diff options
| author | Shea Levy <shea@shealevy.com> | 2015-01-30 01:07:59 -0500 |
|---|---|---|
| committer | Shea Levy <shea@shealevy.com> | 2015-01-30 01:07:59 -0500 |
| commit | 52d4b9d9824136a2d8f6b782c499bee23c1b651e (patch) | |
| tree | db13faef6c813c5832135324ac38d5cee1e46e41 /nixos | |
| parent | b35e0a09a89ff6ccd99a9c0acef14d9b8b7a9fd0 (diff) | |
| parent | 3fdd9250638b77ef46eb9860f655013907fe4842 (diff) | |
| download | nixlib-52d4b9d9824136a2d8f6b782c499bee23c1b651e.tar nixlib-52d4b9d9824136a2d8f6b782c499bee23c1b651e.tar.gz nixlib-52d4b9d9824136a2d8f6b782c499bee23c1b651e.tar.bz2 nixlib-52d4b9d9824136a2d8f6b782c499bee23c1b651e.tar.lz nixlib-52d4b9d9824136a2d8f6b782c499bee23c1b651e.tar.xz nixlib-52d4b9d9824136a2d8f6b782c499bee23c1b651e.tar.zst nixlib-52d4b9d9824136a2d8f6b782c499bee23c1b651e.zip | |
Merge branch 'tlsdate' of git://github.com/4z3/nixpkgs
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/tlsdated.nix | 110 |
2 files changed, 111 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index cf82e5035d9a..c8d5fcc4e6f6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -292,6 +292,7 @@ ./services/networking/tcpcrypt.nix ./services/networking/teamspeak3.nix ./services/networking/tftpd.nix + ./services/networking/tlsdated.nix ./services/networking/tox-bootstrapd.nix ./services/networking/unbound.nix ./services/networking/unifi.nix diff --git a/nixos/modules/services/networking/tlsdated.nix b/nixos/modules/services/networking/tlsdated.nix new file mode 100644 index 000000000000..f2d0c9f35c9c --- /dev/null +++ b/nixos/modules/services/networking/tlsdated.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + inherit (pkgs) coreutils tlsdate; + + cfg = config.services.tlsdated; +in + +{ + + ###### interface + + options = { + + services.tlsdated = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable tlsdated daemon. + ''; + }; + + extraOptions = mkOption { + type = types.string; + description = '' + Additional command line arguments to pass to tlsdated. + ''; + }; + + sources = mkOption { + type = types.listOf (types.submodule { + options = { + host = mkOption { + type = types.string; + description = '' + Remote hostname. + ''; + }; + port = mkOption { + type = types.int; + description = '' + Remote port. + ''; + }; + proxy = mkOption { + type = types.nullOr types.string; + default = null; + description = '' + The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed: + + http://127.0.0.1:8118 + socks4a://127.0.0.1:9050 + socks5://127.0.0.1:9050 + + The proxy support should not leak DNS requests and is suitable for use with Tor. + ''; + }; + }; + }); + default = [ + { + host = "www.ptb.de"; + port = 443; + proxy = null; + } + ]; + description = '' + You can list one or more sources to fetch time from. + ''; + }; + + }; + + }; + + ###### implementation + + config = mkIf cfg.enable { + + # Make tools such as tlsdate available in the system path + environment.systemPackages = [ tlsdate ]; + + systemd.services.tlsdated = { + description = "tlsdated daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # XXX because pkgs.tlsdate is compiled to run as nobody:nogroup, we + # hard-code base-path to /tmp and use PrivateTmp. + ExecStart = "${tlsdate}/bin/tlsdated -f ${pkgs.writeText "tlsdated.confg" '' + base-path /tmp + + ${concatMapStrings (src: '' + source + host ${src.host} + port ${toString src.port} + proxy ${if src.proxy == null then "none" else src.proxy} + end + '') cfg.sources} + ''} ${cfg.extraOptions}"; + PrivateTmp = "yes"; + }; + }; + + }; + +} |