e4d83d226e
Stub raus, vollständige Implementierung analog Unbound/Squid:
* Migration 0015: ntp_settings (single-row mit listen_addresses,
allow_acl, serve_clients, makestep, rtcsync) + ntp_pools (kind
pool|server, address, iburst/prefer, minpoll/maxpoll). Default
4 deutsche pool.ntp.org-Server seeded.
* Models DNSSettings/NTPPool, services/ntp Repo, handlers/ntp.go
REST /api/v1/ntp/{settings,pools} mit Auto-Restart nach Mutation.
* internal/chrony/chrony.cfg.tpl + chrony.go: Renderer schreibt
/etc/chrony/conf.d/edgeguard.conf direkt (analog unbound — distro
chrony.conf included conf.d automatisch). Listen-bind nur wenn
serve_clients=true; sonst port 0 (= Client-only).
* main.go: ntpRepo + chronyReloader injiziert.
* render.go: chrony als sechste generator.
* postinst:
- chrony als hard Depends im control file.
- Conf-Datei /etc/chrony/conf.d/edgeguard.conf wird als
edgeguard:edgeguard 0644 angelegt.
- Sudoers für systemctl reload + restart chrony.
* Auto-FW-Rule-Generator: udp/123 wenn serve_clients=true und
listen_addresses non-loopback enthält.
* Frontend /ntp: PageHeader + Quellen-Tab + Settings-Tab. Listen-
Addresses als Multi-Select aus Kernel-IPs (analog DNS).
* Sidebar-Eintrag unter Network.
* i18n DE/EN für ntp.* Block.
chrony.service hat kein 'reload' — Renderer ruft RestartService auf.
Verified: 4 default-pool-server connected (chronyc sources zeigt
sie nach erstem render).
Version 1.0.40.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
61 lines
2.4 KiB
SQL
61 lines
2.4 KiB
SQL
-- +goose Up
|
|
|
|
-- +goose StatementBegin
|
|
|
|
-- ntp_settings — single-row, analog dns_settings.
|
|
-- listen_addresses ist Komma-separiert; access_acl gibt die CIDR-
|
|
-- Liste die als NTP-Client erlaubt ist.
|
|
CREATE TABLE IF NOT EXISTS ntp_settings (
|
|
id BIGINT PRIMARY KEY DEFAULT 1,
|
|
listen_addresses TEXT NOT NULL DEFAULT '127.0.0.1, ::1',
|
|
allow_acl TEXT NOT NULL DEFAULT '127.0.0.0/8, ::1/128, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16',
|
|
serve_clients BOOLEAN NOT NULL DEFAULT TRUE,
|
|
makestep_secs NUMERIC(8,2) NOT NULL DEFAULT 1.0,
|
|
makestep_limit INTEGER NOT NULL DEFAULT 3,
|
|
rtcsync BOOLEAN NOT NULL DEFAULT TRUE,
|
|
leapsectz TEXT,
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
CONSTRAINT ntp_settings_singleton CHECK (id = 1)
|
|
);
|
|
INSERT INTO ntp_settings (id) VALUES (1) ON CONFLICT DO NOTHING;
|
|
-- +goose StatementEnd
|
|
|
|
-- +goose StatementBegin
|
|
-- ntp_pools — upstream NTP-server/pool entries.
|
|
-- kind='pool' für Round-Robin-DNS-Names (z.B. 0.de.pool.ntp.org),
|
|
-- 'server' für Einzel-Hosts. iburst empfohlen für schnelleren Sync.
|
|
CREATE TABLE IF NOT EXISTS ntp_pools (
|
|
id BIGSERIAL PRIMARY KEY,
|
|
kind TEXT NOT NULL DEFAULT 'pool',
|
|
address TEXT NOT NULL,
|
|
iburst BOOLEAN NOT NULL DEFAULT TRUE,
|
|
prefer BOOLEAN NOT NULL DEFAULT FALSE,
|
|
minpoll INTEGER,
|
|
maxpoll INTEGER,
|
|
active BOOLEAN NOT NULL DEFAULT TRUE,
|
|
description TEXT,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
CONSTRAINT ntp_pools_kind_check CHECK (kind IN ('pool', 'server'))
|
|
);
|
|
|
|
-- Sinnvolle Defaults: 4 deutsche pool.ntp.org-Server. Operator kann
|
|
-- jederzeit eigene pools/server hinzufügen oder diese deaktivieren.
|
|
INSERT INTO ntp_pools (kind, address, iburst, description) VALUES
|
|
('pool', '0.de.pool.ntp.org', TRUE, 'Default upstream'),
|
|
('pool', '1.de.pool.ntp.org', TRUE, 'Default upstream'),
|
|
('pool', '2.de.pool.ntp.org', TRUE, 'Default upstream'),
|
|
('pool', '3.de.pool.ntp.org', TRUE, 'Default upstream')
|
|
ON CONFLICT DO NOTHING;
|
|
-- +goose StatementEnd
|
|
|
|
-- +goose StatementBegin
|
|
CREATE INDEX IF NOT EXISTS idx_ntp_pools_active ON ntp_pools (active) WHERE active;
|
|
-- +goose StatementEnd
|
|
|
|
-- +goose Down
|
|
-- +goose StatementBegin
|
|
DROP TABLE IF EXISTS ntp_pools;
|
|
DROP TABLE IF EXISTS ntp_settings;
|
|
-- +goose StatementEnd
|