# DO NOT EDIT - This file is being maintained by Chef

<% if node[:lsb][:release].to_f >= 22.04 -%>
# Include configuration files found in /etc/chrony/conf.d.
confdir /etc/chrony/conf.d
<% end -%>

# Servers
<% node[:ntp][:servers].each do |server| -%>
pool <%= server %> iburst
<% end -%>
# Add additional non-pool NTP servers
# pool.ntp.org can sometimes be aggressive with KoD
pool time.cloudflare.com iburst
pool time.google.com iburst

# Allow local queries for monitoring
allow 127.0.0.1/32
allow ::1/128

# Run an initial NTP sync on daemon startup
# Use a few IPs here to workaround DNSSEC failure if time is wrong: https://github.com/openstreetmap/operations/issues/654
initstepslew 30 216.239.35.0 216.239.35.4 216.239.35.8 216.239.35.12 time.google.com time.cloudflare.com <%= node[:ntp][:servers].join(" ") %>

<% if node[:lsb][:release].to_f >= 22.04 -%>
# Use NTP sources found in /etc/chrony/sources.d.
sourcedir /etc/chrony/sources.d
<% end -%>

# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

<% if node[:lsb][:release].to_f >= 22.04 -%>
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony
<% end -%>

# Uncomment the following line to turn logging on.
#log tracking measurements statistics

# Log files location.
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync

<% if node[:virtualization][:role] == "guest" -%>
# Allow anytime step on VM guests
makestep 1 -1
<% else -%>
# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3
<% end -%>

# Enable leap second slew
leapsecmode slew
maxslewrate 1000

# Enable hardware timestamps if available
hwtimestamp *