Update config file after upgrade

4 files changed, 18 insertions, 34 deletions

diff --git a/roles/dnsserver/templates/named.conf.j2 b/roles/dnsserver/templates/named.conf.j2
index e790752..422f4d1 100644
--- a/roles/dnsserver/templates/named.conf.j2
+++ b/roles/dnsserver/templates/named.conf.j2
@@ -41,7 +41,7 @@ options {
 	   cause your server to become part of large scale DNS amplification 
 	   attacks. Implementing BCP38 within your network would greatly
 	   reduce such attack surface 
-	 */
+	*/
 	recursion yes;
 	allow-recursion { whitelist-recursion; };
 	allow-transfer { none; };
diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml
index 6930dd8..3d754ad 100644
--- a/roles/mtaserver/tasks/config.yml
+++ b/roles/mtaserver/tasks/config.yml
@@ -83,8 +83,8 @@
   when: mtadomain is defined
 
 - name: Configuration du SPF
-  copy:
-    src: policyd-spf.conf
+  template:
+    src: policyd-spf.conf.j2
     dest: /etc/python-policyd-spf/policyd-spf.conf
     mode: 0644
   when: mtadomain is defined
diff --git a/roles/mtaserver/files/policyd-spf.conf b/roles/mtaserver/templates/policyd-spf.conf.j2
index 3e2a410..675150a 100644
--- a/roles/mtaserver/files/policyd-spf.conf
+++ b/roles/mtaserver/templates/policyd-spf.conf.j2
@@ -1,7 +1,9 @@
 #  For a fully commented sample config file see policyd-spf.conf.commented
 
-debugLevel = 1 
+debugLevel = 1
+{% if ansible_distribution == "Fedora" %}
 TestOnly = 1
+{% endif %}
 
 HELO_reject = Softfail
 Mail_From_reject = Softfail
diff --git a/roles/ntpserver/templates/chrony.conf.j2 b/roles/ntpserver/templates/chrony.conf.j2
index e7e2fd1..1f071dd 100644
--- a/roles/ntpserver/templates/chrony.conf.j2
+++ b/roles/ntpserver/templates/chrony.conf.j2
@@ -2,31 +2,28 @@
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 {% if masterlist is defined %}
 {% for item in masterlist %}
-server {{ item }} iburst
+pool {{ item }} iburst
 {% endfor %}
 {% elif ansible_default_ipv4.network == localnet %}
 {% for item in masterlocal %}
-server {{ item }} iburst
+pool {{ item }} iburst
 {% endfor %}
 {% else %}
 {% for item in slavelist %}
-server {{ item }} iburst
+pool {{ item }} iburst
 {% endfor %}
 {% endif %}
 
-# Ignore stratum in source selection.
-stratumweight 0
-
 # Record the rate at which the system clock gains/losses time.
 driftfile /var/lib/chrony/drift
 
-# Enable kernel RTC synchronization.
-rtcsync
-
-# In first three updates step the system clock instead of slew
-# if the adjustment is larger than 1 second.
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
 makestep 1.0 3
 
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
 # Enable hardware timestamping on all interfaces that support it.
 #hwtimestamp *
 
@@ -36,31 +33,15 @@ makestep 1.0 3
 minsources 1
 
 # Allow NTP client access from local network.
-#allow 192.168/16
+#allow 192.168.0.0/16
 allow
 
-# Listen for commands only on localhost.
-bindcmdaddress 127.0.0.1
-bindcmdaddress ::1
-
-# Serve time even if not synchronized to any NTP server.
-local stratum 10
+# Serve time even if not synchronized to a time source.
+#local stratum 10
 
 # Specify file containing keys for NTP authentication.
 keyfile /etc/chrony.keys
 
-# Specify the key used as password for chronyc.
-commandkey 1
-
-# Generate command key if missing.
-generatecommandkey
-
-# Disable logging of client accesses.
-#noclientlog
-
-# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
-logchange 0.5
-
 # Get TAI-UTC offset and leap seconds from the system tz database.
 leapsectz right/UTC
 
@@ -68,4 +49,5 @@ leapsectz right/UTC
 logdir /var/log/chrony
 
 # Select which information is logged.
+#log measurements statistics tracking
 log measurements statistics tracking