75 lines
1.9 KiB
YAML
75 lines
1.9 KiB
YAML
---
|
||
- name: install chrony
|
||
ansible.builtin.apt:
|
||
name:
|
||
- chrony
|
||
state: present
|
||
update_cache: true
|
||
|
||
# чтобы не было “двух клиентов времени” (минимально и без сложных проверок)
|
||
- name: stop and disable systemd-timesyncd (if exists)
|
||
ansible.builtin.service:
|
||
name: systemd-timesyncd
|
||
state: stopped
|
||
enabled: false
|
||
ignore_errors: true
|
||
|
||
- name: ensure /etc/chrony/sources.d exists
|
||
ansible.builtin.file:
|
||
path: /etc/chrony/sources.d
|
||
state: directory
|
||
owner: root
|
||
group: root
|
||
mode: "0755"
|
||
|
||
- name: ensure /etc/chrony/conf.d exists
|
||
ansible.builtin.file:
|
||
path: /etc/chrony/conf.d
|
||
state: directory
|
||
owner: root
|
||
group: root
|
||
mode: "0755"
|
||
|
||
- name: deploy /etc/chrony/chrony.conf
|
||
ansible.builtin.template:
|
||
src: chrony.conf.j2
|
||
dest: /etc/chrony/chrony.conf
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
notify: restart chrony
|
||
|
||
- name: configure upstream sources
|
||
ansible.builtin.template:
|
||
src: 00-upstream.sources.j2
|
||
dest: /etc/chrony/sources.d/00-upstream.sources
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
notify: restart chrony
|
||
|
||
# server-mode: allow clients (опционально)
|
||
- name: configure allowed client networks (optional)
|
||
ansible.builtin.template:
|
||
src: 00-allow.conf.j2
|
||
dest: /etc/chrony/conf.d/00-allow.conf
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
when: chrony_allow_networks | length > 0
|
||
notify: restart chrony
|
||
|
||
# если раньше был allow, а теперь роль как client — подчистим файл
|
||
- name: remove allow config when not needed
|
||
ansible.builtin.file:
|
||
path: /etc/chrony/conf.d/00-allow.conf
|
||
state: absent
|
||
when: chrony_allow_networks | length == 0
|
||
notify: restart chrony
|
||
|
||
- name: ensure chrony is enabled and started
|
||
ansible.builtin.service:
|
||
name: chrony
|
||
enabled: true
|
||
state: started
|