Chrony

From NixOS Wiki
Revision as of 14:32, 27 August 2023 by imported>Mweinelt (Add to NTP group)

Chrony is an NTP and NTS client and server implementation. This means it can synchronize the time of your local machine, as well as provide services to clients on the attached network segments.

NTS

To enable NTS (Network Time Security), a certificate needs to be provided. You can rely on the ACME service to acquire one, but make sure that the certificate group gets assigned to chrony, or else the service will not be able to read the certificate and key after it drops its privileges. 

{ config
, ...
};
let
  acmePath = config.security.acme.certs."nts.example.com".directory;
in
{
  security.acme.certs."nts.example.com" = {
    group = "chrony";
  };

   services.chrony = {
     enable = true:
     enableNTS = true:
     extraConfig = ''
      [...]
      ntsservercert ${acmePath}/fullchain.pem
      ntsserverkey ${acmePath}/key.pem
    '';
  };
}

Categoriy:NTP

Retrieved from "https://wiki.nixos.org/w/index.php?title=Chrony&oldid=10895"