crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[ntp] allow multiple whitelists

certbot_on_virtu
_shirenn 2021-06-25 10:40:05 +02:00
parent 59234d6de8
commit 23768ec2bc
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
group_vars/ntp_server.yml
View File

@ -1,4 +1,4 @@
--- ---
glob_ntp_server: glob_ntp_server:
adm_network: '172.16.10.0' open:
adm_mask: '255.255.255.0' - 172.16.10.0/24

4
host_vars/charybde.cachan-adm.crans.org.yml
View File

@ -5,7 +5,9 @@ interfaces:
infra: eth0.111 infra: eth0.111
loc_ntp_server: loc_ntp_server:
adm_network: '172.17.10.0' open:
- 172.17.10.0/24
- 172.16.32.0/22
loc_vsftpd: loc_vsftpd:
root: /pool/mirror/pub root: /pool/mirror/pub

4
roles/ntp-server/templates/ntp.conf.j2
View File

@ -44,7 +44,9 @@ restrict ::1
restrict source notrap nomodify noquery restrict source notrap nomodify noquery
# Server on adm can sync # Server on adm can sync
restrict {{ ntp_server.adm_network }} mask {{ ntp_server.adm_mask }} notrap nomodify {% for cidr in ntp_server.open %}
restrict {{ cidr | ipaddr('network') }} mask {{ cidr | ipaddr('netmask') }} notrap nomodify
{% endfor %}
# Clients from this (example!) subnet have unlimited access, but only if # Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated. # cryptographically authenticated.