chrony: cut chrony.d/ into conf.d/ and sources.d/

I hope these are wider defaults than just Debian and allow me to not
conflit with package manager, but regardless having a separate
sources.d/ looks like a good idea for being able to `chronyc reload sources`
This commit is contained in:
Aminda Suomalainen 2021-01-29 12:56:38 +02:00
parent 55b9a96a77
commit 81296a241c
Signed by: Mikaela
GPG Key ID: 99392F62BAE30723
14 changed files with 17 additions and 17 deletions

View File

@ -1,5 +1,3 @@
# For some reason Debian doesn't ship this line by default, so it needs to
# be added by user and after that hopefully not conflict with package
# manager
# Requires Chrony 4.0
confdir /etc/chrony/chrony.d
# Debian's Chrony 4.0-4~bpo10+1 brings in these lines which require 4.0
confdir /etc/chrony/conf.d
sourcedir /etc/chrony/sources.d

View File

@ -0,0 +1,3 @@
# Allowing access from LAN:
allow 192.168
allow fe80::/10

View File

@ -0,0 +1,5 @@
# https://yggdrasil-network.github.io/
# Yggdrasil should protect from spoofing so this should be OK
# ufw allow from 0200::/7 to any port 123 proto udp
allow 0200::/7

View File

@ -0,0 +1,5 @@
# NTS requires Chrony 4.0
# This line should be added if it's not in main chrony.conf to save NTS
# cookies and not always make NTS-KE request on start
ntsdumpdir /var/lib/chrony

View File

@ -1,4 +1,4 @@
# See below, xleave probably won't be on local router
# xleave probably won't be on local router
#server LOCALMACHINE.local iburst auto_offline xleave prefer
# Or alternatively reciprocally TODO: how do `key` options work? This
@ -9,7 +9,3 @@
# rather than peer, I think even Chrony manual and that is where I took
# trusted LAN
#peer LOCALMACHINE.local auto_offline xleave prefer
# Allowing access from LAN:
#allow 192.168
#allow fe80::/10

View File

@ -1,7 +1,4 @@
# NTS requires Chrony 4.0
# This line should be added if it's not in main chrony.conf
#ntsdumpdir /var/lib/chrony
# Cloudflare NTS, anycast, works probably anywhere. No leap second smearing.
pool time.cloudflare.com maxsources 2 iburst nts

View File

@ -1,9 +1,5 @@
# https://yggdrasil-network.github.io/
# Yggdrasil should protect from spoofing so this should be OK
# ufw allow from 0200::/7 to any port 123 proto udp
allow 0200::/7
# Maybe Yggdrasils should have auto_offline in general?
# iburst - everything has it