diff --git a/repo/hosts/cagua/ntp.conf b/repo/hosts/cagua/ntp.conf index 78cae14..8eb1e20 100644 --- a/repo/hosts/cagua/ntp.conf +++ b/repo/hosts/cagua/ntp.conf @@ -1,64 +1,48 @@ -*# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help +# State files driftfile /var/lib/ntp/ntp.drift +leapfile /usr/share/zoneinfo/leap-seconds.list -# Enable this if you want statistics to be logged. -#statsdir /var/log/ntpstats/ +# Statistics -statistics loopstats peerstats clockstats +statistics loopstats peerstats clockstats sysstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable +filegen sysstats file sysstats type day enable +# Interfaces to listen on: +interface listen 192.168.1.0/24 +interface listen 10.250.42.0/24 +interface listen 10.42.250.0/16 +interface ignore wildcard -# You do need to talk to an NTP server or two (or three). -#server ntp.your-provider.example +# NTP sources +# Our other NTP server, to have consistant REFID +server didicas prefer iburst -# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will -# pick a different set every time it starts up. Please consider joining the -# pool: -server ntp.laas.fr iburst -server ntp.sophia.cnrs.fr iburst -server ntp2.emn.fr iburst -server delphi.phys.univ-tours.fr iburst -server ntp.crashdump.fr iburst -server ntp.ilianum.com iburst -server ntp.unice.fr iburst -server ntp.accelance.net iburst -server ntp.deuza.net iburst -server ntp1.jussieu.fr iburst -server time.resolvlab.com iburst +server ntp.laas.fr iburst +server ntp.sophia.cnrs.fr iburst +server ntp2.emn.fr iburst +server delphi.phys.univ-tours.fr iburst +server ntp.crashdump.fr iburst +server ntp.ilianum.com iburst +server ntp.unice.fr iburst +server ntp.accelance.net iburst +server ntp.deuza.net iburst +server ntp1.jussieu.fr iburst +server time.resolvlab.com iburst # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page # might also be helpful. # -# Note that "restrict" applies to both servers and clients, so a configuration -# that might be intended to block requests from certain clients could also end -# up blocking replies from your own upstream servers. - -# By default, exchange time with everybody, but don't allow configuration. -restrict -4 default kod notrap nomodify nopeer noquery limited -restrict -6 default kod notrap nomodify nopeer noquery limited - -# Local users may interrogate the ntp server more closely. -restrict 192.168.1.0/24 -restrict 127.0.0.1 -restrict ::1 - -# Needed for adding pool entries +restrict default limited nomodify notrap nopeer noquery restrict source notrap nomodify noquery -# Clients from this (example!) subnet have unlimited access, but only if -# cryptographically authenticated. -restrict 192.168.0.0 mask 255.255.0.0 trust - - -# If you want to provide time to your local subnet, change the next line. -# (Again, the address is an example only.) -broadcast 192.168.1.255 - -# If you want to listen to time broadcasts on your local subnet, de-comment the -# next lines. Please do this only if you trust everybody on the network! -#disable auth -#broadcastclient +restrict 192.168.1.0/24 +restrict 10.250.42.0/24 +restrict 10.42.250.0/16 +restrict 127.0.0.1 +restrict ::1 diff --git a/repo/hosts/didicas/ntp.conf b/repo/hosts/didicas/ntp.conf index 78cae14..f49099f 100644 --- a/repo/hosts/didicas/ntp.conf +++ b/repo/hosts/didicas/ntp.conf @@ -1,64 +1,48 @@ -*# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help +# State files driftfile /var/lib/ntp/ntp.drift +leapfile /usr/share/zoneinfo/leap-seconds.list -# Enable this if you want statistics to be logged. -#statsdir /var/log/ntpstats/ +# Statistics -statistics loopstats peerstats clockstats +statistics loopstats peerstats clockstats sysstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable +filegen sysstats file sysstats type day enable +# Interfaces to listen on: +interface listen 192.168.1.0/24 +interface listen 10.250.42.0/24 +interface listen 10.42.250.0/16 +interface ignore wildcard -# You do need to talk to an NTP server or two (or three). -#server ntp.your-provider.example +# NTP sources +# Our other NTP server, to have consistant REFID +server cagua prefer iburst -# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will -# pick a different set every time it starts up. Please consider joining the -# pool: -server ntp.laas.fr iburst -server ntp.sophia.cnrs.fr iburst -server ntp2.emn.fr iburst -server delphi.phys.univ-tours.fr iburst -server ntp.crashdump.fr iburst -server ntp.ilianum.com iburst -server ntp.unice.fr iburst -server ntp.accelance.net iburst -server ntp.deuza.net iburst -server ntp1.jussieu.fr iburst -server time.resolvlab.com iburst +server ntp.laas.fr iburst +server ntp.sophia.cnrs.fr iburst +server ntp2.emn.fr iburst +server delphi.phys.univ-tours.fr iburst +server ntp.crashdump.fr iburst +server ntp.ilianum.com iburst +server ntp.unice.fr iburst +server ntp.accelance.net iburst +server ntp.deuza.net iburst +server ntp1.jussieu.fr iburst +server time.resolvlab.com iburst # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page # might also be helpful. # -# Note that "restrict" applies to both servers and clients, so a configuration -# that might be intended to block requests from certain clients could also end -# up blocking replies from your own upstream servers. - -# By default, exchange time with everybody, but don't allow configuration. -restrict -4 default kod notrap nomodify nopeer noquery limited -restrict -6 default kod notrap nomodify nopeer noquery limited - -# Local users may interrogate the ntp server more closely. -restrict 192.168.1.0/24 -restrict 127.0.0.1 -restrict ::1 - -# Needed for adding pool entries +restrict default limited nomodify notrap nopeer noquery restrict source notrap nomodify noquery -# Clients from this (example!) subnet have unlimited access, but only if -# cryptographically authenticated. -restrict 192.168.0.0 mask 255.255.0.0 trust - - -# If you want to provide time to your local subnet, change the next line. -# (Again, the address is an example only.) -broadcast 192.168.1.255 - -# If you want to listen to time broadcasts on your local subnet, de-comment the -# next lines. Please do this only if you trust everybody on the network! -#disable auth -#broadcastclient +restrict 192.168.1.0/24 +restrict 10.250.42.0/24 +restrict 10.42.250.0/16 +restrict 127.0.0.1 +restrict ::1