shell-things/etc/chrony/chrony.conf

62 lines
2.1 KiB
Plaintext
Raw Normal View History

# Just a quick note on what I change on chrony, which is the servers.
2020-10-25 11:44:53 +01:00
# DO NOT ACTUALLY PUT THIS FILE IN PRODUCTION, GREP COPY-PASTE INSTEAD?
# Checking that something is an NTP server? Needs root
# nmap -sU -p 123 --script=ntp-info 192.168.0.1
# Checking that something has NTS?
# nmap -p 4460 -Pn ntp.example.net
# Windows? choco install nettime
2020-10-25 11:44:53 +01:00
## NTS servers
# Cloudflare NTS, anycast, works probably anywhere. No leap second smearing.
# Maybe `prefer` it due to anycast and NTS which seems very rare and also
# working with VPNs unlike country-local servers?
#pool time.cloudflare.com maxsources 2 iburst nts
2020-10-25 11:44:53 +01:00
## NTP servers
# Local NTP servers, see allow lines in the bottom
#server LOCALMACHINE.local iburst auto_offline prefer
# Or alternatively reciprocaully TODO: how do `key` options work? This
# apparently should only be done in trusted LAN.
2020-11-01 09:47:30 +01:00
# xleave is probably best to be used with other local Chronys, I somehow
# doubt potential router NTP might have it.
#peer LOCALMACHINE.local auto_offline xleave prefer
2020-10-25 11:44:53 +01:00
# Public official Finnish time server, I am very surprised if there is leap
# smearing
#server time.mikes.fi iburst
# Elisa NTP servers, no idea on smearing, I hope not
#server ntp1.kolumbus.fi iburst
#server ntp2.kolumbus.fi iburst
#server ntp.saunalahti.fi iburst
# DNA & Moi NTP server, no idea on smearing, I hope not
#server ntp.dnainternet.fi iburst
# Telia NTP servers, no idea on smearing, I hope not
#pool ntp.inet.fi iburst maxsources 3
# Snopyta NTP servers, no idea on smearing, I hope not
#pool ntp.snopyta.org iburst maxsources 3
2020-10-25 11:44:53 +01:00
# As more than one timeserver (that don't smear leap seconds) are good, keep
2020-10-25 11:44:53 +01:00
# the provided vendor address intact/uncommented. Or maybe don't as per
# their request on their website and I have enough timeservers. However
# works well with always-on-VPN-use.
#pool pool.ntp.org iburst
# On pools, the default maxsources is 4 and pools would be resolved until
# there would be 4 names while the documentation for Telia and Snopyta says
# they have only 3.
# Allowing access from LAN:
#allow 192.168
#allow fe80::/10
# Commands of interest:
# chrony -N authdata
# chrony -N sources