When resolved / networkd is enabled, you can test this with ping gateway, which is a synthesized dns entry from resolved. Won't work currently, but after applying this patch.

Regarding the 2nd commit, can we add an assertion instead of a comment (or in addition)?

@bjornfor Any idea for a good assertion? Failing an assertion would be nice, but just „if this option is used, assert nscd.enable = true;“ would currently mean all of nsswitch would always fail if nscd is disabled, because it is using this option itself when adding the systemd nss modules:

https://github.com/florianjacob/nixpkgs/blob/9495cef848ba41574983b7e2183bc16d646d42e7/nixos/modules/config/nsswitch.nix#L83

We could make that conditional on whether nscd is enabled, then. But then this still would not fail if a user enables resolved but disables nscd. It would guard nix module authors from using this option without nscd, though, which is better that not doing it.

@florianjacob: No idea. I didn't look at the code. I was just hoping there was some NixOS option that could be checked at evaluation time.

I think what we can do would be:

• Add assertion to nssModules to depend on nscd
• Add systemd modules to nssModules only if nscd is enabled
• Add another assertion in nsswitch for all dynamic modules, like “assert = resolved.enable || … || ldap.enable => nscd.enable”

Does that seem sensible? It operates on the assumption that any of these services are not really useful without nsswitch.conf, but I guess that's the case.

I think I'll try to write the code for that.

@bjornfor Assertions added! Should work that way. 😄

Now also includes a proposal commit to only add external stuff to nsswitch.conf when nscd is enabled.

Identified @Mic92 as potential reviewer from the nsswitch.nix history. Maybe you could take a look, or recommend somebody else? 😃

Thanks.

@Mic92 Thanks for your time. 👍