nixos/sss: Move nsswitch config into the module

2020-04-28 17:02:46 +02:00
parent bc2a4b341a
commit edddc7c82a
2 changed files with 6 additions and 9 deletions
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -14,7 +14,6 @@ let
  nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
  nsswins = canLoadExternalModules && config.services.samba.nsswins;
  ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
-  sssd = canLoadExternalModules && config.services.sssd.enable;
  resolved = canLoadExternalModules && config.services.resolved.enable;
  googleOsLogin = canLoadExternalModules && config.security.googleOsLogin.enable;

@@ -31,7 +30,6 @@ let

  passwdArray = mkMerge [
    (mkBefore [ "files" ])
-    (mkIf sssd [ "sss" ])
    (mkIf ldap [ "ldap" ])
    (mkIf mymachines [ "mymachines" ])
    (mkIf googleOsLogin [ "cache_oslogin oslogin" ])
@@ -40,15 +38,9 @@ let

  shadowArray = mkMerge [
    (mkBefore [ "files" ])
-    (mkIf sssd [ "sss" ])
    (mkIf ldap [ "ldap" ])
  ];

-  servicesArray = mkMerge [
-    (mkBefore [ "files" ])
-    (mkIf sssd [ "sss" ])
-  ];
-
 in {
  options = {

@@ -172,7 +164,7 @@ in {
      group = passwdArray;
      shadow = shadowArray;
      hosts = hostArray;
-      services = servicesArray;
+      services = mkBefore [ "files" ];
    };

    # Systemd provides nss-myhostname to ensure that our hostname
--- a/nixos/modules/services/misc/sssd.nix
+++ b/nixos/modules/services/misc/sssd.nix
@@ -75,6 +75,11 @@ in {
      };

      system.nssModules = optional cfg.enable pkgs.sssd;
+      system.nssDatabases = {
+        passwd = [ "sss" ];
+        shadow = [ "sss" ];
+        services = [ "sss" ];
+      };
      services.dbus.packages = [ pkgs.sssd ];
    })