X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fntp%2Ftemplates%2Fntp.conf;h=ea9c506e3e974a13daf47329f594914d769d7145;hb=5024ebc9b2c219d411e8a1f50fd7767d8004cb6d;hp=8e052e0c844834de5b557306ad29cc643a800701;hpb=1cb315e7029fd23dc96a380d0b0b455cc3207c8b;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf
index 8e052e0c8..ea9c506e3 100644
--- a/modules/ntp/templates/ntp.conf
+++ b/modules/ntp/templates/ntp.conf
@@ -6,29 +6,51 @@
 driftfile /var/lib/ntp/ntp.drift
 statsdir /var/log/ntpstats/
 
-statistics loopstats peerstats clockstats
+statistics loopstats peerstats clockstats cryptostats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
+filegen cryptostats file cryptostats type day enable
 
-<% case fqdn
-	when /geo[123].debian.org/:
--%>
+crypto randfile /dev/urandom
+keysdir /etc/ntp.keys.d
+
+<% if scope.lookupvar('site::nodeinfo')['timeserver'] -%>
 server 0.debian.pool.ntp.org iburst dynamic
 server 1.debian.pool.ntp.org iburst dynamic
 server 2.debian.pool.ntp.org iburst dynamic
 server 3.debian.pool.ntp.org iburst dynamic
-<%	when "ancina.debian.org/": -%>
-server ntp.ugent.be iburst dynamic
-<%	when "(albeniz|goetz).debian.org/": -%>
-server smetana.debian.org iburst dynamic
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
-<%	else -%>
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
+
+leapfile /usr/share/zoneinfo/leap-seconds.list
+<% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] -%>
+# autokey doesn't work behind nat
+
+# czerny's, bm-bl2's, and ubc-bl2's ipv4 IP, hard coded for the benefit of
+# hosts that do not have RTC's (since they won't be able to do DNS until
+# they have a reasonable clock).
+server 82.195.75.109        iburst
+server 5.153.231.242        iburst
+server 206.12.19.212        iburst
+
+server czerny.debian.org    iburst
+server clementi.debian.org  iburst
+server bm-bl1.debian.org    iburst
+server bm-bl2.debian.org    iburst
+server ubc-bl2.debian.org   iburst
+server ubc-bl6.debian.org   iburst
+<% else -%>
+server czerny.debian.org       iburst autokey
+server clementi.debian.org     iburst autokey
+server bm-bl1.debian.org       iburst autokey
+server bm-bl2.debian.org       iburst autokey
+server ubc-bl2.debian.org      iburst autokey
+server ubc-bl6.debian.org      iburst autokey
+restrict czerny.debian.org     notrust nomodify notrap ntpport
+restrict clementi.debian.org   notrust nomodify notrap ntpport
+restrict bm-bl1.debian.org     notrust nomodify notrap ntpport
+restrict bm-bl2.debian.org     notrust nomodify notrap ntpport
+restrict ubc-bl2.debian.org    notrust nomodify notrap ntpport
+restrict ubc-bl6.debian.org    notrust nomodify notrap ntpport
 <% end -%>
 
 restrict -4 default kod notrap nomodify nopeer noquery
@@ -36,3 +58,7 @@ restrict -6 default kod notrap nomodify nopeer noquery
 
 restrict 127.0.0.1
 restrict ::1
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: