nixpkgs/nixos/modules/config/nsswitch.nix

# Configuration for the Name Service Switch (/etc/nsswitch.conf).

{ config, lib, pkgs, ... }:

with lib;

{
  options = {

    # NSS modules.  Hacky!
    # Only works with nscd!
    system.nssModules = mkOption {
      type = types.listOf types.path;
      internal = true;
      default = [];
      description = ''
        Search path for NSS (Name Service Switch) modules.  This allows
        several DNS resolution methods to be specified via
        <filename>/etc/nsswitch.conf</filename>.
      '';
      apply = list:
        {
          inherit list;
          path = makeLibraryPath list;
        };
    };

    system.nssDatabases = {
      passwd = mkOption {
        type = types.listOf types.str;
        description = ''
          List of passwd entries to configure in <filename>/etc/nsswitch.conf</filename>.

          Note that "files" is always prepended while "systemd" is appended if nscd is enabled.

          This option only takes effect if nscd is enabled.
        '';
        default = [];
      };

      group = mkOption {
        type = types.listOf types.str;
        description = ''
          List of group entries to configure in <filename>/etc/nsswitch.conf</filename>.

          Note that "files" is always prepended while "systemd" is appended if nscd is enabled.

          This option only takes effect if nscd is enabled.
        '';
        default = [];
      };

      shadow = mkOption {
        type = types.listOf types.str;
        description = ''
          List of shadow entries to configure in <filename>/etc/nsswitch.conf</filename>.

          Note that "files" is always prepended.

          This option only takes effect if nscd is enabled.
        '';
        default = [];
      };

      hosts = mkOption {
        type = types.listOf types.str;
        description = ''
          List of hosts entries to configure in <filename>/etc/nsswitch.conf</filename>.

          Note that "files" is always prepended, and "dns" and "myhostname" are always appended.

          This option only takes effect if nscd is enabled.
        '';
        default = [];
      };

      services = mkOption {
        type = types.listOf types.str;
        description = ''
          List of services entries to configure in <filename>/etc/nsswitch.conf</filename>.

          Note that "files" is always prepended.

          This option only takes effect if nscd is enabled.
        '';
        default = [];
      };
    };
  };

  imports = [
    (mkRenamedOptionModule [ "system" "nssHosts" ] [ "system" "nssDatabases" "hosts" ])
  ];

  config = {
    assertions = [
      {
        # Prevent users from disabling nscd, with nssModules being set.
        # If disabling nscd is really necessary, it's still possible to opt out
        # by forcing config.system.nssModules to [].
        assertion = config.system.nssModules.path != "" -> config.services.nscd.enable;
        message = "Loading NSS modules from system.nssModules (${config.system.nssModules.path}), requires services.nscd.enable being set to true.";
      }
    ];

    # Name Service Switch configuration file.  Required by the C
    # library.
    environment.etc."nsswitch.conf".text = ''
      passwd:    ${concatStringsSep " " config.system.nssDatabases.passwd}
      group:     ${concatStringsSep " " config.system.nssDatabases.group}
      shadow:    ${concatStringsSep " " config.system.nssDatabases.shadow}

      hosts:     ${concatStringsSep " " config.system.nssDatabases.hosts}
      networks:  files

      ethers:    files
      services:  ${concatStringsSep " " config.system.nssDatabases.services}
      protocols: files
      rpc:       files
    '';

    system.nssDatabases = {
      passwd = mkBefore [ "files" ];
      group = mkBefore [ "files" ];
      shadow = mkBefore [ "files" ];
      hosts = mkMerge [
        (mkBefore [ "files" ])
        (mkAfter [ "dns" ])
      ];
      services = mkBefore [ "files" ];
    };
  };
}
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`# Configuration for the Name Service Switch (/etc/nsswitch.conf).`

config.nsswitch: load cache_oslogin and oslogin nss modules if config.security.googleOsLogin.enable is set 2018-12-12 13:57:31 +01:00			`{ config, lib, pkgs, ... }:`
Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`with lib;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00
nixos/samba: move nss database configuration into samba module 2020-05-06 00:20:30 +02:00			`{`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`options = {`

			`# NSS modules. Hacky!`
nsswitch: add assertions for enabled nscd 2017-06-30 02:20:09 +02:00			`# Only works with nscd!`
Generate nsswitch.conf properly 2012-10-06 20:58:46 -04:00			`system.nssModules = mkOption {`
Remove uses of the "merge" option attribute It's redundant because you can (and should) specify an option type, or an apply function. 2013-10-28 16:14:15 +01:00			`type = types.listOf types.path;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`internal = true;`
			`default = [];`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`description = ''`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`Search path for NSS (Name Service Switch) modules. This allows`
			`several DNS resolution methods to be specified via`
			`<filename>/etc/nsswitch.conf</filename>.`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`'';`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`apply = list:`
Add support for nslcd (nss-pam-ldapd) as users.ldap.daemon option 2012-09-16 19:14:19 +02:00			`{`
			`inherit list;`
			`path = makeLibraryPath list;`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`};`
			`};`

nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`system.nssDatabases = {`
			`passwd = mkOption {`
			`type = types.listOf types.str;`
			`description = ''`
			`List of passwd entries to configure in <filename>/etc/nsswitch.conf</filename>.`

			`Note that "files" is always prepended while "systemd" is appended if nscd is enabled.`

			`This option only takes effect if nscd is enabled.`
			`'';`
			`default = [];`
			`};`

			`group = mkOption {`
			`type = types.listOf types.str;`
			`description = ''`
			`List of group entries to configure in <filename>/etc/nsswitch.conf</filename>.`

			`Note that "files" is always prepended while "systemd" is appended if nscd is enabled.`

			`This option only takes effect if nscd is enabled.`
			`'';`
			`default = [];`
			`};`

			`shadow = mkOption {`
			`type = types.listOf types.str;`
			`description = ''`
			`List of shadow entries to configure in <filename>/etc/nsswitch.conf</filename>.`
nixos/nsswitch: add option to configure nssHosts Enables adding or overriding the default nsswitch hosts in a generic way for packages without a nixos module. 2019-02-15 19:22:14 +01:00
nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`Note that "files" is always prepended.`

			`This option only takes effect if nscd is enabled.`
			`'';`
			`default = [];`
			`};`

			`hosts = mkOption {`
			`type = types.listOf types.str;`
			`description = ''`
			`List of hosts entries to configure in <filename>/etc/nsswitch.conf</filename>.`

			`Note that "files" is always prepended, and "dns" and "myhostname" are always appended.`

			`This option only takes effect if nscd is enabled.`
			`'';`
			`default = [];`
			`};`

			`services = mkOption {`
			`type = types.listOf types.str;`
			`description = ''`
			`List of services entries to configure in <filename>/etc/nsswitch.conf</filename>.`

			`Note that "files" is always prepended.`

			`This option only takes effect if nscd is enabled.`
			`'';`
			`default = [];`
			`};`
			`};`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`};`

nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`imports = [`
			`(mkRenamedOptionModule [ "system" "nssHosts" ] [ "system" "nssDatabases" "hosts" ])`
			`];`

Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`config = {`
nsswitch: add assertions for enabled nscd 2017-06-30 02:20:09 +02:00			`assertions = [`
			`{`
nixos/nsswitch: update comment next to assertion 2020-05-06 00:29:35 +02:00			`# Prevent users from disabling nscd, with nssModules being set.`
			`# If disabling nscd is really necessary, it's still possible to opt out`
			`# by forcing config.system.nssModules to [].`
nixos/samba: move nss database configuration into samba module 2020-05-06 00:20:30 +02:00			`assertion = config.system.nssModules.path != "" -> config.services.nscd.enable;`
nixos/nsswitch: improve error message Show the config option triggering the assertion, so people don't necessary lookup the nixpkgs source code. 2020-05-09 16:39:58 +02:00			`message = "Loading NSS modules from system.nssModules (${config.system.nssModules.path}), requires services.nscd.enable being set to true.";`
nsswitch: add assertions for enabled nscd 2017-06-30 02:20:09 +02:00			`}`
			`];`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00
Enable systemd's mymachines NSS module It makes every local container registered with machined resolvable. 2014-08-24 17:08:55 +02:00			`# Name Service Switch configuration file. Required by the C`
nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`# library.`
/etc/hosts and /etc/nsswitch.conf cleanups fixes #18183 2016-09-01 17:00:20 +08:00			`environment.etc."nsswitch.conf".text = ''`
nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`passwd: ${concatStringsSep " " config.system.nssDatabases.passwd}`
			`group: ${concatStringsSep " " config.system.nssDatabases.group}`
			`shadow: ${concatStringsSep " " config.system.nssDatabases.shadow}`
/etc/hosts and /etc/nsswitch.conf cleanups fixes #18183 2016-09-01 17:00:20 +08:00
nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`hosts: ${concatStringsSep " " config.system.nssDatabases.hosts}`
/etc/hosts and /etc/nsswitch.conf cleanups fixes #18183 2016-09-01 17:00:20 +08:00			`networks: files`

			`ethers: files`
nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`services: ${concatStringsSep " " config.system.nssDatabases.services}`
/etc/hosts and /etc/nsswitch.conf cleanups fixes #18183 2016-09-01 17:00:20 +08:00			`protocols: files`
			`rpc: files`
			`'';`
Enable systemd's mymachines NSS module It makes every local container registered with machined resolvable. 2014-08-24 17:08:55 +02:00
nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`system.nssDatabases = {`
nixos/ldap: move nss database configuration into ldap module now that passwdArray and shadowArray aren't used anymore, these can be folded. 2020-05-06 00:09:59 +02:00			`passwd = mkBefore [ "files" ];`
			`group = mkBefore [ "files" ];`
			`shadow = mkBefore [ "files" ];`
nixos/samba: move nss database configuration into samba module 2020-05-06 00:20:30 +02:00			`hosts = mkMerge [`
			`(mkBefore [ "files" ])`
			`(mkAfter [ "dns" ])`
			`];`
nixos/sss: Move nsswitch config into the module 2020-04-28 17:02:46 +02:00			`services = mkBefore [ "files" ];`
nixos/nsswitch: Make databases more configurable Instead of hardcoding all nss modules that are added into nsswitch, there are now options exposed. This allows users to add own nss modules (I had this issue with winbindd, for example). Also, nss modules could be moved to their NixOS modules which would make the nsswitch module slimmer. As the lists are now handled by the modules system, we can use mkOrder to ensure a proper order as well as mkForce to override one specific database type instead of the entire file. 2020-04-25 14:27:50 +02:00			`};`
Update all legacy-style modules I.e., modules that use "require = [options]". Nowadays that should be written as { options = { ... }; config = { ... }; }; Also, use "imports" instead of "require" in places where we actually import another module. 2013-09-04 13:05:09 +02:00			`};`
* Refactoring: moved some options out of system/options.nix (almost empty now), do more of bashrc.sh declaratively, and moved nsswitch generation to modules/config/nsswitch.nix. svn path=/nixos/branches/modular-nixos/; revision=15754 2009-05-27 23:14:38 +00:00			`}`