feat(time): add optional chrony conf.d drop-ins

README.md

@@ -8,26 +8,41 @@ Configuration of timezone and ntp settings
  * Fedora 25 Server
 
 ## Configuration
-| Name | Default value | Description |
-|------|---------------|-------------|
-|`timezone_area` | `Europe` | Timezone area |
-|`timezone` | `Zurich` | Exact timezone (area needs to match) |
-|`ntp_servers` | `["time.ethz.ch", "swisstime.ethz.ch"]` | Timeservers. Note that these are only guaranteed to be accessible from inside ETH's network, so you might need to specify different ones. |
-|`ntp_sources_dir` | `/etc/chrony/sources.d` | Directory for optional Chrony source drop-ins. |
-|`ntp_sources_files` | `[]` | Optional list of drop-in files and server lists to render as `server ... iburst` lines. |
+| Name                             | Default value                           | Description                                                                                                                               |
+| -------------------------------- | --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| `timezone_area`                  | `Europe`                                | Timezone area                                                                                                                             |
+| `timezone`                       | `Zurich`                                | Exact timezone (area needs to match)                                                                                                      |
+| `ntp_servers`                    | `["time.ethz.ch", "swisstime.ethz.ch"]` | Timeservers. Note that these are only guaranteed to be accessible from inside ETH's network, so you might need to specify different ones. |
+| `chrony_conf_dropin_enabled`     | `false`                                 | Enable managed config drop-in mode (keep vendor main config).                                                                             |
+| `chrony_conf_dropin_dir`         | `/etc/chrony/conf.d`                    | Directory for managed Chrony config drop-in file.                                                                                         |
+| `chrony_conf_dropin_file`        | `custom.conf`                           | Filename for managed Chrony config drop-in file.                                                                                          |
+| `chrony_sources_dropins_enabled` | `false`                                 | Enable Chrony `sources.d` drop-ins management.                                                                                            |
+| `chrony_sources_dropins_dir`     | `/etc/chrony/sources.d`                 | Directory for Chrony source drop-in files.                                                                                                |
+| `chrony_sources_dropins_files`   | `[]`                                    | List of source files with `name` and `servers`.                                                                                           |
 
 ### Proxmox 9 / Debian Trixie drop-in example
 
-Keep existing role behavior (`ntp_servers` still drives `chrony.conf`) and add source drop-ins:
+Keep vendor `chrony.conf`, manage our config via conf.d drop-in, and optional sources.d files:
 
 ```yaml
 time_client_override: chrony
-ntp_sources_files:
-  - name: ethz.sources
-    servers: [time.ethz.ch, time6.ethz.ch]
-  - name: swiss.sources
-    servers: [0.ch.pool.ntp.org, 1.ch.pool.ntp.org, 2.ch.pool.ntp.org, 3.ch.pool.ntp.org]
+
+chrony_conf_dropin_enabled: true
+chrony_conf_dropin_dir: /etc/chrony/conf.d
+chrony_conf_dropin_file: vis.conf
+
+chrony_sources_dropins_enabled: true
+chrony_sources_dropins_dir: /etc/chrony/sources.d
+chrony_sources_dropins_files:
+    - name: ethz.sources
+      servers: [time.ethz.ch, time6.ethz.ch]
+    - name: swiss.sources
+      servers: [0.ch.pool.ntp.org, 1.ch.pool.ntp.org, 2.ch.pool.ntp.org, 3.ch.pool.ntp.org]
 ```
 
+When `chrony_conf_dropin_enabled` or `chrony_sources_dropins_enabled` is true,
+the role performs independent preflight checks that `{{ time_chrony_conf_path }}`
+contains the matching `confdir`/`sourcedir` directives for the configured directories.
+
 ## License
 GPLv3

defaults/main.yml

@@ -15,13 +15,15 @@ ntp_servers:
   - time.ethz.ch
   - swisstime.ethz.ch
 
+chrony_conf_dropin_enabled: false
+chrony_conf_dropin_dir: /etc/chrony/conf.d
+chrony_conf_dropin_file: custom.conf
+
 # Optional Chrony drop-in source files.
 # The legacy ntp_servers-based chrony.conf remains managed as before.
-ntp_sources_dir: /etc/chrony/sources.d
-
-# List of drop-in source files to manage.
-# Example:
-# ntp_sources_files:
-#   - name: ethz.sources
-#     servers: [time.ethz.ch, time6.ethz.ch]
-ntp_sources_files: []
+chrony_sources_dropins_enabled: false
+chrony_sources_dropins_dir: /etc/chrony/sources.d
+chrony_sources_dropins_files: []
+  # files:
+  #   - name: ethz.sources
+  #     servers: [time.ethz.ch, time6.ethz.ch]

tasks/chrony.yml

@@ -11,6 +11,28 @@
     name: chrony
     state: present
 
+- name: Ensure chrony sources.d support is configured
+  become: true
+  ansible.builtin.lineinfile:
+    path: "{{ time_chrony_conf_path }}"
+    regexp: "^\\s*sourcedir\\s+{{ chrony_sources_dropins_dir | regex_escape }}/?\\s*$"
+    line: "sourcedir {{ chrony_sources_dropins_dir }}"
+    state: present
+    create: false
+    backup: true
+  when: chrony_sources_dropins_enabled
+
+- name: Ensure chrony conf.d support is configured
+  become: true
+  ansible.builtin.lineinfile:
+    path: "{{ time_chrony_conf_path }}"
+    regexp: "^\\s*confdir\\s+{{ chrony_conf_dropin_dir | regex_escape }}/?\\s*$"
+    line: "confdir {{ chrony_conf_dropin_dir }}"
+    state: present
+    create: false
+    backup: true
+  when: chrony_conf_dropin_enabled
+
 - name: Install chronyd configuration
   become: true
   ansible.builtin.template:
@@ -21,29 +43,52 @@
     mode: "0644"
   notify:
     - Restart chronyd
+  when: not chrony_conf_dropin_enabled
+
+- name: Ensure chrony conf.d exists
+  become: true
+  ansible.builtin.file:
+    path: "{{ chrony_conf_dropin_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  when: chrony_conf_dropin_enabled
 
 - name: Ensure chrony sources.d exists
   become: true
   ansible.builtin.file:
-    path: "{{ ntp_sources_dir }}"
+    path: "{{ chrony_sources_dropins_dir }}"
     state: directory
     owner: root
     group: root
     mode: "0755"
-  when: ntp_sources_files | length > 0
+  when: chrony_sources_dropins_enabled
+
+- name: Install chronyd conf.d drop-in
+  become: true
+  ansible.builtin.template:
+    src: etc_chrony.conf.j2
+    dest: "{{ chrony_conf_dropin_dir }}/{{ chrony_conf_dropin_file }}"
+    owner: root
+    group: root
+    mode: "0644"
+  notify:
+    - Restart chronyd
+  when: chrony_conf_dropin_enabled
 
 - name: Install chronyd source drop-ins
   become: true
   ansible.builtin.template:
-    src: chrony_source_file.j2
-    dest: "{{ ntp_sources_dir }}/{{ item.name }}"
+    src: chrony_sources_file.conf.j2
+    dest: "{{ chrony_sources_dropins_dir }}/{{ item.name }}"
     owner: root
     group: root
     mode: "0644"
-  loop: "{{ ntp_sources_files }}"
+  loop: "{{ chrony_sources_dropins_files }}"
   notify:
     - Restart chronyd
-  when: ntp_sources_files | length > 0
+  when: chrony_sources_dropins_enabled
 
 - name: Enable chronyd
   become: true

tasks/main.yml

@@ -2,6 +2,11 @@
 - name: Load OS specific variables
   ansible.builtin.include_vars: "{{ ansible_facts.distribution }}.yml"
 
+- name: Load OS release specific variables
+  ansible.builtin.include_vars:
+    file: "{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_release }}.yml"
+  failed_when: false
+
 - name: Override default time client variable
   ansible.builtin.set_fact:
     time_client: "{{ time_client_override }}"

templates/chrony_sources_file.conf.j2

@@ -0,0 +1,4 @@
+# Managed with Ansible
+{% for s in item.servers %}
+server {{ s }} iburst
+{% endfor %}

vars/Debian-trixie.yml

@@ -0,0 +1,8 @@
+---
+# Debian 13 / Trixie: keep vendor chrony.conf and manage drop-ins.
+chrony_conf_dropin_enabled: true
+chrony_conf_dropin_dir: /etc/chrony/conf.d
+chrony_conf_dropin_file: vis.conf
+
+chrony_sources_dropins_enabled: true
+chrony_sources_dropins_dir: /etc/chrony/sources.d