From 9707745cf8af50adf2ef2408933be3e7ea0b1912 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Tue, 31 Oct 2023 14:28:49 +0000 Subject: nixos/ntpd-rs: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/dhcpcd.nix | 2 +- nixos/modules/services/networking/ntp/ntpd-rs.nix | 89 +++++++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/ntpd-rs.nix | 49 +++++++++++++ 5 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/services/networking/ntp/ntpd-rs.nix create mode 100644 nixos/tests/ntpd-rs.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 4e3ce4d088968..e6fffd4716de9 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1044,6 +1044,7 @@ ./services/networking/ntopng.nix ./services/networking/ntp/chrony.nix ./services/networking/ntp/ntpd.nix + ./services/networking/ntp/ntpd-rs.nix ./services/networking/ntp/openntpd.nix ./services/networking/nullidentdmod.nix ./services/networking/nylon.nix diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 8b6d3fc55f3e4..2b59352ac616b 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -98,7 +98,7 @@ let # anything ever again ("couldn't resolve ..., giving up on # it"), so we silently lose time synchronisation. This also # applies to openntpd. - /run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service openntpd.service chronyd.service || true + /run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service openntpd.service chronyd.service ntpd-rs.service || true fi ${cfg.runHook} diff --git a/nixos/modules/services/networking/ntp/ntpd-rs.nix b/nixos/modules/services/networking/ntp/ntpd-rs.nix new file mode 100644 index 0000000000000..a10b570f30bcd --- /dev/null +++ b/nixos/modules/services/networking/ntp/ntpd-rs.nix @@ -0,0 +1,89 @@ +{ lib, config, pkgs, ... }: + +let + cfg = config.services.ntpd-rs; + format = pkgs.formats.toml { }; + configFile = format.generate "ntpd-rs.toml" cfg.settings; +in +{ + options.services.ntpd-rs = { + enable = lib.mkEnableOption "Network Time Service (ntpd-rs)"; + metrics.enable = lib.mkEnableOption "ntpd-rs Prometheus Metrics Exporter"; + + package = lib.mkPackageOption pkgs "ntpd-rs" { }; + + useNetworkingTimeServers = lib.mkOption { + type = lib.types.bool; + default = true; + description = lib.mdDoc '' + Use source time servers from {var}`networking.timeServers` in config. + ''; + }; + + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = format.type; + }; + default = { }; + description = lib.mdDoc '' + Settings to write to {file}`ntp.toml` + + See + for more information about available options. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = !config.services.timesyncd.enable; + message = '' + `ntpd-rs` is not compatible with `services.timesyncd`. Please disable one of them. + ''; + } + ]; + + environment.systemPackages = [ cfg.package ]; + systemd.packages = [ cfg.package ]; + + services.timesyncd.enable = false; + systemd.services.systemd-timedated.environment = { + SYSTEMD_TIMEDATED_NTP_SERVICES = "ntpd-rs.service"; + }; + + services.ntpd-rs.settings = { + observability = { + observation-path = lib.mkDefault "/var/run/ntpd-rs/observe"; + }; + source = lib.mkIf cfg.useNetworkingTimeServers (map + (ts: { + mode = "server"; + address = ts; + }) + config.networking.timeServers); + }; + + systemd.services.ntpd-rs = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = ""; + Group = ""; + DynamicUser = true; + ExecStart = [ "" "${lib.makeBinPath [ cfg.package ]}/ntp-daemon --config=${configFile}" ]; + }; + }; + + systemd.services.ntp-rs-metrics = lib.mkIf cfg.metrics.enable { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = ""; + Group = ""; + DynamicUser = true; + ExecStart = [ "" "${lib.makeBinPath [ cfg.package ]}/bin/ntp-metrics-exporter --config=${configFile}" ]; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ fpletz ]; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 33f13c3d1181c..98e3ca880141d 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -620,6 +620,7 @@ in { nsd = handleTest ./nsd.nix {}; ntfy-sh = handleTest ./ntfy-sh.nix {}; ntfy-sh-migration = handleTest ./ntfy-sh-migration.nix {}; + ntpd-rs = handleTest ./ntpd-rs.nix {}; nzbget = handleTest ./nzbget.nix {}; nzbhydra2 = handleTest ./nzbhydra2.nix {}; oh-my-zsh = handleTest ./oh-my-zsh.nix {}; diff --git a/nixos/tests/ntpd-rs.nix b/nixos/tests/ntpd-rs.nix new file mode 100644 index 0000000000000..2901be5235208 --- /dev/null +++ b/nixos/tests/ntpd-rs.nix @@ -0,0 +1,49 @@ +import ./make-test-python.nix ({ lib, ... }: +{ + name = "ntpd-rs"; + + meta = { + maintainers = with lib.maintainers; [ fpletz ]; + }; + + nodes = { + client = { + services.ntpd-rs = { + enable = true; + metrics.enable = true; + useNetworkingTimeServers = false; + settings = { + source = [ + { + mode = "server"; + address = "server"; + } + ]; + synchronization = { + minimum-agreeing-sources = 1; + }; + }; + }; + }; + server = { + networking.firewall.allowedUDPPorts = [ 123 ]; + services.ntpd-rs = { + enable = true; + metrics.enable = true; + settings = { + server = [ + { listen = "[::]:123"; } + ]; + }; + }; + }; + }; + + testScript = { nodes, ... }: '' + start_all() + server.wait_for_unit('multi-user.target') + client.wait_for_unit('multi-user.target') + server.succeed('systemctl is-active ntpd-rs.service') + client.succeed('systemctl is-active ntpd-rs.service') + ''; +}) -- cgit 1.4.1