# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
{% if chrony_ntpservers is defined or chrony_ntppools is defined %}
{% if chrony_ntpservers is defined %}
{% for ntpserver in chrony_ntpservers %}
server {{ ntpserver }} iburst
{% endfor %}
{% endif %}
{% if chrony_ntppools is defined %}
{% for ntppool in chrony_ntppools %}
pool {{ ntppool }} iburst
{% endfor %}
{% endif %}
{% endif %}

{% if ansible_os_family == "RedHat" and ansible_distribution_major_version >= "9" %}
# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp

{% endif %}
{% if chrony_clients is defined %}
# Ignore stratum in source selection.
stratumweight 0

{% endif %}
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
{% if chrony_allowclients %}
{% for client in chrony_clients %}
allow {{ client }}
{% endfor %}
{% else %}
#allow 192.168.0.0/16
{% endif %}

# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
cmdallow 127.0.0.1
cmdallow ::1

# Serve time even if not synchronized to a time source.
#local stratum 10

{% if ansible_os_family == "RedHat" and ansible_distribution_major_version >= "9" %}
# Require authentication (nts or key option) for all NTP sources.
#authselectmode require

{% endif %}
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

{% if ansible_os_family == "RedHat" and ansible_distribution_major_version >= "9" %}
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony

# Insert/delete leap seconds by slewing instead of stepping.
#leapsecmode slew

{% endif %}
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Disable logging of client accesses.
#noclientlog

# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking