initial commit

This commit is contained in:
Robert Kaussow 2018-11-15 20:15:35 +01:00
parent b683344416
commit 58c5e2747d
5 changed files with 109 additions and 0 deletions

7
defaults/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
ntp_servers:
- "server 0.pool.ntp.org"
- "server 1.pool.ntp.org"
- "server 2.pool.ntp.org"
- "server 3.pool.ntp.org"
ntp_timezone: Europe/Berlin

7
handlers/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Restart ntpd
service:
name: ntpd
state: restarted
enabled: yes
listen: __ntpd_restart

23
tasks/install.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Setup ntp server
block:
- name: Install ntp server
package:
name: ntp
state: installed
notify: __ntpd_restart
- name: Configure ntp servers
template:
src: etc/ntp.conf.j2
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644
notify: __ntpd_restart
- name: Setup timezone '{{ ntp_timezone }}'
timezone:
name: "{{ ntp_timezone }}"
become: True
become_user: root

2
tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
- import_tasks: install.yml

70
templates/etc/ntp.conf.j2 Normal file
View File

@ -0,0 +1,70 @@
# {{ ansible_managed }}
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
{% for item in ntp_servers %}
server {{ item }}
{% endfor %}
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# Enable public key cryptography.
#crypto
#includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
#keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient