nixos/timesyncd: migrate to RFC 42-style settings (#516318)

2026-06-05 21:03:40 +00:00 · 2026-06-04 15:21:45 +00:00
parent 0168454a2f 1f1c72470b
commit 661e163702
5 changed files with 81 additions and 35 deletions
--- a/nixos/doc/manual/release-notes/rl-2611.section.md
+++ b/nixos/doc/manual/release-notes/rl-2611.section.md
@@ -24,6 +24,8 @@

 - Python 2 has been removed from the top-level package set, as it is long past end-of-life. The `python2`, `python27`, `python2Full`, `python27Full`, `python2Packages`, and `python27Packages` attributes, along with the legacy `python`, `pythonFull`, and `pythonPackages` aliases, now throw an error directing you to `python3`. The `isPy2` and `isPy27` package flags have been removed accordingly. The only remaining Python 2 interpreter is vendored inside the `resholve` package for its `oil` dependency and is not exposed for general use.

+- `services.timesyncd.extraConfig` has been removed in favor of the structured [](#opt-services.timesyncd.settings.Time) option. Use `services.timesyncd.settings.Time` to set any `timesyncd.conf(5)` option directly. For example, replace `services.timesyncd.extraConfig = "PollIntervalMaxSec=180";` with `services.timesyncd.settings.Time.PollIntervalMaxSec = 180;`.
+
 ## Other Notable Changes {#sec-release-26.11-notable-changes}

 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
--- a/nixos/modules/system/boot/timesyncd.nix
+++ b/nixos/modules/system/boot/timesyncd.nix
@@ -1,26 +1,37 @@
-{ config, lib, ... }:
-
-with lib;
+{
+  config,
+  lib,
+  utils,
+  ...
+}:

 let
  cfg = config.services.timesyncd;
 in
 {

+  imports = [
+    (lib.mkRemovedOptionModule [
+      "services"
+      "timesyncd"
+      "extraConfig"
+    ] "Use services.timesyncd.settings.Time instead.")
+  ];
+
  options = {

-    services.timesyncd = with types; {
-      enable = mkOption {
+    services.timesyncd = {
+      enable = lib.mkOption {
        default = !config.boot.isContainer;
-        defaultText = literalExpression "!config.boot.isContainer";
-        type = bool;
+        defaultText = lib.literalExpression "!config.boot.isContainer";
+        type = lib.types.bool;
        description = ''
          Enables the systemd NTP client daemon.
        '';
      };
-      servers = mkOption {
+      servers = lib.mkOption {
        default = null;
-        type = nullOr (listOf str);
+        type = lib.types.nullOr (lib.types.listOf lib.types.str);
        description = ''
          The set of NTP servers from which to synchronise.

@@ -31,10 +42,10 @@ in
          See {manpage}`timesyncd.conf(5)` for details.
        '';
      };
-      fallbackServers = mkOption {
+      fallbackServers = lib.mkOption {
        default = config.networking.timeServers;
-        defaultText = literalExpression "config.networking.timeServers";
-        type = nullOr (listOf str);
+        defaultText = lib.literalExpression "config.networking.timeServers";
+        type = lib.types.nullOr (lib.types.listOf lib.types.str);
        description = ''
          The set of fallback NTP servers from which to synchronise.

@@ -45,21 +56,23 @@ in
          See {manpage}`timesyncd.conf(5)` for details.
        '';
      };
-      extraConfig = mkOption {
-        default = "";
-        type = lines;
-        example = ''
-          PollIntervalMaxSec=180
-        '';
+      settings.Time = lib.mkOption {
+        default = { };
+        type = lib.types.submodule {
+          freeformType = lib.types.attrsOf utils.systemdUtils.unitOptions.unitOption;
+        };
+        example = {
+          PollIntervalMaxSec = 180;
+        };
        description = ''
-          Extra config options for systemd-timesyncd. See
-          {manpage}`timesyncd.conf(5)` for available options.
+          Settings for systemd-timesyncd. See {manpage}`timesyncd.conf(5)` for
+          available options.
        '';
      };
    };
  };

-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {

    systemd.additionalUpstreamSystemUnits = [ "systemd-timesyncd.service" ];

@@ -76,16 +89,17 @@ in
      environment.LD_LIBRARY_PATH = config.system.nssModules.path;
    };

-    environment.etc."systemd/timesyncd.conf".text = ''
-      [Time]
-    ''
-    + optionalString (cfg.servers != null) ''
-      NTP=${concatStringsSep " " cfg.servers}
-    ''
-    + optionalString (cfg.fallbackServers != null) ''
-      FallbackNTP=${concatStringsSep " " cfg.fallbackServers}
-    ''
-    + cfg.extraConfig;
+    services.timesyncd.settings.Time = lib.mkMerge [
+      (lib.mkIf (cfg.servers != null) {
+        NTP = lib.mkDefault (lib.concatStringsSep " " cfg.servers);
+      })
+      (lib.mkIf (cfg.fallbackServers != null) {
+        FallbackNTP = lib.mkDefault (lib.concatStringsSep " " cfg.fallbackServers);
+      })
+    ];
+
+    environment.etc."systemd/timesyncd.conf".text =
+      utils.systemdUtils.lib.settingsToSections cfg.settings;

    users.users.systemd-timesync = {
      uid = config.ids.uids.systemd-timesync;
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1666,6 +1666,7 @@ in
  systemd-sysusers-immutable = runTest ./systemd-sysusers-immutable.nix;
  systemd-sysusers-mutable = runTest ./systemd-sysusers-mutable.nix;
  systemd-sysusers-password-option-override-ordering = runTest ./systemd-sysusers-password-option-override-ordering.nix;
+  systemd-timesyncd = runTest ./systemd-timesyncd.nix;
  systemd-timesyncd-nscd-dnssec = runTest ./systemd-timesyncd-nscd-dnssec.nix;
  systemd-user-linger = runTest ./systemd-user-linger.nix;
  systemd-user-linger-purge = runTest ./systemd-user-linger-purge.nix;
--- a/nixos/tests/systemd-timesyncd-nscd-dnssec.nix
+++ b/nixos/tests/systemd-timesyncd-nscd-dnssec.nix
@@ -20,7 +20,7 @@ let
  ntpIP = "192.0.2.1";
 in
 {
-  name = "systemd-timesyncd";
+  name = "systemd-timesyncd-nscd-dnssec";
  nodes.machine =
    {
      pkgs,
@@ -50,9 +50,7 @@ in
      # Configure systemd-timesyncd to use our NTP hostname
      services.timesyncd.enable = lib.mkForce true;
      services.timesyncd.servers = [ ntpHostname ];
-      services.timesyncd.extraConfig = ''
-        FallbackNTP=${ntpHostname}
-      '';
+      services.timesyncd.settings.Time.FallbackNTP = ntpHostname;

      # The debug output is necessary to determine whether systemd-timesyncd successfully resolves our NTP hostname or not
      systemd.services.systemd-timesyncd.environment.SYSTEMD_LOG_LEVEL = "debug";
--- a/nixos/tests/systemd-timesyncd.nix
+++ b/nixos/tests/systemd-timesyncd.nix
@@ -0,0 +1,31 @@
+{
+  name = "systemd-timesyncd";
+  meta = {
+    maintainers = [ ];
+  };
+
+  nodes.machine =
+    { lib, ... }:
+    {
+      services.timesyncd = {
+        enable = lib.mkForce true;
+        servers = [ "ntp.example.com" ];
+        fallbackServers = [ "fallback.example.com" ];
+        settings.Time = {
+          PollIntervalMaxSec = "180";
+          RootDistanceMaxSec = "5";
+        };
+      };
+    };
+
+  testScript = ''
+    machine.wait_for_unit("multi-user.target")
+
+    with subtest("settings.Time renders timesyncd.conf"):
+      machine.succeed("grep -F '[Time]' /etc/systemd/timesyncd.conf")
+      machine.succeed("grep -F 'NTP=ntp.example.com' /etc/systemd/timesyncd.conf")
+      machine.succeed("grep -F 'FallbackNTP=fallback.example.com' /etc/systemd/timesyncd.conf")
+      machine.succeed("grep -F 'PollIntervalMaxSec=180' /etc/systemd/timesyncd.conf")
+      machine.succeed("grep -F 'RootDistanceMaxSec=5' /etc/systemd/timesyncd.conf")
+  '';
+}