Skip to content

nixos/timesyncd: allow NTP servers advertised by DHCP to be used #335755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
flokli merged 4 commits into from
Sep 4, 2024
Merged

nixos/timesyncd: allow NTP servers advertised by DHCP to be used #335755

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
45c0d04
nixos/timesyncd: minor refactoring
datafoo Aug 19, 2024
34efcf8
nixos/timesyncd: minor refactoring
datafoo Aug 23, 2024
b4cd578
nixos/timesyncd: allow null for option servers
datafoo Aug 23, 2024
24e08d0
nixos/timesyncd: allow NTP servers advertised by DHCP to be used
datafoo Aug 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions nixos/doc/manual/release-notes/rl-2411.section.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -448,6 +448,10 @@

- The hooks `yarnConfigHook` and `yarnBuildHook` were added. These should replace `yarn2nix.mkYarnPackage` and other `yarn2nix` related tools. The motivation to get rid of `yarn2nix` tools is the fact that they are too complex and hard to maintain, and they rely upon too much Nix evaluation which is problematic if import-from-derivation is not allowed (see more details at [#296856](https://github.com/NixOS/nixpkgs/issues/296856). The transition from `mkYarnPackage` to `yarn{Config,Build}Hook` is tracked at [#324246](https://github.com/NixOS/nixpkgs/issues/324246).

- `services.timesyncd.servers` now defaults to `null`, allowing systemd-timesyncd to use NTP servers advertised by DHCP.

- `services.timesyncd.fallbackServers` was added and defaults to `networking.timeServers`.

- Cinnamon has been updated to 6.2, please check [upstream announcement](https://www.linuxmint.com/rel_wilma_whatsnew.php) for more details.
Following Mint 22 defaults, the Cinnamon module no longer ships geary and hexchat by default.

Expand Down
48 changes: 36 additions & 12 deletions nixos/modules/system/boot/timesyncd.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,33 +2,52 @@

with lib;

let
cfg = config.services.timesyncd;
in
{

options = {

services.timesyncd = {
services.timesyncd = with types; {
enable = mkOption {
default = !config.boot.isContainer;
defaultText = literalExpression "!config.boot.isContainer";
type = types.bool;
type = bool;
description = ''
Enables the systemd NTP client daemon.
'';
};
servers = mkOption {
default = null;
type = nullOr (listOf str);
description = ''
The set of NTP servers from which to synchronise.

Setting this option to an empty list will write `NTP=` to the
`timesyncd.conf` file as opposed to setting this option to null which
will remove `NTP=` entirely.

See man:timesyncd.conf(5) for details.
'';
};
fallbackServers = mkOption {
default = config.networking.timeServers;
defaultText = literalExpression "config.networking.timeServers";
type = types.listOf types.str;
type = nullOr (listOf str);
description = ''
The set of NTP servers from which to synchronise.
Note if this is set to an empty list, the defaults systemd itself is
compiled with ({0..4}.nixos.pool.ntp.org) apply,
In case you want to disable timesyncd altogether, use the `enable` option.
The set of fallback NTP servers from which to synchronise.

Setting this option to an empty list will write `FallbackNTP=` to the
`timesyncd.conf` file as opposed to setting this option to null which
will remove `FallbackNTP=` entirely.

See man:timesyncd.conf(5) for details.
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
type = lines;
example = ''
PollIntervalMaxSec=180
'';
Expand All @@ -41,7 +60,7 @@ with lib;
};
};

config = mkIf config.services.timesyncd.enable {
config = mkIf cfg.enable {

systemd.additionalUpstreamSystemUnits = [ "systemd-timesyncd.service" ];

Expand Down Expand Up @@ -82,9 +101,14 @@ with lib;

environment.etc."systemd/timesyncd.conf".text = ''
[Time]
NTP=${concatStringsSep " " config.services.timesyncd.servers}
${config.services.timesyncd.extraConfig}
'';
''
+ optionalString (cfg.servers != null) ''
NTP=${concatStringsSep " " cfg.servers}
Copy link
Contributor Author

@datafoo datafoo Aug 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In man:timesyncd.conf(5), NTP=:

When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect.

So, should we write NTP= in the file:

# cat /etc/systemd/timesyncd.conf 
[Time]
NTP=
FallbackNTP=0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org

or remove the empty NTP= altogether when servers is the empty list:

# cat /etc/systemd/timesyncd.conf 
[Time]
FallbackNTP=0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org

What do you suggest?

Copy link
Member

@flokli flokli Aug 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't setting this to an empty string imply the defaults are always used, and it's not possible to receive config over DHCP?

I feel like we need a VM test that sends config over DHCP and peeks at what's getting set.

Copy link
Member

@SuperSandro2000 SuperSandro2000 Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect.

This probably refers to dropins like for service files. eg. if you want to overwrite ExecStart= you first need to set it to empty otherwise systemd thinks it is a list which doesn't work.

Copy link
Contributor Author

@datafoo datafoo Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting NTP= to an empty string will allows the NTP servers advertised by DHCP to be used:

# cat /etc/systemd/timesyncd.conf 
[Time]
NTP=

I tested it on a local system and I confirm it works.

Copy link
Member

@SuperSandro2000 SuperSandro2000 Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

FallbackNTP=0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org

This is already an implied default because of

nixpkgs/pkgs/os-specific/linux/systemd/default.nix

Line 664 in 3526bfa

mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org")
https://github.com/systemd/systemd/blob/0197fb599ac4f29871e8ea1923be7b14bbd7bbf0/src/timesync/timesyncd.conf.in#L21

or remove the empty NTP= altogether when servers is the empty list:

I think we should remove it because we do not intent do explicitly remove any previously set value.

Copy link
Contributor Author

@datafoo datafoo Aug 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just do not want to break compatibility for users who are setting networking.timeServers to something different than the compiled-in values (i.e. {0..4}.nixos.pool.ntp.org). Hence the necessity to add the fallbackServers option.

Copy link
Contributor Author

@datafoo datafoo Aug 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the PR to let the module user choose, and by default we do not write NTP= (with empty string) so there is no risk of resetting anything.

Copy link
Contributor Author

@datafoo datafoo Aug 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like the advice from systemd experts.

It seems that my worries about drop-ins are not justified after all.

When the empty string is assigned, the list of NTP servers is reset, and all prior assignments will have no effect.

I believe there will be no differences between writing NTP= or not writing NTP= at all despite the systemd documentation. That is because we are configuring the "main configuration file" which has lower precedence and therefore, there are no prior assignments. See CONFIGURATION DIRECTORIES AND PRECEDENCE in man:timesyncd.conf(5).

Do you agree, should I remove the possibility to set null?

''
+ optionalString (cfg.fallbackServers != null) ''
FallbackNTP=${concatStringsSep " " cfg.fallbackServers}
''
+ cfg.extraConfig;

users.users.systemd-timesync = {
uid = config.ids.uids.systemd-timesync;
Expand Down