NTPSec

OVH network assigns IP addresses on a /32 subnet, so we can't add a
default gateway because it's outside the subnet.

config.yml

@@ -24,6 +24,8 @@ packages:
 - "ntpsec"
 - "haveged"
 - "haveged-openrc"
+- "git"
+- "git-lfs"
 templates:
 - "/etc/conf.d/iptables"
 - "/etc/conf.d/ip6tables"
@@ -38,6 +40,8 @@ templates:
 - "/etc/sysctl.d/coredump.conf"
 - "/etc/docker/daemon.json"
 - "/etc/ntp.conf"
+executables:
+- "/usr/libexec/ifupdown-ng/routes"
 services:
 - runlevel: "sysinit"
   service: "devfs"

tasks/post_install.yml

@@ -9,6 +9,12 @@
     dest: "/mnt{{ item }}"
     mode: "640"
   loop: "{{ templates }}"
+- name: "Also executables."
+  template:
+    src: "templates{{ item }}.j2"
+    dest: "/mnt{{ item }}"
+    mode: "750"
+  loop: "{{ executables }}"
 - name: "And services."
   template:
     src: "templates{{ item }}.j2"

tasks/update.yml

@@ -7,6 +7,12 @@
     dest: "{{ item }}"
     mode: "640"
   loop: "{{ templates }}"
+- name: "Also executables."
+  template:
+    src: "templates{{ item }}.j2"
+    dest: "{{ item }}"
+    mode: "750"
+  loop: "{{ executables }}"
 - name: "And services."
   template:
     src: "templates{{ item }}.j2"

templates/etc/init.d/ntpd.j2

@@ -1,20 +1,9 @@
 #!/sbin/openrc-run
 
-DAEMON="/usr/sbin/ntpd"
+command="/usr/sbin/ntpd"
-PIDFILE="/var/run/ntpd.pid"
+pidfile="/var/run/ntpd.pid"
+command_args="-g"
 
 depend() {
   need net
 }
-
-start() {
-  ebegin "Starting NTPSec"
-  start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}"
-  eend $?
-}
-
-stop() {
-  ebegin "Stopping NTPSec"
-  start-stop-daemon --stop --pidfile "${PIDFILE}"
-  eend $?
-}

templates/etc/network/interfaces.j2

@@ -6,7 +6,7 @@ auto eth0
 
 iface eth0 inet static
   address {{ ansible_host }}/{{ netmask }}
-  gateway {{ gateway }}
+  routes-static {{ gateway }},default via {{ gateway }}
 
 {% if ip6 is defined %}
 iface eth0 inet6 static

templates/etc/ntp.conf.j2

@@ -1,3 +1,4 @@
 # https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d
 server time.cloudflare.com nts iburst
 driftfile /var/lib/ntp/ntp.drift
+file pidfile filename /var/run/ntpd.pid type pid

templates/usr/libexec/ifupdown-ng/routes.j2

@@ -0,0 +1,72 @@
+#!/bin/sh
+# https://github.com/ifupdown-ng/ifupdown-ng/issues/42#issuecomment-849135927
+[ -z "${VERBOSE}" ] || set -x
+
+# routes-static 1.2.3.0/24,10.0.0.0/8 via 1.2.3.4
+# routes-rule dport 25 table 123,dport 587 table 123
+
+# adds $3 to $1 if $1 does not contain $2
+addif() {
+	if [ "$1" = "${1%$2*}" ]; then
+		echo $1 $3
+	else
+		echo $1
+	fi
+}
+decidr() {
+	echo "${1%/*}"
+}
+addsrc() {
+	addif "$1" src "src $(decidr $IF_ADDRESS)"
+}
+adddev() {
+	addif "$1" dev "dev $IFACE"
+}
+
+# $1: input string
+# $2: delimeter
+# $3: function to call
+foreach() {
+	list="$1"
+
+	while [ -n "$list" ]; do
+		line="${list%%$2*}"
+		list="${list#*$2}"
+		"$3" "$line"
+
+		[ "$line" = "$list" ] && break
+	done
+}
+
+# add a route
+prep() {
+	route="$1"
+	route=$(addsrc "$route")
+	route=$(adddev "$route")
+	echo $route
+}
+routeadd() {
+	${MOCK} ip route add $(prep "$1")
+}
+routedel() {
+	${MOCK} ip route del $(prep "$1")
+}
+
+ruleadd() {
+	${MOCK} ip rule add $1
+}
+ruledel() {
+	${MOCK} ip rule del $1
+}
+
+case "$PHASE" in
+up)
+	foreach "$IF_ROUTES_STATIC" , routeadd
+	foreach "$IF_ROUTES_RULE" , ruleadd
+	;;
+down)
+	foreach "$IF_ROUTES_STATIC" , routedel
+	foreach "$IF_ROUTES_RULE" , ruledel
+	;;
+*) exit 0 ;;
+esac