47 lines
1.3 KiB
Text
47 lines
1.3 KiB
Text
<% if @is_virtual == "true" -%>
|
|
# Don't mind if the virtualized clock appears to be behaving erratically.
|
|
tinker panic 0
|
|
|
|
<% end -%>
|
|
<% if @ntp_strict == "true" -%>
|
|
# By default deny everything.
|
|
restrict -4 default ignore
|
|
restrict -6 default ignore
|
|
<% else -%>
|
|
# Permit time synchronization with our time source, but do not
|
|
# permit the source to query or modify the service on this system.
|
|
restrict -4 default nomodify notrap nopeer noquery
|
|
restrict -6 default nomodify notrap nopeer noquery
|
|
<% end -%>
|
|
|
|
# Local users may interrogate the ntp server more closely.
|
|
restrict 127.0.0.1 nomodify
|
|
<% if @ipv6enabled == "true" -%>
|
|
restrict ::1 nomodify
|
|
<% end -%>
|
|
|
|
# Drift file.
|
|
driftfile /var/lib/ntp/ntp.drift
|
|
|
|
# Remote servers.
|
|
<% @ntp_server.each do |server| -%>
|
|
server <%= server %>
|
|
<% if @ntp_strict == "true" -%>
|
|
restrict <%= server %> nomodify notrap nopeer noquery
|
|
<% end -%>
|
|
<% end -%>
|
|
<% if @is_virtual == "false" -%>
|
|
|
|
# Undisciplined Local Clock. This is a fake driver intended for backup
|
|
# and when no outside source of synchronized time is available.
|
|
server 127.127.1.0
|
|
fudge 127.127.1.0 stratum 10
|
|
<% end -%>
|
|
<% if @ntp_client_networks -%>
|
|
|
|
# Restrictions for clients using us as source.
|
|
<% @ntp_client_networks.each do |net| -%>
|
|
<% addr, mask = net.split("/") -%>
|
|
restrict <%= addr %> mask <%= mask %> nomodify notrap nopeer
|
|
<% end -%>
|
|
<% end -%>
|