diff options
author | sefidel <contact@sefidel.net> | 2024-08-15 00:35:22 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2024-08-15 00:35:22 +0900 |
commit | 54c09cf933f79725bd82f386612884127c236990 (patch) | |
tree | 3293ea48baa0e95f7f6ab374f32e0e7046fe2c6d /nixos | |
parent | ee9ea67756217c8c85f620f35574177586de18a8 (diff) | |
download | nixrc-54c09cf933f79725bd82f386612884127c236990.tar.gz nixrc-54c09cf933f79725bd82f386612884127c236990.zip |
feat(nixos/kanata): configure nscd hosts caching
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/kanata/configuration.nix | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix index 2f0894c..7c4e7b5 100644 --- a/nixos/kanata/configuration.nix +++ b/nixos/kanata/configuration.nix @@ -102,6 +102,46 @@ in enableIPv6 = true; }; + services.nscd = { + enable = true; + config = '' + # We basically use nscd as a proxy for forwarding nss requests to appropriate + # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory + # containing all such modules + # Note that we can not use `enable-cache no` As this will actually cause nscd + # to just reject the nss requests it receives, which then causes glibc to + # fallback to trying to handle the request by itself. Which won't work as glibc + # is not aware of the path in which the nss modules live. As a workaround, we + # have `enable-cache yes` with an explicit ttl of 0 + server-user nscd + + enable-cache passwd yes + positive-time-to-live passwd 0 + negative-time-to-live passwd 0 + shared passwd yes + + enable-cache group yes + positive-time-to-live group 0 + negative-time-to-live group 0 + shared group yes + + enable-cache netgroup yes + positive-time-to-live netgroup 0 + negative-time-to-live netgroup 0 + shared netgroup yes + + enable-cache hosts yes + positive-time-to-live hosts 3600 # Invidious spams DNS queries to PubSubHubBub + negative-time-to-live hosts 0 + shared hosts yes + + enable-cache services yes + positive-time-to-live services 0 + negative-time-to-live services 0 + shared services yes + ''; + }; + services.tailscale = { enable = true; useRoutingFeatures = "both"; |