From d28bf5e58927834370f7e7e994cbbd18a530d400 Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Sat, 3 May 2025 11:43:41 +0000
Subject: [PATCH 1/4] nixos/ntpd-rs: tests: Test outputs of `ntp-ctl status`

---
 nixos/tests/ntpd-rs.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/tests/ntpd-rs.nix b/nixos/tests/ntpd-rs.nix
index 2907c7558324..665708e76765 100644
--- a/nixos/tests/ntpd-rs.nix
+++ b/nixos/tests/ntpd-rs.nix
@@ -50,6 +50,9 @@ import ./make-test-python.nix (
           machine.succeed('systemctl is-active ntpd-rs.service')
           machine.succeed('systemctl is-active ntpd-rs-metrics.service')
           machine.succeed('curl http://localhost:9975/metrics | grep ntp_uptime_seconds')
+
+        client.succeed("ntp-ctl status | grep server:123")
+        server.succeed("ntp-ctl status | grep '\[::\]:123'")
       '';
   }
 )

From baf5e10d29ea84df6adeb951a129981c00026016 Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Sat, 3 May 2025 11:50:51 +0000
Subject: [PATCH 2/4] nixos/ntpd-rs: tests: Configure server observability
 endpoint on globally listening address

This is how it would be configured for a real-world Prometheus deployment
---
 nixos/tests/ntpd-rs.nix | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/nixos/tests/ntpd-rs.nix b/nixos/tests/ntpd-rs.nix
index 665708e76765..1a85e75916e6 100644
--- a/nixos/tests/ntpd-rs.nix
+++ b/nixos/tests/ntpd-rs.nix
@@ -11,7 +11,7 @@ import ./make-test-python.nix (
       client = {
         services.ntpd-rs = {
           enable = true;
-          metrics.enable = true;
+          metrics.enable = false;
           useNetworkingTimeServers = false;
           settings = {
             source = [
@@ -27,11 +27,22 @@ import ./make-test-python.nix (
         };
       };
       server = {
-        networking.firewall.allowedUDPPorts = [ 123 ];
+        networking.firewall = {
+          allowedTCPPorts = [
+            9975
+          ];
+          allowedUDPPorts = [
+            123
+          ];
+        };
+
         services.ntpd-rs = {
           enable = true;
           metrics.enable = true;
           settings = {
+            observability = {
+              metrics-exporter-listen = "[::]:9975";
+            };
             server = [
               { listen = "[::]:123"; }
             ];
@@ -48,8 +59,13 @@ import ./make-test-python.nix (
         for machine in (server, client):
           machine.wait_for_unit('multi-user.target')
           machine.succeed('systemctl is-active ntpd-rs.service')
-          machine.succeed('systemctl is-active ntpd-rs-metrics.service')
-          machine.succeed('curl http://localhost:9975/metrics | grep ntp_uptime_seconds')
+
+        client.fail('systemctl is-active ntpd-rs-metrics.service')
+        server.succeed('systemctl is-active ntpd-rs-metrics.service')
+
+        server.wait_for_open_port(9975)
+        client.succeed('curl http://server:9975/metrics | grep ntp_uptime_seconds')
+        server.fail('curl --fail --connect-timeout 2 http://client:9975/metrics | grep ntp_uptime_seconds')
 
         client.succeed("ntp-ctl status | grep server:123")
         server.succeed("ntp-ctl status | grep '\[::\]:123'")

From 86d94b2d88ab041136dabb1c819705a090dd1898 Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Sat, 3 May 2025 11:10:30 +0000
Subject: [PATCH 3/4] nixos/ntpd-rs: Handle configuring timeserver FQDN as a
 pool

---
 nixos/modules/services/networking/ntp/ntpd-rs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/ntp/ntpd-rs.nix b/nixos/modules/services/networking/ntp/ntpd-rs.nix
index 557bf05fbc42..14287ded9abf 100644
--- a/nixos/modules/services/networking/ntp/ntpd-rs.nix
+++ b/nixos/modules/services/networking/ntp/ntpd-rs.nix
@@ -63,7 +63,7 @@ in
       };
       source = lib.mkIf cfg.useNetworkingTimeServers (
         map (ts: {
-          mode = "server";
+          mode = if lib.strings.hasInfix "pool" ts then "pool" else "server";
           address = ts;
         }) config.networking.timeServers
       );

From 6c73e41ae3d004402b3c29266124c35d0e7a77bb Mon Sep 17 00:00:00 2001
From: Jonathan Davies <jpds@protonmail.com>
Date: Sat, 3 May 2025 12:03:53 +0000
Subject: [PATCH 4/4] nixos/ntpd-rs: tests: Verify that server/pool has been
 written to ntpd-rs.toml file

---
 nixos/tests/ntpd-rs.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/tests/ntpd-rs.nix b/nixos/tests/ntpd-rs.nix
index 1a85e75916e6..9459a9f4ac51 100644
--- a/nixos/tests/ntpd-rs.nix
+++ b/nixos/tests/ntpd-rs.nix
@@ -69,6 +69,9 @@ import ./make-test-python.nix (
 
         client.succeed("ntp-ctl status | grep server:123")
         server.succeed("ntp-ctl status | grep '\[::\]:123'")
+
+        client.succeed("grep '^mode = \"server\"' $(systemctl status ntpd-rs | grep -oE '/nix/store[^ ]*ntpd-rs.toml')")
+        server.succeed("grep '^mode = \"pool\"' $(systemctl status ntpd-rs | grep -oE '/nix/store[^ ]*ntpd-rs.toml')")
       '';
   }
 )