aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files
diff options
context:
space:
mode:
Diffstat (limited to 'roles/space_server/files')
-rwxr-xr-xroles/space_server/files/certbot-chrony.sh13
-rw-r--r--roles/space_server/files/chrony.conf4
2 files changed, 17 insertions, 0 deletions
diff --git a/roles/space_server/files/certbot-chrony.sh b/roles/space_server/files/certbot-chrony.sh
new file mode 100755
index 0000000..ff48207
--- /dev/null
+++ b/roles/space_server/files/certbot-chrony.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+case "$RENEWED_LINEAGE" in
+*/space.labitat.dk)
+ install -m640 -o root -g chrony "$RENEWED_LINEAGE/fullchain.pem" /etc/chrony.cert
+ install -m640 -o root -g chrony "$RENEWED_LINEAGE/privkey.pem" /etc/chrony.key
+ systemctl restart chronyd.service
+ ;;
+esac
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/files/chrony.conf b/roles/space_server/files/chrony.conf
index cab1ce4..a26568d 100644
--- a/roles/space_server/files/chrony.conf
+++ b/roles/space_server/files/chrony.conf
@@ -33,6 +33,10 @@ allow 185.38.175.0/24
allow 10.42.0.0/16
allow 2a01:4262:1ab::/48
+# NTS server certificate and key
+ntsservercert /etc/chrony.cert
+ntsserverkey /etc/chrony.key
+
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
generated by cgit v1.2.1 (git 2.18.0) at 2025-06-08 22:27:28 +0000