host dns and ntp server on proxy

2026-03-13 21:51:25 +01:00 · 2026-03-13 21:51:25 +01:00 · 7d01f35fd0
commit 7d01f35fd0
parent 982d984910
2 changed files with 145 additions and 3 deletions
--- a/hosts/proxy/default.nix
+++ b/hosts/proxy/default.nix
@ -27,11 +27,16 @@
    firewall = {
      allowedTCPPorts = [
        22
+        53 # DNS
        80
        443
        1005
        2142
      ];
+      allowedUDPPorts = [
+        53 # DNS
+        123 # NTP
+      ];
    };
    nftables = {
      enable = true;
@ -206,6 +211,36 @@
      };
    in
    {
+      # BIND DNS recursive resolver for the internal network
+      bind = {
+        enable = true;
+        cacheNetworks = [
+          "127.0.0.0/8"
+          "141.56.51.0/24"
+        ];
+        forwarders = [
+          "9.9.9.9"
+          "1.1.1.1"
+        ];
+        listenOn = [ "141.56.51.1" ];
+        listenOnIpv6 = [ ];
+      };
+
+      # Chrony NTP server for the internal network
+      chrony = {
+        enable = true;
+        enableNTS = false;
+        servers = [ "pool.ntp.org" ];
+        serverOption = "iburst";
+        extraConfig = ''
+          # Allow NTP client access from local network
+          allow 141.56.51.0/24
+
+          # Serve time even if not synced to a time source
+          local stratum 10
+        '';
+      };
+
      openssh = {
        # admin ssh access port
        listenAddresses = [