Chrony: Difference between revisions

From NixOS Wiki
Newer edit →
VisualWikitext
imported>Mweinelt
Explain how to set up chrony with NTS
 
imported>Mweinelt
Add to NTP group
Line 28: Line 28:
}
}
</syntaxhighlight>
</syntaxhighlight>
[[Categoriy:NTP]]

Revision as of 14:32, 27 August 2023

Chrony is an NTP and NTS client and server implementation. This means it can synchronize the time of your local machine, as well as provide services to clients on the attached network segments.

NTS

To enable NTS (Network Time Security), a certificate needs to be provided. You can rely on the ACME service to acquire one, but make sure that the certificate group gets assigned to chrony, or else the service will not be able to read the certificate and key after it drops its privileges. 

{ config
, ...
};
let
  acmePath = config.security.acme.certs."nts.example.com".directory;
in
{
  security.acme.certs."nts.example.com" = {
    group = "chrony";
  };

   services.chrony = {
     enable = true:
     enableNTS = true:
     extraConfig = ''
      [...]
      ntsservercert ${acmePath}/fullchain.pem
      ntsserverkey ${acmePath}/key.pem
    '';
  };
}

Categoriy:NTP

Retrieved from "https://wiki.nixos.org/w/index.php?title=Chrony&oldid=10895"