mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Code Issues Wiki Activity
nixpkgs/nixos/modules/services/system/nscd.nix
Jamey Sharp de251704d6 nixos/nscd: run with a dynamic user 
nscd doesn't create any files outside of /run/nscd unless the nscd.conf
"persistent" option is used, which we don't do by default. Therefore it
doesn't matter what UID/GID we run this service as, so long as it isn't
shared with any other running processes.

/run/nscd does need to be owned by the same UID that the service is
running as, but systemd takes care of that for us thanks to the
RuntimeDirectory directive.

If someone wants to turn on the "persistent" option, they need to
manually configure users.users.nscd and systemd.tmpfiles.rules so that
/var/db/nscd is owned by the same user that nscd runs as.

In an all-defaults boot.isContainer configuration of NixOS, this removes
the only user which did not have a pre-assigned UID.
2019-07-03 13:27:29 -07:00

73 lines
1.6 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
nssModulesPath = config.system.nssModules.path;
cfg = config.services.nscd;
in
{
###### interface
options = {
services.nscd = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable the Name Service Cache Daemon.";
};
config = mkOption {
type = types.lines;
default = builtins.readFile ./nscd.conf;
description = "Configuration to use for Name Service Cache Daemon.";
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.etc."nscd.conf".text = cfg.config;
systemd.services.nscd =
{ description = "Name Service Cache Daemon";
wantedBy = [ "nss-lookup.target" "nss-user-lookup.target" ];
environment = { LD_LIBRARY_PATH = nssModulesPath; };
restartTriggers = [
config.environment.etc.hosts.source
config.environment.etc."nsswitch.conf".source
config.environment.etc."nscd.conf".source
];
serviceConfig =
{ ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd";
Type = "forking";
User = "nscd";
DynamicUser = true;
RuntimeDirectory = "nscd";
PIDFile = "/run/nscd/nscd.pid";
Restart = "always";
ExecReload =
[ "${pkgs.glibc.bin}/sbin/nscd --invalidate passwd"
"${pkgs.glibc.bin}/sbin/nscd --invalidate group"
"${pkgs.glibc.bin}/sbin/nscd --invalidate hosts"
];
};
};
};
}
View git blame Copy permalink