Merge pull request #87 from apenney/restrict

Convert restrict to an array of restrictions.

Gemfile

@@ -7,6 +7,7 @@ group :development, :test do
   gem 'puppet-lint',             :require => false
   gem 'serverspec',              :require => false
   gem 'rspec-system-serverspec', :require => false
+  gem 'vagrant-wrapper',         :require => false
 end
 
 if puppetversion = ENV['PUPPET_GEM_VERSION']

manifests/init.pp

@@ -31,7 +31,7 @@
   validate_array($package_name)
   validate_bool($panic)
   validate_array($preferred_servers)
-  validate_bool($restrict)
+  validate_array($restrict)
   validate_array($servers)
   validate_bool($service_enable)
   validate_string($service_ensure)

manifests/params.pp

@@ -8,7 +8,12 @@
   $keys_trusted      = []
   $package_ensure    = 'present'
   $preferred_servers = []
-  $restrict          = true
+  $restrict          = [
+    'restrict default kod nomodify notrap nopeer noquery',
+    'restrict -6 default kod nomodify notrap nopeer noquery',
+    'restrict 127.0.0.1',
+    'restrict -6 ::1',
+  ]
   $service_enable    = true
   $service_ensure    = 'running'
   $service_manage    = true

templates/ntp.conf.erb

@@ -6,13 +6,12 @@
 tinker panic 0
 <% end -%>
 
-<% if @restrict -%>
-# Permit time synchronization with our time source, but do not
-# permit the source to query or modify the service on this system.
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
-restrict 127.0.0.1 
-restrict -6 ::1
+<% if @restrict != [] -%>
+# Permit time synchronization with our time source, but do not'
+# permit the source to query or modify the service on this system.'
+<% @restrict.flatten.each do |restrict| -%>
+<%= restrict %>
+<% end %>
 <% end -%>
 
 # Servers