nixos/nscd: use nsncd by default (fbfe2907) · Commits · nix / nixpkgs

nixos/doc/manual/from_md/release-notes/rl-2305.section.xml

+10 −0

Original line number	Diff line number	Diff line
		@@ -527,6 +527,16 @@
		will no longer render properly or cause errors.
		</para>
		</listitem>
		<listitem>
		<para>
		NixOS now defaults to using nsncd (a non-caching
		reimplementation in Rust) as NSS lookup dispatcher, instead of
		the buggy and deprecated glibc-provided nscd. If you need to
		switch back, set
		<literal>services.nscd.enableNsncd = false</literal>, but
		please open an issue in nixpkgs so your issue can be fixed.
		</para>
		</listitem>
		<listitem>
		<para>
		The <literal>dnsmasq</literal> service now takes configuration

+2 −0

Original line number	Diff line number	Diff line
		@@ -130,6 +130,8 @@ In addition to numerous new and upgraded packages, this release has the followin

		DocBook option documentation support will be removed in the next release and CommonMark will become the default. DocBook option documentation that has not been migrated until then will no longer render properly or cause errors.

		- NixOS now defaults to using nsncd (a non-caching reimplementation in Rust) as NSS lookup dispatcher, instead of the buggy and deprecated glibc-provided nscd. If you need to switch back, set `services.nscd.enableNsncd = false`, but please open an issue in nixpkgs so your issue can be fixed.

		- The `dnsmasq` service now takes configuration via the
		`services.dnsmasq.settings` attribute set. The option
		`services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches

+7 −3

Original line number	Diff line number	Diff line
		@@ -29,10 +29,11 @@ in

		enableNsncd = mkOption {
		type = types.bool;
		default = false;
		default = true;
		description = lib.mdDoc ''
		Whether to use nsncd instead of nscd.
		Whether to use nsncd instead of nscd from glibc.
		This is a nscd-compatible daemon, that proxies lookups, without any caching.
		Using nscd from glibc is discouraged.
		'';
		};

		@@ -55,7 +56,10 @@ in
		config = mkOption {
		type = types.lines;
		default = builtins.readFile ./nscd.conf;
		description = lib.mdDoc "Configuration to use for Name Service Cache Daemon.";
		description = lib.mdDoc ''
		Configuration to use for Name Service Cache Daemon.
		Only used in case glibc-nscd is used.
		'';
		};

		package = mkOption {

+12 −11

Original line number	Diff line number	Diff line
		@@ -40,12 +40,13 @@ in
		};

		specialisation = {
		withGlibcNscd.configuration = { ... }: {
		services.nscd.enableNsncd = false;
		};
		withUnscd.configuration = { ... }: {
		services.nscd.enableNsncd = false;
		services.nscd.package = pkgs.unscd;
		};
		withNsncd.configuration = { ... }: {
		services.nscd.enableNsncd = true;
		};
		};
		};

		@@ -118,6 +119,14 @@ in
		test_host_lookups()
		test_nss_myhostname()

		with subtest("glibc-nscd"):
		machine.succeed('${specialisations}/withGlibcNscd/bin/switch-to-configuration test')
		machine.wait_for_unit("default.target")

		test_dynamic_user()
		test_host_lookups()
		test_nss_myhostname()

		with subtest("unscd"):
		machine.succeed('${specialisations}/withUnscd/bin/switch-to-configuration test')
		machine.wait_for_unit("default.target")
		@@ -129,13 +138,5 @@ in

		# known to fail, unscd doesn't load external NSS modules
		# test_nss_myhostname()

		with subtest("nsncd"):
		machine.succeed('${specialisations}/withNsncd/bin/switch-to-configuration test')
		machine.wait_for_unit("default.target")

		test_dynamic_user()
		test_host_lookups()
		test_nss_myhostname()
		'';
		})