about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2024-08-15 00:35:22 +0900
committersefidel <contact@sefidel.net>2024-08-15 00:35:22 +0900
commit54c09cf933f79725bd82f386612884127c236990 (patch)
tree3293ea48baa0e95f7f6ab374f32e0e7046fe2c6d
parentee9ea67756217c8c85f620f35574177586de18a8 (diff)
downloadnixrc-54c09cf933f79725bd82f386612884127c236990.tar.gz
nixrc-54c09cf933f79725bd82f386612884127c236990.zip
feat(nixos/kanata): configure nscd hosts caching
Diffstat
-rw-r--r--nixos/kanata/configuration.nix40


1 files changed, 40 insertions, 0 deletions
diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix
index 2f0894c..7c4e7b5 100644
--- a/nixos/kanata/configuration.nix
+++ b/nixos/kanata/configuration.nix
@@ -102,6 +102,46 @@ in
     enableIPv6 = true;
   };
 
+  services.nscd = {
+    enable = true;
+    config = ''
+      # We basically use nscd as a proxy for forwarding nss requests to appropriate
+      # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory
+      # containing all such modules
+      # Note that we can not use `enable-cache no` As this will actually cause nscd
+      # to just reject the nss requests it receives, which then causes glibc to
+      # fallback to trying to handle the request by itself. Which won't work as glibc
+      # is not aware of the path in which the nss modules live.  As a workaround, we
+      # have `enable-cache yes` with an explicit ttl of 0
+      server-user             nscd
+
+      enable-cache            passwd          yes
+      positive-time-to-live   passwd          0
+      negative-time-to-live   passwd          0
+      shared                  passwd          yes
+
+      enable-cache            group           yes
+      positive-time-to-live   group           0
+      negative-time-to-live   group           0
+      shared                  group           yes
+
+      enable-cache            netgroup        yes
+      positive-time-to-live   netgroup        0
+      negative-time-to-live   netgroup        0
+      shared                  netgroup        yes
+
+      enable-cache            hosts           yes
+      positive-time-to-live   hosts           3600 # Invidious spams DNS queries to PubSubHubBub
+      negative-time-to-live   hosts           0
+      shared                  hosts           yes
+
+      enable-cache            services        yes
+      positive-time-to-live   services        0
+      negative-time-to-live   services        0
+      shared                  services        yes
+    '';
+  };
+
   services.tailscale = {
     enable = true;
     useRoutingFeatures = "both";

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 07:18:54 +0000