diff options
Diffstat (limited to 'etc/chrony.conf')
| -rw-r--r-- | etc/chrony.conf | 336 |
1 files changed, 0 insertions, 336 deletions
diff --git a/etc/chrony.conf b/etc/chrony.conf deleted file mode 100644 index 60f37ba5..00000000 --- a/etc/chrony.conf +++ /dev/null @@ -1,336 +0,0 @@ -####################################################################### -# -# This is an example chrony configuration file. You should copy it to -# /etc/chrony.conf after uncommenting and editing the options that you -# want to enable. The more obscure options are not included. Refer -# to the documentation for these. -# -####################################################################### -### COMMENTS -# Any of the following lines are comments (you have a choice of -# comment start character): -# a comment -% a comment -! a comment -; a comment -# -# Below, the '!' form is used for lines that you might want to -# uncomment and edit to make your own chrony.conf file. -# -####################################################################### -####################################################################### -### SPECIFY YOUR NTP SERVERS -# Most computers using chrony will send measurement requests to one or -# more 'NTP servers'. You will probably find that your Internet Service -# Provider or company have one or more NTP servers that you can specify. -# Failing that, there are a lot of public NTP servers. There is a list -# you can access at http://support.ntp.org/bin/view/Servers/WebHome or -# you can use servers from the pool.ntp.org project. - -! server 0.arch.pool.ntp.org iburst -! server 1.arch.pool.ntp.org iburst -! server 3.arch.pool.ntp.org iburst - -# I don't use auto_offline because: what if wifi connected but has no network? this seems happened a lot to me when modem is up but router is down -# I don't use offline because: I want to sync the clock sooner -pool 2.arch.pool.ntp.org iburst - -####################################################################### -### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK -# -# To avoid changes being made to your computer's gain/loss compensation -# when the measurement history is too erratic, you might want to enable -# one of the following lines. The first seems good with servers on the -# Internet, the second seems OK for a LAN environment. - -! maxupdateskew 100 -! maxupdateskew 5 - -# If you want to increase the minimum number of selectable sources -# required to update the system clock in order to make the -# synchronisation more reliable, uncomment (and edit) the following -# line. - -! minsources 2 - -# If your computer has a good stable clock (e.g. it is not a virtual -# machine), you might also want to reduce the maximum assumed drift -# (frequency error) of the clock (the value is specified in ppm). - -! maxdrift 100 - -# By default, chronyd allows synchronisation to an unauthenticated NTP -# source (i.e. specified without the nts and key options) if it agrees with -# a majority of authenticated NTP sources, or if no authenticated source is -# specified. If you don't want chronyd to ever synchronise to an -# unauthenticated NTP source, uncomment the first from the following lines. -# If you don't want to synchronise to an unauthenticated NTP source only -# when an authenticated source is specified, uncomment the second line. -# If you want chronyd to ignore authentication in the source selection, -# uncomment the third line. - -! authselectmode require -! authselectmode prefer -! authselectmode ignore - -####################################################################### -### FILENAMES ETC -# Chrony likes to keep information about your computer's clock in files. -# The 'driftfile' stores the computer's clock gain/loss rate in parts -# per million. When chronyd starts, the system clock can be tuned -# immediately so that it doesn't gain or lose any more time. You -# generally want this, so it is uncommented. - -driftfile /var/lib/chrony/drift - -# If you want to enable NTP authentication with symmetric keys, you will need -# to uncomment the following line and edit the file to set up the keys. - -! keyfile /etc/chrony.keys - -# If you specify an NTP server with the nts option to enable authentication -# with the Network Time Security (NTS) mechanism, or enable server NTS with -# the ntsservercert and ntsserverkey directives below, the following line will -# allow the client/server to save the NTS keys and cookies in order to reduce -# the number of key establishments (NTS-KE sessions). - -ntsdumpdir /var/lib/chrony - -# If chronyd is configured to act as an NTP server and you want to enable NTS -# for its clients, you will need a TLS certificate and private key. Uncomment -# and edit the following lines to specify the locations of the certificate and -# key. - -! ntsservercert /etc/.../foo.example.net.crt -! ntsserverkey /etc/.../foo.example.net.key - -# chronyd can save the measurement history for the servers to files when -# it exits. This is useful in 2 situations: -# -# 1. If you stop chronyd and restart it with the '-r' option (e.g. after -# an upgrade), the old measurements will still be relevant when chronyd -# is restarted. This will reduce the time needed to get accurate -# gain/loss measurements. -# -# 2. On Linux, if you use the RTC support and start chronyd with -# '-r -s' on bootup, measurements from the last boot will still be -# useful (the real time clock is used to 'flywheel' chronyd between -# boots). -# -# Uncomment the following line to use this. - -! dumpdir /var/lib/chrony - -# chronyd writes its process ID to a file. If you try to start a second -# copy of chronyd, it will detect that the process named in the file is -# still running and bail out. If you want to change the path to the PID -# file, uncomment this line and edit it. The default path is shown. - -! pidfile /var/run/chrony/chronyd.pid - -# If the system timezone database is kept up to date and includes the -# right/UTC timezone, chronyd can use it to determine the current -# TAI-UTC offset and when will the next leap second occur. - -leapsectz right/UTC - -####################################################################### -### INITIAL CLOCK CORRECTION -# This option is useful to quickly correct the clock on start if it's -# off by a large amount. The value '1.0' means that if the error is less -# than 1 second, it will be gradually removed by speeding up or slowing -# down your computer's clock until it is correct. If the error is above -# 1 second, an immediate time jump will be applied to correct it. The -# value '3' means the step is allowed only in the first three updates of -# the clock. Some software can get upset if the system clock jumps -# (especially backwards), so be careful! - -makestep 1.0 3 - -####################################################################### -### LEAP SECONDS -# A leap second is an occasional one-second correction of the UTC -# time scale. By default, chronyd tells the kernel to insert/delete -# the leap second, which makes a backward/forward step to correct the -# clock for it. As with the makestep directive, this jump can upset -# some applications. If you prefer chronyd to make a gradual -# correction, causing the clock to be off for a longer time, uncomment -# the following line. - -! leapsecmode slew - -####################################################################### -### LOGGING -# If you want to log information about the time measurements chronyd has -# gathered, you might want to enable the following lines. You probably -# only need this if you really enjoy looking at the logs, you want to -# produce some graphs of your system's timekeeping performance, or you -# need help in debugging a problem. - -! logdir /var/log/chrony -! log measurements statistics tracking - -# If you have real time clock support enabled (see below), you might want -# this line instead: - -! log measurements statistics tracking rtc - -####################################################################### -### ACTING AS AN NTP SERVER -# You might want the computer to be an NTP server for other computers. -# -# By default, chronyd does not allow any clients to access it. You need -# to explicitly enable access using 'allow' and 'deny' directives. -# -# e.g. to enable client access from the 192.168.*.* class B subnet, - -! allow 192.168/16 - -# .. but disallow the 192.168.100.* subnet of that, - -! deny 192.168.100/24 - -# You can have as many allow and deny directives as you need. The order -# is unimportant. - -# If you want to present your computer's time for others to synchronise -# with, even if you don't seem to be synchronised to any NTP servers -# yourself, enable the following line. The value 10 may be varied -# between 1 and 15. You should avoid small values because you will look -# like a real NTP server. The value 10 means that you appear to be 10 -# NTP 'hops' away from an authoritative source (atomic clock, GPS -# receiver, radio clock etc). - -! local stratum 10 - -# Normally, chronyd will keep track of how many times each client -# machine accesses it. The information can be accessed by the 'clients' -# command of chronyc. You can disable this facility by uncommenting the -# following line. This will save a bit of memory if you have many -# clients and it will also disable support for the interleaved mode. - -! noclientlog - -# The clientlog size is limited to 512KB by default. If you have many -# clients, you might want to increase the limit. - -! clientloglimit 4194304 - -# By default, chronyd tries to respond to all valid NTP requests from -# allowed addresses. If you want to limit the response rate for NTP -# clients that are sending requests too frequently, uncomment and edit -# the following line. - -! ratelimit interval 3 burst 8 - -####################################################################### -### REPORTING BIG CLOCK CHANGES -# Perhaps you want to know if chronyd suddenly detects any large error -# in your computer's clock. This might indicate a fault or a problem -# with the server(s) you are using, for example. -# -# The next option causes a message to be written to syslog when chronyd -# has to correct an error above 0.5 seconds (you can use any amount you -# like). - -! logchange 0.5 - -# The next option will send email to the named person when chronyd has -# to correct an error above 0.5 seconds. (If you need to send mail to -# several people, you need to set up a mailing list or sendmail alias -# for them and use the address of that.) - -! mailonchange wibble@foo.example.net 0.5 - -####################################################################### -### COMMAND ACCESS -# The program chronyc is used to show the current operation of chronyd -# and to change parts of its configuration whilst it is running. - -# By default chronyd binds to the loopback interface. Uncomment the -# following lines to allow receiving command packets from remote hosts. - -! bindcmdaddress 0.0.0.0 -! bindcmdaddress :: - -# Normally, chronyd will only allow connections from chronyc on the same -# machine as itself. This is for security. If you have a subnet -# 192.168.*.* and you want to be able to use chronyc from any machine on -# it, you could uncomment the following line. (Edit this to your own -# situation.) - -! cmdallow 192.168/16 - -# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The -# syntax and meaning is the same as for 'allow' and 'deny', except that -# 'cmdallow' and 'cmddeny' control access to the chronyd's command port. - -# Rate limiting can be enabled also for command packets. (Note, -# commands from localhost are never limited.) - -! cmdratelimit interval -4 burst 16 - -####################################################################### -### HARDWARE TIMESTAMPING -# On Linux, if the network interface controller and its driver support -# hardware timestamping, it can significantly improve the accuracy of -# synchronisation. It can be enabled on specified interfaces only, or it -# can be enabled on all interfaces that support it. - -! hwtimestamp eth0 -! hwtimestamp * - -####################################################################### -### REAL TIME CLOCK -# chronyd can characterise the system's real-time clock. This is the -# clock that keeps running when the power is turned off, so that the -# machine knows the approximate time when it boots again. The error at -# a particular epoch and gain/loss rate can be written to a file and -# used later by chronyd when it is started with the '-s' option. -# -# You need to have 'enhanced RTC support' compiled into your Linux -# kernel. (Note, these options apply only to Linux.) - -! rtcfile /var/lib/chrony/rtc - -# Your RTC can be set to keep Universal Coordinated Time (UTC) or local -# time. (Local time means UTC +/- the effect of your timezone.) If you -# use UTC, chronyd will function correctly even if the computer is off -# at the epoch when you enter or leave summer time (aka daylight saving -# time). However, if you dual boot your system with Microsoft Windows, -# that will work better if your RTC maintains local time. You take your -# pick! - -rtconutc - -# By default chronyd assumes that the enhanced RTC device is accessed as -# /dev/rtc. If it's accessed somewhere else on your system (e.g. you're -# using devfs), uncomment and edit the following line. - -! rtcdevice /dev/misc/rtc - -# Alternatively, if not using the -s option, this directive can be used -# to enable a mode in which the RTC is periodically set to the system -# time, with no tracking of its drift. - -rtcsync - -####################################################################### -### REAL TIME SCHEDULER -# This directive tells chronyd to use the real-time FIFO scheduler with the -# specified priority (which must be between 0 and 100). This should result -# in reduced latency. You don't need it unless you really have a requirement -# for extreme clock stability. Works only on Linux. Note that the "-P" -# command-line switch will override this. - -! sched_priority 1 - -####################################################################### -### LOCKING CHRONYD INTO RAM -# This directive tells chronyd to use the mlockall() syscall to lock itself -# into RAM so that it will never be paged out. This should result in reduced -# latency. You don't need it unless you really have a requirement -# for extreme clock stability. Works only on Linux. Note that the "-m" -# command-line switch will also enable this feature. - -! lock_all |