Skip to content

nixos/timesyncd: allow NTP servers advertised by DHCP to be used#335755

Merged
flokli merged 4 commits intoNixOS:masterfrom
datafoo:allow-ntp-servers-from-dhcp
Sep 4, 2024
Merged

nixos/timesyncd: allow NTP servers advertised by DHCP to be used#335755
flokli merged 4 commits intoNixOS:masterfrom
datafoo:allow-ntp-servers-from-dhcp

Conversation

@datafoo
Copy link
Contributor

@datafoo datafoo commented Aug 19, 2024
edited
Loading

Description of changes

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Aug 19, 2024
datafoo
datafoo commented Aug 19, 2024
View reviewed changes
nixos/modules/system/boot/timesyncd.nix Outdated
Copy link
Contributor Author

@datafoo datafoo Aug 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In man:timesyncd.conf(5), NTP=:

When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect.

So, should we write NTP= in the file:

# cat /etc/systemd/timesyncd.conf 
[Time]
NTP=
FallbackNTP=0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org

or remove the empty NTP= altogether when servers is the empty list:

# cat /etc/systemd/timesyncd.conf 
[Time]
FallbackNTP=0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org

What do you suggest?

Copy link
Member

@flokli flokli Aug 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't setting this to an empty string imply the defaults are always used, and it's not possible to receive config over DHCP?

I feel like we need a VM test that sends config over DHCP and peeks at what's getting set.

Copy link
Member

@SuperSandro2000 SuperSandro2000 Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect.

This probably refers to dropins like for service files. eg. if you want to overwrite ExecStart= you first need to set it to empty otherwise systemd thinks it is a list which doesn't work.

Copy link
Contributor Author

@datafoo datafoo Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting NTP= to an empty string will allows the NTP servers advertised by DHCP to be used:

# cat /etc/systemd/timesyncd.conf 
[Time]
NTP=

I tested it on a local system and I confirm it works.

Copy link
Member

@SuperSandro2000 SuperSandro2000 Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

FallbackNTP=0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org

This is already an implied default because of

nixpkgs/pkgs/os-specific/linux/systemd/default.nix

Line 664 in 3526bfa

mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org")
https://github.com/systemd/systemd/blob/0197fb599ac4f29871e8ea1923be7b14bbd7bbf0/src/timesync/timesyncd.conf.in#L21

or remove the empty NTP= altogether when servers is the empty list:

I think we should remove it because we do not intent do explicitly remove any previously set value.

Copy link
Contributor Author

@datafoo datafoo Aug 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just do not want to break compatibility for users who are setting networking.timeServers to something different than the compiled-in values (i.e. {0..4}.nixos.pool.ntp.org). Hence the necessity to add the fallbackServers option.

Copy link
Contributor Author

@datafoo datafoo Aug 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the PR to let the module user choose, and by default we do not write NTP= (with empty string) so there is no risk of resetting anything.

Copy link
Contributor Author

@datafoo datafoo Aug 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like the advice from systemd experts.

It seems that my worries about drop-ins are not justified after all.

When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect.

I believe there will be no differences between writing NTP= or not writing NTP= at all despite the systemd documentation. That is because we are configuring the "main configuration file" which has lower precedence and therefore, there are no prior assignments. See CONFIGURATION DIRECTORIES AND PRECEDENCE in man:timesyncd.conf(5).

Do you agree, should I remove the possibility to set null?

@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Aug 19, 2024
This was referenced Aug 19, 2024
Closed
Closed
@datafoo datafoo requested review from a team, doronbehar and flokli August 19, 2024 13:20
@datafoo datafoo force-pushed the allow-ntp-servers-from-dhcp branch from 8e23482 to b998047 Compare August 23, 2024 13:47
SuperSandro2000
SuperSandro2000 reviewed Aug 23, 2024
View reviewed changes
SuperSandro2000
SuperSandro2000 reviewed Aug 23, 2024
View reviewed changes
@datafoo datafoo force-pushed the allow-ntp-servers-from-dhcp branch from b998047 to 428fbe4 Compare August 24, 2024 07:54
datafoo
datafoo commented Aug 24, 2024
View reviewed changes
@datafoo datafoo force-pushed the allow-ntp-servers-from-dhcp branch 2 times, most recently from 3de4356 to 0db6b99 Compare August 24, 2024 09:26
@github-actions github-actions bot added 8.has: documentation This PR adds or changes documentation 8.has: changelog This PR adds or changes release notes labels Aug 24, 2024
@datafoo
Copy link
Contributor Author

datafoo commented Aug 24, 2024
edited
Loading

Despite my wishes, this PR breaks compatibility in few cases.

Example:

services.timesyncd = {
  servers = [];
  extraConfig = ''
    FallbackNTP=0.it.pool.ntp.org 1.it.pool.ntp.org 2.it.pool.ntp.org 3.it.pool.ntp.org
  '';
};

Therefore, I have added some release notes.

@flokli
Copy link
Member

flokli commented Sep 3, 2024

This needs another rebase, due to conflicts in the release notes.

@datafoo
nixos/timesyncd: minor refactoring
45c0d04
@datafoo
nixos/timesyncd: minor refactoring
34efcf8
@datafoo
nixos/timesyncd: allow null for option servers
b4cd578 
This gives the ability to not write `NTP=` to the `timesyncd.conf` file
(servers = null) as opposed to writing `NTP=` (servers = []) which is
interpreted slightly differently by systemd:

> When the empty string is assigned, the list of NTP servers is reset,
and all prior assignments will have no effect.
@datafoo
nixos/timesyncd: allow NTP servers advertised by DHCP to be used
24e08d0 
- add option `fallbackServers` with default to `networking.timeServers`
- option `servers` now default to null

Fix NixOS#335050
@datafoo datafoo force-pushed the allow-ntp-servers-from-dhcp branch from 0db6b99 to 24e08d0 Compare September 4, 2024 10:17
@datafoo
Copy link
Contributor Author

datafoo commented Sep 4, 2024

Rebase done.

@flokli flokli merged commit bcc7693 into NixOS:master Sep 4, 2024
@flokli
Copy link
Member

flokli commented Sep 4, 2024

Thanks!

@datafoo datafoo deleted the allow-ntp-servers-from-dhcp branch September 6, 2024 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@flokli flokli Awaiting requested review from flokli

@doronbehar doronbehar Awaiting requested review from doronbehar

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@datafoo @flokli @SuperSandro2000