Skip to content

Commit

Permalink
nsswitch: only add modules to nsswitch.conf if they can be loaded
Browse files Browse the repository at this point in the history
  • Loading branch information
@florianjacob
florianjacob committed Jun 30, 2017
1 parent 7410b0c commit e370e97
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions nixos/modules/config/nsswitch.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,26 +6,29 @@ with lib;

let

inherit (config.services.avahi) nssmdns;
inherit (config.services.samba) nsswins;
ldap = (config.users.ldap.enable && config.users.ldap.nsswitch);
sssd = config.services.sssd.enable;
resolved = config.services.resolved.enable;
# only with nscd up and running we can load NSS modules that are not integrated in NSS
canLoadExternalModules = config.services.nscd.enable;

hostArray = [ "files" "mymachines" ]
myhostname = canLoadExternalModules;
mymachines = canLoadExternalModules;
nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
nsswins = canLoadExternalModules && config.services.samba.nsswins;
ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
sssd = canLoadExternalModules && config.services.sssd.enable;
resolved = canLoadExternalModules && config.services.resolved.enable;

hostArray = [ "files" ]
++ optionals mymachines [ "mymachines" ]
++ optionals nssmdns [ "mdns_minimal [!UNAVAIL=return]" ]
++ optionals nsswins [ "wins" ]
++ optionals resolved ["resolve [!UNAVAIL=return]"]
++ [ "dns" ]
++ optionals nssmdns [ "mdns" ]
++ ["myhostname" ];
++ optionals myhostname ["myhostname" ];

passwdArray = [ "files" ]
++ optional sssd "sss"
++ optionals ldap [ "ldap" ]
++ [ "mymachines" ];
++ optionals mymachines [ "mymachines" ];

shadowArray = [ "files" ]
++ optional sssd "sss"
Expand Down

0 comments on commit e370e97

Please sign in to comment.