nixpkgs/nixos/modules/config/nsswitch.nix

# Configuration for the Name Service Switch (/etc/nsswitch.conf).

{ config, lib, pkgs, ... }:

with lib;

let

  inherit (config.services.avahi) nssmdns;
  inherit (config.services.samba) nsswins;
  ldap = config.users.ldap.enable;

in

{
  options = {

    # NSS modules.  Hacky!
    system.nssModules = mkOption {
      type = types.listOf types.path;
      internal = true;
      default = [];
      description = ''
        Search path for NSS (Name Service Switch) modules.  This allows
        several DNS resolution methods to be specified via
        <filename>/etc/nsswitch.conf</filename>.
      '';
      apply = list:
        {
          inherit list;
          path = makeLibraryPath list;
        };
    };

  };

  config = {

    # Name Service Switch configuration file.  Required by the C
    # library.  !!! Factor out the mdns stuff.  The avahi module
    # should define an option used by this module.
    environment.etc."nsswitch.conf".text =
      ''
        passwd:    files ${optionalString ldap "ldap"}
        group:     files ${optionalString ldap "ldap"}
        shadow:    files ${optionalString ldap "ldap"}
        hosts:     files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname mymachines
        networks:  files dns
        ethers:    files
        services:  files
        protocols: files
      '';

    # Systemd provides nss-myhostname to ensure that our hostname
    # always resolves to a valid IP address.  It returns all locally
    # configured IP addresses, or ::1 and 127.0.0.2 as
    # fallbacks. Systemd also provides nss-mymachines to return IP
    # addresses of local containers.
    system.nssModules = [ config.systemd.package ];

  };
}
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`# Configuration for the Name Service Switch (/etc/nsswitch.conf).`

Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`{ config, lib, pkgs, ... }:`
Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`with lib;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00
			`let`

Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`inherit (config.services.avahi) nssmdns;`
Add services.samba.nsswins option This option allows for seamless WINS/NetBIOS name lookup, using nsswitch. 2013-08-25 22:12:14 +02:00			`inherit (config.services.samba) nsswins;`
nsswitch.conf: Omit ldap unless ldap is enabled This prevents programs from trying to find nss_ldap. 2015-02-25 13:22:39 +01:00			`ldap = config.users.ldap.enable;`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00
			`in`

			`{`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`options = {`

			`# NSS modules. Hacky!`
Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00			`system.nssModules = mkOption {`
Remove uses of the "merge" option attribute It's redundant because you can (and should) specify an option type, or an apply function. 2013-10-28 16:14:15 +01:00			`type = types.listOf types.path;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`internal = true;`
			`default = [];`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`description = ''`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`Search path for NSS (Name Service Switch) modules. This allows`
			`several DNS resolution methods to be specified via`
			`<filename>/etc/nsswitch.conf</filename>.`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`'';`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`apply = list:`
Add support for nslcd (nss-pam-ldapd) as users.ldap.daemon option 2012-09-16 19:14:19 +02:00			`{`
			`inherit list;`
			`path = makeLibraryPath list;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`};`
			`};`

			`};`

Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`config = {`

Enable systemd's mymachines NSS module It makes every local container registered with machined resolvable. 2014-08-24 17:08:55 +02:00			`# Name Service Switch configuration file. Required by the C`
			`# library. !!! Factor out the mdns stuff. The avahi module`
			`# should define an option used by this module.`
			`environment.etc."nsswitch.conf".text =`
			`''`
nsswitch.conf: Omit ldap unless ldap is enabled This prevents programs from trying to find nss_ldap. 2015-02-25 13:22:39 +01:00			`passwd: files ${optionalString ldap "ldap"}`
			`group: files ${optionalString ldap "ldap"}`
			`shadow: files ${optionalString ldap "ldap"}`
Enable systemd's mymachines NSS module It makes every local container registered with machined resolvable. 2014-08-24 17:08:55 +02:00			`hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname mymachines`
			`networks: files dns`
			`ethers: files`
			`services: files`
			`protocols: files`
			`'';`

			`# Systemd provides nss-myhostname to ensure that our hostname`
			`# always resolves to a valid IP address. It returns all locally`
			`# configured IP addresses, or ::1 and 127.0.0.2 as`
			`# fallbacks. Systemd also provides nss-mymachines to return IP`
			`# addresses of local containers.`
			`system.nssModules = [ config.systemd.package ];`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`};`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`}`