---
- name: install NTP package
  package:
    name: "ntp"
    state: present
    update_cache: yes

- name: set system timezone to {{ ntp_timezone }}"
  community.general.timezone:
    name: "{{ ntp_timezone }}"
  notify: "Restart ntpd service"

- name: ensure NTP drift file directory exists
  ansible.builtin.file:
    path: "{{ ntp_drift_file | dirname }}"
    state: directory
    owner: "ntp"
    group: "ntp"
    mode: "0750"

- name: setup systems timezone
  community.general.timezone:
    name: "{{ ntp_timezone }}"
  notify: Restart chronyd # Redémarrer chrony peut être utile après un changement de TZ pour qu'il la prenne bien en compte dans ses logs/opérations

- name: "configure {{ ntp_config_file }}"
  ansible.builtin.template:
    src: "ntp.conf.j2"
    dest: "{{ ntp_config_file }}"
    owner: root
    group: root
    mode: "0644"
  notify: "Restart ntpd service"

- name: "ensure ntpd service is started and enabled"
  ansible.builtin.systemd:
    name: "ntpd"
    state: started
    enabled: true

- name: "configure ufw firewall"
  community.general.ufw:
    rule: allow
    port: "{{ ntp_port }}"
    proto: udp
    src: "{{ item }}"
    direction: in
  loop: "{{ ntp_firewall_allowed_sources | default([]) }}"