From 29f46422844b8f18f4905fc3f730abe0b5b494da Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Mon, 1 Sep 2014 15:14:00 +0200
Subject: [PATCH] nixos: Add new service for OpenNTPd.

This conflicts with the existing reference NTP daemon, so we're using
services.ntp.enable = mkForce false here to make sure both services
aren't enabled in par.

I was already trying to merge the module with services.ntp, but it would
have been quite a mess with a bunch of conditions on the package name.
They both have a bit in common if it comes to the configuration files,
but differ in handling of the state dir (for example, OpenNTPd doesn't
allow it to be owned by anything other than root).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 nixos/modules/module-list.nix                 |  1 +
 .../modules/services/networking/openntpd.nix  | 49 +++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 nixos/modules/services/networking/openntpd.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index a2862a6d609..045eb469de9 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -231,6 +231,7 @@
   ./services/networking/ntpd.nix
   ./services/networking/oidentd.nix
   ./services/networking/openfire.nix
+  ./services/networking/openntpd.nix
   ./services/networking/openvpn.nix
   ./services/networking/polipo.nix
   ./services/networking/prayer.nix
diff --git a/nixos/modules/services/networking/openntpd.nix b/nixos/modules/services/networking/openntpd.nix
new file mode 100644
index 00000000000..bd8a7a04a2a
--- /dev/null
+++ b/nixos/modules/services/networking/openntpd.nix
@@ -0,0 +1,49 @@
+{ pkgs, lib, config, options, ... }:
+
+with lib;
+
+let
+  cfg = config.services.openntpd;
+
+  package = pkgs.openntpd.override {
+    privsepUser = "ntp";
+    privsepPath = "/var/empty";
+  };
+
+  cfgFile = pkgs.writeText "openntpd.conf" ''
+    ${concatStringsSep "\n" (map (s: "server ${s}") cfg.servers)}
+  '';
+in
+{
+  ###### interface
+
+  options.services.openntpd = {
+    enable = mkEnableOption "OpenNTP time synchronization server";
+
+    servers = mkOption {
+      default = config.services.ntp.servers;
+      type = types.listOf types.str;
+      inherit (options.services.ntp.servers) description;
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    services.ntp.enable = mkForce false;
+
+    users.extraUsers = singleton {
+      name = "ntp";
+      uid = config.ids.uids.ntp;
+      description = "OpenNTP daemon user";
+      home = "/var/empty";
+    };
+
+    systemd.services.openntpd = {
+      description = "OpenNTP Server";
+      wantedBy = [ "ip-up.target" ];
+      partOf = [ "ip-up.target" ];
+      serviceConfig.ExecStart = "${package}/sbin/ntpd -d -f ${cfgFile}";
+    };
+  };
+}