Try to enable ntp keying

[dsa-puppet.git] / modules / ntp / templates / ntp.conf

diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf
index fdc6d1545c41c815f62bffe0e6c23ee2a001e184..1cf5999f2d7bea9ebcd7a67fef0820013dbe8738 100644 (file)
--- a/modules/ntp/templates/ntp.conf
+++ b/modules/ntp/templates/ntp.conf
@@ -11,19 +11,31 @@ filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 
-<% case fqdn
-       when /geo[123].debian.org/:
--%>
+crypto randfile /dev/urandom
+keysdir /etc/ntp.keys.d
+
+<% if nodeinfo['timeserver'] -%>
 server 0.debian.pool.ntp.org iburst dynamic
 server 1.debian.pool.ntp.org iburst dynamic
 server 2.debian.pool.ntp.org iburst dynamic
 server 3.debian.pool.ntp.org iburst dynamic
-<%     when "ancina.debian.org/": -%>
+<% elsif fqdn == "ancina.debian.org" -%>
 server ntp.ugent.be iburst dynamic
-<%     else -%>
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
+<% elsif nodeinfo['misc']['natted'] -%>
+# autokey doesn't work behind nat
+server merikanto.debian.org iburst
+server orff.debian.org      iburst
+server ravel.debian.org     iburst
+server busoni.debian.org    iburst
+<% else -%>
+server merikanto.debian.org iburst autokey
+server orff.debian.org      iburst autokey
+server ravel.debian.org     iburst autokey
+server busoni.debian.org    iburst autokey
+restrict merikanto.debian.org notrust nomodify notrap ntpport
+restrict orff.debian.org      notrust nomodify notrap ntpport
+restrict ravel.debian.org     notrust nomodify notrap ntpport
+restrict busoni.debian.org    notrust nomodify notrap ntpport
 <% end -%>
 
 restrict -4 default kod notrap nomodify nopeer noquery
@@ -31,3 +43,7 @@ restrict -6 default kod notrap nomodify nopeer noquery
 
 restrict 127.0.0.1
 restrict ::1
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: