61 lines
1.6 KiB
Nix
61 lines
1.6 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
||
|
with lib;
|
||
|
|
||
|
let
|
||
|
cfg = config.services.localtime;
|
||
|
in {
|
||
|
options = {
|
||
|
services.localtime = {
|
||
|
enable = mkOption {
|
||
|
default = false;
|
||
|
description = ''
|
||
|
Enable <literal>localtime</literal>, simple daemon for keeping the system
|
||
|
timezone up-to-date based on the current location. It uses geoclue2 to
|
||
|
determine the current location and systemd-timedated to actually set
|
||
|
the timezone.
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = mkIf cfg.enable {
|
||
|
services.geoclue2.enable = true;
|
||
|
|
||
|
security.polkit.extraConfig = ''
|
||
|
polkit.addRule(function(action, subject) {
|
||
|
if (action.id == "org.freedesktop.timedate1.set-timezone"
|
||
|
&& subject.user == "localtimed") {
|
||
|
return polkit.Result.YES;
|
||
|
}
|
||
|
});
|
||
|
'';
|
||
|
|
||
|
users.users = [{
|
||
|
name = "localtimed";
|
||
|
description = "Taskserver user";
|
||
|
}];
|
||
|
|
||
|
systemd.services.localtime = {
|
||
|
description = "localtime service";
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
partOf = [ "geoclue.service "];
|
||
|
|
||
|
serviceConfig = {
|
||
|
Restart = "on-failure";
|
||
|
# TODO: make it work with dbus
|
||
|
#DynamicUser = true;
|
||
|
Nice = 10;
|
||
|
User = "localtimed";
|
||
|
PrivateTmp = "yes";
|
||
|
PrivateDevices = true;
|
||
|
PrivateNetwork = "yes";
|
||
|
NoNewPrivileges = "yes";
|
||
|
ProtectSystem = "strict";
|
||
|
ProtectHome = true;
|
||
|
ExecStart = "${pkgs.localtime}/bin/localtimed";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|