From 54c09cf933f79725bd82f386612884127c236990 Mon Sep 17 00:00:00 2001 From: sefidel Date: Thu, 15 Aug 2024 00:35:22 +0900 Subject: feat(nixos/kanata): configure nscd hosts caching --- nixos/kanata/configuration.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix index 2f0894c..7c4e7b5 100644 --- a/nixos/kanata/configuration.nix +++ b/nixos/kanata/configuration.nix @@ -102,6 +102,46 @@ in enableIPv6 = true; }; + services.nscd = { + enable = true; + config = '' + # We basically use nscd as a proxy for forwarding nss requests to appropriate + # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory + # containing all such modules + # Note that we can not use `enable-cache no` As this will actually cause nscd + # to just reject the nss requests it receives, which then causes glibc to + # fallback to trying to handle the request by itself. Which won't work as glibc + # is not aware of the path in which the nss modules live. As a workaround, we + # have `enable-cache yes` with an explicit ttl of 0 + server-user nscd + + enable-cache passwd yes + positive-time-to-live passwd 0 + negative-time-to-live passwd 0 + shared passwd yes + + enable-cache group yes + positive-time-to-live group 0 + negative-time-to-live group 0 + shared group yes + + enable-cache netgroup yes + positive-time-to-live netgroup 0 + negative-time-to-live netgroup 0 + shared netgroup yes + + enable-cache hosts yes + positive-time-to-live hosts 3600 # Invidious spams DNS queries to PubSubHubBub + negative-time-to-live hosts 0 + shared hosts yes + + enable-cache services yes + positive-time-to-live services 0 + negative-time-to-live services 0 + shared services yes + ''; + }; + services.tailscale = { enable = true; useRoutingFeatures = "both"; -- cgit 1.4.1