add first version of ntp module

This commit is contained in:
Daniel Barlow 2023-07-22 23:22:45 +01:00
parent e952f55f40
commit bf1d9beec1
4 changed files with 103 additions and 20 deletions

View file

@ -38,6 +38,7 @@ in rec {
../modules/firewall ../modules/firewall
../modules/hostapd ../modules/hostapd
../modules/bridge ../modules/bridge
../modules/ntp
]; ];
rootfsType = "jffs2"; rootfsType = "jffs2";
hostname = "rotuer"; hostname = "rotuer";
@ -95,15 +96,9 @@ in rec {
]; ];
}; };
services.ntp = services.ntp = svc.ntp {
let config = writeText "chrony.conf" '' pools = { "pool.ntp.org" = ["iburst"]; };
pool pool.ntp.org iburst makestep = { threshold = 1.0; limit = 3; };
dumpdir /run/chrony
makestep 1.0 3
'';
in longrun {
name = "ntp";
run = "${pkgs.chrony}/bin/chronyd -f ${config} -d";
}; };
services.sshd = longrun { services.sshd = longrun {

19
modules/ntp/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ lib, pkgs, config, ...}:
let
inherit (lib) mkOption types;
in {
options = {
system.service.ntp = mkOption {
type = types.functionTo types.package;
};
};
config = {
system.service.ntp = pkgs.callPackage ./service.nix {};
users.ntp = {
uid = 52; gid= 52; gecos = "Unprivileged NTP user";
dir = "/run/ntp";
shell = "/bin/false";
};
# groups.system.usernames = ["ntp"];
};
}

75
modules/ntp/service.nix Normal file
View file

@ -0,0 +1,75 @@
{
liminix
, chrony
, serviceFns
, lib
, writeText
}:
let
inherit (liminix.services) longrun;
inherit (lib) concatStringsSep mapAttrsToList;
inherit (liminix.lib) typeChecked;
inherit (lib) mkOption types;
serverOpts = types.listOf types.str;
t = {
user = mkOption {
type = types.str;
default = "ntp";
};
servers = mkOption { type = types.attrsOf serverOpts; default = {}; };
pools = mkOption { type = types.attrsOf serverOpts; default = {}; };
peers = mkOption { type = types.attrsOf serverOpts; default = {}; };
makestep = {
threshold = mkOption { type = types.number; };
limit = mkOption { type = types.number; };
};
allow = mkOption {
description = "subnets from which NTP clients are allowed to access the server";
type = types.listOf types.str;
default = [];
};
bindaddress = mkOption {
type = types.nullOr types.str;
default = null;
};
binddevice = mkOption {
type = types.nullOr types.str;
default = null;
};
dumpdir = mkOption {
internal = true;
type = types.path;
default = "/run/chrony";
};
extraConfig = mkOption {
type = types.lines;
default = "";
};
};
configFile = p:
(mapAttrsToList (name: opts: "server ${name} ${concatStringsSep "" opts}")
p.servers)
++
(mapAttrsToList (name: opts: "pool ${name} ${concatStringsSep "" opts}")
p.pools)
++
(mapAttrsToList (name: opts: "peer ${name} ${concatStringsSep "" opts}")
p.peers)
++ [ "user #{p.user}" ]
++ (lib.optional (p.makestep != null) "makestep ${toString p.makestep.threshold} ${toString p.makestep.limit}")
++ (map (n: "allow ${n}") p.allow)
++ (lib.optional (p.bindaddress != null) "bindaddress ${p.bindaddress}")
++ (lib.optional (p.binddevice != null) "binddevice ${p.binddevice}")
++ (lib.optional (p.dumpdir != null) "dumpdir ${p.dumpdir}")
++ [p.extraConfig];
in
params:
let
config = writeText "chrony.conf"
(concatStringsSep "\n"
(configFile (typeChecked "" t params)));
in longrun {
name = "ntp"; # bad name, needs to be unique
run = "${chrony}/bin/chronyd -f ${config} -d";
}

View file

@ -7,6 +7,7 @@ in rec {
imports = [ imports = [
./modules/tftpboot.nix ./modules/tftpboot.nix
./modules/wlan.nix ./modules/wlan.nix
./modules/ntp
]; ];
services.loopback = config.hardware.networkInterfaces.lo; services.loopback = config.hardware.networkInterfaces.lo;
@ -36,15 +37,8 @@ in rec {
dependencies = [iface]; dependencies = [iface];
}; };
services.ntp = services.ntp = config.system.service.ntp {
let config = writeText "chrony.conf" '' pools = { "pool.ntp.org" = ["iburst"] ; };
pool pool.ntp.org iburst
dumpdir /run/chrony
makestep 1.0 3
'';
in longrun {
name = "ntp";
run = "${pkgs.chrony}/bin/chronyd -f ${config} -d";
}; };
services.default = target { services.default = target {