diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:57 +0000 |
commit | 9ff36293d1e428cd7bf03e8d4b03611b6d361c28 (patch) | |
tree | 1ab51a42b868c55b83f6ccdb80371b9888739dd9 /nixos/modules/config/nsswitch.nix | |
parent | 1c4fcd0d4b0541e674ee56ace1053e23e562cc80 (diff) | |
parent | ddc3c396a51918043bb0faa6f676abd9562be62c (diff) | |
download | nixpkgs-archive.tar nixpkgs-archive.tar.gz nixpkgs-archive.tar.bz2 nixpkgs-archive.tar.lz nixpkgs-archive.tar.xz nixpkgs-archive.tar.zst nixpkgs-archive.zip |
Last good Nixpkgs for Weston+nouveau? archive
I came this commit hash to terwiz[m] on IRC, who is trying to figure out what the last version of Spectrum that worked on their NUC with Nvidia graphics is.
Diffstat (limited to 'nixos/modules/config/nsswitch.nix')
-rw-r--r-- | nixos/modules/config/nsswitch.nix | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix new file mode 100644 index 00000000000..91a36cef10e --- /dev/null +++ b/nixos/modules/config/nsswitch.nix @@ -0,0 +1,133 @@ +# Configuration for the Name Service Switch (/etc/nsswitch.conf). + +{ config, lib, pkgs, ... }: + +with lib; + +{ + options = { + + # NSS modules. Hacky! + # Only works with nscd! + system.nssModules = mkOption { + type = types.listOf types.path; + internal = true; + default = []; + description = '' + Search path for NSS (Name Service Switch) modules. This allows + several DNS resolution methods to be specified via + <filename>/etc/nsswitch.conf</filename>. + ''; + apply = list: + { + inherit list; + path = makeLibraryPath list; + }; + }; + + system.nssDatabases = { + passwd = mkOption { + type = types.listOf types.str; + description = '' + List of passwd entries to configure in <filename>/etc/nsswitch.conf</filename>. + + Note that "files" is always prepended while "systemd" is appended if nscd is enabled. + + This option only takes effect if nscd is enabled. + ''; + default = []; + }; + + group = mkOption { + type = types.listOf types.str; + description = '' + List of group entries to configure in <filename>/etc/nsswitch.conf</filename>. + + Note that "files" is always prepended while "systemd" is appended if nscd is enabled. + + This option only takes effect if nscd is enabled. + ''; + default = []; + }; + + shadow = mkOption { + type = types.listOf types.str; + description = '' + List of shadow entries to configure in <filename>/etc/nsswitch.conf</filename>. + + Note that "files" is always prepended. + + This option only takes effect if nscd is enabled. + ''; + default = []; + }; + + hosts = mkOption { + type = types.listOf types.str; + description = '' + List of hosts entries to configure in <filename>/etc/nsswitch.conf</filename>. + + Note that "files" is always prepended, and "dns" and "myhostname" are always appended. + + This option only takes effect if nscd is enabled. + ''; + default = []; + }; + + services = mkOption { + type = types.listOf types.str; + description = '' + List of services entries to configure in <filename>/etc/nsswitch.conf</filename>. + + Note that "files" is always prepended. + + This option only takes effect if nscd is enabled. + ''; + default = []; + }; + }; + }; + + imports = [ + (mkRenamedOptionModule [ "system" "nssHosts" ] [ "system" "nssDatabases" "hosts" ]) + ]; + + config = { + assertions = [ + { + # Prevent users from disabling nscd, with nssModules being set. + # If disabling nscd is really necessary, it's still possible to opt out + # by forcing config.system.nssModules to []. + assertion = config.system.nssModules.path != "" -> config.services.nscd.enable; + message = "Loading NSS modules from system.nssModules (${config.system.nssModules.path}), requires services.nscd.enable being set to true."; + } + ]; + + # Name Service Switch configuration file. Required by the C + # library. + environment.etc."nsswitch.conf".text = '' + passwd: ${concatStringsSep " " config.system.nssDatabases.passwd} + group: ${concatStringsSep " " config.system.nssDatabases.group} + shadow: ${concatStringsSep " " config.system.nssDatabases.shadow} + + hosts: ${concatStringsSep " " config.system.nssDatabases.hosts} + networks: files + + ethers: files + services: ${concatStringsSep " " config.system.nssDatabases.services} + protocols: files + rpc: files + ''; + + system.nssDatabases = { + passwd = mkBefore [ "files" ]; + group = mkBefore [ "files" ]; + shadow = mkBefore [ "files" ]; + hosts = mkMerge [ + (mkOrder 998 [ "files" ]) + (mkOrder 1499 [ "dns" ]) + ]; + services = mkBefore [ "files" ]; + }; + }; +} |