public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/services/networking/tlsdated.nix
Pascal Wittmann 14ecf0c7fb services.tlsdated: use google.com as default host 
www.ptb.de returns incorrect dates.
2015-11-11 12:07:08 +01:00

111 lines
2.5 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
inherit (pkgs) coreutils tlsdate;
cfg = config.services.tlsdated;
in
{
###### interface
options = {
services.tlsdated = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable tlsdated daemon.
'';
};
extraOptions = mkOption {
type = types.string;
description = ''
Additional command line arguments to pass to tlsdated.
'';
};
sources = mkOption {
type = types.listOf (types.submodule {
options = {
host = mkOption {
type = types.string;
description = ''
Remote hostname.
'';
};
port = mkOption {
type = types.int;
description = ''
Remote port.
'';
};
proxy = mkOption {
type = types.nullOr types.string;
default = null;
description = ''
The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed:
http://127.0.0.1:8118
socks4a://127.0.0.1:9050
socks5://127.0.0.1:9050
The proxy support should not leak DNS requests and is suitable for use with Tor.
'';
};
};
});
default = [
{
host = "encrypted.google.com";
port = 443;
proxy = null;
}
];
description = ''
You can list one or more sources to fetch time from.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
# Make tools such as tlsdate available in the system path
environment.systemPackages = [ tlsdate ];
systemd.services.tlsdated = {
description = "tlsdated daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
# XXX because pkgs.tlsdate is compiled to run as nobody:nogroup, we
# hard-code base-path to /tmp and use PrivateTmp.
ExecStart = "${tlsdate}/bin/tlsdated -f ${pkgs.writeText "tlsdated.confg" ''
base-path /tmp
${concatMapStrings (src: ''
source
host ${src.host}
port ${toString src.port}
proxy ${if src.proxy == null then "none" else src.proxy}
end
'') cfg.sources}
''} ${cfg.extraOptions}";
PrivateTmp = "yes";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink