---
- name: Install NTP package
  ansible.builtin.package:
    name: "ntp"
    state: present
    update_cache: true

- name: Set system timezone to {{ ntp_timezone }}"
  community.general.timezone:
    name: "{{ ntp_timezone }}"
  notify: "Restart ntpd service"

- name: Ensure NTP drift file directory exists
  ansible.builtin.file:
    path: "{{ ntp_drift_file | dirname }}"
    state: directory
    owner: "ntp"
    group: "ntp"
    mode: "0750"

- name: Setup systems timezone
  community.general.timezone:
    name: "{{ ntp_timezone }}"
  notify: Restart chronyd # Redémarrer chrony peut être utile après un changement de TZ pour qu'il la prenne bien en compte dans ses logs/opérations

- name: "Configure {{ ntp_config_file }}"
  ansible.builtin.template:
    src: "ntp.conf.j2"
    dest: "{{ ntp_config_file }}"
    owner: root
    group: root
    mode: "0644"
  notify: "Restart ntpd service"

- name: "Ensure ntpd service is started and enabled"
  ansible.builtin.systemd:
    name: "ntpd"
    state: started
    enabled: true

- name: "Configure ufw firewall"
  community.general.ufw:
    rule: allow
    port: "{{ ntp_port }}"
    proto: udp
    src: "{{ item }}"
    direction: in
    comment: "NTP traffic"
  loop: "{{ ntp_firewall_allowed_sources | default([]) }}"
  retries: 5
  delay: 2
  register: ufw_result
  until: ufw_result is succeeded