Update..

group_vars/all/main.yml

@@ -1,4 +1,3 @@
-
 ---
 
 
@@ -15,9 +14,9 @@ locales:
 set_default_limit_nofile: false
 
 
-# ---
+# ==========
 # vars used by roles/common/tasks/sshd.yml
-# ---
+# ==========
 
 sshd_ports:
   - 22
@@ -73,7 +72,6 @@ sshd_use_dns: !!str "no"
 sshd_allowed_users: {}
 
 
-
 # ==========
 # vars used by roles/common/tasks/apt.yml
 # ==========
@@ -698,41 +696,24 @@ nfs_exports:
    - src: 192.168.82.10:/data/home
      path: /data/home
      mount_opts: user,exec,rsize=8192,wsize=8192,hard,intr
-     export_opt: rw,fsid=0,root_squash,sync,subtree_check
+     export_opt: rw,root_squash,sync,subtree_check
      export_networks:
        - 192.168.82.0/24
        - 10.0.82.0/24
        - 10.1.82.0/24
        - 192.168.63.0/24
-     fs_encrypted: false
+     use_fsid_option: true
 
    - src: 192.168.82.10:/data/samba
      path: /data/samba
      mount_opts: user,exec,rsize=8192,wsize=8192,hard,intr
-     export_opt: rw,fsid=1,root_squash,sync,subtree_check
+     export_opt: rw,root_squash,sync,subtree_check
      export_networks:
        - 192.168.82.0/24
        - 10.0.82.0/24
        - 10.1.82.0/24
        - 192.168.63.0/24
-     fs_encrypted: false
+     use_fsid_option: true
-
-
-# ==========
-# vars used by roles/common/tasks/samba-install.yml
-# ==========
-
-apt_install_server_samba:
-  - samba
-  - nscd
-
-#  - winbind
-
-apt_install_client_samba:
-  - samba-client
-  - samba-common
-
-samba_server: file-akb.akb.netz
 
 
 # ==========
@@ -926,10 +907,8 @@ pureftpd_tls_certificate_openssl:
   # unit: ''
 
 
-
-
 # ==========
-# vars used by roles/common/tasks/user.yml
+# vars used by roles/common/tasks/system-user.yml
 # ==========
 
 # ! Notice !
@@ -1122,6 +1101,42 @@ nis_user:
     password: '20-birgit_20%'
 
 
+# ==========
+# vars used by roles/common/tasks/samba-install.yml
+# ==========
+
+apt_install_server_samba:
+  - samba
+  - nscd
+
+#  - winbind
+
+apt_install_client_samba:
+  - samba-client
+  - samba-common
+
+samba_server: file-akb.akb.netz
+
+samba_cronjob_trash_dirs:
+  name: Clean up Samba Trash Dirs
+  minute: "11"
+  hour: "23"
+  day: "*"
+  month: "*"
+  weekday: '*'
+  user: root
+  job: "/root/bin/samba/clean_samba_trash.sh"
+
+samba_cronjob_permissions:
+  name: Set (group and access) Permissons for Samba shares
+  minute: "0-59/30"
+  hour: "*"
+  day: "*"
+  month: "*"
+  weekday: '*'
+  user: root
+  job: "/root/bin/samba/set_permissions_samba_shares.sh"
+
 # ==========
 # vars used by roles/common/tasks/samba-user.yml
 # ==========
@@ -1130,7 +1145,7 @@ nis_user:
 #
 # variables used from other previos sections:
 #
-#    - remove_system_users:   roles/common/tasks/user.yml
+#    - remove_system_users:   roles/common/tasks/system-user.yml
 #    - remove_nis_users:      roles/common/tasks/nis-install-server.yml
 #    - nis_user:              roles/common/tasks/nis-install-server.yml
 
@@ -1145,11 +1160,19 @@ nis_user:
 #
 #    - nis_user:              roles/common/tasks/nis-install-server.yml
 
+
+samba_workgroup: AKB
+samba_netbios_name: FILE-AKB
+
 samba_shares:
   - name: Transfer
     path: /data/samba/Transfer
     group_valid_users: transfer
     group_write_list: transfer
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - anna
       - buero
@@ -1165,6 +1188,10 @@ samba_shares:
     path: /data/samba/Verwaltung
     group_valid_users: verwaltung
     group_write_list: verwaltung
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - anna
       - jonas
@@ -1182,6 +1209,10 @@ samba_shares:
     path: /data/samba/Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - anna
       - buero
@@ -1198,54 +1229,90 @@ samba_shares:
     path: /data/samba/Scans/Buero_Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - buero
   - name: Frauke_Scans
     path: /data/samba/Scans/Frauke_Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - frauke
   - name: FSJ_Scans
     path: /data/samba/Scans/FSJ_Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - fsj
   - name: Jibran_Scans
     path: /data/samba/Scans/Jibran_Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - jibran
   - name: Julia_Scans
     path: /data/samba/Scans/Julia_Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - julia
   - name: Maica_scans
     path: /data/samba/Scans/Maica_scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - maica
   - name: Thomas_Scans
     path: /data/samba/Scans/Thomas_Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - thomas
   - name: Birgit_Scans
     path: /data/samba/Scans/Birgit_Scans
     group_valid_users: scans
     group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
     user:
       - birgit
   - name: Kamera
     path: /data/samba/Kamera
     group_valid_users: intern
     group_write_list: intern
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: false
+    recycle_path: '@Recycle.Bin'
     user:
       - anna
       - buero
@@ -1259,6 +1326,10 @@ samba_shares:
     path: /data/samba/Install
     group_valid_users: intern
     group_write_list: intern
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: false
+    recycle_path: '@Recycle.Bin'
     user:
       - anna
       - buero
@@ -1271,7 +1342,18 @@ samba_shares:
 
 
 # ==========
-# vars used by roles/common/tasks/user-systemfiles.yml
+# vars used by roles/common/tasks/system-user-systemfiles.yml
+# ==========
+
+# ! Notice !
+#
+# variables used from other previos sections:
+#
+#    - system_users:              roles/common/tasks/system-user.yml
+
+
+# ==========
+# vars used by roles/common/tasks/nis-user-systemfiles.yml
 # ==========
 
 # ! Notice !
@@ -1281,7 +1363,6 @@ samba_shares:
 #    - nis_user:              roles/common/tasks/nis-install-server.yml
 
 
-
 # ==========
 # vars used by roles/common/tasks/sudoers-pc.yml
 # ==========
@@ -1329,7 +1410,6 @@ sudoers_pc_file_cmnd_aliases:
 sudoers_pc_file_runas_aliases: []
 
 
-
 # ==========
 # vars used by roles/common/tasks/sudoers-server.yml
 # ==========
@@ -1410,6 +1490,9 @@ sudoers_server_file_user_privileges: []
 sudoers_server_file_group_privileges: []
 
 
+# ====================
+# ====================
+# ====================
 
 # ==========
 # vars used by roles/ansible_dependencies

roles/common/tasks/apt.yml

@@ -14,6 +14,7 @@
   tags:
     - apt-configuration
 
+
 - name: (apt.yml) apt update
   apt:
     update_cache: true
@@ -28,6 +29,7 @@
     - apt-compiler-pkgs
     - apt-webserver-pkgs
 
+
 - name: (apt.yml) dpkg --configure
   command: >
     dpkg --configure -a
@@ -43,6 +45,7 @@
     - apt-compiler-pkgs
     - apt-webserver-pkgs
 
+
 - name: (apt.yml) apt upgrade
   apt:
     upgrade: "{{ apt_upgrade_type }}"
@@ -56,6 +59,7 @@
     - apt-compiler-pkgs
     - apt-webserver-pkgs
 
+
 - name: (apt.yml) Initial install debian packages (stretch)
   apt:
     name: "{{ apt_initial_install_stretch }}"
@@ -66,6 +70,7 @@
   tags:
     - apt-initial-install
 
+
 - name: (apt.yml) Initial install debian packages (buster)
   apt:
     name: "{{ apt_initial_install_buster }}"
@@ -76,6 +81,7 @@
   tags:
     - apt-initial-install
 
+
 - name: (apt.yml) Initial install ubuntu packages (bionic)
   apt:
     name: "{{ apt_initial_install_bionic }}"
@@ -96,6 +102,7 @@
   tags:
     - apt-initial-install
 
+
 # ---
 # Microcode
 # ---
@@ -114,6 +121,7 @@
     - apt-initial-install
     - apt-microcode
 
+
 - name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
   apt:
     name: "{{ microcode_amd_package }}"
@@ -129,6 +137,7 @@
     - apt-initial-install
     - apt-microcode
 
+
 - name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
   apt:
     name: "{{ microcode_intel_package }}"
@@ -142,6 +151,7 @@
     - apt-initial-install
     - apt-microcode
 
+
 - name: (apt.yml) Install CPU microcode for AMD CPU (debian buster)
   apt:
     name: "{{ microcode_amd_package }}"
@@ -156,6 +166,7 @@
     - apt-initial-install
     - apt-microcode
 
+
 - name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic)
   apt:
     name: "{{ microcode_intel_package }}"
@@ -169,6 +180,7 @@
     - apt-initial-install
     - apt-microcode
 
+
 - name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic)
   apt:
     name: "{{ microcode_amd_package }}"
@@ -183,6 +195,7 @@
     - apt-initial-install
     - apt-microcode
 
+
 - name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial)
   apt:
     name: "{{ microcode_intel_package }}"
@@ -196,6 +209,7 @@
     - apt-initial-install
     - apt-microcode
 
+
 - name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial)
   apt:
     name: "{{ microcode_amd_package }}"
@@ -223,6 +237,7 @@
     - apt-initial-install
     - apt-firmware
 
+
 - name: (apt.yml) Install non-free Firmware packages
   apt:
      name: "{{ firmware_non_free_packages }}"
@@ -256,8 +271,6 @@
     - apt-autoremove
     - apt-initial-install
     - apt-microcode
-    - apt-compiler-pkgs
-    - apt-webserver-pkgs
 
 - name: (apt.yml) clean
   command: apt-get -y clean
@@ -269,6 +282,3 @@
     - apt-clean
     - apt-initial-install
     - apt-microcode
-    - apt-compiler-pkgs
-    - apt-mysql-server-pkgs
-    - apt-webserver-pkgs

roles/common/tasks/basic.yml

@@ -14,6 +14,7 @@
   tags:
     - locales
 
+
 - name: (basic.yml) Create a symbolic link /bin/sh -> bash
   file:
     src: bash
@@ -26,6 +27,7 @@
   tags:
     - symlink-sh
 
+
 - name: (basic.yml) Check file '/etc/systemd/system.conf' exists
   stat:
     path: /etc/systemd/system
@@ -33,6 +35,7 @@
   when:
     - set_default_limit_nofile|bool == true
 
+
 - name: (basic.yml) Change DefaultLimitNOFILE to 1048576
   lineinfile:
     dest: /etc/systemd/system.conf
@@ -60,6 +63,7 @@
   tags:
     - limits-conf
 
+
 - name: (basic.yml) Create new sshd_config from template limits.conf.j2
   template:
     src: etc/security/limits.conf.j2
@@ -92,7 +96,7 @@
 - name: (basic.yml) addjust '/etc/hosts' add nis-server ..
   lineinfile:
     path: /etc/hosts
-    regexp: '^192\.168\.82\.'
+    regexp: '^192\.168\.'
     line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[0] }}'
   when:
     - "groups['nis_server']|string is search(inventory_hostname)"

roles/common/tasks/cups-install.yml

@@ -33,7 +33,7 @@
 
 
 # -- file /etc/cups/cups-browsed.conf
-- name: (cups.yml) Check if file '/etc/cups/cups-browsed.conf.ORIGi' exists
+- name: (cups.yml) Check if file '/etc/cups/cups-browsed.conf.ORIG' exists
   stat:
     path: /etc/cups/cups-browsed.conf.ORIG
   register: cups_browsed_conf_orig_exists

roles/common/tasks/luks.yml

@@ -0,0 +1,6 @@
+- name: (luks.ym) add new key to the LUKS container (container has to exist)
+  luks_device:
+    device: "{{ luks_device }}"
+    keyfile: "{{ role_path + '/files/vault/luks_default_passwd' }}"
+    new_keyfile: "{{ role_path + '/files/vault/luks_chris_passwd' }}"
+

roles/common/tasks/main.yml

@@ -47,6 +47,7 @@
   tags:
     - ntp
 
+
 # tags supported inside cups-install.yml:
 #
 #    cups-server
@@ -55,7 +56,8 @@
   tags:
     - cups
 
-# tags supported inside cups-install.yml:
+
+# tags supported inside pure-ftpd-install.yml:
 #
 - import_tasks: pure-ftpd-install.yml
   when: 
@@ -63,6 +65,7 @@
   tags:
     - pure-ftpd
 
+
 # tags supported inside nfs.yml:
 #
 #    nfs-server
@@ -78,13 +81,21 @@
 #    samba-client
 - import_tasks: samba-install.yml
   tags:
+    - samba-install
     - samba
 
 
-# tags supported inside user.yml:
+# tags supported inside samba-remove-user.yml:
+#
+- import_tasks: samba-remove-user.yml
+  tags:
+    - samba-remove-user
+
+
+# tags supported inside system-user.yml:
 #
 #    system-user
-- import_tasks: user.yml
+- import_tasks: system-user.yml
   when: "groups['file_server']|string is search(inventory_hostname)"
   tags:
     - system-user
@@ -102,7 +113,7 @@
 
 # tags supported inside nis-user.yml:
 #
-#    system-user
+#    nis-user
 - import_tasks: nis-user.yml
   when: "groups['nis_server']|string is search(inventory_hostname)"
   tags:
@@ -127,6 +138,7 @@
   tags:
     - nis-samba-user
 
+
 # tags supported inside mount_samba_shares.yml:
 #
 - import_tasks: mount_samba_shares.yml
@@ -155,12 +167,13 @@
   when: "groups['nis_server']|string is search(inventory_hostname)"
   tags:
     - user-systemfiles
+    - nis-user-systemfiles
 
 
-# tags supported root_files_scripts.yml:
+# tags supported root-files-scripts.yml:
 
 #    wakeup_lan
-- import_tasks: root_files_scripts.yml
+- import_tasks: root-files-scripts.yml
   tags:
     - root-files-scripts
 
@@ -175,6 +188,7 @@
   tags:
     - sudoers
 
+
 # tags supported inside sudoers-server.yml:
 #
 #   sudoers-remove
@@ -185,3 +199,37 @@
   tags:
     - sudoers
 
+
+# Tasks: Configure VNC (x11vnc) for Ubuntu systems
+#
+# Supported OS:
+#   - Ubuntu 16.04LTSi
+#   - Ubuntu 18.04LTSi
+
+- name: "For OS: Ubuntu 16.04LTS, Arch: amd64"
+  import_tasks: ubuntu-x11vnc-1604-amd64.yml
+  when:
+    - ansible_distribution_version ==  "16.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - x11vnc
+    - x11vnc-1604
+    - finish-client-install
+
+
+- name: "For OS: Ubuntu 18.04LTS, Arch: amd64"
+  import_tasks: ubuntu-x11vnc-1804-amd64.yml
+  when:
+    - ansible_distribution_version ==  "18.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - x11vnc
+    - x11vnc-1804
+    - finish-client-install
+
+
+#- name: "Configure LUKS"
+#  import_tasks: luks.yml
+#  when: "groups['client_pc']|string is search(inventory_hostname)"
+#  tags:
+#    - luks

roles/common/tasks/nis-user-systemfiles.yml

@@ -12,11 +12,6 @@
     label: '{{ item.name }}'
   register: local_template_dir_nis_user
 
-# root
-- name: (nis-user-systemfiles.yml) Check if local template directory exists for root
-  local_action: stat path={{ inventory_dir }}/files/homedirs/root
-  register: local_template_dir_root
-
 
 # -- 
 # Copy .profile 
@@ -73,32 +68,6 @@
   tags:
     - profile
 
-# -- root user
-- name: (nis-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
-  stat:
-    path: /root/.profile.ORIG
-  register: profile_root_orig_exists
-  tags:
-    - profile
-
-- name: (nis-user-systemfiles.yml) Backup existing users .profile file
-  command: cp -a /root/.profile /root/.profile.ORIG
-  when: profile_root_orig_exists.stat.exists == False
-  tags:
-    - profile
-
-- name: (nis-user-systemfiles.yml) copy .profile for user root
-  copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
-    dest: "/root/.profile"
-    owner: root
-    group: root
-    mode: 0644
-  when:
-    - local_template_dir_root.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
-  tags:
-    - profile
 
 # --
 # Copy .bashrc
@@ -154,32 +123,6 @@
   tags:
     - bashrc
 
-# -- root user
-- name: (nis-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
-  stat:
-    path: /root/.bashrc.ORIG
-  register: bashrc_root_orig_exists
-  tags:
-    - bash
-
-- name: (nis-user-systemfiles.yml) Backup /root/.bashrc file
-  command: cp /root/.bashrc /root/.bashrc.ORIG
-  when: bashrc_root_orig_exists.stat.exists == False
-  tags:
-    - bash
-
-- name: (nis-user-systemfiles.yml) copy .bashrc for user root
-  copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
-    dest: "/root/.bashrc"
-    owner: root
-    group: root
-    mode: 0644
-  when:
-    - local_template_dir_root.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
-  tags:
-    - bash
 
 # --
 # Copy .vimrc
@@ -238,40 +181,3 @@
   tags:
     - vimrc
 
-
-- name: (nis-user-systemfiles.yml) copy .vimrc for user root
-  copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
-    dest: "/root/.vimrc"
-    owner: root
-    group: root
-    mode: 0644
-  when:
-    - local_template_dir_root.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
-  tags:
-    - vimrc
-
-- name: (nis-user-systemfiles.yml) Check if local template directory .vim  exists for user root
-  local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
-  register: local_template_dir_vim_root
-  with_items: 'root'
-  loop_control:
-    label: 'root'
-
-- name: (nis-user-systemfiles.yml) copy .vim directory for user root if it exists
-  copy:
-    src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
-    dest: "/root"
-    owner: "root"
-    group: "root"
-    mode: 0644
-  with_items: "{{ local_template_dir_vim_root.results }}"
-  loop_control:
-    label: 'root'
-  when:
-    - item.stat.exists
-  tags:
-    - vim
-
-

roles/common/tasks/nis-user.yml

@@ -48,25 +48,20 @@
     
 #- meta: end_host
 
-- name: (nis_user.yml) Check if nis (system) user exists
+- name: (nis_user.yml) Get database of nis (system) users
-  shell: "getent passwd {{ item.name }}"
+  getent:
-  register: nis_user_exists
+    database: passwd
-  changed_when: "nis_user_exists.rc == 2"
-  failed_when: "nis_user_exists.rc > 2"
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  ignore_errors: true
   tags:
     - nis-user
     - system-user
 
-- name: (nis_user.yml) Add nis (system) users 
+- name: (nis_user.yml) Add nis (system) users if not yet exists..
   shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
   loop: "{{ nis_user }}"
   loop_control:
     label: '{{ item.name }}'
-  when: nis_user_exists is changed
+  when:
+    - item.name not in getent_passwd
   notify: Renew nis databases
   tags:
     - nis-user

roles/common/tasks/ntp.yml

@@ -11,7 +11,7 @@
     state: present
   when:
     - ansible_os_family == "Debian"
-    - "groups['file_server']|string is search(inventory_hostname)"
+    - groups['file_server']|string is search(inventory_hostname)
   tags:
     - ntp-server
 
@@ -20,14 +20,14 @@
     path: /etc/ntp.conf.ORIG
   register: etc_ntp_conf_ORIG
   when:
-    - "groups['file_server']|string is search(inventory_hostname)"
+    - groups['file_server']|string is search(inventory_hostname)
   tags:
     - ntp-server
 
 - name: (ntp.yml) Backup installation version of file '/etc/ntp.conf'
   command: cp -a /etc/ntp.conf /etc/ntp.conf.ORIG
   when:
-    - "groups['file_server']|string is search(inventory_hostname)"
+    - groups['file_server']|string is search(inventory_hostname)
     - etc_ntp_conf_ORIG.stat.exists == False
   tags:
     - ntp-server

roles/common/tasks/samba-install.yml

@@ -13,6 +13,20 @@
   tags:
     - samba-server
 
+- name: (samba-install.yml) Ensure samba share directories exists
+  file:
+    path: "{{ item.path }}"
+    owner: "root"
+    group: "{{ item.group_write_list }}"
+    mode: '2770'
+    state: directory
+  with_items: "{{ samba_shares }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - samba-shares
+
+
 # ---
 # /etc/samba/smb.conf
 # ---
@@ -35,22 +49,6 @@
     - samba-server
 
 
-- name: (samba-install.yml) Ensure file /etc/samba/users.map exists
-  copy:
-    src: "{{ role_path + '/files//etc/samba/users.map' }}"
-    dest: /etc/samba/users.map
-    owner: root
-    group: root
-    mode: 0644
-  when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
-  notify:
-    - Restart smbd
-    - Restart nmbd
-  tags:
-    - samba-server
-
-
 - name: (samba-install.yml) /etc/samba/smb.conf
   template:
     dest: /etc/samba/smb.conf
@@ -67,6 +65,106 @@
     - samba-server
 
 
+- name: (samba-install.yml) Ensure file /etc/samba/users.map exists
+  copy:
+    src: "{{ role_path + '/files/etc/samba/users.map' }}"
+    dest: /etc/samba/users.map
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  notify:
+    - Restart smbd
+    - Restart nmbd
+  tags:
+    - samba-server
+
+
+# ---
+# Cronjob for cleaning up samba trash dirs
+# ---
+
+- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists
+  stat:
+    path: /root/bin/samba/clean_samba_trash.sh
+  register: clean_samba_trash_exists
+
+- name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh'
+  template: 
+    dest: /root/bin/samba/conf/clean_samba_trash.conf
+    src: root/bin/samba/conf/clean_samba_trash.conf.j2
+  when:
+    - clean_samba_trash_exists.stat.exists|bool
+  tags:
+    - samba-server
+
+
+- name: Check if cleaning up trash dirs is configured
+  lineinfile:
+    path: /root/bin/samba/conf/clean_samba_trash.conf
+    regexp: "^trash_dirs=*"
+    state: absent
+  check_mode: yes
+  changed_when: false
+  register: clean_samba_trash_dirs
+
+- name: Creates a cron job for cleaning up samba trash dirs
+  cron:
+    name: '{{ samba_cronjob_trash_dirs.name }}'
+    minute: '{{ samba_cronjob_trash_dirs.minute }}'
+    hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}"
+    day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}"
+    month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}"
+    weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}"
+    user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
+    job: "{{ samba_cronjob_trash_dirs.job }}"
+  when:
+    - clean_samba_trash_dirs.found
+
+
+# ---
+# Cronjob for setting permissions on samba shares
+# ---
+
+- name: (samba-install.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
+  stat:
+    path: /root/bin/samba/set_permissions_samba_shares.sh
+  register: set_permissions_on_samba_shares_exists
+
+- name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
+  template: 
+    dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
+    src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
+  when:
+    - set_permissions_on_samba_shares_exists.stat.exists|bool
+  tags:
+    - samba-server
+
+
+- name: Check if cleaning up trash dirs is configured
+  lineinfile:
+    path: /root/bin/samba/conf/clean_samba_trash.conf
+    regexp: "^trash_dirs=*"
+    state: absent
+  check_mode: yes
+  changed_when: false
+  register: set_permissions_samba_shares
+
+- name: Creates a cron job for cleaning up samba trash dirs
+  cron:
+    name: '{{ samba_cronjob_permissions.name }}'
+    minute: '{{ samba_cronjob_permissions.minute }}'
+    hour: "{{ samba_cronjob_permissions.hour | default('*') }}"
+    day: "{{ samba_cronjob_permissions.day | default('*') }}"
+    month: "{{ samba_cronjob_permissions.month| default('*') }}"
+    weekday: "{{ samba_cronjob_permissions.weekday| default('*') }}"
+    user: "{{ samba_cronjob_permissions.user | default('root') }}"
+    job: "{{ samba_cronjob_permissions.job }}"
+  when:
+    - set_permissions_samba_shares.found
+
+
 # ---
 # Samba clients
 # ---
@@ -81,5 +179,3 @@
   tags:
     - samba-client
 
-
-

roles/common/tasks/samba-remove-user.yml

@@ -0,0 +1,57 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+
+- name: (samba-remove-user.yml) Check if samba user exists for removable system user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_remove_system_users_present
+  changed_when: "samba_remove_system_users_present.rc == 0"
+  failed_when: "samba_remove_system_users_present.rc > 1"
+  with_items: 
+    - "{{ remove_system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Remove (old) system users from samba
+  shell: >
+    smbpasswd -s -x {{ item.item.name }}
+  with_items: 
+    - "{{ samba_remove_system_users_present.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: 
+    - item.changed
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Check if samba user exists for removable nis user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_remove_nis_users_present
+  changed_when: "samba_remove_nis_users_present.rc == 0"
+  failed_when: "samba_remove_nis_users_present.rc > 1"
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Remove (old) nis users from samba
+  shell: >
+    smbpasswd -s -x {{ item.item.name }}
+  with_items: 
+    - "{{ samba_remove_nis_users_present.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: 
+    - item.changed
+  tags:
+    - samba-user

roles/common/tasks/samba-user.yml

@@ -1,58 +1,5 @@
 ---
 
-# ---
-# - Remove unwanted users
-# ---
-
-
-- name: (samba_user.yml) Check if samba user exists for removable system user
-  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
-  register: samba_remove_system_users_present
-  changed_when: "samba_remove_system_users_present.rc == 0"
-  failed_when: "samba_remove_system_users_present.rc > 1"
-  with_items: 
-    - "{{ remove_system_users }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - samba-user
-
-
-- name: (samba_user.yml) Remove (old) system users from samba
-  shell: "smbpasswd -s -x {{ item.name }}"
-  with_items: 
-    - "{{ remove_system_users }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: samba_remove_system_users_present is changed
-  tags:
-    - samba-user
-
-
-- name: (samba_user.yml) Check if samba user exists for removable nis user
-  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
-  register: samba_remove_inis_users_present
-  changed_when: "samba_remove_inis_users_present.rc == 0"
-  failed_when: "samba_remove_inis_users_present.rc > 1"
-  with_items: 
-    - "{{ remove_nis_users }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - samba-user
-
-
-- name: (samba_user.yml) Remove (old) nis users from samba
-  shell: "smbpasswd -s -x {{ item.name }}"
-  with_items: 
-    - "{{ remove_nis_users }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: samba_remove_inis_users_present is changed
-  tags:
-    - samba-user
-
-
 # ---
 # - default user/groups
 # ---

roles/common/tasks/sshd.yml

@@ -13,6 +13,7 @@
   tags:
     - sshd-config
 
+
 - name: (sshd.yml) Create new sshd_config from template sshd_config.j2
   template:
     src: etc/ssh/sshd_config.j2

roles/common/tasks/system-user.yml

@@ -17,7 +17,7 @@
 
 - name: (user.yml) Remove home directory from deleted users
   file:
-    path: '{{ nis_base_home }}/{{ item.name }}'
+    path: '{{ base_home }}/{{ item.name }}'
     state: absent
   with_items: 
     - "{{ remove_system_users }}"
@@ -45,26 +45,20 @@
     
 #- meta: end_host
 
-- name: (user.yml) Check if system users exists
+- name: (system-user.yml) Get database of nis (system) users
-  shell: "getent passwd {{ item.name }}"
+  getent:
-  register: system_users_exists
+    database: passwd
-  changed_when: "system_users_exists.rc == 2"
-  failed_when: "system_users_exists.rc > 2"
-  loop: "{{ system_users }}"
-  loop_control:
-    label: '{{ item.name }}'
-  ignore_errors: true
   tags:
     - system-user
 
-- name: (user.yml) Add system users 
+- name: (system-user.yml) Add (system) users if not yet exists..
   shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
   loop: "{{ system_users }}"
   loop_control:
     label: '{{ item.name }}'
-  when: system_users_exists is changed
+  when:
+    - item.name not in getent_passwd
   notify: Renew nis databases
   tags:
     - system-user
 
-

roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml

@@ -0,0 +1,63 @@
+  # Title: app-x11vnc-server
+  #
+  # Author: Luc Rutten
+  # Version: 1.0
+  # File: tasks/main.yml
+  #
+  # Description:
+  #   Remote support
+  #
+  # Source:
+  #   - http://c-nergy.be/blog/?p=8984
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) check if x11vnc is already installed, if not found skipping...."
+    stat:
+      path: /usr/bin/x11vnc
+    register: x11vnc_active
+ 
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Install packages"
+    apt:
+      name: ['x11vnc']
+      update_cache: yes
+      state: present
+    when: x11vnc_active.stat.exists == False
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Install packages"
+    apt:
+      name: "{{ packages }}"
+      update_cache: yes
+      state: present
+    vars:
+      packages:
+      - x11vnc
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Store password"
+    shell: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass"
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Set permissions on /etc/x11vnc.pass"
+    file:
+     path: /etc/x11vnc.pass
+     mode: 0644
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
+    template:
+      src: lib/systemd/system/x11vnc.service.j2
+      dest: /lib/systemd/system/x11vnc.service
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Start x11vnc service"
+    shell: service x11vnc start
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Enable x11vnc service on boot"
+    systemd:
+      name: x11vnc.service
+      daemon_reload: yes
+      enabled: yes
+      state: started
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Blocks x11vnc in GreenOS Desktop Environment for enduser "
+    file:
+      path: "/usr/share/applications/x11vnc.desktop"
+      mode: 0740
+      owner: root
+      group: administrator
+

roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml

@@ -0,0 +1,48 @@
+---
+  # Title: app-x11vnc-server
+  #
+  # Author: Luc Rutten
+  # Version: 1.0
+  # File: tasks/main.yml
+  #
+  # Description:
+  #   Remote support
+  #
+  # Source:
+  #   - http://c-nergy.be/blog/?p=8984
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Install packages"
+    apt:
+      name: "{{ packages }}"
+      update_cache: yes
+      state: present
+    vars:
+      packages:
+      - x11vnc
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Store password"
+    raw: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass"
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Set permissions on /etc/x11vnc.pass"
+    file:
+     path: "/etc/x11vnc.pass"
+     mode: 0644
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
+    template:
+      src: lib/systemd/system/x11vnc.service.j2
+      dest: /lib/systemd/system/x11vnc.service
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Enable service"
+    systemd:
+      name: x11vnc.service
+      enabled: true
+      state: restarted
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Remove whisker menu entry for allusers (except owner and group)"
+    file:
+      path: "/usr/share/applications/x11vnc.desktop"
+      mode: 0750
+      owner: root
+      group: root
+

roles/common/templates/etc/exports.j2

@@ -18,7 +18,7 @@
 
 {%    set count.nfs_exports = count.nfs_exports + 10 %}
 {%    for network in export.export_networks %}
-{%       if export.fs_encrypted is defined and export.fs_encrypted is sameas true %}
+{%       if export.use_fsid_option is defined and export.use_fsid_option is sameas true %}
 {%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
 #{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
 {%       else %}

roles/common/templates/etc/samba/smb.conf.j2

@@ -29,7 +29,7 @@
 
 # Change this to the workgroup/NT-domain name your Samba server will part of
 ;   workgroup = WORKGROUP
-   workgroup = AKB
+   workgroup = {{ samba_workgroup|default('WORKGROUP') }}
 
 # Option 'netbios name' added to debian's default smb.conf 
 #
@@ -41,22 +41,8 @@
 # Note that the maximum length for a NetBIOS name is 15 characters.
 #
 # Default: netbios name =  # machine DNS name
-   netbios name = FILE-AKB
+;   netbios name = FILE
-
+   netbios name = {{ samba_netbios_name|default('FILE') }}
-# server string (G)
-#
-# This controls what string will show up in the printer comment box in print manager and next to the IPC
-# connection in net view. It can be any string that you wish to show to your users.
-#
-# It also sets what will appear in browse lists next to the machine name.
-#
-# A %v will be replaced with the Samba version number.
-#
-# A %h will be replaced with the hostname.
-#
-#  Default: server string = Samba %v
-#
-   server string = File Server ( Samba %v )
 
 
 #### Networking ####
@@ -65,7 +51,7 @@
 # This can be either the interface name or an IP address/netmask;
 # interface names are normally preferred
 ;   interfaces = 127.0.0.0/8 eth0
-    interfaces = {{ ansible_default_ipv4.address }}/24 127.0.0.1/8
+   interfaces =  {{ ansible_default_ipv4.address }}/24  127.0.0.1/8
 
 # Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf 
    hosts deny = 0.0.0.0/0
@@ -115,8 +101,7 @@
 # Default: log level = 0
 #
 # Example: log level = 3 passdb:5 auth:10 winbind:2
-;   log level = 0
+   log level = 0
-   log level = 2
 
 # Do something sensible when Samba crashes: mail the admin a backtrace
    panic action = /usr/share/samba/panic-action %d
@@ -278,11 +263,11 @@
 
 # By default, the home directories are exported read-only. Change the
 # next parameter to 'no' if you want to be able to write to them.
-   read only = no
+   read only = yes
 
 # File creation mask is set to 0700 for security reasons. If you want to
 # create files with group=rw permissions, set next parameter to 0775.
-   create mask = 0600
+   create mask = 0700
 
 # Directory creation mask is set to 0700 for security reasons. If you want to
 # create dirs. with group=rw permissions, set next parameter to 0775.
@@ -295,7 +280,6 @@
 # This might need tweaking when using external authentication schemes
    valid users = %S
 
-
 # Un-comment the following and create the netlogon directory for Domain Logons
 # (you need to configure Samba to act as a domain controller too.)
 ;[netlogon]
@@ -317,17 +301,20 @@
 ;   create mask = 0600
 ;   directory mask = 0700
 
-
 {% for item in samba_shares | default([]) %}
 
 [{{ item.name }}]
    comment = {{ item.name }}
    path = {{ item.path }}
 
-   create mask = 0660
+   browseable = yes
-   force create mode = 0660
+   read only = no
-   directory mask = 2770
+   writeable = Yes
-   force directory mode = 2770
+
+   create mask = {{ item.file_create_mask | default('0660') }}
+   force create mode = {{ item.file_create_mask | default('0660') }}
+   directory mask = {{ item.dir_create_mask | default('2770') }}
+   force directory mode = {{ item.dir_create_mask | default('2770') }}
 
    # can login into that share
    valid users = @{{ item.group_valid_users }}
@@ -335,6 +322,7 @@
    write list = @{{ item.group_write_list }}
 
    force group = +{{ item.group_write_list }}
+{%   if item.vfs_object_recycle is defined and item.vfs_object_recycle|bool %}
 
    vfs objects = recycle
    recycle:keeptree = yes
@@ -347,22 +335,29 @@
    recycle:touch = yes
    recycle:touch_mtime = no
    recycle:versions = yes
-   recycle:maxsize = 10485760  # around 10MB
+   recycle:directory_mode = 2770
+
+   # - Dateien gößer als 10MB werden nicht
+   #recycle:maxsize = 10485760  # around 10MB
+
+   # - Keine Begrenzung der Dateigröße.
+   recycle:maxsize = 0
+
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    recycle:excludedir = /tmp,/temp,/cache,.Trash
-   recycle:repository = .Trash/%U
+   recycle:repository = {{ item.recycle_path | default('@Recycle.Bin') }}
+
+   # - This is a list of files and directories that are neither visible nor accessible. 
+   # - Each entry in the list must be separated by a '/', which allows spaces to be 
+   # - included in the entry. '*' and '?' can be used to  specify multiple files or
+   # - directories as in DOS wildcards.
+   # -
    veto files = /.Trash/
-
+   delete veto files = yes
-[{{ item.name }}-Trash]
+{%    endif %}
-   comment = Papierkorb ({{ item.name }})
-   path  = {{ item.path }}/.Trash
-
-   browseable = yes
-   read only = yes
 
 {% endfor %}
 
-
 ;[printers]
 ;   comment = All Printers
 ;   browseable = no

roles/common/templates/lib/systemd/system/x11vnc.service.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=Start x11vnc at startup.
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared
+
+[Install]
+WantedBy=multi-user.target

roles/common/templates/root/bin/samba/conf/clean_samba_trash.conf.j2

@@ -0,0 +1,40 @@
+# {{ ansible_managed }}
+
+# ------------------------------------
+# - Settings for script clean_trash.sh
+# ------------------------------------
+
+# - days
+# -
+# - Files older then 'days' will be deleted.
+# -
+# - Defaults to: days=31
+# -
+#days=31
+
+# - trash_dirs
+# -
+# - Directories where files older than given days will be deleted.
+# -
+# - Example:
+# -    trash_dirs="/data/samba/transfer/.Trash /data/samba/no-backup-share/multimedia/.Trash"
+# -
+#trash_dirs=""
+
+{%- set count = namespace(trash_dirs=0) %}
+
+{%- for item in samba_shares | default([]) %}
+{%    if (item.vfs_object_recycle is defined and item.vfs_object_recycle|bool) %}
+{%       set count.trash_dirs = count.trash_dirs + 1 %}
+{%    endif %}
+{% endfor %}
+
+{% if count.trash_dirs > 0 %}
+trash_dirs="
+{%    for item in samba_shares %}
+{%       if (item.vfs_object_recycle is defined and item.vfs_object_recycle|bool) %}
+   {{ item.path }}/{{ item.recycle_path }}
+{%       endif %}
+{%    endfor %}
+"
+{% endif %}

roles/common/templates/root/bin/samba/conf/set_permissions_samba_shares.conf.j2

@@ -0,0 +1,33 @@
+# {{ ansible_managed }}
+
+# -----------------------------------------------------
+# - Settings for script set_permissions_samba_shares.sh
+# -----------------------------------------------------
+
+# - dir_permissions
+# -
+# - Recursive set Permissions (group and file- and directory-mode)
+# -
+# - Multiple options are possible. Use semicolon separated list.
+# -
+# - Usage:
+# -   dir_permissions="<directory>:<group>:<file-mod>:<dir-mod>;[<directory>:<group>:<file-mod>:<dir-mod>];[.."
+# -
+# - Example:
+# -    dir_permissions="/data/samba/transfer:buero:664:2775;/data/samba/verwaltung:intern:660:2770"
+# -
+#dir_permissions=""
+
+{%- set count = namespace(samba_shares=0) %}
+
+{%- for item in samba_shares | default([]) %}
+{%    set count.samba_shares = count.samba_shares + 1 %}
+{% endfor %}
+
+{% if count.samba_shares > 0 %}
+dir_permissions="
+{%    for item in samba_shares | default([]) %}
+   {{ item.path }}:{{ item.group_write_list }}:{{ item.file_create_mask | default('0660') }}:{{ item.dir_create_mask | default('2770') }};
+{%    endfor %}
+"
+{% endif %}

tatus

@@ -1,394 +0,0 @@
-diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
-index 7b325e6..603929a 100644
---- a/group_vars/all/main.yml
-+++ b/group_vars/all/main.yml
-@@ -554,10 +554,18 @@ apt_initial_install_bionic:
-   - ifupdown
-   - socat
- 
--microcode_package: 
-+microcode_intel_package: 
-   - intel-microcode
-+
-+microcode_amd_package: 
-   - amd64-microcode
- 
-+firmware_packages:
-+  - firmware-linux
-+
-+firmware_non_free_packages:
-+   - firmware-linux-nonfree
-+
- apt_install_state: latest
- 
- apt_remove:
-@@ -727,6 +735,167 @@ apt_install_client_samba:
- samba_server: file-akb.akb.netz
- 
- 
-+# ==========
-+# vars used by roles/common/tasks/pure-ftpd-install.yml
-+# ==========
-+
-+pureftpd_global_config_file: /etc/default/pure-ftpd-common
-+
-+pureftpd_config_dir: /etc/pure-ftpd
-+pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf"
-+pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth"
-+pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db"
-+
-+pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt"
-+
-+pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem
-+
-+pureftpd_packages:
-+  - pure-ftpd-common
-+  - pure-ftpd
-+
-+# pure-ftpd-common.j2
-+pureftpd_global_config_mode: standalone
-+pureftpd_global_config_virtualchroot: false
-+pureftpd_global_config_uploadscript: '' 
-+pureftpd_global_config_uploaduid: ''
-+pureftpd_global_config_uploadgid: ''
-+
-+pureftpd_config:
-+  AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
-+  AnonymousCantUpload: 'yes'
-+  Bind: ',21'
-+  CustomerProof: 'yes'
-+  DisplayDotFiles: 'yes'
-+  DontResolve: 'yes'
-+  FSCharset: 'UTF-8'
-+  ForcePassiveIP: ''
-+  MaxDiskUsage: '80'
-+  MinUID: '1000'
-+  NoAnonymous: 'yes'
-+  PAMAuthentication: 'no'
-+  PassivePortRange: '50000 50400'
-+  ProhibitDotFilesRead: 'no'
-+  ProhibitDotFilesWrite:  'yes'
-+  PureDB: '/etc/pure-ftpd/pureftpd.pdb'
-+  SyslogFacility: 'ftp'
-+  TLS: '1'
-+  TLSCipherSuite: 'HIGH'
-+  UnixAuthentication: 'no'
-+  # 
-+  # Available properties
-+  #
-+  # Available properties
-+  # AllowAnonymousFXP: 'no'
-+  # AllowUserFXP: 'no'
-+  # AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
-+  # AnonymousBandwidth: '8'
-+  # AnonymousCanCreateDirs: 'no'
-+  # AnonymousCantUpload: 'yes'
-+  # AnonymousOnly: 'no'
-+  # AnonymousRatio: '1 10'
-+  # AntiWarez: 'yes'
-+  # AutoRename: 'no'
-+  # Bind: '127.0.0.1,21'
-+  # BrokenClientsCompatibility: 'no'
-+  # CallUploadScript: 'yes'
-+  # ChrootEveryone: 'yes'
-+  # ClientCharset: 'UTF-8'
-+  # CreateHomeDir: 'yes'
-+  # CustomerProof: 'yes'
-+  # Daemonize: 'yes'
-+  # DisplayDotFiles: 'yes'
-+  # DontResolve: 'yes'
-+  # ExtAuth: /var/run/ftpd.sock
-+  # ForcePassiveIP: '192.168.0.1'
-+  # FortunesFile: '/etc/pure-ftpd/cookie'
-+  # FSCharset: 'utf8'
-+  # IPV4Only: 'yes'
-+  # IPV6Only: 'yes'
-+  # KeepAllFiles: 'yes'
-+  # LDAPConfigFile: /etc/pureftpd-ldap.conf
-+  # LimitRecursion: '10000 8'
-+  # LogPID: 'yes'
-+  # MaxClientsNumber: '10'
-+  # MaxClientsPerIP: "{{ ansible_processor_cores }}"
-+  # MaxDiskUsage: '80'
-+  # MaxIdleTime: '15'
-+  # MaxLoad: '4'
-+  # MinUID: '1000'
-+  # MySQLConfigFile: /etc/pure-ftpd/mysql.conf
-+  # NoAnonymous: 'yes'
-+  # NoChmod: 'yes'
-+  # NoRename: 'yes'
-+  # NoTruncate: 'yes'
-+  # PAMAuthentication: 'no'
-+  # PassivePortRange: '30000 50000'
-+  # PerUserLimits: '3 20'
-+  # PGSQLConfigFile: /etc/pureftpd-pgsql.conf
-+  # PIDFile: '/var/run/pure-ftpd.pid'
-+  # ProhibitDotFilesRead: 'yes'
-+  # ProhibitDotFilesWrite: 'yes'
-+  # PureDB: /etc/pure-ftpd/pureftpd.pdb
-+  # Quota: '1000 10'
-+  # SyslogFacility: 'ftp'
-+  # TLS: '0'
-+  # TLSCipherSuite: 'ALL:!aNULL:!SSLv3'
-+  # TrustedIP: '10.1.1.1'
-+  # Umask: '113 002'
-+  # UnixAuthentication: 'no'
-+  # UserBandwidth: '8'
-+  # UserRatio: '1 10'
-+  # VerboseLog: 'no'
-+
-+pureftpd_auth_puredb: 50
-+pureftpd_auth_mysql: 0
-+pureftpd_auth_postgresql: 0
-+pureftpd_auth_ldap: 0
-+pureftpd_auth_unix: 65
-+pureftpd_auth_pam: 70
-+
-+# Default FTP user/group
-+pureftpd_virtual_users_group: nobody
-+pureftpd_virtual_users_user: nogroup
-+# pureftpd_virtual_users_gid: '65534'
-+# pureftpd_virtual_users_uid: '65534'
-+
-+pureftpd_virtual_users:
-+  - name: maica_scan
-+    password: maica_scan
-+    homedir: /data/samba/Scans/Maica_scans
-+    uid: maica
-+    gid: users
-+  - name: buero_scan
-+    password: buero_scan
-+    homedir: /data/samba/Scans/Buero_Scans
-+    uid: buero
-+    gid: users
-+  - name: jibran_scan
-+    password: jibran_scan
-+    homedir: /data/samba/Scans/Jibran_scan_Scans
-+    uid: jibran
-+    gid: users
-+  # Available properties
-+  # - name: vuser1
-+  #   password: p4ssW0rd
-+  #   homedir: /var/ftp/vuser1
-+  #   uid: 2000
-+  #   gid: 2000
-+  #   quota_files: 2000
-+  #   quota_size: 500
-+  #   bandwidth_ul: 5
-+  #   bandwidth_dl: 5
-+  #   ratio_ul: 10
-+  #   ratio_dl: 1
-+
-+pureftpd_virtual_deleted_users: []
-+  # Available properties
-+  # - name: vuser2
-+
-+pureftpd_virtual_users_import: false
-+
-+
-+
- # ==========
- # vars used by roles/common/tasks/user.yml
- # ==========
-diff --git a/hosts b/hosts
-index 98add24..e3079cd 100644
---- a/hosts
-+++ b/hosts
-@@ -53,4 +53,8 @@ file-akb.akb.netz ansible_user=root
- file-akb.akb.netz ansible_user=root
- 192.168.82.20 ansible_user=root
- 
-+[ftp_server]
-+file-akb.akb.netz ansible_user=root
-+192.168.82.20 ansible_user=root
-+
- [gateway_server]
-diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
-index f9391f6..be73450 100644
---- a/roles/common/handlers/main.yml
-+++ b/roles/common/handlers/main.yml
-@@ -59,3 +59,12 @@
-     name: cups-browsed
-     daemon_reload: yes
-     state: restarted
-+
-+- name: reload Pure-FTPd users
-+  command: pure-pw mkdb
-+
-+- name: restart Pure-FTPd
-+  service:
-+    name: pure-ftpd
-+    state: restarted
-+
-diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml
-index 466edd1..77fd1c4 100644
---- a/roles/common/tasks/apt.yml
-+++ b/roles/common/tasks/apt.yml
-@@ -96,12 +96,17 @@
-   tags:
-     - apt-initial-install
- 
--- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
-+# ---
-+# Microcode
-+# ---
-+
-+- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch)
-   apt:
--    name: "{{ microcode_package }}"
-+    name: "{{ microcode_intel_package }}"
-     state: present
-     default_release: "{{ ansible_distribution_release }}-backports"
-   when:
-+    - apt_backports_enable
-     - ansible_facts['distribution'] == "Debian"
-     - ansible_facts['distribution_major_version'] == "9"
-     - ansible_facts['processor']|string is search("Intel")
-@@ -109,9 +114,24 @@
-     - apt-initial-install
-     - apt-microcode
- 
--- name: (apt.yml) Install CPU microcode (debian buster)
-+- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
-+  apt:
-+    name: "{{ microcode_amd_package }}"
-+    state: present
-+    default_release: "{{ ansible_distribution_release }}-backports"
-+  when:
-+    - apt_backports_enable
-+    - apt_debian_contrib_nonfree_enable
-+    - ansible_facts['distribution'] == "Debian"
-+    - ansible_facts['distribution_major_version'] == "9"
-+    - ansible_facts['processor']|string is search("AMD")
-+  tags:
-+    - apt-initial-install
-+    - apt-microcode
-+
-+- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
-   apt:
--    name: "{{ microcode_package }}"
-+    name: "{{ microcode_intel_package }}"
-     state: present
-     default_release: "{{ ansible_distribution_release }}"
-   when:
-@@ -122,9 +142,23 @@
-     - apt-initial-install
-     - apt-microcode
- 
--- name: (apt.yml) Install CPU microcode (ubuntu bionic)
-+- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster)
-   apt:
--    name: "{{ microcode_package }}"
-+    name: "{{ microcode_amd_package }}"
-+    state: present
-+    default_release: "{{ ansible_distribution_release }}"
-+  when:
-+    - apt_debian_contrib_nonfree_enable
-+    - ansible_facts['distribution'] == "Debian"
-+    - ansible_facts['distribution_major_version'] == "10"
-+    - ansible_facts['processor']|string is search("AMD")
-+  tags:
-+    - apt-initial-install
-+    - apt-microcode
-+
-+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic)
-+  apt:
-+    name: "{{ microcode_intel_package }}"
-     state: present
-     default_release: "{{ ansible_distribution_release }}"
-   when:
-@@ -135,9 +169,23 @@
-     - apt-initial-install
-     - apt-microcode
- 
--- name: (apt.yml) Install CPU microcode (ubuntu xenial)
-+- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic)
-   apt:
--    name: "{{ microcode_package }}"
-+    name: "{{ microcode_amd_package }}"
-+    state: present
-+    default_release: "{{ ansible_distribution_release }}"
-+  when:
-+    - apt_debian_contrib_nonfree_enable
-+    - ansible_facts['distribution'] == "Ubuntu"
-+    - ansible_facts['distribution_release'] == "bionic"
-+    - ansible_facts['processor']|string is search("AMD")
-+  tags:
-+    - apt-initial-install
-+    - apt-microcode
-+
-+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial)
-+  apt:
-+    name: "{{ microcode_intel_package }}"
-     state: present
-     default_release: "{{ ansible_distribution_release }}"
-   when:
-@@ -148,6 +196,49 @@
-     - apt-initial-install
-     - apt-microcode
- 
-+- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial)
-+  apt:
-+    name: "{{ microcode_amd_package }}"
-+    state: present
-+    default_release: "{{ ansible_distribution_release }}"
-+  when:
-+    - apt_debian_contrib_nonfree_enable
-+    - ansible_facts['distribution'] == "Ubuntu"
-+    - ansible_facts['distribution_release'] == "xenial"
-+    - ansible_facts['processor']|string is search("AMD")
-+  tags:
-+    - apt-initial-install
-+    - apt-microcode
-+
-+# ---
-+# Firmware
-+# ---
-+
-+- name: (apt.yml) Install Firmware packages
-+  apt:
-+     name: "{{ firmware_non_free_packages }}"
-+     state: present
-+     default_release: "{{ ansible_distribution_release }}"
-+  tags:
-+    - apt-initial-install
-+    - apt-firmware
-+
-+- name: (apt.yml) Install non-free Firmware packages
-+  apt:
-+     name: "{{ firmware_non_free_packages }}"
-+     state: present
-+     default_release: "{{ ansible_distribution_release }}"
-+  when:
-+    - apt_debian_contrib_nonfree_enable
-+  tags:
-+    - apt-initial-install
-+    - apt-firmware
-+
-+
-+# ---
-+# unwanted packages
-+# ---
-+
- - name: (apt.yml) Remove unwanted packages
-   apt:
-     name: "{{ apt_remove }}"
-diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
-index cba68be..b9802b6 100644
---- a/roles/common/tasks/main.yml
-+++ b/roles/common/tasks/main.yml
-@@ -55,6 +55,14 @@
-   tags:
-     - cups
- 
-+# tags supported inside cups-install.yml:
-+#
-+- import_tasks: pure-ftpd-install.yml
-+  when: 
-+    - groups['ftp_server']|string is search(inventory_hostname)
-+  tags:
-+    - pure-ftpd
-+
- # tags supported inside nfs.yml:
- #
- #    nfs-server