chrony: add broken NTS configuration

Ref: #94
2021-08-07 23:52:15 +03:00 · 2021-08-07 23:52:15 +03:00 · a43478e430
parent 42d0842380
commit a43478e430
2 changed files with 6 additions and 0 deletions
--- a/etc/chrony/conf.d/allow-yggdrasil.conf
+++ b/etc/chrony/conf.d/allow-yggdrasil.conf
@ -2,4 +2,5 @@

 # Yggdrasil should protect from spoofing so this should be OK
 # ufw allow from 0200::/7 to any port 123 proto udp
+# NTS: ufw allow from 0200::/7 to any port 4460 proto udp
 allow 0200::/7
--- a/etc/chrony/conf.d/nts-server.conf
+++ b/etc/chrony/conf.d/nts-server.conf
@ -0,0 +1,5 @@
+# Functioning as NTS server, these are usual TLS certificates from acme.sh
+# Note the port 4460
+ntsserverkey /etc/chrony/tls/etro.mikaela.info.key
+ntsservercert /etc/chrony/tls/etro.mikaela.info.crt
+