Merge pull request #264593 from fpletz/pkgs/ntp-rs-1.0.0

nixos/modules/module-list.nix

@@ -1044,6 +1044,7 @@
   ./services/networking/ntopng.nix
   ./services/networking/ntp/chrony.nix
   ./services/networking/ntp/ntpd.nix
+  ./services/networking/ntp/ntpd-rs.nix
   ./services/networking/ntp/openntpd.nix
   ./services/networking/nullidentdmod.nix
   ./services/networking/nylon.nix

nixos/modules/services/networking/dhcpcd.nix

@@ -98,7 +98,7 @@ let
           # anything ever again ("couldn't resolve ..., giving up on
           # it"), so we silently lose time synchronisation. This also
           # applies to openntpd.
-          /run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service openntpd.service chronyd.service || true
+          /run/current-system/systemd/bin/systemctl try-reload-or-restart ntpd.service openntpd.service chronyd.service ntpd-rs.service || true
       fi
 
       ${cfg.runHook}

nixos/modules/services/networking/ntp/ntpd-rs.nix

@@ -0,0 +1,89 @@
+{ lib, config, pkgs, ... }:
+
+let
+  cfg = config.services.ntpd-rs;
+  format = pkgs.formats.toml { };
+  configFile = format.generate "ntpd-rs.toml" cfg.settings;
+in
+{
+  options.services.ntpd-rs = {
+    enable = lib.mkEnableOption "Network Time Service (ntpd-rs)";
+    metrics.enable = lib.mkEnableOption "ntpd-rs Prometheus Metrics Exporter";
+
+    package = lib.mkPackageOption pkgs "ntpd-rs" { };
+
+    useNetworkingTimeServers = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = lib.mdDoc ''
+        Use source time servers from {var}`networking.timeServers` in config.
+      '';
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.submodule {
+        freeformType = format.type;
+      };
+      default = { };
+      description = lib.mdDoc ''
+        Settings to write to {file}`ntp.toml`
+
+        See <https://docs.ntpd-rs.pendulum-project.org/man/ntp.toml.5>
+        for more information about available options.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = !config.services.timesyncd.enable;
+        message = ''
+          `ntpd-rs` is not compatible with `services.timesyncd`. Please disable one of them.
+        '';
+      }
+    ];
+
+    environment.systemPackages = [ cfg.package ];
+    systemd.packages = [ cfg.package ];
+
+    services.timesyncd.enable = false;
+    systemd.services.systemd-timedated.environment = {
+      SYSTEMD_TIMEDATED_NTP_SERVICES = "ntpd-rs.service";
+    };
+
+    services.ntpd-rs.settings = {
+      observability = {
+        observation-path = lib.mkDefault "/var/run/ntpd-rs/observe";
+      };
+      source = lib.mkIf cfg.useNetworkingTimeServers (map
+        (ts: {
+          mode = "server";
+          address = ts;
+        })
+        config.networking.timeServers);
+    };
+
+    systemd.services.ntpd-rs = {
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "";
+        Group = "";
+        DynamicUser = true;
+        ExecStart = [ "" "${lib.makeBinPath [ cfg.package ]}/ntp-daemon --config=${configFile}" ];
+      };
+    };
+
+    systemd.services.ntp-rs-metrics = lib.mkIf cfg.metrics.enable {
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "";
+        Group = "";
+        DynamicUser = true;
+        ExecStart = [ "" "${lib.makeBinPath [ cfg.package ]}/bin/ntp-metrics-exporter --config=${configFile}" ];
+      };
+    };
+  };
+
+  meta.maintainers = with lib.maintainers; [ fpletz ];
+}

nixos/tests/all-tests.nix

@@ -620,6 +620,7 @@ in {
   nsd = handleTest ./nsd.nix {};
   ntfy-sh = handleTest ./ntfy-sh.nix {};
   ntfy-sh-migration = handleTest ./ntfy-sh-migration.nix {};
+  ntpd-rs = handleTest ./ntpd-rs.nix {};
   nzbget = handleTest ./nzbget.nix {};
   nzbhydra2 = handleTest ./nzbhydra2.nix {};
   oh-my-zsh = handleTest ./oh-my-zsh.nix {};

nixos/tests/ntpd-rs.nix

@@ -0,0 +1,49 @@
+import ./make-test-python.nix ({ lib, ... }:
+{
+  name = "ntpd-rs";
+
+  meta = {
+    maintainers = with lib.maintainers; [ fpletz ];
+  };
+
+  nodes = {
+    client = {
+      services.ntpd-rs = {
+        enable = true;
+        metrics.enable = true;
+        useNetworkingTimeServers = false;
+        settings = {
+          source = [
+            {
+              mode = "server";
+              address = "server";
+            }
+          ];
+          synchronization = {
+            minimum-agreeing-sources = 1;
+          };
+        };
+      };
+    };
+    server = {
+      networking.firewall.allowedUDPPorts = [ 123 ];
+      services.ntpd-rs = {
+        enable = true;
+        metrics.enable = true;
+        settings = {
+          server = [
+            { listen = "[::]:123"; }
+          ];
+        };
+      };
+    };
+  };
+
+  testScript = { nodes, ... }: ''
+    start_all()
+    server.wait_for_unit('multi-user.target')
+    client.wait_for_unit('multi-user.target')
+    server.succeed('systemctl is-active ntpd-rs.service')
+    client.succeed('systemctl is-active ntpd-rs.service')
+  '';
+})

pkgs/tools/networking/ntpd-rs/default.nix

@@ -1,39 +1,51 @@
 { lib
 , rustPlatform
 , fetchFromGitHub
+, installShellFiles
+, pandoc
 }:
 
 rustPlatform.buildRustPackage rec {
   pname = "ntpd-rs";
-  version = "0.3.7";
+  version = "1.1.0";
 
   src = fetchFromGitHub {
     owner = "pendulum-project";
     repo = "ntpd-rs";
     rev = "v${version}";
-    hash = "sha256-AUCzsveG9U+KxYO/4LGmyCPkR+w9pGDA/vTzMAGiVuI=";
+    hash = "sha256-IoTuI0M+stZNUVpaVsf7JR7uHcamSSVDMJxJ+7n5ayA=";
   };
 
-  cargoHash = "sha256-6FUVkr3uock43ZBHuMEVIZ5F8Oh8wMifh2EokMWv4hU=";
+  cargoHash = "sha256-iZuDNFy8c2UZUh3J11lEtfHlDFN+qPl4iZg+ps7AenE=";
+
+  nativeBuildInputs = [ pandoc installShellFiles ];
+
+  postPatch = ''
+    substituteInPlace utils/generate-man.sh \
+      --replace 'utils/pandoc.sh' 'pandoc'
+  '';
+
+  postBuild = ''
+    source utils/generate-man.sh
+  '';
+
+  doCheck = true;
 
   checkFlags = [
     # doesn't find the testca
     "--skip=keyexchange::tests::key_exchange_roundtrip"
-    # seems flaky
+    # seems flaky?
     "--skip=algorithm::kalman::peer::tests::test_offset_steering_and_measurements"
     # needs networking
     "--skip=hwtimestamp::tests::get_hwtimestamp"
   ];
 
   postInstall = ''
-    install -vDt $out/lib/systemd/system pkg/common/ntpd-rs.service
-
-    for testprog in demobilize-server rate-limit-server nts-ke nts-ke-server peer-state simple-daemon; do
-      moveToOutput bin/$testprog "$tests"
-    done
+    install -Dm444 -t $out/lib/systemd/system docs/examples/conf/{ntpd-rs,ntpd-rs-metrics}.service
+    installManPage docs/precompiled/man/{ntp.toml.5,ntp-ctl.8,ntp-daemon.8,ntp-metrics-exporter.8}
   '';
 
-  outputs = [ "out" "tests" ];
+  outputs = [ "out" "man" ];
 
   meta = with lib; {
     description = "A full-featured implementation of the Network Time Protocol";