diff --git a/conf/init.conf.sh b/conf/init.conf.sh index 68df0d0..6caaab4 100644 --- a/conf/init.conf.sh +++ b/conf/init.conf.sh @@ -3,8 +3,11 @@ # Utilisateur de la machine export MAINUSER="levasseu" +# Interface réseau principale +export MAINIF="eth0" + # Booléen indiquant une ou plusieurs futures VM -export WITH_VM=true +export WITH_VM="true" # ------------------------------------------------------------------------------ # Niveau ZFS : mirror (RAID1), raidz1 (RAID5), raidz2 (RAID6) @@ -20,4 +23,4 @@ export FORCEBLANK="no" # ------------------------------------------------------------------------------ -export MODULE_LIST="upgrade_dist conf_disks conf_locale" +export MODULE_LIST="upgrade_dist conf_disks conf_locale conf_ntp" diff --git a/conf/legos.conf.sh b/conf/legos.conf.sh index 9411469..040848d 100644 --- a/conf/legos.conf.sh +++ b/conf/legos.conf.sh @@ -17,8 +17,11 @@ export INSTLIST_BASE="bc curl dc debconf-utils deborphan dos2unix dump \ emacs-nox ethtool figlet gawk gpm htop ntp ifstat iftop iotop \ libpam-krb5 libnss-ldap libpam-ldap ltrace mailutils mc mtr-tiny \ multitail neofetch nmap nscd openssh-server oping p7zip-full p7zip-rar \ - pbzip2 perl-doc pigz plzip postfix pv qemu-guest-agent resolvconf rsync \ - screen snmpd strace tcpdump tmux traceroute unrar unzip whois xinetd zip" + pbzip2 perl-doc pigz plzip postfix pv qemu-guest-agent rsync screen \ + snmpd strace tcpdump tmux traceroute unrar unzip whois zip" # Configuration du disque de calcul : zfs, ext4 et xfs accepté export CALCTYPE="zfs" + +# Liste des serveurs NTP +export NTPSERVERS="ntp1 ntp2" diff --git a/init.sh b/init.sh index fc6666f..f693e9e 100755 --- a/init.sh +++ b/init.sh @@ -43,13 +43,6 @@ install_pkg() apt install -y $INSTLIST } -# NTP -conf_ntp() -{ - backupdist /etc/ntp.conf - installfile ntp.conf /etc/ntp.conf -} - # SSH server conf_ssh() { diff --git a/modules/conf_ntp.sh b/modules/conf_ntp.sh new file mode 100644 index 0000000..7eeec8c --- /dev/null +++ b/modules/conf_ntp.sh @@ -0,0 +1,28 @@ +# NTP + +conf_ntp() +{ + prnt I "Installation du fichier de configuration de NTP." + dest="/etc/ntp.conf.work" + backupdist /etc/ntp.conf + installfile ntp.conf $dest + local line="" + for srv in $NTPSERVERS; do + line="${line}server $srv iburst\n" + done + sed -i -e "s/@SERVERLIST@/$line/" $dest && + echo "# Generated on $(date --rfc-3339=seconds)" >> $dest && + mv -fv $dest /etc/ntp.conf +} + +# NTP +precheck_conf_ntp() +{ + if [[ ! $NTPSERVERS ]]; then + prnt E "Pas de serveur NTP configuré !" + exit 1 + fi +} + +export -f conf_ntp +export -f precheck_conf_ntp diff --git a/repo/common/ntp.conf b/repo/common/ntp.conf new file mode 100644 index 0000000..b393e9f --- /dev/null +++ b/repo/common/ntp.conf @@ -0,0 +1,49 @@ +# /etc/ntp.conf, configuration for ntpd + +driftfile /var/lib/ntp/ntp.drift + +# Enable this if you want statistics to be logged. +statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +# You do need to talk to an NTP server or two (or three). +#server ntp.your-provider.example + +# pool.ntp.org maps to more than 300 low-stratum NTP servers. +# Your server will pick a different set every time it starts up. +# *** Please consider joining the pool! *** +# *** *** + +# Liste des serveurs LEGOS +@SERVERLIST@ +# Fin de liste + +# By default, exchange time with everybody, but don't allow configuration. +# See /usr/share/doc/ntp-doc/html/accopt.html for details. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Needed for adding pool entries +#restrict source notrap nomodify noquery + +# Clients from this (example!) subnet have unlimited access, +# but only if cryptographically authenticated +#restrict 192.168.123.0 mask 255.255.255.0 notrust + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, +# de-comment the next lines. Please do this only if you trust everybody +# on the network! +#disable auth +#broadcastclien