Abbau NTP-Server (#361)
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#361 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de>
This commit is contained in:
parent
3bd2d6496f
commit
ebfe95375b
|
|
@ -97,7 +97,7 @@
|
|||
### mgrote.systemd-timesyncd
|
||||
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||
ntp_timesyncd_servers: # welche Server sollen befragt werden
|
||||
- ntp-server.grote.lan
|
||||
- 192.168.2.1
|
||||
ntp_chrony_logging: false # logging an/aus
|
||||
### mgrote.postfix
|
||||
postfix_absender_mailadresse: info@mgrote.net
|
||||
|
|
|
|||
|
|
@ -17,10 +17,6 @@
|
|||
from_ip: 0.0.0.0/0
|
||||
### mgrote.restic
|
||||
restic_repository: "//192.168.2.36/restic"
|
||||
### mgrote.systemd-timesyncd
|
||||
ntp_timesyncd_servers: # weil pihole den fqdn nicht auflösen kann
|
||||
- address: pool.ntp.org
|
||||
options: iburst #optionaler parameter
|
||||
### mgrote.apt_manage_sources
|
||||
# wird leer gesetzt da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann
|
||||
manage_sources_apt_proxy: ""
|
||||
|
|
|
|||
|
|
@ -1,62 +0,0 @@
|
|||
---
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
to_port: 22
|
||||
protocol: tcp
|
||||
comment: 'ssh'
|
||||
from_ip: 0.0.0.0/0
|
||||
- rule: allow
|
||||
to_port: 123
|
||||
comment: 'ntp'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
### mgrote.ntp_chrony_server
|
||||
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||
ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
|
||||
ntp_timesyncd_servers: # welche Server sollen befragt werden
|
||||
- address: ptbtime1.ptb.de
|
||||
options: iburst #optionaler parameter
|
||||
- address: ptbtime2.ptb.de
|
||||
options: iburst
|
||||
- address: ptbtime3.ptb.de
|
||||
options: iburst
|
||||
- address: time3.google.com
|
||||
options: iburst
|
||||
- address: ntp0.fau.de
|
||||
options: iburst
|
||||
ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
|
||||
ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
|
||||
ntp_chrony_logging: false # logging an/aus
|
||||
ntp_chrony_subnet_allow: 192.168.2.0/24 # welche Netze dürfen den Server befragen
|
||||
### mgrote.restic
|
||||
munin_node_disabled_plugins:
|
||||
- name: meminfo # zu hohe last
|
||||
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
|
||||
- name: ntp # verursacht zu viele dns ptr request
|
||||
- name: hddtempd # ersetzt durch hddtemp_smartctl
|
||||
- name: ipmi_power # für pve2, leeres diagramm
|
||||
- name: docker_images
|
||||
- name: docker_status
|
||||
- name: timesync
|
||||
munin_node_plugins:
|
||||
- name: chrony
|
||||
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/chrony/chrony
|
||||
- name: systemd_status
|
||||
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
|
||||
- name: lvm_
|
||||
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
|
||||
config: |
|
||||
[lvm_*]
|
||||
user root
|
||||
- name: fail2ban
|
||||
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
|
||||
config: |
|
||||
[fail2ban]
|
||||
env.client /usr/bin/fail2ban-client
|
||||
env.config_dir /etc/fail2ban
|
||||
user root
|
||||
|
|
@ -247,7 +247,7 @@
|
|||
### mgrote.cv4pve-autosnap
|
||||
cv4pve_api_user: root@pam!cv4pve-autosnap
|
||||
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token_pve2', 'password') }}"
|
||||
cv4pve_vmid: all,-127,-112,-100,-116,-105
|
||||
cv4pve_vmid: all,-127,-112,-116,-105
|
||||
cv4pve_keep_snapshots: 5
|
||||
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,10 +12,6 @@ all:
|
|||
hosts:
|
||||
dnsmasq-test.grote.lan:
|
||||
dnsmasq.grote.lan:
|
||||
ntpserver:
|
||||
hosts:
|
||||
ntp-server-test.grote.lan:
|
||||
ntp-server.grote.lan:
|
||||
acng:
|
||||
hosts:
|
||||
acng.grote.lan:
|
||||
|
|
@ -60,7 +56,6 @@ all:
|
|||
pve2.grote.lan:
|
||||
gitea.grote.lan:
|
||||
dnsmasq.grote.lan:
|
||||
ntp-server.grote.lan:
|
||||
docker7.grote.lan:
|
||||
test:
|
||||
hosts:
|
||||
|
|
@ -72,6 +67,5 @@ all:
|
|||
pve2-test2.grote.lan:
|
||||
gitea-test.grote.lan:
|
||||
dnsmasq-test.grote.lan:
|
||||
ntp-server-test.grote.lan:
|
||||
fileserver2-test.grote.lan:
|
||||
bastelstube-gui.grote.lan:
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
- hosts: ntpserver
|
||||
roles:
|
||||
- { role: mgrote.ntp_chrony_server, tags: "ntp" }
|
||||
|
|
@ -1,5 +1,4 @@
|
|||
---
|
||||
- hosts: all:!ntpserver
|
||||
- hosts: all
|
||||
roles:
|
||||
- { role: mgrote.systemd-timesyncd,
|
||||
tags: "ntp"}
|
||||
- { role: mgrote.systemd-timesyncd, tags: "ntp"}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- name: restart systemd-timesyncd.service
|
||||
become: yes
|
||||
systemd:
|
||||
name: systemd-timesyncd
|
||||
state: restarted
|
||||
when: not ansible_facts['virtualization_type'] == "lxc"
|
||||
|
|
@ -39,6 +39,7 @@
|
|||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart systemd-timesyncd.service
|
||||
|
||||
- name: activate systemd-timesyncd service (not within containers like lxc)
|
||||
become: yes
|
||||
|
|
|
|||
Loading…
Reference in New Issue