kyra(hardening): ntps-rs init

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-05-03 15:58:46 +03:00 · 2026-05-03 15:58:46 +03:00 · 6046ff3995
commit 6046ff3995
parent 614e2c804a
1 changed files with 42 additions and 0 deletions
--- a/kyra/services/ntpd-rs.nix
+++ b/kyra/services/ntpd-rs.nix
@ -0,0 +1,42 @@
+_: {
+  services = {
+    ntpd-rs = {
+      enable = true;
+      metrics = {
+        enable = true;
+      };
+
+      settings = {
+        source = [
+          {
+            mode = "nts";
+            address = "time.cloudflare.com";
+          }
+
+          {
+            mode = "nts";
+            address = "nts.ntp.se";
+          }
+        ];
+
+        server = [
+          {
+            listen = "[::]:123";
+          }
+        ];
+
+        nts-ke-server = [
+          {
+            listen = "[::]:4460";
+            certificate-chain-path = "/var/lib/acme/ntp.hand7s.org/fullchain.pem";
+            private-key-path = "/var/lib/acme/ntp.hand7s.org/key.pem";
+          }
+        ];
+
+        synchronization = {
+          minimum-agreeing-sources = 2;
+        };
+      };
+    };
+  };
+}