public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/chrony: add option to enable NTS authentication

Browse Source
This commit is contained in:
Ctem 2021-01-06 19:33:39 +09:00
parent fd0c2add78
commit 9550d865e9
No known key found for this signature in database
GPG Key ID: 7F6702F5FC77041B
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/services/networking/ntp/chrony.nix
View File

@ -10,7 +10,7 @@ let
keyFile = "${stateDir}/chrony.keys"; keyFile = "${stateDir}/chrony.keys";
configFile = pkgs.writeText "chrony.conf" '' configFile = pkgs.writeText "chrony.conf" ''
${concatMapStringsSep "\n" (server: "server " + server + " iburst") cfg.servers} ${concatMapStringsSep "\n" (server: "server " + server + " iburst" + optionalString (cfg.enableNTS) " nts") cfg.servers}
${optionalString ${optionalString
(cfg.initstepslew.enabled && (cfg.servers != [])) (cfg.initstepslew.enabled && (cfg.servers != []))
@ -19,6 +19,7 @@ let
driftfile ${driftFile} driftfile ${driftFile}
keyfile ${keyFile} keyfile ${keyFile}
${optionalString (cfg.enableNTS) "ntsdumpdir ${stateDir}"}
${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
@ -46,6 +47,15 @@ in
''; '';
}; };
enableNTS = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Network Time Security authentication.
Make sure it is supported by your selected NTP server(s).
'';
};
initstepslew = mkOption { initstepslew = mkOption {
default = { default = {
enabled = true; enabled = true;