naftiko: 1.0.0-alpha2
info:
  label: systemd Varlink — UserDatabase
  description: |
    Self-contained Naftiko capability wrapping the io.systemd.UserDatabase Varlink interface, the
    pluggable NSS-replacement that returns systemd JSON UserRecord/GroupRecord documents from
    nss-systemd, homed, machined, and userdbd backends.
  tags:
  - Identity
  - IPC
  - User Records
  - Varlink
  created: '2026-05-23'
  modified: '2026-05-23'
binds:
- namespace: env
  keys:
    SYSTEMD_VARLINK_SOCKET: SYSTEMD_VARLINK_SOCKET
capability:
  consumes:
  - type: varlink
    namespace: io.systemd.UserDatabase
    socket: /run/systemd/userdb/io.systemd.UserDatabase
    description: User/group lookup via Varlink.
    resources:
    - name: identity
      operations:
      - { name: GetUserRecord, method: io.systemd.UserDatabase.GetUserRecord, description: Resolve a user record by name/uid. }
      - { name: GetGroupRecord, method: io.systemd.UserDatabase.GetGroupRecord, description: Resolve a group record by name/gid. }
      - { name: GetMemberships, method: io.systemd.UserDatabase.GetMemberships, description: Enumerate group memberships for a user or group. }