1 files changed, 39 insertions, 0 deletions

diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl
new file mode 100644
index 000000000..2b56b53c3
--- /dev/null
+++ b/data/templates/ntp/ntpd.conf.tmpl
@@ -0,0 +1,39 @@
+### Autogenerated by ntp.py ###
+
+#
+# Non-configurable defaults
+#
+driftfile /var/lib/ntp/ntp.drift
+# By default, only allow ntpd to query time sources, ignore any incoming requests
+restrict default noquery nopeer notrap nomodify
+# Local users have unrestricted access, allowing reconfiguration via ntpdc
+restrict 127.0.0.1
+restrict -6 ::1
+
+#
+# Configurable section
+#
+{% if server is defined and server is not none %}
+{%   for server, config in server.items() %}
+{%     set association = 'server' %}
+{%     if config.pool is defined %}
+{%       set association = 'pool' %}
+{%     endif %}
+{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is defined }} {{ 'preempt' if config.preempt is defined }} {{ 'prefer' if config.prefer is defined }}
+{%   endfor %}
+{% endif %}
+
+{% if allow_clients is defined and allow_clients.address is defined %}
+# Allowed clients configuration
+{%   for address in allow_clients.address %}
+restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer
+{%   endfor %}
+{% endif %}
+
+{% if listen_address %}
+# NTP should listen on configured addresses only
+interface ignore wildcard
+{%   for address in listen_address %}
+interface listen {{ address }}
+{%   endfor %}
+{% endif %}