#!/bin/bash
# =============================================================================
# NTP configuration module
# =============================================================================

# Set script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Source common functions and variables
source "./common.sh"

# Function to configure NTP
configure_ntp() {
  log_message "INFO" "Configuring NTP"
  
  # Install chrony if not already installed
  if ! is_package_installed "chrony"; then
    log_message "INFO" "Installing chrony NTP service"
    apt-get install -y chrony
    
    if [ $? -ne 0 ]; then
      log_message "ERROR" "Failed to install chrony"
      return 1
    fi
  else
    log_message "INFO" "chrony is already installed"
  fi
  
  # Configure chrony
  local CHRONY_CONFf="/etc/chrony/chrony.conf"
  
  log_message "INFO" "Creating chrony configuration"
  backup_file "$CHRONY_CONF"
  
  cat > "$CHRONY_CONF" << EOF
# Chrony NTP configuration
# Generated by security hardening script

# Use the NTP pool for time synchronization
pool 0.pool.ntp.org iburst
pool 1.pool.ntp.org iburst
pool 2.pool.ntp.org iburst
pool 3.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC)
rtcsync

# Serve time even if not synchronized to a time source
local stratum 10

# Specify file containing NTP authentication keys
keyfile /etc/chrony/chrony.keys

# Specify directory for log files
logdir /var/log/chrony

# Select which information is logged
log tracking measurements statistics

# Security settings
# Disable remote control and monitoring
cmdport 0

# Only allow localhost to synchronize with this server
allow 127.0.0.1
deny all
EOF

  log_message "SUCCESS" "chrony configuration created at $CHRONY_CONF"
  
  # Restart chrony service
  log_message "INFO" "Restarting chrony service"
  service enable chrony
  service restart chrony
  
  if [ $? -eq 0 ]; then
    log_message "SUCCESS" "chrony service restarted successfully"
  else
    log_message "ERROR" "Failed to restart chrony service"
    return 1
  fi
  
  # Set hardware clock to UTC
  log_message "INFO" "Setting hardware clock to UTC"
  timedatectl set-local-rtc 0
  
  if [ $? -eq 0 ]; then
    log_message "SUCCESS" "Hardware clock set to UTC"
  else
    log_message "ERROR" "Failed to set hardware clock to UTC"
  fi
}

#
log_message "SCRIPT" "ntp.sh"

# Main execution for NTP configuration
configure_ntp

log_message "SUCCESS" "NTP configuration completed"