diff options
author | Florian Klink <flokli@flokli.de> | 2021-07-17 19:41:45 +0200 |
---|---|---|
committer | Florian Klink <flokli@flokli.de> | 2021-07-17 23:55:35 +0200 |
commit | c1536f5c78ead2fdcb0ec11824d673638fa6a5f4 (patch) | |
tree | d3b81c2f2ce04c82955b708be690981460123425 /nixos/modules/config/nsswitch.nix | |
parent | b59c06dc92f8d03660eb4155754d93a6c34cda83 (diff) |
nixos/systemd: fix NSS database ordering
- The order of NSS (host) modules has been brought in line with upstream recommendations: - The `myhostname` module is placed before the `resolve` (optional) and `dns` entries, but after `file` (to allow overriding via `/etc/hosts` / `networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from hijacking `.localhost` domains) - The `mymachines` module, which provides hostname resolution for local containers (registered with `systemd-machined`) is placed to the front, to make sure its mappings are preferred over other resolvers. - If systemd-networkd is enabled, the `resolve` module is placed before `files` and `myhostname`, as it provides the same logic internally, with caching. - The `mdns(_minimal)` module has been updated to the new priorities. If you use your own NSS host modules, make sure to update your priorities according to these rules: - NSS modules which should be queried before `resolved` DNS resolution should use mkBefore. - NSS modules which should be queried after `resolved`, `files` and `myhostname`, but before `dns` should use the default priority - NSS modules which should come after `dns` should use mkAfter.
Diffstat (limited to 'nixos/modules/config/nsswitch.nix')
-rw-r--r-- | nixos/modules/config/nsswitch.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index d19d35a489062..91a36cef10e67 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -124,8 +124,8 @@ with lib; group = mkBefore [ "files" ]; shadow = mkBefore [ "files" ]; hosts = mkMerge [ - (mkBefore [ "files" ]) - (mkAfter [ "dns" ]) + (mkOrder 998 [ "files" ]) + (mkOrder 1499 [ "dns" ]) ]; services = mkBefore [ "files" ]; }; |