chrony

nycmeshnet · Dec 8, 2024 · c2ac443 · c2ac443
1 parent d8bd25e
commit c2ac443
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 1 deletion.
diff --git a/ansible/chrony_server/files/sources.list b/ansible/chrony_server/files/sources.list
@@ -0,0 +1,2 @@
+# HE
+server clock.nyc.he.net iburst
diff --git a/ansible/chrony_server/tasks/main.yaml b/ansible/chrony_server/tasks/main.yaml
@@ -8,6 +8,19 @@
       - bird2
       - chrony
 
+- name: Allow restarting of bird
+  ansible.builtin.lineinfile:
+    path: /lib/systemd/system/bird.service
+    search_string: Restart=
+    line: "Restart=always"
+
+- name: Allow restarting of chrony
+  ansible.builtin.lineinfile:
+    path: /lib/systemd/system/chrony.service
+    insertafter: '\[Service\]'
+    search_string: Restart=
+    line: "Restart=always"
+
 - name: Import the Datadog Agent role from the Datadog collection
   ansible.builtin.import_role:
     name: datadog.dd.agent
@@ -55,6 +68,22 @@
     name: netfilter-persistent
     state: restarted
     enabled: true
+
+- name: Chrony config
+  ansible.builtin.template:
+    src: ../templates/chrony.conf.j2
+    dest: /etc/chrony/chrony.conf
+
+- name: Chrony sources
+  ansible.builtin.copy:
+    src: ../files/sources.list
+    dest: /etc/chrony/sources.d/configured_servers.list
+
+- name: Reload chrony
+  ansible.builtin.systemd_service:
+    name: chrony
+    state: reloaded
+    enabled: true
 
 - name: Bird config
   ansible.builtin.template:
@@ -69,4 +98,3 @@
     name: bird
     state: reloaded
     enabled: true
-    daemon_reload: true
diff --git a/ansible/chrony_server/templates/chrony.conf.j2 b/ansible/chrony_server/templates/chrony.conf.j2
@@ -0,0 +1,53 @@
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usable directives.
+
+# Include configuration files found in /etc/chrony/conf.d.
+confdir /etc/chrony/conf.d
+
+# Use Debian vendor zone.
+pool 2.debian.pool.ntp.org iburst
+
+# Use NTP sources found in /etc/chrony/sources.d.
+sourcedir /etc/chrony/sources.d
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz right/UTC
+
+# Operate as an NTP server for the mesh
+allow 10.0.0.0/8
+allow 23.158.16.0/24
+allow 199.167.59.0/24
+allow 199.170.132.0/24
+allow 208.68.5.0/24
+
+bindaddress {{ NTP_IP }}