{
  config,
  lib,
  ...
}:

with lib;

let
  cfg = config.modules.services.chrony;
in
{
  options.modules.services.chrony = {
    enable = mkOption {
      default = false;
      example = true;
      description = "Enable chrony NTP deamon";
    };

    config = mkIf cfg.enable {
      services.chrony = {
        enable = true;

        servers = [
          "uk.pool.ntp.org"
          "time.cloudflare.com"
        ];

        extraConfig = ''
          makestep 1.0 3

          bindaddress 0.0.0.0
          port 123
          allow
        '';
      };

      services.timesyncd.enable = mkForce false;

      networking.firewall = {
        allowedUDPPorts = [ 123 ];
        allowedTCPPorts = [ 123 ];
      };
    };
  };
}