From 160dfceb8ddb5124b0c04399ed491b921c4a823f Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Thu, 3 Dec 2020 14:44:52 +0100
Subject: [PATCH] Update ntp.conf.j2

---
 .../templates/etc/ntp.conf.j2                 | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/roles/timesync-enabled/templates/etc/ntp.conf.j2 b/roles/timesync-enabled/templates/etc/ntp.conf.j2
index 1c7b839..52217c1 100644
--- a/roles/timesync-enabled/templates/etc/ntp.conf.j2
+++ b/roles/timesync-enabled/templates/etc/ntp.conf.j2
@@ -4,8 +4,12 @@
 
 driftfile /var/lib/ntp/ntp.drift
 
-# Enable statistics
+# Leap seconds definition provided by tzdata
+leapfile /usr/share/zoneinfo/leap-seconds.list
+
+# Enable statistics if you want statistics to be logged.
 statsdir /var/log/ntpstats/
+
 statistics loopstats peerstats clockstats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
@@ -16,14 +20,22 @@ filegen clockstats file clockstats type day enable
 {% endfor %}
 
 # NTP pools
-{% for pool in timesync_pools|default([]) %}pool {{ pool }} iburst
+{% for pool in timesync_pools|default(["0.pool.ntp.org"]) %}pool {{ pool }} iburst
 {% endfor %}
 
 # Access control configuration
 # By default, exchange time with everybody, but don't allow configuration.
-restrict -4 default kod notrap nomodify nopeer noquery
-restrict -6 default kod notrap nomodify nopeer noquery
+restrict -4 default kod notrap nomodify nopeer noquery limited
+restrict -6 default kod notrap nomodify nopeer noquery limited
+
 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1
 restrict ::1
+restrict -6 ::1
+
+# Needed for adding pool entries
+restrict source notrap nomodify noquery
+
+# Allow to query/monitor the daemon
+#enable mode7