diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-06-25 02:37:48 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:48 +0200 |
| commit | 2a2333cdfb016bb884887f46fbcbfdce6e064d74 (patch) | |
| tree | e85d7c802436e3c5615ee8eef2ca9c68cd5eb895 /roles/common/templates/etc/ntp.conf.j2 | |
| parent | e9e8ce2add2b7c020daa02228e506e7c02828c15 (diff) | |
Assume a DNS entry for each role.
E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone
would be provisioned by ansible, too.) It's a bit unclear how to index
the subdomains (mx{1,2,3}, etc), though.
Diffstat (limited to 'roles/common/templates/etc/ntp.conf.j2')
| -rw-r--r-- | roles/common/templates/etc/ntp.conf.j2 | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2 index 2f70cef..96cc16c 100644 --- a/roles/common/templates/etc/ntp.conf.j2 +++ b/roles/common/templates/etc/ntp.conf.j2 @@ -7,41 +7,41 @@ driftfile /var/lib/ntp/ntp.drift #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). {% if 'NTP-master' in group_names %} # Use Stratum One Time Servers: # http://support.ntp.org/bin/view/Servers/StratumOneTimeServers server ntp1.sp.se iburst server ntp2.sp.se iburst server ntp2.gbg.netnod.se iburst server ntp1.sth.netnod.se iburst server ntp2.sth.netnod.se iburst {% else %} # Sychronize to our (stratum 2) NTP server through IPSec, to ensure our # network has a consistent time. -server {{ NTP_master }} iburst +server ntp.fripost.org iburst {% endif %} # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if |