From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Thu, 18 Sep 2025 21:01:28 +0000 (-0600)
Subject: Punt NTP and use Chrony.
X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=d357cbe39cf37105632a9fadc98488d0d0cbc7a2;p=Institute

Punt NTP and use Chrony.
---

diff --git a/README.org b/README.org
index 7af2eb8..62e4955 100644
--- a/README.org
+++ b/README.org
@@ -2917,17 +2917,36 @@ themselves to institute clients.  They share the =/etc/server.crt= and
   - Restart Dovecot.
 #+END_SRC
 
-** Install NTP
+** Install Chrony
 
-Core uses NTP to provide a time synchronization service to the campus.
+Core uses Chrony to provide a time synchronization service to the campus.
 The default daemon's default configuration is fine.
 
 #+CAPTION: [[file:roles_t/core/tasks/main.yml][=roles_t/core/tasks/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/core/tasks/main.yml :noweb no-export
 
-- name: Install NTP.
+- name: Install Chrony.
   become: yes
-  apt: pkg=ntp
+  apt: pkg=chrony
+
+- name: Configure NTP service.
+  become: yes
+  copy:
+    content: |
+      allow {{ private_net_cidr }}
+      allow {{ public_wg_net_cidr }}
+      allow {{ campus_wg_net_cidr }}
+    dest: /etc/chrony/conf.d/institute.conf
+  notify: Restart Chrony.
+#+END_SRC
+
+#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/core/handlers/main.yml :noweb no-export
+
+- name: Restart Chrony.
+  systemd:
+    service: chrony
+    state: restarted
 #+END_SRC
 
 ** Configure Postfix on Core
diff --git a/roles_t/core/handlers/main.yml b/roles_t/core/handlers/main.yml
index ad8d341..7e7eda4 100644
--- a/roles_t/core/handlers/main.yml
+++ b/roles_t/core/handlers/main.yml
@@ -31,6 +31,10 @@
     state: reloaded
   tags: actualizer
 
+- name: Restart Chrony.
+  systemd:
+    service: chrony
+    state: restarted
 
 - name: Restart Postfix.
   become: yes
diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml
index bdc99ea..375b763 100644
--- a/roles_t/core/tasks/main.yml
+++ b/roles_t/core/tasks/main.yml
@@ -295,9 +295,19 @@
   - Restart Postfix.
   - Restart Dovecot.
 
-- name: Install NTP.
+- name: Install Chrony.
   become: yes
-  apt: pkg=ntp
+  apt: pkg=chrony
+
+- name: Configure NTP service.
+  become: yes
+  copy:
+    content: |
+      allow {{ private_net_cidr }}
+      allow {{ public_wg_net_cidr }}
+      allow {{ campus_wg_net_cidr }}
+    dest: /etc/chrony/conf.d/institute.conf
+  notify: Restart Chrony.
 
 - name: Install Postfix.
   become: yes