driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/
-statistics loopstats peerstats clockstats
+statistics loopstats peerstats clockstats cryptostats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
+filegen cryptostats file cryptostats type day enable
-<% case fqdn
- when /geo[123].debian.org/:
--%>
+crypto randfile /dev/urandom
+keysdir /etc/ntp.keys.d
+
+<% if scope.lookupvar('site::nodeinfo')['timeserver'] -%>
server 0.debian.pool.ntp.org iburst dynamic
server 1.debian.pool.ntp.org iburst dynamic
server 2.debian.pool.ntp.org iburst dynamic
server 3.debian.pool.ntp.org iburst dynamic
-<% when "ancina.debian.org": -%>
+
+leapfile /var/lib/ntp/leap-seconds.list
+<% if fqdn == "orff.debian.org" -%>
+server ntp.grnet.gr iburst dynamic
+server chronos.duth.gr iburst
+<% end -%>
+<% elsif fqdn == "ancina.debian.org" -%>
server ntp.ugent.be iburst dynamic
-<% when /(albeniz|goetz).debian.org/: -%>
-server smetana.debian.org iburst dynamic
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
-<% else -%>
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
+<% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] -%>
+# autokey doesn't work behind nat
+
+# merikanto's and orff's ipv4 IP, hard coded for the benefit of hosts
+# that do not have RTC's (since they won't be able to do DNS until
+# they have a reasonable clock).
+server 86.59.118.147 iburst
+server 194.177.211.209 iburst
+
+server merikanto.debian.org iburst
+server orff.debian.org iburst
+server ravel.debian.org iburst
+server busoni.debian.org iburst
+<% else -%>
+server merikanto.debian.org iburst autokey
+server orff.debian.org iburst autokey
+server ravel.debian.org iburst autokey
+server busoni.debian.org iburst autokey
+restrict merikanto.debian.org notrust nomodify notrap ntpport
+restrict orff.debian.org notrust nomodify notrap ntpport
+restrict ravel.debian.org notrust nomodify notrap ntpport
+restrict busoni.debian.org notrust nomodify notrap ntpport
<% end -%>
restrict -4 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: