From 2d51e2001de2c0dc4e7222c7ce431e0af375bcdd Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 17 Aug 2025 20:50:37 -0500
Subject: [PATCH] gw1: Allow internal IPv6 clients

Specifically to allow the Synology to synchronize its clock, as it only
has an IPv6 address.

We also need to explicitly override `chrony_servers` to an empty list
for the firewall itself, since it syncs with the NTP pool, rather than
its next hop router.
---
 host_vars/gw1.pyrocufflink.blue/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/host_vars/gw1.pyrocufflink.blue/main.yml b/host_vars/gw1.pyrocufflink.blue/main.yml
index 4c68e0c..cdcfdf8 100644
--- a/host_vars/gw1.pyrocufflink.blue/main.yml
+++ b/host_vars/gw1.pyrocufflink.blue/main.yml
@@ -46,6 +46,8 @@ promtail_scrape_configs:
 
 dnf_automatic_reboot: never
 
+chrony_servers: []
+
 chrony_pools:
 - 1.fedora.pool.ntp.org iburst
 - 2.fedora.pool.ntp.org iburst
@@ -57,3 +59,4 @@ chrony_allow:
 - 172.31.1.0/24
 - 172.24.100.0/24
 - 192.168.1.0/24
+- fd68:c2d2:500e:3e00::/56