crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[ntp_server] Update adm restriction for Cachan 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2021-06-24 21:51:52 +02:00
parent fee42cd5ea
commit f6b2ff4804
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
4 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
group_vars/ntp_server.yml 100644
View File

@ -0,0 +1,4 @@
---
glob_ntp_server:
adm_network: '172.16.10.0'
adm_mask: '255.255.255.0'

3
host_vars/charybde.cachan-adm.crans.org.yml
View File

@ -4,6 +4,9 @@ interfaces:
cachan_srv: eth1.2 cachan_srv: eth1.2
infra: eth0.111 infra: eth0.111
loc_ntp_server:
adm_network: '172.17.10.0'
loc_vsftpd: loc_vsftpd:
root: /pool/mirror/pub root: /pool/mirror/pub

2
plays/ntp.yml
View File

@ -3,5 +3,7 @@
# NTP client is in utilities.yml # NTP client is in utilities.yml
- hosts: ntp_server - hosts: ntp_server
vars:
ntp_server: "{{ glob_ntp_server | default({}) | combine(loc_ntp_server | default({})) }}"
roles: roles:
- ntp-server - ntp-server

2
roles/ntp-server/templates/ntp.conf.j2
View File

@ -44,7 +44,7 @@ restrict ::1
restrict source notrap nomodify noquery restrict source notrap nomodify noquery
# Server on adm can sync # Server on adm can sync
restrict 172.16.10.0 mask 255.255.255.0 notrap nomodify restrict {{ ntp_server.adm_network }} mask {{ ntp_server.adm_mask }} notrap nomodify
# Clients from this (example!) subnet have unlimited access, but only if # Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated. # cryptographically authenticated.