folliehiyuki/sysconfig
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
This repository has been archived on 2024-02-16. You can view files and clone it, but cannot push or open issues or pull requests.
sysconfig/roles/ntpd
History
Hoang Nguyen 40ac02c67e
snapshot: add new role with 'snapper' option 
btrbk will be next \^*^/

Also:
- detect the root filesystem in play with `ansible_mounts` instead
  of specifying it manually.
- dnscrypt: hardcode some privacy settings
2023-06-16 00:00:00 +07:00
..
tasks snapshot: add new role with 'snapper' option 2023-06-16 00:00:00 +07:00
templates ntpsec: lower maxclock by 1 2023-04-07 00:00:00 +07:00
README.md Add 'ntpd' and 'auditd' roles 2023-04-06 00:00:00 +07:00

README.md

Notes

Tasks not needed in NTP client mode but might come handy in the future.

Generate NTP symetric key for chronyd

NOTE: NTS should be used if the server is publicly accessible. Otherwise, for a private NTP server, symetric key is sufficient.

- name: chrony | Generate the symetric key with chronyc
  command:
    cmd: /usr/bin/chronyc keygen {{ (2**32 - 1) | random }} SHA512 256
    creates: /etc/chrony/chrony.keys
  register: chrony_keys

- name: chrony | Create chrony.keys file from chronyc output
  copy:
    content: |
      {{ chrony_keys['stdout'] }}      
    dest: /etc/chrony/chrony.keys
    mode: '400'
    owner: chrony
    group: root
  when: chrony_keys is defined

Then add keyfile /etc/chrony/chrony.keys to /etc/chrony/chrony.conf file.