forked from DGNum/liminix
add first version of ntp module
This commit is contained in:
parent
e952f55f40
commit
bf1d9beec1
4 changed files with 103 additions and 20 deletions
|
@ -38,6 +38,7 @@ in rec {
|
|||
../modules/firewall
|
||||
../modules/hostapd
|
||||
../modules/bridge
|
||||
../modules/ntp
|
||||
];
|
||||
rootfsType = "jffs2";
|
||||
hostname = "rotuer";
|
||||
|
@ -95,15 +96,9 @@ in rec {
|
|||
];
|
||||
};
|
||||
|
||||
services.ntp =
|
||||
let config = writeText "chrony.conf" ''
|
||||
pool pool.ntp.org iburst
|
||||
dumpdir /run/chrony
|
||||
makestep 1.0 3
|
||||
'';
|
||||
in longrun {
|
||||
name = "ntp";
|
||||
run = "${pkgs.chrony}/bin/chronyd -f ${config} -d";
|
||||
services.ntp = svc.ntp {
|
||||
pools = { "pool.ntp.org" = ["iburst"]; };
|
||||
makestep = { threshold = 1.0; limit = 3; };
|
||||
};
|
||||
|
||||
services.sshd = longrun {
|
||||
|
|
19
modules/ntp/default.nix
Normal file
19
modules/ntp/default.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ lib, pkgs, config, ...}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
in {
|
||||
options = {
|
||||
system.service.ntp = mkOption {
|
||||
type = types.functionTo types.package;
|
||||
};
|
||||
};
|
||||
config = {
|
||||
system.service.ntp = pkgs.callPackage ./service.nix {};
|
||||
users.ntp = {
|
||||
uid = 52; gid= 52; gecos = "Unprivileged NTP user";
|
||||
dir = "/run/ntp";
|
||||
shell = "/bin/false";
|
||||
};
|
||||
# groups.system.usernames = ["ntp"];
|
||||
};
|
||||
}
|
75
modules/ntp/service.nix
Normal file
75
modules/ntp/service.nix
Normal file
|
@ -0,0 +1,75 @@
|
|||
{
|
||||
liminix
|
||||
, chrony
|
||||
, serviceFns
|
||||
, lib
|
||||
, writeText
|
||||
}:
|
||||
let
|
||||
inherit (liminix.services) longrun;
|
||||
inherit (lib) concatStringsSep mapAttrsToList;
|
||||
inherit (liminix.lib) typeChecked;
|
||||
inherit (lib) mkOption types;
|
||||
|
||||
serverOpts = types.listOf types.str;
|
||||
t = {
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "ntp";
|
||||
};
|
||||
servers = mkOption { type = types.attrsOf serverOpts; default = {}; };
|
||||
pools = mkOption { type = types.attrsOf serverOpts; default = {}; };
|
||||
peers = mkOption { type = types.attrsOf serverOpts; default = {}; };
|
||||
makestep = {
|
||||
threshold = mkOption { type = types.number; };
|
||||
limit = mkOption { type = types.number; };
|
||||
};
|
||||
allow = mkOption {
|
||||
description = "subnets from which NTP clients are allowed to access the server";
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
};
|
||||
bindaddress = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
binddevice = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
dumpdir = mkOption {
|
||||
internal = true;
|
||||
type = types.path;
|
||||
default = "/run/chrony";
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
configFile = p:
|
||||
(mapAttrsToList (name: opts: "server ${name} ${concatStringsSep "" opts}")
|
||||
p.servers)
|
||||
++
|
||||
(mapAttrsToList (name: opts: "pool ${name} ${concatStringsSep "" opts}")
|
||||
p.pools)
|
||||
++
|
||||
(mapAttrsToList (name: opts: "peer ${name} ${concatStringsSep "" opts}")
|
||||
p.peers)
|
||||
++ [ "user #{p.user}" ]
|
||||
++ (lib.optional (p.makestep != null) "makestep ${toString p.makestep.threshold} ${toString p.makestep.limit}")
|
||||
++ (map (n: "allow ${n}") p.allow)
|
||||
++ (lib.optional (p.bindaddress != null) "bindaddress ${p.bindaddress}")
|
||||
++ (lib.optional (p.binddevice != null) "binddevice ${p.binddevice}")
|
||||
++ (lib.optional (p.dumpdir != null) "dumpdir ${p.dumpdir}")
|
||||
++ [p.extraConfig];
|
||||
in
|
||||
params:
|
||||
let
|
||||
config = writeText "chrony.conf"
|
||||
(concatStringsSep "\n"
|
||||
(configFile (typeChecked "" t params)));
|
||||
in longrun {
|
||||
name = "ntp"; # bad name, needs to be unique
|
||||
run = "${chrony}/bin/chronyd -f ${config} -d";
|
||||
}
|
|
@ -7,6 +7,7 @@ in rec {
|
|||
imports = [
|
||||
./modules/tftpboot.nix
|
||||
./modules/wlan.nix
|
||||
./modules/ntp
|
||||
];
|
||||
services.loopback = config.hardware.networkInterfaces.lo;
|
||||
|
||||
|
@ -36,15 +37,8 @@ in rec {
|
|||
dependencies = [iface];
|
||||
};
|
||||
|
||||
services.ntp =
|
||||
let config = writeText "chrony.conf" ''
|
||||
pool pool.ntp.org iburst
|
||||
dumpdir /run/chrony
|
||||
makestep 1.0 3
|
||||
'';
|
||||
in longrun {
|
||||
name = "ntp";
|
||||
run = "${pkgs.chrony}/bin/chronyd -f ${config} -d";
|
||||
services.ntp = config.system.service.ntp {
|
||||
pools = { "pool.ntp.org" = ["iburst"] ; };
|
||||
};
|
||||
|
||||
services.default = target {
|
||||
|
|
Loading…
Reference in a new issue