chrony: cut chrony.d/ into conf.d/ and sources.d/
I hope these are wider defaults than just Debian and allow me to not conflit with package manager, but regardless having a separate sources.d/ looks like a good idea for being able to `chronyc reload sources`
This commit is contained in:
parent
55b9a96a77
commit
81296a241c
GPG Key ID:
99392F62BAE30723
|
|
@ -1,5 +1,3 @@
|
||||||
# For some reason Debian doesn't ship this line by default, so it needs to
|
# Debian's Chrony 4.0-4~bpo10+1 brings in these lines which require 4.0
|
||||||
# be added by user and after that hopefully not conflict with package
|
confdir /etc/chrony/conf.d
|
||||||
# manager
|
sourcedir /etc/chrony/sources.d
|
||||||
# Requires Chrony 4.0
|
|
||||||
confdir /etc/chrony/chrony.d
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Allowing access from LAN:
|
||||||
|
allow 192.168
|
||||||
|
allow fe80::/10
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
# https://yggdrasil-network.github.io/
|
||||||
|
|
||||||
|
# Yggdrasil should protect from spoofing so this should be OK
|
||||||
|
# ufw allow from 0200::/7 to any port 123 proto udp
|
||||||
|
allow 0200::/7
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
# NTS requires Chrony 4.0
|
||||||
|
|
||||||
|
# This line should be added if it's not in main chrony.conf to save NTS
|
||||||
|
# cookies and not always make NTS-KE request on start
|
||||||
|
ntsdumpdir /var/lib/chrony
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
# See below, xleave probably won't be on local router
|
# xleave probably won't be on local router
|
||||||
#server LOCALMACHINE.local iburst auto_offline xleave prefer
|
#server LOCALMACHINE.local iburst auto_offline xleave prefer
|
||||||
|
|
||||||
# Or alternatively reciprocally TODO: how do `key` options work? This
|
# Or alternatively reciprocally TODO: how do `key` options work? This
|
||||||
|
|
@ -9,7 +9,3 @@
|
||||||
# rather than peer, I think even Chrony manual and that is where I took
|
# rather than peer, I think even Chrony manual and that is where I took
|
||||||
# trusted LAN
|
# trusted LAN
|
||||||
#peer LOCALMACHINE.local auto_offline xleave prefer
|
#peer LOCALMACHINE.local auto_offline xleave prefer
|
||||||
|
|
||||||
# Allowing access from LAN:
|
|
||||||
#allow 192.168
|
|
||||||
#allow fe80::/10
|
|
||||||
|
|
@ -1,7 +1,4 @@
|
||||||
# NTS requires Chrony 4.0
|
# NTS requires Chrony 4.0
|
||||||
|
|
||||||
# This line should be added if it's not in main chrony.conf
|
|
||||||
#ntsdumpdir /var/lib/chrony
|
|
||||||
|
|
||||||
# Cloudflare NTS, anycast, works probably anywhere. No leap second smearing.
|
# Cloudflare NTS, anycast, works probably anywhere. No leap second smearing.
|
||||||
pool time.cloudflare.com maxsources 2 iburst nts
|
pool time.cloudflare.com maxsources 2 iburst nts
|
||||||
|
|
@ -1,9 +1,5 @@
|
||||||
# https://yggdrasil-network.github.io/
|
# https://yggdrasil-network.github.io/
|
||||||
|
|
||||||
# Yggdrasil should protect from spoofing so this should be OK
|
|
||||||
# ufw allow from 0200::/7 to any port 123 proto udp
|
|
||||||
allow 0200::/7
|
|
||||||
|
|
||||||
# Maybe Yggdrasils should have auto_offline in general?
|
# Maybe Yggdrasils should have auto_offline in general?
|
||||||
|
|
||||||
# iburst - everything has it
|
# iburst - everything has it
|
||||||
Loading…
Reference in New Issue