From ac9f6ba59232b3e9c5685cefd33f8dbaa48e7d69 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Sun, 19 Jun 2022 02:48:44 -0300
Subject: [PATCH] keep clock updated

---
 alpines.yml                  |  1 +
 tasks/post_install.yml       | 16 ++++++++++++++++
 templates/etc/init.d/ntpd.j2 | 20 ++++++++++++++++++++
 templates/etc/ntp.conf       |  5 +++++
 4 files changed, 42 insertions(+)
 create mode 100755 templates/etc/init.d/ntpd.j2
 create mode 100644 templates/etc/ntp.conf

diff --git a/alpines.yml b/alpines.yml
index 99373aa..811697a 100644
--- a/alpines.yml
+++ b/alpines.yml
@@ -24,6 +24,7 @@
     - tinc
     - prometheus-node-exporter
     - prometheus-node-exporter-openrc
+    - ntpsec
   tasks:
   - include_tasks: "tasks/partition.yml"
   - include_tasks: "tasks/encrypt.yml"
diff --git a/tasks/post_install.yml b/tasks/post_install.yml
index 7e71fca..b609878 100644
--- a/tasks/post_install.yml
+++ b/tasks/post_install.yml
@@ -48,6 +48,8 @@
     service: "hwclock"
   - runlevel: "boot"
     service: "swclock"
+  - runlevel: "default"
+    service: "ntpd"
 - name: "Install firewall rules."
   template:
     src: "templates/etc/iptables/{{ item }}.j2"
@@ -62,5 +64,19 @@
   loop:
   - blocklist4
   - blocklist6
+- name: "Create NTP directories."
+  file:
+    state: "directory"
+    path: "{{ item }}"
+  loop:
+  - "/var/NTP"
+  - "/var/lib/ntp"
+- name: "And services."
+  template:
+    src: "templates/{{ item }}.j2"
+    dest: "{{ item }}"
+    mode: "750"
+  loop:
+  - /etc/init.d/ntpd
 - name: "Reboot!"
   reboot:
diff --git a/templates/etc/init.d/ntpd.j2 b/templates/etc/init.d/ntpd.j2
new file mode 100755
index 0000000..3779360
--- /dev/null
+++ b/templates/etc/init.d/ntpd.j2
@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+
+DAEMON="/usr/sbin/ntpd"
+PIDFILE="/var/run/ntpd.pid"
+
+depend() {
+  need net
+}
+
+start() {
+  ebegin "Starting NTPSec"
+  start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}"
+  eend $?
+}
+
+stop() {
+  ebegin "Stopping NTPSec"
+  start-stop-daemon --stop --pidfile "${PIDFILE}"
+  eend $?
+}
diff --git a/templates/etc/ntp.conf b/templates/etc/ntp.conf
new file mode 100644
index 0000000..5742a88
--- /dev/null
+++ b/templates/etc/ntp.conf
@@ -0,0 +1,5 @@
+pool pool.ntp.org
+driftfile /var/lib/ntp/ntp.drift
+restrict default kod limited nomodify nopeer noquery
+restrict 127.0.0.1
+restrict ::1