> Basically for the sake of automated deployments it would be nice / clean > to be able to do : > > includeservers /path/to/file > > And then read them all from the file. And the same file would be used > as a table in pf.conf for NTP FW rules. One server per line. > > This would make initial deployments easier to automate (no need to > programmatically alter the config file), and then if you need to change > your NTP servers post-deployment it is cleaner as well with less chance > of human error. i.e. changing pf.conf is riskier than changing ntpd.conf
I do not see much value in these nested include mechanisms. Honestly, OpenBSD is now shipping without a ntpd.conf file. You create this file, thus you own it. Having you create a file (ntpd.conf) which points to another file (/etc/serverlist?) you also create, that is kind of crazy. /etc/pf.conf is also on my list for removal as well, so that it becomes more of a user-owned file. The idea here is that you would look at the examples, and then create your own, and upgrades / sysmerge would not touch your file. I believe if we do this right, it will prod people towards creating narrower role-specific configurations for their machines.