diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-11-05 10:13:43 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-11-05 11:25:39 +0100 |
commit | 63854bcbb16e6b52edf966db428c4a1f049c3af5 (patch) | |
tree | 5c55018d9ea5f17eeba707f476dead7426530aa9 /gnu | |
parent | 98c16943d50c8dd080b66bfe83a69b9e2a3dd16a (diff) | |
download | patches-63854bcbb16e6b52edf966db428c4a1f049c3af5.tar patches-63854bcbb16e6b52edf966db428c4a1f049c3af5.tar.gz |
services: Add NTP service.
* gnu/services/networking.scm (ntp-service): New procedure.
* doc/guix.texi (Networking Services): Document it.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/services/networking.scm | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e682b9cfa..1cb501bb7a 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -23,11 +23,15 @@ #:use-module (gnu packages linux) #:use-module (gnu packages tor) #:use-module (gnu packages messaging) + #:use-module (gnu packages ntp) #:use-module (guix gexp) #:use-module (guix monads) + #:use-module (srfi srfi-26) #:export (%facebook-host-aliases static-networking-service dhcp-client-service + %ntp-servers + ntp-service tor-service bitlbee-service)) @@ -171,6 +175,54 @@ Protocol (DHCP) client, on all the non-loopback network interfaces." (call-with-input-file #$pid-file read))))) (stop #~(make-kill-destructor)))))) +(define %ntp-servers + ;; Default set of NTP servers. + '("0.pool.ntp.org" + "1.pool.ntp.org" + "2.pool.ntp.org")) + +(define* (ntp-service #:key (ntp ntp) + (servers %ntp-servers)) + "Return a service that runs the daemon from @var{ntp}, the +@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will +keep the system clock synchronized with that of @var{servers}." + ;; TODO: Add authentication support. + + (define config + (string-append "driftfile /var/run/ntp.drift\n" + (string-join (map (cut string-append "server " <>) + servers) + "\n") + " +# Disable status queries as a workaround for CVE-2013-5211: +# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Yet, allow use of the local 'ntpq'. +restrict 127.0.0.1 +restrict -6 ::1\n")) + + (mlet %store-monad ((ntpd.conf (text-file "ntpd.conf" config))) + (return + (service + (provision '(ntpd)) + (documentation "Run the Network Time Protocol (NTP) daemon.") + (requirement '(user-processes networking)) + (start #~(make-forkexec-constructor + (list (string-append #$ntp "/bin/ntpd") "-n" + "-c" #$ntpd.conf + "-u" "ntpd"))) + (stop #~(make-kill-destructor)) + (user-accounts (list (user-account + (name "ntpd") + (group "nogroup") + (system? #t) + (comment "NTP daemon user") + (home-directory "/var/empty") + (shell + "/run/current-system/profile/sbin/nologin")))))))) + (define* (tor-service #:key (tor tor)) "Return a service to run the @uref{https://torproject.org,Tor} daemon. |