From 9a60cf1fb1bfb591029d54f64d6f619a6786b7e6 Mon Sep 17 00:00:00 2001
From: chris <chris@scorpio-it.net>
Date: Fri, 23 Dec 2016 23:29:41 +0100
Subject: add restrict as default values (by psaavedra)

---
 defaults/main.yml     | 3 +++
 templates/ntp.conf.j2 | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index a84e911..21d2b23 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,3 +8,6 @@ ntp_servers:
  - 1.pool.ntp.org iburst
  - 2.pool.ntp.org iburst
  - 3.pool.ntp.org iburst
+ntp_restrict:
+ - 127.0.0.1
+ - ::1
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
index cc1e0f0..e06ff1e 100644
--- a/templates/ntp.conf.j2
+++ b/templates/ntp.conf.j2
@@ -26,8 +26,9 @@ restrict default nomodify notrap nopeer noquery
 # Permit all access over the loopback interface.  This could
 # be tightened as well, but to do so would effect some of
 # the administrative functions.
-restrict 127.0.0.1
-restrict ::1
+{% for item in ntp_restrict %}
+restrict {{ item }}
+{% endfor %}
 
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
-- 
cgit v1.2.1