nixos/google-oslogin: Move nsswitch config into the module

Motivation: #86350

2 files changed, 2 insertions, 4 deletions

diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix
index 0acd8900e7b..77e47a350ec 100644
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -15,7 +15,6 @@ let
   nsswins = canLoadExternalModules && config.services.samba.nsswins;
   ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
   resolved = canLoadExternalModules && config.services.resolved.enable;
-  googleOsLogin = canLoadExternalModules && config.security.googleOsLogin.enable;
 
   hostArray = mkMerge [
     (mkBefore [ "files" ])
@@ -32,7 +31,6 @@ let
     (mkBefore [ "files" ])
     (mkIf ldap [ "ldap" ])
     (mkIf mymachines [ "mymachines" ])
-    (mkIf googleOsLogin [ "cache_oslogin oslogin" ])
     (mkIf canLoadExternalModules (mkAfter [ "systemd" ]))
   ];
 
@@ -172,7 +170,6 @@ in {
     # configured IP addresses, or ::1 and 127.0.0.2 as
     # fallbacks. Systemd also provides nss-mymachines to return IP
     # addresses of local containers.
-    system.nssModules = (optionals canLoadExternalModules [ config.systemd.package.out ])
-      ++ optional googleOsLogin pkgs.google-compute-engine-oslogin.out;
+    system.nssModules = (optionals canLoadExternalModules [ config.systemd.package.out ]);
   };
 }
diff --git a/nixos/modules/security/google_oslogin.nix b/nixos/modules/security/google_oslogin.nix
index 6f9962e1d62..78c2089baeb 100644
--- a/nixos/modules/security/google_oslogin.nix
+++ b/nixos/modules/security/google_oslogin.nix
@@ -49,6 +49,7 @@ in
 
     # enable the nss module, so user lookups etc. work
     system.nssModules = [ package ];
+    system.nssDatabases.passwd = [ "cache_oslogin" "oslogin" ];
 
     # Ugly: sshd refuses to start if a store path is given because /nix/store is group-writable.
     # So indirect by a symlink.