diff --git a/modules/config/system-path.nix b/modules/config/system-path.nix index 8c36015718c..6e73118fe08 100644 --- a/modules/config/system-path.nix +++ b/modules/config/system-path.nix @@ -41,7 +41,6 @@ let pkgs.nano pkgs.ncurses pkgs.netcat - pkgs.ntp pkgs.openssh pkgs.pciutils pkgs.perl diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index fd76dfc47a1..8a23148b028 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -75,6 +75,7 @@ in spamd = 56; nslcd = 58; nginx = 60; + chrony = 61; # When adding a uid, make sure it doesn't match an existing gid. diff --git a/modules/module-list.nix b/modules/module-list.nix index 476983b3304..7739f2df6f6 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -126,6 +126,7 @@ ./services/networking/bind.nix ./services/networking/bitlbee.nix ./services/networking/cntlm.nix + ./services/networking/chrony.nix ./services/networking/ddclient.nix #./services/networking/dhclient.nix ./services/networking/dhcpcd.nix diff --git a/modules/services/networking/chrony.nix b/modules/services/networking/chrony.nix new file mode 100644 index 00000000000..5e9818858e0 --- /dev/null +++ b/modules/services/networking/chrony.nix @@ -0,0 +1,118 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + inherit (pkgs) chrony; + + stateDir = "/var/lib/chrony"; + + chronyUser = "chrony"; + + cfg = config.services.chrony; + + configFile = pkgs.writeText "chrony.conf" '' + ${toString (map (server: "server " + server + "\n") cfg.servers)} + + ${optionalString cfg.initstepslew.enabled '' + initstepslew ${toString cfg.initstepslew.threshold} ${toString (map (server: server + " ") cfg.initstepslew.servers)} + ''} + + driftfile ${stateDir}/chrony.drift + + ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} + + ${cfg.extraConfig} + ''; + + chronyFlags = "-m -f ${configFile} -u ${chronyUser}"; + +in + +{ + + ###### interface + + options = { + + services.chrony = { + + enable = mkOption { + default = false; + description = '' + Whether to synchronise your machine's time using chrony. + Make sure you disable NTP if you enable this service. + ''; + }; + + servers = mkOption { + default = [ + "0.pool.ntp.org" + "1.pool.ntp.org" + "2.pool.ntp.org" + ]; + description = '' + The set of NTP servers from which to synchronise. + ''; + }; + + initstepslew = mkOption { + default = { + enabled = true; + threshold = 1000; # by default, same threshold as 'ntpd -g' (1000s) + servers = cfg.servers; + }; + description = '' + Allow chronyd to make a rapid measurement of the system clock error at + boot time, and to correct the system clock by stepping before normal + operation begins. + ''; + }; + + extraConfig = mkOption { + default = ""; + description = '' + Extra configuration directives that should be added to + chrony.conf + ''; + }; + }; + + }; + + + ###### implementation + + config = mkIf config.services.chrony.enable { + + # Make chronyc available in the system path + environment.systemPackages = [ pkgs.chrony ]; + + users.extraUsers = singleton + { name = chronyUser; + uid = config.ids.uids.chrony; + description = "chrony daemon user"; + home = stateDir; + }; + + jobs.chronyd = + { description = "chrony daemon"; + + wantedBy = [ "ip-up.target" ]; + partOf = [ "ip-up.target" ]; + + path = [ chrony ]; + + preStart = + '' + mkdir -m 0755 -p ${stateDir} + chown ${chronyUser} ${stateDir} + ''; + + exec = "chronyd -n ${chronyFlags}"; + }; + + }; + +} diff --git a/modules/services/networking/ntpd.nix b/modules/services/networking/ntpd.nix index be3fcbd6543..e5e164021d3 100644 --- a/modules/services/networking/ntpd.nix +++ b/modules/services/networking/ntpd.nix @@ -58,6 +58,9 @@ in config = mkIf config.services.ntp.enable { + # Make tools such as ntpq available in the system path + environment.systemPackages = [ pkgs.ntp ]; + users.extraUsers = singleton { name = ntpUser; uid = config.ids.uids.ntp;