enable bind dns and chrony ntp server and set them up in default.nix

2026-03-13 22:14:45 +01:00 · 2026-03-13 22:14:45 +01:00 · 006c95424f
commit 006c95424f
parent 7d01f35fd0
2 changed files with 20 additions and 9 deletions
--- a/default.nix
+++ b/default.nix
@ -26,8 +26,8 @@ in
 {

  networking.nameservers = [
+    "141.56.51.1"
    "141.56.1.1"
-    "141.56.1.2"
  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;
@ -52,6 +52,14 @@ in

  time.timeZone = "Europe/Berlin";

+  # Use proxy as NTP server for time synchronization
+  # Disable in containers as they inherit time from the host
+  services.chrony = {
+    enable = !config.boot.isContainer;
+    servers = [ "141.56.51.1" ];
+    enableNTS = false;
+  };
+
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
@ -66,7 +74,6 @@ in
  ####    Mit der Anwendung Nginx soll die (ausschließliche) Verwendung von https (http mit TLS), statt http ermoeglicht werden.
  services.nginx.recommendedTlsSettings = true;

-
  users.users = {
    # erstmal nur mit root
    # administration = {
--- a/hosts/proxy/default.nix
+++ b/hosts/proxy/default.nix
@ -20,10 +20,6 @@
      }
    ];
    defaultGateway.address = "141.56.51.254";
-    nameservers = [
-      "9.9.9.9"
-      "1.1.1.1"
-    ];
    firewall = {
      allowedTCPPorts = [
        22
@ -222,7 +218,10 @@
          "9.9.9.9"
          "1.1.1.1"
        ];
-        listenOn = [ "141.56.51.1" ];
+        listenOn = [
+          "141.56.51.1"
+          "127.0.0.1"
+        ];
        listenOnIpv6 = [ ];
      };

@ -230,7 +229,12 @@
      chrony = {
        enable = true;
        enableNTS = false;
-        servers = [ "pool.ntp.org" ];
+        servers = [
+          "0.de.pool.ntp.org"
+          "1.de.pool.ntp.org"
+          "2.de.pool.ntp.org"
+          "3.de.pool.ntp.org"
+        ];
        serverOption = "iburst";
        extraConfig = ''
          # Allow NTP client access from local network