summary refs log tree commit diff
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2020-05-05 13:41:12 +0200
committerFlorian Klink <flokli@flokli.de>2020-05-05 15:59:30 +0200
commit7426bec45ef03c55bfc5bb27cdc60d6163aeed04 (patch)
treec2ee7d01ac845e8f4440780fc08488218ff52d7e
parent499b5feac9dfad6706519b123ce201defd74b2ea (diff)
downloadnixpkgs-7426bec45ef03c55bfc5bb27cdc60d6163aeed04.tar
nixpkgs-7426bec45ef03c55bfc5bb27cdc60d6163aeed04.tar.gz
nixpkgs-7426bec45ef03c55bfc5bb27cdc60d6163aeed04.tar.bz2
nixpkgs-7426bec45ef03c55bfc5bb27cdc60d6163aeed04.tar.lz
nixpkgs-7426bec45ef03c55bfc5bb27cdc60d6163aeed04.tar.xz
nixpkgs-7426bec45ef03c55bfc5bb27cdc60d6163aeed04.tar.zst
nixpkgs-7426bec45ef03c55bfc5bb27cdc60d6163aeed04.zip
nixos/systemd/resolved: add resolve to nss hosts database if enabled
We keep the "only add the nss module if nscd is enabled" logic for now.

The assertion never was triggered, so it can be removed.
Diffstat
-rw-r--r--nixos/modules/config/nsswitch.nix7
-rw-r--r--nixos/modules/system/boot/resolved.nix4
2 files changed, 4 insertions, 7 deletions
diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix
index 77e47a350ec..b191e6feb0a 100644
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -14,14 +14,12 @@ let
   nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
   nsswins = canLoadExternalModules && config.services.samba.nsswins;
   ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
-  resolved = canLoadExternalModules && config.services.resolved.enable;
 
   hostArray = mkMerge [
     (mkBefore [ "files" ])
     (mkIf mymachines [ "mymachines" ])
     (mkIf nssmdns [ "mdns_minimal [NOTFOUND=return]" ])
     (mkIf nsswins [ "wins" ])
-    (mkIf resolved [ "resolve [!UNAVAIL=return]" ])
     (mkAfter [ "dns" ])
     (mkIf nssmdns (mkOrder 1501 [ "mdns" ])) # 1501 to ensure it's after dns
     (mkIf myhostname (mkOrder 1600 [ "myhostname" ])) # 1600 to ensure it's always the last
@@ -134,11 +132,6 @@ in {
         assertion = config.system.nssModules.path != "" -> canLoadExternalModules;
         message = "Loading NSS modules from path ${config.system.nssModules.path} requires nscd being enabled.";
       }
-      {
-        # resolved does not need to add to nssModules, therefore needs an extra assertion
-        assertion = resolved -> canLoadExternalModules;
-        message = "Loading systemd-resolved's nss-resolve NSS module requires nscd being enabled.";
-      }
     ];
 
     # Name Service Switch configuration file.  Required by the C
diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix
index da61c64faf8..b7aaef575ac 100644
--- a/nixos/modules/system/boot/resolved.nix
+++ b/nixos/modules/system/boot/resolved.nix
@@ -138,6 +138,10 @@ in
 
     users.users.resolved.group = "systemd-resolve";
 
+    # add resolve to nss hosts database if enabled and nscd enabled
+    # system.nssModules is configured in nixos/modules/system/boot/systemd.nix
+    system.nssDatabases.hosts = optional config.services.nscd.enable "resolve [!UNAVAIL=return]";
+
     systemd.additionalUpstreamSystemUnits = [
       "systemd-resolved.service"
     ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-16 05:27:23 +0000