dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

gw1: Allow internal IPv6 clients

Browse Source 
Specifically to allow the Synology to synchronize its clock, as it only
has an IPv6 address.

We also need to explicitly override `chrony_servers` to an empty list
for the firewall itself, since it syncs with the NTP pool, rather than
its next hop router.
This commit is contained in:
Dustin
2025-08-17 20:50:37 -05:00
parent b72676a1bb
commit 2d51e2001d
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
host_vars/gw1.pyrocufflink.blue/main.yml
View File

@@ -46,6 +46,8 @@ promtail_scrape_configs:
dnf_automatic_reboot: never dnf_automatic_reboot: never
chrony_servers: []
chrony_pools: chrony_pools:
- 1.fedora.pool.ntp.org iburst - 1.fedora.pool.ntp.org iburst
- 2.fedora.pool.ntp.org iburst - 2.fedora.pool.ntp.org iburst
@@ -57,3 +59,4 @@ chrony_allow:
- 172.31.1.0/24 - 172.31.1.0/24
- 172.24.100.0/24 - 172.24.100.0/24
- 192.168.1.0/24 - 192.168.1.0/24
- fd68:c2d2:500e:3e00::/56