# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntpsec/ntp.drift leapfile /usr/share/zoneinfo/leap-seconds.list # To enable Network Time Security support as a server, obtain a certificate # (e.g. with Let's Encrypt), configure the paths below, and uncomment: # nts cert CERT_FILE # nts key KEY_FILE # nts enable # You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging. #statsdir /var/log/ntpsec/ #statistics loopstats peerstats clockstats #filegen loopstats file loopstats type day enable #filegen peerstats file peerstats type day enable #filegen clockstats file clockstats type day enable # This should be maxclock 7, but the pool entries count towards maxclock. tos maxclock 11 # Comment this out if you have a refclock and want it to be able to discipline # the clock by itself (e.g. if the system is not connected to the network). tos minclock 4 minsane 3 # Specify one or more NTP servers. # Public NTP servers supporting Network Time Security: # server time.cloudflare.com nts # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: server infra.test-lab.xenproject.org # Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html # for details. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict default kod nomodify nopeer noquery limited # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1