mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-27 17:33:09 +00:00
nixos/systemd/resolved: add resolve to nss hosts database if enabled
We keep the "only add the nss module if nscd is enabled" logic for now. The assertion never was triggered, so it can be removed.
This commit is contained in:
parent
499b5feac9
commit
7426bec45e
@ -14,14 +14,12 @@ let
|
||||
nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
|
||||
nsswins = canLoadExternalModules && config.services.samba.nsswins;
|
||||
ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
|
||||
resolved = canLoadExternalModules && config.services.resolved.enable;
|
||||
|
||||
hostArray = mkMerge [
|
||||
(mkBefore [ "files" ])
|
||||
(mkIf mymachines [ "mymachines" ])
|
||||
(mkIf nssmdns [ "mdns_minimal [NOTFOUND=return]" ])
|
||||
(mkIf nsswins [ "wins" ])
|
||||
(mkIf resolved [ "resolve [!UNAVAIL=return]" ])
|
||||
(mkAfter [ "dns" ])
|
||||
(mkIf nssmdns (mkOrder 1501 [ "mdns" ])) # 1501 to ensure it's after dns
|
||||
(mkIf myhostname (mkOrder 1600 [ "myhostname" ])) # 1600 to ensure it's always the last
|
||||
@ -134,11 +132,6 @@ in {
|
||||
assertion = config.system.nssModules.path != "" -> canLoadExternalModules;
|
||||
message = "Loading NSS modules from path ${config.system.nssModules.path} requires nscd being enabled.";
|
||||
}
|
||||
{
|
||||
# resolved does not need to add to nssModules, therefore needs an extra assertion
|
||||
assertion = resolved -> canLoadExternalModules;
|
||||
message = "Loading systemd-resolved's nss-resolve NSS module requires nscd being enabled.";
|
||||
}
|
||||
];
|
||||
|
||||
# Name Service Switch configuration file. Required by the C
|
||||
|
@ -138,6 +138,10 @@ in
|
||||
|
||||
users.users.resolved.group = "systemd-resolve";
|
||||
|
||||
# add resolve to nss hosts database if enabled and nscd enabled
|
||||
# system.nssModules is configured in nixos/modules/system/boot/systemd.nix
|
||||
system.nssDatabases.hosts = optional config.services.nscd.enable "resolve [!UNAVAIL=return]";
|
||||
|
||||
systemd.additionalUpstreamSystemUnits = [
|
||||
"systemd-resolved.service"
|
||||
];
|
||||
|
Loading…
Reference in New Issue
Block a user