# Just a quick note on what I change on chrony, which is the servers.
# DO NOT ACTUALLY PUT THIS FILE IN PRODUCTION, GREP COPY-PASTE INSTEAD?

# Checking that something is an NTP server? Needs root
#  nmap -sU -p 123 --script=ntp-info 192.168.0.1
# Checking that something has NTS?
#  nmap -p 4460 -Pn ntp.example.net

# Windows? choco install nettime

## NTS servers
# Cloudflare NTS, anycast, works probably anywhere. No leap second smearing.
# Maybe `prefer` it due to anycast and NTS which seems very rare and also
# working with VPNs unlike country-local servers?
#pool time.cloudflare.com maxsources 2 iburst nts

## NTP servers

# Local NTP servers, see allow lines in the bottom
#server LOCALMACHINE.local iburst auto_offline prefer
# Or alternatively reciprocaully TODO: how do `key` options work? This
#  apparently should only be done in trusted LAN.
#peer LOCALMACHINE.local auto_offline prefer

# Public official Finnish time server, I am very surprised if there is leap
# smearing
#server time.mikes.fi iburst

# Elisa NTP servers, no idea on smearing, I hope not
#server ntp1.kolumbus.fi iburst
#server ntp2.kolumbus.fi iburst
#server ntp.saunalahti.fi iburst

# DNA & Moi NTP server, no idea on smearing, I hope not
#server ntp.dnainternet.fi iburst

# Telia NTP servers, no idea on smearing, I hope not
#pool ntp.inet.fi iburst maxsources 3

# Snopyta NTP servers, no idea on smearing, I hope not
#pool ntp.snopyta.org iburst maxsources 3

# As more than one timeserver (that don't smear leap seconds) are good, keep
# the provided vendor address intact/uncommented. Or maybe don't as per
# their request on their website and I have enough timeservers. However
# works well with always-on-VPN-use.
#pool pool.ntp.org iburst

# On pools, the default maxsources is 4 and pools would be resolved until
# there would be 4 names while the documentation for Telia and Snopyta says
# they have only 3.

# Allowing access from LAN:
#allow 192.168
#allow fe80::/10

# Commands of interest:
#     chrony -N authdata
#     chrony -N sources