nixos/modules/services/system/localtime.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / system / localtime.nix
at 18.03-beta 1.7 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.localtime;
 7in {
 8  options = {
 9    services.localtime = {
10      enable = mkOption {
11        default = false;
12        description = ''
13          Enable <literal>localtime</literal>, simple daemon for keeping the system
14          timezone up-to-date based on the current location. It uses geoclue2 to
15          determine the current location and systemd-timedated to actually set
16          the timezone.
17        '';
18      };
19    };
20  };
21
22  config = mkIf cfg.enable {
23    services.geoclue2.enable = true;
24
25    security.polkit.extraConfig = ''
26     polkit.addRule(function(action, subject) {
27       if (action.id == "org.freedesktop.timedate1.set-timezone"
28           && subject.user == "localtimed") {
29         return polkit.Result.YES;
30       }
31     });
32    '';
33
34    users.users = [{
35      name = "localtimed";
36      description = "Taskserver user";
37    }];
38
39    systemd.services.localtime = {
40      description = "localtime service";
41      wantedBy = [ "multi-user.target" ];
42      partOf = [ "geoclue.service "];
43
44      serviceConfig = {
45        Restart                 = "on-failure";
46        # TODO: make it work with dbus
47        #DynamicUser             = true;
48        Nice                    = 10;
49        User                    = "localtimed";
50        PrivateTmp              = "yes";
51        PrivateDevices          = true;
52        PrivateNetwork          = "yes";
53        NoNewPrivileges         = "yes";
54        ProtectSystem           = "strict";
55        ProtectHome             = true;
56        ExecStart               = "${pkgs.localtime}/bin/localtimed";
57      };
58    };
59  };
60}