summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Geerling <geerlingguy@mac.com>2016-12-27 11:38:40 -0600
committerGitHub <noreply@github.com>2016-12-27 11:38:40 -0600
commit8f217a49ff730b799e913aeeaa140cffd9fa7f25 (patch)
tree8d17b5db6500db06203e8351c925957f753f8e09
parentdc2df3e38d64037d5d5f80eb246e10f05566cc76 (diff)
parent711363133f2644f2a6b690827a71607da08c0655 (diff)
downloadntp-8f217a49ff730b799e913aeeaa140cffd9fa7f25.tar.gz
ntp-8f217a49ff730b799e913aeeaa140cffd9fa7f25.tar.bz2
ntp-8f217a49ff730b799e913aeeaa140cffd9fa7f25.tar.xz
ntp-8f217a49ff730b799e913aeeaa140cffd9fa7f25.zip
Merge pull request #21 from computersalat/add_restrict
add restrict as default values (by psaavedra)
-rw-r--r--defaults/main.yml22
-rw-r--r--templates/ntp.conf.j25
2 files changed, 21 insertions, 6 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index a84e911..8d4c702 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,8 +3,22 @@ ntp_enabled: true
ntp_timezone: Etc/UTC
ntp_manage_config: false
+### choose ntp server area ###
+# http://support.ntp.org/bin/view/Servers/NTPPoolServers
+###
+# Leave empty for Worldwide Area
+# Worldwide: ''
+# Asia: '.asia'
+# Europe: '.europe'
+# North America: '.north-america'
+# Oceania: '.oceania'
+# South America: '.south-america'
+ntp_area: ''
ntp_servers:
- - 0.pool.ntp.org iburst
- - 1.pool.ntp.org iburst
- - 2.pool.ntp.org iburst
- - 3.pool.ntp.org iburst
+ - 0{{ ntp_area }}.pool.ntp.org iburst
+ - 1{{ ntp_area }}.pool.ntp.org iburst
+ - 2{{ ntp_area }}.pool.ntp.org iburst
+ - 3{{ ntp_area }}.pool.ntp.org iburst
+ntp_restrict:
+ - 127.0.0.1
+ - ::1
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
index cc1e0f0..e06ff1e 100644
--- a/templates/ntp.conf.j2
+++ b/templates/ntp.conf.j2
@@ -26,8 +26,9 @@ restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
-restrict 127.0.0.1
-restrict ::1
+{% for item in ntp_restrict %}
+restrict {{ item }}
+{% endfor %}
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.