Files
@ 814be5def61d
Branch filter:
Location: majic-ansible-roles/roles/common/templates/ntp.conf.j2 - annotation
814be5def61d
1.9 KiB
text/plain
MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 | # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
{% for server in ntp_servers %}
server {{ server }} iburst
{% endfor %}
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
|