nixpkgs/nixos/modules/config/nsswitch.nix

# Configuration for the Name Service Switch (/etc/nsswitch.conf).

{ config, lib, pkgs, ... }:

with lib;

let

  inherit (config.services.avahi) nssmdns;
  inherit (config.services.samba) nsswins;
  ldap = (config.users.ldap.enable && config.users.ldap.nsswitch);

  hostArray = [ "files" "mymachines" ]
    ++ optionals nssmdns [ "mdns_minimal [!UNAVAIL=return]" ]
    ++ optionals nsswins [ "wins" ]
    ++ [ "dns" ]
    ++ optionals nssmdns [ "mdns" ]
    ++ ["myhostname" ];

  passwdArray = [ "files" ]
    ++ optionals ldap [ "ldap" ]
    ++ [ "mymachines" ];

  shadowArray = [ "files" ]
    ++ optionals ldap [ "ldap" ];

in {
  options = {

    # NSS modules.  Hacky!
    system.nssModules = mkOption {
      type = types.listOf types.path;
      internal = true;
      default = [];
      description = ''
        Search path for NSS (Name Service Switch) modules.  This allows
        several DNS resolution methods to be specified via
        <filename>/etc/nsswitch.conf</filename>.
      '';
      apply = list:
        {
          inherit list;
          path = makeLibraryPath list;
        };
    };

  };

  config = {

    # Name Service Switch configuration file.  Required by the C
    # library.  !!! Factor out the mdns stuff.  The avahi module
    # should define an option used by this module.
    environment.etc."nsswitch.conf".text = ''
      passwd:    ${concatStringsSep " " passwdArray}
      group:     ${concatStringsSep " " passwdArray}
      shadow:    ${concatStringsSep " " shadowArray}

      hosts:     ${concatStringsSep " " hostArray}
      networks:  files

      ethers:    files
      services:  files
      protocols: files
      rpc:       files
    '';

    # Systemd provides nss-myhostname to ensure that our hostname
    # always resolves to a valid IP address.  It returns all locally
    # configured IP addresses, or ::1 and 127.0.0.2 as
    # fallbacks. Systemd also provides nss-mymachines to return IP
    # addresses of local containers.
    system.nssModules = [ config.systemd.package.out ];

  };
}
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`# Configuration for the Name Service Switch (/etc/nsswitch.conf).`

Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`{ config, lib, pkgs, ... }:`
Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`with lib;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00
			`let`

Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`inherit (config.services.avahi) nssmdns;`
Add services.samba.nsswins option This option allows for seamless WINS/NetBIOS name lookup, using nsswitch. 2013-08-25 22:12:14 +02:00			`inherit (config.services.samba) nsswins;`
ldap: Add option for NSS integration 2016-07-18 13:24:21 +00:00			`ldap = (config.users.ldap.enable && config.users.ldap.nsswitch);`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00
/etc/hosts and /etc/nsswitch.conf cleanups fixes #18183 2016-09-01 17:00:20 +08:00			`hostArray = [ "files" "mymachines" ]`
			`++ optionals nssmdns [ "mdns_minimal [!UNAVAIL=return]" ]`
			`++ optionals nsswins [ "wins" ]`
			`++ [ "dns" ]`
			`++ optionals nssmdns [ "mdns" ]`
			`++ ["myhostname" ];`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00
/etc/hosts and /etc/nsswitch.conf cleanups fixes #18183 2016-09-01 17:00:20 +08:00			`passwdArray = [ "files" ]`
			`++ optionals ldap [ "ldap" ]`
			`++ [ "mymachines" ];`

			`shadowArray = [ "files" ]`
			`++ optionals ldap [ "ldap" ];`

			`in {`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`options = {`

			`# NSS modules. Hacky!`
Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00			`system.nssModules = mkOption {`
Remove uses of the "merge" option attribute It's redundant because you can (and should) specify an option type, or an apply function. 2013-10-28 16:14:15 +01:00			`type = types.listOf types.path;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`internal = true;`
			`default = [];`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`description = ''`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`Search path for NSS (Name Service Switch) modules. This allows`
			`several DNS resolution methods to be specified via`
			`<filename>/etc/nsswitch.conf</filename>.`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`'';`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`apply = list:`
Add support for nslcd (nss-pam-ldapd) as users.ldap.daemon option 2012-09-16 19:14:19 +02:00			`{`
			`inherit list;`
			`path = makeLibraryPath list;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`};`
			`};`

			`};`

Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`config = {`

Enable systemd's mymachines NSS module It makes every local container registered with machined resolvable. 2014-08-24 17:08:55 +02:00			`# Name Service Switch configuration file. Required by the C`
			`# library. !!! Factor out the mdns stuff. The avahi module`
			`# should define an option used by this module.`
/etc/hosts and /etc/nsswitch.conf cleanups fixes #18183 2016-09-01 17:00:20 +08:00			`environment.etc."nsswitch.conf".text = ''`
			`passwd: ${concatStringsSep " " passwdArray}`
			`group: ${concatStringsSep " " passwdArray}`
			`shadow: ${concatStringsSep " " shadowArray}`

			`hosts: ${concatStringsSep " " hostArray}`
			`networks: files`

			`ethers: files`
			`services: files`
			`protocols: files`
			`rpc: files`
			`'';`
Enable systemd's mymachines NSS module It makes every local container registered with machined resolvable. 2014-08-24 17:08:55 +02:00
			`# Systemd provides nss-myhostname to ensure that our hostname`
			`# always resolves to a valid IP address. It returns all locally`
			`# configured IP addresses, or ::1 and 127.0.0.2 as`
			`# fallbacks. Systemd also provides nss-mymachines to return IP`
			`# addresses of local containers.`
nssModules: include correct systemd output fixes libnss_myhost, libnss_mymachines, libnss_resolve are located here 2016-12-15 15:04:46 +01:00			`system.nssModules = [ config.systemd.package.out ];`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`};`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`}`