newedge/liminix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixfmt-rfc-style

Browse Source 
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."

If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
This commit is contained in:
Daniel Barlow
2025-02-10 21:55:08 +00:00
parent 13cc5a8992
commit 7e2b0068e6
211 changed files with 6049 additions and 4355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
modules/ntp/default.nix
View File

@@ -6,12 +6,18 @@
## optionally also provide time service to its peers. The
## implementation used in Liminix is Chrony
{ lib, pkgs, config, ...}:
{
lib,
pkgs,
config,
...
}:
let
inherit (lib) mkOption types;
inherit (pkgs) liminix;
serverOpts = types.listOf types.str;
in {
in
{
options = {
system.service.ntp = mkOption {
type = liminix.lib.types.serviceDefn;
@@ -23,23 +29,36 @@ in {
type = types.str;
default = "ntp";
};
servers = mkOption { type = types.attrsOf serverOpts; default = {}; };
pools = mkOption { type = types.attrsOf serverOpts; default = {}; };
peers = mkOption { type = types.attrsOf serverOpts; default = {}; };
servers = mkOption {
type = types.attrsOf serverOpts;
default = { };
};
pools = mkOption {
type = types.attrsOf serverOpts;
default = { };
};
peers = mkOption {
type = types.attrsOf serverOpts;
default = { };
};
makestep = mkOption {
default = null;
type = types.nullOr
(types.submodule {
type = types.nullOr (
types.submodule {
options = {
threshold = mkOption { type = types.number; default = null;};
threshold = mkOption {
type = types.number;
default = null;
};
limit = mkOption { type = types.number; };
};
});
}
);
};
allow = mkOption {
description = "subnets from which NTP clients are allowed to access the server";
type = types.listOf types.str;
default = [];
default = [ ];
};
bindaddress = mkOption {
type = types.nullOr types.str;
@@ -60,7 +79,9 @@ in {
};
};
users.ntp = {
uid = 52; gid= 52; gecos = "Unprivileged NTP user";
uid = 52;
gid = 52;
gecos = "Unprivileged NTP user";
dir = "/run/ntp";
shell = "/bin/false";
};

34
modules/ntp/service.nix
View File

@@ -1,25 +1,23 @@
{
liminix
, chrony
, lib
, writeText
liminix,
chrony,
lib,
writeText,
}:
params:
let
name = "ntp"; # bad name, needs to be unique
inherit (liminix.services) longrun;
inherit (lib) concatStringsSep mapAttrsToList;
configFile = p:
(mapAttrsToList (name: opts: "server ${name} ${concatStringsSep "" opts}")
p.servers)
++
(mapAttrsToList (name: opts: "pool ${name} ${concatStringsSep "" opts}")
p.pools)
++
(mapAttrsToList (name: opts: "peer ${name} ${concatStringsSep "" opts}")
p.peers)
configFile =
p:
(mapAttrsToList (name: opts: "server ${name} ${concatStringsSep "" opts}") p.servers)
++ (mapAttrsToList (name: opts: "pool ${name} ${concatStringsSep "" opts}") p.pools)
++ (mapAttrsToList (name: opts: "peer ${name} ${concatStringsSep "" opts}") p.peers)
++ lib.optional (p.user != null) "user ${p.user}"
++ (lib.optional (p.makestep != null) "makestep ${toString p.makestep.threshold} ${toString p.makestep.limit}")
++ (lib.optional (
p.makestep != null
) "makestep ${toString p.makestep.threshold} ${toString p.makestep.limit}")
++ (map (n: "allow ${n}") p.allow)
++ (lib.optional (p.bindaddress != null) "bindaddress ${p.bindaddress}")
++ (lib.optional (p.binddevice != null) "binddevice ${p.binddevice}")
@@ -28,11 +26,11 @@ let
"bindcmdaddress /" # disable unix socket
"pidfile /run/${name}.pid"
]
++ [p.extraConfig];
++ [ p.extraConfig ];
config = writeText "chrony.conf"
(concatStringsSep "\n" (configFile params));
in longrun {
config = writeText "chrony.conf" (concatStringsSep "\n" (configFile params));
in
longrun {
inherit name;
run = "${chrony}/bin/chronyd -f ${config} -d";
}