From dfe20de78257fb24fdea011eb3a9b71eb000241d Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Mon, 23 Feb 2015 18:02:12 +0100
Subject: [PATCH] nixos: permit dnscrypt-proxy service to read basic user/group
 info

If nscd is not running, dnscrypt-proxy crashes without read access
to /etc/{password,group,nsswitch.conf}.
---
 nixos/modules/services/networking/dnscrypt-proxy.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix
index 5cc33f35adb2..78e240e49ba4 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy.nix
+++ b/nixos/modules/services/networking/dnscrypt-proxy.nix
@@ -104,6 +104,10 @@ in
           /dev/null rw,
           /dev/urandom r,
 
+          /etc/passwd r,
+          /etc/group r,
+          ${config.environment.etc."nsswitch.conf".source} r,
+
           ${pkgs.glibc}/lib/*.so mr,
           ${pkgs.tzdata}/share/zoneinfo/** r,