From bc84cec5fbe7880f2b51d276f9eb776255769c03 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Tue, 28 Nov 2023 03:05:59 +0100
Subject: [PATCH] consider using ntpsec for Debian instead of ntp

---
 README.md                             |  7 ++++++
 defaults/main.yml                     |  9 ++++++++
 tasks/config.yml                      |  9 ++++++++
 tasks/packages/setup-Linux.yml        |  8 ++++++-
 templates/ntp.conf.j2                 | 31 +++++++++++++++++++--------
 vars/{Archlinux.yml => ArchLinux.yml} |  5 +++--
 vars/Darwin.yml                       |  3 ++-
 vars/Debian.yml                       |  7 +++---
 vars/FreeBSD.yml                      |  1 +
 vars/Gentoo.yml                       |  1 +
 vars/OpenBSD.yml                      |  1 +
 vars/RedHat.yml                       |  1 +
 vars/Suse.yml                         |  1 +
 vars/fallback.yml                     |  1 +
 vars/main.yml                         |  2 +-
 15 files changed, 70 insertions(+), 17 deletions(-)
 rename vars/{Archlinux.yml => ArchLinux.yml} (56%)

diff --git a/README.md b/README.md
index 4d400da..01fc431 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,10 @@ ntp_servers:
 ntp_set_time_zone: false
 ntp_timezone: 'Europe/Berlin'
 
+# Leap seconds definition provided by tzdata
+ntp_leap: true
+ntp_leapfile: '/usr/share/zoneinfo/leap-seconds.list'
+
 # Enable or disable ntp statistics
 ntp_statistics: false
 
@@ -83,6 +87,9 @@ You can install it with this command:
 ansible-galaxy collection install -r requirements.yml --upgrade
 ```
 
+## Testing
+This role is tested on debian stable. It should work on other operating systems. Please Report issues if it does not work.
+
 ## Author Information
 
 + This role was created in 2018 by diodonfrost.
diff --git a/defaults/main.yml b/defaults/main.yml
index 3a0edb1..0663676 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -20,10 +20,19 @@ ntp_servers:
 
 # Enable or disable ntp statistics
 ntp_statistics: false
+ntp_ntpstats_dir: '/var/log/ntpstats/'
+ntp_statistics_overview:
+  - 'clockstats'
+  - 'peerstats'
+  - 'loopstats'
 
 # optionally set timezone
 ntp_set_time_zone: false
 ntp_timezone: 'Europe/Berlin'
 
+# Leap seconds definition provided by tzdata
+ntp_leap: true
+ntp_leapfile: '/usr/share/zoneinfo/leap-seconds.list'
+
 # version check for this playbook (true is recomended)
 submodules_versioncheck: false
diff --git a/tasks/config.yml b/tasks/config.yml
index 462f4a7..621fbe2 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -8,3 +8,12 @@
     group: "{{ ntp_configfile_group }}"
     mode: 0644
   notify: "Restart ntp daemons on {{ ansible_system }}"
+
+- name: Create logging folder
+  become: true
+  ansible.builtin.file:
+    path: "{{ ntp_ntpstats_dir }}"
+    state: directory
+    mode: 0755
+    owner: ntp
+    group: ntp
diff --git a/tasks/packages/setup-Linux.yml b/tasks/packages/setup-Linux.yml
index a8c9408..656ae71 100644
--- a/tasks/packages/setup-Linux.yml
+++ b/tasks/packages/setup-Linux.yml
@@ -16,7 +16,13 @@
   when: ansible_os_family == "Gentoo"
   tags: 'skip_ansible_lint'
 
-- name: Install ntp daemon on Linux
+- name: Remove ntp legacy daemon on Linux
+  become: true
+  ansible.builtin.package:
+    name: "{{ ntp_package_absent }}"
+    state: absent
+
+- name: Install ntpsec daemon on Linux
   become: true
   ansible.builtin.package:
     name: "{{ ntp_package }}"
diff --git a/templates/ntp.conf.j2 b/templates/ntp.conf.j2
index 3808ca7..b0eafd9 100644
--- a/templates/ntp.conf.j2
+++ b/templates/ntp.conf.j2
@@ -1,13 +1,18 @@
-#####################################
-##                                 ##
-## THIS FILE IS MANAGED BY ANSIBLE ##
-##                                 ##
-##        It is about time         ##
-##                                 ##
-#####################################
-# > galaxy.ansible.com/do1jlr/ntp < #
+######################################################
+##                                                  ##
+##       THIS  FILE  IS  MANAGED  BY  ANSIBLE       ##
+##                                                  ##
+##                It is about time                  ##
+##                                                  ##
+######################################################
+# > galaxy.ansible.com/ui/repo/published/l3d/time/ < #
 driftfile {{ ntp_driftfile }}
 
+{% if ntp_leap %}
+# Leap seconds definition provided by tzdata
+leapfile {{ ntp_leapfile }}
+{% endif %}
+
 {% for restrict_ip in ntp_restrict %}
 restrict {{ restrict_ip }}
 {% endfor %}
@@ -17,5 +22,13 @@ server {{ pool_server }}
 {% endfor %}
 
 {% if ntp_statistics | bool %}
-statistics clockstats cryptostats loopstats peerstats
+statistics {{ ntp_statistics_overview | join(' ') }}
+
+# Enable this if you want statistics to be logged.
+statsdir {{ ntp_ntpstats_dir }}
+
+{%     for stat in ntp_statistics_overview %}
+filegen {{ stat }} file {{ stat }} type day enable
+{%     endfor %}
+
 {% endif %}
diff --git a/vars/Archlinux.yml b/vars/ArchLinux.yml
similarity index 56%
rename from vars/Archlinux.yml
rename to vars/ArchLinux.yml
index 8af4b2a..20d7e4a 100644
--- a/vars/Archlinux.yml
+++ b/vars/ArchLinux.yml
@@ -1,8 +1,9 @@
 ---
-ntp_package: ntp
+ntp_package: 'ntpsec'
+ntp_package_absent: 'ntp'
 ntp_service: ntpd
 
-ntp_configfile: /etc/ntp.conf
+ntp_configfile: /etc/ntpsec/ntp.conf
 ntp_configfile_user: root
 ntp_configfile_group: root
 ntp_driftfile: /var/lib/ntp/drift
diff --git a/vars/Darwin.yml b/vars/Darwin.yml
index 1fd4437..3c3122b 100644
--- a/vars/Darwin.yml
+++ b/vars/Darwin.yml
@@ -1,6 +1,7 @@
 ---
-ntp_package:
+ntp_package: ntp
 ntp_service: ntp
+ntp_package_absent: []
 
 ntp_configfile: /private/etc/ntp.conf
 ntp_configfile_user: root
diff --git a/vars/Debian.yml b/vars/Debian.yml
index 8baf56d..1030a0a 100644
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@@ -1,8 +1,9 @@
 ---
-ntp_package: ntp
-ntp_service: ntp
+ntp_package: 'ntpsec'
+ntp_package_absent: 'ntp'
+ntp_service: 'ntpsec'
 
-ntp_configfile: /etc/ntp.conf
+ntp_configfile: '/etc/ntpsec/ntp.conf'
 ntp_configfile_user: root
 ntp_configfile_group: root
 ntp_driftfile: /var/lib/ntp/drift
diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml
index 6376ef9..a4125cd 100644
--- a/vars/FreeBSD.yml
+++ b/vars/FreeBSD.yml
@@ -1,5 +1,6 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
 
 ntp_configfile: /etc/ntp.conf
diff --git a/vars/Gentoo.yml b/vars/Gentoo.yml
index 37669f3..90bed2d 100644
--- a/vars/Gentoo.yml
+++ b/vars/Gentoo.yml
@@ -1,5 +1,6 @@
 ---
 ntp_package: net-misc/ntp
+ntp_package_absent: []
 ntp_service: ntp-client
 
 ntp_configfile: /etc/ntp.conf
diff --git a/vars/OpenBSD.yml b/vars/OpenBSD.yml
index 6376ef9..a4125cd 100644
--- a/vars/OpenBSD.yml
+++ b/vars/OpenBSD.yml
@@ -1,5 +1,6 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
 
 ntp_configfile: /etc/ntp.conf
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 8af4b2a..cde03c9 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -1,5 +1,6 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
 
 ntp_configfile: /etc/ntp.conf
diff --git a/vars/Suse.yml b/vars/Suse.yml
index 6055d7c..e404e77 100644
--- a/vars/Suse.yml
+++ b/vars/Suse.yml
@@ -1,5 +1,6 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
 
 ntp_configfile: /etc/ntp.conf
diff --git a/vars/fallback.yml b/vars/fallback.yml
index 8baf56d..128bfaa 100644
--- a/vars/fallback.yml
+++ b/vars/fallback.yml
@@ -1,5 +1,6 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntp
 
 ntp_configfile: /etc/ntp.conf
diff --git a/vars/main.yml b/vars/main.yml
index 2873615..fd644b4 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,5 +1,5 @@
 ---
-playbook_version_number: 2060
+playbook_version_number: 2061
 ntp__playbook_version_path: 'role-ntp_chaos-bodensee_github.com.version'
 
 ntp__vars: