# Generated by edgeguard — do not edit by hand.
# Re-generate via `edgeguard-ctl render-config --only=chrony`.
#
# This file lives in /etc/chrony/conf.d/edgeguard.conf — chrony's
# main /etc/chrony/chrony.conf includes the directory automatically
# (Debian default).

# ── Upstream sources ───────────────────────────────────────────
{{range .Pools}}
{{- if .Active}}
{{.Kind}} {{.Address}}{{if .Iburst}} iburst{{end}}{{if .Prefer}} prefer{{end}}{{if .MinPoll}} minpoll {{.MinPoll}}{{end}}{{if .MaxPoll}} maxpoll {{.MaxPoll}}{{end}}
{{- end}}
{{end}}

# ── Listen-Bind ────────────────────────────────────────────────
# Wenn nichts ausser localhost gebound ist, lassen wir bindaddress
# weg (chrony default = alle Interfaces). Sonst explizite bindaddress
# pro IP. Mit serve_clients=false wird port 0 → kein Listen-Socket
# (= reiner Client).
{{if .Settings.ServeClients}}
{{- range .ListenAddresses}}
bindaddress {{.}}
{{- end}}
{{- range .AllowACLs}}
allow {{.}}
{{- end}}
{{else}}
port 0
{{- end}}

# ── Step + Drift ───────────────────────────────────────────────
# makestep N L: erlaubt einen step von >N Sekunden in den ersten L
# updates (wichtig wenn der Clock weit weg ist; sonst nur slew).
makestep {{.Settings.MakestepSecs}} {{.Settings.MakestepLimit}}

driftfile /var/lib/chrony/chrony.drift

{{- if .Settings.RTCSync}}
# RTC mit System-Time syncen (für Reboot-Konsistenz).
rtcsync
{{- end}}
{{- if .Settings.LeapsecTZ}}
# Leap-Sekunden via tz-Datei (nicht slew).
leapsectz {{.Settings.LeapsecTZ}}
{{- end}}

# Logging
logdir /var/log/chrony
log measurements statistics tracking