nixos/modules/config/nsswitch.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / config / nsswitch.nix
at 25.11-pre 4.5 kB view raw
  1# Configuration for the Name Service Switch (/etc/nsswitch.conf).
  2{
  3  config,
  4  lib,
  5  pkgs,
  6  ...
  7}:
  8{
  9  options = {
 10
 11    # NSS modules.  Hacky!
 12    # Only works with nscd!
 13    system.nssModules = lib.mkOption {
 14      type = lib.types.listOf lib.types.path;
 15      internal = true;
 16      default = [ ];
 17      description = ''
 18        Search path for NSS (Name Service Switch) modules.  This allows
 19        several DNS resolution methods to be specified via
 20        {file}`/etc/nsswitch.conf`.
 21      '';
 22      apply = list: {
 23        inherit list;
 24        path = lib.makeLibraryPath list;
 25      };
 26    };
 27
 28    system.nssDatabases = {
 29      passwd = lib.mkOption {
 30        type = lib.types.listOf lib.types.str;
 31        description = ''
 32          List of passwd entries to configure in {file}`/etc/nsswitch.conf`.
 33
 34          Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
 35
 36          This option only takes effect if nscd is enabled.
 37        '';
 38        default = [ ];
 39      };
 40
 41      group = lib.mkOption {
 42        type = lib.types.listOf lib.types.str;
 43        description = ''
 44          List of group entries to configure in {file}`/etc/nsswitch.conf`.
 45
 46          Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
 47
 48          This option only takes effect if nscd is enabled.
 49        '';
 50        default = [ ];
 51      };
 52
 53      shadow = lib.mkOption {
 54        type = lib.types.listOf lib.types.str;
 55        description = ''
 56          List of shadow entries to configure in {file}`/etc/nsswitch.conf`.
 57
 58          Note that "files" is always prepended.
 59
 60          This option only takes effect if nscd is enabled.
 61        '';
 62        default = [ ];
 63      };
 64
 65      sudoers = lib.mkOption {
 66        type = lib.types.listOf lib.types.str;
 67        description = ''
 68          List of sudoers entries to configure in {file}`/etc/nsswitch.conf`.
 69
 70          Note that "files" is always prepended.
 71
 72          This option only takes effect if nscd is enabled.
 73        '';
 74        default = [ ];
 75      };
 76
 77      hosts = lib.mkOption {
 78        type = lib.types.listOf lib.types.str;
 79        description = ''
 80          List of hosts entries to configure in {file}`/etc/nsswitch.conf`.
 81
 82          Note that "files" is always prepended, and "dns" and "myhostname" are always appended.
 83
 84          This option only takes effect if nscd is enabled.
 85        '';
 86        default = [ ];
 87      };
 88
 89      services = lib.mkOption {
 90        type = lib.types.listOf lib.types.str;
 91        description = ''
 92          List of services entries to configure in {file}`/etc/nsswitch.conf`.
 93
 94          Note that "files" is always prepended.
 95
 96          This option only takes effect if nscd is enabled.
 97        '';
 98        default = [ ];
 99      };
100    };
101  };
102
103  imports = [
104    (lib.mkRenamedOptionModule [ "system" "nssHosts" ] [ "system" "nssDatabases" "hosts" ])
105  ];
106
107  config = {
108    assertions = [
109      {
110        assertion = config.system.nssModules.path != "" -> config.services.nscd.enable;
111        message = ''
112          Loading NSS modules from system.nssModules (${config.system.nssModules.path}),
113          requires services.nscd.enable being set to true.
114
115          If disabling nscd is really necessary, it is possible to disable loading NSS modules
116          by setting `system.nssModules = lib.mkForce [];` in your configuration.nix.
117        '';
118      }
119    ];
120
121    # Name Service Switch configuration file.  Required by the C
122    # library.
123    environment.etc."nsswitch.conf".text = ''
124      passwd:    ${lib.concatStringsSep " " config.system.nssDatabases.passwd}
125      group:     ${lib.concatStringsSep " " config.system.nssDatabases.group}
126      shadow:    ${lib.concatStringsSep " " config.system.nssDatabases.shadow}
127      sudoers:   ${lib.concatStringsSep " " config.system.nssDatabases.sudoers}
128
129      hosts:     ${lib.concatStringsSep " " config.system.nssDatabases.hosts}
130      networks:  files
131
132      ethers:    files
133      services:  ${lib.concatStringsSep " " config.system.nssDatabases.services}
134      protocols: files
135      rpc:       files
136    '';
137
138    system.nssDatabases = {
139      passwd = lib.mkBefore [ "files" ];
140      group = lib.mkBefore [ "files" ];
141      shadow = lib.mkBefore [ "files" ];
142      sudoers = lib.mkBefore [ "files" ];
143      hosts = lib.mkMerge [
144        (lib.mkOrder 998 [ "files" ])
145        (lib.mkOrder 1499 [ "dns" ])
146      ];
147      services = lib.mkBefore [ "files" ];
148    };
149  };
150}