[ntp_server] Update adm restriction for Cachan

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-06-24 21:51:52 +02:00 · 2021-06-24 21:51:52 +02:00 · f6b2ff4804
parent fee42cd5ea
commit f6b2ff4804
4 changed files with 10 additions and 1 deletions
--- a/group_vars/ntp_server.yml
+++ b/group_vars/ntp_server.yml
@ -0,0 +1,4 @@
+---
+glob_ntp_server:
+  adm_network: '172.16.10.0'
+  adm_mask: '255.255.255.0'
--- a/host_vars/charybde.cachan-adm.crans.org.yml
+++ b/host_vars/charybde.cachan-adm.crans.org.yml
@ -4,6 +4,9 @@ interfaces:
  cachan_srv: eth1.2
  infra: eth0.111

+loc_ntp_server:
+  adm_network: '172.17.10.0'
+
 loc_vsftpd:
  root: /pool/mirror/pub

--- a/plays/ntp.yml
+++ b/plays/ntp.yml
@ -3,5 +3,7 @@
 # NTP client is in utilities.yml

 - hosts: ntp_server
+  vars:
+    ntp_server: "{{ glob_ntp_server | default({}) | combine(loc_ntp_server | default({})) }}"
  roles:
    - ntp-server
--- a/roles/ntp-server/templates/ntp.conf.j2
+++ b/roles/ntp-server/templates/ntp.conf.j2
@ -44,7 +44,7 @@ restrict ::1
 restrict source notrap nomodify noquery

 # Server on adm can sync
-restrict 172.16.10.0 mask 255.255.255.0 notrap nomodify
+restrict {{ ntp_server.adm_network }} mask {{ ntp_server.adm_mask }} notrap nomodify

 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.