From cacde953cb887eb833985c9bb06dc93bb4537a34 Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Wed, 8 Oct 2025 18:39:04 +0100
Subject: [PATCH] don't ask chrony to drop privs, it needs libpcap

---
 examples/rotuer.nix     | 1 +
 modules/ntp/service.nix | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/examples/rotuer.nix b/examples/rotuer.nix
index 875baf7..bd34075 100644
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@@ -107,6 +107,7 @@ rec {
   };
 
   services.ntp = svc.ntp.build {
+    user = "root";
     pools = {
       "pool.ntp.org" = [ "iburst" ];
     };
diff --git a/modules/ntp/service.nix b/modules/ntp/service.nix
index 6d85b8a..7fed389 100644
--- a/modules/ntp/service.nix
+++ b/modules/ntp/service.nix
@@ -14,7 +14,7 @@ let
     (mapAttrsToList (name: opts: "server ${name} ${concatStringsSep "" opts}") p.servers)
     ++ (mapAttrsToList (name: opts: "pool ${name} ${concatStringsSep "" opts}") p.pools)
     ++ (mapAttrsToList (name: opts: "peer ${name} ${concatStringsSep "" opts}") p.peers)
-    ++ lib.optional (p.user != null) "user ${p.user}"
+    ++ lib.optional (p.user != "root") "user ${p.user}"
     ++ (lib.optional (
       p.makestep != null
     ) "makestep ${toString p.makestep.threshold} ${toString p.makestep.limit}")