ansible-playbooks/roles/ntp/tasks/main.yml

- name: set ntp_cfg
  set_fact:
    ntp_cfg: "{{ ntp_default_config | d({}) | combine(ntp_config | d({}), recursive=true) }}"


- name: install chrony
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - chrony
      - alpine: chrony-openrc
    notify: restart chrony


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ ntp_user }}"
      group: "{{ ntp_group }}"


- name: disable system clock control in conf.d
  lineinfile:
    path: /etc/conf.d/chronyd
    regexp: '^ARGS='
    line: 'ARGS="-x"'
  notify: restart chrony


- name: create directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ ntp_user }}"
    group: "{{ ntp_group }}"
  loop:
    - "{{ ntp_conf_dir }}"
    - "{{ ntp_tls_dir }}"
    - "{{ ntp_data_dir }}"


- name: template config file
  template:
    src: chrony.j2
    dest: "{{ ntp_conf_dir }}/chrony.conf"
    force: yes
    mode: 0444
    owner: "{{ ntp_user }}"
    group: "{{ ntp_group }}"
    lstrip_blocks: yes
  notify: restart chrony


- name: deploy certs
  include_role:
    name: certs
  vars:
    common:
      owner: "{{ ntp_user }}"
      group: "{{ ntp_group }}"
      post_hook: service chronyd restart
      notify: restart chrony
    certs:
      - cert: "{{ ntp_tls_dir }}/ecc384.crt"
        key: "{{ ntp_tls_dir }}/ecc384.key"
        ecc: yes
      - cert: "{{ ntp_tls_dir }}/rsa2048.crt"
        key: "{{ ntp_tls_dir }}/rsa2048.key"
        ecc: no


- name: flush handlers
  meta: flush_handlers


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ ntp_conf_dir }}"
      - "{{ ntp_tls_dir }}"
      - "{{ ntp_data_dir }}"


- name: enable and start chronyd
  service:
    name: chronyd
    enabled: yes
    state: started