---
- name: install chrony
  ansible.builtin.apt:
    name:
      - chrony
    state: present
    update_cache: true

# чтобы не было “двух клиентов времени” (минимально и без сложных проверок)
- name: stop and disable systemd-timesyncd (if exists)
  ansible.builtin.service:
    name: systemd-timesyncd
    state: stopped
    enabled: false
  ignore_errors: true

- name: ensure /etc/chrony/sources.d exists
  ansible.builtin.file:
    path: /etc/chrony/sources.d
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: ensure /etc/chrony/conf.d exists
  ansible.builtin.file:
    path: /etc/chrony/conf.d
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: deploy /etc/chrony/chrony.conf
  ansible.builtin.template:
    src: chrony.conf.j2
    dest: /etc/chrony/chrony.conf
    owner: root
    group: root
    mode: "0644"
  notify: restart chrony

- name: configure upstream sources
  ansible.builtin.template:
    src: 00-upstream.sources.j2
    dest: /etc/chrony/sources.d/00-upstream.sources
    owner: root
    group: root
    mode: "0644"
  notify: restart chrony

# server-mode: allow clients (опционально)
- name: configure allowed client networks (optional)
  ansible.builtin.template:
    src: 00-allow.conf.j2
    dest: /etc/chrony/conf.d/00-allow.conf
    owner: root
    group: root
    mode: "0644"
  when: chrony_allow_networks | length > 0
  notify: restart chrony

# если раньше был allow, а теперь роль как client — подчистим файл
- name: remove allow config when not needed
  ansible.builtin.file:
    path: /etc/chrony/conf.d/00-allow.conf
    state: absent
  when: chrony_allow_networks | length == 0
  notify: restart chrony

- name: ensure chrony is enabled and started
  ansible.builtin.service:
    name: chrony
    enabled: true
    state: started