commit 204285bd14be7ec199dcd6e19e13ceffcd3c82fc
Author: baldo <baldo@toppoint.de>
Date:   Sat Aug 29 22:27:47 2015 +0200

    NTP-Server Setup auf srv04.

diff --git a/group_vars/ffhh b/group_vars/ffhh
new file mode 100644
index 0000000..dc06610
--- /dev/null
+++ b/group_vars/ffhh
@@ -0,0 +1,6 @@
+---
+prefix4: 10.112.0.0
+netmask4: 255.255.192.0
+
+prefix6: 2a03:2267:0000:0000:0000:0000:0000:0000
+netmask6: ffff:ffff:ffff:ffff:0000:0000:0000:0000
diff --git a/production b/production
new file mode 100644
index 0000000..5289c2e
--- /dev/null
+++ b/production
@@ -0,0 +1,5 @@
+[services]
+srv04 ansible_ssh_host=80.252.100.116
+
+[ffhh]
+srv04
diff --git a/roles/ntp-server/handlers/main.yml b/roles/ntp-server/handlers/main.yml
new file mode 100644
index 0000000..71e4149
--- /dev/null
+++ b/roles/ntp-server/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart ntpd
+  service: name=ntp state=restarted
diff --git a/roles/ntp-server/tasks/main.yml b/roles/ntp-server/tasks/main.yml
new file mode 100644
index 0000000..5c7d001
--- /dev/null
+++ b/roles/ntp-server/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: be sure ntp is installed
+  apt: name=ntp state=latest
+  tags: ntp
+
+- name: be sure ntp is configured
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf
+  notify:
+    - restart ntpd
+  tags: ntp
+
+- name: be sure ntpd is running and enabled
+  service: name=ntp state=started enabled=yes
+  tags: ntp
diff --git a/roles/ntp-server/templates/ntp.conf.j2 b/roles/ntp-server/templates/ntp.conf.j2
new file mode 100644
index 0000000..3e72675
--- /dev/null
+++ b/roles/ntp-server/templates/ntp.conf.j2
@@ -0,0 +1,37 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+logfile /var/log/ntpstats/ntp.log
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+server 127.127.1.0
+fudge  127.127.1.0 stratum 10
+
+server ptbtime1.ptb.de
+server ptbtime2.ptb.de
+server ptbtime3.ptb.de
+
+# Restrict all incoming connection
+restrict -4 default ignore
+restrict -6 default ignore
+
+restrict 192.53.103.108 nomodify notrap nopeer noquery
+restrict 192.53.103.104 nomodify notrap nopeer noquery
+restrict 192.53.103.103 nomodify notrap nopeer noquery
+ 
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict -6 ::1
+ 
+# Disable the monlist request as this is associated with ntp
+# amplification attacks
+disable monitor
+ 
+restrict {{ prefix4 }} mask {{ netmask4 }} nomodify notrap nopeer
+restrict {{ prefix6 }} mask {{ netmask6 }} nomodify notrap nopeer
+
diff --git a/services.yml b/services.yml
new file mode 100644
index 0000000..fa24abc
--- /dev/null
+++ b/services.yml
@@ -0,0 +1,5 @@
+---
+- hosts: services
+  roles:
+    - ntp-server
+
diff --git a/site.yml b/site.yml
new file mode 100644
index 0000000..cbe077f
--- /dev/null
+++ b/site.yml
@@ -0,0 +1,2 @@
+---
+- include: services.yml