[Backport release-24.11] nixos/ntpd: fix permissions error when creat…

…ing drift file (#367479)
NixOS · Dec 31, 2024 · cf442b8 · cf442b8
2 parents 3d53b26 + dbb71e2
commit cf442b8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/nixos/modules/services/networking/ntp/ntpd.nix b/nixos/modules/services/networking/ntp/ntpd.nix
@@ -142,6 +142,7 @@ in
       group = "ntp";
       description = "NTP daemon user";
       home = "/var/lib/ntp";
+      createHome = true;
     };
     users.groups.ntp = { };
 
@@ -155,7 +156,6 @@ in
       serviceConfig = {
         ExecStart = "@${ntp}/bin/ntpd ntpd -g ${builtins.toString ntpFlags}";
         Type = "forking";
-        StateDirectory = "ntp";
 
         # Hardening options
         PrivateDevices = true;

diff --git a/nixos/tests/ntpd.nix b/nixos/tests/ntpd.nix
@@ -20,6 +20,8 @@ import ./make-test-python.nix (
       machine.wait_for_console_text('Listen normally on 10 eth*')
       machine.succeed('systemctl is-active ntpd.service')
       machine.succeed('ntpq -p')
+      # ntp user must be able to create drift files
+      machine.succeed('su -s /bin/sh -c "touch /var/lib/ntp/ntp.drift" ntp')
     '';
   }
 )