Merge pull request #196917 from flokli/nsncd
nixos/nscd: add option to use nsncd, init nsncd
This commit is contained in:
commit
690ccd9c4a
|
@ -27,6 +27,15 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
enableNsncd = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Whether to use nsncd instead of nscd.
|
||||
This is a nscd-compatible daemon, that proxies lookups, without any caching.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "nscd";
|
||||
|
@ -51,7 +60,8 @@ in
|
|||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = if pkgs.stdenv.hostPlatform.libc == "glibc"
|
||||
default =
|
||||
if pkgs.stdenv.hostPlatform.libc == "glibc"
|
||||
then pkgs.stdenv.cc.libc.bin
|
||||
else pkgs.glibc.bin;
|
||||
defaultText = lib.literalExpression ''
|
||||
|
@ -59,7 +69,10 @@ in
|
|||
then pkgs.stdenv.cc.libc.bin
|
||||
else pkgs.glibc.bin;
|
||||
'';
|
||||
description = lib.mdDoc "package containing the nscd binary to be used by the service";
|
||||
description = lib.mdDoc ''
|
||||
package containing the nscd binary to be used by the service.
|
||||
Ignored when enableNsncd is set to true.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -77,10 +90,12 @@ in
|
|||
group = cfg.group;
|
||||
};
|
||||
|
||||
users.groups.${cfg.group} = {};
|
||||
users.groups.${cfg.group} = { };
|
||||
|
||||
systemd.services.nscd =
|
||||
{ description = "Name Service Cache Daemon";
|
||||
{
|
||||
description = "Name Service Cache Daemon"
|
||||
+ lib.optionalString cfg.enableNsncd " (nsncd)";
|
||||
|
||||
before = [ "nss-lookup.target" "nss-user-lookup.target" ];
|
||||
wants = [ "nss-lookup.target" "nss-user-lookup.target" ];
|
||||
|
@ -89,14 +104,14 @@ in
|
|||
|
||||
environment = { LD_LIBRARY_PATH = nssModulesPath; };
|
||||
|
||||
restartTriggers = [
|
||||
restartTriggers = lib.optionals (!cfg.enableNsncd) ([
|
||||
config.environment.etc.hosts.source
|
||||
config.environment.etc."nsswitch.conf".source
|
||||
config.environment.etc."nscd.conf".source
|
||||
] ++ optionals config.users.mysql.enable [
|
||||
config.environment.etc."libnss-mysql.cfg".source
|
||||
config.environment.etc."libnss-mysql-root.cfg".source
|
||||
];
|
||||
]);
|
||||
|
||||
# In some configurations, nscd needs to be started as root; it will
|
||||
# drop privileges after all the NSS modules have read their
|
||||
|
@ -106,8 +121,11 @@ in
|
|||
# sill want to read their configuration files after the privilege drop
|
||||
# and so users can set the owner of those files to the nscd user.
|
||||
serviceConfig =
|
||||
{ ExecStart = "!@${cfg.package}/bin/nscd nscd";
|
||||
Type = "forking";
|
||||
{
|
||||
ExecStart =
|
||||
if cfg.enableNsncd then "${pkgs.nsncd}/bin/nsncd"
|
||||
else "!@${cfg.package}/bin/nscd nscd";
|
||||
Type = if cfg.enableNsncd then "notify" else "forking";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
RemoveIPC = true;
|
||||
|
@ -120,12 +138,12 @@ in
|
|||
PIDFile = "/run/nscd/nscd.pid";
|
||||
Restart = "always";
|
||||
ExecReload =
|
||||
[ "${cfg.package}/bin/nscd --invalidate passwd"
|
||||
lib.optionals (!cfg.enableNsncd) [
|
||||
"${cfg.package}/bin/nscd --invalidate passwd"
|
||||
"${cfg.package}/bin/nscd --invalidate group"
|
||||
"${cfg.package}/bin/nscd --invalidate hosts"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -21,10 +21,31 @@ in
|
|||
192.0.2.1 somehost.test
|
||||
'';
|
||||
|
||||
systemd.services.sockdump = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [
|
||||
# necessary for bcc to unpack kernel headers and invoke modprobe
|
||||
pkgs.gnutar
|
||||
pkgs.xz.bin
|
||||
pkgs.kmod
|
||||
];
|
||||
environment.PYTHONUNBUFFERED = "1";
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.sockdump}/bin/sockdump /var/run/nscd/socket";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "1";
|
||||
Type = "simple";
|
||||
};
|
||||
};
|
||||
|
||||
specialisation = {
|
||||
withUnscd.configuration = { ... }: {
|
||||
services.nscd.package = pkgs.unscd;
|
||||
};
|
||||
withNsncd.configuration = { ... }: {
|
||||
services.nscd.enableNsncd = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -40,9 +61,10 @@ in
|
|||
"systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami"
|
||||
)
|
||||
|
||||
# Test resolution of somehost.test with getent', to make sure we go via nscd
|
||||
# Test resolution of somehost.test with getent', to make sure we go via
|
||||
# nscd protocol
|
||||
def test_host_lookups():
|
||||
with subtest("host lookups via nscd"):
|
||||
with subtest("host lookups via nscd protocol"):
|
||||
# ahosts
|
||||
output = machine.succeed("${getent'} ahosts somehost.test")
|
||||
assert "192.0.2.1" in output
|
||||
|
@ -62,6 +84,7 @@ in
|
|||
assert "somehost.test" in machine.succeed("${getent'} hosts 2001:db8::1")
|
||||
assert "somehost.test" in machine.succeed("${getent'} hosts 192.0.2.1")
|
||||
|
||||
|
||||
# Test host resolution via nss modules works
|
||||
# We rely on nss-myhostname in this case, which resolves *.localhost and
|
||||
# _gateway.
|
||||
|
@ -87,6 +110,9 @@ in
|
|||
start_all()
|
||||
machine.wait_for_unit("default.target")
|
||||
|
||||
# give sockdump some time to finish attaching.
|
||||
machine.sleep(5)
|
||||
|
||||
# Test all tests with glibc-nscd.
|
||||
test_dynamic_user()
|
||||
test_host_lookups()
|
||||
|
@ -103,5 +129,13 @@ in
|
|||
|
||||
# known to fail, unscd doesn't load external NSS modules
|
||||
# test_nss_myhostname()
|
||||
|
||||
with subtest("nsncd"):
|
||||
machine.succeed('${specialisations}/withNsncd/bin/switch-to-configuration test')
|
||||
machine.wait_for_unit("default.target")
|
||||
|
||||
test_dynamic_user()
|
||||
test_host_lookups()
|
||||
test_nss_myhostname()
|
||||
'';
|
||||
})
|
||||
|
|
30
pkgs/os-specific/linux/nsncd/default.nix
Normal file
30
pkgs/os-specific/linux/nsncd/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, rustPlatform
|
||||
, nix-gitignore
|
||||
}:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "nsncd";
|
||||
version = "unstable-2021-10-20";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nix-community";
|
||||
repo = "nsncd";
|
||||
rev = "b9425070bb308565a6e4dc5aefd568952a07a4ed";
|
||||
hash = "sha256-ZjInzPJo+PWAM2gAKhlasLXiqo+2Df4DIXpNwtqQVc8=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-hxdI+HHB0PB/zDMI21Pg5Xr9mTDn4T+OcAAenUox4bs=";
|
||||
|
||||
meta = with lib; {
|
||||
description = "the name service non-caching daemon";
|
||||
longDescription = ''
|
||||
nsncd is a nscd-compatible daemon that proxies lookups, without caching.
|
||||
'';
|
||||
homepage = "https://github.com/twosigma/nsncd";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ flokli ninjatrappeur ];
|
||||
};
|
||||
}
|
|
@ -36653,6 +36653,8 @@ with pkgs;
|
|||
|
||||
nhentai = callPackage ../applications/misc/nhentai { };
|
||||
|
||||
nsncd = callPackage ../os-specific/linux/nsncd { };
|
||||
|
||||
nvd = callPackage ../tools/package-management/nvd { };
|
||||
|
||||
solfege = python3Packages.callPackage ../misc/solfege { };
|
||||
|
|
Loading…
Reference in a new issue