| blob | 71c79eafeb094788e01bdd4b781f99222a075d33 |
1 # Configuration for the Name Service Switch (/etc/nsswitch.conf).
2 { config, lib, pkgs, ... }:
3 {
4 options = {
6 # NSS modules. Hacky!
7 # Only works with nscd!
8 system.nssModules = lib.mkOption {
9 type = lib.types.listOf lib.types.path;
10 internal = true;
11 default = [ ];
12 description = ''
13 Search path for NSS (Name Service Switch) modules. This allows
14 several DNS resolution methods to be specified via
15 {file}`/etc/nsswitch.conf`.
16 '';
17 apply = list:
18 {
19 inherit list;
20 path = lib.makeLibraryPath list;
21 };
22 };
24 system.nssDatabases = {
25 passwd = lib.mkOption {
26 type = lib.types.listOf lib.types.str;
27 description = ''
28 List of passwd entries to configure in {file}`/etc/nsswitch.conf`.
30 Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
32 This option only takes effect if nscd is enabled.
33 '';
34 default = [ ];
35 };
37 group = lib.mkOption {
38 type = lib.types.listOf lib.types.str;
39 description = ''
40 List of group entries to configure in {file}`/etc/nsswitch.conf`.
42 Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
44 This option only takes effect if nscd is enabled.
45 '';
46 default = [ ];
47 };
49 shadow = lib.mkOption {
50 type = lib.types.listOf lib.types.str;
51 description = ''
52 List of shadow entries to configure in {file}`/etc/nsswitch.conf`.
54 Note that "files" is always prepended.
56 This option only takes effect if nscd is enabled.
57 '';
58 default = [ ];
59 };
61 sudoers = lib.mkOption {
62 type = lib.types.listOf lib.types.str;
63 description = ''
64 List of sudoers entries to configure in {file}`/etc/nsswitch.conf`.
66 Note that "files" is always prepended.
68 This option only takes effect if nscd is enabled.
69 '';
70 default = [ ];
71 };
73 hosts = lib.mkOption {
74 type = lib.types.listOf lib.types.str;
75 description = ''
76 List of hosts entries to configure in {file}`/etc/nsswitch.conf`.
78 Note that "files" is always prepended, and "dns" and "myhostname" are always appended.
80 This option only takes effect if nscd is enabled.
81 '';
82 default = [ ];
83 };
85 services = lib.mkOption {
86 type = lib.types.listOf lib.types.str;
87 description = ''
88 List of services entries to configure in {file}`/etc/nsswitch.conf`.
90 Note that "files" is always prepended.
92 This option only takes effect if nscd is enabled.
93 '';
94 default = [ ];
95 };
96 };
97 };
99 imports = [
100 (lib.mkRenamedOptionModule [ "system" "nssHosts" ] [ "system" "nssDatabases" "hosts" ])
101 ];
103 config = {
104 assertions = [
105 {
106 assertion = config.system.nssModules.path != "" -> config.services.nscd.enable;
107 message = ''
108 Loading NSS modules from system.nssModules (${config.system.nssModules.path}),
109 requires services.nscd.enable being set to true.
111 If disabling nscd is really necessary, it is possible to disable loading NSS modules
112 by setting `system.nssModules = lib.mkForce [];` in your configuration.nix.
113 '';
114 }
115 ];
117 # Name Service Switch configuration file. Required by the C
118 # library.
119 environment.etc."nsswitch.conf".text = ''
120 passwd: ${lib.concatStringsSep " " config.system.nssDatabases.passwd}
121 group: ${lib.concatStringsSep " " config.system.nssDatabases.group}
122 shadow: ${lib.concatStringsSep " " config.system.nssDatabases.shadow}
123 sudoers: ${lib.concatStringsSep " " config.system.nssDatabases.sudoers}
125 hosts: ${lib.concatStringsSep " " config.system.nssDatabases.hosts}
126 networks: files
128 ethers: files
129 services: ${lib.concatStringsSep " " config.system.nssDatabases.services}
130 protocols: files
131 rpc: files
132 '';
134 system.nssDatabases = {
135 passwd = lib.mkBefore [ "files" ];
136 group = lib.mkBefore [ "files" ];
137 shadow = lib.mkBefore [ "files" ];
138 sudoers = lib.mkBefore [ "files" ];
139 hosts = lib.mkMerge [
140 (lib.mkOrder 998 [ "files" ])
141 (lib.mkOrder 1499 [ "dns" ])
142 ];
143 services = lib.mkBefore [ "files" ];
144 };
145 };
146 }