chrony: cut chrony.d/ into conf.d/ and sources.d/

I hope these are wider defaults than just Debian and allow me to not conflit with package manager, but regardless having a separate sources.d/ looks like a good idea for being able to `chronyc reload sources`
2024-11-22 11:19:22 +01:00 · 2021-01-29 12:56:38 +02:00 · 2021-01-29 12:56:38 +02:00 · 81296a241c
commit 81296a241c
parent 55b9a96a77
14 changed files with 17 additions and 17 deletions
--- a/etc/chrony/chrony.conf
+++ b/etc/chrony/chrony.conf
@ -1,5 +1,3 @@
-# For some reason Debian doesn't ship this line by default, so it needs to
-# be added by user and after that hopefully not conflict with package
-# manager
-# Requires Chrony 4.0
-confdir /etc/chrony/chrony.d
+# Debian's Chrony 4.0-4~bpo10+1 brings in these lines which require 4.0
+confdir /etc/chrony/conf.d
+sourcedir /etc/chrony/sources.d
--- a/etc/chrony/conf.d/allow-local.conf
+++ b/etc/chrony/conf.d/allow-local.conf
@ -0,0 +1,3 @@
+# Allowing access from LAN:
+allow 192.168
+allow fe80::/10
--- a/etc/chrony/conf.d/allow-yggdrasil.conf
+++ b/etc/chrony/conf.d/allow-yggdrasil.conf
@ -0,0 +1,5 @@
+# https://yggdrasil-network.github.io/
+
+# Yggdrasil should protect from spoofing so this should be OK
+# ufw allow from 0200::/7 to any port 123 proto udp
+allow 0200::/7
--- a/etc/chrony/chrony.d/hwtimestamp.conf
+++ b/etc/chrony/chrony.d/hwtimestamp.conf
--- a/etc/chrony/chrony.d/log.conf
+++ b/etc/chrony/chrony.d/log.conf
--- a/etc/chrony/conf.d/ntsdumpdir.conf
+++ b/etc/chrony/conf.d/ntsdumpdir.conf
@ -0,0 +1,5 @@
+# NTS requires Chrony 4.0
+
+# This line should be added if it's not in main chrony.conf to save NTS
+# cookies and not always make NTS-KE request on start
+ntsdumpdir /var/lib/chrony
--- a/etc/chrony/sources.d/dna-moi.sources
+++ b/etc/chrony/sources.d/dna-moi.sources
--- a/etc/chrony/sources.d/elisa.sources
+++ b/etc/chrony/sources.d/elisa.sources
--- a/etc/chrony/sources.d/finland.sources
+++ b/etc/chrony/sources.d/finland.sources
--- a/etc/chrony/sources.d/hetzner.sources
+++ b/etc/chrony/sources.d/hetzner.sources
--- a/etc/chrony/sources.d/local-servers.sources
+++ b/etc/chrony/sources.d/local-servers.sources
@ -1,4 +1,4 @@
-# See below, xleave probably won't be on local router
+# xleave probably won't be on local router
 #server LOCALMACHINE.local iburst auto_offline xleave prefer

 # Or alternatively reciprocally TODO: how do `key` options work? This
@ -9,7 +9,3 @@
 #   rather than peer, I think even Chrony manual and that is where I took
 #   trusted LAN
 #peer LOCALMACHINE.local auto_offline xleave prefer
-
-# Allowing access from LAN:
-#allow 192.168
-#allow fe80::/10
--- a/etc/chrony/sources.d/nts-servers.sources
+++ b/etc/chrony/sources.d/nts-servers.sources
@ -1,7 +1,4 @@
 # NTS requires Chrony 4.0

-# This line should be added if it's not in main chrony.conf
-#ntsdumpdir /var/lib/chrony
-
 # Cloudflare NTS, anycast, works probably anywhere. No leap second smearing.
 pool time.cloudflare.com maxsources 2 iburst nts
--- a/etc/chrony/sources.d/telia.sources
+++ b/etc/chrony/sources.d/telia.sources
--- a/etc/chrony/sources.d/yggdrasil.sources
+++ b/etc/chrony/sources.d/yggdrasil.sources
@ -1,9 +1,5 @@
 # https://yggdrasil-network.github.io/

-# Yggdrasil should protect from spoofing so this should be OK
-# ufw allow from 0200::/7 to any port 123 proto udp
-allow 0200::/7
-
 # Maybe Yggdrasils should have auto_offline in general?

 # iburst - everything has it