From 58c5e2747d4e04580701227425fd94170f8eb822 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Thu, 15 Nov 2018 20:15:35 +0100
Subject: [PATCH] initial commit

---
 defaults/main.yml         |  7 ++++
 handlers/main.yml         |  7 ++++
 tasks/install.yml         | 23 +++++++++++++
 tasks/main.yml            |  2 ++
 templates/etc/ntp.conf.j2 | 70 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 109 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/install.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/etc/ntp.conf.j2

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..9b011e4
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+ntp_servers:
+  - "server 0.pool.ntp.org"
+  - "server 1.pool.ntp.org"
+  - "server 2.pool.ntp.org"
+  - "server 3.pool.ntp.org"
+ntp_timezone: Europe/Berlin
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..9b60477
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: Restart ntpd
+  service:
+    name: ntpd
+    state: restarted
+    enabled: yes
+  listen: __ntpd_restart
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..0f397dc
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,23 @@
+---
+- name: Setup ntp server
+  block:
+    - name: Install ntp server
+      package:
+        name: ntp
+        state: installed
+      notify: __ntpd_restart
+
+    - name: Configure ntp servers
+      template:
+        src: etc/ntp.conf.j2
+        dest: /etc/ntp.conf
+        owner: root
+        group: root
+        mode: 0644
+      notify: __ntpd_restart
+
+    - name: Setup timezone '{{ ntp_timezone }}'
+      timezone:
+        name: "{{ ntp_timezone }}"
+  become: True
+  become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..52b260f
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- import_tasks: install.yml
diff --git a/templates/etc/ntp.conf.j2 b/templates/etc/ntp.conf.j2
new file mode 100644
index 0000000..cc1e0f0
--- /dev/null
+++ b/templates/etc/ntp.conf.j2
@@ -0,0 +1,70 @@
+# {{ ansible_managed }}
+
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% for item in ntp_servers %}
+server {{ item }}
+{% endfor %}
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface.  This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+# Enable public key cryptography.
+#crypto
+
+#includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+#keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+
+# Disable the monitoring facility to prevent amplification attacks using ntpdc
+# monlist command when default restrict does not include the noquery flag. See
+# CVE-2013-5211 for more details.
+# Note: Monitoring will not be disabled with the limited restriction flag.
+disable monitor
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines. Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient