From 4f9c8ef7911d5fdf125b6959244f18270e8e0a19 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Wed, 6 May 2020 00:09:59 +0200
Subject: [PATCH] nixos/ldap: move nss database configuration into ldap module

now that passwdArray and shadowArray aren't used anymore, these can be
folded.
---
 nixos/modules/config/ldap.nix     |  4 ++++
 nixos/modules/config/nsswitch.nix | 17 +++--------------
 2 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix
index 4c8b527676b..1a5dbcd4e26 100644
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@@ -244,6 +244,10 @@ in
       if cfg.daemon.enable then nss_pam_ldapd else nss_ldap
     );
 
+    system.nssDatabases.group = optional cfg.nsswitch "ldap";
+    system.nssDatabases.passwd = optional cfg.nsswitch "ldap";
+    system.nssDatabases.shadow = optional cfg.nsswitch "ldap";
+
     users = mkIf cfg.daemon.enable {
       groups.nslcd = {
         gid = config.ids.gids.nslcd;
diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix
index 22ddb3490c8..465c910d95b 100644
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -11,7 +11,6 @@ let
   # XXX Move these to their respective modules
   nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
   nsswins = canLoadExternalModules && config.services.samba.nsswins;
-  ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
 
   hostArray = mkMerge [
     (mkBefore [ "files" ])
@@ -21,16 +20,6 @@ let
     (mkIf nssmdns (mkOrder 1501 [ "mdns" ])) # 1501 to ensure it's after dns
   ];
 
-  passwdArray = mkMerge [
-    (mkBefore [ "files" ])
-    (mkIf ldap [ "ldap" ])
-  ];
-
-  shadowArray = mkMerge [
-    (mkBefore [ "files" ])
-    (mkIf ldap [ "ldap" ])
-  ];
-
 in {
   options = {
 
@@ -145,9 +134,9 @@ in {
     '';
 
     system.nssDatabases = {
-      passwd = passwdArray;
-      group = passwdArray;
-      shadow = shadowArray;
+      passwd = mkBefore [ "files" ];
+      group = mkBefore [ "files" ];
+      shadow = mkBefore [ "files" ];
       hosts = hostArray;
       services = mkBefore [ "files" ];
     };