local, vampire, ibanez: Centralize definition of NTP servers.

We now have multiple independent NTP servers, so it makes sense to
have the list of upstream servers in only one place.  Make it so.

diff --git a/ibanez.m4 b/ibanez.m4
index f826e0434ff36067b9c549acd8a5613e7e7f904c..384bd177912457f363a06df214271ce0866eb826 100644 (file)
--- a/ibanez.m4
+++ b/ibanez.m4
@@ -49,7 +49,7 @@ allowservices inbound tcp \
        ssh
 
 ## We have to provide NTP service.  The guests sync to our clock.
-ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2
+ntpclient inbound $ntp_servers
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------

diff --git a/local.m4 b/local.m4
index b9fa7000099cdff2a9c3ba179d68c1e5680a178b..0d67a97f06ed64b6712ed59b201b59b40f5d08b2 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -51,6 +51,9 @@ defiface $if_trusted \
        safe:172.29.199.64/27 \
        untrusted:default
 
+## Default NTP servers.
+ntp_servers="158.152.1.76 158.152.1.204 194.159.253.2 195.173.57.232"
+
 m4_divert(60)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.

diff --git a/vampire.m4 b/vampire.m4
index 6dc3710e20005421e12a7b372b73c00cf5fb16bf..f6f5d4660a34548edd023de5c0da913311016e45 100644 (file)
--- a/vampire.m4
+++ b/vampire.m4
@@ -86,7 +86,7 @@ run iptables -A OUTPUT -m multiport \
 
 ## Other interesting things.
 dnsresolver inbound
-ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2
+ntpclient inbound $ntp_servers
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------