kitten.sh / system
Personal Nix setup
fork atom

Update chrony settings

kitten.sh 09dc2d59 dbea75c2

options
unified split
Changed files
+6 -5
modules
router
nftables.nix
timeserver.nix
+1 -1
modules/router/nftables.nix 
···

       
31

       
31

       
 

       
      };


     

       
32

       
32

       
 

       



     

       
33

       
33

       
 

       
      capturePorts = mkOption {


     

       
34

       

       
-

       
        default = [ 53 123 ];


     

       

       
34

       
+

       
        default = [ 53 ];


     

       
35

       
35

       
 

       
        description = "Ports to capture and redirect to router";


     

       
36

       
36

       
 

       
        type = types.listOf types.int;


     

       
37

       
37

       
 

       
      };
+5 -4
modules/router/timeserver.nix 
···

       
4

       
4

       
 

       
let


     

       
5

       
5

       
 

       
  cfg = config.modules.router;


     

       
6

       
6

       
 

       



     

       
7

       

       
-

       
  intern = cfg.interfaces.internal;


     

       
8

       

       
-

       



     

       
9

       
7

       
 

       
  bindDevices =


     

       
10

       
8

       
 

       
    strings.concatStringsSep "\n"


     

       
11

       
9

       
 

       
      (builtins.map (ifname: "binddevice ${ifname}")


     
···

       
20

       
18

       
 

       
  };


     

       
21

       
19

       
 

       



     

       
22

       
20

       
 

       
  config = mkIf cfg.timeserver.enable {


     

       
23

       

       
-

       
    networking.timeServers = [ "time.cloudflare.com" ];


     

       

       
21

       
+

       
    networking.timeServers = [


     

       

       
22

       
+

       
      "time.cloudflare.com"


     

       

       
23

       
+

       
      "time.google.com"


     

       

       
24

       
+

       
    ];


     

       
24

       
25

       
 

       



     

       
25

       
26

       
 

       
    services.chrony = {


     

       
26

       
27

       
 

       
      enable = true;


     

       
27

       
28

       
 

       
      enableNTS = true;


     

       
28

       
29

       
 

       
      extraConfig = ''


     

       
29

       

       
-

       
        allow ${intern.cidr}


     

       

       
30

       
+

       
        allow all


     

       
30

       
31

       
 

       
        ${bindDevices}


     

       
31

       
32

       
 

       
      '';


     

       
32

       
33

       
 

       
    };