1 files changed, 51 insertions, 0 deletions

diff --git a/baserock/strata/ntpd/ntpd.morph b/baserock/strata/ntpd/ntpd.morph
new file mode 100644
index 00000000..762762c7
--- /dev/null
+++ b/baserock/strata/ntpd/ntpd.morph
@@ -0,0 +1,51 @@
+name: ntpd
+kind: chunk
+build-system: autotools
+configure-commands:
+- ./configure --prefix="$PREFIX" --enable-linuxcaps
+post-install-commands:
+- |
+  cat > ntpd.service << EOF
+  [Unit]
+  Description=Network Time Service
+  After=network.target nss-lookup.target
+  Conflicts=systemd-timesyncd.service
+
+  [Service]
+  Type=forking
+  ExecStart=/usr/bin/ntpd -u ntp:ntp -Ng
+  PrivateTmp=True
+  Restart=on-failure
+
+  [Install]
+  WantedBy=multi-user.target
+  EOF
+- install -D -m 644 ntpd.service "$DESTDIR"/lib/systemd/system/ntpd.service
+- mkdir -p "$DESTDIR"/lib/systemd/system/multi-user.target.wants
+- ln -s /lib/systemd/system/ntpd.service  "$DESTDIR"/lib/systemd/system/multi-user.target.wants/ntpd.service
+- |
+  cat > ntp.conf << EOF
+  # We use iburst here to reduce the potential initial delay to set the clock
+  server 0.pool.ntp.org iburst
+  server 1.pool.ntp.org iburst
+  server 2.pool.ntp.org iburst
+  server 3.pool.ntp.org iburst
+
+  # kod - notify client when packets are denied service,
+  # rather than just dropping the packets
+  #
+  # nomodify - deny queries which attempt to modify the state of the server
+  #
+  # notrap - decline to provide mode 6 control message trap service to
+  # matching hosts
+  #
+  # see ntp.conf(5) for more details
+  restrict -4 default limit kod notrap nomodify
+  restrict -6 default limit kod notrap nomodify
+  EOF
+- install -D -m 644 ntp.conf "$DESTDIR"/etc/ntp.conf
+system-integration:
+  ntpd-misc:
+    00-add-ntpd-user:
+    - groupadd -r ntp
+    - useradd -g ntp -d /home/ntp -s /bin/false -r ntp