root / manifests / rules / out / chrony.pp @ 7937a13b
Historique | Voir | Annoter | Télécharger (840 octets)
| 1 | 7937a13b | Tim Meusel | # @summary manage out chrony |
|---|---|---|---|
| 2 | # @param servers single IP-Address or array of IP-addresses from NTP servers |
||
| 3 | class nftables::rules::out::chrony ( |
||
| 4 | Array[Stdlib::IP::Address] $servers = [], |
||
| 5 | ) {
|
||
| 6 | if empty($servers) {
|
||
| 7 | nftables::rule {
|
||
| 8 | 'default_out-chrony': |
||
| 9 | content => 'udp dport 123 accept', |
||
| 10 | } |
||
| 11 | } else {
|
||
| 12 | $ipv6_servers = $servers.filter |$ip| { $ip =~ Stdlib::IP::Address::V6 }
|
||
| 13 | $ipv4_servers = $servers.filter |$ip| { $ip =~ Stdlib::IP::Address::V4 }
|
||
| 14 | unless empty($ipv6_servers) {
|
||
| 15 | nftables::rule { 'default_out-chrony_v6':
|
||
| 16 | content => "ip6 daddr {${join($ipv6_servers, ',')}} udp dport 123 accept",
|
||
| 17 | } |
||
| 18 | } |
||
| 19 | unless empty($ipv4_servers) {
|
||
| 20 | nftables::rule { 'default_out-chrony_v4':
|
||
| 21 | content => "ip daddr {${join($ipv4_servers, ',')}} udp dport 123 accept",
|
||
| 22 | } |
||
| 23 | } |
||
| 24 | 0ba57c66 | mh | } |
| 25 | } |