Merge remote-tracking branch 'upstream/main'

CONTRIBUTORS

@@ -1,14 +1,17 @@
 The following awesome folks have contributed ideas,
 bug reports and code to this ntp docker project:
 
- - Chris Turra       => https://github.com/cturra
- - Clément Péron     => https://github.com/clementperon
- - Fakuivan          => https://github.com/fakuivan
- - Guru Govindan     => https://github.com/ggovindan
- - Nicolas Carrier   => https://github.com/ncarrier
- - Nicolas Innocenti => https://github.com/nicoinn
- - Richard Coleman   => https://github.com/microbug
- - Simon Rupf        => https://github.com/simonrupf
+ - Chris Turra         => https://github.com/cturra
+ - Clément Péron       => https://github.com/clementperon
+ - Fakuivan            => https://github.com/fakuivan
+ - Gontier-Julien      => https://github.com/Gontier-Julien
+ - Guru Govindan       => https://github.com/ggovindan
+ - Kim Oliver Drechsel => https://github.com/kimdre
+ - Nicolas Carrier     => https://github.com/ncarrier
+ - Nicolas Innocenti   => https://github.com/nicoinn
+ - Richard Coleman     => https://github.com/microbug
+ - Simon Rupf          => https://github.com/simonrupf
+ - Trenton H           => https://github.com/stumpylog
 
 
 Thanks for your contributions!

Dockerfile

@@ -11,7 +11,7 @@ LABEL org.opencontainers.image.created="${BUILD_DATE}" \
 ENV NTP_DIRECTIVES="ratelimit\nrtcsync"
 
 # install chrony
-RUN apk add --no-cache chrony && \
+RUN apk add --no-cache chrony tzdata && \
     rm /etc/chrony/chrony.conf
 
 # script to configure/startup chrony (ntp)
@@ -24,7 +24,7 @@ EXPOSE 123/udp
 VOLUME /etc/chrony /run/chrony /var/lib/chrony
 
 # let docker know how to test container health
-HEALTHCHECK CMD chronyc tracking || exit 1
+HEALTHCHECK CMD chronyc -n tracking || exit 1
 
 # start chronyd in the foreground
 ENTRYPOINT [ "/bin/startup" ]

README.md

@@ -132,6 +132,18 @@ servers.
  * https://www.advtimesync.com/docs/manual/stratum1.html
 
 
+## Chronyd Options
+
+### No Client Log (noclientlog)
+
+This is optional and not enabled by default. If you provide the `NOCLIENTLOG=true` envivonrment variable,
+chrony will be configured to:
+
+> Specifies that client accesses are not to be logged. Normally they are logged, allowing statistics to
+> be reported using the clients command in chronyc. This option also effectively disables server support
+> for the NTP interleaved mode.
+
+
 ## Logging
 
 By default, this project logs informational messages to stdout, which can be helpful when running the
@@ -145,6 +157,39 @@ Feel free to check out the project documentation for more information at:
  * https://chrony.tuxfamily.org/doc/4.1/chronyd.html
 
 
+## Setting your timezone
+
+By default the UTC timezone is used, however if you'd like to adjust your NTP server to be running in your
+local timezone, all you need to do is provide a `TZ` environment variable following the standard TZ data format.
+As an example, using `docker-compose.yaml`, that would look like this if you were located in Vancouver, Canada:
+
+```yaml
+  ...
+  environment:
+    - TZ=America/Vancouver
+    ...
+```
+
+
+## Enable Network Time Security
+
+If **all** the `NTP_SERVERS` you have configured support NTS (Network Time Security) you can pass the `ENABLE_NTS=true`
+option to the container to enable it. As an example, using `docker-compose.yaml`, that would look like this:
+
+```yaml
+  ...
+  environment:
+    - NTP_SERVER=time.cloudflare.com
+    - ENABLE_NTS=true
+    ...
+```
+
+If any of the `NTP_SERVERS` you have configured does not support NTS, you will see a message like the
+following during startup:
+
+> NTS-KE session with 164.67.62.194:4460 (tick.ucla.edu) timed out
+
+
 ## Testing your NTP Container
 
 From any machine that has `ntpdate` you can query your new NTP container with the follow

assets/startup.sh

@@ -51,13 +51,17 @@ for N in $NTP_SERVERS; do
 
   # check if ntp server has a 127.0.0.0/8 address (RFC3330) indicating it's
   # the local system clock
-  if [[ "${N_CLEANED}" == *"127\."* ]]; then
+  if [[ "${N_CLEANED}" == "127\."* ]]; then
     echo "server "${N_CLEANED} >> ${CHRONY_CONF_FILE}
     echo "local stratum 10"    >> ${CHRONY_CONF_FILE}
 
   # found external time servers
   else
-    echo "server "${N_CLEANED}" iburst" >> ${CHRONY_CONF_FILE}
+    if [[ "${ENABLE_NTS:-false}" = true ]]; then
+      echo "server "${N_CLEANED}" iburst nts" >> ${CHRONY_CONF_FILE}
+    else
+      echo "server "${N_CLEANED}" iburst" >> ${CHRONY_CONF_FILE}
+    fi
   fi
 done
 
@@ -69,6 +73,9 @@ done
   if [ -n "${NTP_DIRECTIVES}" ]; then
     echo -e "${NTP_DIRECTIVES}"
   fi
+  if [ "${NOCLIENTLOG:-false}" = true ]; then
+    echo "noclientlog"
+  fi
   echo
   echo "allow all"
 } >> ${CHRONY_CONF_FILE}

docker-compose.yml

@@ -11,3 +11,6 @@ services:
     environment:
       - NTP_SERVERS=time.cloudflare.com
       - LOG_LEVEL=0
+#      - TZ=America/Vancouver
+#      - NOCLIENTLOG=true
+#      - ENABLE_NTS=true

run.sh

@@ -17,6 +17,8 @@ function start_container() {
               --restart=always                     \
               --publish=123:123/udp                \
               --env=NTP_SERVERS=${NTP_SERVERS}     \
+              --env=ENABLE_NTS=${ENABLE_NTS}       \
+              --env=NOCLIENTLOG=${NOCLIENTLOG}     \
               --env=LOG_LEVEL=${LOG_LEVEL}         \
               --read-only=true                     \
               --tmpfs=/etc/chrony:rw,mode=1750     \

vars

@@ -12,6 +12,12 @@ CONTAINER_NAME="ntp"
 # ntp server list must: be comma delimited and NOT contain spaces
 NTP_SERVERS="0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org"
 
+# (optional) enable NTS in the chronyd configuration file
+ENABLE_NTS=false
+
+# (optional) turn on noclientlog option
+NOCLIENTLOG=false
+
 # (optional) define chrony log level to use
 # default: 0
 # options: 0 (informational), 1 (warning), 2 (non-fatal error), and 3 (fatal error)