StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable bind dns and chrony ntp server and set them up in default.nix

Browse source
This commit is contained in:
goeranh 2026-03-13 22:14:45 +01:00
parent 7d01f35fd0
commit 006c95424f
No known key found for this signature in database
2 changed files with 20 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

13
default.nix
View file

@ -26,8 +26,8 @@ in
{ {
networking.nameservers = [ networking.nameservers = [
"141.56.51.1"
"141.56.1.1" "141.56.1.1"
"141.56.1.2"
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
@ -52,6 +52,14 @@ in
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
# Use proxy as NTP server for time synchronization
# Disable in containers as they inherit time from the host
services.chrony = {
enable = !config.boot.isContainer;
servers = [ "141.56.51.1" ];
enableNTS = false;
};
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
@ -63,10 +71,9 @@ in
services.nginx.recommendedOptimisation = true; services.nginx.recommendedOptimisation = true;
services.nginx.recommendedGzipSettings = true; services.nginx.recommendedGzipSettings = true;
services.nginx.recommendedProxySettings = true; services.nginx.recommendedProxySettings = true;
#### Mit der Anwendung Nginx soll die (ausschließliche) Verwendung von https (http mit TLS), statt http ermoeglicht werden. #### Mit der Anwendung Nginx soll die (ausschließliche) Verwendung von https (http mit TLS), statt http ermoeglicht werden.
services.nginx.recommendedTlsSettings = true; services.nginx.recommendedTlsSettings = true;
users.users = { users.users = {
# erstmal nur mit root # erstmal nur mit root
# administration = { # administration = {

16
hosts/proxy/default.nix
View file

@ -20,10 +20,6 @@
} }
]; ];
defaultGateway.address = "141.56.51.254"; defaultGateway.address = "141.56.51.254";
nameservers = [
"9.9.9.9"
"1.1.1.1"
];
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
22 22
@ -222,7 +218,10 @@
"9.9.9.9" "9.9.9.9"
"1.1.1.1" "1.1.1.1"
]; ];
listenOn = [ "141.56.51.1" ]; listenOn = [
"141.56.51.1"
"127.0.0.1"
];
listenOnIpv6 = [ ]; listenOnIpv6 = [ ];
}; };
@ -230,7 +229,12 @@
chrony = { chrony = {
enable = true; enable = true;
enableNTS = false; enableNTS = false;
servers = [ "pool.ntp.org" ]; servers = [
"0.de.pool.ntp.org"
"1.de.pool.ntp.org"
"2.de.pool.ntp.org"
"3.de.pool.ntp.org"
];
serverOption = "iburst"; serverOption = "iburst";
extraConfig = '' extraConfig = ''
# Allow NTP client access from local network # Allow NTP client access from local network