templates/ntp.conf.j2

# This configuration file is managed by Ansible.
# It is configured to run as an Active Directory Domain Controller.

# Enable kernel time discipline (important for a DC)
tos maxclock 10

# Use your own local clock as a reliable fallback/default
# Local clock. Note that is not the "localhost" address!
server  127.127.1.0     # Undisciplined local clock
fudge   127.127.1.0 stratum 10

# Where to retrieve the time from
# Optionally, add external sources for greater accuracy (NTP pool)
# You should choose servers close to your location or use a reliable pool.
server 0.pool.ntp.org iburst prefer
server 1.pool.ntp.org iburst prefer
server 1.pool.ntp.org iburst prefer

# Drift file location
driftfile       /var/lib/ntp/ntp.drift
logfile         /var/log/ntp
ntpsigndsocket  {{ ntp_signd_path }}

# Access control
# Default restriction: Allow clients only to query the time
restrict default kod nomodify notrap nopeer limited mssntp

# No restrictions for "localhost"
restrict 127.0.0.1

# Enable the time sources to only provide time to this host
restrict 0.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
restrict 1.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
restrict 2.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery

# tell NTP not to panic and exit
tinker panic 0
patch undefined: Updated the DNS configuration in the `resolv.conf.j2` template to include both the local host and the Ansible-managed DNS server. Added a new line to the `resolv.conf.j2` template to specify the Ansible-managed DNS server (`{{ addc_ansible_host }}`). This ensures that the system uses both the local host and the managed DNS server for DNS resolution. 2025-10-19 22:25:19 +02:00			`# This configuration file is managed by Ansible.`
			`# It is configured to run as an Active Directory Domain Controller.`

			`# Enable kernel time discipline (important for a DC)`
			`tos maxclock 10`

			`# Use your own local clock as a reliable fallback/default`
			`# Local clock. Note that is not the "localhost" address!`
			`server 127.127.1.0 # Undisciplined local clock`
			`fudge 127.127.1.0 stratum 10`

			`# Where to retrieve the time from`
			`# Optionally, add external sources for greater accuracy (NTP pool)`
			`# You should choose servers close to your location or use a reliable pool.`
			`server 0.pool.ntp.org iburst prefer`
			`server 1.pool.ntp.org iburst prefer`
			`server 1.pool.ntp.org iburst prefer`

			`# Drift file location`
			`driftfile /var/lib/ntp/ntp.drift`
			`logfile /var/log/ntp`
			`ntpsigndsocket {{ ntp_signd_path }}`

			`# Access control`
			`# Default restriction: Allow clients only to query the time`
			`restrict default kod nomodify notrap nopeer limited mssntp`

			`# No restrictions for "localhost"`
			`restrict 127.0.0.1`

			`# Enable the time sources to only provide time to this host`
			`restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery`
			`restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery`
			`restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery`

			`# tell NTP not to panic and exit`
			`tinker panic 0`