Merge pull request #21 from computersalat/add_restrict

add restrict as default values (by psaavedra)

2 files changed, 21 insertions, 6 deletions

diff --git a/defaults/main.yml b/defaults/main.yml
index a84e911..8d4c702 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,8 +3,22 @@ ntp_enabled: true
 ntp_timezone: Etc/UTC
 
 ntp_manage_config: false
+### choose ntp server area ###
+# http://support.ntp.org/bin/view/Servers/NTPPoolServers
+###
+# Leave empty for Worldwide Area
+#     Worldwide:    ''
+#          Asia:    '.asia'
+#        Europe:    '.europe'
+# North America:    '.north-america'
+#       Oceania:    '.oceania'
+# South America:    '.south-america'
+ntp_area: ''
 ntp_servers:
- - 0.pool.ntp.org iburst
- - 1.pool.ntp.org iburst
- - 2.pool.ntp.org iburst
- - 3.pool.ntp.org iburst
+ - 0{{ ntp_area }}.pool.ntp.org iburst
+ - 1{{ ntp_area }}.pool.ntp.org iburst
+ - 2{{ ntp_area }}.pool.ntp.org iburst
+ - 3{{ ntp_area }}.pool.ntp.org iburst
+ntp_restrict:
+ - 127.0.0.1
+ - ::1
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
index cc1e0f0..e06ff1e 100644
--- a/templates/ntp.conf.j2
+++ b/templates/ntp.conf.j2
@@ -26,8 +26,9 @@ restrict default nomodify notrap nopeer noquery
 # Permit all access over the loopback interface.  This could
 # be tightened as well, but to do so would effect some of
 # the administrative functions.
-restrict 127.0.0.1
-restrict ::1
+{% for item in ntp_restrict %}
+restrict {{ item }}
+{% endfor %}
 
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.