Provisioning an NTP Server
One of the first things I did upon receiving my new Framework laptop was to provision a personal NTP server.
The Network Time Protocol allows for networked systems to synchronize their clocks between themselves. However, I would rather not have my devices connect to Google or Cloudflare, so instead I decided to provision an NTP server on my home network and have my machines connect to that.
Virtual Machine
First, I provisioned a new virtual machine with OpenBSD 7.0 installed.
Then, I configured /etc/ntpd.conf
to connect to the servers I wanted:
listen on 10.10.10.10
servers pool.ntp.example.org
sensor *
constraint from "https://example.com"
constraint from "https://example.org"
The constraint directive checks the HTTP Date
header of the websites in question, so be sure to use a reliable one.
Make sure the listen
keyword is there or your server won’t be listening for any requests from your other machines.
We also need to configure the server’s packet filter configuration, or /etc/pf.conf
:
if = "vio0"
set skip on lo
block return
pass in on $if inet proto icmp
pass in on $if inet proto {tcp udp} to port ntp
pass out on $if
The first three lines are pretty straightforward, while the fourth line allows me to ping the server. The fifth line allows the ntp
port through, or port 123.
Local DNS
Right now I use pihole
to configure local DNS, though that may change in the future. In any case, I added an entry for ntp.home.lan
to point to the virtual machine’s IP address.
I could simply use the VM’s IP address directly, but I’d rather use something human readable, and this gives me the option of setting something once on all my devices and changing the configuration on the pihole
if the network topology needs to change.
The Framework
All that I need to do now is point my Framework’s /etc/ntpd.conf
file to the local NTP server.
server ntp.home.lan
And then restart ntpd(8)
on the Framework:
rcctl restart ntpd
I can check the status of the NTP daemon through ntpctl(8)
:
$ ntpctl -sa
1/1 peers valid, clock synced, stratum 4
peer
wt tl st next poll offset delay jitter
10.10.10.10 ntp.home.lan
* 1 10 3 28s 33s -0.276ms 2.456ms 2.214ms
Or I can just tail(1)
the logs:
$ tail -f /var/log/daemon
Nov 4 12:44:06 devbox ntpd[75687]: ntp engine ready
Nov 4 12:44:28 devbox ntpd[75687]: peer 10.10.10.10 now valid
Nov 4 12:49:03 devbox ntpd[75687]: clock is now synced
Conclusion
I have to say that I love my homelab! It allows me to easily provision new servers with a click of a button, and I can have new infrastructure and services easily configured in OpenBSD.
Next I hope to tackle a git
or smtp
server.