78 lines
2.0 KiB
Nix
78 lines
2.0 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
nssModulesPath = config.system.nssModules.path;
|
|
cfg = config.services.nscd;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.nscd = {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Whether to enable the Name Service Cache Daemon.";
|
|
};
|
|
|
|
config = mkOption {
|
|
type = types.lines;
|
|
default = builtins.readFile ./nscd.conf;
|
|
description = "Configuration to use for Name Service Cache Daemon.";
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.etc."nscd.conf".text = cfg.config;
|
|
|
|
systemd.services.nscd =
|
|
{ description = "Name Service Cache Daemon";
|
|
|
|
wantedBy = [ "nss-lookup.target" "nss-user-lookup.target" ];
|
|
|
|
environment = { LD_LIBRARY_PATH = nssModulesPath; };
|
|
|
|
restartTriggers = [
|
|
config.environment.etc.hosts.source
|
|
config.environment.etc."nsswitch.conf".source
|
|
config.environment.etc."nscd.conf".source
|
|
];
|
|
|
|
# We use DynamicUser because in default configurations nscd doesn't
|
|
# create any files that need to survive restarts. However, in some
|
|
# configurations, nscd needs to be started as root; it will drop
|
|
# privileges after all the NSS modules have read their configuration
|
|
# files. So prefix the ExecStart command with "!" to prevent systemd
|
|
# from dropping privileges early. See ExecStart in systemd.service(5).
|
|
serviceConfig =
|
|
{ ExecStart = "!@${pkgs.glibc.bin}/sbin/nscd nscd";
|
|
Type = "forking";
|
|
DynamicUser = true;
|
|
RuntimeDirectory = "nscd";
|
|
PIDFile = "/run/nscd/nscd.pid";
|
|
Restart = "always";
|
|
ExecReload =
|
|
[ "${pkgs.glibc.bin}/sbin/nscd --invalidate passwd"
|
|
"${pkgs.glibc.bin}/sbin/nscd --invalidate group"
|
|
"${pkgs.glibc.bin}/sbin/nscd --invalidate hosts"
|
|
];
|
|
};
|
|
};
|
|
|
|
};
|
|
}
|