nixos: Add new service for OpenNTPd.

This conflicts with the existing reference NTP daemon, so we're using
services.ntp.enable = mkForce false here to make sure both services
aren't enabled in par.

I was already trying to merge the module with services.ntp, but it would
have been quite a mess with a bunch of conditions on the package name.
They both have a bit in common if it comes to the configuration files,
but differ in handling of the state dir (for example, OpenNTPd doesn't
allow it to be owned by anything other than root).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

1 files changed, 49 insertions, 0 deletions

diff --git a/nixos/modules/services/networking/openntpd.nix b/nixos/modules/services/networking/openntpd.nix
new file mode 100644
index 0000000000000..bd8a7a04a2af8
--- /dev/null
+++ b/nixos/modules/services/networking/openntpd.nix
@@ -0,0 +1,49 @@
+{ pkgs, lib, config, options, ... }:
+
+with lib;
+
+let
+  cfg = config.services.openntpd;
+
+  package = pkgs.openntpd.override {
+    privsepUser = "ntp";
+    privsepPath = "/var/empty";
+  };
+
+  cfgFile = pkgs.writeText "openntpd.conf" ''
+    ${concatStringsSep "\n" (map (s: "server ${s}") cfg.servers)}
+  '';
+in
+{
+  ###### interface
+
+  options.services.openntpd = {
+    enable = mkEnableOption "OpenNTP time synchronization server";
+
+    servers = mkOption {
+      default = config.services.ntp.servers;
+      type = types.listOf types.str;
+      inherit (options.services.ntp.servers) description;
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    services.ntp.enable = mkForce false;
+
+    users.extraUsers = singleton {
+      name = "ntp";
+      uid = config.ids.uids.ntp;
+      description = "OpenNTP daemon user";
+      home = "/var/empty";
+    };
+
+    systemd.services.openntpd = {
+      description = "OpenNTP Server";
+      wantedBy = [ "ip-up.target" ];
+      partOf = [ "ip-up.target" ];
+      serviceConfig.ExecStart = "${package}/sbin/ntpd -d -f ${cfgFile}";
+    };
+  };
+}