From 4b71b6f8fa5f7b06ea5d0dd37d44a73757c7f142 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 30 Apr 2020 17:51:13 +0200 Subject: [PATCH] nixos/google-oslogin: Move nsswitch config into the module Motivation: #86350 --- nixos/modules/config/nsswitch.nix | 5 +---- nixos/modules/security/google_oslogin.nix | 1 + 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index 0acd8900e7b1..77e47a350ecb 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -15,7 +15,6 @@ let nsswins = canLoadExternalModules && config.services.samba.nsswins; ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch); resolved = canLoadExternalModules && config.services.resolved.enable; - googleOsLogin = canLoadExternalModules && config.security.googleOsLogin.enable; hostArray = mkMerge [ (mkBefore [ "files" ]) @@ -32,7 +31,6 @@ let (mkBefore [ "files" ]) (mkIf ldap [ "ldap" ]) (mkIf mymachines [ "mymachines" ]) - (mkIf googleOsLogin [ "cache_oslogin oslogin" ]) (mkIf canLoadExternalModules (mkAfter [ "systemd" ])) ]; @@ -172,7 +170,6 @@ in { # configured IP addresses, or ::1 and 127.0.0.2 as # fallbacks. Systemd also provides nss-mymachines to return IP # addresses of local containers. - system.nssModules = (optionals canLoadExternalModules [ config.systemd.package.out ]) - ++ optional googleOsLogin pkgs.google-compute-engine-oslogin.out; + system.nssModules = (optionals canLoadExternalModules [ config.systemd.package.out ]); }; } diff --git a/nixos/modules/security/google_oslogin.nix b/nixos/modules/security/google_oslogin.nix index 6f9962e1d626..78c2089baeb9 100644 --- a/nixos/modules/security/google_oslogin.nix +++ b/nixos/modules/security/google_oslogin.nix @@ -49,6 +49,7 @@ in # enable the nss module, so user lookups etc. work system.nssModules = [ package ]; + system.nssDatabases.passwd = [ "cache_oslogin" "oslogin" ]; # Ugly: sshd refuses to start if a store path is given because /nix/store is group-writable. # So indirect by a symlink.