diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/ntp/chrony.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/ntp/chrony.nix | 52 |
1 files changed, 47 insertions, 5 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix b/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix index e6fa48daf46c..96c6444c23a1 100644 --- a/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix @@ -4,13 +4,14 @@ with lib; let cfg = config.services.chrony; + chronyPkg = cfg.package; - stateDir = "/var/lib/chrony"; + stateDir = cfg.directory; driftFile = "${stateDir}/chrony.drift"; keyFile = "${stateDir}/chrony.keys"; configFile = pkgs.writeText "chrony.conf" '' - ${concatMapStringsSep "\n" (server: "server " + server + " iburst") cfg.servers} + ${concatMapStringsSep "\n" (server: "server " + server + " " + cfg.serverOption + optionalString (cfg.enableNTS) " nts") cfg.servers} ${optionalString (cfg.initstepslew.enabled && (cfg.servers != [])) @@ -19,6 +20,7 @@ let driftfile ${driftFile} keyfile ${keyFile} + ${optionalString (cfg.enableNTS) "ntsdumpdir ${stateDir}"} ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} @@ -39,14 +41,48 @@ in ''; }; + package = mkOption { + type = types.package; + default = pkgs.chrony; + defaultText = "pkgs.chrony"; + description = '' + Which chrony package to use. + ''; + }; + servers = mkOption { default = config.networking.timeServers; + type = types.listOf types.str; description = '' The set of NTP servers from which to synchronise. ''; }; + serverOption = mkOption { + default = "iburst"; + type = types.enum [ "iburst" "offline" ]; + description = '' + Set option for server directives. + + Use "iburst" to rapidly poll on startup. Recommended if your machine + is consistently online. + + Use "offline" to prevent polling on startup. Recommended if your + machine boots offline or is otherwise frequently offline. + ''; + }; + + enableNTS = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable Network Time Security authentication. + Make sure it is supported by your selected NTP server(s). + ''; + }; + initstepslew = mkOption { + type = types.attrsOf (types.either types.bool types.int); default = { enabled = true; threshold = 1000; # by default, same threshold as 'ntpd -g' (1000s) @@ -58,6 +94,12 @@ in ''; }; + directory = mkOption { + type = types.str; + default = "/var/lib/chrony"; + description = "Directory where chrony state is stored."; + }; + extraConfig = mkOption { type = types.lines; default = ""; @@ -79,7 +121,7 @@ in config = mkIf cfg.enable { meta.maintainers = with lib.maintainers; [ thoughtpolice ]; - environment.systemPackages = [ pkgs.chrony ]; + environment.systemPackages = [ chronyPkg ]; users.groups.chrony.gid = config.ids.gids.chrony; @@ -109,12 +151,12 @@ in after = [ "network.target" ]; conflicts = [ "ntpd.service" "systemd-timesyncd.service" ]; - path = [ pkgs.chrony ]; + path = [ chronyPkg ]; unitConfig.ConditionCapability = "CAP_SYS_TIME"; serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}"; + ExecStart = "${chronyPkg}/bin/chronyd ${chronyFlags}"; ProtectHome = "yes"; ProtectSystem = "full"; |