summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi11
-rw-r--r--gnu/services/networking.scm52
2 files changed, 63 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index fbf5bac9b4..4a596bcbf3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3845,6 +3845,17 @@ Return a service that starts @var{interface} with address @var{ip}. If
gateway.
@end deffn
+@deffn {Monadic Procedure} ntp-service [#:ntp @var{ntp}] @
+ [#:name-service @var{%ntp-servers}]
+Return a service that runs the daemon from @var{ntp}, the
+@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
+keep the system clock synchronized with that of @var{servers}.
+@end deffn
+
+@defvr {Scheme Variable} %ntp-servers
+List of host names used as the default NTP servers.
+@end defvr
+
@deffn {Monadic Procedure} tor-service [#:tor tor]
Return a service to run the @uref{https://torproject.org,Tor} daemon.
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 8e682b9cfa..1cb501bb7a 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -23,11 +23,15 @@
#:use-module (gnu packages linux)
#:use-module (gnu packages tor)
#:use-module (gnu packages messaging)
+ #:use-module (gnu packages ntp)
#:use-module (guix gexp)
#:use-module (guix monads)
+ #:use-module (srfi srfi-26)
#:export (%facebook-host-aliases
static-networking-service
dhcp-client-service
+ %ntp-servers
+ ntp-service
tor-service
bitlbee-service))
@@ -171,6 +175,54 @@ Protocol (DHCP) client, on all the non-loopback network interfaces."
(call-with-input-file #$pid-file read)))))
(stop #~(make-kill-destructor))))))
+(define %ntp-servers
+ ;; Default set of NTP servers.
+ '("0.pool.ntp.org"
+ "1.pool.ntp.org"
+ "2.pool.ntp.org"))
+
+(define* (ntp-service #:key (ntp ntp)
+ (servers %ntp-servers))
+ "Return a service that runs the daemon from @var{ntp}, the
+@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will
+keep the system clock synchronized with that of @var{servers}."
+ ;; TODO: Add authentication support.
+
+ (define config
+ (string-append "driftfile /var/run/ntp.drift\n"
+ (string-join (map (cut string-append "server " <>)
+ servers)
+ "\n")
+ "
+# Disable status queries as a workaround for CVE-2013-5211:
+# <http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using>.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Yet, allow use of the local 'ntpq'.
+restrict 127.0.0.1
+restrict -6 ::1\n"))
+
+ (mlet %store-monad ((ntpd.conf (text-file "ntpd.conf" config)))
+ (return
+ (service
+ (provision '(ntpd))
+ (documentation "Run the Network Time Protocol (NTP) daemon.")
+ (requirement '(user-processes networking))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$ntp "/bin/ntpd") "-n"
+ "-c" #$ntpd.conf
+ "-u" "ntpd")))
+ (stop #~(make-kill-destructor))
+ (user-accounts (list (user-account
+ (name "ntpd")
+ (group "nogroup")
+ (system? #t)
+ (comment "NTP daemon user")
+ (home-directory "/var/empty")
+ (shell
+ "/run/current-system/profile/sbin/nologin"))))))))
+
(define* (tor-service #:key (tor tor))
"Return a service to run the @uref{https://torproject.org,Tor} daemon.