diff --git a/group_vars/all.yml b/group_vars/all.yml index c8e80988..038abcf2 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -97,7 +97,7 @@ ### mgrote.systemd-timesyncd ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet ntp_timesyncd_servers: # welche Server sollen befragt werden - - ntp-server.grote.lan + - 192.168.2.1 ntp_chrony_logging: false # logging an/aus ### mgrote.postfix postfix_absender_mailadresse: info@mgrote.net diff --git a/group_vars/dnsmasq.yml b/group_vars/dnsmasq.yml index d832fe5b..8fcaf644 100644 --- a/group_vars/dnsmasq.yml +++ b/group_vars/dnsmasq.yml @@ -17,10 +17,6 @@ from_ip: 0.0.0.0/0 ### mgrote.restic restic_repository: "//192.168.2.36/restic" - ### mgrote.systemd-timesyncd - ntp_timesyncd_servers: # weil pihole den fqdn nicht auflösen kann - - address: pool.ntp.org - options: iburst #optionaler parameter ### mgrote.apt_manage_sources # wird leer gesetzt da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann manage_sources_apt_proxy: "" diff --git a/group_vars/ntpserver.yml b/group_vars/ntpserver.yml deleted file mode 100644 index 6e36582e..00000000 --- a/group_vars/ntpserver.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- - ### oefenweb.ufw - ufw_rules: - - rule: allow - to_port: 22 - protocol: tcp - comment: 'ssh' - from_ip: 0.0.0.0/0 - - rule: allow - to_port: 123 - comment: 'ntp' - from_ip: 192.168.2.0/24 - - rule: allow - to_port: 4949 - protocol: tcp - comment: 'munin' - from_ip: 192.168.2.144/24 - ### mgrote.ntp_chrony_server - ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet - ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile - ntp_timesyncd_servers: # welche Server sollen befragt werden - - address: ptbtime1.ptb.de - options: iburst #optionaler parameter - - address: ptbtime2.ptb.de - options: iburst - - address: ptbtime3.ptb.de - options: iburst - - address: time3.google.com - options: iburst - - address: ntp0.fau.de - options: iburst - ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst - ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst - ntp_chrony_logging: false # logging an/aus - ntp_chrony_subnet_allow: 192.168.2.0/24 # welche Netze dürfen den Server befragen - ### mgrote.restic - munin_node_disabled_plugins: - - name: meminfo # zu hohe last - - name: hddtemp2 # ersetzt durch hddtemp_smartctl - - name: ntp # verursacht zu viele dns ptr request - - name: hddtempd # ersetzt durch hddtemp_smartctl - - name: ipmi_power # für pve2, leeres diagramm - - name: docker_images - - name: docker_status - - name: timesync - munin_node_plugins: - - name: chrony - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/chrony/chrony - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: lvm_ - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ - config: | - [lvm_*] - user root - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root diff --git a/host_vars/pve2.grote.lan.yml b/host_vars/pve2.grote.lan.yml index dfc9cc9e..f653f7d4 100644 --- a/host_vars/pve2.grote.lan.yml +++ b/host_vars/pve2.grote.lan.yml @@ -247,7 +247,7 @@ ### mgrote.cv4pve-autosnap cv4pve_api_user: root@pam!cv4pve-autosnap cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token_pve2', 'password') }}" - cv4pve_vmid: all,-127,-112,-100,-116,-105 + cv4pve_vmid: all,-127,-112,-116,-105 cv4pve_keep_snapshots: 5 cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip" diff --git a/inventory b/inventory index 4e589a6c..235cd69b 100644 --- a/inventory +++ b/inventory @@ -12,10 +12,6 @@ all: hosts: dnsmasq-test.grote.lan: dnsmasq.grote.lan: - ntpserver: - hosts: - ntp-server-test.grote.lan: - ntp-server.grote.lan: acng: hosts: acng.grote.lan: @@ -60,7 +56,6 @@ all: pve2.grote.lan: gitea.grote.lan: dnsmasq.grote.lan: - ntp-server.grote.lan: docker7.grote.lan: test: hosts: @@ -72,6 +67,5 @@ all: pve2-test2.grote.lan: gitea-test.grote.lan: dnsmasq-test.grote.lan: - ntp-server-test.grote.lan: fileserver2-test.grote.lan: bastelstube-gui.grote.lan: diff --git a/playbooks/3_service/ntp_server.yml b/playbooks/3_service/ntp_server.yml deleted file mode 100644 index 1b0c564a..00000000 --- a/playbooks/3_service/ntp_server.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: ntpserver - roles: - - { role: mgrote.ntp_chrony_server, tags: "ntp" } diff --git a/playbooks/base/ntp_client.yml b/playbooks/base/ntp_client.yml index db2d2ec0..a3869297 100644 --- a/playbooks/base/ntp_client.yml +++ b/playbooks/base/ntp_client.yml @@ -1,5 +1,4 @@ --- - - hosts: all:!ntpserver + - hosts: all roles: - - { role: mgrote.systemd-timesyncd, - tags: "ntp"} + - { role: mgrote.systemd-timesyncd, tags: "ntp"} diff --git a/roles/mgrote.systemd-timesyncd/handlers/main.yml b/roles/mgrote.systemd-timesyncd/handlers/main.yml new file mode 100644 index 00000000..dd50d2a4 --- /dev/null +++ b/roles/mgrote.systemd-timesyncd/handlers/main.yml @@ -0,0 +1,7 @@ +--- + - name: restart systemd-timesyncd.service + become: yes + systemd: + name: systemd-timesyncd + state: restarted + when: not ansible_facts['virtualization_type'] == "lxc" diff --git a/roles/mgrote.systemd-timesyncd/tasks/main.yml b/roles/mgrote.systemd-timesyncd/tasks/main.yml index 1f7beab8..aa0cd606 100644 --- a/roles/mgrote.systemd-timesyncd/tasks/main.yml +++ b/roles/mgrote.systemd-timesyncd/tasks/main.yml @@ -39,6 +39,7 @@ mode: 0644 owner: root group: root + notify: restart systemd-timesyncd.service - name: activate systemd-timesyncd service (not within containers like lxc) become: yes