Phew, that took a while to get right. I don't want to waste any more of your valuable time. So, let's dig into the deployment of a time, DHCP and DNS server on our home server. Shall we?
This series is explaining how we are setting up a home server from scratch. You can find links to the previous articles below.
- Intro & Concept
- Hardware & OS
- Time, DHCP, DNS Server
- Git Server
- File, Calendar, Contact Sync
- Application Dashboard
- Kubernetes testing ground
This time, we will automate some deployments. Let's go! :)
A time-server is a service that provides a valid time source for network devices. Very often this service is provided by a router or consumed from a cloud service. Hosting this on our own has some cool benefits:
- less communication to cloud services
- devices in the network get the time from the same source
- learning new things about containers and UDP
- optionally using GPS as time source
We will use a quite popular container from cturra and deploy it via Podman. It provides chrony in an Alpine Linux image. With <6 MB, it's also very small. Lastly, we will automate the setup via Ansible (as always) and control the container via systemd.
This will result in an automatically updated NTP server, that will just do its job.
For the deployment, we will create a new playbook as part of our repository. We already deployed Podman in the "Fedora - Home Server (Container)" article.
This time, we will create a playbook to create a systemd unit file, similar to the ones explained in "Podman - systemd container management" article.
Just create a new playbook
deploy_ntp_container.yml with the below content.
The above playbook will create a new systemd service unit, start and enable the service, but will also take care if something changed and restart the service.
But... there is something missing. We have to provide a template for our service file. Let's create this in the
templates directory, too.
The above file is very similar to the one shown from the "Podman - systemd container management" article. We also added all security options from the documentation provided from the container image maintainer. As the time-servers, I have opted for the ones provided from the NTP pool, but you can customize these to your liking.
Lastly, you can find the auto-update label in the configuration, as described in the article "Podman - Auto Updates". This will ensure that your container is updated and new patches and security fixes are applied automatically.
From our home server, we can check the current state of the deployment in multiple ways.
# Check if the service is running $ systemctl status container-ntp.service # Check if the container is really running $ podman ps -a # Check the used time source $ sudo podman exec ntp chronyc sources # Check the diff for the next timeserver $ podman exec ntp chronyc tracking
But, we can also test the server from our workstation.
# Test the new server $ chronyd -Q "server <IP-ADDRESS> iburst" # or use ntpdate instead $ ntpdate -q <IP-ADDRESS>
Repository and Code
As always, I have updated the code in the related repository over at GitHub. Please feel free to check it out, in case you need some additional help or support.
Docs & Links
I have linked some articles already, but let's summarize the most important ones again.
For now, we have a little NTP server, which can be used from our clients. Sure, one may configure these manually, but in the next article, we will promote this server via DHCP. We will also have a look at DNS and how we can build our own DNS cache/forwarder.
Are there any other services you are interested in? Do you already use your home server with other things? What do you think about DNS and NTP caching services? Please let me know! I would also happily hear your feedback about this series so far.