From 7426bec45ef03c55bfc5bb27cdc60d6163aeed04 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 5 May 2020 13:41:12 +0200 Subject: [PATCH] nixos/systemd/resolved: add resolve to nss hosts database if enabled We keep the "only add the nss module if nscd is enabled" logic for now. The assertion never was triggered, so it can be removed. --- nixos/modules/config/nsswitch.nix | 7 ------- nixos/modules/system/boot/resolved.nix | 4 ++++ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index 77e47a350ecb..b191e6feb0aa 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -14,14 +14,12 @@ let nssmdns = canLoadExternalModules && config.services.avahi.nssmdns; nsswins = canLoadExternalModules && config.services.samba.nsswins; ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch); - resolved = canLoadExternalModules && config.services.resolved.enable; hostArray = mkMerge [ (mkBefore [ "files" ]) (mkIf mymachines [ "mymachines" ]) (mkIf nssmdns [ "mdns_minimal [NOTFOUND=return]" ]) (mkIf nsswins [ "wins" ]) - (mkIf resolved [ "resolve [!UNAVAIL=return]" ]) (mkAfter [ "dns" ]) (mkIf nssmdns (mkOrder 1501 [ "mdns" ])) # 1501 to ensure it's after dns (mkIf myhostname (mkOrder 1600 [ "myhostname" ])) # 1600 to ensure it's always the last @@ -134,11 +132,6 @@ in { assertion = config.system.nssModules.path != "" -> canLoadExternalModules; message = "Loading NSS modules from path ${config.system.nssModules.path} requires nscd being enabled."; } - { - # resolved does not need to add to nssModules, therefore needs an extra assertion - assertion = resolved -> canLoadExternalModules; - message = "Loading systemd-resolved's nss-resolve NSS module requires nscd being enabled."; - } ]; # Name Service Switch configuration file. Required by the C diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index da61c64faf8b..b7aaef575ac1 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -138,6 +138,10 @@ in users.users.resolved.group = "systemd-resolve"; + # add resolve to nss hosts database if enabled and nscd enabled + # system.nssModules is configured in nixos/modules/system/boot/systemd.nix + system.nssDatabases.hosts = optional config.services.nscd.enable "resolve [!UNAVAIL=return]"; + systemd.additionalUpstreamSystemUnits = [ "systemd-resolved.service" ];