alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

nixos/chrony: add option to enable NTS authentication

Browse source
This commit is contained in:
Ctem 2021-01-06 19:33:39 +09:00
parent fd0c2add78
commit 9550d865e9
No known key found for this signature in database
GPG key ID: 7F6702F5FC77041B
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/services/networking/ntp/chrony.nix
View file

@ -10,7 +10,7 @@ let
keyFile = "${stateDir}/chrony.keys";
configFile = pkgs.writeText "chrony.conf" ''
${concatMapStringsSep "\n" (server: "server " + server + " iburst") cfg.servers}
${concatMapStringsSep "\n" (server: "server " + server + " iburst" + optionalString (cfg.enableNTS) " nts") cfg.servers}
${optionalString
(cfg.initstepslew.enabled && (cfg.servers != []))
@ -19,6 +19,7 @@ let
driftfile ${driftFile}
keyfile ${keyFile}
${optionalString (cfg.enableNTS) "ntsdumpdir ${stateDir}"}
${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
@ -46,6 +47,15 @@ in
'';
};
enableNTS = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Network Time Security authentication.
Make sure it is supported by your selected NTP server(s).
'';
};
initstepslew = mkOption {
default = {
enabled = true;