nixos-config/nixos/profiles/services/nscd/default.nix

{
  config,
  lib,
  mylib,
  ...
}:
{
  services.nscd = {
    enable = true;
    enableNsncd = true;
  };

  systemd.services.nscd.serviceConfig = mylib.misc.serviceHardened // {
    RuntimeDirectory = lib.mkForce "";
    ProtectHome = lib.mkForce true;
  };

  systemd.tmpfiles.settings."20-nscd" = {
    "/run/nscd".d = {
      mode = "0755";
      user = config.services.nscd.user;
      group = config.services.nscd.group;
    };
  };
}
services/nscd: use tmpfiles for proper lifetime guarantees 2024-12-30 02:27:37 +08:00			`{`
			`config,`
			`lib,`
			`mylib,`
			`...`
			`}:`
services/nscd: preserve `/run/nscd` for bind mounts and hardening nsncd 2024-12-25 18:30:53 +08:00			`{`
			`services.nscd = {`
			`enable = true;`
			`enableNsncd = true;`
			`};`

			`systemd.services.nscd.serviceConfig = mylib.misc.serviceHardened // {`
services/nscd: use tmpfiles for proper lifetime guarantees 2024-12-30 02:27:37 +08:00			`RuntimeDirectory = lib.mkForce "";`
services/nscd: preserve `/run/nscd` for bind mounts and hardening nsncd 2024-12-25 18:30:53 +08:00			`ProtectHome = lib.mkForce true;`
			`};`
services/nscd: use tmpfiles for proper lifetime guarantees 2024-12-30 02:27:37 +08:00
			`systemd.tmpfiles.settings."20-nscd" = {`
			`"/run/nscd".d = {`
			`mode = "0755";`
			`user = config.services.nscd.user;`
			`group = config.services.nscd.group;`
			`};`
			`};`
services/nscd: preserve `/run/nscd` for bind mounts and hardening nsncd 2024-12-25 18:30:53 +08:00			`}`