this should virtually work

[dsa-puppet.git] / modules / ntp / manifests / init.pp

diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index 1b02a836050c2e00d1abaf5a04b1eed70de32f2d..ace2f8f8dbb886e257aa06668bf33a54b655c124 100644 (file)
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -1,14 +1,33 @@
 class ntp {
        package { ntp: ensure => installed }
-       file { "/var/lib/ntp/":
-               ensure  => directory,
-               owner   => ntp,
-               group   => ntp,
-               mode    => 755
-               ;
+       file {  "/var/lib/ntp/":
+                       ensure  => directory,
+                       owner   => ntp,
+                       group   => ntp,
+                       mode    => 755
+                       ;
+               "/var/lib/ntpstats":
+                       ensure  => directory,
+                       owner   => ntp,
+                       group   => ntp,
+                       mode    => 755
+                       ;
+               "/etc/ntp.conf":
+                       owner   => root,
+                       group   => root,
+                       mode    => 444,
+                       content => template("ntp/ntp.conf"),
+                       notify  => Exec["ntp restart"],
+                       require => Package["ntp"]
+                       ;
        }
        exec { "ntp restart":
-               path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+               path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
                refreshonly => true,
        }
+        @ferm::rule { "dsa-ntp":
+                domain          => "(ip ip6)",
+                description     => "Allow ntp access",
+                rule            => "proto udp mod state state (NEW) dport (123) ACCEPT"
+        }
 }