diff options
nixos/chrony: add option to enable NTS authentication
Diffstat (limited to 'nixos/modules/services/networking/ntp')
-rw-r--r-- | nixos/modules/services/networking/ntp/chrony.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/ntp/chrony.nix b/nixos/modules/services/networking/ntp/chrony.nix index e6fa48daf46..5842761ba7e 100644 --- a/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixos/modules/services/networking/ntp/chrony.nix @@ -10,7 +10,7 @@ let keyFile = "${stateDir}/chrony.keys"; configFile = pkgs.writeText "chrony.conf" '' - ${concatMapStringsSep "\n" (server: "server " + server + " iburst") cfg.servers} + ${concatMapStringsSep "\n" (server: "server " + server + " iburst" + optionalString (cfg.enableNTS) " nts") cfg.servers} ${optionalString (cfg.initstepslew.enabled && (cfg.servers != [])) @@ -19,6 +19,7 @@ let driftfile ${driftFile} keyfile ${keyFile} + ${optionalString (cfg.enableNTS) "ntsdumpdir ${stateDir}"} ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} @@ -46,6 +47,15 @@ in ''; }; + enableNTS = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable Network Time Security authentication. + Make sure it is supported by your selected NTP server(s). + ''; + }; + initstepslew = mkOption { default = { enabled = true; |