1 files changed, 47 insertions, 0 deletions

diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntp.conf.tmpl
new file mode 100644
index 000000000..6ef0c0f2c
--- /dev/null
+++ b/data/templates/ntp/ntp.conf.tmpl
@@ -0,0 +1,47 @@
+### Autogenerated by ntp.py ###
+
+#
+# Non-configurable defaults
+#
+driftfile /var/lib/ntp/ntp.drift
+# By default, only allow ntpd to query time sources, ignore any incoming requests
+restrict default noquery nopeer notrap nomodify
+# Local users have unrestricted access, allowing reconfiguration via ntpdc
+restrict 127.0.0.1
+restrict -6 ::1
+
+#
+# Configurable section
+#
+{% if server %}
+{%   for srv in server %}
+{%     set options = '' %}
+{%     set options = options + 'noselect ' if server[srv].noselect is defined else '' %}
+{%     set options = options + 'preempt ' if server[srv].preempt is defined else '' %}
+{%     set options = options + 'prefer ' if server[srv].prefer is defined else '' %}
+server {{ srv | replace('_', '-') }} iburst {{ options }}
+{%   endfor %}
+{% endif %}
+
+{% if allow_clients is defined and allow_clients.address is defined %}
+# Allowed clients configuration
+{%   if allow_clients.address is string %}
+restrict {{ allow_clients.address|address_from_cidr }} mask {{ allow_clients.address|netmask_from_cidr }} nomodify notrap nopeer
+{%   else %}
+{%     for address in allow_clients.address %}
+restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer
+{%     endfor %}
+{%   endif %}
+{% endif %}
+
+{% if listen_address %}
+# NTP should listen on configured addresses only
+interface ignore wildcard
+{%   if listen_address is string %}
+interface listen {{ listen_address }}
+{%   else %}
+{%     for address in listen_address %}
+interface listen {{ address }}
+{%     endfor %}
+{%   endif %}
+{% endif %}