2020-10-24 10:32:07 +02:00
|
|
|
# Just a quick note on what I change on chrony, which is the servers.
|
2020-10-25 11:44:53 +01:00
|
|
|
# DO NOT ACTUALLY PUT THIS FILE IN PRODUCTION, GREP COPY-PASTE INSTEAD?
|
|
|
|
|
|
2020-10-31 13:32:46 +01:00
|
|
|
# Checking that something is an NTP server? Needs root
|
|
|
|
|
# nmap -sU -p 123 --script=ntp-info 192.168.0.1
|
|
|
|
|
# Checking that something has NTS?
|
|
|
|
|
# nmap -p 4460 -Pn ntp.example.net
|
|
|
|
|
|
2020-10-31 17:10:25 +01:00
|
|
|
# Windows? choco install nettime
|
|
|
|
|
|
2020-10-25 11:44:53 +01:00
|
|
|
## NTS servers
|
|
|
|
|
# Cloudflare NTS, anycast, works probably anywhere. No leap second smearing.
|
2020-10-31 13:32:46 +01:00
|
|
|
# Maybe `prefer` it due to anycast and NTS which seems very rare and also
|
|
|
|
|
# working with VPNs unlike country-local servers?
|
2020-10-25 18:46:36 +01:00
|
|
|
#pool time.cloudflare.com maxsources 2 iburst nts
|
2020-10-25 11:44:53 +01:00
|
|
|
|
|
|
|
|
## NTP servers
|
|
|
|
|
|
2020-10-26 06:34:10 +01:00
|
|
|
# Local NTP servers, see allow lines in the bottom
|
|
|
|
|
#server LOCALMACHINE.local iburst auto_offline prefer
|
2020-10-27 09:33:51 +01:00
|
|
|
# Or alternatively reciprocaully TODO: how do `key` options work? This
|
|
|
|
|
# apparently should only be done in trusted LAN.
|
2020-11-01 09:47:30 +01:00
|
|
|
# xleave is probably best to be used with other local Chronys, I somehow
|
|
|
|
|
# doubt potential router NTP might have it.
|
|
|
|
|
#peer LOCALMACHINE.local auto_offline xleave prefer
|
2020-10-26 06:34:10 +01:00
|
|
|
|
2020-10-25 11:44:53 +01:00
|
|
|
# Public official Finnish time server, I am very surprised if there is leap
|
|
|
|
|
# smearing
|
|
|
|
|
#server time.mikes.fi iburst
|
|
|
|
|
|
|
|
|
|
# Elisa NTP servers, no idea on smearing, I hope not
|
|
|
|
|
#server ntp1.kolumbus.fi iburst
|
|
|
|
|
#server ntp2.kolumbus.fi iburst
|
|
|
|
|
#server ntp.saunalahti.fi iburst
|
|
|
|
|
|
2020-10-25 16:22:59 +01:00
|
|
|
# DNA & Moi NTP server, no idea on smearing, I hope not
|
|
|
|
|
#server ntp.dnainternet.fi iburst
|
|
|
|
|
|
2020-10-25 17:48:05 +01:00
|
|
|
# Telia NTP servers, no idea on smearing, I hope not
|
|
|
|
|
#pool ntp.inet.fi iburst maxsources 3
|
2020-10-25 16:22:59 +01:00
|
|
|
|
2020-10-25 17:48:05 +01:00
|
|
|
# Snopyta NTP servers, no idea on smearing, I hope not
|
|
|
|
|
#pool ntp.snopyta.org iburst maxsources 3
|
2020-10-25 11:44:53 +01:00
|
|
|
|
2020-10-24 10:32:07 +02:00
|
|
|
# As more than one timeserver (that don't smear leap seconds) are good, keep
|
2020-10-25 11:44:53 +01:00
|
|
|
# the provided vendor address intact/uncommented. Or maybe don't as per
|
2020-10-31 13:32:46 +01:00
|
|
|
# their request on their website and I have enough timeservers. However
|
|
|
|
|
# works well with always-on-VPN-use.
|
2020-10-24 10:32:07 +02:00
|
|
|
#pool pool.ntp.org iburst
|
|
|
|
|
|
2020-10-25 17:48:05 +01:00
|
|
|
# On pools, the default maxsources is 4 and pools would be resolved until
|
|
|
|
|
# there would be 4 names while the documentation for Telia and Snopyta says
|
|
|
|
|
# they have only 3.
|
|
|
|
|
|
2020-10-25 16:43:07 +01:00
|
|
|
# Allowing access from LAN:
|
|
|
|
|
#allow 192.168
|
|
|
|
|
#allow fe80::/10
|
|
|
|
|
|
2020-10-24 10:32:07 +02:00
|
|
|
# Commands of interest:
|
|
|
|
|
# chrony -N authdata
|
|
|
|
|
# chrony -N sources
|
