diff --git a/group_vars/ntp_server.yml b/group_vars/ntp_server.yml
new file mode 100644
index 00000000..15a95434
--- /dev/null
+++ b/group_vars/ntp_server.yml
@@ -0,0 +1,4 @@
+---
+glob_ntp_server:
+  adm_network: '172.16.10.0'
+  adm_mask: '255.255.255.0'
diff --git a/host_vars/charybde.cachan-adm.crans.org.yml b/host_vars/charybde.cachan-adm.crans.org.yml
index eab89037..582ae55a 100644
--- a/host_vars/charybde.cachan-adm.crans.org.yml
+++ b/host_vars/charybde.cachan-adm.crans.org.yml
@@ -4,6 +4,9 @@ interfaces:
   cachan_srv: eth1.2
   infra: eth0.111
 
+loc_ntp_server:
+  adm_network: '172.17.10.0'
+
 loc_vsftpd:
   root: /pool/mirror/pub
 
diff --git a/plays/ntp.yml b/plays/ntp.yml
index 74918669..ec294a7c 100755
--- a/plays/ntp.yml
+++ b/plays/ntp.yml
@@ -3,5 +3,7 @@
 # NTP client is in utilities.yml
 
 - hosts: ntp_server
+  vars:
+    ntp_server: "{{ glob_ntp_server | default({}) | combine(loc_ntp_server | default({})) }}"
   roles:
     - ntp-server
diff --git a/roles/ntp-server/templates/ntp.conf.j2 b/roles/ntp-server/templates/ntp.conf.j2
index 5d480582..42d7fa25 100644
--- a/roles/ntp-server/templates/ntp.conf.j2
+++ b/roles/ntp-server/templates/ntp.conf.j2
@@ -44,7 +44,7 @@ restrict ::1
 restrict source notrap nomodify noquery
 
 # Server on adm can sync
-restrict 172.16.10.0 mask 255.255.255.0 notrap nomodify
+restrict {{ ntp_server.adm_network }} mask {{ ntp_server.adm_mask }} notrap nomodify
 
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.