ntp.conf.j2 2.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
  2. #
  3. # This file is managed by ansible. Do not edit by hand!
  4. #
  5. driftfile /var/lib/ntp/ntp.drift
  6. # listen on if
  7. interface ignore wildcard
  8. interface listen bat0
  9. interface listen eth0
  10. # Enable this if you want statistics to be logged.
  11. #statsdir /var/log/ntpstats/
  12. statistics loopstats peerstats clockstats
  13. filegen loopstats file loopstats type day enable
  14. filegen peerstats file peerstats type day enable
  15. filegen clockstats file clockstats type day enable
  16. # You do need to talk to an NTP server or two (or three).
  17. #server ntp.your-provider.example
  18. # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
  19. # pick a different set every time it starts up. Please consider joining the
  20. # pool: <http://www.pool.ntp.org/join.html>
  21. server 0.debian.pool.ntp.org iburst
  22. server 1.debian.pool.ntp.org iburst
  23. server 2.debian.pool.ntp.org iburst
  24. server 3.debian.pool.ntp.org iburst
  25. # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
  26. # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
  27. # might also be helpful.
  28. #
  29. # Note that "restrict" applies to both servers and clients, so a configuration
  30. # that might be intended to block requests from certain clients could also end
  31. # up blocking replies from your own upstream servers.
  32. # By default, exchange time with everybody, but don't allow configuration.
  33. # restrict -4 default kod notrap nomodify nopeer noquery
  34. # restrict -6 default kod notrap nomodify nopeer noquery
  35. restrict -4 default ignore
  36. restrict -6 default ignore
  37. # Local users may interrogate the ntp server more closely.
  38. restrict 127.0.0.1
  39. restrict ::1
  40. # allow from ff-do-subnets
  41. restrict {{supernode_mesh_ipv4|ipaddr('network')}} mask {{supernode_mesh_ipv4|ipaddr('netmask')}} kod notrap nomodify nopeer noquery
  42. restrict {{supernode_mesh_ipv6|ipaddr('network')}} mask {{supernode_mesh_ipv6|ipaddr('netmask')}} kod notrap nomodify nopeer noquery
  43. # Clients from this (example!) subnet have unlimited access, but only if
  44. # cryptographically authenticated.
  45. #restrict 192.168.123.0 mask 255.255.255.0 notrust
  46. # If you want to provide time to your local subnet, change the next line.
  47. # (Again, the address is an example only.)
  48. #broadcast 192.168.123.255
  49. # If you want to listen to time broadcasts on your local subnet, de-comment the
  50. # next lines. Please do this only if you trust everybody on the network!
  51. #disable auth
  52. #broadcastclient