From 7036312f8d8131427835cb93d362b65fe61c4bab Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Mon, 19 Nov 2018 23:48:15 +0100
Subject: [PATCH] add options to setup ucs ntp

---
 defaults/main.yml                        |  3 +++
 tasks/main.yml                           | 10 +++++++++-
 tasks/{install.yml => setup_default.yml} |  0
 tasks/setup_ucs.yml                      | 20 ++++++++++++++++++++
 4 files changed, 32 insertions(+), 1 deletion(-)
 rename tasks/{install.yml => setup_default.yml} (100%)
 create mode 100644 tasks/setup_ucs.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 9b011e4..dc1d300 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,3 +5,6 @@ ntp_servers:
   - "server 2.pool.ntp.org"
   - "server 3.pool.ntp.org"
 ntp_timezone: Europe/Berlin
+
+# Varaiables only used on UCS systems
+ntp_signed_requests: yes
diff --git a/tasks/main.yml b/tasks/main.yml
index 52b260f..6324543 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,10 @@
 ---
-- import_tasks: install.yml
+- import_tasks: setup_default.yml
+  when:
+    - common_sshd_configuration_enabled
+    - not ansible_lsb.id is defined or not ansible_lsb.id == "Univention"
+- include_tasks: setup_ucs.yml
+  when:
+    - common_sshd_configuration_enabled
+    - ansible_lsb.id is defined
+    - ansible_lsb.id == "Univention"
diff --git a/tasks/install.yml b/tasks/setup_default.yml
similarity index 100%
rename from tasks/install.yml
rename to tasks/setup_default.yml
diff --git a/tasks/setup_ucs.yml b/tasks/setup_ucs.yml
new file mode 100644
index 0000000..898b5bc
--- /dev/null
+++ b/tasks/setup_ucs.yml
@@ -0,0 +1,20 @@
+---
+- block:
+    - name: Configure ntp servers
+      ucr:
+        path: "{{ item.path }}"
+        value: "{{ item.value }}"
+      with_items:
+        - { path: timeserver, value: "{{ ntp_servers[0] | default('') }}" }
+        - { path: timeserver2, value: "{{ ntp_servers[1] | default('') }}" }
+        - { path: timeserver3, value: "{{ ntp_servers[2] | default('') }}" }
+      loop_control:
+        label: "variable: {{ item.path }}={{ item.value }}"
+      notify: __ntpd_restart
+
+    - name: Configure signed ntp time requests
+      ucr:
+        path: "ntp/signed"
+        value: "{{ ntp_signed_requests }}"
+  become: True
+  become_user: root