adds timesyncd role

.github/workflows/molecule-timesyncd.yml

@@ -0,0 +1,50 @@
+---
+
+name: molecule-timesyncd
+
+on:
+  pull_request:
+    paths:
+      - .config/molecule
+      - .github/workflows/molecule-timesyncd.yml
+      - roles/systemd_timesyncd
+  push:
+    branches:
+      - main
+      - wip/next
+    paths:
+      - .config/molecule
+      - .github/workflows/molecule-timesyncd.yml
+      - roles/systemd_timesyncd
+
+jobs:
+
+  molecule:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        distro:
+          - archlinux
+          - debian-bullseye
+          - debian-bookworm
+          - ubuntu-focal
+          - ubuntu-jammy
+          - ubuntu-noble
+        scenario:
+          - default
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+      - run: pip3 install ansible molecule molecule-plugins[docker] docker
+      - run: ansible --version
+      - run: molecule --version
+      - run: molecule test -p ${{ matrix.distro }} -s ${{ matrix.scenario }}
+        working-directory: ./roles/systemd_timesyncd
+        env:
+          ANSIBLE_DIFF_ALWAYS: 'True'
+          PY_COLORS: '1'
+
+...

README.md

@@ -3,3 +3,4 @@
 -   [idiv_biodiversity.systemd.systemd_journald](roles/systemd_journald/README.md)
 -   [idiv_biodiversity.systemd.systemd_networkd](roles/systemd_networkd/README.md)
 -   [idiv_biodiversity.systemd.systemd_resolved](roles/systemd_resolved/README.md)
+-   [idiv_biodiversity.systemd.systemd_timesyncd](roles/systemd_timesyncd/README.md)

roles/systemd_timesyncd/README.md

@@ -0,0 +1,123 @@
+Ansible Role: systemd_timesyncd
+===============================
+
+An Ansible role that configures **systemd-timesyncd**.
+
+
+Table of Contents
+-----------------
+
+<!-- toc -->
+
+- [Role Variables](#role-variables)
+  * [Time Zone](#time-zone)
+  * [NTP Servers](#ntp-servers)
+  * [Remove Legacy Packages](#remove-legacy-packages)
+- [Dependencies](#dependencies)
+- [Example Playbook](#example-playbook)
+  * [Top-Level Playbook](#top-level-playbook)
+  * [Role Dependency](#role-dependency)
+
+<!-- tocstop -->
+
+Role Variables
+--------------
+
+### Time Zone
+
+Set the system time zone. There is no default. The prefix is `system_` on
+purpose, so this variable can be used across different roles that also set the
+time zone.
+
+```yml
+systemd_timesyncd_timezone: Europe/Berlin
+```
+
+### NTP Servers
+
+NTP servers are the preferred servers. They should be set to your networks
+internal NTP servers.
+
+```yml
+systemd_timesyncd_ntp_servers:
+  - ntp1.domain.org
+  - ntp2.domain.org
+  - ntp3.domain.org
+```
+
+Use regional pools for fallback servers:
+
+```yml
+systemd_timesyncd_ntp_fallback_servers:
+  - 0.europe.pool.ntp.org
+  - 1.europe.pool.ntp.org
+  - 2.europe.pool.ntp.org
+  - 3.europe.pool.ntp.org
+```
+
+### Remove Legacy Packages
+
+Remove legacy timesync packages (ntp, chrony):
+
+```yml
+systemd_timesyncd_remove_legacy_packages: yes
+```
+
+
+Dependencies
+------------
+
+```yml
+---
+
+# requirements.yml
+
+collections:
+
+  - name: community.general
+
+  - name: idiv_biodiversity.systemd
+    version: X.Y.Z
+
+...
+```
+
+
+Example Playbook
+----------------
+
+### Top-Level Playbook
+
+Write a top-level playbook:
+
+```yml
+---
+
+- name: head server
+  hosts: head
+
+  roles:
+    - role: idiv_biodiversity.systemd.systemd_timesyncd
+      tags:
+        - systemd
+        - systemd-timesyncd
+
+...
+```
+
+### Role Dependency
+
+Define the role dependency in `meta/main.yml`:
+
+```yml
+---
+
+dependencies:
+
+  - role: idiv_biodiversity.systemd.systemd_timesyncd
+    tags:
+      - systemd
+      - systemd-timesyncd
+
+...
+```

roles/systemd_timesyncd/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+systemd_timesyncd_remove_legacy_packages: yes
+
+...

roles/systemd_timesyncd/meta/argument_specs.yml

@@ -0,0 +1,13 @@
+---
+
+argument_specs:
+  main:
+    options:
+
+      systemd_timesyncd_remove_legacy_packages:
+        type: bool
+
+      systemd_timesyncd_timezone:
+        type: str
+
+...

roles/systemd_timesyncd/meta/main.yml

@@ -0,0 +1,31 @@
+---
+
+galaxy_info:
+  author: Christian Krause
+  description: install and configure systemd-timesyncd
+  company: German Centre for Integrative Biodiversity Research (iDiv)
+  license: MIT
+  min_ansible_version: '2.9'
+
+  platforms:
+
+    - name: ArchLinux
+      versions:
+        - all
+
+    - name: Debian
+      versions:
+        - bookworm
+        - bullseye
+
+    - name: Ubuntu
+      versions:
+        - focal
+        - jammy
+        - noble
+
+  galaxy_tags:
+    - systemd
+    - timesyncd
+
+...

roles/systemd_timesyncd/molecule/default/converge.yml

@@ -0,0 +1,24 @@
+---
+
+- name: converge
+  hosts: all
+
+  pre_tasks:
+
+    - name: update package cache
+      ansible.builtin.package:
+        update_cache: yes
+      become: yes
+      changed_when: no
+      register: __update_package_cache
+      until: __update_package_cache is success
+      retries: 10
+      delay: 2
+
+  tasks:
+
+    - name: include the role
+      ansible.builtin.include_role:
+        name: idiv_biodiversity.systemd.systemd_timesyncd
+
+...

roles/systemd_timesyncd/molecule/default/molecule.yml

@@ -0,0 +1,3 @@
+---
+
+...

roles/systemd_timesyncd/molecule/default/verify.yml

@@ -0,0 +1,91 @@
+---
+
+- name: verify
+  hosts: all
+  tasks:
+
+    - name: include main vars
+      ansible.builtin.include_vars: ../../vars/main.yml
+
+    - name: include OS-specific vars
+      ansible.builtin.include_vars: >-
+        {{ lookup("ansible.builtin.first_found", params) }}
+      vars:
+        params:
+          files: >-
+            {{
+              __systemd_timesyncd_first_found |
+                map('regex_replace', '$', '.yml') |
+                list
+            }}
+          paths: ../../vars
+
+    # -------------------------------------------------------------------------
+    # check package
+    # -------------------------------------------------------------------------
+
+    - name: check package installation
+      ansible.builtin.package:
+        name: '{{ __systemd_timesyncd_package }}'
+        state: present
+      check_mode: yes
+      register: __systemd_timesyncd_installation
+
+    - name: debug package installation
+      ansible.builtin.debug:
+        var: __systemd_timesyncd_installation
+
+    - name: assert on package installation
+      ansible.builtin.assert:
+        that:
+          - not __systemd_timesyncd_installation.failed
+          - not __systemd_timesyncd_installation.changed
+        success_msg: 'package is installed'
+
+    # -------------------------------------------------------------------------
+    # check configuration
+    # -------------------------------------------------------------------------
+
+    - name: check configuration file
+      ansible.builtin.stat:
+        path: /etc/systemd/timesyncd.conf.d/60-ansible.conf
+        get_attributes: no
+        get_checksum: no
+        get_mime: no
+      check_mode: yes
+      register: __systemd_timesyncd_configuration
+
+    - name: debug configuration file
+      ansible.builtin.debug:
+        var: __systemd_timesyncd_configuration
+
+    - name: assert on configuration file
+      ansible.builtin.assert:
+        that:
+          - __systemd_timesyncd_configuration.stat.exists
+        success_msg: 'configuration file exists'
+
+    # -------------------------------------------------------------------------
+    # check service
+    # -------------------------------------------------------------------------
+
+    - name: check service
+      ansible.builtin.service:
+        name: systemd-timesyncd
+        enabled: yes
+      check_mode: yes
+      register: __systemd_timesyncd_service
+
+    - name: debug service
+      ansible.builtin.debug:
+        var: __systemd_timesyncd_service
+
+    - name: assert on service
+      ansible.builtin.assert:
+        that:
+          - not __systemd_timesyncd_service.failed
+          - not __systemd_timesyncd_service.changed
+          - __systemd_timesyncd_service.enabled
+        success_msg: 'service is enabled'
+
+...

roles/systemd_timesyncd/requirements.yml

@@ -0,0 +1,7 @@
+---
+
+collections:
+
+  - name: community.general
+
+...