{
  networking.nftables.tables.ntp = {
    content = ''
      define int_if = enp116s0

      chain input {
      	type filter hook input priority filter - 1; policy accept;
      	iifname $int_if udp dport ntp accept # 123
      }
    '';
    enable = true;
    family = "inet";
  };

  services.chrony = {
    enable = true;
    extraConfig = ''
      local stratum 3
      binddevice enp116s0
      allow 192.168.1/24
      server time.cloudflare.com iburst nts
    '';
  };

  services.unbound = {
    enable = true;
    settings = {
      server = {
        access-control = [
          "0.0.0.0/0 refuse"
          "127.0.0.0/8 allow"
          "::0/0 refuse"
          "::1 allow"
          "192.168.1.0/24 allow"
        ];
        hide-identity = true;
        hide-version = true;
        interface = [
          "lo"
          "enp116s0"
        ];
        local-data = [
          "\"darkstar.bitgnome.net. IN A 192.168.1.1\""
          "\"arrakis.bitgnome.net. IN A 192.168.1.2\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
        ];
        local-data-ptr = [
          "\"192.168.1.1 darkstar.bitgnome.net\""
          "\"192.168.1.2 arrakis.bitgnome.net\""
          "\"192.168.1.17 ginaz.bitgnome.net\""
        ];
        local-zone = [
          "\"bitgnome.net.\" transparent"
          "\"1.168.192.in-addr.arpa.\" static"
        ];
      };
    };
  };
}