summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-12-06 21:29:10 +0100
committerGuilhem Moulin <guilhem@fripost.org>2018-12-09 20:25:39 +0100
commit04f6cf3f736eac66f531b7044660801dd1f0c95e (patch)
tree44281f89d289ac74cbae0886ebd5885922f33880
parent09cd9f998780fb7179b7fc23c593c305a12b050a (diff)
ntp.conf: reduce delta with the packaged version.
-rw-r--r--roles/common/templates/etc/ntp.conf.j226
1 files changed, 15 insertions, 11 deletions
diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2
index 2022a4b..7bd1c4a 100644
--- a/roles/common/templates/etc/ntp.conf.j2
+++ b/roles/common/templates/etc/ntp.conf.j2
@@ -16,21 +16,22 @@ filegen clockstats file clockstats type day enable
{% if 'NTP-master' in group_names %}
# Use Stratum One Time Servers:
# http://support.ntp.org/bin/view/Servers/StratumOneTimeServers
-server ntp1.sp.se iburst
-server ntp2.sp.se iburst
-server ntp2.gbg.netnod.se iburst
-server ntp1.sth.netnod.se iburst
-server ntp2.sth.netnod.se iburst
+server sth1.ntp.se iburst
+server sth2.ntp.se iburst
+server gbg1.ntp.se iburst
+server gbg2.ntp.se iburst
+server ntp1.sp.se iburst
+server ntp2.sp.se iburst
{% else %}
# Sychronize to our (stratum 2) NTP server, to ensure our network has a
# consistent time.
{% for host in groups['NTP-master'] | sort %}
server {{ ipsec[ hostvars[host].inventory_hostname_short ] }} prefer iburst
{% endfor %}
-server 0.{{ geoip | default('debian') }}.pool.ntp.org iburst
-server 1.{{ geoip | default('debian') }}.pool.ntp.org iburst
-server 2.{{ geoip | default('debian') }}.pool.ntp.org iburst
-server 3.{{ geoip | default('debian') }}.pool.ntp.org iburst
+pool 0.{{ geoip | default('debian') }}.pool.ntp.org iburst
+pool 1.{{ geoip | default('debian') }}.pool.ntp.org iburst
+pool 2.{{ geoip | default('debian') }}.pool.ntp.org iburst
+pool 3.{{ geoip | default('debian') }}.pool.ntp.org iburst
{% endif %}
@@ -43,13 +44,16 @@ server 3.{{ geoip | default('debian') }}.pool.ntp.org iburst
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
-restrict -4 default limited kod nomodify notrap nopeer noquery
-restrict -6 default limited kod nomodify notrap nopeer noquery
+restrict -4 default kod notrap nomodify nopeer noquery limited
+restrict -6 default kod notrap nomodify nopeer noquery limited
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
+# Needed for adding pool entries
+restrict source notrap nomodify noquery
+
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust