diff options
| author | goibhniu <cillian.deroiste@gmail.com> | 2015-11-26 13:22:33 +0100 |
|---|---|---|
| committer | goibhniu <cillian.deroiste@gmail.com> | 2015-11-26 13:22:33 +0100 |
| commit | cc63832981c2c56abee917e5fa6dd8a0d8434729 (patch) | |
| tree | b03482d9a57e9bc72696d087b772cb9d50e121a7 /nixos | |
| parent | f8b0b8a6345306d51e90e583bd0e79331c7f54f0 (diff) | |
| parent | d89f269b26b9e98beb6f1ce9dfa7fab659d61ce7 (diff) | |
| download | nixlib-cc63832981c2c56abee917e5fa6dd8a0d8434729.tar nixlib-cc63832981c2c56abee917e5fa6dd8a0d8434729.tar.gz nixlib-cc63832981c2c56abee917e5fa6dd8a0d8434729.tar.bz2 nixlib-cc63832981c2c56abee917e5fa6dd8a0d8434729.tar.lz nixlib-cc63832981c2c56abee917e5fa6dd8a0d8434729.tar.xz nixlib-cc63832981c2c56abee917e5fa6dd8a0d8434729.tar.zst nixlib-cc63832981c2c56abee917e5fa6dd8a0d8434729.zip | |
Merge pull request #8758 from fpletz/package/chrony
chrony: 2.1.1 -> 2.2 & service improvements
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/chrony.nix | 69 |
2 files changed, 41 insertions, 30 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index c9810b6fccb1..2b40120641a0 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -305,7 +305,7 @@ nslcd = 58; scanner = 59; nginx = 60; - #chrony = 61; # unused + chrony = 61; systemd-journal = 62; smtpd = 63; smtpq = 64; diff --git a/nixos/modules/services/networking/chrony.nix b/nixos/modules/services/networking/chrony.nix index fe062b30e4b7..1cd678e7c621 100644 --- a/nixos/modules/services/networking/chrony.nix +++ b/nixos/modules/services/networking/chrony.nix @@ -8,26 +8,10 @@ let stateDir = "/var/lib/chrony"; - chronyUser = "chrony"; + keyFile = "/etc/chrony.keys"; cfg = config.services.chrony; - configFile = pkgs.writeText "chrony.conf" '' - ${toString (map (server: "server " + server + "\n") cfg.servers)} - - ${optionalString cfg.initstepslew.enabled '' - initstepslew ${toString cfg.initstepslew.threshold} ${toString (map (server: server + " ") cfg.initstepslew.servers)} - ''} - - driftfile ${stateDir}/chrony.drift - - ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} - - ${cfg.extraConfig} - ''; - - chronyFlags = "-m -f ${configFile} -u ${chronyUser}"; - in { @@ -47,12 +31,7 @@ in }; servers = mkOption { - default = [ - "0.nixos.pool.ntp.org" - "1.nixos.pool.ntp.org" - "2.nixos.pool.ntp.org" - "3.nixos.pool.ntp.org" - ]; + default = config.services.ntp.servers; description = '' The set of NTP servers from which to synchronise. ''; @@ -90,28 +69,60 @@ in # Make chronyc available in the system path environment.systemPackages = [ pkgs.chrony ]; + environment.etc."chrony.conf".text = + '' + ${concatMapStringsSep "\n" (server: "server " + server) cfg.servers} + + ${optionalString + cfg.initstepslew.enabled + "initstepslew ${toString cfg.initstepslew.threshold} ${concatStringsSep " " cfg.initstepslew.servers}" + } + + driftfile ${stateDir}/chrony.drift + + keyfile ${keyFile} + generatecommandkey + + ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} + + ${cfg.extraConfig} + ''; + + users.extraGroups = singleton + { name = "chrony"; + gid = config.ids.gids.chrony; + }; + users.extraUsers = singleton - { name = chronyUser; + { name = "chrony"; uid = config.ids.uids.chrony; + group = "chrony"; description = "chrony daemon user"; home = stateDir; }; - jobs.chronyd = - { description = "chrony daemon"; + systemd.services.ntpd.enable = false; + + systemd.services.chronyd = + { description = "chrony NTP daemon"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; + conflicts = [ "ntpd.service" "systemd-timesyncd.service" ]; - path = [ chrony ]; + path = [ pkgs.chrony ]; preStart = '' mkdir -m 0755 -p ${stateDir} - chown ${chronyUser} ${stateDir} + touch ${keyFile} + chmod 0640 ${keyFile} + chown chrony:chrony ${stateDir} ${keyFile} ''; - exec = "chronyd -n ${chronyFlags}"; + serviceConfig = + { ExecStart = "${pkgs.chrony}/bin/chronyd -n -m -u chrony"; + }; }; }; |