From b036b47fc9d1b4d2505a17d318f1924dea7d8ef3 Mon Sep 17 00:00:00 2001 From: Tommy Date: Wed, 13 Jul 2022 09:40:34 -0400 Subject: [PATCH] Secure Timesync with NTS --- install.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index cdd3735..f12ccd9 100755 --- a/install.sh +++ b/install.sh @@ -184,7 +184,7 @@ kernel_selector # Pacstrap (setting up a base sytem onto the new root). # As I said above, I am considering replacing gnome-software with pamac-flatpak-gnome as PackageKit seems very buggy on Arch Linux right now. echo "Installing the base system (it may take a while)." -pacstrap /mnt base ${kernel} ${microcode} linux-firmware grub grub-btrfs snapper snap-pac efibootmgr sudo networkmanager apparmor python2-notify python-psutil nano gdm gnome-control-center gnome-terminal gnome-software gnome-software-packagekit-plugin gnome-tweaks nautilus pipewire-pulse pipewire-alsa pipewire-jack flatpak firewalld zram-generator adobe-source-han-sans-otc-fonts adobe-source-han-serif-otc-fonts gnu-free-fonts reflector mlocate man-db +pacstrap /mnt base ${kernel} ${microcode} linux-firmware grub grub-btrfs snapper snap-pac efibootmgr sudo networkmanager apparmor python2-notify python-psutil chrony nano gdm gnome-control-center gnome-terminal gnome-software gnome-software-packagekit-plugin gnome-tweaks nautilus pipewire-pulse pipewire-alsa pipewire-jack flatpak firewalld zram-generator adobe-source-han-sans-otc-fonts adobe-source-han-serif-otc-fonts gnu-free-fonts reflector mlocate man-db # Routing jack2 through PipeWire. echo "/usr/lib/pipewire-0.3/jack" > /mnt/etc/ld.so.conf.d/pipewire-jack.conf @@ -240,6 +240,9 @@ curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/g # Enabling IOMMU curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/grub.d/40_enable_iommu.cfg >> /mnt/etc/grub.d/40_enable_iommu +# Enabling NTS +curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf >> /mnt/etc/chrony.conf + # Setting GRUB configuration file permissions chmod 755 /mnt/etc/grub.d/* @@ -420,6 +423,12 @@ systemctl enable reflector.timer --root=/mnt &>/dev/null echo "Enabling systemd-oomd." systemctl enable systemd-oomd --root=/mnt &>/dev/null +# Disabling systemd-timesyncd +systemctl disable systemd-timesyncd --root=/mnt &>/dev/null + +# Enabling chronyd +systemctl enable chronyd --root=/mnt &>/dev/null + # Enabling Snapper automatic snapshots. echo "Enabling Snapper and automatic snapshots entries." systemctl enable snapper-timeline.timer --root=/mnt &>/dev/null