diff options
author | Matthieu Saulnier <fantom@fedoraproject.org> | 2019-01-04 23:50:43 +0100 |
---|---|---|
committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2019-01-04 23:50:43 +0100 |
commit | 6d536ced50373a89531a0a62cb2eda9c3f42b06f (patch) | |
tree | 7559d62943941abe9e40e8115ec82c24a59e7b81 | |
parent | abdbfcbfab3e89f405539553448e19adb6cdb01a (diff) | |
download | playbooks-ansible-6d536ced50373a89531a0a62cb2eda9c3f42b06f.tar.gz playbooks-ansible-6d536ced50373a89531a0a62cb2eda9c3f42b06f.tar.xz playbooks-ansible-6d536ced50373a89531a0a62cb2eda9c3f42b06f.zip |
Update config file after upgrade
-rw-r--r-- | roles/dnsserver/templates/named.conf.j2 | 2 | ||||
-rw-r--r-- | roles/mtaserver/tasks/config.yml | 4 | ||||
-rw-r--r-- | roles/mtaserver/templates/policyd-spf.conf.j2 (renamed from roles/mtaserver/files/policyd-spf.conf) | 4 | ||||
-rw-r--r-- | roles/ntpserver/templates/chrony.conf.j2 | 42 |
4 files changed, 18 insertions, 34 deletions
diff --git a/roles/dnsserver/templates/named.conf.j2 b/roles/dnsserver/templates/named.conf.j2 index e790752..422f4d1 100644 --- a/roles/dnsserver/templates/named.conf.j2 +++ b/roles/dnsserver/templates/named.conf.j2 @@ -41,7 +41,7 @@ options { cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface - */ + */ recursion yes; allow-recursion { whitelist-recursion; }; allow-transfer { none; }; diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml index 6930dd8..3d754ad 100644 --- a/roles/mtaserver/tasks/config.yml +++ b/roles/mtaserver/tasks/config.yml @@ -83,8 +83,8 @@ when: mtadomain is defined - name: Configuration du SPF - copy: - src: policyd-spf.conf + template: + src: policyd-spf.conf.j2 dest: /etc/python-policyd-spf/policyd-spf.conf mode: 0644 when: mtadomain is defined diff --git a/roles/mtaserver/files/policyd-spf.conf b/roles/mtaserver/templates/policyd-spf.conf.j2 index 3e2a410..675150a 100644 --- a/roles/mtaserver/files/policyd-spf.conf +++ b/roles/mtaserver/templates/policyd-spf.conf.j2 @@ -1,7 +1,9 @@ # For a fully commented sample config file see policyd-spf.conf.commented -debugLevel = 1 +debugLevel = 1 +{% if ansible_distribution == "Fedora" %} TestOnly = 1 +{% endif %} HELO_reject = Softfail Mail_From_reject = Softfail diff --git a/roles/ntpserver/templates/chrony.conf.j2 b/roles/ntpserver/templates/chrony.conf.j2 index e7e2fd1..1f071dd 100644 --- a/roles/ntpserver/templates/chrony.conf.j2 +++ b/roles/ntpserver/templates/chrony.conf.j2 @@ -2,31 +2,28 @@ # Please consider joining the pool (http://www.pool.ntp.org/join.html). {% if masterlist is defined %} {% for item in masterlist %} -server {{ item }} iburst +pool {{ item }} iburst {% endfor %} {% elif ansible_default_ipv4.network == localnet %} {% for item in masterlocal %} -server {{ item }} iburst +pool {{ item }} iburst {% endfor %} {% else %} {% for item in slavelist %} -server {{ item }} iburst +pool {{ item }} iburst {% endfor %} {% endif %} -# Ignore stratum in source selection. -stratumweight 0 - # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift -# Enable kernel RTC synchronization. -rtcsync - -# In first three updates step the system clock instead of slew -# if the adjustment is larger than 1 second. +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. makestep 1.0 3 +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * @@ -36,31 +33,15 @@ makestep 1.0 3 minsources 1 # Allow NTP client access from local network. -#allow 192.168/16 +#allow 192.168.0.0/16 allow -# Listen for commands only on localhost. -bindcmdaddress 127.0.0.1 -bindcmdaddress ::1 - -# Serve time even if not synchronized to any NTP server. -local stratum 10 +# Serve time even if not synchronized to a time source. +#local stratum 10 # Specify file containing keys for NTP authentication. keyfile /etc/chrony.keys -# Specify the key used as password for chronyc. -commandkey 1 - -# Generate command key if missing. -generatecommandkey - -# Disable logging of client accesses. -#noclientlog - -# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. -logchange 0.5 - # Get TAI-UTC offset and leap seconds from the system tz database. leapsectz right/UTC @@ -68,4 +49,5 @@ leapsectz right/UTC logdir /var/log/chrony # Select which information is logged. +#log measurements statistics tracking log measurements statistics tracking |