From 23768ec2bc76486666fd427331094d7d44f1b2ff Mon Sep 17 00:00:00 2001 From: shirenn Date: Fri, 25 Jun 2021 10:40:05 +0200 Subject: [PATCH] [ntp] allow multiple whitelists --- group_vars/ntp_server.yml | 4 ++-- host_vars/charybde.cachan-adm.crans.org.yml | 4 +++- roles/ntp-server/templates/ntp.conf.j2 | 4 +++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/group_vars/ntp_server.yml b/group_vars/ntp_server.yml index 15a95434..9488a18b 100644 --- a/group_vars/ntp_server.yml +++ b/group_vars/ntp_server.yml @@ -1,4 +1,4 @@ --- glob_ntp_server: - adm_network: '172.16.10.0' - adm_mask: '255.255.255.0' + open: + - 172.16.10.0/24 diff --git a/host_vars/charybde.cachan-adm.crans.org.yml b/host_vars/charybde.cachan-adm.crans.org.yml index 582ae55a..3fe27538 100644 --- a/host_vars/charybde.cachan-adm.crans.org.yml +++ b/host_vars/charybde.cachan-adm.crans.org.yml @@ -5,7 +5,9 @@ interfaces: infra: eth0.111 loc_ntp_server: - adm_network: '172.17.10.0' + open: + - 172.17.10.0/24 + - 172.16.32.0/22 loc_vsftpd: root: /pool/mirror/pub diff --git a/roles/ntp-server/templates/ntp.conf.j2 b/roles/ntp-server/templates/ntp.conf.j2 index 42d7fa25..e16b4cdb 100644 --- a/roles/ntp-server/templates/ntp.conf.j2 +++ b/roles/ntp-server/templates/ntp.conf.j2 @@ -44,7 +44,9 @@ restrict ::1 restrict source notrap nomodify noquery # Server on adm can sync -restrict {{ ntp_server.adm_network }} mask {{ ntp_server.adm_mask }} notrap nomodify +{% for cidr in ntp_server.open %} +restrict {{ cidr | ipaddr('network') }} mask {{ cidr | ipaddr('netmask') }} notrap nomodify +{% endfor %} # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated.