add ntp server support (#2)
diff --git a/metadata/service/client/init.yml b/metadata/service/client/init.yml
index d71b06e..24e6ead 100644
--- a/metadata/service/client/init.yml
+++ b/metadata/service/client/init.yml
@@ -12,4 +12,6 @@
strata:
- ${_param:ntp_strata_host1}
- ${_param:ntp_strata_host2}
+ server:
+ enabled: false
mode7: false
diff --git a/ntp/files/ntp.conf b/ntp/files/ntp.conf
index 6704d18..a3778ba 100644
--- a/ntp/files/ntp.conf
+++ b/ntp/files/ntp.conf
@@ -1,4 +1,5 @@
-{%- set ntp = pillar.ntp.client %}
+{%- from "ntp/map.jinja" import client with context %}
+{%- from "ntp/map.jinja" import server with context %}
# ntpd will only synchronize your clock.
@@ -8,20 +9,14 @@
# - https://wiki.archlinux.org/index.php/Network_Time_Protocol_daemon
# Associate to Czech public NTP pool servers
-{%- for stratum in ntp.strata %}
+{%- for stratum in client.strata %}
server {{ stratum }}{% if loop.first %} iburst{% endif %}
{%- endfor %}
-# Provide your current local time as a default should you temporarly lose Internet connectivity
-# server 127.127.1.0
-# fudge 127.127.1.0 stratum 10
# Only allow read-only access from localhost
restrict default noquery nopeer
-# exchange time with everybody, but don't allow configuration.
-#restrict -4 default kod notrap nomodify nopeer noquery
-#restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
@@ -30,6 +25,25 @@
enable mode7
{%- endif %}
+
+{%- if server.get('enabled', False) %}
+# Provide your current local time as a default should you temporarly lose Internet connectivity
+server 127.127.1.0
+fudge 127.127.1.0 stratum 10
+
+# Allow restrict machines to synchronize with this ntp server
+{%- for r in server.get('restrict', {}) %}
+restrict {{ r.subnet }} mask {{ r.mask }} {{ r.options|default('nomodify notrap') }}
+{%- endfor %}
+
+# Exchange time with everybody, but don't allow configuration.
+#restrict -4 default kod notrap nomodify nopeer noquery
+#restrict -6 default kod notrap nomodify nopeer noquery
+{%- endif %}
+
+
# Location of drift file
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
+
+
diff --git a/ntp/server.sls b/ntp/server.sls
index a56761e..57634b5 100644
--- a/ntp/server.sls
+++ b/ntp/server.sls
@@ -1,4 +1,5 @@
{%- from "ntp/map.jinja" import server with context %}
{%- if server.enabled %}
-
-{%- endif %}
\ No newline at end of file
+#include:
+# - ntp.client
+{%- endif %}
diff --git a/tests/pillar/server.sls b/tests/pillar/server.sls
new file mode 100644
index 0000000..25e78b2
--- /dev/null
+++ b/tests/pillar/server.sls
@@ -0,0 +1,14 @@
+ntp:
+ client:
+ enabled: true
+ strata:
+ - ntp.cesnet.cz
+ - pool.ntp.org
+ server:
+ enabled: true
+ restrict:
+ - subnet: 192.168.0.1
+ mask: 255.255.255.0
+ - subnet: 172.16.1.1
+ mask: 255.255.0.0
+