Fixed chrony configuration options

Signed-off-by: Marcin Dulinski <martin@dulin.me.uk>

templates/etc/chrony.conf.j2

@@ -1,4 +1,4 @@
-## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
+## {{ ansible_managed }}
 
 # This the default chrony.conf file for the Debian chrony package.  After
 # editing this file use the command 'invoke-rc.d chrony restart' to make
@@ -27,19 +27,21 @@ server {{ server }} {{ rhel9cis_chrony_server_options }}
 # password is generated by a random process at install time.  You may
 # change it if you wish.
 
-keyfile /etc/chrony/chrony.keys
+keyfile /etc/chrony.keys
 
-# Set runtime command key.  Note that if you change the key (not the
-# password) to anything other than 1 you will need to edit
-# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony
-# and /etc/cron.weekly/chrony as these scripts use it to get the password.
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
 
-commandkey 1
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep {{ rhel9cis_chrony_server_makestep }}
 
-# I moved the driftfile to /var/lib/chrony to comply with the Debian
-# filesystem standard.
+# Enable kernel synchronization of the real-time clock (RTC).
+{% if not rhel9cis_chrony_server_rtcsync %}#{% endif %}rtcsync
 
-driftfile /var/lib/chrony/chrony.drift
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+minsources {{ rhel9cis_chrony_server_minsources }}
 
 # Comment this line out to turn off logging.