2022-06-29 04:15:34 +08:00
|
|
|
# {{ ansible_managed }}
|
|
|
|
|
|
|
|
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
|
|
|
|
|
|
|
driftfile {{ ntp_driftfile }}
|
|
|
|
|
|
|
|
{% if ntp_tinker_panic is sameas true %}
|
|
|
|
# Always reset the clock, even if the new time is more than 1000s away
|
2022-10-07 17:21:53 +08:00
|
|
|
# from the current system time. Useful for VMs that can be paused
|
2022-06-29 04:15:34 +08:00
|
|
|
# and much later resumed.
|
|
|
|
tinker panic 0
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
# Specify one or more NTP servers.
|
|
|
|
# Use public servers from the pool.ntp.org project.
|
|
|
|
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
|
|
|
{% for item in ntp_servers %}
|
|
|
|
pool {{ item }}
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
|
|
|
|
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
|
|
|
|
# might also be helpful.
|
|
|
|
#
|
|
|
|
# Note that "restrict" applies to both servers and clients, so a configuration
|
|
|
|
# that might be intended to block requests from certain clients could also end
|
|
|
|
# up blocking replies from your own upstream servers.
|
|
|
|
|
|
|
|
# By default, exchange time with everybody, but don't allow configuration.
|
|
|
|
restrict -4 default kod notrap nomodify nopeer noquery limited
|
|
|
|
restrict -6 default kod notrap nomodify nopeer noquery limited
|
|
|
|
|
|
|
|
# Local users may interrogate the ntp server more closely.
|
|
|
|
{% for item in ntp_restrict %}
|
|
|
|
restrict {{ item }}
|
|
|
|
{% endfor %}
|
|
|
|
|
2024-04-25 22:51:45 +08:00
|
|
|
# Needed for filtering interfaces
|
|
|
|
{% if ntp_filter_interface %}
|
|
|
|
{% for item in ntp_interfaces %}
|
|
|
|
interface {{ item }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
|
2022-06-29 04:15:34 +08:00
|
|
|
# Needed for adding pool entries
|
|
|
|
restrict source notrap nomodify noquery
|
|
|
|
|
|
|
|
# Disable the monitoring facility to prevent amplification attacks using ntpdc
|
|
|
|
# monlist command when default restrict does not include the noquery flag. See
|
|
|
|
# CVE-2013-5211 for more details.
|
|
|
|
# Note: Monitoring will not be disabled with the limited restriction flag.
|
|
|
|
disable monitor
|