 services = mkBefore [ "files" ]; 134 }; 135 }; 136}