1 files changed, 42 insertions, 0 deletions

diff --git a/data/templates/ntp/ntpd.conf.j2 b/data/templates/ntp/ntpd.conf.j2
new file mode 100644
index 000000000..da610051e
--- /dev/null
+++ b/data/templates/ntp/ntpd.conf.j2
@@ -0,0 +1,42 @@
+### Autogenerated by ntp.py ###
+
+#
+# Non-configurable defaults
+#
+driftfile /var/lib/ntp/ntp.drift
+# By default, only allow ntpd to query time sources, ignore any incoming requests
+restrict default noquery nopeer notrap nomodify
+# Allow pool associations
+restrict source nomodify notrap noquery
+# Local users have unrestricted access, allowing reconfiguration via ntpdc
+restrict 127.0.0.1
+restrict -6 ::1
+
+#
+# Configurable section
+#
+{% if server is vyos_defined %}
+{%     for server, config in server.items() %}
+{%         set association = 'server' %}
+{%         if config.pool is vyos_defined %}
+{%             set association = 'pool' %}
+{%         endif %}
+{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is vyos_defined }} {{ 'preempt' if config.preempt is vyos_defined }} {{ 'prefer' if config.prefer is vyos_defined }}
+{%     endfor %}
+{% endif %}
+
+{% if allow_clients.address is vyos_defined %}
+# Allowed clients configuration
+restrict default ignore
+{%     for address in allow_clients.address %}
+restrict {{ address | address_from_cidr }} mask {{ address | netmask_from_cidr }} nomodify notrap nopeer
+{%     endfor %}
+{% endif %}
+
+{% if listen_address %}
+# NTP should listen on configured addresses only
+interface ignore wildcard
+{%     for address in listen_address %}
+interface listen {{ address }}
+{%     endfor %}
+{% endif %}