wip: chrony

2024-01-09 18:13:42 -06:00 · 2024-01-09 18:13:42 -06:00 · 4886ff85fa
parent 1226f1f005
commit 4886ff85fa
5 changed files with 96 additions and 0 deletions
--- a/chrony.yml
+++ b/chrony.yml
@ -0,0 +1,4 @@
+- hosts: chrony
+  roles:
+  - role: chrony
+    tags: chrony
--- a/3
+++ b/3
@ -25,6 +25,9 @@ burp1.pyrocufflink.blue

 [certbot]

+[chrony:children]
+pyrocufflink
+
 [collectd]

 [collectd:children]
--- a/roles/chrony/handlers/main.yml
+++ b/roles/chrony/handlers/main.yml
@ -0,0 +1,4 @@
+- name: restart chrony
+  service:
+    name: chronyd
+    state: restarted
--- a/roles/chrony/tasks/main.yml
+++ b/roles/chrony/tasks/main.yml
@ -0,0 +1,35 @@
+- name: ensure chrony is installed
+  package:
+    name: chrony
+    state: present
+  tags:
+  - install
+
+- name: ensure chrony is configured
+  template:
+    src: chrony.conf.j2
+    dest: /etc/chrony.conf
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - restart chrony
+  tags:
+  - config
+
+- name: ensure chrony is enabled
+  service:
+    name: chronyd
+    enabled: true
+  tags:
+  - service
+
+- name: flush_handlers
+  meta: flush_handlers
+
+- name: ensure chrony is running
+  service:
+    name: chronyd
+    state: started
+  tags:
+  - service
--- a/roles/chrony/templates/chrony.conf.j2
+++ b/roles/chrony/templates/chrony.conf.j2
@ -0,0 +1,50 @@
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (https://www.pool.ntp.org/join.html).
+pool 2.fedora.pool.ntp.org iburst
+
+# Use NTP servers from DHCP.
+sourcedir /run/chrony-dhcp
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Require authentication (nts or key option) for all NTP sources.
+#authselectmode require
+
+# Specify file containing keys for NTP authentication.
+keyfile /etc/chrony.keys
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Insert/delete leap seconds by slewing instead of stepping.
+#leapsecmode slew
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking