diff options
| author | Florian Klink <flokli@flokli.de> | 2022-10-07 10:53:14 +0200 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2022-10-21 09:37:18 +0200 |
| commit | aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28 (patch) | |
| tree | a8e37338f2e4aa9368c5dac2fb69e215a22c2d60 /nixos/modules/services/system | |
| parent | 308548f2533154a2c07e476a7851f9ede4c9db61 (diff) | |
| download | nixpkgs-aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28.tar nixpkgs-aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28.tar.gz nixpkgs-aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28.tar.bz2 nixpkgs-aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28.tar.lz nixpkgs-aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28.tar.xz nixpkgs-aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28.tar.zst nixpkgs-aee40c2d8a2327248b8f01c824ce0ed0bcf6ba28.zip | |
nixos/nscd: add enableNsncd option
When set, this switches from using nscd to using nsncd. It's a protocol-compatible, non-caching and much less flaky alternative.
Diffstat (limited to 'nixos/modules/services/system')
| -rw-r--r-- | nixos/modules/services/system/nscd.nix | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 7980ad0aed7..fdc5190d084 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -27,6 +27,15 @@ in ''; }; + enableNsncd = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to use nsncd instead of nscd. + This is a nscd-compatible daemon, that proxies lookups, without any caching. + ''; + }; + user = mkOption { type = types.str; default = "nscd"; @@ -60,7 +69,10 @@ in then pkgs.stdenv.cc.libc.bin else pkgs.glibc.bin; ''; - description = lib.mdDoc "package containing the nscd binary to be used by the service"; + description = lib.mdDoc '' + package containing the nscd binary to be used by the service. + Ignored when enableNsncd is set to true. + ''; }; }; @@ -82,7 +94,8 @@ in systemd.services.nscd = { - description = "Name Service Cache Daemon"; + description = "Name Service Cache Daemon" + + lib.optionalString cfg.enableNsncd " (nsncd)"; before = [ "nss-lookup.target" "nss-user-lookup.target" ]; wants = [ "nss-lookup.target" "nss-user-lookup.target" ]; @@ -91,14 +104,14 @@ in environment = { LD_LIBRARY_PATH = nssModulesPath; }; - restartTriggers = [ + restartTriggers = lib.optionals (!cfg.enableNsncd) ([ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source config.environment.etc."nscd.conf".source ] ++ optionals config.users.mysql.enable [ config.environment.etc."libnss-mysql.cfg".source config.environment.etc."libnss-mysql-root.cfg".source - ]; + ]); # In some configurations, nscd needs to be started as root; it will # drop privileges after all the NSS modules have read their @@ -109,8 +122,10 @@ in # and so users can set the owner of those files to the nscd user. serviceConfig = { - ExecStart = "!@${cfg.package}/bin/nscd nscd"; - Type = "forking"; + ExecStart = + if cfg.enableNsncd then "${pkgs.nsncd}/bin/nsncd" + else "!@${cfg.package}/bin/nscd nscd"; + Type = if cfg.enableNsncd then "notify" else "forking"; User = cfg.user; Group = cfg.group; RemoveIPC = true; @@ -123,13 +138,12 @@ in PIDFile = "/run/nscd/nscd.pid"; Restart = "always"; ExecReload = - [ + lib.optionals (!cfg.enableNsncd) [ "${cfg.package}/bin/nscd --invalidate passwd" "${cfg.package}/bin/nscd --invalidate group" "${cfg.package}/bin/nscd --invalidate hosts" ]; }; }; - }; } |