kitten.sh / system
Personal Nix setup
fork atom
system / modules / router / timeserver.nix
at main 1.3 kB view raw
1{ lib, config, ... }: 2 3with lib; 4let 5 cfg = config.modules.router; 6 7 bindDevices = 8 strings.concatStringsSep "\n" 9 (builtins.map (ifname: "binddevice ${ifname}") 10 (lists.remove "lo" config.networking.firewall.trustedInterfaces)); 11in { 12 options.modules.router = { 13 timeserver.enable = mkOption { 14 default = cfg.enable; 15 description = "Whether to enable NTP Service"; 16 type = types.bool; 17 }; 18 }; 19 20 config = mkIf cfg.timeserver.enable { 21 networking.timeServers = [ 22 "time.cloudflare.com" 23 "ntppool1.time.nl" 24 "ptbtime1.ptb.de" 25 ]; 26 27 services.chrony = { 28 enable = true; 29 extraFlags = mkDefault [ 30 "-F 1" # seccomp filter 31 "-r" # reload history on restart 32 ]; 33 initstepslew.enabled = mkDefault false; 34 enableRTCTrimming = mkDefault false; 35 enableNTS = mkDefault true; 36 extraConfig = '' 37 minsources 3 38 authselectmode require 39 dscp 46 40 makestep 1.0 3 41 cmdport 0 42 noclientlog 43 ${strings.optionalString (!config.services.chrony.enableRTCTrimming) "rtcsync"} 44 allow all 45 ${bindDevices} 46 ''; 47 }; 48 49 services.timesyncd.enable = false; 50 services.ntp.enable = false; 51 services.openntpd.enable = false; 52 }; 53}