Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2dae6e0b5f85
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1266c8f93531
Choose a head ref
  • 4 commits
  • 1 file changed
  • 2 contributors

Commits on Jun 30, 2017

  1. nsswitch: fix typo specifying nss-resolve module 

    this had the effect of not being able to load nss-resolve
and falling back to dns module in all cases.
    @florianjacob
    florianjacob committed Jun 30, 2017
    Copy the full SHA
    63fa3e7 View commit details

  2. nsswitch: add assertions for enabled nscd

    @florianjacob
    florianjacob committed Jun 30, 2017
    Copy the full SHA
    7410b0c View commit details

  3. nsswitch: only add modules to nsswitch.conf if they can be loaded

    @florianjacob
    florianjacob committed Jun 30, 2017
    Copy the full SHA
    e370e97 View commit details

  4. Merge pull request #26967 from florianjacob/fix-systemd-resolved-nssw… 

    …itch-loading

Fix systemd resolved nsswitch loading and clearly state NSS module's dependency on nscd
    @Mic92
    Mic92 authored Jun 30, 2017
    Copy the full SHA
    1266c8f View commit details
Showing with 29 additions and 11 deletions.
  1. +29 −11 nixos/modules/config/nsswitch.nix
40 changes: 29 additions & 11 deletions nixos/modules/config/nsswitch.nix
View file
Original file line number Diff line number Diff line change
@@ -6,24 +6,29 @@ with lib;

let

inherit (config.services.avahi) nssmdns;
inherit (config.services.samba) nsswins;
ldap = (config.users.ldap.enable && config.users.ldap.nsswitch);
sssd = config.services.sssd.enable;
resolved = config.services.resolved.enable;

hostArray = [ "files" "mymachines" ]
# only with nscd up and running we can load NSS modules that are not integrated in NSS
canLoadExternalModules = config.services.nscd.enable;
myhostname = canLoadExternalModules;
mymachines = canLoadExternalModules;
nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
nsswins = canLoadExternalModules && config.services.samba.nsswins;
ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
sssd = canLoadExternalModules && config.services.sssd.enable;
resolved = canLoadExternalModules && config.services.resolved.enable;

hostArray = [ "files" ]
++ optionals mymachines [ "mymachines" ]
++ optionals nssmdns [ "mdns_minimal [!UNAVAIL=return]" ]
++ optionals nsswins [ "wins" ]
++ optionals resolved ["resolv [!UNAVAIL=return]"]
++ optionals resolved ["resolve [!UNAVAIL=return]"]
++ [ "dns" ]
++ optionals nssmdns [ "mdns" ]
++ ["myhostname" ];
++ optionals myhostname ["myhostname" ];

passwdArray = [ "files" ]
++ optional sssd "sss"
++ optionals ldap [ "ldap" ]
++ [ "mymachines" ];
++ optionals mymachines [ "mymachines" ];

shadowArray = [ "files" ]
++ optional sssd "sss"
@@ -36,6 +41,7 @@ in {
options = {

# NSS modules. Hacky!
# Only works with nscd!
system.nssModules = mkOption {
type = types.listOf types.path;
internal = true;
@@ -55,6 +61,18 @@ in {
};

config = {
assertions = [
{
# generic catch if the NixOS module adding to nssModules does not prevent it with specific message.
assertion = config.system.nssModules.path != "" -> canLoadExternalModules;
message = "Loading NSS modules from path ${config.system.nssModules.path} requires nscd being enabled.";
}
{
# resolved does not need to add to nssModules, therefore needs an extra assertion
assertion = resolved -> canLoadExternalModules;
message = "Loading systemd-resolved's nss-resolve NSS module requires nscd being enabled.";
}
];

# Name Service Switch configuration file. Required by the C
# library. !!! Factor out the mdns stuff. The avahi module
@@ -78,7 +96,7 @@ in {
# configured IP addresses, or ::1 and 127.0.0.2 as
# fallbacks. Systemd also provides nss-mymachines to return IP
# addresses of local containers.
system.nssModules = [ config.systemd.package.out ];
system.nssModules = optionals canLoadExternalModules [ config.systemd.package.out ];

};
}