From 006c95424fa8b616447dcb7d1d6169173878d705 Mon Sep 17 00:00:00 2001
From: goeranh <goeranh@goeranh.de>
Date: Fri, 13 Mar 2026 22:14:45 +0100
Subject: [PATCH] enable bind dns and chrony ntp server and set them up in
 default.nix

---
 default.nix             | 13 ++++++++++---
 hosts/proxy/default.nix | 16 ++++++++++------
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/default.nix b/default.nix
index 4eea8ff..1a1f679 100644
--- a/default.nix
+++ b/default.nix
@@ -26,8 +26,8 @@ in
 {
 
   networking.nameservers = [
+    "141.56.51.1"
     "141.56.1.1"
-    "141.56.1.2"
   ];
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
@@ -52,6 +52,14 @@ in
 
   time.timeZone = "Europe/Berlin";
 
+  # Use proxy as NTP server for time synchronization
+  # Disable in containers as they inherit time from the host
+  services.chrony = {
+    enable = !config.boot.isContainer;
+    servers = [ "141.56.51.1" ];
+    enableNTS = false;
+  };
+
   i18n.defaultLocale = "en_US.UTF-8";
   console = {
     font = "Lat2-Terminus16";
@@ -63,10 +71,9 @@ in
   services.nginx.recommendedOptimisation = true;
   services.nginx.recommendedGzipSettings = true;
   services.nginx.recommendedProxySettings = true;
-####    Mit der Anwendung Nginx soll die (ausschließliche) Verwendung von https (http mit TLS), statt http ermoeglicht werden.
+  ####    Mit der Anwendung Nginx soll die (ausschließliche) Verwendung von https (http mit TLS), statt http ermoeglicht werden.
   services.nginx.recommendedTlsSettings = true;
 
-
   users.users = {
     # erstmal nur mit root
     # administration = {
diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix
index 048049f..8692b17 100644
--- a/hosts/proxy/default.nix
+++ b/hosts/proxy/default.nix
@@ -20,10 +20,6 @@
       }
     ];
     defaultGateway.address = "141.56.51.254";
-    nameservers = [
-      "9.9.9.9"
-      "1.1.1.1"
-    ];
     firewall = {
       allowedTCPPorts = [
         22
@@ -222,7 +218,10 @@
           "9.9.9.9"
           "1.1.1.1"
         ];
-        listenOn = [ "141.56.51.1" ];
+        listenOn = [
+          "141.56.51.1"
+          "127.0.0.1"
+        ];
         listenOnIpv6 = [ ];
       };
 
@@ -230,7 +229,12 @@
       chrony = {
         enable = true;
         enableNTS = false;
-        servers = [ "pool.ntp.org" ];
+        servers = [
+          "0.de.pool.ntp.org"
+          "1.de.pool.ntp.org"
+          "2.de.pool.ntp.org"
+          "3.de.pool.ntp.org"
+        ];
         serverOption = "iburst";
         extraConfig = ''
           # Allow NTP client access from local network