X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fntp%2Ftemplates%2Fntp.conf;h=bd14e5894cd998aa547fd13a8c8ae039131989e9;hb=320758f7417e40be264dab0c3970c185f9ff6a93;hp=6c6fb166cc00b7de10d768cb0b03ca998b2f4cb0;hpb=dfd8f728dd8fa97f3375d56dd8258f7699cf41d9;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf
index 6c6fb166c..bd14e5894 100644
--- a/modules/ntp/templates/ntp.conf
+++ b/modules/ntp/templates/ntp.conf
@@ -6,32 +6,59 @@
 driftfile /var/lib/ntp/ntp.drift
 statsdir /var/log/ntpstats/
 
+# XXX REMOVE wheezy special handling when 670662 gets fixed
+
+<% if %w{wheezy}.include?(scope.lookupvar('::lsbdistcodename')) -%>
 statistics loopstats peerstats clockstats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
+<% else -%>
+statistics loopstats peerstats clockstats cryptostats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+filegen cryptostats file cryptostats type day enable
+<% end -%>
 
-<% case fqdn
-	when /geo[123].debian.org/:
--%>
+crypto randfile /dev/urandom
+keysdir /etc/ntp.keys.d
+
+<% if scope.lookupvar('site::nodeinfo')['timeserver'] -%>
 server 0.debian.pool.ntp.org iburst dynamic
 server 1.debian.pool.ntp.org iburst dynamic
 server 2.debian.pool.ntp.org iburst dynamic
 server 3.debian.pool.ntp.org iburst dynamic
-<%	when "ancina.debian.org": -%>
+
+leapfile /var/lib/ntp/leap-seconds.list
+<%   if fqdn == "orff.debian.org" -%>
+server ntp.grnet.gr iburst dynamic
+server chronos.duth.gr iburst
+<%   end -%>
+<% elsif fqdn == "ancina.debian.org" -%>
 server ntp.ugent.be iburst dynamic
-<%	when /(albeniz|goetz).debian.org/: -%>
-server smetana.debian.org iburst dynamic
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
-<%	when /(widor|argento).debian.org/: -%>
-server 195.49.152.213 iburst
-server 195.49.152.37 iburst
-<%	else -%>
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
+<% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] or %w{wheezy}.include?(scope.lookupvar('::lsbdistcodename')) -%>
+# autokey doesn't work behind nat
+
+# merikanto's and orff's ipv4 IP, hard coded for the benefit of hosts
+# that do not have RTC's (since they won't be able to do DNS until
+# they have a reasonable clock).
+server 86.59.118.147        iburst
+server 194.177.211.209      iburst
+
+server merikanto.debian.org iburst
+server orff.debian.org      iburst
+server ravel.debian.org     iburst
+server busoni.debian.org    iburst
+<% else -%>
+server merikanto.debian.org iburst autokey
+server orff.debian.org      iburst autokey
+server ravel.debian.org     iburst autokey
+server busoni.debian.org    iburst autokey
+restrict merikanto.debian.org notrust nomodify notrap ntpport
+restrict orff.debian.org      notrust nomodify notrap ntpport
+restrict ravel.debian.org     notrust nomodify notrap ntpport
+restrict busoni.debian.org    notrust nomodify notrap ntpport
 <% end -%>
 
 restrict -4 default kod notrap nomodify nopeer noquery
@@ -39,3 +66,7 @@ restrict -6 default kod notrap nomodify nopeer noquery
 
 restrict 127.0.0.1
 restrict ::1
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: