From a189b7935b8ab51cbf74c7d070edb70ab360bd2c Mon Sep 17 00:00:00 2001
From: Gregory Colpart <gcolpart+git@evolix.fr>
Date: Mon, 17 Jul 2017 14:21:32 +0200
Subject: [PATCH] NTPD : Listen only on lo interface by default

---
 evolinux-base/defaults/main.yml | 1 +
 evolinux-base/handlers/main.yml | 5 +++++
 evolinux-base/tasks/system.yml  | 9 +++++++++
 3 files changed, 15 insertions(+)

diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml
index b3c2085b..f58ab6e5 100644
--- a/evolinux-base/defaults/main.yml
+++ b/evolinux-base/defaults/main.yml
@@ -95,6 +95,7 @@ evolinux_system_alert5_init: True
 evolinux_system_alert5_enable: True
 evolinux_system_eni_auto: True
 
+evolinux_system_ntprestrict: True
 evolinux_system_set_ntpserver: True
 evolinux_system_ntpserver: "ntp.evolix.net"
 
diff --git a/evolinux-base/handlers/main.yml b/evolinux-base/handlers/main.yml
index 3458490c..002cd978 100644
--- a/evolinux-base/handlers/main.yml
+++ b/evolinux-base/handlers/main.yml
@@ -71,3 +71,8 @@
   service:
     name: postfix
     state: reloaded
+
+- name: restart ntp
+  service:
+    name: ntp
+    state: restarted
diff --git a/evolinux-base/tasks/system.yml b/evolinux-base/tasks/system.yml
index 53ce06c2..6c7766d5 100644
--- a/evolinux-base/tasks/system.yml
+++ b/evolinux-base/tasks/system.yml
@@ -112,7 +112,15 @@
   - {regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
   when: evolinux_system_cron_random
 
+# NTP listen retriction
+- name: Listen only on lo interface
+
 # NTP server address
+  lineinfile:
+    dest: /etc/ntp.conf
+    line: "interface ignore wildcard"
+  notify: restart ntp
+  when: evolinux_system_ntprestrict
 
 - name: Configure NTP
   replace:
@@ -120,6 +128,7 @@
     regexp: "^server .*$"
     replace: "server {{ evolinux_system_ntpserver }}"
     backup: yes
+  notify: restart ntp
   when: evolinux_system_set_ntpserver
 
 ## alert5