Created
March 5, 2024 03:51
-
-
Save terminaldweller/eac2f11be2b2d392fd99f2afe992cc91 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help | |
driftfile /var/lib/ntpsec/ntp.drift | |
leapfile /usr/share/zoneinfo/leap-seconds.list | |
# To enable Network Time Security support as a server, obtain a certificate | |
# (e.g. with Let's Encrypt), configure the paths below, and uncomment: | |
nts cert /etc/letsencrypt/archive/nts.dehein.org/fullchain1.pem | |
nts key /etc/letsencrypt/archive/nts.dehein.org/cert1.pem | |
nts enable | |
# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging. | |
#statsdir /var/log/ntpsec/ | |
#statistics loopstats peerstats clockstats | |
#filegen loopstats file loopstats type day enable | |
#filegen peerstats file peerstats type day enable | |
#filegen clockstats file clockstats type day enable | |
# This should be maxclock 7, but the pool entries count towards maxclock. | |
tos maxclock 11 | |
# Comment this out if you have a refclock and want it to be able to discipline | |
# the clock by itself (e.g. if the system is not connected to the network). | |
tos minclock 4 minsane 3 | |
# Specify one or more NTP servers. | |
# Public NTP servers supporting Network Time Security: | |
# server time.cloudflare.com nts | |
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board | |
# on 2011-02-08 (LP: #104525). See https://www.pool.ntp.org/join.html for | |
# more information. | |
pool 0.ubuntu.pool.ntp.org iburst | |
pool 1.ubuntu.pool.ntp.org iburst | |
pool 2.ubuntu.pool.ntp.org iburst | |
pool 3.ubuntu.pool.ntp.org iburst | |
# Use Ubuntu's ntp server as a fallback. | |
server ntp.ubuntu.com | |
# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html | |
# for details. | |
# | |
# Note that "restrict" applies to both servers and clients, so a configuration | |
# that might be intended to block requests from certain clients could also end | |
# up blocking replies from your own upstream servers. | |
# By default, exchange time with everybody, but don't allow configuration. | |
restrict default kod nomodify nopeer noquery limited | |
# Local users may interrogate the ntp server more closely. | |
restrict 127.0.0.1 | |
restrict ::1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment