keep clock updated

alpines.yml

@@ -24,6 +24,7 @@
     - tinc
     - prometheus-node-exporter
     - prometheus-node-exporter-openrc
+    - ntpsec
   tasks:
   - include_tasks: "tasks/partition.yml"
   - include_tasks: "tasks/encrypt.yml"

tasks/post_install.yml

@@ -48,6 +48,8 @@
     service: "hwclock"
   - runlevel: "boot"
     service: "swclock"
+  - runlevel: "default"
+    service: "ntpd"
 - name: "Install firewall rules."
   template:
     src: "templates/etc/iptables/{{ item }}.j2"
@@ -62,5 +64,19 @@
   loop:
   - blocklist4
   - blocklist6
+- name: "Create NTP directories."
+  file:
+    state: "directory"
+    path: "{{ item }}"
+  loop:
+  - "/var/NTP"
+  - "/var/lib/ntp"
+- name: "And services."
+  template:
+    src: "templates/{{ item }}.j2"
+    dest: "{{ item }}"
+    mode: "750"
+  loop:
+  - /etc/init.d/ntpd
 - name: "Reboot!"
   reboot:

templates/etc/init.d/ntpd.j2

@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+
+DAEMON="/usr/sbin/ntpd"
+PIDFILE="/var/run/ntpd.pid"
+
+depend() {
+  need net
+}
+
+start() {
+  ebegin "Starting NTPSec"
+  start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}"
+  eend $?
+}
+
+stop() {
+  ebegin "Stopping NTPSec"
+  start-stop-daemon --stop --pidfile "${PIDFILE}"
+  eend $?
+}

templates/etc/ntp.conf

@@ -0,0 +1,5 @@
+pool pool.ntp.org
+driftfile /var/lib/ntp/ntp.drift
+restrict default kod limited nomodify nopeer noquery
+restrict 127.0.0.1
+restrict ::1