xoxys.ntp/templates/etc/ntp.conf.j2

{{ ansible_managed | comment }}
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
{% for item in ntp_servers %}
server {{ item }}
{% endfor %}

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust

# Enable public key cryptography.
#crypto

#includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
#keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
fix ansible_managed handling 2019-08-27 20:41:58 +00:00			`{{ ansible_managed \| comment }}`
initial commit 2018-11-15 19:15:35 +00:00			`# For more information about this file, see the man pages`
			`# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).`

			`driftfile /var/lib/ntp/drift`

			`# Enable this if you want statistics to be logged.`
			`#statsdir /var/log/ntpstats/`

			`statistics loopstats peerstats clockstats`
			`filegen loopstats file loopstats type day enable`
			`filegen peerstats file peerstats type day enable`
			`filegen clockstats file clockstats type day enable`

			`# Use public servers from the pool.ntp.org project.`
			`# Please consider joining the pool (http://www.pool.ntp.org/join.html).`
			`{% for item in ntp_servers %}`
			`server {{ item }}`
			`{% endfor %}`

			`# Permit time synchronization with our time source, but do not`
			`# permit the source to query or modify the service on this system.`
			`restrict default nomodify notrap nopeer noquery`

			`# Permit all access over the loopback interface. This could`
			`# be tightened as well, but to do so would effect some of`
			`# the administrative functions.`
			`restrict 127.0.0.1`
			`restrict ::1`

			`# Clients from this (example!) subnet have unlimited access, but only if`
			`# cryptographically authenticated.`
			`#restrict 192.168.123.0 mask 255.255.255.0 notrust`

			`# Enable public key cryptography.`
			`#crypto`

			`#includefile /etc/ntp/crypto/pw`

			`# Key file containing the keys and key identifiers used when operating`
			`# with symmetric key cryptography.`
			`#keys /etc/ntp/keys`

			`# Specify the key identifiers which are trusted.`
			`#trustedkey 4 8 42`

			`# Specify the key identifier to use with the ntpdc utility.`
			`#requestkey 8`

			`# Specify the key identifier to use with the ntpq utility.`
			`#controlkey 8`

			`# Enable writing of statistics records.`
			`#statistics clockstats cryptostats loopstats peerstats`

			`# Disable the monitoring facility to prevent amplification attacks using ntpdc`
			`# monlist command when default restrict does not include the noquery flag. See`
			`# CVE-2013-5211 for more details.`
			`# Note: Monitoring will not be disabled with the limited restriction flag.`
			`disable monitor`

			`# If you want to provide time to your local subnet, change the next line.`
			`# (Again, the address is an example only.)`
			`#broadcast 192.168.123.255`

			`# If you want to listen to time broadcasts on your local subnet, de-comment the`
			`# next lines. Please do this only if you trust everybody on the network!`
			`#disable auth`
			`#broadcastclient`