summaryrefslogtreecommitdiff
path: root/roles/chrony
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-02-08 02:27:20 +0100
committerChristian Pointner <equinox@spreadspace.org>2020-02-08 02:27:20 +0100
commit58bf20f8a6709f2ea75f95659c0211c1aff7c7b3 (patch)
tree8f6a6bc7473ae285c7981c10b44a79b30b1e40e5 /roles/chrony
parentele-helene|dione: installer net config (diff)
added chrony role
Diffstat (limited to 'roles/chrony')
-rw-r--r--roles/chrony/defaults/main.yml24
-rw-r--r--roles/chrony/handlers/main.yml5
-rw-r--r--roles/chrony/tasks/main.yml11
-rw-r--r--roles/chrony/templates/chrony.conf.j255
4 files changed, 95 insertions, 0 deletions
diff --git a/roles/chrony/defaults/main.yml b/roles/chrony/defaults/main.yml
new file mode 100644
index 00000000..bec79d5f
--- /dev/null
+++ b/roles/chrony/defaults/main.yml
@@ -0,0 +1,24 @@
+---
+# chrony_source_servers:
+# - name: ntp.example.com
+# options: iburst ...
+
+# chrony_source_pools:
+# - name: pool.example.com
+# options: iburst ....
+
+# chrony_source_peers:
+# - name: peer.example.com
+# options: iburst ....
+
+
+# chrony_hwtimestamp_interfaces:
+# - name: "*"
+# options: ....
+
+
+# chrony_server:
+# allow: []
+# deny: []
+# bind: 0.0.0.0
+# port: 123
diff --git a/roles/chrony/handlers/main.yml b/roles/chrony/handlers/main.yml
new file mode 100644
index 00000000..08d878be
--- /dev/null
+++ b/roles/chrony/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart chrony
+ service:
+ name: chrony
+ state: restarted
diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml
new file mode 100644
index 00000000..d220af30
--- /dev/null
+++ b/roles/chrony/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: install chrony
+ apt:
+ name: chrony
+ state: present
+
+- name: install chrony configuration
+ template:
+ src: chrony.conf.j2
+ dest: /etc/chrony/chrony.conf
+ notify: restart chrony
diff --git a/roles/chrony/templates/chrony.conf.j2 b/roles/chrony/templates/chrony.conf.j2
new file mode 100644
index 00000000..62d45315
--- /dev/null
+++ b/roles/chrony/templates/chrony.conf.j2
@@ -0,0 +1,55 @@
+### Global options
+
+cmdport 0
+keyfile /etc/chrony/chrony.keys
+driftfile /var/lib/chrony/chrony.drift
+logdir /var/log/chrony
+maxupdateskew 100.0
+rtcsync
+makestep 1 3
+
+{% if chrony_hwtimestamp_interfaces is defined %}
+{% for interface in chrony_hwtimestamp_interfaces %}
+hwtimestamp {{ interface.name }}{% if 'options' in interface %} {{ interface.options }}{% endif %}{{ '' }}
+{% endfor %}
+
+{% endif %}
+
+### Sources
+
+{% if chrony_source_servers is defined %}
+{% for server in chrony_source_servers %}
+server {{ server.name }}{% if 'options' in server %} {{ server.options }}{% endif %}{{ '' }}
+{% endfor %}
+
+{% endif %}
+{% if chrony_source_pools is defined %}
+{% for pool in chrony_source_pools %}
+pool {{ pool.name }}{% if 'options' in pool %} {{ pool.options }}{% endif %}{{ '' }}
+{% endfor %}
+
+{% endif %}
+{% if chrony_source_peers is defined %}
+{% for peer in chrony_source_peers %}
+peer {{ peer.name }}{% if 'options' in peer %} {{ peer.options }}{% endif %}{{ '' }}
+{% endfor %}
+
+{% endif %}
+
+
+{% if chrony_server is defined %}
+### Server
+
+{% for rule in chrony_server.allow | default([]) %}
+allow {{ rule }}
+{% endfor %}
+{% for rule in chrony_server.deny | default([]) %}
+deny {{ rule }}
+{% endfor %}
+{% if 'bindaddress' in chrony_server %}
+bindaddress {{ chrony_server.bind }}
+{% endif %}
+{% if 'port' in chrony_server %}
+ port {{ chrony_server.port }}
+{% endif %}
+{% endif %}