2 files changed, 6 insertions, 9 deletions

diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix
index 186dd7376e9..0acd8900e7b 100644
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -14,7 +14,6 @@ let
   nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
   nsswins = canLoadExternalModules && config.services.samba.nsswins;
   ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
-  sssd = canLoadExternalModules && config.services.sssd.enable;
   resolved = canLoadExternalModules && config.services.resolved.enable;
   googleOsLogin = canLoadExternalModules && config.security.googleOsLogin.enable;
 
@@ -31,7 +30,6 @@ let
 
   passwdArray = mkMerge [
     (mkBefore [ "files" ])
-    (mkIf sssd [ "sss" ])
     (mkIf ldap [ "ldap" ])
     (mkIf mymachines [ "mymachines" ])
     (mkIf googleOsLogin [ "cache_oslogin oslogin" ])
@@ -40,15 +38,9 @@ let
 
   shadowArray = mkMerge [
     (mkBefore [ "files" ])
-    (mkIf sssd [ "sss" ])
     (mkIf ldap [ "ldap" ])
   ];
 
-  servicesArray = mkMerge [
-    (mkBefore [ "files" ])
-    (mkIf sssd [ "sss" ])
-  ];
-
 in {
   options = {
 
@@ -172,7 +164,7 @@ in {
       group = passwdArray;
       shadow = shadowArray;
       hosts = hostArray;
-      services = servicesArray;
+      services = mkBefore [ "files" ];
     };
 
     # Systemd provides nss-myhostname to ensure that our hostname
diff --git a/nixos/modules/services/misc/sssd.nix b/nixos/modules/services/misc/sssd.nix
index 36008d25741..77f6ccfe64f 100644
--- a/nixos/modules/services/misc/sssd.nix
+++ b/nixos/modules/services/misc/sssd.nix
@@ -75,6 +75,11 @@ in {
       };
 
       system.nssModules = optional cfg.enable pkgs.sssd;
+      system.nssDatabases = {
+        passwd = [ "sss" ];
+        shadow = [ "sss" ];
+        services = [ "sss" ];
+      };
       services.dbus.packages = [ pkgs.sssd ];
     })