Chrony: Difference between revisions

Revision as of 14:33, 27 August 2023

Chrony is an NTP and NTS client and server implementation. This means it can synchronize the time of your local machine, as well as provide services to clients on the attached network segments.

NTS

To enable NTS (Network Time Security), a certificate needs to be provided. You can rely on the ACME service to acquire one, but make sure that the certificate group gets assigned to chrony, or else the service will not be able to read the certificate and key after it drops its privileges.

{ config
, ...
};
let
  acmePath = config.security.acme.certs."nts.example.com".directory;
in
{
  security.acme.certs."nts.example.com" = {
    group = "chrony";
  };

   services.chrony = {
     enable = true:
     enableNTS = true:
     extraConfig = ''
      [...]
      ntsservercert ${acmePath}/fullchain.pem
      ntsserverkey ${acmePath}/key.pem
    '';
  };
}

Revision as of 14:32, 27 August 2023 view source imported>Mweinelt Add to NTP group ← Older edit		Revision as of 14:33, 27 August 2023 view source imported>Mweinelt No edit summary Newer edit →
Line 29:		Line 29:
	</syntaxhighlight>		</syntaxhighlight>

	[[~~Categoriy~~:NTP]]		[[Category:NTP]]