diff --git a/roles/chrony/defaults/main.yml b/roles/chrony/defaults/main.yml
new file mode 100644
index 0000000..e682c96
--- /dev/null
+++ b/roles/chrony/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+chrony_servers:
+  - time.foo.sh
diff --git a/roles/chrony/handlers/main.yml b/roles/chrony/handlers/main.yml
new file mode 100644
index 0000000..dfbde8e
--- /dev/null
+++ b/roles/chrony/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart chronyd
+  ansible.builtin.service:
+    name: chronyd
+    state: restarted
diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml
new file mode 100644
index 0000000..9ddb27c
--- /dev/null
+++ b/roles/chrony/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Install packages
+  ansible.builtin.package:
+    name: chrony
+    state: installed
+
+- name: Create config
+  ansible.builtin.template:
+    dest: /etc/chrony.conf
+    src: chrony.conf.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart chronyd
+
+- name: Enable service
+  ansible.builtin.service:
+    name: chronyd
+    state: started
+    enabled: true
diff --git a/roles/chrony/templates/chrony.conf.j2 b/roles/chrony/templates/chrony.conf.j2
new file mode 100644
index 0000000..ca80dc2
--- /dev/null
+++ b/roles/chrony/templates/chrony.conf.j2
@@ -0,0 +1,24 @@
+# Remote servers
+{% for server in chrony_servers %}
+server {{ server }} iburst
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+{% if chrony_allow is defined %}
+
+# Allow NTP client access.
+{%   for allow in chrony_allow %}
+allow {{ allow }}
+{%   endfor %}
+{% endif %}
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC