purging orff

[dsa-puppet.git] / modules / ntp / templates / ntp.conf

diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf
index 8e052e0c844834de5b557306ad29cc643a800701..4885e5719c712e0dc41b21547b67a40abe187607 100644 (file)
--- a/modules/ntp/templates/ntp.conf
+++ b/modules/ntp/templates/ntp.conf
@@ -6,29 +6,53 @@
 driftfile /var/lib/ntp/ntp.drift
 statsdir /var/log/ntpstats/
 
 driftfile /var/lib/ntp/ntp.drift
 statsdir /var/log/ntpstats/
 

-statistics loopstats peerstats clockstats
+statistics loopstats peerstats clockstats cryptostats

 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable

+filegen cryptostats file cryptostats type day enable

 
 

-<% case fqdn
-       when /geo[123].debian.org/:
--%>
+crypto randfile /dev/urandom
+keysdir /etc/ntp.keys.d
+
+<% if scope.lookupvar('site::nodeinfo')['timeserver'] -%>

 server 0.debian.pool.ntp.org iburst dynamic
 server 1.debian.pool.ntp.org iburst dynamic
 server 2.debian.pool.ntp.org iburst dynamic
 server 3.debian.pool.ntp.org iburst dynamic
 server 0.debian.pool.ntp.org iburst dynamic
 server 1.debian.pool.ntp.org iburst dynamic
 server 2.debian.pool.ntp.org iburst dynamic
 server 3.debian.pool.ntp.org iburst dynamic

-<%     when "ancina.debian.org/": -%>
+
+leapfile /var/lib/ntp/leap-seconds.list
+<% elsif fqdn == "ancina.debian.org" -%>

 server ntp.ugent.be iburst dynamic
 server ntp.ugent.be iburst dynamic

-<%     when "(albeniz|goetz).debian.org/": -%>
-server smetana.debian.org iburst dynamic
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
-<%     else -%>
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
+<% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] -%>
+# autokey doesn't work behind nat
+
+# czerny's, bm-bl2's, and dijkstra's ipv4 IP, hard coded for the benefit of
+# hosts that do not have RTC's (since they won't be able to do DNS until
+# they have a reasonable clock).
+server 82.195.75.109        iburst
+server 5.153.231.242        iburst
+server 206.12.19.218        iburst
+
+server czerny.debian.org    iburst
+server clementi.debian.org  iburst
+server bm-bl1.debian.org    iburst
+server bm-bl2.debian.org    iburst
+server dijkstra.debian.org  iburst
+server luchesi.debian.org   iburst
+<% else -%>
+server czerny.debian.org       iburst autokey
+server clementi.debian.org     iburst autokey
+server bm-bl1.debian.org       iburst autokey
+server bm-bl2.debian.org       iburst autokey
+server dijkstra.debian.org     iburst autokey
+server luchesi.debian.org      iburst autokey
+restrict czerny.debian.org     notrust nomodify notrap ntpport
+restrict clementi.debian.org   notrust nomodify notrap ntpport
+restrict bm-bl1.debian.org     notrust nomodify notrap ntpport
+restrict bm-bl2.debian.org     notrust nomodify notrap ntpport
+restrict dijkstra.debian.org   notrust nomodify notrap ntpport
+restrict luchesi.debian.org    notrust nomodify notrap ntpport

 <% end -%>
 
 restrict -4 default kod notrap nomodify nopeer noquery
 <% end -%>
 
 restrict -4 default kod notrap nomodify nopeer noquery


@@ -36,3 +60,7 @@ restrict -6 default kod notrap nomodify nopeer noquery
 
 restrict 127.0.0.1
 restrict ::1
 
 restrict 127.0.0.1
 restrict ::1

+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: