From a335722afdbe76bee300359d20ae08e1ab5dcc6a Mon Sep 17 00:00:00 2001
From: Lu Wang <rebmit@rebmit.moe>
Date: Mon, 30 Dec 2024 02:27:37 +0800
Subject: [PATCH] services/nscd: use tmpfiles for proper lifetime guarantees

---
 nixos/profiles/services/nscd/default.nix | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/nixos/profiles/services/nscd/default.nix b/nixos/profiles/services/nscd/default.nix
index 0b51d9c..938bf5b 100644
--- a/nixos/profiles/services/nscd/default.nix
+++ b/nixos/profiles/services/nscd/default.nix
@@ -1,4 +1,9 @@
-{ lib, mylib, ... }:
+{
+  config,
+  lib,
+  mylib,
+  ...
+}:
 {
   services.nscd = {
     enable = true;
@@ -6,7 +11,15 @@
   };
 
   systemd.services.nscd.serviceConfig = mylib.misc.serviceHardened // {
-    RuntimeDirectoryPreserve = true;
+    RuntimeDirectory = lib.mkForce "";
     ProtectHome = lib.mkForce true;
   };
+
+  systemd.tmpfiles.settings."20-nscd" = {
+    "/run/nscd".d = {
+      mode = "0755";
+      user = config.services.nscd.user;
+      group = config.services.nscd.group;
+    };
+  };
 }