Files
@ 834c3a4d591a
Branch filter:
Location: majic-ansible-roles/roles/common/templates/ntp.conf.j2 - annotation
834c3a4d591a
1.8 KiB
text/plain
MAR-218: Use built-in module for diverting the ferm binary.
72af31a420be 5bc6b7fb4cb5 72af31a420be 72af31a420be 5bc6b7fb4cb5 72af31a420be 72af31a420be 72af31a420be 72af31a420be 72af31a420be 5bc6b7fb4cb5 72af31a420be 72af31a420be 72af31a420be 72af31a420be 72af31a420be 72af31a420be 5bc6b7fb4cb5 72af31a420be 72af31a420be 5bc6b7fb4cb5 72af31a420be 72af31a420be 72af31a420be 5bc6b7fb4cb5 72af31a420be 72af31a420be 72af31a420be 72af31a420be 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 72af31a420be 49af212543b0 49af212543b0 5bc6b7fb4cb5 5bc6b7fb4cb5 72af31a420be 72af31a420be 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 72af31a420be 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 5bc6b7fb4cb5 | # /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntpsec/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
# To enable Network Time Security support as a server, obtain a certificate
# (e.g. with Let's Encrypt), configure the paths below, and uncomment:
# nts cert CERT_FILE
# nts key KEY_FILE
# nts enable
# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging.
#statsdir /var/log/ntpsec/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable
# This should be maxclock 7, but the pool entries count towards maxclock.
tos maxclock 11
# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
tos minclock 4 minsane 3
# Specify one or more NTP servers.
# Public NTP servers supporting Network Time Security:
# server time.cloudflare.com nts
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <https://www.pool.ntp.org/join.html>
{% for server in ntp_pools %}
pool {{ server }} iburst
{% endfor %}
# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
# for details.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict default kod nomodify nopeer noquery limited
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
|