diff --git a/modules/config/networking.nix b/modules/config/networking.nix
index 921972093ce..3ea86d2f9cf 100644
--- a/modules/config/networking.nix
+++ b/modules/config/networking.nix
@@ -18,13 +18,6 @@ let
 
   };
 
-  localhostWithDomain = optionalString (cfg.domain != "")
-    "localhost.${cfg.domain}";
-
-  hostnameWithDomain = optionalString
-    (cfg.domain != "" && cfg.hostName != "")
-    "${cfg.hostName}.${cfg.domain}";
-
 in
 
 {
@@ -49,9 +42,8 @@ in
       { # /etc/hosts: Hostname-to-IP mappings.
         source = pkgs.writeText "hosts"
           ''
-            ${optionalString (cfg.hostName != "")
-              "127.0.0.1 ${hostnameWithDomain} ${cfg.hostName}"}
-            127.0.0.1 localhost ${localhostWithDomain}
+            127.0.0.1 localhost
+            ::1 localhost
             ${cfg.extraHosts}
           '';
         target = "hosts";
diff --git a/modules/config/nsswitch-mdns.conf b/modules/config/nsswitch-mdns.conf
deleted file mode 100644
index 61dd436682d..00000000000
--- a/modules/config/nsswitch-mdns.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# NSS configuration files with mDNS enabled (requires running Avahi daemon).
-
-passwd:         ldap files
-group:          ldap files
-shadow:         ldap files
-
-hosts:          files mdns_minimal [NOTFOUND=return] dns mdns
-networks:       files dns
-
-services:       files
-protocols:      files
diff --git a/modules/config/nsswitch.conf b/modules/config/nsswitch.conf
deleted file mode 100644
index 44beaf5b44c..00000000000
--- a/modules/config/nsswitch.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-passwd:         files ldap
-group:          files ldap
-shadow:         files ldap
-
-hosts:          files dns
-networks:       files dns
-ethers:         files
-
-services:       files
-protocols:      files
diff --git a/modules/config/nsswitch.nix b/modules/config/nsswitch.nix
index cac6ff382a4..806ff876303 100644
--- a/modules/config/nsswitch.nix
+++ b/modules/config/nsswitch.nix
@@ -1,13 +1,15 @@
 # Configuration for the Name Service Switch (/etc/nsswitch.conf).
 
-{config, pkgs, ...}:
+{ config, pkgs, ... }:
+
+with pkgs.lib;
 
 let
 
   options = {
 
     # NSS modules.  Hacky!
-    system.nssModules = pkgs.lib.mkOption {
+    system.nssModules = mkOption {
       internal = true;
       default = [];
       description = "
@@ -15,48 +17,49 @@ let
         several DNS resolution methods to be specified via
         <filename>/etc/nsswitch.conf</filename>.
       ";
-      merge = pkgs.lib.mergeListOption;
+      merge = mergeListOption;
       apply = list:
         let
           list2 =
             list
             # !!! this should be in the LDAP module
-            ++ pkgs.lib.optional config.users.ldap.enable pkgs.nss_ldap;
+            ++ optional config.users.ldap.enable pkgs.nss_ldap;
         in {
           list = list2;
-          path = pkgs.lib.makeLibraryPath list2;
+          path = makeLibraryPath list2;
         };
     };
 
   };
 
+  inherit (config.services.avahi) nssmdns;
+
 in
 
 {
-  require = [options];
+  require = [ options ];
 
   environment.etc =
     [ # Name Service Switch configuration file.  Required by the C library.
       # !!! Factor out the mdns stuff.  The avahi module should define
       # an option used by this module.
-      { source =
-          if config.services.avahi.nssmdns
-          then ./nsswitch-mdns.conf
-          else ./nsswitch.conf;
+      { source = pkgs.writeText "nsswitch.conf"
+          ''
+            passwd:    files ldap
+            group:     files ldap
+            shadow:    files ldap
+            hosts:     files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} myhostname
+            networks:  files dns
+            ethers:    files
+            services:  files
+            protocols: files
+          '';
         target = "nsswitch.conf";
       }
     ];
 
-  environment.shellInit =
-    if config.system.nssModules.path != "" then
-      ''
-        LD_LIBRARY_PATH=${config.system.nssModules.path}:$LD_LIBRARY_PATH
-      ''
-    else "";
-
-  # NSS modules need to be in `systemPath' so that (i) the builder
-  # chroot gets to seem them, and (ii) applications can benefit from
-  # changes in the list of NSS modules at run-time, without requiring
-  # a reboot.
-  environment.systemPackages = [config.system.nssModules.list];
+  # Use nss-myhostname to ensure that our hostname always resolves to
+  # a valid IP address.  It returns all locally configured IP
+  # addresses, or ::1 and 127.0.0.2 as fallbacks.
+  system.nssModules = [ pkgs.nss_myhostname ];
 }
diff --git a/modules/services/mail/dovecot.nix b/modules/services/mail/dovecot.nix
index 9a9acf69c51..b4662936b3c 100644
--- a/modules/services/mail/dovecot.nix
+++ b/modules/services/mail/dovecot.nix
@@ -10,7 +10,7 @@ let
     ''
       base_dir = /var/run/dovecot2/
 
-      protocols = imap pop3
+      protocols = ${optionalString cfg.enableImap "imap"} ${optionalString cfg.enablePop3 "pop3"}
     ''
     + (if cfg.sslServerCert!="" then
     ''
@@ -62,6 +62,16 @@ in
         description = "Whether to enable the Dovecot 2.x POP3/IMAP server.";
       };
 
+      enablePop3 = mkOption {
+        default = true;
+        description = "Start the POP3 listener (when Dovecot is enabled).";
+      };
+
+      enableImap = mkOption {
+        default = true;
+        description = "Start the IMAP listener (when Dovecot is enabled).";
+      };
+
       user = mkOption {
         default = "dovecot2";
         description = "Dovecot user name.";
@@ -146,6 +156,9 @@ in
 
     environment.systemPackages = [ pkgs.dovecot ];
 
+    assertions = [{ assertion = cfg.enablePop3 || cfg.enableImap;
+                    message = "dovecot needs at least one of the IMAP or POP3 listeners enabled";}];
+
   };
 
 }