From 00abc64e54c058b652f701d4e46c0dd4fdcbf3cf Mon Sep 17 00:00:00 2001 From: Ivan Bushchik Date: Sat, 2 Sep 2023 22:14:13 +0300 Subject: [PATCH] Migrate to chrony + add ntp-server role + minor fixes Signed-off-by: Ivan Bushchik --- common/networking.nix | 2 +- common/user.nix | 4 ++-- default.nix | 1 + machines/rubusidaeus/default.nix | 1 + roles/default.nix | 1 + roles/ntp-server.nix | 13 +++++++++++++ 6 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 roles/ntp-server.nix diff --git a/common/networking.nix b/common/networking.nix index c11e399..38d2e82 100644 --- a/common/networking.nix +++ b/common/networking.nix @@ -36,7 +36,7 @@ }; }; - services.timesyncd.enable = true; + services.chrony.enable = true; networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ]; # Useful tools diff --git a/common/user.nix b/common/user.nix index c7b24dd..85bcfd5 100644 --- a/common/user.nix +++ b/common/user.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let - secrets = import ../secrets.nix; + my = import ../.; in rec { users.mutableUsers = false; @@ -30,7 +30,7 @@ in rec { # Celerrime "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime" ]; - hashedPassword = secrets.hashed-password; + hashedPassword = my.secrets.hashed-password; }; diff --git a/default.nix b/default.nix index 14fc881..fd211b1 100644 --- a/default.nix +++ b/default.nix @@ -1,6 +1,7 @@ rec { common = import ./common; roles = import ./roles; + secrets = import ./secrets.nix; modules = { pkgs, ... }: { imports = [ diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix index fa3bbbd..744f931 100644 --- a/machines/rubusidaeus/default.nix +++ b/machines/rubusidaeus/default.nix @@ -20,6 +20,7 @@ in { graphical.enable = false; latex.enable = false; media-client.enable = false; + ntp-server.enable = true; torrent.enable = false; virtualisation.enable = false; yggdrasil-client.enable = true; diff --git a/roles/default.nix b/roles/default.nix index 73a8a14..114a8c1 100644 --- a/roles/default.nix +++ b/roles/default.nix @@ -6,6 +6,7 @@ ./graphical.nix ./latex.nix ./media-client.nix # TODO: media-server + ./ntp-server.nix ./torrent.nix ./virtualisation.nix ./yggdrasil-client.nix diff --git a/roles/ntp-server.nix b/roles/ntp-server.nix new file mode 100644 index 0000000..9d9a393 --- /dev/null +++ b/roles/ntp-server.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.my.roles.ntp-server; +in { + options.my.roles.ntp-server.enable = lib.mkEnableOption "Enable NTP server"; + config = lib.mkIf (cfg.enable) { + services.chrony.extraConfig = '' +allow 192.168.0.0/16 + ''; + networking.firewall.allowedUDPPorts = [ 123 ]; + }; +}