[ntp] allow multiple whitelists

group_vars/ntp_server.yml

@@ -1,4 +1,4 @@
 ---
 glob_ntp_server:
-  adm_network: '172.16.10.0'
-  adm_mask: '255.255.255.0'
+  open:
+    - 172.16.10.0/24

host_vars/charybde.cachan-adm.crans.org.yml

@@ -5,7 +5,9 @@ interfaces:
   infra: eth0.111
 
 loc_ntp_server:
-  adm_network: '172.17.10.0'
+  open:
+    - 172.17.10.0/24
+    - 172.16.32.0/22
 
 loc_vsftpd:
   root: /pool/mirror/pub

roles/ntp-server/templates/ntp.conf.j2

@@ -44,7 +44,9 @@ restrict ::1
 restrict source notrap nomodify noquery
 
 # Server on adm can sync
-restrict {{ ntp_server.adm_network }} mask {{ ntp_server.adm_mask }} notrap nomodify
+{% for cidr in ntp_server.open %}
+restrict {{ cidr | ipaddr('network') }} mask {{ cidr | ipaddr('netmask') }} notrap nomodify
+{% endfor %}
 
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.