gw1: Allow internal IPv6 clients

Specifically to allow the Synology to synchronize its clock, as it only
has an IPv6 address.

We also need to explicitly override `chrony_servers` to an empty list
for the firewall itself, since it syncs with the NTP pool, rather than
its next hop router.

host_vars/gw1.pyrocufflink.blue/main.yml

@@ -46,6 +46,8 @@ promtail_scrape_configs:
 
 dnf_automatic_reboot: never
 
+chrony_servers: []
+
 chrony_pools:
 - 1.fedora.pool.ntp.org iburst
 - 2.fedora.pool.ntp.org iburst
@@ -57,3 +59,4 @@ chrony_allow:
 - 172.31.1.0/24
 - 172.24.100.0/24
 - 192.168.1.0/24
+- fd68:c2d2:500e:3e00::/56