From 02d9a8066a0ad0adbf9d1c3617659a4a00610a88 Mon Sep 17 00:00:00 2001 From: "Ricardo M. Correia" Date: Thu, 23 May 2013 02:07:49 +0000 Subject: [PATCH 1/2] Add chrony service Also, do not build and add ntp to the system unless it is enabled. --- modules/config/system-path.nix | 1 - modules/misc/ids.nix | 1 + modules/module-list.nix | 1 + modules/services/networking/chrony.nix | 88 ++++++++++++++++++++++++++ modules/services/networking/ntpd.nix | 3 + 5 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 modules/services/networking/chrony.nix diff --git a/modules/config/system-path.nix b/modules/config/system-path.nix index 8c36015718c..6e73118fe08 100644 --- a/modules/config/system-path.nix +++ b/modules/config/system-path.nix @@ -41,7 +41,6 @@ let pkgs.nano pkgs.ncurses pkgs.netcat - pkgs.ntp pkgs.openssh pkgs.pciutils pkgs.perl diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index fd76dfc47a1..8a23148b028 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -75,6 +75,7 @@ in spamd = 56; nslcd = 58; nginx = 60; + chrony = 61; # When adding a uid, make sure it doesn't match an existing gid. diff --git a/modules/module-list.nix b/modules/module-list.nix index b6193b19131..e6b4fd37c66 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -125,6 +125,7 @@ ./services/networking/bind.nix ./services/networking/bitlbee.nix ./services/networking/cntlm.nix + ./services/networking/chrony.nix ./services/networking/ddclient.nix #./services/networking/dhclient.nix ./services/networking/dhcpcd.nix diff --git a/modules/services/networking/chrony.nix b/modules/services/networking/chrony.nix new file mode 100644 index 00000000000..5a53744791c --- /dev/null +++ b/modules/services/networking/chrony.nix @@ -0,0 +1,88 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + inherit (pkgs) chrony; + + stateDir = "/var/lib/chrony"; + + chronyUser = "chrony"; + + configFile = pkgs.writeText "chrony.conf" '' + ${toString (map (server: "server " + server + "\n") config.services.chrony.servers)} + + driftfile ${stateDir}/chrony.drift + ''; + + chronyFlags = "-m -f ${configFile} -u ${chronyUser}"; + +in + +{ + + ###### interface + + options = { + + services.chrony = { + + enable = mkOption { + default = false; + description = '' + Whether to synchronise your machine's time using chrony. + Make sure you disable NTP if you enable this service. + ''; + }; + + servers = mkOption { + default = [ + "0.pool.ntp.org" + "1.pool.ntp.org" + "2.pool.ntp.org" + ]; + description = '' + The set of NTP servers from which to synchronise. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf config.services.chrony.enable { + + # Make chronyc available in the system path + environment.systemPackages = [ pkgs.chrony ]; + + users.extraUsers = singleton + { name = chronyUser; + uid = config.ids.uids.chrony; + description = "chrony daemon user"; + home = stateDir; + }; + + jobs.chronyd = + { description = "chrony daemon"; + + wantedBy = [ "ip-up.target" ]; + partOf = [ "ip-up.target" ]; + + path = [ chrony ]; + + preStart = + '' + mkdir -m 0755 -p ${stateDir} + chown ${chronyUser} ${stateDir} + ''; + + exec = "chronyd -n ${chronyFlags}"; + }; + + }; + +} diff --git a/modules/services/networking/ntpd.nix b/modules/services/networking/ntpd.nix index be3fcbd6543..e5e164021d3 100644 --- a/modules/services/networking/ntpd.nix +++ b/modules/services/networking/ntpd.nix @@ -58,6 +58,9 @@ in config = mkIf config.services.ntp.enable { + # Make tools such as ntpq available in the system path + environment.systemPackages = [ pkgs.ntp ]; + users.extraUsers = singleton { name = ntpUser; uid = config.ids.uids.ntp; From 6336048c5843ffcbd9fb010e47386adda2cdb913 Mon Sep 17 00:00:00 2001 From: "Ricardo M. Correia" Date: Thu, 23 May 2013 03:00:09 +0000 Subject: [PATCH 2/2] chrony: properly set rtconutc option, and add a few more options --- modules/services/networking/chrony.nix | 32 +++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/modules/services/networking/chrony.nix b/modules/services/networking/chrony.nix index 5a53744791c..5e9818858e0 100644 --- a/modules/services/networking/chrony.nix +++ b/modules/services/networking/chrony.nix @@ -10,10 +10,20 @@ let chronyUser = "chrony"; + cfg = config.services.chrony; + configFile = pkgs.writeText "chrony.conf" '' - ${toString (map (server: "server " + server + "\n") config.services.chrony.servers)} + ${toString (map (server: "server " + server + "\n") cfg.servers)} + + ${optionalString cfg.initstepslew.enabled '' + initstepslew ${toString cfg.initstepslew.threshold} ${toString (map (server: server + " ") cfg.initstepslew.servers)} + ''} driftfile ${stateDir}/chrony.drift + + ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} + + ${cfg.extraConfig} ''; chronyFlags = "-m -f ${configFile} -u ${chronyUser}"; @@ -47,6 +57,26 @@ in ''; }; + initstepslew = mkOption { + default = { + enabled = true; + threshold = 1000; # by default, same threshold as 'ntpd -g' (1000s) + servers = cfg.servers; + }; + description = '' + Allow chronyd to make a rapid measurement of the system clock error at + boot time, and to correct the system clock by stepping before normal + operation begins. + ''; + }; + + extraConfig = mkOption { + default = ""; + description = '' + Extra configuration directives that should be added to + chrony.conf + ''; + }; }; };