# {{ ansible_managed }} # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile {{ ntp_driftfile }} {% if ntp_tinker_panic is sameas true %} # Always reset the clock, even if the new time is more than 1000s away # from the current system time. Useful for VMs that can be paused # and much later resumed. tinker panic 0 {% endif %} # Specify one or more NTP servers. # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). {% for item in ntp_servers %} pool {{ item }} {% endfor %} # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery limited restrict -6 default kod notrap nomodify nopeer noquery limited # Local users may interrogate the ntp server more closely. {% for item in ntp_restrict %} restrict {{ item }} {% endfor %} # Needed for filtering interfaces {% if ntp_filter_interface %} {% for item in ntp_interfaces %} interface {{ item }} {% endfor %} {% endif %} # Needed for adding pool entries restrict source notrap nomodify noquery # Disable the monitoring facility to prevent amplification attacks using ntpdc # monlist command when default restrict does not include the noquery flag. See # CVE-2013-5211 for more details. # Note: Monitoring will not be disabled with the limited restriction flag. disable monitor