enable chrony #323

Reviewed-on: #323 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2025-03-13 14:52:52 +01:00 · 2025-03-13 14:52:52 +01:00 · bb3a2a64c1
commit bb3a2a64c1
parent eb333df689
8 changed files with 24 additions and 42 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -60,11 +60,19 @@ unattended_origins_patterns:
 ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
 ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
 ntp_chrony_servers: # welche Server sollen befragt werden
-  - address: 192.168.2.1
+  - address: ptbtime1.ptb.de
    options: iburst #optionaler parameter
+  - address: ptbtime2.ptb.de
+    options: iburst
+  - address: ptbtime3.ptb.de
+    options: iburst
+  - address: time3.google.com
+    options: iburst
+  - address: ntp0.fau.de
+    options: iburst
 ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
 ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
-ntp_chrony_logging: false
+ntp_chrony_logging: true

 ### mgrote_postfix
 postfix_smtp_server: docker10.mgrote.net
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -93,6 +93,8 @@ restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/docker"
 munin_node_plugin_timeout: 120 # in sec, docker_multi braucht länger
 munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
 munin_node_plugins:
+  - name: chrony
+    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
  - name: systemd_status
    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
  - name: systemd_mem
@ -112,8 +114,6 @@ munin_node_plugins:
      env.client /usr/bin/fail2ban-client
      env.config_dir /etc/fail2ban
      user root
-  - name: chrony
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
  - name: docker_volumesize
    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_volumesize
  - name: docker_containers
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/playbooks/on-off/remove_bash-helper-scripts.yml
+++ b/playbooks/on-off/remove_bash-helper-scripts.yml
@ -1,8 +0,0 @@
---
- hosts: all
-  tasks:
-    - name: bash-helper-scripts-mgrote deinstallieren
-      become: true
-      ansible.builtin.package:
-        name: bash-helper-scripts-mgrote
-        state: absent
--- a/playbooks/on-off/remove_drone-user.yml
+++ b/playbooks/on-off/remove_drone-user.yml
@ -1,18 +0,0 @@
---
- hosts: all
-  tasks:
-    - name: remove user
-      become: true
-      ansible.builtin.user:
-        name: "{{ item }}"
-        state: absent
-        remove: true
-      loop:
-        - drone
-        - drone-user
-
-    - name: Ensure dir is removed
-      become: true
-      ansible.builtin.file:
-        path: /home/drone
-        state: absent
--- a/roles/mgrote_ntp_chrony_client/defaults/main.yml
+++ b/roles/mgrote_ntp_chrony_client/defaults/main.yml
@ -6,4 +6,4 @@ ntp_chrony_servers: # welche Server sollen befragt werden
    options: iburst #optionaler parameter
 ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
 ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
-ntp_chrony_logging: false
+ntp_chrony_logging: true
--- a/roles/mgrote_ntp_chrony_client/handlers/main.yml
+++ b/roles/mgrote_ntp_chrony_client/handlers/main.yml
@ -1,5 +1,5 @@
 ---
- name: restart_chrony
+- name: restart chrony
  become: true
  ansible.builtin.systemd:
    name: chrony
--- a/roles/mgrote_ntp_chrony_client/tasks/main.yml
+++ b/roles/mgrote_ntp_chrony_client/tasks/main.yml
@ -7,7 +7,7 @@
  register: timesyncd_status
  changed_when: false

- name: Disable systemd-timesyncd
+- name: Ensure systemd-timesyncd is disabled
  become: true
  ansible.builtin.systemd:
    name: systemd-timesyncd
@ -20,7 +20,7 @@
  ansible.builtin.package_facts:
    manager: auto

- name: stop and mask ntp service
+- name: Ensure ntp service is stopped and masked
  become: true
  ansible.builtin.systemd:
    name: ntp
@ -28,23 +28,23 @@
    state: stopped
  when: "'ntp' in ansible_facts.packages"

- name: install chrony packages
+- name: Ensure package is installed
  become: true
  ansible.builtin.package:
    name:
      - chrony
    state: present
-  notify: restart_chrony
+  notify: restart chrony

- name: copy chrony config
+- name: Template config
  become: true
  ansible.builtin.template:
    src: chrony.conf.j2
    dest: /etc/chrony/chrony.conf
    mode: "0755"
-  notify: restart_chrony
+  notify: restart chrony

- name: copy logrotate config
+- name: Template logrotate config
  become: true
  ansible.builtin.template:
    src: logrotate_chrony
@ -53,7 +53,7 @@
    group: root
    mode: "0644"

- name: Create chrony driftfile folder
+- name: Ensure driftfile dir exists
  become: true
  ansible.builtin.file:
    state: directory
@ -61,9 +61,9 @@
    mode: "0750"
    owner: "{{ ntp_chrony_user }}"
    group: "{{ ntp_chrony_group }}"
-  notify: restart_chrony
+  notify: restart chrony

- name: set timezone to ntp_chrony_timezone
+- name: Ensure timezone is set
  become: true
  community.general.timezone:
    name: "{{ ntp_chrony_timezone }}"