nixos/ldap: move nss database configuration into ldap module

now that passwdArray and shadowArray aren't used anymore, these can be
folded.

nixos/modules/config/ldap.nix

@@ -244,6 +244,10 @@ in
       if cfg.daemon.enable then nss_pam_ldapd else nss_ldap
     );
 
+    system.nssDatabases.group = optional cfg.nsswitch "ldap";
+    system.nssDatabases.passwd = optional cfg.nsswitch "ldap";
+    system.nssDatabases.shadow = optional cfg.nsswitch "ldap";
+
     users = mkIf cfg.daemon.enable {
       groups.nslcd = {
         gid = config.ids.gids.nslcd;

nixos/modules/config/nsswitch.nix

@@ -11,7 +11,6 @@ let
   # XXX Move these to their respective modules
   nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
   nsswins = canLoadExternalModules && config.services.samba.nsswins;
-  ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
 
   hostArray = mkMerge [
     (mkBefore [ "files" ])
@@ -21,16 +20,6 @@ let
     (mkIf nssmdns (mkOrder 1501 [ "mdns" ])) # 1501 to ensure it's after dns
   ];
 
-  passwdArray = mkMerge [
-    (mkBefore [ "files" ])
-    (mkIf ldap [ "ldap" ])
-  ];
-
-  shadowArray = mkMerge [
-    (mkBefore [ "files" ])
-    (mkIf ldap [ "ldap" ])
-  ];
-
 in {
   options = {
 
@@ -145,9 +134,9 @@ in {
     '';
 
     system.nssDatabases = {
-      passwd = passwdArray;
-      group = passwdArray;
-      shadow = shadowArray;
+      passwd = mkBefore [ "files" ];
+      group = mkBefore [ "files" ];
+      shadow = mkBefore [ "files" ];
       hosts = hostArray;
       services = mkBefore [ "files" ];
     };