diff --git a/hosts b/hosts
index dad5398..26e2665 100644
--- a/hosts
+++ b/hosts
@@ -89,6 +89,7 @@ dhcp-fleming.adm.auro.re
 dhcp-fleming-backup.adm.auro.re
 dns-fleming.adm.auro.re
 dns-fleming-backup.adm.auro.re
+ntp-1.int.infra.auro.re
 prometheus-fleming.adm.auro.re
 #prometheus-fleming-fo.adm.auro.re
 radius-fleming.adm.auro.re
diff --git a/playbooks/chronyd.yml b/playbooks/chronyd.yml
new file mode 100755
index 0000000..e5a0619
--- /dev/null
+++ b/playbooks/chronyd.yml
@@ -0,0 +1,16 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - ntp-1.int.infra.auro.re
+  vars:
+    chronyd__allow_networks:
+      - 10.128.0.0/16
+      - 2a09:6840:128::/48
+    chronyd__pools:
+      - 0.pool.ntp.org
+      - 1.pool.ntp.org
+      - 2.pool.ntp.org
+      - 3.pool.ntp.org
+  roles:
+    - chronyd
+...
diff --git a/roles/chronyd/defaults/main.yml b/roles/chronyd/defaults/main.yml
new file mode 100644
index 0000000..8355138
--- /dev/null
+++ b/roles/chronyd/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+chronyd__pools: []
+chronyd__key_file: /etc/chrony/chrony.keys
+chronyd__drift_file: /var/lib/chrony/chrony.drift
+chronyd__nts_dump_dir: /var/lib/chrony
+chronyd__max_update_skew: 100.0
+chronyd__rtcsync: true
+chronyd__allow_networks: []
+...
diff --git a/roles/chronyd/handlers/main.yml b/roles/chronyd/handlers/main.yml
new file mode 100644
index 0000000..4a12e18
--- /dev/null
+++ b/roles/chronyd/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart chronyd
+  systemd:
+    name: chronyd.service
+    state: restarted
+...
diff --git a/roles/chronyd/tasks/main.yml b/roles/chronyd/tasks/main.yml
new file mode 100644
index 0000000..9910415
--- /dev/null
+++ b/roles/chronyd/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Install chronyd
+  apt:
+    name: chrony
+
+- name: Configure chronyd
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/chrony/{{ item }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  loop:
+    - chrony.conf
+    - chrony.keys
+  notify:
+    - Restart chronyd
+
+- name: Enable and start chronyd
+  systemd:
+    name: chronyd.service
+    enabled: true
+    state: started
+...
diff --git a/roles/chronyd/templates/chrony.conf.j2 b/roles/chronyd/templates/chrony.conf.j2
new file mode 100644
index 0000000..ea994d8
--- /dev/null
+++ b/roles/chronyd/templates/chrony.conf.j2
@@ -0,0 +1,23 @@
+{{ ansible_managed | comment }}
+
+{% for pool in chronyd__pools %}
+pool {{ pool }} iburst
+{% endfor %}
+
+keyfile {{ chronyd__key_file }}
+dritfile {{ chronyd__drift_file }}
+ntsdumpdir {{ chronyd__nts_dump_dir }}
+
+log tracking measurements statistics
+
+maxupdateskew {{ chronyd__max_update_skew | float }}
+
+{% if chronyd__rtcsync %}
+rtcsync
+{% endif %}
+
+leapsectz right/UTC
+
+{% for network in chronyd__allow_networks %}
+allow {{ network | ipaddr }}
+{% endfor %}
diff --git a/roles/chronyd/templates/chrony.keys.j2 b/roles/chronyd/templates/chrony.keys.j2
new file mode 100644
index 0000000..5c02948
--- /dev/null
+++ b/roles/chronyd/templates/chrony.keys.j2
@@ -0,0 +1 @@
+{{ ansible_managed | comment }}