redisign ..

ansible.cfg

@@ -10,13 +10,7 @@
 
 
 [defaults]
-#ansible_managed = ** Ansible managed: DO NOT EDIT DIRECTLY **
+ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
-ansible_managed = ############################################ #
- #          --------------------------          #
- #          ** DO NOT EDIT DIRECTLY **          #
- #          --------------------------          #
- #             Ansible managed file             #
- # ############################################ #
 #gathering = smart
 #fact_caching = jsonfile
 #fact_caching_connection = ~/.cache/

files/homedirs/DEFAULT/.vim/.netrwhist

@@ -0,0 +1,11 @@
+let g:netrw_dirhistmax  =10
+let g:netrw_dirhist_cnt =9
+let g:netrw_dirhist_1='/home/chris/devel/git/git.oopen.de/script/bash/snippets'
+let g:netrw_dirhist_2='/home/chris/O.OPEN/Kunden/Anwaltsbuero-Kottbusser_Damm/carsten/ThinkPad_L380'
+let g:netrw_dirhist_3='/home/chris/devel/git/git.oopen.de/ansible/mbr-bln/group_vars/all'
+let g:netrw_dirhist_4='/home/chris/O.OPEN/Kunden/Gemeinschaft Altenschlirf/Intranet/VPN/VPN-GA-NH-chris'
+let g:netrw_dirhist_5='/home/chris/devel/git/git.oopen.de/firewall/ipt-server'
+let g:netrw_dirhist_6='/home/chris/devel/git/git.oopen.de/firewall/ipt-server/conf'
+let g:netrw_dirhist_7='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/group_vars'
+let g:netrw_dirhist_8='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies'
+let g:netrw_dirhist_9='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies/tasks'

files/homedirs/DEFAULT/.vim/colors/afterglow.vim

@@ -0,0 +1,547 @@
+" File: afterglow.vim
+" Author: Danilo Augusto <daniloaugusto.ita16@gmail.com>
+" Date: 2017-02-27
+" Vim color file - Afterglow (monokai version)
+"
+" Hex color conversion functions borrowed from the theme 'Desert256'
+
+set background=dark
+if version > 580
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+
+let g:colors_name = "afterglow"
+
+" Default GUI Colours
+let s:foreground = "d6d6d6"
+let s:background = "1a1a1a"
+let s:selection = "5a647e"
+let s:line = "393939"
+let s:comment = "797979"
+let s:red = "ac4142"
+let s:orange = "e87d3e"
+let s:yellow = "e5b567"
+let s:green = "b4c973"
+let s:blue = "6c99bb"
+let s:wine = "b05279"
+let s:purple = "9e86c8"
+let s:window = "4d5057"
+
+if has("gui_running") || &t_Co == 88 || &t_Co == 256
+    " Returns an approximate grey index for the given grey level
+    fun <SID>grey_number(x)
+        if &t_Co == 88
+            if a:x < 23
+                return 0
+            elseif a:x < 69
+                return 1
+            elseif a:x < 103
+                return 2
+            elseif a:x < 127
+                return 3
+            elseif a:x < 150
+                return 4
+            elseif a:x < 173
+                return 5
+            elseif a:x < 196
+                return 6
+            elseif a:x < 219
+                return 7
+            elseif a:x < 243
+                return 8
+            else
+                return 9
+            endif
+        else
+            if a:x < 14
+                return 0
+            else
+                let l:n = (a:x - 8) / 10
+                let l:m = (a:x - 8) % 10
+                if l:m < 5
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual grey level represented by the grey index
+    fun <SID>grey_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 46
+            elseif a:n == 2
+                return 92
+            elseif a:n == 3
+                return 115
+            elseif a:n == 4
+                return 139
+            elseif a:n == 5
+                return 162
+            elseif a:n == 6
+                return 185
+            elseif a:n == 7
+                return 208
+            elseif a:n == 8
+                return 231
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 8 + (a:n * 10)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given grey index
+    fun <SID>grey_colour(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 16
+            elseif a:n == 9
+                return 79
+            else
+                return 79 + a:n
+            endif
+        else
+            if a:n == 0
+                return 16
+            elseif a:n == 25
+                return 231
+            else
+                return 231 + a:n
+            endif
+        endif
+    endfun
+
+    " Returns an approximate colour index for the given colour level
+    fun <SID>rgb_number(x)
+        if &t_Co == 88
+            if a:x < 69
+                return 0
+            elseif a:x < 172
+                return 1
+            elseif a:x < 230
+                return 2
+            else
+                return 3
+            endif
+        else
+            if a:x < 75
+                return 0
+            else
+                let l:n = (a:x - 55) / 40
+                let l:m = (a:x - 55) % 40
+                if l:m < 20
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual colour level for the given colour index
+    fun <SID>rgb_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 139
+            elseif a:n == 2
+                return 205
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 55 + (a:n * 40)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given R/G/B colour indices
+    fun <SID>rgb_colour(x, y, z)
+        if &t_Co == 88
+            return 16 + (a:x * 16) + (a:y * 4) + a:z
+        else
+            return 16 + (a:x * 36) + (a:y * 6) + a:z
+        endif
+    endfun
+
+    " Returns the palette index to approximate the given R/G/B colour levels
+    fun <SID>colour(r, g, b)
+        " Get the closest grey
+        let l:gx = <SID>grey_number(a:r)
+        let l:gy = <SID>grey_number(a:g)
+        let l:gz = <SID>grey_number(a:b)
+
+        " Get the closest colour
+        let l:x = <SID>rgb_number(a:r)
+        let l:y = <SID>rgb_number(a:g)
+        let l:z = <SID>rgb_number(a:b)
+
+        if l:gx == l:gy && l:gy == l:gz
+            " There are two possibilities
+            let l:dgr = <SID>grey_level(l:gx) - a:r
+            let l:dgg = <SID>grey_level(l:gy) - a:g
+            let l:dgb = <SID>grey_level(l:gz) - a:b
+            let l:dgrey = (l:dgr * l:dgr) + (l:dgg * l:dgg) + (l:dgb * l:dgb)
+            let l:dr = <SID>rgb_level(l:gx) - a:r
+            let l:dg = <SID>rgb_level(l:gy) - a:g
+            let l:db = <SID>rgb_level(l:gz) - a:b
+            let l:drgb = (l:dr * l:dr) + (l:dg * l:dg) + (l:db * l:db)
+            if l:dgrey < l:drgb
+                " Use the grey
+                return <SID>grey_colour(l:gx)
+            else
+                " Use the colour
+                return <SID>rgb_colour(l:x, l:y, l:z)
+            endif
+        else
+            " Only one possibility
+            return <SID>rgb_colour(l:x, l:y, l:z)
+        endif
+    endfun
+
+    " Returns the palette index to approximate the 'rrggbb' hex string
+    fun <SID>rgb(rgb)
+        let l:r = ("0x" . strpart(a:rgb, 0, 2)) + 0
+        let l:g = ("0x" . strpart(a:rgb, 2, 2)) + 0
+        let l:b = ("0x" . strpart(a:rgb, 4, 2)) + 0
+
+        return <SID>colour(l:r, l:g, l:b)
+    endfun
+
+    " Sets the highlighting for the given group
+    fun <SID>X(group, fg, bg, attr)
+        if a:fg != ""
+            exec "hi " . a:group . " guifg=#" . a:fg . " ctermfg=" . <SID>rgb(a:fg)
+        endif
+        if a:bg != ""
+            exec "hi " . a:group . " guibg=#" . a:bg . " ctermbg=" . <SID>rgb(a:bg)
+        endif
+        if a:attr != ""
+            exec "hi " . a:group . " gui=" . a:attr . " cterm=" . a:attr
+        endif
+    endfun
+
+    " Vim Highlighting
+    call <SID>X("Normal", s:foreground, s:background, "")
+    call <SID>X("LineNr", s:comment, "", "")
+    call <SID>X("NonText", s:selection, "", "")
+    call <SID>X("SpecialKey", s:selection, "", "")
+    call <SID>X("Search", s:background, s:yellow, "")
+    call <SID>X("TabLine", s:window, s:foreground, "reverse")
+    call <SID>X("TabLineFill", s:window, s:foreground, "reverse")
+    call <SID>X("StatusLine", s:window, s:yellow, "reverse")
+    call <SID>X("StatusLineNC", s:window, s:foreground, "reverse")
+    call <SID>X("VertSplit", s:window, s:window, "none")
+    call <SID>X("Visual", "", s:selection, "")
+    call <SID>X("Directory", s:blue, "", "")
+    call <SID>X("ModeMsg", s:green, "", "")
+    call <SID>X("MoreMsg", s:green, "", "")
+    call <SID>X("Question", s:green, "", "")
+    call <SID>X("WarningMsg", s:orange, "", "bold")
+    call <SID>X("MatchParen", "", s:selection, "")
+    call <SID>X("Folded", s:comment, s:background, "")
+    call <SID>X("FoldColumn", "", s:background, "")
+    if version >= 700
+        call <SID>X("CursorLine", "", s:line, "none")
+        call <SID>X("CursorLineNR", s:orange, "", "none")
+        call <SID>X("CursorColumn", "", s:line, "none")
+        call <SID>X("PMenu", s:foreground, s:selection, "none")
+        call <SID>X("PMenuSel", s:foreground, s:selection, "reverse")
+        call <SID>X("SignColumn", "", s:background, "none")
+    end
+    if version >= 703
+        call <SID>X("ColorColumn", "", s:line, "none")
+    end
+
+    " Standard Highlighting
+    call <SID>X("Comment", s:comment, "", "")
+    call <SID>X("Todo", s:red, s:background, "bold")
+    call <SID>X("Title", s:comment, "", "bold")
+    call <SID>X("Identifier", s:orange, "", "")
+    call <SID>X("Statement", s:wine, "", "")
+    call <SID>X("Conditional", s:wine, "", "")
+    call <SID>X("Repeat", s:wine, "", "")
+    call <SID>X("Structure", s:wine, "", "")
+    call <SID>X("Function", s:orange, "", "")
+    call <SID>X("Constant", s:purple, "", "")
+    call <SID>X("Keyword", s:orange, "", "")
+    call <SID>X("String", s:yellow, "", "")
+    call <SID>X("Special", s:blue, "", "")
+    call <SID>X("PreProc", s:green, "", "")
+    call <SID>X("Operator", s:purple, "", "")
+    call <SID>X("Type", s:blue, "", "")
+    call <SID>X("Define", s:wine, "", "")
+    call <SID>X("Include", s:wine, "", "")
+    call <SID>X("Tag", s:orange, "", "bold")
+    call <SID>X("Underlined", s:orange, "", "underline")
+
+    syntax match commonOperator "\(+\|=\|-\|*\|\^\|\/\||\)"
+    hi link commonOperator Operator
+
+    " Vim Highlighting
+    call <SID>X("vimCommand", s:wine, "", "none")
+
+    " C Highlighting
+    call <SID>X("cType", s:wine, "", "")
+    call <SID>X("cStorageClass", s:orange, "", "")
+    call <SID>X("cConditional", s:wine, "", "")
+    call <SID>X("cRepeat", s:wine, "", "")
+
+    " PHP Highlighting
+    call <SID>X("phpVarSelector", s:wine, "", "")
+    call <SID>X("phpKeyword", s:wine, "", "")
+    call <SID>X("phpRepeat", s:wine, "", "")
+    call <SID>X("phpConditional", s:wine, "", "")
+    call <SID>X("phpStatement", s:wine, "", "")
+    call <SID>X("phpMemberSelector", s:foreground, "", "")
+
+    " Ruby Highlighting
+    call <SID>X("rubySymbol", s:blue, "", "")
+    call <SID>X("rubyConstant", s:green, "", "")
+    call <SID>X("rubyAccess", s:yellow, "", "")
+    call <SID>X("rubyAttribute", s:blue, "", "")
+    call <SID>X("rubyInclude", s:blue, "", "")
+    call <SID>X("rubyLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("rubyCurlyBlock", s:orange, "", "")
+    call <SID>X("rubyStringDelimiter", s:yellow, "", "")
+    call <SID>X("rubyInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("rubyConditional", s:wine, "", "")
+    call <SID>X("rubyRepeat", s:wine, "", "")
+    call <SID>X("rubyControl", s:wine, "", "")
+    call <SID>X("rubyException", s:wine, "", "")
+
+    " Crystal Highlighting
+    call <SID>X("crystalSymbol", s:green, "", "")
+    call <SID>X("crystalConstant", s:yellow, "", "")
+    call <SID>X("crystalAccess", s:yellow, "", "")
+    call <SID>X("crystalAttribute", s:blue, "", "")
+    call <SID>X("crystalInclude", s:blue, "", "")
+    call <SID>X("crystalLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("crystalCurlyBlock", s:orange, "", "")
+    call <SID>X("crystalStringDelimiter", s:green, "", "")
+    call <SID>X("crystalInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("crystalConditional", s:wine, "", "")
+    call <SID>X("crystalRepeat", s:wine, "", "")
+    call <SID>X("crystalControl", s:wine, "", "")
+    call <SID>X("crystalException", s:wine, "", "")
+
+    " Python Highlighting
+    call <SID>X("pythonInclude", s:green, "", "italic")
+    call <SID>X("pythonStatement", s:blue, "", "")
+    call <SID>X("pythonConditional", s:wine, "", "")
+    call <SID>X("pythonRepeat", s:wine, "", "")
+    call <SID>X("pythonException", s:wine, "", "")
+    call <SID>X("pythonFunction", s:green, "", "italic")
+    call <SID>X("pythonPreCondit", s:wine, "", "")
+    call <SID>X("pythonExClass", s:orange, "", "")
+    call <SID>X("pythonBuiltin", s:blue, "", "")
+    call <SID>X("pythonOperator", s:wine, "", "")
+    call <SID>X("pythonNumber", s:purple, "", "")
+    call <SID>X("pythonString", s:yellow, "", "")
+    call <SID>X("pythonRawString", s:yellow, "", "")
+    call <SID>X("pythonDecorator", s:wine, "", "")
+    call <SID>X("pythonDoctest", s:yellow, "", "")
+    call <SID>X("pythonImportFunction", s:orange, "", "")
+    call <SID>X("pythonImportModule", s:orange, "", "")
+    call <SID>X("pythonImportObject", s:orange, "", "")
+    call <SID>X("pythonImportedClassDef", s:orange, "", "")
+    call <SID>X("pythonImportedFuncDef", s:orange, "", "")
+    call <SID>X("pythonImportedModule", s:orange, "", "")
+    call <SID>X("pythonImportedObject", s:orange, "", "")
+
+    " JavaScript Highlighting
+    call <SID>X("javaScriptEndColons", s:foreground, "", "")
+    call <SID>X("javaScriptOpSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptLogicSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptBraces", s:foreground, "", "")
+    call <SID>X("javaScriptParens", s:foreground, "", "")
+    call <SID>X("javaScriptFunction", s:green, "", "")
+    call <SID>X("javaScriptComment", s:comment, "", "")
+    call <SID>X("javaScriptLineComment", s:comment, "", "")
+    call <SID>X("javaScriptDocComment", s:comment, "", "")
+    call <SID>X("javaScriptCommentTodo", s:red, "", "")
+    call <SID>X("javaScriptString", s:yellow, "", "")
+    call <SID>X("javaScriptRegexpString", s:yellow, "", "")
+    call <SID>X("javaScriptTemplateString", s:yellow, "", "")
+    call <SID>X("javaScriptNumber", s:purple, "", "")
+    call <SID>X("javaScriptFloat", s:purple, "", "")
+    call <SID>X("javaScriptGlobal", s:purple, "", "")
+    call <SID>X("javaScriptCharacter", s:blue, "", "")
+    call <SID>X("javaScriptPrototype", s:blue, "", "")
+    call <SID>X("javaScriptConditional", s:blue, "", "")
+    call <SID>X("javaScriptBranch", s:blue, "", "")
+    call <SID>X("javaScriptIdentifier", s:orange, "", "")
+    call <SID>X("javaScriptRepeat", s:blue, "", "")
+    call <SID>X("javaScriptStatement", s:blue, "", "")
+    call <SID>X("javaScriptMessage", s:blue, "", "")
+    call <SID>X("javaScriptReserved", s:blue, "", "")
+    call <SID>X("javaScriptOperator", s:blue, "", "")
+    call <SID>X("javaScriptNull", s:purple, "", "")
+    call <SID>X("javaScriptBoolean", s:purple, "", "")
+    call <SID>X("javaScriptLabel", s:blue, "", "")
+    call <SID>X("javaScriptSpecial", s:blue, "", "")
+    call <SID>X("javaScriptExceptions", s:red, "", "")
+    call <SID>X("javaScriptDeprecated", s:red, "", "")
+    call <SID>X("javaScriptError", s:red, "", "")
+
+    " LaTeX
+    call <SID>X("texStatement",s:blue, "", "")
+    call <SID>X("texMath", s:wine, "", "none")
+    call <SID>X("texMathMacher", s:yellow, "", "none")
+    call <SID>X("texRefLabel", s:wine, "", "none")
+    call <SID>X("texRefZone", s:blue, "", "none")
+    call <SID>X("texComment", s:comment, "", "none")
+    call <SID>X("texDelimiter", s:purple, "", "none")
+    call <SID>X("texMathZoneX", s:purple, "", "none")
+
+    " CoffeeScript Highlighting
+    call <SID>X("coffeeRepeat", s:wine, "", "")
+    call <SID>X("coffeeConditional", s:wine, "", "")
+    call <SID>X("coffeeKeyword", s:wine, "", "")
+    call <SID>X("coffeeObject", s:yellow, "", "")
+
+    " HTML Highlighting
+    call <SID>X("htmlTag", s:blue, "", "")
+    call <SID>X("htmlEndTag", s:blue, "", "")
+    call <SID>X("htmlTagName", s:wine, "", "bold")
+    call <SID>X("htmlArg", s:green, "", "italic")
+    call <SID>X("htmlScriptTag", s:wine, "", "")
+
+    " Diff Highlighting
+    call <SID>X("diffAdd", "", "4c4e39", "")
+    call <SID>X("diffDelete", s:background, s:red, "")
+    call <SID>X("diffChange", "", "2B5B77", "")
+    call <SID>X("diffText", s:line, s:blue, "")
+
+    " ShowMarks Highlighting
+    call <SID>X("ShowMarksHLl", s:orange, s:background, "none")
+    call <SID>X("ShowMarksHLo", s:wine, s:background, "none")
+    call <SID>X("ShowMarksHLu", s:yellow, s:background, "none")
+    call <SID>X("ShowMarksHLm", s:wine, s:background, "none")
+
+    " Lua Highlighting
+    call <SID>X("luaStatement", s:wine, "", "")
+    call <SID>X("luaRepeat", s:wine, "", "")
+    call <SID>X("luaCondStart", s:wine, "", "")
+    call <SID>X("luaCondElseif", s:wine, "", "")
+    call <SID>X("luaCond", s:wine, "", "")
+    call <SID>X("luaCondEnd", s:wine, "", "")
+
+    " Cucumber Highlighting
+    call <SID>X("cucumberGiven", s:blue, "", "")
+    call <SID>X("cucumberGivenAnd", s:blue, "", "")
+
+    " Go Highlighting
+    call <SID>X("goDirective", s:wine, "", "")
+    call <SID>X("goDeclaration", s:wine, "", "")
+    call <SID>X("goStatement", s:wine, "", "")
+    call <SID>X("goConditional", s:wine, "", "")
+    call <SID>X("goConstants", s:orange, "", "")
+    call <SID>X("goTodo", s:red, "", "")
+    call <SID>X("goDeclType", s:blue, "", "")
+    call <SID>X("goBuiltins", s:wine, "", "")
+    call <SID>X("goRepeat", s:wine, "", "")
+    call <SID>X("goLabel", s:wine, "", "")
+
+    " Clojure Highlighting
+    call <SID>X("clojureConstant", s:orange, "", "")
+    call <SID>X("clojureBoolean", s:orange, "", "")
+    call <SID>X("clojureCharacter", s:orange, "", "")
+    call <SID>X("clojureKeyword", s:green, "", "")
+    call <SID>X("clojureNumber", s:orange, "", "")
+    call <SID>X("clojureString", s:green, "", "")
+    call <SID>X("clojureRegexp", s:green, "", "")
+    call <SID>X("clojureParen", s:wine, "", "")
+    call <SID>X("clojureVariable", s:yellow, "", "")
+    call <SID>X("clojureCond", s:blue, "", "")
+    call <SID>X("clojureDefine", s:wine, "", "")
+    call <SID>X("clojureException", s:red, "", "")
+    call <SID>X("clojureFunc", s:blue, "", "")
+    call <SID>X("clojureMacro", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureSpecial", s:wine, "", "")
+    call <SID>X("clojureQuote", s:blue, "", "")
+    call <SID>X("clojureUnquote", s:blue, "", "")
+    call <SID>X("clojureMeta", s:blue, "", "")
+    call <SID>X("clojureDeref", s:blue, "", "")
+    call <SID>X("clojureAnonArg", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureDispatch", s:blue, "", "")
+
+    " Scala Highlighting
+    call <SID>X("scalaKeyword", s:wine, "", "")
+    call <SID>X("scalaKeywordModifier", s:wine, "", "")
+    call <SID>X("scalaOperator", s:blue, "", "")
+    call <SID>X("scalaPackage", s:wine, "", "")
+    call <SID>X("scalaFqn", s:foreground, "", "")
+    call <SID>X("scalaFqnSet", s:foreground, "", "")
+    call <SID>X("scalaImport", s:wine, "", "")
+    call <SID>X("scalaBoolean", s:orange, "", "")
+    call <SID>X("scalaDef", s:wine, "", "")
+    call <SID>X("scalaVal", s:wine, "", "")
+    call <SID>X("scalaVar", s:wine, "", "")
+    call <SID>X("scalaClass", s:wine, "", "")
+    call <SID>X("scalaObject", s:wine, "", "")
+    call <SID>X("scalaTrait", s:wine, "", "")
+    call <SID>X("scalaDefName", s:blue, "", "")
+    call <SID>X("scalaValName", s:foreground, "", "")
+    call <SID>X("scalaVarName", s:foreground, "", "")
+    call <SID>X("scalaClassName", s:foreground, "", "")
+    call <SID>X("scalaType", s:yellow, "", "")
+    call <SID>X("scalaTypeSpecializer", s:yellow, "", "")
+    call <SID>X("scalaAnnotation", s:orange, "", "")
+    call <SID>X("scalaNumber", s:orange, "", "")
+    call <SID>X("scalaDefSpecializer", s:yellow, "", "")
+    call <SID>X("scalaClassSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:green, "", "")
+    call <SID>X("scalaRoot", s:foreground, "", "")
+    call <SID>X("scalaMethodCall", s:blue, "", "")
+    call <SID>X("scalaCaseType", s:yellow, "", "")
+    call <SID>X("scalaLineComment", s:comment, "", "")
+    call <SID>X("scalaComment", s:comment, "", "")
+    call <SID>X("scalaDocComment", s:comment, "", "")
+    call <SID>X("scalaDocTags", s:comment, "", "")
+    call <SID>X("scalaEmptyString", s:green, "", "")
+    call <SID>X("scalaMultiLineString", s:green, "", "")
+    call <SID>X("scalaUnicode", s:orange, "", "")
+    call <SID>X("scalaString", s:green, "", "")
+    call <SID>X("scalaStringEscape", s:green, "", "")
+    call <SID>X("scalaSymbol", s:orange, "", "")
+    call <SID>X("scalaChar", s:orange, "", "")
+    call <SID>X("scalaXml", s:green, "", "")
+    call <SID>X("scalaConstructorSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:blue, "", "")
+
+    " Git
+    call <SID>X("diffAdded", s:green, "", "")
+    call <SID>X("diffRemoved", s:red, "", "")
+    call <SID>X("gitcommitSummary", "", "", "bold")
+
+    " Delete Functions
+    delf <SID>X
+    delf <SID>rgb
+    delf <SID>colour
+    delf <SID>rgb_colour
+    delf <SID>rgb_level
+    delf <SID>rgb_number
+    delf <SID>grey_colour
+    delf <SID>grey_level
+    delf <SID>grey_number
+endif

files/homedirs/DEFAULT/.vim/colors/ayu.vim

@@ -0,0 +1,268 @@
+" Initialisation:"{{{
+" ----------------------------------------------------------------------------
+hi clear
+if exists("syntax_on")
+  syntax reset
+endif
+
+let s:style = get(g:, 'ayucolor', 'dark')
+let g:colors_name = "ayu"
+"}}}
+
+" Palettes:"{{{
+" ----------------------------------------------------------------------------
+
+let s:palette = {}
+
+let s:palette.bg        = {'dark': "#0F1419",  'light': "#FAFAFA",  'mirage': "#212733"}
+
+let s:palette.comment   = {'dark': "#5C6773",  'light': "#ABB0B6",  'mirage': "#5C6773"}
+let s:palette.markup    = {'dark': "#F07178",  'light': "#F07178",  'mirage': "#F07178"}
+let s:palette.constant  = {'dark': "#FFEE99",  'light': "#A37ACC",  'mirage': "#D4BFFF"}
+let s:palette.operator  = {'dark': "#E7C547",  'light': "#E7C547",  'mirage': "#80D4FF"}
+let s:palette.tag       = {'dark': "#36A3D9",  'light': "#36A3D9",  'mirage': "#5CCFE6"}
+let s:palette.regexp    = {'dark': "#95E6CB",  'light': "#4CBF99",  'mirage': "#95E6CB"}
+let s:palette.string    = {'dark': "#B8CC52",  'light': "#86B300",  'mirage': "#BBE67E"}
+let s:palette.function  = {'dark': "#FFB454",  'light': "#F29718",  'mirage': "#FFD57F"}
+let s:palette.special   = {'dark': "#E6B673",  'light': "#E6B673",  'mirage': "#FFC44C"}
+let s:palette.keyword   = {'dark': "#FF7733",  'light': "#FF7733",  'mirage': "#FFAE57"}
+
+let s:palette.error     = {'dark': "#FF3333",  'light': "#FF3333",  'mirage': "#FF3333"}
+let s:palette.accent    = {'dark': "#F29718",  'light': "#FF6A00",  'mirage': "#FFCC66"}
+let s:palette.panel     = {'dark': "#14191F",  'light': "#FFFFFF",  'mirage': "#272D38"}
+let s:palette.guide     = {'dark': "#2D3640",  'light': "#D9D8D7",  'mirage': "#3D4751"}
+let s:palette.line      = {'dark': "#151A1E",  'light': "#F3F3F3",  'mirage': "#242B38"}
+let s:palette.selection = {'dark': "#253340",  'light': "#F0EEE4",  'mirage': "#343F4C"}
+let s:palette.fg        = {'dark': "#E6E1CF",  'light': "#5C6773",  'mirage': "#D9D7CE"}
+let s:palette.fg_idle   = {'dark': "#3E4B59",  'light': "#828C99",  'mirage': "#607080"}
+
+"}}}
+
+" Highlighting Primitives:"{{{
+" ----------------------------------------------------------------------------
+
+function! s:build_prim(hi_elem, field)
+  let l:vname = "s:" . a:hi_elem . "_" . a:field " s:bg_gray
+  let l:gui_assign = "gui".a:hi_elem."=".s:palette[a:field][s:style] " guibg=...
+  exe "let " . l:vname . " = ' " . l:gui_assign . "'"
+endfunction
+
+let s:bg_none = ' guibg=NONE ctermbg=NONE'
+let s:fg_none = ' guifg=NONE ctermfg=NONE'
+for [key_name, d_value] in items(s:palette)
+  call s:build_prim('bg', key_name)
+  call s:build_prim('fg', key_name)
+endfor
+" }}}
+
+" Formatting Options:"{{{
+" ----------------------------------------------------------------------------
+let s:none   = "NONE"
+let s:t_none = "NONE"
+let s:n      = "NONE"
+let s:c      = ",undercurl"
+let s:r      = ",reverse"
+let s:s      = ",standout"
+let s:b      = ",bold"
+let s:u      = ",underline"
+let s:i      = ",italic"
+
+exe "let s:fmt_none = ' gui=NONE".          " cterm=NONE".          " term=NONE"        ."'"
+exe "let s:fmt_bold = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_bldi = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_undr = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_undb = ' gui=NONE".s:u.s:b.  " cterm=NONE".s:u.s:b.  " term=NONE".s:u.s:b."'"
+exe "let s:fmt_undi = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_curl = ' gui=NONE".s:c.      " cterm=NONE".s:c.      " term=NONE".s:c    ."'"
+exe "let s:fmt_ital = ' gui=NONE".s:i.      " cterm=NONE".s:i.      " term=NONE".s:i    ."'"
+exe "let s:fmt_stnd = ' gui=NONE".s:s.      " cterm=NONE".s:s.      " term=NONE".s:s    ."'"
+exe "let s:fmt_revr = ' gui=NONE".s:r.      " cterm=NONE".s:r.      " term=NONE".s:r    ."'"
+exe "let s:fmt_revb = ' gui=NONE".s:r.s:b.  " cterm=NONE".s:r.s:b.  " term=NONE".s:r.s:b."'"
+"}}}
+
+
+" Vim Highlighting: (see :help highlight-groups)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Normal"        .s:fg_fg          .s:bg_bg          .s:fmt_none
+exe "hi! ColorColumn"   .s:fg_none        .s:bg_line        .s:fmt_none
+" Conceal, Cursor, CursorIM
+exe "hi! CursorColumn"  .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLine"    .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLineNr"  .s:fg_accent      .s:bg_line        .s:fmt_none
+exe "hi! LineNr"        .s:fg_guide       .s:bg_none        .s:fmt_none
+
+exe "hi! Directory"     .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! DiffAdd"       .s:fg_string      .s:bg_panel       .s:fmt_none
+exe "hi! DiffChange"    .s:fg_tag         .s:bg_panel       .s:fmt_none
+exe "hi! DiffText"      .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! ErrorMsg"      .s:fg_fg          .s:bg_error       .s:fmt_stnd
+exe "hi! VertSplit"     .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Folded"        .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! FoldColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+exe "hi! SignColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+"   Incsearch"
+
+exe "hi! MatchParen"    .s:fg_fg          .s:bg_bg          .s:fmt_undr
+exe "hi! ModeMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! MoreMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! NonText"       .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Pmenu"         .s:fg_fg          .s:bg_selection   .s:fmt_none
+exe "hi! PmenuSel"      .s:fg_fg          .s:bg_selection   .s:fmt_revr
+"   PmenuSbar"
+"   PmenuThumb"
+exe "hi! Question"      .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! Search"        .s:fg_bg          .s:bg_constant    .s:fmt_none
+exe "hi! SpecialKey"    .s:fg_selection   .s:bg_none        .s:fmt_none
+exe "hi! SpellCap"      .s:fg_tag         .s:bg_none        .s:fmt_undr
+exe "hi! SpellLocal"    .s:fg_keyword     .s:bg_none        .s:fmt_undr
+exe "hi! SpellBad"      .s:fg_error       .s:bg_none        .s:fmt_undr
+exe "hi! SpellRare"     .s:fg_regexp      .s:bg_none        .s:fmt_undr
+exe "hi! StatusLine"    .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! StatusLineNC"  .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! WildMenu"      .s:fg_bg          .s:bg_markup      .s:fmt_none
+exe "hi! TabLine"       .s:fg_fg          .s:bg_panel       .s:fmt_revr
+"   TabLineFill"
+"   TabLineSel"
+exe "hi! Title"         .s:fg_keyword     .s:bg_none        .s:fmt_none
+exe "hi! Visual"        .s:fg_none        .s:bg_selection   .s:fmt_none
+"   VisualNos"
+exe "hi! WarningMsg"    .s:fg_error       .s:bg_none        .s:fmt_none
+
+" TODO LongLineWarning to use variables instead of hardcoding
+hi LongLineWarning  guifg=NONE        guibg=#371F1C     gui=underline ctermfg=NONE        ctermbg=NONE        cterm=underline
+"   WildMenu"
+
+"}}}
+
+" Generic Syntax Highlighting: (see :help group-name)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Comment"         .s:fg_comment   .s:bg_none        .s:fmt_none
+
+exe "hi! Constant"        .s:fg_constant  .s:bg_none        .s:fmt_none
+exe "hi! String"          .s:fg_string    .s:bg_none        .s:fmt_none
+"   Character"
+"   Number"
+"   Boolean"
+"   Float"
+
+exe "hi! Identifier"      .s:fg_tag       .s:bg_none        .s:fmt_none
+exe "hi! Function"        .s:fg_function  .s:bg_none        .s:fmt_none
+
+exe "hi! Statement"       .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   Conditional"
+"   Repeat"
+"   Label"
+exe "hi! Operator"        .s:fg_operator  .s:bg_none        .s:fmt_none
+"   Keyword"
+"   Exception"
+
+exe "hi! PreProc"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   Include"
+"   Define"
+"   Macro"
+"   PreCondit"
+
+exe "hi! Type"            .s:fg_tag       .s:bg_none        .s:fmt_none
+"   StorageClass"
+exe "hi! Structure"       .s:fg_special   .s:bg_none        .s:fmt_none
+"   Typedef"
+
+exe "hi! Special"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   SpecialChar"
+"   Tag"
+"   Delimiter"
+"   SpecialComment"
+"   Debug"
+"
+exe "hi! Underlined"      .s:fg_tag       .s:bg_none        .s:fmt_undr
+
+exe "hi! Ignore"          .s:fg_none      .s:bg_none        .s:fmt_none
+
+exe "hi! Error"           .s:fg_fg        .s:bg_error       .s:fmt_none
+
+exe "hi! Todo"            .s:fg_markup    .s:bg_none        .s:fmt_none
+
+" Quickfix window highlighting
+exe "hi! qfLineNr"        .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   qfFileName"
+"   qfLineNr"
+"   qfError"
+
+exe "hi! Conceal"         .s:fg_guide     .s:bg_none        .s:fmt_none
+exe "hi! CursorLineConceal" .s:fg_guide   .s:bg_line        .s:fmt_none
+
+
+" Terminal in NVIM
+" ---------
+if has("nvim")
+  let g:terminal_color_0 =  s:palette.bg[s:style]
+  let g:terminal_color_1 =  s:palette.markup[s:style]
+  let g:terminal_color_2 =  s:palette.string[s:style]
+  let g:terminal_color_3 =  s:palette.accent[s:style]
+  let g:terminal_color_4 =  s:palette.tag[s:style]
+  let g:terminal_color_5 =  s:palette.constant[s:style]
+  let g:terminal_color_6 =  s:palette.regexp[s:style]
+  let g:terminal_color_7 =  "#FFFFFF"
+  let g:terminal_color_8 =  s:palette.fg_idle[s:style]
+  let g:terminal_color_9 =  s:palette.error[s:style]
+  let g:terminal_color_10 = s:palette.string[s:style]
+  let g:terminal_color_11 = s:palette.accent[s:style]
+  let g:terminal_color_12 = s:palette.tag[s:style]
+  let g:terminal_color_13 = s:palette.constant[s:style]
+  let g:terminal_color_14 = s:palette.regexp[s:style]
+  let g:terminal_color_15 = s:palette.comment[s:style]
+  let g:terminal_color_background = g:terminal_color_0
+  let g:terminal_color_foreground = s:palette.fg[s:style]
+endif
+
+
+" NerdTree
+" ---------
+exe "hi! NERDTreeOpenable"          .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeClosable"          .s:fg_accent      .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksHeader"   .s:fg_pink        .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksLeader"   .s:fg_bg          .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarkName"      .s:fg_keyword     .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeCWD"               .s:fg_pink        .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeUp"                .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDir"               .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeFile"              .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDirSlash"          .s:fg_guide      .s:bg_none        .s:fmt_none
+
+
+" GitGutter
+" ---------
+exe "hi! GitGutterAdd"          .s:fg_string     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChange"       .s:fg_tag        .s:bg_none        .s:fmt_none
+exe "hi! GitGutterDelete"       .s:fg_markup     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChangeDelete" .s:fg_function   .s:bg_none        .s:fmt_none
+
+"}}}
+
+" Diff Syntax Highlighting:"{{{
+" ----------------------------------------------------------------------------
+" Diff
+"   diffOldFile
+"   diffNewFile
+"   diffFile
+"   diffOnly
+"   diffIdentical
+"   diffDiffer
+"   diffBDiffer
+"   diffIsA
+"   diffNoEOL
+"   diffCommon
+hi! link diffRemoved Constant
+"   diffChanged
+hi! link diffAdded String
+"   diffLine
+"   diffSubname
+"   diffComment
+
+"}}}
+"
+" This is needed for some reason: {{{
+
+let &background = s:style
+
+" }}}

files/homedirs/DEFAULT/.vim/colors/molokai.vim

@@ -0,0 +1,276 @@
+" Vim color file
+"
+" Author: Tomas Restrepo <tomas@winterdom.com>
+" https://github.com/tomasr/molokai
+"
+" Note: Based on the Monokai theme for TextMate
+" by Wimer Hazenberg and its darker variant
+" by Hamish Stuart Macpherson
+"
+
+hi clear
+
+if version > 580
+    " no guarantees for version 5.8 and below, but this makes it stop
+    " complaining
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+let g:colors_name="molokai"
+
+if exists("g:molokai_original")
+    let s:molokai_original = g:molokai_original
+else
+    let s:molokai_original = 0
+endif
+
+
+hi Boolean         guifg=#AE81FF
+hi Character       guifg=#E6DB74
+hi Number          guifg=#AE81FF
+hi String          guifg=#E6DB74
+hi Conditional     guifg=#F92672               gui=bold
+hi Constant        guifg=#AE81FF               gui=bold
+hi Cursor          guifg=#000000 guibg=#F8F8F0
+hi iCursor         guifg=#000000 guibg=#F8F8F0
+hi Debug           guifg=#BCA3A3               gui=bold
+hi Define          guifg=#66D9EF
+hi Delimiter       guifg=#8F8F8F
+hi DiffAdd                       guibg=#13354A
+hi DiffChange      guifg=#89807D guibg=#4C4745
+hi DiffDelete      guifg=#960050 guibg=#1E0010
+hi DiffText                      guibg=#4C4745 gui=italic,bold
+
+hi Directory       guifg=#A6E22E               gui=bold
+hi Error           guifg=#E6DB74 guibg=#1E0010
+hi ErrorMsg        guifg=#F92672 guibg=#232526 gui=bold
+hi Exception       guifg=#A6E22E               gui=bold
+hi Float           guifg=#AE81FF
+hi FoldColumn      guifg=#465457 guibg=#000000
+hi Folded          guifg=#465457 guibg=#000000
+hi Function        guifg=#A6E22E
+hi Identifier      guifg=#FD971F
+hi Ignore          guifg=#808080 guibg=bg
+hi IncSearch       guifg=#C4BE89 guibg=#000000
+
+hi Keyword         guifg=#F92672               gui=bold
+hi Label           guifg=#E6DB74               gui=none
+hi Macro           guifg=#C4BE89               gui=italic
+hi SpecialKey      guifg=#66D9EF               gui=italic
+
+hi MatchParen      guifg=#000000 guibg=#FD971F gui=bold
+hi ModeMsg         guifg=#E6DB74
+hi MoreMsg         guifg=#E6DB74
+hi Operator        guifg=#F92672
+
+" complete menu
+hi Pmenu           guifg=#66D9EF guibg=#000000
+hi PmenuSel                      guibg=#808080
+hi PmenuSbar                     guibg=#080808
+hi PmenuThumb      guifg=#66D9EF
+
+hi PreCondit       guifg=#A6E22E               gui=bold
+hi PreProc         guifg=#A6E22E
+hi Question        guifg=#66D9EF
+hi Repeat          guifg=#F92672               gui=bold
+hi Search          guifg=#000000 guibg=#FFE792
+" marks
+hi SignColumn      guifg=#A6E22E guibg=#232526
+hi SpecialChar     guifg=#F92672               gui=bold
+hi SpecialComment  guifg=#7E8E91               gui=bold
+hi Special         guifg=#66D9EF guibg=bg      gui=italic
+if has("spell")
+    hi SpellBad    guisp=#FF0000 gui=undercurl
+    hi SpellCap    guisp=#7070F0 gui=undercurl
+    hi SpellLocal  guisp=#70F0F0 gui=undercurl
+    hi SpellRare   guisp=#FFFFFF gui=undercurl
+endif
+hi Statement       guifg=#F92672               gui=bold
+hi StatusLine      guifg=#455354 guibg=fg
+hi StatusLineNC    guifg=#808080 guibg=#080808
+hi StorageClass    guifg=#FD971F               gui=italic
+hi Structure       guifg=#66D9EF
+hi Tag             guifg=#F92672               gui=italic
+hi Title           guifg=#ef5939
+hi Todo            guifg=#FFFFFF guibg=bg      gui=bold
+
+hi Typedef         guifg=#66D9EF
+hi Type            guifg=#66D9EF               gui=none
+hi Underlined      guifg=#808080               gui=underline
+
+hi VertSplit       guifg=#808080 guibg=#080808 gui=bold
+hi VisualNOS                     guibg=#403D3D
+hi Visual                        guibg=#403D3D
+hi WarningMsg      guifg=#FFFFFF guibg=#333333 gui=bold
+hi WildMenu        guifg=#66D9EF guibg=#000000
+
+hi TabLineFill     guifg=#1B1D1E guibg=#1B1D1E
+hi TabLine         guibg=#1B1D1E guifg=#808080 gui=none
+
+if s:molokai_original == 1
+   hi Normal          guifg=#F8F8F2 guibg=#272822
+   hi Comment         guifg=#75715E
+   hi CursorLine                    guibg=#3E3D32
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#3E3D32
+   hi ColorColumn                   guibg=#3B3A32
+   hi LineNr          guifg=#BCBCBC guibg=#3B3A32
+   hi NonText         guifg=#75715E
+   hi SpecialKey      guifg=#75715E
+else
+   hi Normal          guifg=#F8F8F2 guibg=#1B1D1E
+   hi Comment         guifg=#7E8E91
+   hi CursorLine                    guibg=#293739
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#293739
+   hi ColorColumn                   guibg=#232526
+   hi LineNr          guifg=#465457 guibg=#232526
+   hi NonText         guifg=#465457
+   hi SpecialKey      guifg=#465457
+end
+
+"
+" Support for 256-color terminal
+"
+if &t_Co > 255
+   if s:molokai_original == 1
+      hi Normal                   ctermbg=234
+      hi CursorLine               ctermbg=235   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   else
+      hi Normal       ctermfg=252 ctermbg=233
+      hi CursorLine               ctermbg=234   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   endif
+   hi Boolean         ctermfg=135
+   hi Character       ctermfg=144
+   hi Number          ctermfg=135
+   hi String          ctermfg=144
+   hi Conditional     ctermfg=161               cterm=bold
+   hi Constant        ctermfg=135               cterm=bold
+   hi Cursor          ctermfg=16  ctermbg=253
+   hi Debug           ctermfg=225               cterm=bold
+   hi Define          ctermfg=81
+   hi Delimiter       ctermfg=241
+
+   hi DiffAdd                     ctermbg=24
+   hi DiffChange      ctermfg=181 ctermbg=239
+   hi DiffDelete      ctermfg=162 ctermbg=53
+   hi DiffText                    ctermbg=102 cterm=bold
+
+   hi Directory       ctermfg=118               cterm=bold
+   hi Error           ctermfg=219 ctermbg=89
+   hi ErrorMsg        ctermfg=199 ctermbg=16    cterm=bold
+   hi Exception       ctermfg=118               cterm=bold
+   hi Float           ctermfg=135
+   hi FoldColumn      ctermfg=67  ctermbg=16
+   hi Folded          ctermfg=67  ctermbg=16
+   hi Function        ctermfg=118
+   hi Identifier      ctermfg=208               cterm=none
+   hi Ignore          ctermfg=244 ctermbg=232
+   hi IncSearch       ctermfg=193 ctermbg=16
+
+   hi keyword         ctermfg=161               cterm=bold
+   hi Label           ctermfg=229               cterm=none
+   hi Macro           ctermfg=193
+   hi SpecialKey      ctermfg=81
+
+   hi MatchParen      ctermfg=233  ctermbg=208 cterm=bold
+   hi ModeMsg         ctermfg=229
+   hi MoreMsg         ctermfg=229
+   hi Operator        ctermfg=161
+
+   " complete menu
+   hi Pmenu           ctermfg=81  ctermbg=16
+   hi PmenuSel        ctermfg=255 ctermbg=242
+   hi PmenuSbar                   ctermbg=232
+   hi PmenuThumb      ctermfg=81
+
+   hi PreCondit       ctermfg=118               cterm=bold
+   hi PreProc         ctermfg=118
+   hi Question        ctermfg=81
+   hi Repeat          ctermfg=161               cterm=bold
+   hi Search          ctermfg=0   ctermbg=222   cterm=NONE
+
+   " marks column
+   hi SignColumn      ctermfg=118 ctermbg=235
+   hi SpecialChar     ctermfg=161               cterm=bold
+   hi SpecialComment  ctermfg=245               cterm=bold
+   hi Special         ctermfg=81
+   if has("spell")
+       hi SpellBad                ctermbg=52
+       hi SpellCap                ctermbg=17
+       hi SpellLocal              ctermbg=17
+       hi SpellRare  ctermfg=none ctermbg=none  cterm=reverse
+   endif
+   hi Statement       ctermfg=161               cterm=bold
+   hi StatusLine      ctermfg=238 ctermbg=253
+   hi StatusLineNC    ctermfg=244 ctermbg=232
+   hi StorageClass    ctermfg=208
+   hi Structure       ctermfg=81
+   hi Tag             ctermfg=161
+   hi Title           ctermfg=166
+   hi Todo            ctermfg=231 ctermbg=232   cterm=bold
+
+   hi Typedef         ctermfg=81
+   hi Type            ctermfg=81                cterm=none
+   hi Underlined      ctermfg=244               cterm=underline
+
+   hi VertSplit       ctermfg=244 ctermbg=232   cterm=bold
+   hi VisualNOS                   ctermbg=238
+   hi Visual                      ctermbg=235
+   hi WarningMsg      ctermfg=231 ctermbg=238   cterm=bold
+   hi WildMenu        ctermfg=81  ctermbg=16
+
+   hi Comment         ctermfg=59
+   hi CursorColumn                ctermbg=236
+   hi ColorColumn                 ctermbg=236
+   hi LineNr          ctermfg=250 ctermbg=236
+   hi NonText         ctermfg=59
+
+   hi SpecialKey      ctermfg=59
+
+   if exists("g:rehash256") && g:rehash256 == 1
+       hi Normal       ctermfg=252 ctermbg=234
+       hi CursorLine               ctermbg=236   cterm=none
+       hi CursorLineNr ctermfg=208               cterm=none
+
+       hi Boolean         ctermfg=141
+       hi Character       ctermfg=222
+       hi Number          ctermfg=141
+       hi String          ctermfg=222
+       hi Conditional     ctermfg=197               cterm=bold
+       hi Constant        ctermfg=141               cterm=bold
+
+       hi DiffDelete      ctermfg=125 ctermbg=233
+
+       hi Directory       ctermfg=154               cterm=bold
+       hi Error           ctermfg=222 ctermbg=233
+       hi Exception       ctermfg=154               cterm=bold
+       hi Float           ctermfg=141
+       hi Function        ctermfg=154
+       hi Identifier      ctermfg=208
+
+       hi Keyword         ctermfg=197               cterm=bold
+       hi Operator        ctermfg=197
+       hi PreCondit       ctermfg=154               cterm=bold
+       hi PreProc         ctermfg=154
+       hi Repeat          ctermfg=197               cterm=bold
+
+       hi Statement       ctermfg=197               cterm=bold
+       hi Tag             ctermfg=197
+       hi Title           ctermfg=203
+       hi Visual                      ctermbg=238
+
+       hi Comment         ctermfg=244
+       hi LineNr          ctermfg=239 ctermbg=235
+       hi NonText         ctermfg=239
+       hi SpecialKey      ctermfg=239
+   endif
+end
+
+" Must be at the end, because of ctermbg=234 bug.
+" https://groups.google.com/forum/#!msg/vim_dev/afPqwAFNdrU/nqh6tOM87QUJ
+set background=dark

files/homedirs/DEFAULT/.vim/colors/solarized8_dark.vim

@@ -0,0 +1,4 @@
+let s:dir = expand('<sfile>:p:h').(!exists("+shellslash") || &shellslash ? '/' : '\')
+set background=dark
+execute "source" s:dir."solarized8.vim"
+unlet s:dir

files/homedirs/DEFAULT/_bashrc

@@ -0,0 +1,124 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+if [ "$color_prompt" = yes ]; then
+    #PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@${__hostname}:\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    #PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\u@${__hostname}:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -l'
+alias la='ls -A'
+alias l='ls -CF'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi
+
+export EDITOR=vim
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/DEFAULT/_profile

@@ -0,0 +1,32 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [[ -f /usr/share/mc/bin/mc.sh ]]; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"

files/homedirs/DEFAULT/_profile.j2

@@ -0,0 +1,130 @@
+# {{ ansible_managed }}
+
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+   . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+#. /usr/lib/mc/bin/mc.sh
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ] ; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"
+
+{% if item.item.is_samba_user is defined and item.item.is_samba_user|bool %}
+
+# ---
+# Mmount samba shares
+# ---
+
+# Don't try to mount samba shares if login at samba server
+#
+[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
+
+SERVER="{{ samba_server }}"
+USER="{{ item.item.name }}"
+PASSWORD='{{ item.item.password }}'
+#VERSION="1.0"
+
+# Use NTLMv2 password hashing and force packet signing
+#
+#    SEC="ntlmv2i"
+#
+# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
+#
+#    SEC="ntlmsspi"
+#
+SEC="ntlmsspi"
+
+# - uid/guid of the user at fielserver
+# -
+_UID="$(id -u)"
+_GID="$(id -g)"
+
+
+# Logfile to see what happened..
+#
+_logfile=/tmp/profile_${USER}.log
+
+
+echo "" > $_logfile
+echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
+
+# Network present
+#
+_network=false
+
+if [  "X$_addr" = "X" ] ; then
+   echo "no inet address assigned yet.." >> $_logfile
+   declare -i count=1
+   while  ! $_network && [[ $count -lt 5 ]] ; do
+      echo "sleeping 2 seconds.." >> $_logfile
+      sleep 2
+      _addr="$(hostname --ip-address)"
+      if [ "X$_addr" != "X" ] ; then
+         _network=true
+         echo "inet address present: $_addr" >> $_logfile
+      fi
+      ((count++))
+   done
+fi
+
+for dir in $(ls /mnt/$USER) ; do
+   MOUNT_POINT=/mnt/$USER/$dir
+   SHARE=$dir
+
+   [ ! -d $MOUNT_POINT ] && continue
+
+   if ! mount | grep $MOUNT_POINT > /dev/null ; then
+      echo "Going to mount share '${SHARE}' .." >> $_logfile
+      if [ -x /usr/bin/smb4k_mount ]; then
+         ## - Ubuntu <= 12.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      else
+         ## - Ubuntu Version >= 14.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      fi
+   else
+      echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
+   fi
+
+done
+{% endif %}

files/homedirs/DEFAULT/_vimrc

@@ -0,0 +1,173 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set shiftwidth=3
+set tabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+

files/homedirs/root/.vim/.netrwhist

@@ -0,0 +1,11 @@
+let g:netrw_dirhistmax  =10
+let g:netrw_dirhist_cnt =9
+let g:netrw_dirhist_1='/home/chris/devel/git/git.oopen.de/script/bash/snippets'
+let g:netrw_dirhist_2='/home/chris/O.OPEN/Kunden/Anwaltsbuero-Kottbusser_Damm/carsten/ThinkPad_L380'
+let g:netrw_dirhist_3='/home/chris/devel/git/git.oopen.de/ansible/mbr-bln/group_vars/all'
+let g:netrw_dirhist_4='/home/chris/O.OPEN/Kunden/Gemeinschaft Altenschlirf/Intranet/VPN/VPN-GA-NH-chris'
+let g:netrw_dirhist_5='/home/chris/devel/git/git.oopen.de/firewall/ipt-server'
+let g:netrw_dirhist_6='/home/chris/devel/git/git.oopen.de/firewall/ipt-server/conf'
+let g:netrw_dirhist_7='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/group_vars'
+let g:netrw_dirhist_8='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies'
+let g:netrw_dirhist_9='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies/tasks'

files/homedirs/root/.vim/colors/afterglow.vim

@@ -0,0 +1,547 @@
+" File: afterglow.vim
+" Author: Danilo Augusto <daniloaugusto.ita16@gmail.com>
+" Date: 2017-02-27
+" Vim color file - Afterglow (monokai version)
+"
+" Hex color conversion functions borrowed from the theme 'Desert256'
+
+set background=dark
+if version > 580
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+
+let g:colors_name = "afterglow"
+
+" Default GUI Colours
+let s:foreground = "d6d6d6"
+let s:background = "1a1a1a"
+let s:selection = "5a647e"
+let s:line = "393939"
+let s:comment = "797979"
+let s:red = "ac4142"
+let s:orange = "e87d3e"
+let s:yellow = "e5b567"
+let s:green = "b4c973"
+let s:blue = "6c99bb"
+let s:wine = "b05279"
+let s:purple = "9e86c8"
+let s:window = "4d5057"
+
+if has("gui_running") || &t_Co == 88 || &t_Co == 256
+    " Returns an approximate grey index for the given grey level
+    fun <SID>grey_number(x)
+        if &t_Co == 88
+            if a:x < 23
+                return 0
+            elseif a:x < 69
+                return 1
+            elseif a:x < 103
+                return 2
+            elseif a:x < 127
+                return 3
+            elseif a:x < 150
+                return 4
+            elseif a:x < 173
+                return 5
+            elseif a:x < 196
+                return 6
+            elseif a:x < 219
+                return 7
+            elseif a:x < 243
+                return 8
+            else
+                return 9
+            endif
+        else
+            if a:x < 14
+                return 0
+            else
+                let l:n = (a:x - 8) / 10
+                let l:m = (a:x - 8) % 10
+                if l:m < 5
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual grey level represented by the grey index
+    fun <SID>grey_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 46
+            elseif a:n == 2
+                return 92
+            elseif a:n == 3
+                return 115
+            elseif a:n == 4
+                return 139
+            elseif a:n == 5
+                return 162
+            elseif a:n == 6
+                return 185
+            elseif a:n == 7
+                return 208
+            elseif a:n == 8
+                return 231
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 8 + (a:n * 10)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given grey index
+    fun <SID>grey_colour(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 16
+            elseif a:n == 9
+                return 79
+            else
+                return 79 + a:n
+            endif
+        else
+            if a:n == 0
+                return 16
+            elseif a:n == 25
+                return 231
+            else
+                return 231 + a:n
+            endif
+        endif
+    endfun
+
+    " Returns an approximate colour index for the given colour level
+    fun <SID>rgb_number(x)
+        if &t_Co == 88
+            if a:x < 69
+                return 0
+            elseif a:x < 172
+                return 1
+            elseif a:x < 230
+                return 2
+            else
+                return 3
+            endif
+        else
+            if a:x < 75
+                return 0
+            else
+                let l:n = (a:x - 55) / 40
+                let l:m = (a:x - 55) % 40
+                if l:m < 20
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual colour level for the given colour index
+    fun <SID>rgb_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 139
+            elseif a:n == 2
+                return 205
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 55 + (a:n * 40)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given R/G/B colour indices
+    fun <SID>rgb_colour(x, y, z)
+        if &t_Co == 88
+            return 16 + (a:x * 16) + (a:y * 4) + a:z
+        else
+            return 16 + (a:x * 36) + (a:y * 6) + a:z
+        endif
+    endfun
+
+    " Returns the palette index to approximate the given R/G/B colour levels
+    fun <SID>colour(r, g, b)
+        " Get the closest grey
+        let l:gx = <SID>grey_number(a:r)
+        let l:gy = <SID>grey_number(a:g)
+        let l:gz = <SID>grey_number(a:b)
+
+        " Get the closest colour
+        let l:x = <SID>rgb_number(a:r)
+        let l:y = <SID>rgb_number(a:g)
+        let l:z = <SID>rgb_number(a:b)
+
+        if l:gx == l:gy && l:gy == l:gz
+            " There are two possibilities
+            let l:dgr = <SID>grey_level(l:gx) - a:r
+            let l:dgg = <SID>grey_level(l:gy) - a:g
+            let l:dgb = <SID>grey_level(l:gz) - a:b
+            let l:dgrey = (l:dgr * l:dgr) + (l:dgg * l:dgg) + (l:dgb * l:dgb)
+            let l:dr = <SID>rgb_level(l:gx) - a:r
+            let l:dg = <SID>rgb_level(l:gy) - a:g
+            let l:db = <SID>rgb_level(l:gz) - a:b
+            let l:drgb = (l:dr * l:dr) + (l:dg * l:dg) + (l:db * l:db)
+            if l:dgrey < l:drgb
+                " Use the grey
+                return <SID>grey_colour(l:gx)
+            else
+                " Use the colour
+                return <SID>rgb_colour(l:x, l:y, l:z)
+            endif
+        else
+            " Only one possibility
+            return <SID>rgb_colour(l:x, l:y, l:z)
+        endif
+    endfun
+
+    " Returns the palette index to approximate the 'rrggbb' hex string
+    fun <SID>rgb(rgb)
+        let l:r = ("0x" . strpart(a:rgb, 0, 2)) + 0
+        let l:g = ("0x" . strpart(a:rgb, 2, 2)) + 0
+        let l:b = ("0x" . strpart(a:rgb, 4, 2)) + 0
+
+        return <SID>colour(l:r, l:g, l:b)
+    endfun
+
+    " Sets the highlighting for the given group
+    fun <SID>X(group, fg, bg, attr)
+        if a:fg != ""
+            exec "hi " . a:group . " guifg=#" . a:fg . " ctermfg=" . <SID>rgb(a:fg)
+        endif
+        if a:bg != ""
+            exec "hi " . a:group . " guibg=#" . a:bg . " ctermbg=" . <SID>rgb(a:bg)
+        endif
+        if a:attr != ""
+            exec "hi " . a:group . " gui=" . a:attr . " cterm=" . a:attr
+        endif
+    endfun
+
+    " Vim Highlighting
+    call <SID>X("Normal", s:foreground, s:background, "")
+    call <SID>X("LineNr", s:comment, "", "")
+    call <SID>X("NonText", s:selection, "", "")
+    call <SID>X("SpecialKey", s:selection, "", "")
+    call <SID>X("Search", s:background, s:yellow, "")
+    call <SID>X("TabLine", s:window, s:foreground, "reverse")
+    call <SID>X("TabLineFill", s:window, s:foreground, "reverse")
+    call <SID>X("StatusLine", s:window, s:yellow, "reverse")
+    call <SID>X("StatusLineNC", s:window, s:foreground, "reverse")
+    call <SID>X("VertSplit", s:window, s:window, "none")
+    call <SID>X("Visual", "", s:selection, "")
+    call <SID>X("Directory", s:blue, "", "")
+    call <SID>X("ModeMsg", s:green, "", "")
+    call <SID>X("MoreMsg", s:green, "", "")
+    call <SID>X("Question", s:green, "", "")
+    call <SID>X("WarningMsg", s:orange, "", "bold")
+    call <SID>X("MatchParen", "", s:selection, "")
+    call <SID>X("Folded", s:comment, s:background, "")
+    call <SID>X("FoldColumn", "", s:background, "")
+    if version >= 700
+        call <SID>X("CursorLine", "", s:line, "none")
+        call <SID>X("CursorLineNR", s:orange, "", "none")
+        call <SID>X("CursorColumn", "", s:line, "none")
+        call <SID>X("PMenu", s:foreground, s:selection, "none")
+        call <SID>X("PMenuSel", s:foreground, s:selection, "reverse")
+        call <SID>X("SignColumn", "", s:background, "none")
+    end
+    if version >= 703
+        call <SID>X("ColorColumn", "", s:line, "none")
+    end
+
+    " Standard Highlighting
+    call <SID>X("Comment", s:comment, "", "")
+    call <SID>X("Todo", s:red, s:background, "bold")
+    call <SID>X("Title", s:comment, "", "bold")
+    call <SID>X("Identifier", s:orange, "", "")
+    call <SID>X("Statement", s:wine, "", "")
+    call <SID>X("Conditional", s:wine, "", "")
+    call <SID>X("Repeat", s:wine, "", "")
+    call <SID>X("Structure", s:wine, "", "")
+    call <SID>X("Function", s:orange, "", "")
+    call <SID>X("Constant", s:purple, "", "")
+    call <SID>X("Keyword", s:orange, "", "")
+    call <SID>X("String", s:yellow, "", "")
+    call <SID>X("Special", s:blue, "", "")
+    call <SID>X("PreProc", s:green, "", "")
+    call <SID>X("Operator", s:purple, "", "")
+    call <SID>X("Type", s:blue, "", "")
+    call <SID>X("Define", s:wine, "", "")
+    call <SID>X("Include", s:wine, "", "")
+    call <SID>X("Tag", s:orange, "", "bold")
+    call <SID>X("Underlined", s:orange, "", "underline")
+
+    syntax match commonOperator "\(+\|=\|-\|*\|\^\|\/\||\)"
+    hi link commonOperator Operator
+
+    " Vim Highlighting
+    call <SID>X("vimCommand", s:wine, "", "none")
+
+    " C Highlighting
+    call <SID>X("cType", s:wine, "", "")
+    call <SID>X("cStorageClass", s:orange, "", "")
+    call <SID>X("cConditional", s:wine, "", "")
+    call <SID>X("cRepeat", s:wine, "", "")
+
+    " PHP Highlighting
+    call <SID>X("phpVarSelector", s:wine, "", "")
+    call <SID>X("phpKeyword", s:wine, "", "")
+    call <SID>X("phpRepeat", s:wine, "", "")
+    call <SID>X("phpConditional", s:wine, "", "")
+    call <SID>X("phpStatement", s:wine, "", "")
+    call <SID>X("phpMemberSelector", s:foreground, "", "")
+
+    " Ruby Highlighting
+    call <SID>X("rubySymbol", s:blue, "", "")
+    call <SID>X("rubyConstant", s:green, "", "")
+    call <SID>X("rubyAccess", s:yellow, "", "")
+    call <SID>X("rubyAttribute", s:blue, "", "")
+    call <SID>X("rubyInclude", s:blue, "", "")
+    call <SID>X("rubyLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("rubyCurlyBlock", s:orange, "", "")
+    call <SID>X("rubyStringDelimiter", s:yellow, "", "")
+    call <SID>X("rubyInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("rubyConditional", s:wine, "", "")
+    call <SID>X("rubyRepeat", s:wine, "", "")
+    call <SID>X("rubyControl", s:wine, "", "")
+    call <SID>X("rubyException", s:wine, "", "")
+
+    " Crystal Highlighting
+    call <SID>X("crystalSymbol", s:green, "", "")
+    call <SID>X("crystalConstant", s:yellow, "", "")
+    call <SID>X("crystalAccess", s:yellow, "", "")
+    call <SID>X("crystalAttribute", s:blue, "", "")
+    call <SID>X("crystalInclude", s:blue, "", "")
+    call <SID>X("crystalLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("crystalCurlyBlock", s:orange, "", "")
+    call <SID>X("crystalStringDelimiter", s:green, "", "")
+    call <SID>X("crystalInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("crystalConditional", s:wine, "", "")
+    call <SID>X("crystalRepeat", s:wine, "", "")
+    call <SID>X("crystalControl", s:wine, "", "")
+    call <SID>X("crystalException", s:wine, "", "")
+
+    " Python Highlighting
+    call <SID>X("pythonInclude", s:green, "", "italic")
+    call <SID>X("pythonStatement", s:blue, "", "")
+    call <SID>X("pythonConditional", s:wine, "", "")
+    call <SID>X("pythonRepeat", s:wine, "", "")
+    call <SID>X("pythonException", s:wine, "", "")
+    call <SID>X("pythonFunction", s:green, "", "italic")
+    call <SID>X("pythonPreCondit", s:wine, "", "")
+    call <SID>X("pythonExClass", s:orange, "", "")
+    call <SID>X("pythonBuiltin", s:blue, "", "")
+    call <SID>X("pythonOperator", s:wine, "", "")
+    call <SID>X("pythonNumber", s:purple, "", "")
+    call <SID>X("pythonString", s:yellow, "", "")
+    call <SID>X("pythonRawString", s:yellow, "", "")
+    call <SID>X("pythonDecorator", s:wine, "", "")
+    call <SID>X("pythonDoctest", s:yellow, "", "")
+    call <SID>X("pythonImportFunction", s:orange, "", "")
+    call <SID>X("pythonImportModule", s:orange, "", "")
+    call <SID>X("pythonImportObject", s:orange, "", "")
+    call <SID>X("pythonImportedClassDef", s:orange, "", "")
+    call <SID>X("pythonImportedFuncDef", s:orange, "", "")
+    call <SID>X("pythonImportedModule", s:orange, "", "")
+    call <SID>X("pythonImportedObject", s:orange, "", "")
+
+    " JavaScript Highlighting
+    call <SID>X("javaScriptEndColons", s:foreground, "", "")
+    call <SID>X("javaScriptOpSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptLogicSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptBraces", s:foreground, "", "")
+    call <SID>X("javaScriptParens", s:foreground, "", "")
+    call <SID>X("javaScriptFunction", s:green, "", "")
+    call <SID>X("javaScriptComment", s:comment, "", "")
+    call <SID>X("javaScriptLineComment", s:comment, "", "")
+    call <SID>X("javaScriptDocComment", s:comment, "", "")
+    call <SID>X("javaScriptCommentTodo", s:red, "", "")
+    call <SID>X("javaScriptString", s:yellow, "", "")
+    call <SID>X("javaScriptRegexpString", s:yellow, "", "")
+    call <SID>X("javaScriptTemplateString", s:yellow, "", "")
+    call <SID>X("javaScriptNumber", s:purple, "", "")
+    call <SID>X("javaScriptFloat", s:purple, "", "")
+    call <SID>X("javaScriptGlobal", s:purple, "", "")
+    call <SID>X("javaScriptCharacter", s:blue, "", "")
+    call <SID>X("javaScriptPrototype", s:blue, "", "")
+    call <SID>X("javaScriptConditional", s:blue, "", "")
+    call <SID>X("javaScriptBranch", s:blue, "", "")
+    call <SID>X("javaScriptIdentifier", s:orange, "", "")
+    call <SID>X("javaScriptRepeat", s:blue, "", "")
+    call <SID>X("javaScriptStatement", s:blue, "", "")
+    call <SID>X("javaScriptMessage", s:blue, "", "")
+    call <SID>X("javaScriptReserved", s:blue, "", "")
+    call <SID>X("javaScriptOperator", s:blue, "", "")
+    call <SID>X("javaScriptNull", s:purple, "", "")
+    call <SID>X("javaScriptBoolean", s:purple, "", "")
+    call <SID>X("javaScriptLabel", s:blue, "", "")
+    call <SID>X("javaScriptSpecial", s:blue, "", "")
+    call <SID>X("javaScriptExceptions", s:red, "", "")
+    call <SID>X("javaScriptDeprecated", s:red, "", "")
+    call <SID>X("javaScriptError", s:red, "", "")
+
+    " LaTeX
+    call <SID>X("texStatement",s:blue, "", "")
+    call <SID>X("texMath", s:wine, "", "none")
+    call <SID>X("texMathMacher", s:yellow, "", "none")
+    call <SID>X("texRefLabel", s:wine, "", "none")
+    call <SID>X("texRefZone", s:blue, "", "none")
+    call <SID>X("texComment", s:comment, "", "none")
+    call <SID>X("texDelimiter", s:purple, "", "none")
+    call <SID>X("texMathZoneX", s:purple, "", "none")
+
+    " CoffeeScript Highlighting
+    call <SID>X("coffeeRepeat", s:wine, "", "")
+    call <SID>X("coffeeConditional", s:wine, "", "")
+    call <SID>X("coffeeKeyword", s:wine, "", "")
+    call <SID>X("coffeeObject", s:yellow, "", "")
+
+    " HTML Highlighting
+    call <SID>X("htmlTag", s:blue, "", "")
+    call <SID>X("htmlEndTag", s:blue, "", "")
+    call <SID>X("htmlTagName", s:wine, "", "bold")
+    call <SID>X("htmlArg", s:green, "", "italic")
+    call <SID>X("htmlScriptTag", s:wine, "", "")
+
+    " Diff Highlighting
+    call <SID>X("diffAdd", "", "4c4e39", "")
+    call <SID>X("diffDelete", s:background, s:red, "")
+    call <SID>X("diffChange", "", "2B5B77", "")
+    call <SID>X("diffText", s:line, s:blue, "")
+
+    " ShowMarks Highlighting
+    call <SID>X("ShowMarksHLl", s:orange, s:background, "none")
+    call <SID>X("ShowMarksHLo", s:wine, s:background, "none")
+    call <SID>X("ShowMarksHLu", s:yellow, s:background, "none")
+    call <SID>X("ShowMarksHLm", s:wine, s:background, "none")
+
+    " Lua Highlighting
+    call <SID>X("luaStatement", s:wine, "", "")
+    call <SID>X("luaRepeat", s:wine, "", "")
+    call <SID>X("luaCondStart", s:wine, "", "")
+    call <SID>X("luaCondElseif", s:wine, "", "")
+    call <SID>X("luaCond", s:wine, "", "")
+    call <SID>X("luaCondEnd", s:wine, "", "")
+
+    " Cucumber Highlighting
+    call <SID>X("cucumberGiven", s:blue, "", "")
+    call <SID>X("cucumberGivenAnd", s:blue, "", "")
+
+    " Go Highlighting
+    call <SID>X("goDirective", s:wine, "", "")
+    call <SID>X("goDeclaration", s:wine, "", "")
+    call <SID>X("goStatement", s:wine, "", "")
+    call <SID>X("goConditional", s:wine, "", "")
+    call <SID>X("goConstants", s:orange, "", "")
+    call <SID>X("goTodo", s:red, "", "")
+    call <SID>X("goDeclType", s:blue, "", "")
+    call <SID>X("goBuiltins", s:wine, "", "")
+    call <SID>X("goRepeat", s:wine, "", "")
+    call <SID>X("goLabel", s:wine, "", "")
+
+    " Clojure Highlighting
+    call <SID>X("clojureConstant", s:orange, "", "")
+    call <SID>X("clojureBoolean", s:orange, "", "")
+    call <SID>X("clojureCharacter", s:orange, "", "")
+    call <SID>X("clojureKeyword", s:green, "", "")
+    call <SID>X("clojureNumber", s:orange, "", "")
+    call <SID>X("clojureString", s:green, "", "")
+    call <SID>X("clojureRegexp", s:green, "", "")
+    call <SID>X("clojureParen", s:wine, "", "")
+    call <SID>X("clojureVariable", s:yellow, "", "")
+    call <SID>X("clojureCond", s:blue, "", "")
+    call <SID>X("clojureDefine", s:wine, "", "")
+    call <SID>X("clojureException", s:red, "", "")
+    call <SID>X("clojureFunc", s:blue, "", "")
+    call <SID>X("clojureMacro", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureSpecial", s:wine, "", "")
+    call <SID>X("clojureQuote", s:blue, "", "")
+    call <SID>X("clojureUnquote", s:blue, "", "")
+    call <SID>X("clojureMeta", s:blue, "", "")
+    call <SID>X("clojureDeref", s:blue, "", "")
+    call <SID>X("clojureAnonArg", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureDispatch", s:blue, "", "")
+
+    " Scala Highlighting
+    call <SID>X("scalaKeyword", s:wine, "", "")
+    call <SID>X("scalaKeywordModifier", s:wine, "", "")
+    call <SID>X("scalaOperator", s:blue, "", "")
+    call <SID>X("scalaPackage", s:wine, "", "")
+    call <SID>X("scalaFqn", s:foreground, "", "")
+    call <SID>X("scalaFqnSet", s:foreground, "", "")
+    call <SID>X("scalaImport", s:wine, "", "")
+    call <SID>X("scalaBoolean", s:orange, "", "")
+    call <SID>X("scalaDef", s:wine, "", "")
+    call <SID>X("scalaVal", s:wine, "", "")
+    call <SID>X("scalaVar", s:wine, "", "")
+    call <SID>X("scalaClass", s:wine, "", "")
+    call <SID>X("scalaObject", s:wine, "", "")
+    call <SID>X("scalaTrait", s:wine, "", "")
+    call <SID>X("scalaDefName", s:blue, "", "")
+    call <SID>X("scalaValName", s:foreground, "", "")
+    call <SID>X("scalaVarName", s:foreground, "", "")
+    call <SID>X("scalaClassName", s:foreground, "", "")
+    call <SID>X("scalaType", s:yellow, "", "")
+    call <SID>X("scalaTypeSpecializer", s:yellow, "", "")
+    call <SID>X("scalaAnnotation", s:orange, "", "")
+    call <SID>X("scalaNumber", s:orange, "", "")
+    call <SID>X("scalaDefSpecializer", s:yellow, "", "")
+    call <SID>X("scalaClassSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:green, "", "")
+    call <SID>X("scalaRoot", s:foreground, "", "")
+    call <SID>X("scalaMethodCall", s:blue, "", "")
+    call <SID>X("scalaCaseType", s:yellow, "", "")
+    call <SID>X("scalaLineComment", s:comment, "", "")
+    call <SID>X("scalaComment", s:comment, "", "")
+    call <SID>X("scalaDocComment", s:comment, "", "")
+    call <SID>X("scalaDocTags", s:comment, "", "")
+    call <SID>X("scalaEmptyString", s:green, "", "")
+    call <SID>X("scalaMultiLineString", s:green, "", "")
+    call <SID>X("scalaUnicode", s:orange, "", "")
+    call <SID>X("scalaString", s:green, "", "")
+    call <SID>X("scalaStringEscape", s:green, "", "")
+    call <SID>X("scalaSymbol", s:orange, "", "")
+    call <SID>X("scalaChar", s:orange, "", "")
+    call <SID>X("scalaXml", s:green, "", "")
+    call <SID>X("scalaConstructorSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:blue, "", "")
+
+    " Git
+    call <SID>X("diffAdded", s:green, "", "")
+    call <SID>X("diffRemoved", s:red, "", "")
+    call <SID>X("gitcommitSummary", "", "", "bold")
+
+    " Delete Functions
+    delf <SID>X
+    delf <SID>rgb
+    delf <SID>colour
+    delf <SID>rgb_colour
+    delf <SID>rgb_level
+    delf <SID>rgb_number
+    delf <SID>grey_colour
+    delf <SID>grey_level
+    delf <SID>grey_number
+endif

files/homedirs/root/.vim/colors/ayu.vim

@@ -0,0 +1,268 @@
+" Initialisation:"{{{
+" ----------------------------------------------------------------------------
+hi clear
+if exists("syntax_on")
+  syntax reset
+endif
+
+let s:style = get(g:, 'ayucolor', 'dark')
+let g:colors_name = "ayu"
+"}}}
+
+" Palettes:"{{{
+" ----------------------------------------------------------------------------
+
+let s:palette = {}
+
+let s:palette.bg        = {'dark': "#0F1419",  'light': "#FAFAFA",  'mirage': "#212733"}
+
+let s:palette.comment   = {'dark': "#5C6773",  'light': "#ABB0B6",  'mirage': "#5C6773"}
+let s:palette.markup    = {'dark': "#F07178",  'light': "#F07178",  'mirage': "#F07178"}
+let s:palette.constant  = {'dark': "#FFEE99",  'light': "#A37ACC",  'mirage': "#D4BFFF"}
+let s:palette.operator  = {'dark': "#E7C547",  'light': "#E7C547",  'mirage': "#80D4FF"}
+let s:palette.tag       = {'dark': "#36A3D9",  'light': "#36A3D9",  'mirage': "#5CCFE6"}
+let s:palette.regexp    = {'dark': "#95E6CB",  'light': "#4CBF99",  'mirage': "#95E6CB"}
+let s:palette.string    = {'dark': "#B8CC52",  'light': "#86B300",  'mirage': "#BBE67E"}
+let s:palette.function  = {'dark': "#FFB454",  'light': "#F29718",  'mirage': "#FFD57F"}
+let s:palette.special   = {'dark': "#E6B673",  'light': "#E6B673",  'mirage': "#FFC44C"}
+let s:palette.keyword   = {'dark': "#FF7733",  'light': "#FF7733",  'mirage': "#FFAE57"}
+
+let s:palette.error     = {'dark': "#FF3333",  'light': "#FF3333",  'mirage': "#FF3333"}
+let s:palette.accent    = {'dark': "#F29718",  'light': "#FF6A00",  'mirage': "#FFCC66"}
+let s:palette.panel     = {'dark': "#14191F",  'light': "#FFFFFF",  'mirage': "#272D38"}
+let s:palette.guide     = {'dark': "#2D3640",  'light': "#D9D8D7",  'mirage': "#3D4751"}
+let s:palette.line      = {'dark': "#151A1E",  'light': "#F3F3F3",  'mirage': "#242B38"}
+let s:palette.selection = {'dark': "#253340",  'light': "#F0EEE4",  'mirage': "#343F4C"}
+let s:palette.fg        = {'dark': "#E6E1CF",  'light': "#5C6773",  'mirage': "#D9D7CE"}
+let s:palette.fg_idle   = {'dark': "#3E4B59",  'light': "#828C99",  'mirage': "#607080"}
+
+"}}}
+
+" Highlighting Primitives:"{{{
+" ----------------------------------------------------------------------------
+
+function! s:build_prim(hi_elem, field)
+  let l:vname = "s:" . a:hi_elem . "_" . a:field " s:bg_gray
+  let l:gui_assign = "gui".a:hi_elem."=".s:palette[a:field][s:style] " guibg=...
+  exe "let " . l:vname . " = ' " . l:gui_assign . "'"
+endfunction
+
+let s:bg_none = ' guibg=NONE ctermbg=NONE'
+let s:fg_none = ' guifg=NONE ctermfg=NONE'
+for [key_name, d_value] in items(s:palette)
+  call s:build_prim('bg', key_name)
+  call s:build_prim('fg', key_name)
+endfor
+" }}}
+
+" Formatting Options:"{{{
+" ----------------------------------------------------------------------------
+let s:none   = "NONE"
+let s:t_none = "NONE"
+let s:n      = "NONE"
+let s:c      = ",undercurl"
+let s:r      = ",reverse"
+let s:s      = ",standout"
+let s:b      = ",bold"
+let s:u      = ",underline"
+let s:i      = ",italic"
+
+exe "let s:fmt_none = ' gui=NONE".          " cterm=NONE".          " term=NONE"        ."'"
+exe "let s:fmt_bold = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_bldi = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_undr = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_undb = ' gui=NONE".s:u.s:b.  " cterm=NONE".s:u.s:b.  " term=NONE".s:u.s:b."'"
+exe "let s:fmt_undi = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_curl = ' gui=NONE".s:c.      " cterm=NONE".s:c.      " term=NONE".s:c    ."'"
+exe "let s:fmt_ital = ' gui=NONE".s:i.      " cterm=NONE".s:i.      " term=NONE".s:i    ."'"
+exe "let s:fmt_stnd = ' gui=NONE".s:s.      " cterm=NONE".s:s.      " term=NONE".s:s    ."'"
+exe "let s:fmt_revr = ' gui=NONE".s:r.      " cterm=NONE".s:r.      " term=NONE".s:r    ."'"
+exe "let s:fmt_revb = ' gui=NONE".s:r.s:b.  " cterm=NONE".s:r.s:b.  " term=NONE".s:r.s:b."'"
+"}}}
+
+
+" Vim Highlighting: (see :help highlight-groups)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Normal"        .s:fg_fg          .s:bg_bg          .s:fmt_none
+exe "hi! ColorColumn"   .s:fg_none        .s:bg_line        .s:fmt_none
+" Conceal, Cursor, CursorIM
+exe "hi! CursorColumn"  .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLine"    .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLineNr"  .s:fg_accent      .s:bg_line        .s:fmt_none
+exe "hi! LineNr"        .s:fg_guide       .s:bg_none        .s:fmt_none
+
+exe "hi! Directory"     .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! DiffAdd"       .s:fg_string      .s:bg_panel       .s:fmt_none
+exe "hi! DiffChange"    .s:fg_tag         .s:bg_panel       .s:fmt_none
+exe "hi! DiffText"      .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! ErrorMsg"      .s:fg_fg          .s:bg_error       .s:fmt_stnd
+exe "hi! VertSplit"     .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Folded"        .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! FoldColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+exe "hi! SignColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+"   Incsearch"
+
+exe "hi! MatchParen"    .s:fg_fg          .s:bg_bg          .s:fmt_undr
+exe "hi! ModeMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! MoreMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! NonText"       .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Pmenu"         .s:fg_fg          .s:bg_selection   .s:fmt_none
+exe "hi! PmenuSel"      .s:fg_fg          .s:bg_selection   .s:fmt_revr
+"   PmenuSbar"
+"   PmenuThumb"
+exe "hi! Question"      .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! Search"        .s:fg_bg          .s:bg_constant    .s:fmt_none
+exe "hi! SpecialKey"    .s:fg_selection   .s:bg_none        .s:fmt_none
+exe "hi! SpellCap"      .s:fg_tag         .s:bg_none        .s:fmt_undr
+exe "hi! SpellLocal"    .s:fg_keyword     .s:bg_none        .s:fmt_undr
+exe "hi! SpellBad"      .s:fg_error       .s:bg_none        .s:fmt_undr
+exe "hi! SpellRare"     .s:fg_regexp      .s:bg_none        .s:fmt_undr
+exe "hi! StatusLine"    .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! StatusLineNC"  .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! WildMenu"      .s:fg_bg          .s:bg_markup      .s:fmt_none
+exe "hi! TabLine"       .s:fg_fg          .s:bg_panel       .s:fmt_revr
+"   TabLineFill"
+"   TabLineSel"
+exe "hi! Title"         .s:fg_keyword     .s:bg_none        .s:fmt_none
+exe "hi! Visual"        .s:fg_none        .s:bg_selection   .s:fmt_none
+"   VisualNos"
+exe "hi! WarningMsg"    .s:fg_error       .s:bg_none        .s:fmt_none
+
+" TODO LongLineWarning to use variables instead of hardcoding
+hi LongLineWarning  guifg=NONE        guibg=#371F1C     gui=underline ctermfg=NONE        ctermbg=NONE        cterm=underline
+"   WildMenu"
+
+"}}}
+
+" Generic Syntax Highlighting: (see :help group-name)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Comment"         .s:fg_comment   .s:bg_none        .s:fmt_none
+
+exe "hi! Constant"        .s:fg_constant  .s:bg_none        .s:fmt_none
+exe "hi! String"          .s:fg_string    .s:bg_none        .s:fmt_none
+"   Character"
+"   Number"
+"   Boolean"
+"   Float"
+
+exe "hi! Identifier"      .s:fg_tag       .s:bg_none        .s:fmt_none
+exe "hi! Function"        .s:fg_function  .s:bg_none        .s:fmt_none
+
+exe "hi! Statement"       .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   Conditional"
+"   Repeat"
+"   Label"
+exe "hi! Operator"        .s:fg_operator  .s:bg_none        .s:fmt_none
+"   Keyword"
+"   Exception"
+
+exe "hi! PreProc"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   Include"
+"   Define"
+"   Macro"
+"   PreCondit"
+
+exe "hi! Type"            .s:fg_tag       .s:bg_none        .s:fmt_none
+"   StorageClass"
+exe "hi! Structure"       .s:fg_special   .s:bg_none        .s:fmt_none
+"   Typedef"
+
+exe "hi! Special"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   SpecialChar"
+"   Tag"
+"   Delimiter"
+"   SpecialComment"
+"   Debug"
+"
+exe "hi! Underlined"      .s:fg_tag       .s:bg_none        .s:fmt_undr
+
+exe "hi! Ignore"          .s:fg_none      .s:bg_none        .s:fmt_none
+
+exe "hi! Error"           .s:fg_fg        .s:bg_error       .s:fmt_none
+
+exe "hi! Todo"            .s:fg_markup    .s:bg_none        .s:fmt_none
+
+" Quickfix window highlighting
+exe "hi! qfLineNr"        .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   qfFileName"
+"   qfLineNr"
+"   qfError"
+
+exe "hi! Conceal"         .s:fg_guide     .s:bg_none        .s:fmt_none
+exe "hi! CursorLineConceal" .s:fg_guide   .s:bg_line        .s:fmt_none
+
+
+" Terminal in NVIM
+" ---------
+if has("nvim")
+  let g:terminal_color_0 =  s:palette.bg[s:style]
+  let g:terminal_color_1 =  s:palette.markup[s:style]
+  let g:terminal_color_2 =  s:palette.string[s:style]
+  let g:terminal_color_3 =  s:palette.accent[s:style]
+  let g:terminal_color_4 =  s:palette.tag[s:style]
+  let g:terminal_color_5 =  s:palette.constant[s:style]
+  let g:terminal_color_6 =  s:palette.regexp[s:style]
+  let g:terminal_color_7 =  "#FFFFFF"
+  let g:terminal_color_8 =  s:palette.fg_idle[s:style]
+  let g:terminal_color_9 =  s:palette.error[s:style]
+  let g:terminal_color_10 = s:palette.string[s:style]
+  let g:terminal_color_11 = s:palette.accent[s:style]
+  let g:terminal_color_12 = s:palette.tag[s:style]
+  let g:terminal_color_13 = s:palette.constant[s:style]
+  let g:terminal_color_14 = s:palette.regexp[s:style]
+  let g:terminal_color_15 = s:palette.comment[s:style]
+  let g:terminal_color_background = g:terminal_color_0
+  let g:terminal_color_foreground = s:palette.fg[s:style]
+endif
+
+
+" NerdTree
+" ---------
+exe "hi! NERDTreeOpenable"          .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeClosable"          .s:fg_accent      .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksHeader"   .s:fg_pink        .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksLeader"   .s:fg_bg          .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarkName"      .s:fg_keyword     .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeCWD"               .s:fg_pink        .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeUp"                .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDir"               .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeFile"              .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDirSlash"          .s:fg_guide      .s:bg_none        .s:fmt_none
+
+
+" GitGutter
+" ---------
+exe "hi! GitGutterAdd"          .s:fg_string     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChange"       .s:fg_tag        .s:bg_none        .s:fmt_none
+exe "hi! GitGutterDelete"       .s:fg_markup     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChangeDelete" .s:fg_function   .s:bg_none        .s:fmt_none
+
+"}}}
+
+" Diff Syntax Highlighting:"{{{
+" ----------------------------------------------------------------------------
+" Diff
+"   diffOldFile
+"   diffNewFile
+"   diffFile
+"   diffOnly
+"   diffIdentical
+"   diffDiffer
+"   diffBDiffer
+"   diffIsA
+"   diffNoEOL
+"   diffCommon
+hi! link diffRemoved Constant
+"   diffChanged
+hi! link diffAdded String
+"   diffLine
+"   diffSubname
+"   diffComment
+
+"}}}
+"
+" This is needed for some reason: {{{
+
+let &background = s:style
+
+" }}}

files/homedirs/root/.vim/colors/molokai.vim

@@ -0,0 +1,276 @@
+" Vim color file
+"
+" Author: Tomas Restrepo <tomas@winterdom.com>
+" https://github.com/tomasr/molokai
+"
+" Note: Based on the Monokai theme for TextMate
+" by Wimer Hazenberg and its darker variant
+" by Hamish Stuart Macpherson
+"
+
+hi clear
+
+if version > 580
+    " no guarantees for version 5.8 and below, but this makes it stop
+    " complaining
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+let g:colors_name="molokai"
+
+if exists("g:molokai_original")
+    let s:molokai_original = g:molokai_original
+else
+    let s:molokai_original = 0
+endif
+
+
+hi Boolean         guifg=#AE81FF
+hi Character       guifg=#E6DB74
+hi Number          guifg=#AE81FF
+hi String          guifg=#E6DB74
+hi Conditional     guifg=#F92672               gui=bold
+hi Constant        guifg=#AE81FF               gui=bold
+hi Cursor          guifg=#000000 guibg=#F8F8F0
+hi iCursor         guifg=#000000 guibg=#F8F8F0
+hi Debug           guifg=#BCA3A3               gui=bold
+hi Define          guifg=#66D9EF
+hi Delimiter       guifg=#8F8F8F
+hi DiffAdd                       guibg=#13354A
+hi DiffChange      guifg=#89807D guibg=#4C4745
+hi DiffDelete      guifg=#960050 guibg=#1E0010
+hi DiffText                      guibg=#4C4745 gui=italic,bold
+
+hi Directory       guifg=#A6E22E               gui=bold
+hi Error           guifg=#E6DB74 guibg=#1E0010
+hi ErrorMsg        guifg=#F92672 guibg=#232526 gui=bold
+hi Exception       guifg=#A6E22E               gui=bold
+hi Float           guifg=#AE81FF
+hi FoldColumn      guifg=#465457 guibg=#000000
+hi Folded          guifg=#465457 guibg=#000000
+hi Function        guifg=#A6E22E
+hi Identifier      guifg=#FD971F
+hi Ignore          guifg=#808080 guibg=bg
+hi IncSearch       guifg=#C4BE89 guibg=#000000
+
+hi Keyword         guifg=#F92672               gui=bold
+hi Label           guifg=#E6DB74               gui=none
+hi Macro           guifg=#C4BE89               gui=italic
+hi SpecialKey      guifg=#66D9EF               gui=italic
+
+hi MatchParen      guifg=#000000 guibg=#FD971F gui=bold
+hi ModeMsg         guifg=#E6DB74
+hi MoreMsg         guifg=#E6DB74
+hi Operator        guifg=#F92672
+
+" complete menu
+hi Pmenu           guifg=#66D9EF guibg=#000000
+hi PmenuSel                      guibg=#808080
+hi PmenuSbar                     guibg=#080808
+hi PmenuThumb      guifg=#66D9EF
+
+hi PreCondit       guifg=#A6E22E               gui=bold
+hi PreProc         guifg=#A6E22E
+hi Question        guifg=#66D9EF
+hi Repeat          guifg=#F92672               gui=bold
+hi Search          guifg=#000000 guibg=#FFE792
+" marks
+hi SignColumn      guifg=#A6E22E guibg=#232526
+hi SpecialChar     guifg=#F92672               gui=bold
+hi SpecialComment  guifg=#7E8E91               gui=bold
+hi Special         guifg=#66D9EF guibg=bg      gui=italic
+if has("spell")
+    hi SpellBad    guisp=#FF0000 gui=undercurl
+    hi SpellCap    guisp=#7070F0 gui=undercurl
+    hi SpellLocal  guisp=#70F0F0 gui=undercurl
+    hi SpellRare   guisp=#FFFFFF gui=undercurl
+endif
+hi Statement       guifg=#F92672               gui=bold
+hi StatusLine      guifg=#455354 guibg=fg
+hi StatusLineNC    guifg=#808080 guibg=#080808
+hi StorageClass    guifg=#FD971F               gui=italic
+hi Structure       guifg=#66D9EF
+hi Tag             guifg=#F92672               gui=italic
+hi Title           guifg=#ef5939
+hi Todo            guifg=#FFFFFF guibg=bg      gui=bold
+
+hi Typedef         guifg=#66D9EF
+hi Type            guifg=#66D9EF               gui=none
+hi Underlined      guifg=#808080               gui=underline
+
+hi VertSplit       guifg=#808080 guibg=#080808 gui=bold
+hi VisualNOS                     guibg=#403D3D
+hi Visual                        guibg=#403D3D
+hi WarningMsg      guifg=#FFFFFF guibg=#333333 gui=bold
+hi WildMenu        guifg=#66D9EF guibg=#000000
+
+hi TabLineFill     guifg=#1B1D1E guibg=#1B1D1E
+hi TabLine         guibg=#1B1D1E guifg=#808080 gui=none
+
+if s:molokai_original == 1
+   hi Normal          guifg=#F8F8F2 guibg=#272822
+   hi Comment         guifg=#75715E
+   hi CursorLine                    guibg=#3E3D32
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#3E3D32
+   hi ColorColumn                   guibg=#3B3A32
+   hi LineNr          guifg=#BCBCBC guibg=#3B3A32
+   hi NonText         guifg=#75715E
+   hi SpecialKey      guifg=#75715E
+else
+   hi Normal          guifg=#F8F8F2 guibg=#1B1D1E
+   hi Comment         guifg=#7E8E91
+   hi CursorLine                    guibg=#293739
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#293739
+   hi ColorColumn                   guibg=#232526
+   hi LineNr          guifg=#465457 guibg=#232526
+   hi NonText         guifg=#465457
+   hi SpecialKey      guifg=#465457
+end
+
+"
+" Support for 256-color terminal
+"
+if &t_Co > 255
+   if s:molokai_original == 1
+      hi Normal                   ctermbg=234
+      hi CursorLine               ctermbg=235   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   else
+      hi Normal       ctermfg=252 ctermbg=233
+      hi CursorLine               ctermbg=234   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   endif
+   hi Boolean         ctermfg=135
+   hi Character       ctermfg=144
+   hi Number          ctermfg=135
+   hi String          ctermfg=144
+   hi Conditional     ctermfg=161               cterm=bold
+   hi Constant        ctermfg=135               cterm=bold
+   hi Cursor          ctermfg=16  ctermbg=253
+   hi Debug           ctermfg=225               cterm=bold
+   hi Define          ctermfg=81
+   hi Delimiter       ctermfg=241
+
+   hi DiffAdd                     ctermbg=24
+   hi DiffChange      ctermfg=181 ctermbg=239
+   hi DiffDelete      ctermfg=162 ctermbg=53
+   hi DiffText                    ctermbg=102 cterm=bold
+
+   hi Directory       ctermfg=118               cterm=bold
+   hi Error           ctermfg=219 ctermbg=89
+   hi ErrorMsg        ctermfg=199 ctermbg=16    cterm=bold
+   hi Exception       ctermfg=118               cterm=bold
+   hi Float           ctermfg=135
+   hi FoldColumn      ctermfg=67  ctermbg=16
+   hi Folded          ctermfg=67  ctermbg=16
+   hi Function        ctermfg=118
+   hi Identifier      ctermfg=208               cterm=none
+   hi Ignore          ctermfg=244 ctermbg=232
+   hi IncSearch       ctermfg=193 ctermbg=16
+
+   hi keyword         ctermfg=161               cterm=bold
+   hi Label           ctermfg=229               cterm=none
+   hi Macro           ctermfg=193
+   hi SpecialKey      ctermfg=81
+
+   hi MatchParen      ctermfg=233  ctermbg=208 cterm=bold
+   hi ModeMsg         ctermfg=229
+   hi MoreMsg         ctermfg=229
+   hi Operator        ctermfg=161
+
+   " complete menu
+   hi Pmenu           ctermfg=81  ctermbg=16
+   hi PmenuSel        ctermfg=255 ctermbg=242
+   hi PmenuSbar                   ctermbg=232
+   hi PmenuThumb      ctermfg=81
+
+   hi PreCondit       ctermfg=118               cterm=bold
+   hi PreProc         ctermfg=118
+   hi Question        ctermfg=81
+   hi Repeat          ctermfg=161               cterm=bold
+   hi Search          ctermfg=0   ctermbg=222   cterm=NONE
+
+   " marks column
+   hi SignColumn      ctermfg=118 ctermbg=235
+   hi SpecialChar     ctermfg=161               cterm=bold
+   hi SpecialComment  ctermfg=245               cterm=bold
+   hi Special         ctermfg=81
+   if has("spell")
+       hi SpellBad                ctermbg=52
+       hi SpellCap                ctermbg=17
+       hi SpellLocal              ctermbg=17
+       hi SpellRare  ctermfg=none ctermbg=none  cterm=reverse
+   endif
+   hi Statement       ctermfg=161               cterm=bold
+   hi StatusLine      ctermfg=238 ctermbg=253
+   hi StatusLineNC    ctermfg=244 ctermbg=232
+   hi StorageClass    ctermfg=208
+   hi Structure       ctermfg=81
+   hi Tag             ctermfg=161
+   hi Title           ctermfg=166
+   hi Todo            ctermfg=231 ctermbg=232   cterm=bold
+
+   hi Typedef         ctermfg=81
+   hi Type            ctermfg=81                cterm=none
+   hi Underlined      ctermfg=244               cterm=underline
+
+   hi VertSplit       ctermfg=244 ctermbg=232   cterm=bold
+   hi VisualNOS                   ctermbg=238
+   hi Visual                      ctermbg=235
+   hi WarningMsg      ctermfg=231 ctermbg=238   cterm=bold
+   hi WildMenu        ctermfg=81  ctermbg=16
+
+   hi Comment         ctermfg=59
+   hi CursorColumn                ctermbg=236
+   hi ColorColumn                 ctermbg=236
+   hi LineNr          ctermfg=250 ctermbg=236
+   hi NonText         ctermfg=59
+
+   hi SpecialKey      ctermfg=59
+
+   if exists("g:rehash256") && g:rehash256 == 1
+       hi Normal       ctermfg=252 ctermbg=234
+       hi CursorLine               ctermbg=236   cterm=none
+       hi CursorLineNr ctermfg=208               cterm=none
+
+       hi Boolean         ctermfg=141
+       hi Character       ctermfg=222
+       hi Number          ctermfg=141
+       hi String          ctermfg=222
+       hi Conditional     ctermfg=197               cterm=bold
+       hi Constant        ctermfg=141               cterm=bold
+
+       hi DiffDelete      ctermfg=125 ctermbg=233
+
+       hi Directory       ctermfg=154               cterm=bold
+       hi Error           ctermfg=222 ctermbg=233
+       hi Exception       ctermfg=154               cterm=bold
+       hi Float           ctermfg=141
+       hi Function        ctermfg=154
+       hi Identifier      ctermfg=208
+
+       hi Keyword         ctermfg=197               cterm=bold
+       hi Operator        ctermfg=197
+       hi PreCondit       ctermfg=154               cterm=bold
+       hi PreProc         ctermfg=154
+       hi Repeat          ctermfg=197               cterm=bold
+
+       hi Statement       ctermfg=197               cterm=bold
+       hi Tag             ctermfg=197
+       hi Title           ctermfg=203
+       hi Visual                      ctermbg=238
+
+       hi Comment         ctermfg=244
+       hi LineNr          ctermfg=239 ctermbg=235
+       hi NonText         ctermfg=239
+       hi SpecialKey      ctermfg=239
+   endif
+end
+
+" Must be at the end, because of ctermbg=234 bug.
+" https://groups.google.com/forum/#!msg/vim_dev/afPqwAFNdrU/nqh6tOM87QUJ
+set background=dark

files/homedirs/root/.vim/colors/solarized8_dark.vim

@@ -0,0 +1,4 @@
+let s:dir = expand('<sfile>:p:h').(!exists("+shellslash") || &shellslash ? '/' : '\')
+set background=dark
+execute "source" s:dir."solarized8.vim"
+unlet s:dir

files/homedirs/root/_bashrc

@@ -0,0 +1,75 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
+# ... or force ignoredups and ignorespace
+export HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
+# umask 022
+#export PS1='\h:\w \$ '
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+export PS1='${__hostname}:\w \$ '
+umask 022
+
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -al'
+alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+#alias rm='rm -i'
+#alias cp='cp -i'
+#alias mv='mv -i'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+
+alias poweroff='echo -e "\n\tplease use:  /sbin/poweroff\n"'
+alias reboot='echo -e "\n\tplease use:  /sbin/reboot\n"'
+
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+
+export EDITOR=vim
+
+export LINES=64
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/root/_profile

@@ -0,0 +1,25 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+   PATH="$HOME/bin:$PATH"
+fi
+if [ -d "$HOME/bin/admin-stuff" ] ; then
+   PATH="$HOME/bin/admin-stuff:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [[ -f /usr/share/mc/bin/mc.sh ]]; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+mesg n

files/homedirs/root/_vimrc

@@ -0,0 +1,178 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+"set noexpandtab
+set expandtab
+set shiftwidth=3
+set tabstop=3
+set softtabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+"set number
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+
+colorscheme PaperColor

files/homedirs/sysadm/.vim/.netrwhist

@@ -0,0 +1,11 @@
+let g:netrw_dirhistmax  =10
+let g:netrw_dirhist_cnt =9
+let g:netrw_dirhist_1='/home/chris/devel/git/git.oopen.de/script/bash/snippets'
+let g:netrw_dirhist_2='/home/chris/O.OPEN/Kunden/Anwaltsbuero-Kottbusser_Damm/carsten/ThinkPad_L380'
+let g:netrw_dirhist_3='/home/chris/devel/git/git.oopen.de/ansible/mbr-bln/group_vars/all'
+let g:netrw_dirhist_4='/home/chris/O.OPEN/Kunden/Gemeinschaft Altenschlirf/Intranet/VPN/VPN-GA-NH-chris'
+let g:netrw_dirhist_5='/home/chris/devel/git/git.oopen.de/firewall/ipt-server'
+let g:netrw_dirhist_6='/home/chris/devel/git/git.oopen.de/firewall/ipt-server/conf'
+let g:netrw_dirhist_7='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/group_vars'
+let g:netrw_dirhist_8='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies'
+let g:netrw_dirhist_9='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies/tasks'

files/homedirs/sysadm/.vim/colors/afterglow.vim

@@ -0,0 +1,547 @@
+" File: afterglow.vim
+" Author: Danilo Augusto <daniloaugusto.ita16@gmail.com>
+" Date: 2017-02-27
+" Vim color file - Afterglow (monokai version)
+"
+" Hex color conversion functions borrowed from the theme 'Desert256'
+
+set background=dark
+if version > 580
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+
+let g:colors_name = "afterglow"
+
+" Default GUI Colours
+let s:foreground = "d6d6d6"
+let s:background = "1a1a1a"
+let s:selection = "5a647e"
+let s:line = "393939"
+let s:comment = "797979"
+let s:red = "ac4142"
+let s:orange = "e87d3e"
+let s:yellow = "e5b567"
+let s:green = "b4c973"
+let s:blue = "6c99bb"
+let s:wine = "b05279"
+let s:purple = "9e86c8"
+let s:window = "4d5057"
+
+if has("gui_running") || &t_Co == 88 || &t_Co == 256
+    " Returns an approximate grey index for the given grey level
+    fun <SID>grey_number(x)
+        if &t_Co == 88
+            if a:x < 23
+                return 0
+            elseif a:x < 69
+                return 1
+            elseif a:x < 103
+                return 2
+            elseif a:x < 127
+                return 3
+            elseif a:x < 150
+                return 4
+            elseif a:x < 173
+                return 5
+            elseif a:x < 196
+                return 6
+            elseif a:x < 219
+                return 7
+            elseif a:x < 243
+                return 8
+            else
+                return 9
+            endif
+        else
+            if a:x < 14
+                return 0
+            else
+                let l:n = (a:x - 8) / 10
+                let l:m = (a:x - 8) % 10
+                if l:m < 5
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual grey level represented by the grey index
+    fun <SID>grey_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 46
+            elseif a:n == 2
+                return 92
+            elseif a:n == 3
+                return 115
+            elseif a:n == 4
+                return 139
+            elseif a:n == 5
+                return 162
+            elseif a:n == 6
+                return 185
+            elseif a:n == 7
+                return 208
+            elseif a:n == 8
+                return 231
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 8 + (a:n * 10)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given grey index
+    fun <SID>grey_colour(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 16
+            elseif a:n == 9
+                return 79
+            else
+                return 79 + a:n
+            endif
+        else
+            if a:n == 0
+                return 16
+            elseif a:n == 25
+                return 231
+            else
+                return 231 + a:n
+            endif
+        endif
+    endfun
+
+    " Returns an approximate colour index for the given colour level
+    fun <SID>rgb_number(x)
+        if &t_Co == 88
+            if a:x < 69
+                return 0
+            elseif a:x < 172
+                return 1
+            elseif a:x < 230
+                return 2
+            else
+                return 3
+            endif
+        else
+            if a:x < 75
+                return 0
+            else
+                let l:n = (a:x - 55) / 40
+                let l:m = (a:x - 55) % 40
+                if l:m < 20
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual colour level for the given colour index
+    fun <SID>rgb_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 139
+            elseif a:n == 2
+                return 205
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 55 + (a:n * 40)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given R/G/B colour indices
+    fun <SID>rgb_colour(x, y, z)
+        if &t_Co == 88
+            return 16 + (a:x * 16) + (a:y * 4) + a:z
+        else
+            return 16 + (a:x * 36) + (a:y * 6) + a:z
+        endif
+    endfun
+
+    " Returns the palette index to approximate the given R/G/B colour levels
+    fun <SID>colour(r, g, b)
+        " Get the closest grey
+        let l:gx = <SID>grey_number(a:r)
+        let l:gy = <SID>grey_number(a:g)
+        let l:gz = <SID>grey_number(a:b)
+
+        " Get the closest colour
+        let l:x = <SID>rgb_number(a:r)
+        let l:y = <SID>rgb_number(a:g)
+        let l:z = <SID>rgb_number(a:b)
+
+        if l:gx == l:gy && l:gy == l:gz
+            " There are two possibilities
+            let l:dgr = <SID>grey_level(l:gx) - a:r
+            let l:dgg = <SID>grey_level(l:gy) - a:g
+            let l:dgb = <SID>grey_level(l:gz) - a:b
+            let l:dgrey = (l:dgr * l:dgr) + (l:dgg * l:dgg) + (l:dgb * l:dgb)
+            let l:dr = <SID>rgb_level(l:gx) - a:r
+            let l:dg = <SID>rgb_level(l:gy) - a:g
+            let l:db = <SID>rgb_level(l:gz) - a:b
+            let l:drgb = (l:dr * l:dr) + (l:dg * l:dg) + (l:db * l:db)
+            if l:dgrey < l:drgb
+                " Use the grey
+                return <SID>grey_colour(l:gx)
+            else
+                " Use the colour
+                return <SID>rgb_colour(l:x, l:y, l:z)
+            endif
+        else
+            " Only one possibility
+            return <SID>rgb_colour(l:x, l:y, l:z)
+        endif
+    endfun
+
+    " Returns the palette index to approximate the 'rrggbb' hex string
+    fun <SID>rgb(rgb)
+        let l:r = ("0x" . strpart(a:rgb, 0, 2)) + 0
+        let l:g = ("0x" . strpart(a:rgb, 2, 2)) + 0
+        let l:b = ("0x" . strpart(a:rgb, 4, 2)) + 0
+
+        return <SID>colour(l:r, l:g, l:b)
+    endfun
+
+    " Sets the highlighting for the given group
+    fun <SID>X(group, fg, bg, attr)
+        if a:fg != ""
+            exec "hi " . a:group . " guifg=#" . a:fg . " ctermfg=" . <SID>rgb(a:fg)
+        endif
+        if a:bg != ""
+            exec "hi " . a:group . " guibg=#" . a:bg . " ctermbg=" . <SID>rgb(a:bg)
+        endif
+        if a:attr != ""
+            exec "hi " . a:group . " gui=" . a:attr . " cterm=" . a:attr
+        endif
+    endfun
+
+    " Vim Highlighting
+    call <SID>X("Normal", s:foreground, s:background, "")
+    call <SID>X("LineNr", s:comment, "", "")
+    call <SID>X("NonText", s:selection, "", "")
+    call <SID>X("SpecialKey", s:selection, "", "")
+    call <SID>X("Search", s:background, s:yellow, "")
+    call <SID>X("TabLine", s:window, s:foreground, "reverse")
+    call <SID>X("TabLineFill", s:window, s:foreground, "reverse")
+    call <SID>X("StatusLine", s:window, s:yellow, "reverse")
+    call <SID>X("StatusLineNC", s:window, s:foreground, "reverse")
+    call <SID>X("VertSplit", s:window, s:window, "none")
+    call <SID>X("Visual", "", s:selection, "")
+    call <SID>X("Directory", s:blue, "", "")
+    call <SID>X("ModeMsg", s:green, "", "")
+    call <SID>X("MoreMsg", s:green, "", "")
+    call <SID>X("Question", s:green, "", "")
+    call <SID>X("WarningMsg", s:orange, "", "bold")
+    call <SID>X("MatchParen", "", s:selection, "")
+    call <SID>X("Folded", s:comment, s:background, "")
+    call <SID>X("FoldColumn", "", s:background, "")
+    if version >= 700
+        call <SID>X("CursorLine", "", s:line, "none")
+        call <SID>X("CursorLineNR", s:orange, "", "none")
+        call <SID>X("CursorColumn", "", s:line, "none")
+        call <SID>X("PMenu", s:foreground, s:selection, "none")
+        call <SID>X("PMenuSel", s:foreground, s:selection, "reverse")
+        call <SID>X("SignColumn", "", s:background, "none")
+    end
+    if version >= 703
+        call <SID>X("ColorColumn", "", s:line, "none")
+    end
+
+    " Standard Highlighting
+    call <SID>X("Comment", s:comment, "", "")
+    call <SID>X("Todo", s:red, s:background, "bold")
+    call <SID>X("Title", s:comment, "", "bold")
+    call <SID>X("Identifier", s:orange, "", "")
+    call <SID>X("Statement", s:wine, "", "")
+    call <SID>X("Conditional", s:wine, "", "")
+    call <SID>X("Repeat", s:wine, "", "")
+    call <SID>X("Structure", s:wine, "", "")
+    call <SID>X("Function", s:orange, "", "")
+    call <SID>X("Constant", s:purple, "", "")
+    call <SID>X("Keyword", s:orange, "", "")
+    call <SID>X("String", s:yellow, "", "")
+    call <SID>X("Special", s:blue, "", "")
+    call <SID>X("PreProc", s:green, "", "")
+    call <SID>X("Operator", s:purple, "", "")
+    call <SID>X("Type", s:blue, "", "")
+    call <SID>X("Define", s:wine, "", "")
+    call <SID>X("Include", s:wine, "", "")
+    call <SID>X("Tag", s:orange, "", "bold")
+    call <SID>X("Underlined", s:orange, "", "underline")
+
+    syntax match commonOperator "\(+\|=\|-\|*\|\^\|\/\||\)"
+    hi link commonOperator Operator
+
+    " Vim Highlighting
+    call <SID>X("vimCommand", s:wine, "", "none")
+
+    " C Highlighting
+    call <SID>X("cType", s:wine, "", "")
+    call <SID>X("cStorageClass", s:orange, "", "")
+    call <SID>X("cConditional", s:wine, "", "")
+    call <SID>X("cRepeat", s:wine, "", "")
+
+    " PHP Highlighting
+    call <SID>X("phpVarSelector", s:wine, "", "")
+    call <SID>X("phpKeyword", s:wine, "", "")
+    call <SID>X("phpRepeat", s:wine, "", "")
+    call <SID>X("phpConditional", s:wine, "", "")
+    call <SID>X("phpStatement", s:wine, "", "")
+    call <SID>X("phpMemberSelector", s:foreground, "", "")
+
+    " Ruby Highlighting
+    call <SID>X("rubySymbol", s:blue, "", "")
+    call <SID>X("rubyConstant", s:green, "", "")
+    call <SID>X("rubyAccess", s:yellow, "", "")
+    call <SID>X("rubyAttribute", s:blue, "", "")
+    call <SID>X("rubyInclude", s:blue, "", "")
+    call <SID>X("rubyLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("rubyCurlyBlock", s:orange, "", "")
+    call <SID>X("rubyStringDelimiter", s:yellow, "", "")
+    call <SID>X("rubyInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("rubyConditional", s:wine, "", "")
+    call <SID>X("rubyRepeat", s:wine, "", "")
+    call <SID>X("rubyControl", s:wine, "", "")
+    call <SID>X("rubyException", s:wine, "", "")
+
+    " Crystal Highlighting
+    call <SID>X("crystalSymbol", s:green, "", "")
+    call <SID>X("crystalConstant", s:yellow, "", "")
+    call <SID>X("crystalAccess", s:yellow, "", "")
+    call <SID>X("crystalAttribute", s:blue, "", "")
+    call <SID>X("crystalInclude", s:blue, "", "")
+    call <SID>X("crystalLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("crystalCurlyBlock", s:orange, "", "")
+    call <SID>X("crystalStringDelimiter", s:green, "", "")
+    call <SID>X("crystalInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("crystalConditional", s:wine, "", "")
+    call <SID>X("crystalRepeat", s:wine, "", "")
+    call <SID>X("crystalControl", s:wine, "", "")
+    call <SID>X("crystalException", s:wine, "", "")
+
+    " Python Highlighting
+    call <SID>X("pythonInclude", s:green, "", "italic")
+    call <SID>X("pythonStatement", s:blue, "", "")
+    call <SID>X("pythonConditional", s:wine, "", "")
+    call <SID>X("pythonRepeat", s:wine, "", "")
+    call <SID>X("pythonException", s:wine, "", "")
+    call <SID>X("pythonFunction", s:green, "", "italic")
+    call <SID>X("pythonPreCondit", s:wine, "", "")
+    call <SID>X("pythonExClass", s:orange, "", "")
+    call <SID>X("pythonBuiltin", s:blue, "", "")
+    call <SID>X("pythonOperator", s:wine, "", "")
+    call <SID>X("pythonNumber", s:purple, "", "")
+    call <SID>X("pythonString", s:yellow, "", "")
+    call <SID>X("pythonRawString", s:yellow, "", "")
+    call <SID>X("pythonDecorator", s:wine, "", "")
+    call <SID>X("pythonDoctest", s:yellow, "", "")
+    call <SID>X("pythonImportFunction", s:orange, "", "")
+    call <SID>X("pythonImportModule", s:orange, "", "")
+    call <SID>X("pythonImportObject", s:orange, "", "")
+    call <SID>X("pythonImportedClassDef", s:orange, "", "")
+    call <SID>X("pythonImportedFuncDef", s:orange, "", "")
+    call <SID>X("pythonImportedModule", s:orange, "", "")
+    call <SID>X("pythonImportedObject", s:orange, "", "")
+
+    " JavaScript Highlighting
+    call <SID>X("javaScriptEndColons", s:foreground, "", "")
+    call <SID>X("javaScriptOpSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptLogicSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptBraces", s:foreground, "", "")
+    call <SID>X("javaScriptParens", s:foreground, "", "")
+    call <SID>X("javaScriptFunction", s:green, "", "")
+    call <SID>X("javaScriptComment", s:comment, "", "")
+    call <SID>X("javaScriptLineComment", s:comment, "", "")
+    call <SID>X("javaScriptDocComment", s:comment, "", "")
+    call <SID>X("javaScriptCommentTodo", s:red, "", "")
+    call <SID>X("javaScriptString", s:yellow, "", "")
+    call <SID>X("javaScriptRegexpString", s:yellow, "", "")
+    call <SID>X("javaScriptTemplateString", s:yellow, "", "")
+    call <SID>X("javaScriptNumber", s:purple, "", "")
+    call <SID>X("javaScriptFloat", s:purple, "", "")
+    call <SID>X("javaScriptGlobal", s:purple, "", "")
+    call <SID>X("javaScriptCharacter", s:blue, "", "")
+    call <SID>X("javaScriptPrototype", s:blue, "", "")
+    call <SID>X("javaScriptConditional", s:blue, "", "")
+    call <SID>X("javaScriptBranch", s:blue, "", "")
+    call <SID>X("javaScriptIdentifier", s:orange, "", "")
+    call <SID>X("javaScriptRepeat", s:blue, "", "")
+    call <SID>X("javaScriptStatement", s:blue, "", "")
+    call <SID>X("javaScriptMessage", s:blue, "", "")
+    call <SID>X("javaScriptReserved", s:blue, "", "")
+    call <SID>X("javaScriptOperator", s:blue, "", "")
+    call <SID>X("javaScriptNull", s:purple, "", "")
+    call <SID>X("javaScriptBoolean", s:purple, "", "")
+    call <SID>X("javaScriptLabel", s:blue, "", "")
+    call <SID>X("javaScriptSpecial", s:blue, "", "")
+    call <SID>X("javaScriptExceptions", s:red, "", "")
+    call <SID>X("javaScriptDeprecated", s:red, "", "")
+    call <SID>X("javaScriptError", s:red, "", "")
+
+    " LaTeX
+    call <SID>X("texStatement",s:blue, "", "")
+    call <SID>X("texMath", s:wine, "", "none")
+    call <SID>X("texMathMacher", s:yellow, "", "none")
+    call <SID>X("texRefLabel", s:wine, "", "none")
+    call <SID>X("texRefZone", s:blue, "", "none")
+    call <SID>X("texComment", s:comment, "", "none")
+    call <SID>X("texDelimiter", s:purple, "", "none")
+    call <SID>X("texMathZoneX", s:purple, "", "none")
+
+    " CoffeeScript Highlighting
+    call <SID>X("coffeeRepeat", s:wine, "", "")
+    call <SID>X("coffeeConditional", s:wine, "", "")
+    call <SID>X("coffeeKeyword", s:wine, "", "")
+    call <SID>X("coffeeObject", s:yellow, "", "")
+
+    " HTML Highlighting
+    call <SID>X("htmlTag", s:blue, "", "")
+    call <SID>X("htmlEndTag", s:blue, "", "")
+    call <SID>X("htmlTagName", s:wine, "", "bold")
+    call <SID>X("htmlArg", s:green, "", "italic")
+    call <SID>X("htmlScriptTag", s:wine, "", "")
+
+    " Diff Highlighting
+    call <SID>X("diffAdd", "", "4c4e39", "")
+    call <SID>X("diffDelete", s:background, s:red, "")
+    call <SID>X("diffChange", "", "2B5B77", "")
+    call <SID>X("diffText", s:line, s:blue, "")
+
+    " ShowMarks Highlighting
+    call <SID>X("ShowMarksHLl", s:orange, s:background, "none")
+    call <SID>X("ShowMarksHLo", s:wine, s:background, "none")
+    call <SID>X("ShowMarksHLu", s:yellow, s:background, "none")
+    call <SID>X("ShowMarksHLm", s:wine, s:background, "none")
+
+    " Lua Highlighting
+    call <SID>X("luaStatement", s:wine, "", "")
+    call <SID>X("luaRepeat", s:wine, "", "")
+    call <SID>X("luaCondStart", s:wine, "", "")
+    call <SID>X("luaCondElseif", s:wine, "", "")
+    call <SID>X("luaCond", s:wine, "", "")
+    call <SID>X("luaCondEnd", s:wine, "", "")
+
+    " Cucumber Highlighting
+    call <SID>X("cucumberGiven", s:blue, "", "")
+    call <SID>X("cucumberGivenAnd", s:blue, "", "")
+
+    " Go Highlighting
+    call <SID>X("goDirective", s:wine, "", "")
+    call <SID>X("goDeclaration", s:wine, "", "")
+    call <SID>X("goStatement", s:wine, "", "")
+    call <SID>X("goConditional", s:wine, "", "")
+    call <SID>X("goConstants", s:orange, "", "")
+    call <SID>X("goTodo", s:red, "", "")
+    call <SID>X("goDeclType", s:blue, "", "")
+    call <SID>X("goBuiltins", s:wine, "", "")
+    call <SID>X("goRepeat", s:wine, "", "")
+    call <SID>X("goLabel", s:wine, "", "")
+
+    " Clojure Highlighting
+    call <SID>X("clojureConstant", s:orange, "", "")
+    call <SID>X("clojureBoolean", s:orange, "", "")
+    call <SID>X("clojureCharacter", s:orange, "", "")
+    call <SID>X("clojureKeyword", s:green, "", "")
+    call <SID>X("clojureNumber", s:orange, "", "")
+    call <SID>X("clojureString", s:green, "", "")
+    call <SID>X("clojureRegexp", s:green, "", "")
+    call <SID>X("clojureParen", s:wine, "", "")
+    call <SID>X("clojureVariable", s:yellow, "", "")
+    call <SID>X("clojureCond", s:blue, "", "")
+    call <SID>X("clojureDefine", s:wine, "", "")
+    call <SID>X("clojureException", s:red, "", "")
+    call <SID>X("clojureFunc", s:blue, "", "")
+    call <SID>X("clojureMacro", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureSpecial", s:wine, "", "")
+    call <SID>X("clojureQuote", s:blue, "", "")
+    call <SID>X("clojureUnquote", s:blue, "", "")
+    call <SID>X("clojureMeta", s:blue, "", "")
+    call <SID>X("clojureDeref", s:blue, "", "")
+    call <SID>X("clojureAnonArg", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureDispatch", s:blue, "", "")
+
+    " Scala Highlighting
+    call <SID>X("scalaKeyword", s:wine, "", "")
+    call <SID>X("scalaKeywordModifier", s:wine, "", "")
+    call <SID>X("scalaOperator", s:blue, "", "")
+    call <SID>X("scalaPackage", s:wine, "", "")
+    call <SID>X("scalaFqn", s:foreground, "", "")
+    call <SID>X("scalaFqnSet", s:foreground, "", "")
+    call <SID>X("scalaImport", s:wine, "", "")
+    call <SID>X("scalaBoolean", s:orange, "", "")
+    call <SID>X("scalaDef", s:wine, "", "")
+    call <SID>X("scalaVal", s:wine, "", "")
+    call <SID>X("scalaVar", s:wine, "", "")
+    call <SID>X("scalaClass", s:wine, "", "")
+    call <SID>X("scalaObject", s:wine, "", "")
+    call <SID>X("scalaTrait", s:wine, "", "")
+    call <SID>X("scalaDefName", s:blue, "", "")
+    call <SID>X("scalaValName", s:foreground, "", "")
+    call <SID>X("scalaVarName", s:foreground, "", "")
+    call <SID>X("scalaClassName", s:foreground, "", "")
+    call <SID>X("scalaType", s:yellow, "", "")
+    call <SID>X("scalaTypeSpecializer", s:yellow, "", "")
+    call <SID>X("scalaAnnotation", s:orange, "", "")
+    call <SID>X("scalaNumber", s:orange, "", "")
+    call <SID>X("scalaDefSpecializer", s:yellow, "", "")
+    call <SID>X("scalaClassSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:green, "", "")
+    call <SID>X("scalaRoot", s:foreground, "", "")
+    call <SID>X("scalaMethodCall", s:blue, "", "")
+    call <SID>X("scalaCaseType", s:yellow, "", "")
+    call <SID>X("scalaLineComment", s:comment, "", "")
+    call <SID>X("scalaComment", s:comment, "", "")
+    call <SID>X("scalaDocComment", s:comment, "", "")
+    call <SID>X("scalaDocTags", s:comment, "", "")
+    call <SID>X("scalaEmptyString", s:green, "", "")
+    call <SID>X("scalaMultiLineString", s:green, "", "")
+    call <SID>X("scalaUnicode", s:orange, "", "")
+    call <SID>X("scalaString", s:green, "", "")
+    call <SID>X("scalaStringEscape", s:green, "", "")
+    call <SID>X("scalaSymbol", s:orange, "", "")
+    call <SID>X("scalaChar", s:orange, "", "")
+    call <SID>X("scalaXml", s:green, "", "")
+    call <SID>X("scalaConstructorSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:blue, "", "")
+
+    " Git
+    call <SID>X("diffAdded", s:green, "", "")
+    call <SID>X("diffRemoved", s:red, "", "")
+    call <SID>X("gitcommitSummary", "", "", "bold")
+
+    " Delete Functions
+    delf <SID>X
+    delf <SID>rgb
+    delf <SID>colour
+    delf <SID>rgb_colour
+    delf <SID>rgb_level
+    delf <SID>rgb_number
+    delf <SID>grey_colour
+    delf <SID>grey_level
+    delf <SID>grey_number
+endif

files/homedirs/sysadm/.vim/colors/ayu.vim

@@ -0,0 +1,268 @@
+" Initialisation:"{{{
+" ----------------------------------------------------------------------------
+hi clear
+if exists("syntax_on")
+  syntax reset
+endif
+
+let s:style = get(g:, 'ayucolor', 'dark')
+let g:colors_name = "ayu"
+"}}}
+
+" Palettes:"{{{
+" ----------------------------------------------------------------------------
+
+let s:palette = {}
+
+let s:palette.bg        = {'dark': "#0F1419",  'light': "#FAFAFA",  'mirage': "#212733"}
+
+let s:palette.comment   = {'dark': "#5C6773",  'light': "#ABB0B6",  'mirage': "#5C6773"}
+let s:palette.markup    = {'dark': "#F07178",  'light': "#F07178",  'mirage': "#F07178"}
+let s:palette.constant  = {'dark': "#FFEE99",  'light': "#A37ACC",  'mirage': "#D4BFFF"}
+let s:palette.operator  = {'dark': "#E7C547",  'light': "#E7C547",  'mirage': "#80D4FF"}
+let s:palette.tag       = {'dark': "#36A3D9",  'light': "#36A3D9",  'mirage': "#5CCFE6"}
+let s:palette.regexp    = {'dark': "#95E6CB",  'light': "#4CBF99",  'mirage': "#95E6CB"}
+let s:palette.string    = {'dark': "#B8CC52",  'light': "#86B300",  'mirage': "#BBE67E"}
+let s:palette.function  = {'dark': "#FFB454",  'light': "#F29718",  'mirage': "#FFD57F"}
+let s:palette.special   = {'dark': "#E6B673",  'light': "#E6B673",  'mirage': "#FFC44C"}
+let s:palette.keyword   = {'dark': "#FF7733",  'light': "#FF7733",  'mirage': "#FFAE57"}
+
+let s:palette.error     = {'dark': "#FF3333",  'light': "#FF3333",  'mirage': "#FF3333"}
+let s:palette.accent    = {'dark': "#F29718",  'light': "#FF6A00",  'mirage': "#FFCC66"}
+let s:palette.panel     = {'dark': "#14191F",  'light': "#FFFFFF",  'mirage': "#272D38"}
+let s:palette.guide     = {'dark': "#2D3640",  'light': "#D9D8D7",  'mirage': "#3D4751"}
+let s:palette.line      = {'dark': "#151A1E",  'light': "#F3F3F3",  'mirage': "#242B38"}
+let s:palette.selection = {'dark': "#253340",  'light': "#F0EEE4",  'mirage': "#343F4C"}
+let s:palette.fg        = {'dark': "#E6E1CF",  'light': "#5C6773",  'mirage': "#D9D7CE"}
+let s:palette.fg_idle   = {'dark': "#3E4B59",  'light': "#828C99",  'mirage': "#607080"}
+
+"}}}
+
+" Highlighting Primitives:"{{{
+" ----------------------------------------------------------------------------
+
+function! s:build_prim(hi_elem, field)
+  let l:vname = "s:" . a:hi_elem . "_" . a:field " s:bg_gray
+  let l:gui_assign = "gui".a:hi_elem."=".s:palette[a:field][s:style] " guibg=...
+  exe "let " . l:vname . " = ' " . l:gui_assign . "'"
+endfunction
+
+let s:bg_none = ' guibg=NONE ctermbg=NONE'
+let s:fg_none = ' guifg=NONE ctermfg=NONE'
+for [key_name, d_value] in items(s:palette)
+  call s:build_prim('bg', key_name)
+  call s:build_prim('fg', key_name)
+endfor
+" }}}
+
+" Formatting Options:"{{{
+" ----------------------------------------------------------------------------
+let s:none   = "NONE"
+let s:t_none = "NONE"
+let s:n      = "NONE"
+let s:c      = ",undercurl"
+let s:r      = ",reverse"
+let s:s      = ",standout"
+let s:b      = ",bold"
+let s:u      = ",underline"
+let s:i      = ",italic"
+
+exe "let s:fmt_none = ' gui=NONE".          " cterm=NONE".          " term=NONE"        ."'"
+exe "let s:fmt_bold = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_bldi = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_undr = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_undb = ' gui=NONE".s:u.s:b.  " cterm=NONE".s:u.s:b.  " term=NONE".s:u.s:b."'"
+exe "let s:fmt_undi = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_curl = ' gui=NONE".s:c.      " cterm=NONE".s:c.      " term=NONE".s:c    ."'"
+exe "let s:fmt_ital = ' gui=NONE".s:i.      " cterm=NONE".s:i.      " term=NONE".s:i    ."'"
+exe "let s:fmt_stnd = ' gui=NONE".s:s.      " cterm=NONE".s:s.      " term=NONE".s:s    ."'"
+exe "let s:fmt_revr = ' gui=NONE".s:r.      " cterm=NONE".s:r.      " term=NONE".s:r    ."'"
+exe "let s:fmt_revb = ' gui=NONE".s:r.s:b.  " cterm=NONE".s:r.s:b.  " term=NONE".s:r.s:b."'"
+"}}}
+
+
+" Vim Highlighting: (see :help highlight-groups)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Normal"        .s:fg_fg          .s:bg_bg          .s:fmt_none
+exe "hi! ColorColumn"   .s:fg_none        .s:bg_line        .s:fmt_none
+" Conceal, Cursor, CursorIM
+exe "hi! CursorColumn"  .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLine"    .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLineNr"  .s:fg_accent      .s:bg_line        .s:fmt_none
+exe "hi! LineNr"        .s:fg_guide       .s:bg_none        .s:fmt_none
+
+exe "hi! Directory"     .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! DiffAdd"       .s:fg_string      .s:bg_panel       .s:fmt_none
+exe "hi! DiffChange"    .s:fg_tag         .s:bg_panel       .s:fmt_none
+exe "hi! DiffText"      .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! ErrorMsg"      .s:fg_fg          .s:bg_error       .s:fmt_stnd
+exe "hi! VertSplit"     .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Folded"        .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! FoldColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+exe "hi! SignColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+"   Incsearch"
+
+exe "hi! MatchParen"    .s:fg_fg          .s:bg_bg          .s:fmt_undr
+exe "hi! ModeMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! MoreMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! NonText"       .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Pmenu"         .s:fg_fg          .s:bg_selection   .s:fmt_none
+exe "hi! PmenuSel"      .s:fg_fg          .s:bg_selection   .s:fmt_revr
+"   PmenuSbar"
+"   PmenuThumb"
+exe "hi! Question"      .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! Search"        .s:fg_bg          .s:bg_constant    .s:fmt_none
+exe "hi! SpecialKey"    .s:fg_selection   .s:bg_none        .s:fmt_none
+exe "hi! SpellCap"      .s:fg_tag         .s:bg_none        .s:fmt_undr
+exe "hi! SpellLocal"    .s:fg_keyword     .s:bg_none        .s:fmt_undr
+exe "hi! SpellBad"      .s:fg_error       .s:bg_none        .s:fmt_undr
+exe "hi! SpellRare"     .s:fg_regexp      .s:bg_none        .s:fmt_undr
+exe "hi! StatusLine"    .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! StatusLineNC"  .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! WildMenu"      .s:fg_bg          .s:bg_markup      .s:fmt_none
+exe "hi! TabLine"       .s:fg_fg          .s:bg_panel       .s:fmt_revr
+"   TabLineFill"
+"   TabLineSel"
+exe "hi! Title"         .s:fg_keyword     .s:bg_none        .s:fmt_none
+exe "hi! Visual"        .s:fg_none        .s:bg_selection   .s:fmt_none
+"   VisualNos"
+exe "hi! WarningMsg"    .s:fg_error       .s:bg_none        .s:fmt_none
+
+" TODO LongLineWarning to use variables instead of hardcoding
+hi LongLineWarning  guifg=NONE        guibg=#371F1C     gui=underline ctermfg=NONE        ctermbg=NONE        cterm=underline
+"   WildMenu"
+
+"}}}
+
+" Generic Syntax Highlighting: (see :help group-name)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Comment"         .s:fg_comment   .s:bg_none        .s:fmt_none
+
+exe "hi! Constant"        .s:fg_constant  .s:bg_none        .s:fmt_none
+exe "hi! String"          .s:fg_string    .s:bg_none        .s:fmt_none
+"   Character"
+"   Number"
+"   Boolean"
+"   Float"
+
+exe "hi! Identifier"      .s:fg_tag       .s:bg_none        .s:fmt_none
+exe "hi! Function"        .s:fg_function  .s:bg_none        .s:fmt_none
+
+exe "hi! Statement"       .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   Conditional"
+"   Repeat"
+"   Label"
+exe "hi! Operator"        .s:fg_operator  .s:bg_none        .s:fmt_none
+"   Keyword"
+"   Exception"
+
+exe "hi! PreProc"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   Include"
+"   Define"
+"   Macro"
+"   PreCondit"
+
+exe "hi! Type"            .s:fg_tag       .s:bg_none        .s:fmt_none
+"   StorageClass"
+exe "hi! Structure"       .s:fg_special   .s:bg_none        .s:fmt_none
+"   Typedef"
+
+exe "hi! Special"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   SpecialChar"
+"   Tag"
+"   Delimiter"
+"   SpecialComment"
+"   Debug"
+"
+exe "hi! Underlined"      .s:fg_tag       .s:bg_none        .s:fmt_undr
+
+exe "hi! Ignore"          .s:fg_none      .s:bg_none        .s:fmt_none
+
+exe "hi! Error"           .s:fg_fg        .s:bg_error       .s:fmt_none
+
+exe "hi! Todo"            .s:fg_markup    .s:bg_none        .s:fmt_none
+
+" Quickfix window highlighting
+exe "hi! qfLineNr"        .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   qfFileName"
+"   qfLineNr"
+"   qfError"
+
+exe "hi! Conceal"         .s:fg_guide     .s:bg_none        .s:fmt_none
+exe "hi! CursorLineConceal" .s:fg_guide   .s:bg_line        .s:fmt_none
+
+
+" Terminal in NVIM
+" ---------
+if has("nvim")
+  let g:terminal_color_0 =  s:palette.bg[s:style]
+  let g:terminal_color_1 =  s:palette.markup[s:style]
+  let g:terminal_color_2 =  s:palette.string[s:style]
+  let g:terminal_color_3 =  s:palette.accent[s:style]
+  let g:terminal_color_4 =  s:palette.tag[s:style]
+  let g:terminal_color_5 =  s:palette.constant[s:style]
+  let g:terminal_color_6 =  s:palette.regexp[s:style]
+  let g:terminal_color_7 =  "#FFFFFF"
+  let g:terminal_color_8 =  s:palette.fg_idle[s:style]
+  let g:terminal_color_9 =  s:palette.error[s:style]
+  let g:terminal_color_10 = s:palette.string[s:style]
+  let g:terminal_color_11 = s:palette.accent[s:style]
+  let g:terminal_color_12 = s:palette.tag[s:style]
+  let g:terminal_color_13 = s:palette.constant[s:style]
+  let g:terminal_color_14 = s:palette.regexp[s:style]
+  let g:terminal_color_15 = s:palette.comment[s:style]
+  let g:terminal_color_background = g:terminal_color_0
+  let g:terminal_color_foreground = s:palette.fg[s:style]
+endif
+
+
+" NerdTree
+" ---------
+exe "hi! NERDTreeOpenable"          .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeClosable"          .s:fg_accent      .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksHeader"   .s:fg_pink        .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksLeader"   .s:fg_bg          .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarkName"      .s:fg_keyword     .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeCWD"               .s:fg_pink        .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeUp"                .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDir"               .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeFile"              .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDirSlash"          .s:fg_guide      .s:bg_none        .s:fmt_none
+
+
+" GitGutter
+" ---------
+exe "hi! GitGutterAdd"          .s:fg_string     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChange"       .s:fg_tag        .s:bg_none        .s:fmt_none
+exe "hi! GitGutterDelete"       .s:fg_markup     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChangeDelete" .s:fg_function   .s:bg_none        .s:fmt_none
+
+"}}}
+
+" Diff Syntax Highlighting:"{{{
+" ----------------------------------------------------------------------------
+" Diff
+"   diffOldFile
+"   diffNewFile
+"   diffFile
+"   diffOnly
+"   diffIdentical
+"   diffDiffer
+"   diffBDiffer
+"   diffIsA
+"   diffNoEOL
+"   diffCommon
+hi! link diffRemoved Constant
+"   diffChanged
+hi! link diffAdded String
+"   diffLine
+"   diffSubname
+"   diffComment
+
+"}}}
+"
+" This is needed for some reason: {{{
+
+let &background = s:style
+
+" }}}

files/homedirs/sysadm/.vim/colors/molokai.vim

@@ -0,0 +1,276 @@
+" Vim color file
+"
+" Author: Tomas Restrepo <tomas@winterdom.com>
+" https://github.com/tomasr/molokai
+"
+" Note: Based on the Monokai theme for TextMate
+" by Wimer Hazenberg and its darker variant
+" by Hamish Stuart Macpherson
+"
+
+hi clear
+
+if version > 580
+    " no guarantees for version 5.8 and below, but this makes it stop
+    " complaining
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+let g:colors_name="molokai"
+
+if exists("g:molokai_original")
+    let s:molokai_original = g:molokai_original
+else
+    let s:molokai_original = 0
+endif
+
+
+hi Boolean         guifg=#AE81FF
+hi Character       guifg=#E6DB74
+hi Number          guifg=#AE81FF
+hi String          guifg=#E6DB74
+hi Conditional     guifg=#F92672               gui=bold
+hi Constant        guifg=#AE81FF               gui=bold
+hi Cursor          guifg=#000000 guibg=#F8F8F0
+hi iCursor         guifg=#000000 guibg=#F8F8F0
+hi Debug           guifg=#BCA3A3               gui=bold
+hi Define          guifg=#66D9EF
+hi Delimiter       guifg=#8F8F8F
+hi DiffAdd                       guibg=#13354A
+hi DiffChange      guifg=#89807D guibg=#4C4745
+hi DiffDelete      guifg=#960050 guibg=#1E0010
+hi DiffText                      guibg=#4C4745 gui=italic,bold
+
+hi Directory       guifg=#A6E22E               gui=bold
+hi Error           guifg=#E6DB74 guibg=#1E0010
+hi ErrorMsg        guifg=#F92672 guibg=#232526 gui=bold
+hi Exception       guifg=#A6E22E               gui=bold
+hi Float           guifg=#AE81FF
+hi FoldColumn      guifg=#465457 guibg=#000000
+hi Folded          guifg=#465457 guibg=#000000
+hi Function        guifg=#A6E22E
+hi Identifier      guifg=#FD971F
+hi Ignore          guifg=#808080 guibg=bg
+hi IncSearch       guifg=#C4BE89 guibg=#000000
+
+hi Keyword         guifg=#F92672               gui=bold
+hi Label           guifg=#E6DB74               gui=none
+hi Macro           guifg=#C4BE89               gui=italic
+hi SpecialKey      guifg=#66D9EF               gui=italic
+
+hi MatchParen      guifg=#000000 guibg=#FD971F gui=bold
+hi ModeMsg         guifg=#E6DB74
+hi MoreMsg         guifg=#E6DB74
+hi Operator        guifg=#F92672
+
+" complete menu
+hi Pmenu           guifg=#66D9EF guibg=#000000
+hi PmenuSel                      guibg=#808080
+hi PmenuSbar                     guibg=#080808
+hi PmenuThumb      guifg=#66D9EF
+
+hi PreCondit       guifg=#A6E22E               gui=bold
+hi PreProc         guifg=#A6E22E
+hi Question        guifg=#66D9EF
+hi Repeat          guifg=#F92672               gui=bold
+hi Search          guifg=#000000 guibg=#FFE792
+" marks
+hi SignColumn      guifg=#A6E22E guibg=#232526
+hi SpecialChar     guifg=#F92672               gui=bold
+hi SpecialComment  guifg=#7E8E91               gui=bold
+hi Special         guifg=#66D9EF guibg=bg      gui=italic
+if has("spell")
+    hi SpellBad    guisp=#FF0000 gui=undercurl
+    hi SpellCap    guisp=#7070F0 gui=undercurl
+    hi SpellLocal  guisp=#70F0F0 gui=undercurl
+    hi SpellRare   guisp=#FFFFFF gui=undercurl
+endif
+hi Statement       guifg=#F92672               gui=bold
+hi StatusLine      guifg=#455354 guibg=fg
+hi StatusLineNC    guifg=#808080 guibg=#080808
+hi StorageClass    guifg=#FD971F               gui=italic
+hi Structure       guifg=#66D9EF
+hi Tag             guifg=#F92672               gui=italic
+hi Title           guifg=#ef5939
+hi Todo            guifg=#FFFFFF guibg=bg      gui=bold
+
+hi Typedef         guifg=#66D9EF
+hi Type            guifg=#66D9EF               gui=none
+hi Underlined      guifg=#808080               gui=underline
+
+hi VertSplit       guifg=#808080 guibg=#080808 gui=bold
+hi VisualNOS                     guibg=#403D3D
+hi Visual                        guibg=#403D3D
+hi WarningMsg      guifg=#FFFFFF guibg=#333333 gui=bold
+hi WildMenu        guifg=#66D9EF guibg=#000000
+
+hi TabLineFill     guifg=#1B1D1E guibg=#1B1D1E
+hi TabLine         guibg=#1B1D1E guifg=#808080 gui=none
+
+if s:molokai_original == 1
+   hi Normal          guifg=#F8F8F2 guibg=#272822
+   hi Comment         guifg=#75715E
+   hi CursorLine                    guibg=#3E3D32
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#3E3D32
+   hi ColorColumn                   guibg=#3B3A32
+   hi LineNr          guifg=#BCBCBC guibg=#3B3A32
+   hi NonText         guifg=#75715E
+   hi SpecialKey      guifg=#75715E
+else
+   hi Normal          guifg=#F8F8F2 guibg=#1B1D1E
+   hi Comment         guifg=#7E8E91
+   hi CursorLine                    guibg=#293739
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#293739
+   hi ColorColumn                   guibg=#232526
+   hi LineNr          guifg=#465457 guibg=#232526
+   hi NonText         guifg=#465457
+   hi SpecialKey      guifg=#465457
+end
+
+"
+" Support for 256-color terminal
+"
+if &t_Co > 255
+   if s:molokai_original == 1
+      hi Normal                   ctermbg=234
+      hi CursorLine               ctermbg=235   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   else
+      hi Normal       ctermfg=252 ctermbg=233
+      hi CursorLine               ctermbg=234   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   endif
+   hi Boolean         ctermfg=135
+   hi Character       ctermfg=144
+   hi Number          ctermfg=135
+   hi String          ctermfg=144
+   hi Conditional     ctermfg=161               cterm=bold
+   hi Constant        ctermfg=135               cterm=bold
+   hi Cursor          ctermfg=16  ctermbg=253
+   hi Debug           ctermfg=225               cterm=bold
+   hi Define          ctermfg=81
+   hi Delimiter       ctermfg=241
+
+   hi DiffAdd                     ctermbg=24
+   hi DiffChange      ctermfg=181 ctermbg=239
+   hi DiffDelete      ctermfg=162 ctermbg=53
+   hi DiffText                    ctermbg=102 cterm=bold
+
+   hi Directory       ctermfg=118               cterm=bold
+   hi Error           ctermfg=219 ctermbg=89
+   hi ErrorMsg        ctermfg=199 ctermbg=16    cterm=bold
+   hi Exception       ctermfg=118               cterm=bold
+   hi Float           ctermfg=135
+   hi FoldColumn      ctermfg=67  ctermbg=16
+   hi Folded          ctermfg=67  ctermbg=16
+   hi Function        ctermfg=118
+   hi Identifier      ctermfg=208               cterm=none
+   hi Ignore          ctermfg=244 ctermbg=232
+   hi IncSearch       ctermfg=193 ctermbg=16
+
+   hi keyword         ctermfg=161               cterm=bold
+   hi Label           ctermfg=229               cterm=none
+   hi Macro           ctermfg=193
+   hi SpecialKey      ctermfg=81
+
+   hi MatchParen      ctermfg=233  ctermbg=208 cterm=bold
+   hi ModeMsg         ctermfg=229
+   hi MoreMsg         ctermfg=229
+   hi Operator        ctermfg=161
+
+   " complete menu
+   hi Pmenu           ctermfg=81  ctermbg=16
+   hi PmenuSel        ctermfg=255 ctermbg=242
+   hi PmenuSbar                   ctermbg=232
+   hi PmenuThumb      ctermfg=81
+
+   hi PreCondit       ctermfg=118               cterm=bold
+   hi PreProc         ctermfg=118
+   hi Question        ctermfg=81
+   hi Repeat          ctermfg=161               cterm=bold
+   hi Search          ctermfg=0   ctermbg=222   cterm=NONE
+
+   " marks column
+   hi SignColumn      ctermfg=118 ctermbg=235
+   hi SpecialChar     ctermfg=161               cterm=bold
+   hi SpecialComment  ctermfg=245               cterm=bold
+   hi Special         ctermfg=81
+   if has("spell")
+       hi SpellBad                ctermbg=52
+       hi SpellCap                ctermbg=17
+       hi SpellLocal              ctermbg=17
+       hi SpellRare  ctermfg=none ctermbg=none  cterm=reverse
+   endif
+   hi Statement       ctermfg=161               cterm=bold
+   hi StatusLine      ctermfg=238 ctermbg=253
+   hi StatusLineNC    ctermfg=244 ctermbg=232
+   hi StorageClass    ctermfg=208
+   hi Structure       ctermfg=81
+   hi Tag             ctermfg=161
+   hi Title           ctermfg=166
+   hi Todo            ctermfg=231 ctermbg=232   cterm=bold
+
+   hi Typedef         ctermfg=81
+   hi Type            ctermfg=81                cterm=none
+   hi Underlined      ctermfg=244               cterm=underline
+
+   hi VertSplit       ctermfg=244 ctermbg=232   cterm=bold
+   hi VisualNOS                   ctermbg=238
+   hi Visual                      ctermbg=235
+   hi WarningMsg      ctermfg=231 ctermbg=238   cterm=bold
+   hi WildMenu        ctermfg=81  ctermbg=16
+
+   hi Comment         ctermfg=59
+   hi CursorColumn                ctermbg=236
+   hi ColorColumn                 ctermbg=236
+   hi LineNr          ctermfg=250 ctermbg=236
+   hi NonText         ctermfg=59
+
+   hi SpecialKey      ctermfg=59
+
+   if exists("g:rehash256") && g:rehash256 == 1
+       hi Normal       ctermfg=252 ctermbg=234
+       hi CursorLine               ctermbg=236   cterm=none
+       hi CursorLineNr ctermfg=208               cterm=none
+
+       hi Boolean         ctermfg=141
+       hi Character       ctermfg=222
+       hi Number          ctermfg=141
+       hi String          ctermfg=222
+       hi Conditional     ctermfg=197               cterm=bold
+       hi Constant        ctermfg=141               cterm=bold
+
+       hi DiffDelete      ctermfg=125 ctermbg=233
+
+       hi Directory       ctermfg=154               cterm=bold
+       hi Error           ctermfg=222 ctermbg=233
+       hi Exception       ctermfg=154               cterm=bold
+       hi Float           ctermfg=141
+       hi Function        ctermfg=154
+       hi Identifier      ctermfg=208
+
+       hi Keyword         ctermfg=197               cterm=bold
+       hi Operator        ctermfg=197
+       hi PreCondit       ctermfg=154               cterm=bold
+       hi PreProc         ctermfg=154
+       hi Repeat          ctermfg=197               cterm=bold
+
+       hi Statement       ctermfg=197               cterm=bold
+       hi Tag             ctermfg=197
+       hi Title           ctermfg=203
+       hi Visual                      ctermbg=238
+
+       hi Comment         ctermfg=244
+       hi LineNr          ctermfg=239 ctermbg=235
+       hi NonText         ctermfg=239
+       hi SpecialKey      ctermfg=239
+   endif
+end
+
+" Must be at the end, because of ctermbg=234 bug.
+" https://groups.google.com/forum/#!msg/vim_dev/afPqwAFNdrU/nqh6tOM87QUJ
+set background=dark

files/homedirs/sysadm/.vim/colors/solarized8_dark.vim

@@ -0,0 +1,4 @@
+let s:dir = expand('<sfile>:p:h').(!exists("+shellslash") || &shellslash ? '/' : '\')
+set background=dark
+execute "source" s:dir."solarized8.vim"
+unlet s:dir

files/homedirs/sysadm/_bashrc

@@ -0,0 +1,75 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
+# ... or force ignoredups and ignorespace
+export HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
+# umask 022
+#export PS1='\h:\w \$ '
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+export PS1='${__hostname%.*}:\w \$ '
+umask 022
+
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -al'
+alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+#alias rm='rm -i'
+#alias cp='cp -i'
+#alias mv='mv -i'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+
+alias poweroff='echo -e "\n\tplease use:  /sbin/poweroff\n"'
+alias reboot='echo -e "\n\tplease use:  /sbin/reboot\n"'
+
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+
+export EDITOR=vim
+
+export LINES=64
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/sysadm/_profile

@@ -0,0 +1,25 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+   PATH="$HOME/bin:$PATH"
+fi
+if [ -d "$HOME/bin/admin-stuff" ] ; then
+   PATH="$HOME/bin/admin-stuff:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [[ -f /usr/share/mc/bin/mc.sh ]]; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+mesg n

files/homedirs/sysadm/_vimrc

@@ -0,0 +1,178 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+"set noexpandtab
+set expandtab
+set shiftwidth=3
+set tabstop=3
+set softtabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+"set number
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+
+colorscheme PaperColor

host_vars/file-flr.flr.netz.yml

@@ -1,3 +1,24 @@
 ---
 
 ansible_python_interpreter: /usr/bin/python3
+
+# ==========
+# vars used by roles/common/tasks/basic.yml
+# ==========
+
+set_default_limit_nofile: true
+
+# ==========
+# vars used by roles/common/tasks/sshd.yml
+# ==========
+
+sshd_max_auth_tries: 6
+
+sshd_permit_root_login: !!str "yes"
+
+sshd_password_authentication: !!str "yes"
+
+sshd_use_pam: !!str "no"
+
+sshd_print_motd: !!str "yes"
+

hosts

@@ -4,7 +4,7 @@ pcbuero1.flr.netz
 pcbuero2.flr.netz
 pcbuero3.flr.netz
 pcbuero4.flr.netz
-file-flr.flr.netz
+file-flr.flr.netz ansible_user=root
 
 [client_pc]
 pcbuero1.flr.netz
@@ -24,13 +24,17 @@ pcbuero3.flr.netz
 pcbuero4.flr.netz
 
 [file_server]
-file-flr.flr.netz
+file-flr.flr.netz ansible_user=root
 
 [nfs_server]
-file-flr.flr.netz
+file-flr.flr.netz ansible_user=root
 
 [nis_server]
-file-flr.flr.netz
+file-flr.flr.netz ansible_user=root
 
 [samba_server]
-file-flr.flr.netz
+file-flr.flr.netz ansible_user=root
+
+[ftp_server]
+
+[gateway_server]

roles/common/files/USER_HOME/.config/autostart/x11vnc.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Type=Application
+Exec=x11vnc -rfbport 5901 -rfbauth /etc/x11vnc.pass
+Hidden=false
+NoDisplay=false
+X-GNOME-Autostart-enabled=true
+Name[de_DE]=X11VNC User-Service
+Name=X11VNC User-Service
+Comment[de_DE]=
+Comment=

roles/common/files/etc/samba/users.map

@@ -0,0 +1,18 @@
+# ############################################ #
+#          --------------------------          #
+#          ** DO NOT EDIT DIRECTLY **          #
+#          --------------------------          #
+#             Ansible managed file             #
+# ############################################ #
+
+# This file allows you to map usernames from the clients to the server.
+# Unix_name = SMB_name1 SMB_name2 ...
+#
+# See section 'username map' in the manual page of smb.conf for more
+# information.
+#
+# This file is _not_ included in the default configuration as it makes the
+# usage of an user named administrator impossible.
+
+root = admin administrator
+

roles/common/handlers/main.yml

@@ -1,5 +1,16 @@
 ---
 
+
+- name: Update timezone
+  command: dpkg-reconfigure --frontend noninteractive tzdata
+
+- name: Restart ssh
+  service:
+    name: ssh
+    state: restarted
+
+
+
 - name: Renew nis databases
   shell: make -C /var/yp
   when: 
@@ -24,3 +35,41 @@
     name: rpcbind
     daemon_reload: yes
     state: restarted
+
+
+- name: Restart smbd
+  service:
+    name: smbd
+    daemon_reload: yes
+    state: restarted
+
+
+- name: Restart nmbd
+  service:
+    name: nmbd
+    daemon_reload: yes
+    state: restarted
+
+- name: Reload samba config
+  shell: smbcontrol all reload-config
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+
+- name: Restart cups
+  service:
+    name: cups
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart ntp
+  service:
+    name: ntp
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart cups-browsed
+  service:
+    name: cups-browsed
+    daemon_reload: yes
+    state: restarted

roles/common/tasks/apt.yml

@@ -0,0 +1,306 @@
+---
+
+- name: (apt.yml) update configuration file - /etc/apt/sources.list
+  template:
+    src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
+    dest: /etc/apt/sources.list
+    owner: root
+    group: root
+    mode: 0644
+  register: apt_config_updated
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - apt_manage_sources_list|bool
+  tags:
+    - apt-configuration
+
+
+- name: (apt.yml) apt update
+  apt:
+    update_cache: true
+    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
+  when: apt_update|bool
+  tags:
+    - apt-update
+    - apt-upgrade
+    - apt-dpkg-configure
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+
+- name: (apt.yml) dpkg --configure
+  command: >
+    dpkg --configure -a
+  args:
+    warn: false
+  changed_when: _dpkg_configure.stdout_lines | length
+  register: _dpkg_configure
+  when: apt_dpkg_configure|bool
+  tags:
+    - apt-dpkg-configure
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+
+- name: (apt.yml) apt upgrade
+  apt:
+    upgrade: "{{ apt_upgrade_type }}"
+    update_cache: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_upgrade|bool
+  tags:
+    - apt-upgrade
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+
+- name: (apt.yml) Initial install debian packages (stretch)
+  apt:
+    name: "{{ apt_initial_install_stretch }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "9"
+  tags:
+    - apt-initial-install
+
+
+- name: (apt.yml) Initial install debian packages (buster)
+  apt:
+    name: "{{ apt_initial_install_buster }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+  tags:
+    - apt-initial-install
+
+
+- name: (apt.yml) Initial install ubuntu packages (bionic)
+  apt:
+    name: "{{ apt_initial_install_bionic }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+  tags:
+    - apt-initial-install
+
+- name: (apt.yml) Initial install ubuntu packages (xenial)
+  apt:
+    name: "{{ apt_initial_install_xenial }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+  tags:
+    - apt-initial-install
+
+
+# ---
+# Microcode
+# ---
+
+- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}-backports"
+  when:
+    - apt_backports_enable
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "9"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
+  apt:
+    name: "{{ microcode_amd_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}-backports"
+  when:
+    - apt_backports_enable
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "9"
+    - ansible_facts['processor']|string is search("AMD")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster)
+  apt:
+    name: "{{ microcode_amd_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+    - ansible_facts['processor']|string is search("AMD")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic)
+  apt:
+    name: "{{ microcode_amd_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+    - ansible_facts['processor']|string is search("AMD")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial)
+  apt:
+    name: "{{ microcode_amd_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+    - ansible_facts['processor']|string is search("AMD")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+# ---
+# Firmware
+# ---
+
+- name: (apt.yml) Install Firmware packages
+  apt:
+     name: "{{ firmware_non_free_packages }}"
+     state: present
+     default_release: "{{ ansible_distribution_release }}"
+  tags:
+    - apt-initial-install
+    - apt-firmware
+
+
+- name: (apt.yml) Install non-free Firmware packages
+  apt:
+     name: "{{ firmware_non_free_packages }}"
+     state: present
+     default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+  tags:
+    - apt-initial-install
+    - apt-firmware
+
+
+# ---
+# unwanted packages
+# ---
+
+- name: (apt.yml) Remove unwanted packages
+  apt:
+    name: "{{ apt_remove }}"
+    state: absent
+    purge: "{{ apt_remove_purge }}"
+  tags:
+    - apt-remove
+
+- name: (apt.yml) Remove unwanted packages Ubuntu bionic
+  apt:
+    name: "{{ apt_remove_bionic }}"
+    state: absent
+    purge: "{{ apt_remove_purge }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+  tags:
+    - apt-remove
+
+- name: (apt.yml) Remove unwanted packages Ubuntu xenial
+  apt:
+    name: "{{ apt_remove_xenial }}"
+    state: absent
+    purge: "{{ apt_remove_purge }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+  tags:
+    - apt-remove
+
+- name: (apt.yml) autoremove
+  apt:
+    autoremove: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_autoremove|bool
+  tags:
+    - apt-autoremove
+    - apt-initial-install
+    - apt-microcode
+
+- name: (apt.yml) clean
+  command: apt-get -y clean
+  args:
+    warn: false
+  changed_when: false
+  when: apt_clean|bool
+  tags:
+    - apt-clean
+    - apt-initial-install
+    - apt-microcode

roles/common/tasks/basic.yml

@@ -0,0 +1,105 @@
+---
+
+- name: (basic.yml) Ensure timezone is is correct
+  timezone: name={{ time_zone }}
+  tags:
+    - timezone
+
+
+- name: (basic.yml) Ensure locales are present
+  locale_gen:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ locales }}"
+  tags:
+    - locales
+
+
+- name: (basic.yml) Create a symbolic link /bin/sh -> bash
+  file:
+    src: bash
+    dest: /bin/sh
+    owner: root
+    group: root
+    state: link
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - symlink-sh
+
+
+- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
+  stat:
+    path: /etc/systemd/system
+  register: etc_systemd_system_conf
+  when:
+    - set_default_limit_nofile|bool == true
+
+
+- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
+  lineinfile:
+    dest: /etc/systemd/system.conf
+    state: present
+    regexp: '^DefaultLimitNOFILE'
+    line: 'DefaultLimitNOFILE=1048576'
+    insertafter: '^#DefaultLimitNOFILE'
+  when:
+    - set_default_limit_nofile|bool == true
+    -  etc_systemd_system_conf.stat.exists == true
+  tags:
+    - systemd-nofiles
+
+
+- name: (basic.yml) Check file '/etc/security/limits.conf.ORIG' exists
+  stat:
+    path: /etc/security/limits.conf.ORIG
+  register: etc_security_limits_conf_ORIG
+  tags:
+    - limits-conf
+
+- name: (basic.yml) Backup installation version of file '/etc/security/limits.conf'
+  command: cp -a /etc/security/limits.conf /etc/security/limits.conf.ORIG
+  when: etc_security_limits_conf_ORIG.stat.exists == False
+  tags:
+    - limits-conf
+
+
+- name: (basic.yml) Create new sshd_config from template limits.conf.j2
+  template:
+    src: etc/security/limits.conf.j2
+    dest: /etc/security/limits.conf
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - limits-conf
+
+# - /etc/hosts
+
+- name: (basic.yml) Check file '/etc/hosts.ORIG' exists
+  stat:
+    path: /etc/hosts.ORIG
+  register: etc_hosts_ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - etc_hosts
+
+- name: (basic.yml) Backup installation version of file '/etc/hosts'
+  command: cp -a /etc/hosts /etc/hosts.ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+    - etc_hosts_ORIG.stat.exists == False
+  tags:
+    - etc_hosts
+
+- name: (basic.yml) addjust '/etc/hosts' add nis-server ..
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^192\.168\.'
+    line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[0] }}'
+  when:
+    - "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - etc_hosts
+

roles/common/tasks/cups-install.yml

@@ -0,0 +1,152 @@
+---
+
+
+# ---
+# Cups Server
+# ---
+
+- name: (cups-install.yml) Ensure CUPS packages server (buster) are installed.
+  package:
+    pkg: '{{ apt_install_server_cups_buster }}'
+    state: present
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+  tags:
+    - cups-server
+
+
+# ---
+# Cups clients
+# ---
+
+- name: (cups.yml) Ensure CUPS packages clients are installed.
+  package:
+    pkg: "{{ apt_install_client_cups }}"
+    state: present
+  when: 
+    - ansible_distribution_version ==  "18.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - cups-client
+
+
+
+# -- file /etc/cups/cups-browsed.conf
+- name: (cups.yml) Check if file '/etc/cups/cups-browsed.conf.ORIGi' exists
+  stat:
+    path: /etc/cups/cups-browsed.conf.ORIG
+  register: cups_browsed_conf_orig_exists
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) Backup /etc/cups/cups-browsed.conf file
+  command: cp /etc/cups/cups-browsed.conf /etc/cups/cups-browsed.conf.ORIG
+  when: cups_browsed_conf_orig_exists.stat.exists == False
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) update configuration file server - /etc/cups/cups-browsed.conf
+  template:
+    src: "etc/cups/cups-browsed.conf.server.j2"
+    dest: /etc/cups/cups-browsed.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups-browsed
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - cups-server
+
+- name: (cups.yml) update configuration file client - /etc/cups/cups-browsed.conf
+  template:
+    src: "etc/cups/cups-browsed.conf.client.j2"
+    dest: /etc/cups/cups-browsed.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups-browsed
+  when:
+    - groups['client_pc']|string is search(inventory_hostname)
+  tags:
+    - cups-client
+
+
+# -- file /etc/cups/cupsd.conf
+- name: (cups.yml) Check if file '/etc/cups/cupsd.conf.ORIG' exists
+  stat:
+    path: /etc/cups/cupsd.conf.ORIG
+  register: cupsd_conf_orig_exists
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) Backup /etc/cups/cupsd.conf file
+  command: cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.ORIG
+  when: cupsd_conf_orig_exists.stat.exists == False
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) update configuration file server - /etc/cups/cupsd.conf
+  template:
+    src: "etc/cups/cupsd.conf.server.j2"
+    dest: /etc/cups/cupsd.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - cups-server
+
+- name: (cups.yml) update configuration file client - /etc/cups/cupsd.conf
+  template:
+    src: "etc/cups/cupsd.conf.client.j2"
+    dest: /etc/cups/cupsd.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups
+  when:
+    - groups['client_pc']|string is search(inventory_hostname)
+  tags:
+    - cups-server
+
+# -- file /etc/cups/cups-files.conf
+- name: (cups.yml) Check if file '/etc/cups/cups-files.conf.ORIGi' exists
+  stat:
+    path: /etc/cups/cups-files.conf.ORIG
+  register: cups_files_conf_orig_exists
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) Backup /etc/cups/cups-files.conf file
+  command: cp /etc/cups/cups-files.conf /etc/cups/cups-files.conf.ORIG
+  when: cups_files_conf_orig_exists.stat.exists == False
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) update configuration file server - /etc/cups/cups-files.conf
+  template:
+    src: "etc/cups/cups-files.conf.j2"
+    dest: /etc/cups/cups-files.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups
+  tags:
+    - cups-server
+    - cups-client
+

roles/common/tasks/git.yml

@@ -0,0 +1,66 @@
+---
+
+# ---
+#  Default reposotories
+# ---
+
+- name: (git.yml) Install/Update default repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_default_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  tags:
+    - git-default-repositories
+
+
+# ---
+#  Group [file_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update file_server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_oopen_server_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - git-file-server-repositories
+
+
+# ---
+#  Group [samba_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update samba server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_samba_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  when: "groups['samba_server']|string is search(inventory_hostname)"
+  ignore_errors: True
+  tags:
+    - git-samba-server-repositories
+
+
+# ---
+#  Group [gateway_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update gateway repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_gateway_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  when: "groups['gateway_server']|string is search(inventory_hostname)"
+  tags:
+    - git-gateway-server-repositories
+
+

roles/common/tasks/main.yml

@@ -1,5 +1,79 @@
 ---
   
+# tags supported inside basic.yml
+#
+#    timezone
+#    locales
+#    systemd-nofiles
+- import_tasks: basic.yml
+  tags:
+    - basic
+
+
+# tags supported inside sshd.yml
+#
+#    sshd-config
+- import_tasks: sshd.yml
+  tags: sshd
+
+
+# tags supported inside apt.yml
+#
+#   apt-update
+#   apt-upgrade
+#   apt-dpkg-configure
+#   apt-initial-install
+#   apt-microcode
+#   apt-remove
+#   apt-autoremove
+#   apt-clean
+- import_tasks: apt.yml
+  tags: apt
+
+
+# tags supportetd inside git.yml
+#
+#   git-default-repositories
+#   git-file-server-repositories
+#   git-gateway-server-repositories
+- import_tasks: git.yml
+  tags: git
+
+# tags supported inside nis_user.yml:
+#
+#    nis-user
+#    system-user
+- import_tasks: nis-user.yml
+  when: "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - nis-user
+
+
+# tags supported inside ntp.yml:
+#
+#    ntp-server
+- import_tasks: ntp.yml
+  tags:
+    - ntp
+
+
+# tags supported inside cups-install.yml:
+#
+#    cups-server
+#    cups-client
+- import_tasks: cups-install.yml
+  tags:
+    - cups
+
+
+## tags supported inside pure-ftpd-install.yml:
+##
+#- import_tasks: pure-ftpd-install.yml
+#  when:
+#    - groups['ftp_server']|string is search(inventory_hostname)
+#  tags:
+#    - pure-ftpd
+
 
 # tags supported inside nfs.yml:
 #
@@ -9,6 +83,33 @@
   tags:
     - nfs
 
+
+# tags supported inside samba-install.yml:
+#
+#    samba-server
+#    samba-client
+- import_tasks: samba-install.yml
+  tags:
+    - samba-install
+    - samba
+
+
+# tags supported inside samba-remove-user.yml:
+#
+- import_tasks: samba-remove-user.yml
+  tags:
+    - samba-remove-user
+
+
+# tags supported inside system-user.yml:
+#
+#    system-user
+- import_tasks: system-user.yml
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - system-user
+
+
 # tags supported inside nfs.yml:
 #
 #    nis-install-server
@@ -16,6 +117,7 @@
   when: "groups['nis_server']|string is search(inventory_hostname)"
   tags:
     - nis-install
+    - nis-install-server
 
 # tags supported inside nfs.yml:
 #
@@ -24,44 +126,72 @@
   when: "groups['nis_client']|string is search(inventory_hostname)"
   tags:
     - nis-install
-
+    - nis-install-client
-# tags supported inside nis_user.yml:
-#
-#    nis-user
-#    system-user
-- import_tasks: nis_user.yml
-  when: "groups['nis_server']|string is search(inventory_hostname)"
-  tags:
-    - nis-user
 
 # tags supported inside samba_user.yml:
 #
 #    samba-user
-- import_tasks: samba_user.yml
+- import_tasks: samba-user.yml
   when: "groups['samba_server']|string is search(inventory_hostname)"
   tags:
     - nis-samba-user
 
-# tags supported user-systemfiles.yml:
-
-#    profile
-- import_tasks: user-systemfiles.yml
-  when: "groups['nis_server']|string is search(inventory_hostname)"
-  tags:
-    - user-systemfiles
-
-# tags supported inside sudoers.yml:
-#
-#   sudoers-remove
-#   sudoers-file-configuration
-#   sudoers-global-configuration
-- import_tasks: sudoers.yml
-  when: "groups['client_pc']|string is search(inventory_hostname)"
-  tags:
-    - sudoers
 
 - import_tasks: mount_samba_shares.yml
   when: "groups['client_pc']|string is search(inventory_hostname)"
   tags:
     - samba-shares
 
+
+# tags supported system-user-systemfiles.yml:
+#
+#    profile
+#    bashrc
+#    vimrc
+- import_tasks: system-user-systemfiles.yml
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - user-systemfiles
+
+
+# tags supported nis-user-systemfiles.yml:
+#
+#    profile
+#    bashrc
+#    vimrc
+- import_tasks: nis-user-systemfiles.yml
+  when: "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - user-systemfiles
+    - nis-user-systemfiles
+
+
+# tags supported root-files-scripts.yml:
+
+#    wakeup_lan
+- import_tasks: root-files-scripts.yml
+  tags:
+    - root-files-scripts
+
+
+# tags supported inside sudoers-pc.yml:
+#
+#   sudoers-remove
+#   sudoers-file-configuration
+#   sudoers-global-configuration
+- import_tasks: sudoers-pc.yml
+  when: "groups['client_pc']|string is search(inventory_hostname)"
+  tags:
+    - sudoers
+
+
+# tags supported inside sudoers-server.yml:
+#
+#   sudoers-remove
+#   sudoers-file-configuration
+#   sudoers-global-configuration
+- import_tasks: sudoers-server.yml
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - sudoers
+

roles/common/tasks/nfs.yml

@@ -44,6 +44,23 @@
   tags:
     - nfs-server
 
+- name: Enable service rpc-statd and ensure it is not masked
+  systemd:
+    name: rpc-statd
+    enabled: yes
+    masked: no
+  when:
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+
+- name: Make sure service rpc-statd is running
+  systemd:
+    state: started
+    name: rpc-statd
+  when:
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+  tags:
+    - nfs-server
+
 # ---
 # NFS clients
 # ---

roles/common/tasks/nis-install-client.yml

@@ -145,7 +145,7 @@
 - name: (nis-install-client.yml) Add nis-server to file /etc/hosts
   lineinfile:
     path: /etc/hosts
-    line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[1] }}'
+    line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[0] }}'
     insertafter: EOF
     state: present
     owner: root
@@ -160,7 +160,7 @@
 # /etc/nsswitch.conf
 # ---
 
-- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
+- name: (nis-install-client.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
   stat:
     path: /etc/nsswitch.conf.ORIG
   register: nsswitch_conf_orig_exists
@@ -168,7 +168,7 @@
     - nis-install 
     - nis-install-client
 
-- name: (nis.yml) Backup existing file /etc/nsswitch.conf
+- name: (nis-install-client.yml) Backup existing file /etc/nsswitch.conf
   command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
   when:
     - nsswitch_conf_orig_exists.stat.exists == False

roles/common/tasks/nis-install-server.yml

@@ -4,6 +4,16 @@
 # Install nis
 # ---
 
+- name: (nis-install-server.yml) Install nis common packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nis_common_packages }}"
+  register: nis_installed
+  tags:
+    - nis-install
+    - nis-install-server
+
 - name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain)
   template:
     dest: /etc/defaultdomain  
@@ -15,15 +25,16 @@
     - nis-install
     - nis-install-server
 
-- name: (nis-install-server.yml) Install nis common packages
+- name: (nis-install-server.yml) Create preconfigured /etc/yp.conf on nis clients
-  package:
+  template:
-    name: "{{ item }}"
+    dest: /etc/yp.conf
-    state: present
+    src: etc/yp.conf.j2
-  with_items: "{{ nis_common_packages }}"
+    owner: root
-  register: nis_installed
+    group: root
+    mode: 0644
   tags:
     - nis-install
-    - nis-install-server
+    - nis-install-client
 
 
 # ---
@@ -85,14 +96,14 @@
     - nis-install
     - nis-install-server
 
-- name: (nis-install-client.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
+- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
   replace:
     path: /etc/ypserv.securenets
     regexp: '^(0.0.0.0\s+.*)'
     replace: '#\1'
   tags:
     - nis-install
-    - nis-install-client
+    - nis-install-server
 
 - name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
   lineinfile:
@@ -105,7 +116,7 @@
     mode: '0644'
   tags:
     - nis-install
-    - nis-install-client
+    - nis-install-server
 
 - name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
   lineinfile:
@@ -134,13 +145,13 @@
 
 - name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
   file:
-    path: '{{  nis_base_home}}'
+    path: '{{ nis_base_home }}'
     owner: root
     group: root
     mode: '0755'
     state: directory
   when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - "groups['nis_server']|string is search(inventory_hostname)"
   tags:
     - nis-install
     - nis-install-server

roles/common/tasks/nis-user-systemfiles.yml

@@ -0,0 +1,183 @@
+---
+
+# ---
+# Check if local template directories exists
+# ---
+
+# nis_users
+- name: (nis-user-systemfiles.yml) Check if local template directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
+  with_items: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_nis_user
+
+
+# -- 
+# Copy .profile 
+# --- 
+
+- name: (nis-user-systemfiles.yml) Check if users file '.profile.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.profile.ORIG"
+  register: profile_user_orig_exists
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - profile
+
+- name: (nis-user-systemfiles.yml) Backup existing users .profile file
+  command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
+  loop: "{{ profile_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == False
+  tags:
+    - profile
+
+- name: (nis-user-systemfiles.yml) copy .profile if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{  local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
+  tags:
+    - profile
+
+- name: (nis-user-systemfiles.yml) copy default .profile if it exists
+  template:
+    src: files/homedirs/DEFAULT/_profile.j2
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - profile
+
+
+# --
+# Copy .bashrc
+# ---
+
+- name: (nis-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.bashrc.ORIG"
+  register: bashrc_user_orig_exists
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - bashrc
+
+- name: (nis-user-systemfiles.yml) Backup existing users .bashrc file
+  command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
+  loop: "{{ bashrc_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: item.stat.exists == False
+  tags:
+    - bashrc
+
+- name: (nis-user-systemfiles.yml) copy .bashrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
+  tags:
+    - bashrc
+
+- name: (nis-user-systemfiles.yml) copy default .bashrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_bashrc
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - bashrc
+
+
+# --
+# Copy .vimrc
+# ---
+
+- name: (nis-user-systemfiles.yml) copy .vimrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
+  tags:
+    - vimrc
+
+- name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
+  with_items: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_dotvim_default_user
+
+- name: (nis-user-systemfiles.yml) copy .vim directory if it exists
+  copy:
+    src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
+    dest: "~{{ item.item.name }}"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  with_items: "{{ local_template_dir_dotvim_default_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+  tags:
+    - vimrc
+
+- name: (nis-user-systemfiles.yml) copy default .vimrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_vimrc
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - vimrc
+

roles/common/tasks/nis-user.yml

@@ -0,0 +1,175 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+- name: (nis_user.yml) Remove (old) users from system
+  user:
+    name: '{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - nis-user
+    - system-user
+
+- name: (nis_user.yml) Remove home directory from deleted users
+  file:
+    path: '{{ nis_base_home }}/{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - nis-user
+    - system-user
+
+# ---
+# - default user/groups
+# ---
+
+- name: (nis_user.yml) Ensure nis groups exists
+  group:
+    name: '{{ item.name }}'
+    state: present
+    gid: '{{ item.group_id | default(omit) }}'
+  loop: "{{ nis_groups }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: item.group_id is defined
+  notify: Renew nis databases
+  tags:
+    - nis-user
+    - system-user
+    
+#- meta: end_host
+
+- name: (nis_user.yml) Get database of nis (system) users
+  getent:
+    database: passwd
+  tags:
+    - nis-user
+    - system-user
+
+- name: (nis_user.yml) Add nis (system) users if not yet exists..
+  shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - item.name not in getent_passwd
+  notify: Renew nis databases
+  tags:
+    - nis-user
+    - system-user
+
+- name: (nis_user.yml) Ensure nis users exists
+  user:
+    name: '{{ item.name }}'
+    state: present
+    uid: '{{ item.user_id | default(omit) }}'
+    #group: '{{ item.0.name | default(omit) }}'
+    groups: "{{ item.groups|join(', ') }}"
+    home: '{{ nis_base_home }}/{{ item.name }}'
+    shell: '{{ item.shell|d("/bin/bash") }}'
+    password: "{{ item.password | password_hash('sha512') }}"
+    update_password: on_create
+    append: yes
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  notify: Renew nis databases
+  tags:
+    - nis-user
+    - system-user
+
+
+- name: (nis_user.yml) Check if directory ~/.config/autostart exists
+  stat:
+    path: '{{ nis_base_home }}/{{ item.name }}/.config/autostart'
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: home_config_autostart
+  tags:
+    - nis-user
+    - x11vnc
+
+
+- name: (nis_user.yml) Ensure directory ~/.config/autostart if not exists
+  file:
+    path: '{{ nis_base_home }}/{{ item.item.name }}/.config/autostart'
+    state: directory
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0700
+    recurse: yes
+  loop: "{{ home_config_autostart.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when : not item.stat.exists|bool
+  tags:
+    - nis-user
+    - x11vnc
+
+
+#- name: (nis_user.yml) Ensure directory ~/.config/autostart if not exists
+#  file:
+#    path: '{{ nis_base_home }}/{{ item.name }}/.config/autostart'
+#    state: directory
+#    owner: "{{ item.name }}"
+#    group: "{{ item.name }}"
+#    mode: 0700
+#    recurse: yes
+#  loop: "{{ nis_user }}"
+#  loop_control:
+#    label: '{{ item.name }}'
+#  tags:
+#    - nis-user
+#    - x11vnc
+
+
+- name: (nis_user.yml) Check if file ~/.config/autostart/x11vnc.desktop exists
+  stat:
+    path: '{{ nis_base_home }}/{{ item.name }}/.config/autostart/x11vnc.desktop'
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: home_config_autostart_x11vnc
+  tags:
+    - nis-user
+    - x11vnc
+
+- name: (nis_user.yml) Ensure file ~/.config/autostart/x11vnc.desktop exists
+  copy:
+    src: "{{ role_path + '/files/USER_HOME/.config/autostart/x11vnc.desktop' }}"
+    dest: '{{ nis_base_home }}/{{ item.item.name }}/.config/autostart/x11vnc.desktop'
+    owner: '{{ item.item.name }}'
+    group: '{{ item.item.name }}'
+    mode: 0600
+  loop: "{{ home_config_autostart_x11vnc.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  tags:
+    - nis-user
+    - x11vnc
+
+#- name: (nis_user.yml) Ensure file ~/.config/autostart/x11vnc.desktop exists
+#  copy:
+#    src: "{{ role_path + '/files/USER_HOME/.config/autostart/x11vnc.desktop' }}"
+#    dest: '{{ nis_base_home }}/{{ item.name }}/.config/autostart/x11vnc.desktop'
+#    owner: '{{ item.name }}'
+#    group: '{{ item.name }}'
+#    mode: 0600
+#  loop: "{{ nis_user }}"
+#  loop_control:
+#    label: '{{ item.name }}'
+#  tags:
+#    - nis-user
+#    - x11vnc
+
+

roles/common/tasks/nis_user.yml

@@ -1,95 +0,0 @@
----
-
-# ---
-# - Remove unwanted users
-# ---
-
-- name: (nis_user.yml) Remove (old) users from system
-  user:
-    name: '{{ item.name }}'
-    state: absent
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - nis-user
-    - system-user
-
-- name: (nis_user.yml) Remove home directory from deleted users
-  file:
-    path: '{{ nis_base_home }}/{{ item.name }}'
-    state: absent
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - nis-user
-    - system-user
-
-# ---
-# - default user/groups
-# ---
-
-- name: (nis_user.yml) Ensure nis groups exists
-  group:
-    name: '{{ item.name }}'
-    state: present
-    gid: '{{ item.group_id | default(omit) }}'
-  loop: "{{ nis_groups }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: item.group_id is defined
-  notify: Renew nis databases
-  tags:
-    - nis-user
-    - system-user
-    
-#- meta: end_host
-
-- name: (nis_user.yml) Check if nis (system) user exists
-  shell: "getent passwd {{ item.name }}"
-  register: nis_user_exists
-  changed_when: "nis_user_exists.rc == 2"
-  failed_when: "nis_user_exists.rc > 2"
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  ignore_errors: true
-  tags:
-    - nis-user
-    - system-user
-
-- name: (nis_user.yml) Add nis (system) users 
-  shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: nis_user_exists is changed
-  notify: Renew nis databases
-  tags:
-    - nis-user
-    - system-user
-
-- name: (nis_user.yml) Ensure nis users exists
-  user:
-    name: '{{ item.name }}'
-    state: present
-    uid: '{{ item.user_id | default(omit) }}'
-    #group: '{{ item.0.name | default(omit) }}'
-    groups: "{{ item.groups|join(', ') }}"
-    home: '{{ nis_base_home }}/{{ item.name }}'
-    shell: '{{ item.shell|d("/bin/bash") }}'
-    password: "{{ item.password | password_hash('sha512') }}"
-    update_password: on_create
-    append: yes
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  notify: Renew nis databases
-  tags:
-    - nis-user
-    - system-user
-
-

roles/common/tasks/ntp.yml

@@ -0,0 +1,47 @@
+---
+
+# ---
+# NTP Server
+# ---
+
+- name: (ntp.yml) Ensure ntp package is installed.
+  apt:
+    name:
+      - ntp
+    state: present
+  when:
+    - ansible_os_family == "Debian"
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - ntp-server
+
+- name: (ntp.yml) Check file '/etc/ntp.conf.ORIG' exists
+  stat:
+    path: /etc/ntp.conf.ORIG
+  register: etc_ntp_conf_ORIG
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - ntp-server
+
+- name: (ntp.yml) Backup installation version of file '/etc/ntp.conf'
+  command: cp -a /etc/ntp.conf /etc/ntp.conf.ORIG
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+    - etc_ntp_conf_ORIG.stat.exists == False
+  tags:
+    - ntp-server
+
+- name: (ntp.yml) Update '/etc/ntp.conf'
+  template:
+    src: "etc/ntp.conf.j2"
+    dest: /etc/ntp.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart ntp
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - ntp-server
+

roles/common/tasks/root-files-scripts.yml

@@ -0,0 +1,51 @@
+---
+
+- name: (root_files_scripts.yml) Ensure directory /root/bin exists
+  file:
+    path: /root/bin
+    owner: root
+    group: root
+    mode: '0700'
+    state: directory
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+
+- name: (root_files_scripts.yml) Ensure script 'wakeup_lan.sh' is present
+  template:
+    src: "root/bin/wakeup_lan.sh.j2"
+    dest: /root/bin/wakeup_lan.sh
+    owner: root
+    group: root
+    mode: 0755
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - wakeup_lan
+
+- name: (root_files_scripts.yml) Check file '/etc/motd.ORIG' exists
+  stat:
+    path: /etc/motd.ORIG
+  register: etc_motd_ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - etc_motd
+
+- name: (basic.yml) Backup installation version of file '/etc/motd'
+  command: cp -a /etc/motd /etc/motd.ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+    - etc_motd_ORIG.stat.exists == False
+  tags:
+    - etc_motd
+
+
+- name: (root_files_scripts.yml) Write new '/etc/motd' file..
+  shell: >
+    figlet '{{ nis_server_name.split(".")[0] }}' > /etc/motd
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+    - etc_motd_ORIG.stat.exists == False
+  tags:
+    - etc_motd
+

roles/common/tasks/samba-install.yml

@@ -0,0 +1,185 @@
+---
+
+# ---
+# Samba Server
+# ---
+
+- name: (samba-install.yml) Ensure samba packages server (buster) are installed.
+  package:
+    pkg: '{{ apt_install_server_samba }}'
+    state: present
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  tags:
+    - samba-server
+
+- name: (samba-install.yml) Ensure samba share directories exists
+  file:
+    path: "{{ item.path }}"
+    owner: "root"
+    group: "{{ item.group_write_list }}"
+    mode: '2770'
+    state: directory
+  with_items: "{{ samba_shares }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  tags:
+    - samba-shares
+
+
+# ---
+# /etc/samba/smb.conf
+# ---
+
+- name: (samba-install.yml) Check if file '/etc/samba/smb.conf.ORIG exists'
+  stat:
+    path: /etc/samba/smb.conf.ORIG
+  register: smb_conf_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  tags:
+    - samba-server
+
+- name: (samba-install.yml) Backup existing file /etc/samba/smb.conf
+  command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - smb_conf_exists.stat.exists == False
+  tags:
+    - samba-server
+
+
+- name: (samba-install.yml) /etc/samba/smb.conf
+  template:
+    dest: /etc/samba/smb.conf
+    src: etc/samba/smb.conf.j2
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  notify:
+    - Restart smbd
+    - Restart nmbd
+  tags:
+    - samba-server
+
+
+- name: (samba-install.yml) Ensure file /etc/samba/users.map exists
+  copy:
+    src: "{{ role_path + '/files/etc/samba/users.map' }}"
+    dest: /etc/samba/users.map
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  notify:
+    - Restart smbd
+    - Restart nmbd
+  tags:
+    - samba-server
+
+
+# ---
+# Cronjob for cleaning up samba trash dirs
+# ---
+
+- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists
+  stat:
+    path: /root/bin/samba/clean_samba_trash.sh
+  register: clean_samba_trash_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+- name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh'
+  template: 
+    dest: /root/bin/samba/conf/clean_samba_trash.conf
+    src: root/bin/samba/conf/clean_samba_trash.conf.j2
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - clean_samba_trash_exists.stat.exists|bool
+  tags:
+    - samba-server
+
+
+- name: Check if cleaning up trash dirs is configured
+  lineinfile:
+    path: /root/bin/samba/conf/clean_samba_trash.conf
+    regexp: "^trash_dirs=*"
+    state: absent
+  check_mode: yes
+  changed_when: false
+  register: clean_samba_trash_dirs
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+
+- name: Creates a cron job for cleaning up samba trash dirs
+  cron:
+    name: '{{ samba_cronjob_trash_dirs.name }}'
+    minute: '{{ samba_cronjob_trash_dirs.minute }}'
+    hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}"
+    day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}"
+    month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}"
+    weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}"
+    user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
+    job: "{{ samba_cronjob_trash_dirs.job }}"
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - clean_samba_trash_dirs.found
+
+
+# ---
+# Cronjob for setting permissions on samba shares
+# ---
+
+- name: (samba-install.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
+  stat:
+    path: /root/bin/samba/set_permissions_samba_shares.sh
+  register: set_permissions_on_samba_shares_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+- name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
+  template: 
+    dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
+    src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - set_permissions_on_samba_shares_exists.stat.exists|bool
+  tags:
+    - samba-server
+
+
+- name: Creates a cron job for cleaning up samba trash dirs
+  cron:
+    name: '{{ samba_cronjob_permissions.name }}'
+    minute: '{{ samba_cronjob_permissions.minute }}'
+    hour: "{{ samba_cronjob_permissions.hour | default('*') }}"
+    day: "{{ samba_cronjob_permissions.day | default('*') }}"
+    month: "{{ samba_cronjob_permissions.month| default('*') }}"
+    weekday: "{{ samba_cronjob_permissions.weekday| default('*') }}"
+    user: "{{ samba_cronjob_permissions.user | default('root') }}"
+    job: "{{ samba_cronjob_permissions.job }}"
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - clean_samba_trash_dirs.found
+
+
+# ---
+# Samba clients
+# ---
+
+- name: (samba-install.yml) Ensure samba packages clients are installed.
+  package:
+    pkg: "{{ apt_install_client_samba }}"
+    state: present
+  when: 
+    - "groups['nis_client']|string is search(inventory_hostname)"
+    - ansible_distribution == "Ubuntu"
+  tags:
+    - samba-client
+

roles/common/tasks/samba-remove-user.yml

@@ -0,0 +1,57 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+
+- name: (samba-remove-user.yml) Check if samba user exists for removable system user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_remove_system_users_present
+  changed_when: "samba_remove_system_users_present.rc == 0"
+  failed_when: "samba_remove_system_users_present.rc > 1"
+  with_items: 
+    - "{{ remove_system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Remove (old) system users from samba
+  shell: >
+    smbpasswd -s -x {{ item.item.name }}
+  with_items: 
+    - "{{ samba_remove_system_users_present.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: 
+    - item.changed
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Check if samba user exists for removable nis user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_remove_nis_users_present
+  changed_when: "samba_remove_nis_users_present.rc == 0"
+  failed_when: "samba_remove_nis_users_present.rc > 1"
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Remove (old) nis users from samba
+  shell: >
+    smbpasswd -s -x {{ item.item.name }}
+  with_items: 
+    - "{{ samba_remove_nis_users_present.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: 
+    - item.changed
+  tags:
+    - samba-user

roles/common/tasks/samba-user.yml

@@ -0,0 +1,30 @@
+---
+
+# ---
+# - default user/groups
+# ---
+
+- name: (samba-user.yml) Check if samba user exists for nis user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_nis_user_present
+  changed_when: "samba_nis_user_present.rc == 1"
+  failed_when: "samba_nis_user_present.rc > 1"
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - item.is_samba_user is defined and item.is_samba_user|bool
+  tags:
+    - samba-user
+
+- name: (samba-user.yml) Add nis user to samba (with nis users password)
+  shell: >
+    (echo '{{ item.item.password }}'; echo '{{ item.item.password }}') 
+    | smbpasswd -s -a {{ item.item.name }}
+  loop: "{{ samba_nis_user_present.results }}"
+  when: item.changed
+  loop_control:
+    label: '{{ item.item.name }}'
+  tags:
+    - samba-user
+

roles/common/tasks/samba_user.yml

@@ -1,60 +0,0 @@
----
-
-# ---
-# - Remove unwanted users
-# ---
-
-- name: (samba_user.yml) Check if samba user exists for removable nis user
-  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
-  register: samba_deleted_user_present
-  changed_when: "samba_deleted_user_present.rc == 0"
-  failed_when: "samba_deleted_user_present.rc > 1"
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - samba-user
-
-
-- name: (samba_user.yml) Remove (old) users from samba
-  shell: "smbpasswd -s -x {{ item.name }}"
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: samba_deleted_user_present is changed
-  tags:
-    - samba-user
-
-
-# ---
-# - default user/groups
-# ---
-
-- name: (samba_user.yml) Check if samba user exists for nis user
-  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
-  register: samba_nis_user_present
-  changed_when: "samba_nis_user_present.rc > 0"
-  failed_when: "samba_nis_user_present.rc > 1"
-  with_items: 
-    - "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when:
-    - item.is_samba_user is defined and item.is_samba_user|bool
-  tags:
-    - samba-user
-
-- name: (samba_user.yml) Add nis user to samba (with nis users password)
-  shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: 
-    - item.is_samba_user is defined and item.is_samba_user|bool
-    - samba_nis_user_present is changed
-  notify: Renew nis databases
-  tags:
-    - samba-user
-

roles/common/tasks/sshd.yml

@@ -0,0 +1,29 @@
+---
+
+- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
+  stat:
+    path: /etc/ssh/sshd_config.ORIG
+  register: etc_sshd_sshd_config_ORIG
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
+  command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
+  when: etc_sshd_sshd_config_ORIG.stat.exists == False
+  tags:
+    - sshd-config
+
+
+- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+    validate: 'sshd -f %s -T'
+    #backup: yes
+  notify: "Restart ssh"
+  tags:
+    - sshd-config
+

roles/common/tasks/sudoers-pc.yml

@@ -0,0 +1,32 @@
+---
+
+- name: (sudoers-pc.yml) update specific sudoers configuration files (/etc/sudoers.d/)
+  template:
+    src: etc/sudoers.d/50-user.pc.j2
+    dest: /etc/sudoers.d/50-user
+    validate: visudo -cf %s
+    owner: root
+    group: root
+    mode: 0440
+  tags:
+    - sudoers-file-configuration
+
+- name: (sudoers-pc.yml) update global sudoers configuration file
+  template:
+    src: etc/sudoers.pc.j2
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+  tags:
+    - sudoers-global-configuration
+
+- name: (sudoers-pc.yml) Ensure all sudo_users are in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ sudo_pc_users }}"
+  tags:
+    - sudo-users

roles/common/tasks/sudoers-server.yml

@@ -0,0 +1,57 @@
+---
+
+#- name: (sudoers-server.yml) include variables
+#  include_vars: "{{ item }}"
+#  with_first_found:
+#    - "sudoers-{{ inventory_hostname }}.yml"
+#    - "sudoers-{{ ansible_distribution_release }}.yml"
+#    - "sudoers-{{ ansible_distribution | lower }}.yml"
+#    - "sudoers-default.yml"
+#  tags:
+#    - sudoers-remove
+#    - sudoers-file-configuration
+#    - sudoers-global-configuration
+    
+- name: (sudoers-server.yml) Remove user entries in file /etc/sudoers
+  lineinfile:
+    dest: /etc/sudoers
+    state: absent
+    regexp: '^{{ item }}'
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+  with_items: '{{ sudoers_server_remove_user }}'
+  tags:
+    - sudoers-remove
+
+- name: (sudoers-server.yml) update specific sudoers configuration files (/etc/sudoers.d/)
+  template:
+    src: etc/sudoers.d/50-user.server.j2
+    dest: /etc/sudoers.d/50-user
+    #validate: visudo -cf %s
+    owner: root
+    group: root
+    mode: 0440
+  tags:
+    - sudoers-file-configuration
+
+- name: (sudoers-server.yml) update global sudoers configuration file
+  template:
+    src: etc/sudoers.server.j2
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: 0440
+    #validate: visudo -cf %s
+  tags:
+    - sudoers-global-configuration
+
+- name: (sudoers-server.yml) Ensure all sudo_users are in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ sudo_server_users }}"
+  tags:
+    - sudo-users

roles/common/tasks/sudoers.yml

@@ -1,32 +0,0 @@
----
-
-- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
-  template:
-    src: etc/sudoers.d/50-user.j2
-    dest: /etc/sudoers.d/50-user
-    validate: visudo -cf %s
-    owner: root
-    group: root
-    mode: 0440
-  tags:
-    - sudoers-file-configuration
-
-- name: (sudoers.yml) update global sudoers configuration file
-  template:
-    src: etc/sudoers.j2
-    dest: /etc/sudoers
-    owner: root
-    group: root
-    mode: 0440
-    validate: visudo -cf %s
-  tags:
-    - sudoers-global-configuration
-
-#- name: (sudoers.yml) Ensure all sudo_users are in sudo group
-#  user:
-#    name: "{{ item }}"
-#    groups: sudo
-#    append: yes
-#  with_items: "{{ sudo_users }}"
-#  tags:
-#    - sudo-users

roles/common/tasks/system-user-systemfiles.yml

@@ -0,0 +1,278 @@
+---
+
+# ---
+# Check if local template directories exists
+# ---
+
+# system_user
+- name: (system-user-systemfiles.yml) Check if local template directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
+  with_items: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_system_users
+
+# root
+- name: (system-user-systemfiles.yml) Check if local template directory exists for root
+  local_action: stat path={{ inventory_dir }}/files/homedirs/root
+  register: local_template_dir_root
+
+
+# -- 
+# Copy .profile 
+# --- 
+
+- name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.profile.ORIG"
+  register: profile_user_orig_exists
+  loop: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - profile
+
+- name: (user-systemfiles.yml) Backup existing users .profile file
+  command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
+  loop: "{{ profile_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == False
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) copy .profile if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{  local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) copy default .profile if it exists
+  template:
+    src: files/homedirs/DEFAULT/_profile
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+    - lookup('fileglob', inventory_dir + '/files/homedirs/DEFAULT/_profile')
+  tags:
+    - profile
+
+# -- root user
+- name: (system-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
+  stat:
+    path: /root/.profile.ORIG
+  register: profile_root_orig_exists
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) Backup existing users .profile file
+  command: cp -a /root/.profile /root/.profile.ORIG
+  when: profile_root_orig_exists.stat.exists == False
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) copy .profile for user root
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
+    dest: "/root/.profile"
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
+  tags:
+    - profile
+
+# --
+# Copy .bashrc
+# ---
+
+- name: (system-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.bashrc.ORIG"
+  register: bashrc_user_orig_exists
+  loop: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - bashrc
+
+- name: (system-user-systemfiles.yml) Backup existing users .bashrc file
+  command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
+  loop: "{{ bashrc_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: item.stat.exists == False
+  tags:
+    - bashrc
+
+- name: (system-user-systemfiles.yml) copy .bashrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
+  tags:
+    - bashrc
+
+- name: (system-user-systemfiles.yml) copy default .bashrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_bashrc
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - bashrc
+
+# -- root user
+- name: (system-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
+  stat:
+    path: /root/.bashrc.ORIG
+  register: bashrc_root_orig_exists
+  tags:
+    - bash
+
+- name: (system-user-systemfiles.yml) Backup /root/.bashrc file
+  command: cp /root/.bashrc /root/.bashrc.ORIG
+  when: bashrc_root_orig_exists.stat.exists == False
+  tags:
+    - bash
+
+- name: (system-user-systemfiles.yml) copy .bashrc for user root
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
+    dest: "/root/.bashrc"
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
+  tags:
+    - bash
+
+# --
+# Copy .vimrc
+# ---
+
+- name: (system-user-systemfiles.yml) copy .vimrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
+  tags:
+    - vimrc
+
+- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
+  with_items: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_dotvim_default_user
+
+- name: (system-user-systemfiles.yml) copy .vim directory if it exists
+  copy:
+    src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
+    dest: "~{{ item.item.name }}"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  with_items: "{{ local_template_dir_dotvim_default_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+  tags:
+    - vimrc
+
+- name: (system-user-systemfiles.yml) copy default .vimrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_vimrc
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - vimrc
+
+
+- name: (system-user-systemfiles.yml) copy .vimrc for user root
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
+    dest: "/root/.vimrc"
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
+  tags:
+    - vimrc
+
+- name: (system-user-systemfiles.yml) Check if local template directory .vim  exists for user root
+  local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
+  register: local_template_dir_vim_root
+  with_items: 'root'
+  loop_control:
+    label: 'root'
+
+- name: (system-user-systemfiles.yml) copy .vim directory for user root if it exists
+  copy:
+    src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
+    dest: "/root"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  with_items: "{{ local_template_dir_vim_root.results }}"
+  loop_control:
+    label: 'root'
+  when:
+    - item.stat.exists
+  tags:
+    - vim
+
+

roles/common/tasks/system-user.yml

@@ -0,0 +1,64 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+- name: (user.yml) Remove (old) users from system
+  user:
+    name: '{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - system-user
+
+- name: (user.yml) Remove home directory from deleted users
+  file:
+    path: '{{ base_home }}/{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - system-user
+
+# ---
+# - default user/groups
+# ---
+
+- name: (user.yml) Ensure system groups exists
+  group:
+    name: '{{ item.name }}'
+    state: present
+    gid: '{{ item.group_id | default(omit) }}'
+  loop: "{{ system_groups }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: item.group_id is defined
+  notify: Renew nis databases
+  tags:
+    - system-user
+    
+#- meta: end_host
+
+- name: (system-user.yml) Get database of nis (system) users
+  getent:
+    database: passwd
+  tags:
+    - system-user
+
+- name: (system-user.yml) Add (system) users if not yet exists..
+  shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
+  loop: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - item.name not in getent_passwd
+  notify: Renew nis databases
+  tags:
+    - system-user
+

roles/common/tasks/user-systemfiles.yml

@@ -1,39 +0,0 @@
----
-
-- name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
-  stat:
-    path: "~{{ item.name }}/.profile.ORIG"
-  register: profile_user_orig_exists
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: 
-    - item.is_samba_user is defined and item.is_samba_user|bool
-  tags:
-    - profile
-
-- name: (user-systemfiles.yml) Backup existing users .profile file
-  command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
-  loop: "{{ profile_user_orig_exists.results }}"
-  loop_control:
-    label: '{{ item.item.name }}'
-  when:
-    - item.is_samba_user is defined and item.is_samba_user|bool
-    - item.stat.exists == False
-  tags:
-    - profile
-
-- name: (user-systemfiles.yml) Create new users .profile file
-  template:
-    src: user_homedirs/dot.profile.j2
-    dest: "~{{ item.name }}/.profile"
-    owner: "{{ item.name }}"
-    group: "{{ item.name }}"
-    mode: 0644
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when:
-    - item.is_samba_user is defined and item.is_samba_user|bool
-  tags:
-    - profile

roles/common/templates/etc/apt/sources.list.Debian.j2

@@ -0,0 +1,28 @@
+# {{ ansible_managed }}
+
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+
+deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
+{{ '# ' if not apt_src_enable else '' }}deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
+
+# {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+
+# Contrib packages contain DFSG-compliant software,
+# but have dependencies not in main (possibly packaged for Debian in non-free).
+# Non-free contains software that does not comply with the DFSG.
+{% if apt_debian_contrib_nonfree_enable %}
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+{% endif %}
+
+# # N.B. software from this repository may not have been tested as
+# # extensively as that contained in the main release, although it includes
+# # newer versions of some applications which may provide useful features.
+{% if apt_backports_enable %}
+deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+{% endif %}
+

roles/common/templates/etc/cups/cups-browsed.conf.client.j2

@@ -0,0 +1,746 @@
+# {{ ansible_managed }}
+
+# All configuration options described here can also be supplied on the
+# command line of cups-browsed via the "-o" option. In case of
+# contradicting settings the setting defined in the configuration file
+# will get used.
+
+# Unknown directives are ignored, also unknown values.
+
+
+# Where should cups-browsed save information about the print queues it had
+# generated when shutting down, like whether one of these queues was the
+# default printer, or default option settings of the queues?
+
+# CacheDir /var/cache/cups
+
+
+# Where should cups-browsed create its debug log file (if "DebugLogging file"
+# is set)?
+
+# LogDir /var/log/cups
+
+
+# How should debug logging be done? Into the file
+# /var/log/cups/cups-browsed_log ('file'), to stderr ('stderr'), or
+# not at all ('none')?
+
+# Note that if cups-browsed is running as a system service (for
+# example via systemd) logging to stderr makes the log output going to
+# the journal or syslog. Only if you run cups-browsed from the command
+# line (for development or debugging) it will actually appear on
+# stderr.
+
+# DebugLogging file
+# DebugLogging stderr
+# DebugLogging file stderr
+# DebugLogging none
+
+
+# Which protocols will we use to discover printers on the network?
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+#BrowseRemoteProtocols dnssd cups
+BrowseRemoteProtocols CUPS
+
+
+# Which protocols will we use to broadcast shared local printers to the network?
+# Can use DNSSD and/or CUPS, or 'none' for neither.
+# Only CUPS is actually supported, as DNSSD is done by CUPS itself (we ignore
+# DNSSD in this directive).
+
+# BrowseLocalProtocols none
+
+
+# Settings of this directive apply to both BrowseRemoteProtocols and
+# BrowseLocalProtocols.
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+# BrowseProtocols none
+
+
+# Only browse remote printers (via DNS-SD or CUPS browsing) from
+# selected servers using the "BrowseAllow", "BrowseDeny", and
+# "BrowseOrder" directives
+
+# This serves for restricting the choice of printers in print dialogs
+# to trusted servers or to reduce the number of listed printers in the
+# print dialogs to a more user-friendly amount in large networks with
+# very many shared printers.
+
+# This only filters the selection of remote printers for which
+# cups-browsed creates local queues. If the print dialog uses other
+# mechanisms to list remote printers as for example direct DNS-SD
+# access, cups-browsed has no influence. cups-browsed also does not
+# prevent the user from manually accessing non-listed printers.
+
+# "BrowseAllow": Accept printers from these hosts or networks. If
+# there are only "BrowseAllow" lines and no "BrowseOrder" and/or
+# "BrowseDeny" lines, only servers matching at last one "BrowseAllow"
+# line are accepted.
+
+# "BrowseDeny": Deny printers from these hosts or networks. If there
+# are only "BrowseDeny" lines and no "BrowseOrder" and/or
+# "BrowseAllow" lines, all servers NOT matching any of the
+# "BrowseDeny" lines are accepted.
+
+# "BrowseOrder": Determine the order in which "BrowseAllow" and
+# "BrowseDeny" lines are applied. With "BrowseOrder Deny,Allow" in the
+# beginning all servers are accepted, then the "BrowseDeny" lines are
+# applied to exclude unwished servers or networks and after that the
+# "BrowseAllow" lines to re-include servers or networks. With
+# "BrowseOrder Allow,Deny" we start with denying all servers, then
+# applying the "BrowseAllow" lines and afterwards the "BrowseDeny"
+# lines.
+
+# Default for "BrowseOrder" is "Deny.Allow" if there are both
+# "BrowseAllow" and "BrowseDeny" lines.
+
+# If there are no "Browse..." lines at all, all servers are accepted.
+
+# BrowseAllow All
+# BrowseAllow cups.example.com
+# BrowseAllow 192.168.1.12
+# BrowseAllow 192.168.1.0/24
+# BrowseAllow 192.168.1.0/255.255.255.0
+
+# BrowseDeny All
+# BrowseDeny printserver.example.com
+# BrowseDeny 192.168.1.13
+# BrowseDeny 192.168.3.0/24
+# BrowseDeny 192.168.3.0/255.255.255.0
+
+# BrowseOrder Deny,Allow
+# BrowseOrder Allow,Deny
+
+
+# The interval between browsing/broadcasting cycles, local and/or
+# remote, can be adjusted with the BrowseInterval directive.
+
+# BrowseInterval 60
+
+
+# Browsing-related operations such as adding or removing printer queues
+# and broadcasting are each allowed to take up to a given amount of time.
+# It can be configured, in seconds, with the BrowseTimeout directive.
+# Especially queues discovered by CUPS broadcasts will be removed after
+# this timeout if no further broadcast from the server happens.
+
+# BrowseTimeout 300
+
+# Filtering of remote printers by other properties than IP addresses
+# of their servers
+
+# Often the desired selection of printers cannot be reached by only
+# taking into account the IP addresses of the servers. For these cases
+# there is the BrowseFilter directive to filter by most of the known
+# properties of the printer.
+
+# By default there is no BrowseFilter line meaning that no filtering
+# is applied.
+
+# To do filtering one can supply one or more BrowseFilter directives
+# like this:
+
+# BrowseFilter [NOT] [EXACT] <FIELD> [<VALUE>]
+
+# The BrowseFilter directive always starts with the word
+# "BrowseFilter" and it must at least contain the name of the data
+# field (<FIELD>) of the printer's properties to which it should
+# apply.
+
+# Available field names are:
+
+#   name:    Name of the local print queue to be created
+#   host:    Host name of the remote print server
+#   port:    Port through which the printer is accessed on the server
+#   service: DNS/SD service name of the remote printer
+#   domain:  Domain of the remote print server
+
+# Also all field names in the TXT records of DNS-SD-advertised printers
+# are valid, like "color", "duplex", "pdl", ... If the field name of
+# the filter rule does not exist for the printer, the rule is skipped.
+
+# The optional <VALUE> field is either the exact value (when the
+# option EXACT is supplied) or a regular expression (Run "man 7 regex"
+# in a terminal window) to be matched with the data field.
+
+# If no <VALUE> filed is supplied, rules with field names of the TXT
+# record are considered for boolean matching (true/false) of boolean
+# field (like duplex, which can have the values "T" for true and "F"
+# for false).
+
+# If the option NOT is supplied, the filter rule is fulfilled if the
+# regular expression or the exact value DOES NOT match the content of
+# the data field. In a boolean rule (without <VALUE>) the rule matches
+# false.
+
+# Regular expressions are always considered case-insensitive and
+# extended POSIX regular expressions. Field names and options (NOT,
+# EXACT) are all evaluated case-insensitive. If there is an error in a
+# regular expression, the BrowseFilter line gets ignored.
+
+# Especially to note is that supplying any simple string consisting of
+# only letters, numbers, spaces, and some basic special characters as
+# a regular expression matches if it is contained somewhere in the
+# data field.
+
+# If there is more than one BrowseFilter directive, ALL the directives
+# need to be fulfilled for the remote printer to be accepted. If one
+# is not fulfilled, the printer will get ignored.
+
+# Examples:
+
+# Rules for standard data items which are supplied with any remote
+# printer advertised via DNS-SD:
+
+# Print queue name must contain "hum_res_", this matches
+# "hum_res_mono" or "hum_res_color" but also "old_hum_res_mono":
+
+# BrowseFilter name hum_res_
+
+# This matches if the remote host name contains "printserver", like
+# "printserver.local", "printserver2.example.com", "newprintserver":
+
+# BrowseFilter host printserver
+
+# This matches all ports with 631 int its number, for example 631,
+# 8631, 10631,...:
+
+# BrowseFilter port 631
+
+# This rule matches if the DNS-SD service name contains "@ printserver":
+
+# Browsefilter service @ printserver
+
+# Matches all domains with "local" in their names, not only "local" but
+# also things like "printlocally.com":
+
+# BrowseFilter domain local
+
+# Examples for rules applying to items of the TXT record:
+
+# This rule selects PostScript printers, as the "PDL" field in the TXT
+# record contains "postscript" then. This includes also remote CUPS
+# queues which accept PostScript, independent of whether the physical
+# printer behind the CUPS queue accepts PostScript or not.
+
+# BrowseFilter pdl postscript
+
+# Color printers usually contain a "Color" entry set to "T" (for true)
+# in the TXT record. This rule selects them:
+
+# BrowseFilter color
+
+# This is a similar rule to select only duplex (automatic double-sided
+# printing) printers:
+
+# BrowseFilter duplex
+
+# Rules with the NOT option:
+
+# This rule EXCLUDES printers from all hosts containing "financial" in
+# their names, nice to get rid of the 100s of printers of the
+# financial department:
+
+# BrowseFilter NOT host financial
+
+# Get only monochrome printers ("Color" set to "F", meaning false, in
+# the TXT record):
+
+# BrowseFilter NOT color
+
+# Rules with more advanced use of regular expressions:
+
+# Only queue names which BEGIN WITH "hum_res_" are accepted now, so we
+# still get "hum_res_mono" or "hum_res_color" but not
+# "old_hum_res_mono" any more:
+
+# BrowseFilter name ^hum_res_
+
+# Server names is accepted if it contains "print_server" OR
+# "graphics_dep_server":
+
+# BrowseFilter host print_server|graphics_dep_server
+
+# "printserver1", "printserver2", and "printserver3", nothing else:
+
+# BrowseFilter host ^printserver[1-3]$
+
+# Printers understanding at least one of PostScript, PCL, or PDF:
+
+# BrowseFilter pdl postscript|pcl|pdf
+
+# Examples for the EXACT option:
+
+# Only printers from "printserver.local" are accepted:
+
+# BrowseFilter EXACT host printserver.local
+
+# Printers from all servers except "prinserver2.local" are accepted:
+
+# BrowseFilter NOT EXACT host prinserver2.local
+
+
+# Use BrowsePoll to poll a particular CUPS server
+
+# BrowsePoll cups.example.com
+# BrowsePoll cups.example.com:631
+# BrowsePoll cups.example.com:631/version=1.1
+
+
+# LDAP browsing configuration
+# The default value for all options is an empty string. Example configuration:
+
+# BrowseLDAPBindDN cn=cups-browsed,dc=domain,dc=tld
+# BrowseLDAPCACertFile /path/to/server/certificate.pem
+# BrowseLDAPDN ou=printers,dc=domain,dc=tld
+# BrowseLDAPFilter (printerLocation=/Office 1/*)
+# BrowseLDAPPassword s3cret
+# BrowseLDAPServer ldaps://ldap.domain.tld
+
+
+# Use DomainSocket to access the local CUPS daemon via another than the
+# default domain socket. "None" or "Off" lets cups-browsed not use CUPS'
+# domain socket.
+
+# DomainSocket /var/run/cups/cups.sock
+# DomainSocket None
+# DomainSocket Off
+
+
+# Set HTTP timeout (in seconds) for requests sent to local/remote
+# resources Note that too short timeouts can make services getting
+# missed when they are present and operations be unneccessarily
+# repeated and too long timeouts can make operations take too long
+# when the server does not respond.
+
+# HttpLocalTimeout 5
+# HttpRemoteTimeout 10
+
+# Set how many retries (N) should cups-browsed do for creating print
+# queues for remote printers which receive timeouts during print queue
+# creation.  The printers which are not successfuly set up even after
+# N retries, are skipped until the next restart of the service.  Note
+# that too many retries can cause high CPU load.
+
+# HttpMaxRetries 5
+
+# Set OnlyUnsupportedByCUPS to "Yes" will make cups-browsed not create
+# local queues for remote printers for which CUPS creates queues by
+# itself.  These printers are printers advertised via DNS-SD and doing
+# CUPS-supported (currently PWG Raster and Apple Raster) driverless
+# printing, including remote CUPS queues. Queues for other printers
+# (like for legacy PostScript/PCL printers) are always created
+# (depending on the other configuration settings of cups-browsed).
+
+# With OnlyUnsupportedByCUPS set to "No", cups-browsed creates queues
+# for all printers which it supports, including printers for which
+# CUPS would create queues by itself. Temporary queues created by CUPS
+# will get overwritten. This way it is assured that any extra
+# functionality of cups-browsed will apply to these queues. As queues
+# created by cups-browsed are permanent CUPS queues this setting is
+# also recommended if applications/print dialogs which do not support
+# temporary CUPS queues are installed. This setting is the default.
+
+# OnlyUnsupportedByCUPS Yes
+
+
+# With UseCUPSGeneratedPPDs set to "Yes" cups-browsed creates queues
+# for IPP printers with PPDs generated by the PPD generator of CUPS
+# and not with the one of cups-browsed. So any new development in
+# CUPS' PPD generator gets available. As CUPS' PPD generator is not
+# directly accessible, we need to make CUPS generate a temporary print
+# queue with the desired PPD. Therefore we can only use these PPDs
+# when our queue replaces a temporary CUPS queue, meaning that the
+# queue is for a printer on which CUPS supports driverless printing
+# (IPP 2.x, PDLs: PDF, PWG Raster, and/or Apple Raster) and that its
+# name is the same as CUPS uses for the temporary queue
+# ("LocalQueueNamingIPPPrinter DNS-SD" must be set). The directive
+# applies only to IPP printers, not to remote CUPS queues, to not
+# break clustering. Setting this directive to "No" lets cups-browsed
+# generate the PPD file. Default setting is "No".
+
+# UseCUPSGeneratedPPDs No
+
+
+# With the directives LocalQueueNamingRemoteCUPS and
+# LocalQueueNamingIPPPrinter you can determine how the names for local
+# queues generated by cups-browsed are generated, separately for
+# remote CUPS printers and IPP printers.
+
+# DNS-SD (the default in both cases) bases the naming on the service
+# name of the printer's advertised DNS-SD record. This is exactly the
+# same naming scheme as CUPS uses for its temporary queues, so the
+# local queue from cups-browsed prevents CUPS from listing and
+# creating an additional queue. As DNS-SD service names have to be
+# unique, queue names of printers from different servers will also be
+# unique and so there is no automatic clustering for load-balanced
+# printing.
+
+# MakeModel bases the queue name on the printer's manufacturer and
+# model names. This scheme cups-browsed used formerly for IPP
+# printers.
+
+# RemoteName is only available for remote CUPS queues and uses the
+# name of the queue on the remote CUPS server as the local queue's
+# name. This makes printers on different CUPS servers with equal queue
+# names automatically forming a load-balancing cluster as CUPS did
+# formerly (CUPS 1.5.x and older) with CUPS-broadcasted remote
+# printers. This scheme cups-browsed used formerly for remote CUPS
+# printers.
+
+# LocalQueueNamingRemoteCUPS DNS-SD
+# LocalQueueNamingRemoteCUPS MakeModel
+# LocalQueueNamingRemoteCUPS RemoteName
+# LocalQueueNamingIPPPrinter DNS-SD
+# LocalQueueNamingIPPPrinter MakeModel
+
+
+# Set DNSSDBasedDeviceURIs to "Yes" if cups-browsed should use
+# DNS-SD-service-name-based device URIs for its local queues, as CUPS
+# also does. These queues use the DNS-SD service name of the
+# discovered printer. With this the URI is independent of network
+# interfaces and ports, giving reliable connections to always the same
+# physical device. This setting is the default.
+
+# Set DNSSDBasedDeviceURIs to "No" if cups-browsed should use the
+# conventional host-name/IP-based URIs.
+
+# Note that this option has only influence on URIs for printers
+# discovered via DNS-SD, not via legacy CUPS broewsing or LDAP.
+# Those printers get always assigned the conventional URIs.
+
+# DNSSDBasedDeviceURIs Yes
+
+
+# Set IPBasedDeviceURIs to "Yes" if cups-browsed should create its
+# local queues with device URIs with the IP addresses instead of the
+# host names of the remote servers. This mode is there for any
+# problems with host name resolution in the network, especially also
+# if avahi-daemon is only run for printer discovery and already
+# stopped while still printing. By default this mode is turned off,
+# meaning that we use URIs with host names.
+
+# Note that the IP addresses depend on the network interface through
+# which the printer is accessed. So do not use IP-based URIs on systems
+# with many network interfaces and where interfaces can appear and
+# disappear frequently.
+
+# This mode could also be useful for development and debugging.
+
+# If you prefer IPv4 or IPv6 IP addresses in the URIs, you can set
+# IPBasedDeviceURIs to "IPv4" to only get IPv4 IP addresses or
+# IPBasedDeviceURIs to "IPv6" to only get IPv6 IP addresses.
+
+# IPBasedDeviceURIs No
+# IPBasedDeviceURIs Yes
+# IPBasedDeviceURIs IPv4
+# IPBasedDeviceURIs IPv6
+
+# The AllowResharingRemoteCUPSPrinters directive determines whether a
+# print queue pointing to a remote CUPS queue will be re-shared to the
+# local network or not. Since the queues generated using the BrowsePoll
+# directive are also pointing to remote queues, they are also shared
+# automatically if the following option is set. Default is not to share
+# remote printers.
+
+# AllowResharingRemoteCUPSPrinters Yes
+
+# The NewBrowsePollQueuesShared directive determines whether a print
+# queue for a newly discovered printer (discovered by the BrowsePoll directive)
+# will be shared to the local network or not. This directive will only work
+# if AllowResharingRemoteCUPSPrinters is set to yes. Default is
+# not to share printers discovered using BrowsePoll.
+
+# NewBrowsePollQueuesShared Yes
+
+# Set CreateRemoteRawPrinterQueues to "Yes" to let cups-browsed also
+# create local queues pointing to remote raw CUPS queues. Normally,
+# only queues pointing to remote queues with PPD/driver are created
+# as we do not use drivers on the client side, but in some cases
+# accessing a remote raw queue can make sense, for example if the
+# queue forwards the jobs by a special backend like Tea4CUPS.
+
+# CreateRemoteRawPrinterQueues Yes
+
+
+# cups-browsed by default creates local print queues for each shared
+# CUPS print queue which it discovers on remote machines in the local
+# network(s). Set CreateRemoteCUPSPrinterQueues to "No" if you do not
+# want cups-browsed to do this. For example you can set cups-browsed
+# to only create queues for IPP network printers setting
+# CreateIPPPrinterQueues not to "No" and CreateRemoteCUPSPrinterQueues
+# to "No".
+
+# CreateRemoteCUPSPrinterQueues No
+
+
+# Set CreateIPPPrinterQueues to "All" to let cups-browsed discover IPP
+# network printers (native printers, not CUPS queues) with known page
+# description languages (PWG Raster, PDF, PostScript, PCL XL, PCL
+# 5c/e) in the local network and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Everywhere" to let cups-browsed
+# discover IPP Everywhere printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "AppleRaster" to let cups-browsed
+# discover Apple Raster printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Driverless" to let cups-browsed
+# discover printers designed for driverless use (currently IPP
+# Everywhere and Apple Raster) in the local network (native printers,
+# not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "LocalOnly" to auto-create print
+# queues only for local printers made available as IPP printers. These
+# are for example IPP-over-USB printers, made available via
+# ippusbxd. This is the default.
+
+# Set CreateIPPPrinterQueues to "No" to not auto-create print queues
+# for IPP network printers.
+
+# If queues with PPD file are created (see IPPPrinterQueueType
+# directive below) the PPDs are auto-generated by cups-browsed based
+# on properties of the printer polled via IPP. In case of missing
+# information, info from the Bonjour record is used asd as last mean
+# default values.
+
+# If queues without PPD (see IPPPrinterQueueType directive below) are
+# created clients have to IPP-poll the capabilities of the printer and
+# send option settings as standard IPP attributes. Then we do not poll
+# the capabilities by ourselves to not wake up the printer from
+# power-saving mode when creating the queues. Jobs have to be sent in
+# one of PDF, PWG Raster, or JPEG format. Other formats are not
+# accepted.
+
+# This functionality is primarily for mobile devices running
+# CUPS to not need a printer setup tool nor a collection of printer
+# drivers and PPDs.
+
+# CreateIPPPrinterQueues No
+# CreateIPPPrinterQueues LocalOnly
+# CreateIPPPrinterQueues Everywhere
+# CreateIPPPrinterQueues AppleRaster
+# CreateIPPPrinterQueues Everywhere AppleRaster
+# CreateIPPPrinterQueues Driverless
+# CreateIPPPrinterQueues All
+
+
+# If cups-browsed is automatically creating print queues for native
+# IPP network printers ("CreateIPPPrinterQueues Yes"), the type of
+# queue to be created can be selected by the "IPPPrinterQueueType"
+# directive. The "PPD" (default) setting makes queues with PPD file
+# being created. With "Interface" or "NoPPD" the queue is created with
+# a System V interface script (Not supported with CUPS 2.2.x or
+# later). "Auto" is for backward compatibility and also lets queues
+# with PPD get created.
+
+# IPPPrinterQueueType PPD
+# IPPPrinterQueueType NoPPD
+# IPPPrinterQueueType Interface
+# IPPPrinterQueueType Auto
+
+
+# The NewIPPPrinterQueuesShared directive determines whether a print
+# queue for a newly discovered IPP network printer (not remote CUPS
+# queue) will be shared to the local network or not. This is only
+# valid for newly discovered printers. For printers discovered in an
+# earlier cups-browsed session, cups-browsed will remember whether the
+# printer was shared, so changes by the user get conserved. Default is
+# not to share newly discovered IPP printers.
+
+# NewIPPPrinterQueuesShared Yes
+
+
+# If there is more than one remote CUPS printer whose local queue
+# would get the same name and AutoClustering is set to "Yes" (the
+# default) only one local queue is created which makes up a
+# load-balancing cluster of the remote printers which would get this
+# queue name (implicit class). This means that when several jobs are
+# sent to this queue they get distributed between the printers, using
+# the method chosen by the LoadBalancing directive.
+
+# Note that the forming of clusters depends on the naming scheme for
+# local queues created by cups-browsed. If you have set
+# LocalQueueNamingRemoteCUPS to "DNSSD" you will not get automatic
+# clustering as the DNS-SD service names are always unique. With
+# LocalQueueNamingRemoteCUPS set to "RemoteName" local queues are
+# named as the CUPS queues on the remote servers are named and so
+# equally named queues on different servers get clustered (this is how
+# CUPS did it in version 1.5.x or older). LocalQueueNamingRemoteCUPS
+# set to "MakeModel" makes remote printers of the same model get
+# clustered. Note that then a cluster can contain more than one queue
+# of the same server.
+
+# With AutoClustering set to "No", for each remote CUPS printer an
+# individual local queue is created, and to avoid name clashes when
+# using the LocalQueueNamingRemoteCUPS settings "RemoteName" or
+# "MakeModel" "@<server name>" is added to the local queue name.
+
+# Only remote CUPS printers get clustered, not IPP network printers or
+# IPP-over-USB printers.
+
+# AutoClustering Yes
+# AutoClustering No
+
+
+# Load-balancing printer cluster formation can also be manually
+# controlled by defining explicitly which remote CUPS printers should
+# get clustered together.
+
+# This is done by the "Cluster" directive:
+
+# Cluster <QUEUENAME>: <EXPRESSION1> <EXPRESSION2> ...
+# Cluster <QUEUENAME>
+
+# If no expressions are given, <QUEUENAME> is used as the first and
+# only expression for this cluster.
+
+# Discovered printers are matched against all the expressions of all
+# defined clusters. The first expression which matches the discovered
+# printer determines to which cluster it belongs. Note that this way a
+# printer can only belong to one cluster. Once matched, further
+# cluster definitions will not checked any more.
+
+# With the first printer matching a cluster's expression a local queue
+# with the name <QUEUENAME> is created. If more printers are
+# discovered and match this cluster, they join the cluster. Printing
+# to this queue prints to all these printers in a load-balancing
+# manner, according to to the setting of the LoadBalancing directive.
+
+# Each expression must be a string of characters without spaces. If
+# spaces are needed, replace them by underscores ('_').
+
+# An expression can be matched in three ways:
+
+# 1. By the name of the CUPS queue on the remote server
+# 2. By make and model name of the remote printer
+# 3. By the DNS-SD service name of the remote printer
+
+# Note that the matching is done case-insensitively and any group of
+# non-alphanumerical characters is replaced by a single underscore.
+
+# So if an expression is "HP_DeskJet_2540" and the remote server
+# reports "hp Deskjet-2540" the printer gets matched to this cluster.
+
+# If "AutoClustering" is not set to "No" both your manual cluster
+# definitions will be followed and automatic clustering of
+# equally-named remote queues will be performed. If a printer matches
+# in both categories the match to the manually defined cluster has
+# priority. Automatic clustering of equally-named remote printers is
+# not performed if there is a manually defined cluster with this name
+# (at least as the printers do not match this cluster).
+
+# Examples:
+
+# To cluster all remote CUPS queues named "laserprinter" in your local
+# network but not cluster any other equally-named remote CUPS printers
+# use (Local queue will get named "laserprinter"):
+
+# AutoClustering No
+# Cluster laserprinter
+
+# To cluster all remote CUPS queues of HP LaserJet 4050 printers in a
+# local queue named "LJ4050":
+
+# Cluster LJ4050: HP_LaserJet_4050
+
+# As DNS-SD service names are unique in a network you can create a
+# cluster from exactly specified printers (spaces replaced by
+# underscors):
+
+# Cluster hrdep: oldlaser_@_hr-server1 newlaser_@_hr-server2
+
+
+# The LoadBalancing directive switches between two methods of handling
+# load balancing between equally-named remote queues which are
+# represented by one local print queue making up a cluster of them
+# (implicit class).
+
+# The two methods are:
+
+# Queuing of jobs on the client (LoadBalancing QueueOnClient):
+
+# Here we queue up the jobs on the client and regularly check the
+# clustered remote print queues. If we find an idle queue, we pass
+# on a job to it.
+
+# This is also the method which CUPS uses for classes. Advantage is a
+# more even distribution of the job workload on the servers
+# (especially if the printing speed of the servers is very different),
+# and if a server fails, there are not several jobs stuck or
+# lost. Disadvantage is that if one takes the client (laptop, mobile
+# phone, ...) out of the local network, printing stops with the jobs
+# waiting in the local queue.
+
+# Queuing of jobs on the servers (LoadBalancing QueueOnServers):
+
+# Here we check the number of jobs on each of the clustered remote
+# printers and send an incoming job immediately to the remote printer
+# with the lowest amount of jobs in its queue. This way no jobs queue
+# up locally, all jobs which are waiting are waiting on one of the
+# remote servers.
+
+# Not having jobs waiting locally has the advantage that we can take
+# the local machine from the network and all jobs get printed.
+# Disadvantage is that if a server with a full queue of jobs goes
+# away, the jobs go away, too.
+
+# Default is queuing the jobs on the client as this is what CUPS does
+# with classes.
+
+# LoadBalancing QueueOnClient
+# LoadBalancing QueueOnServers
+
+
+# With the DefaultOptions directive one or more option settings can be
+# defined to be applied to every print queue newly created by
+# cups-browsed. Each option is supplied as one supplies options with
+# the "-o" command line argument to the "lpadmin" command (Run "man
+# lpadmin" for more details). More than one option can be supplied
+# separating the options by spaces. By default no option settings are
+# pre-defined.
+
+# Note that print queues which cups-browsed already created before
+# remember their previous settings and so these settings do not get
+# applied.
+
+# DefaultOptions Option1=Value1 Option2=Value2 Option3 noOption4
+
+
+# The AutoShutdown directive specifies whether cups-browsed should
+# automatically terminate when it has no local raw queues set up
+# pointing to any discovered remote printers or no jobs on such queues
+# depending on AutoShutdownOn setting (auto shutdown mode). Setting it
+# to "On" activates the auto-shutdown mode, setting it to "Off"
+# deactiivates it (the default). The special mode "avahi" turns auto
+# shutdown off while avahi-daemon is running and on when avahi-daemon
+# stops. This allows running cups-browsed on-demand when avahi-daemon
+# is run on-demand.
+
+# AutoShutdown Off
+# AutoShutdown On
+# AutoShutdown avahi
+
+
+# The AutoShutdownOn directive determines what event cups-browsed
+# considers as inactivity in auto shutdown mode. "NoQueues" (the
+# default) means that auto shutdown is initiated when there are no
+# queues for discovered remote printers generated by cups-browsed any
+# more. "NoJobs" means that all queues generated by cups-browsed are
+# without jobs.
+
+# AutoShutdownOn NoQueues
+# AutoShutdownOn NoJobs
+
+
+# The AutoShutdownTimeout directive specifies after how many seconds
+# without local raw queues set up pointing to any discovered remote
+# printers or jobs on these queues cups-browsed should actually shut
+# down in auto shutdown mode. Default is 30 seconds, 0 means immediate
+# shutdown.
+
+# AutoShutdownTimeout 30

roles/common/templates/etc/cups/cups-browsed.conf.server.j2

@@ -0,0 +1,747 @@
+# {{ ansible_managed }}
+
+# All configuration options described here can also be supplied on the
+# command line of cups-browsed via the "-o" option. In case of
+# contradicting settings the setting defined in the configuration file
+# will get used.
+
+# Unknown directives are ignored, also unknown values.
+
+
+# Where should cups-browsed save information about the print queues it had
+# generated when shutting down, like whether one of these queues was the
+# default printer, or default option settings of the queues?
+
+# CacheDir /var/cache/cups
+
+
+# Where should cups-browsed create its debug log file (if "DebugLogging file"
+# is set)?
+
+# LogDir /var/log/cups
+
+
+# How should debug logging be done? Into the file
+# /var/log/cups/cups-browsed_log ('file'), to stderr ('stderr'), or
+# not at all ('none')?
+
+# Note that if cups-browsed is running as a system service (for
+# example via systemd) logging to stderr makes the log output going to
+# the journal or syslog. Only if you run cups-browsed from the command
+# line (for development or debugging) it will actually appear on
+# stderr.
+
+# DebugLogging file
+# DebugLogging stderr
+# DebugLogging file stderr
+# DebugLogging none
+
+
+# Which protocols will we use to discover printers on the network?
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+#BrowseRemoteProtocols dnssd cups
+BrowseRemoteProtocols none
+
+
+# Which protocols will we use to broadcast shared local printers to the network?
+# Can use DNSSD and/or CUPS, or 'none' for neither.
+# Only CUPS is actually supported, as DNSSD is done by CUPS itself (we ignore
+# DNSSD in this directive).
+
+# BrowseLocalProtocols none
+BrowseLocalProtocols CUPS
+
+
+# Settings of this directive apply to both BrowseRemoteProtocols and
+# BrowseLocalProtocols.
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+# BrowseProtocols none
+
+
+# Only browse remote printers (via DNS-SD or CUPS browsing) from
+# selected servers using the "BrowseAllow", "BrowseDeny", and
+# "BrowseOrder" directives
+
+# This serves for restricting the choice of printers in print dialogs
+# to trusted servers or to reduce the number of listed printers in the
+# print dialogs to a more user-friendly amount in large networks with
+# very many shared printers.
+
+# This only filters the selection of remote printers for which
+# cups-browsed creates local queues. If the print dialog uses other
+# mechanisms to list remote printers as for example direct DNS-SD
+# access, cups-browsed has no influence. cups-browsed also does not
+# prevent the user from manually accessing non-listed printers.
+
+# "BrowseAllow": Accept printers from these hosts or networks. If
+# there are only "BrowseAllow" lines and no "BrowseOrder" and/or
+# "BrowseDeny" lines, only servers matching at last one "BrowseAllow"
+# line are accepted.
+
+# "BrowseDeny": Deny printers from these hosts or networks. If there
+# are only "BrowseDeny" lines and no "BrowseOrder" and/or
+# "BrowseAllow" lines, all servers NOT matching any of the
+# "BrowseDeny" lines are accepted.
+
+# "BrowseOrder": Determine the order in which "BrowseAllow" and
+# "BrowseDeny" lines are applied. With "BrowseOrder Deny,Allow" in the
+# beginning all servers are accepted, then the "BrowseDeny" lines are
+# applied to exclude unwished servers or networks and after that the
+# "BrowseAllow" lines to re-include servers or networks. With
+# "BrowseOrder Allow,Deny" we start with denying all servers, then
+# applying the "BrowseAllow" lines and afterwards the "BrowseDeny"
+# lines.
+
+# Default for "BrowseOrder" is "Deny.Allow" if there are both
+# "BrowseAllow" and "BrowseDeny" lines.
+
+# If there are no "Browse..." lines at all, all servers are accepted.
+
+# BrowseAllow All
+# BrowseAllow cups.example.com
+# BrowseAllow 192.168.1.12
+# BrowseAllow 192.168.1.0/24
+# BrowseAllow 192.168.1.0/255.255.255.0
+
+# BrowseDeny All
+# BrowseDeny printserver.example.com
+# BrowseDeny 192.168.1.13
+# BrowseDeny 192.168.3.0/24
+# BrowseDeny 192.168.3.0/255.255.255.0
+
+# BrowseOrder Deny,Allow
+# BrowseOrder Allow,Deny
+
+
+# The interval between browsing/broadcasting cycles, local and/or
+# remote, can be adjusted with the BrowseInterval directive.
+
+# BrowseInterval 60
+
+
+# Browsing-related operations such as adding or removing printer queues
+# and broadcasting are each allowed to take up to a given amount of time.
+# It can be configured, in seconds, with the BrowseTimeout directive.
+# Especially queues discovered by CUPS broadcasts will be removed after
+# this timeout if no further broadcast from the server happens.
+
+# BrowseTimeout 300
+
+# Filtering of remote printers by other properties than IP addresses
+# of their servers
+
+# Often the desired selection of printers cannot be reached by only
+# taking into account the IP addresses of the servers. For these cases
+# there is the BrowseFilter directive to filter by most of the known
+# properties of the printer.
+
+# By default there is no BrowseFilter line meaning that no filtering
+# is applied.
+
+# To do filtering one can supply one or more BrowseFilter directives
+# like this:
+
+# BrowseFilter [NOT] [EXACT] <FIELD> [<VALUE>]
+
+# The BrowseFilter directive always starts with the word
+# "BrowseFilter" and it must at least contain the name of the data
+# field (<FIELD>) of the printer's properties to which it should
+# apply.
+
+# Available field names are:
+
+#   name:    Name of the local print queue to be created
+#   host:    Host name of the remote print server
+#   port:    Port through which the printer is accessed on the server
+#   service: DNS/SD service name of the remote printer
+#   domain:  Domain of the remote print server
+
+# Also all field names in the TXT records of DNS-SD-advertised printers
+# are valid, like "color", "duplex", "pdl", ... If the field name of
+# the filter rule does not exist for the printer, the rule is skipped.
+
+# The optional <VALUE> field is either the exact value (when the
+# option EXACT is supplied) or a regular expression (Run "man 7 regex"
+# in a terminal window) to be matched with the data field.
+
+# If no <VALUE> filed is supplied, rules with field names of the TXT
+# record are considered for boolean matching (true/false) of boolean
+# field (like duplex, which can have the values "T" for true and "F"
+# for false).
+
+# If the option NOT is supplied, the filter rule is fulfilled if the
+# regular expression or the exact value DOES NOT match the content of
+# the data field. In a boolean rule (without <VALUE>) the rule matches
+# false.
+
+# Regular expressions are always considered case-insensitive and
+# extended POSIX regular expressions. Field names and options (NOT,
+# EXACT) are all evaluated case-insensitive. If there is an error in a
+# regular expression, the BrowseFilter line gets ignored.
+
+# Especially to note is that supplying any simple string consisting of
+# only letters, numbers, spaces, and some basic special characters as
+# a regular expression matches if it is contained somewhere in the
+# data field.
+
+# If there is more than one BrowseFilter directive, ALL the directives
+# need to be fulfilled for the remote printer to be accepted. If one
+# is not fulfilled, the printer will get ignored.
+
+# Examples:
+
+# Rules for standard data items which are supplied with any remote
+# printer advertised via DNS-SD:
+
+# Print queue name must contain "hum_res_", this matches
+# "hum_res_mono" or "hum_res_color" but also "old_hum_res_mono":
+
+# BrowseFilter name hum_res_
+
+# This matches if the remote host name contains "printserver", like
+# "printserver.local", "printserver2.example.com", "newprintserver":
+
+# BrowseFilter host printserver
+
+# This matches all ports with 631 int its number, for example 631,
+# 8631, 10631,...:
+
+# BrowseFilter port 631
+
+# This rule matches if the DNS-SD service name contains "@ printserver":
+
+# Browsefilter service @ printserver
+
+# Matches all domains with "local" in their names, not only "local" but
+# also things like "printlocally.com":
+
+# BrowseFilter domain local
+
+# Examples for rules applying to items of the TXT record:
+
+# This rule selects PostScript printers, as the "PDL" field in the TXT
+# record contains "postscript" then. This includes also remote CUPS
+# queues which accept PostScript, independent of whether the physical
+# printer behind the CUPS queue accepts PostScript or not.
+
+# BrowseFilter pdl postscript
+
+# Color printers usually contain a "Color" entry set to "T" (for true)
+# in the TXT record. This rule selects them:
+
+# BrowseFilter color
+
+# This is a similar rule to select only duplex (automatic double-sided
+# printing) printers:
+
+# BrowseFilter duplex
+
+# Rules with the NOT option:
+
+# This rule EXCLUDES printers from all hosts containing "financial" in
+# their names, nice to get rid of the 100s of printers of the
+# financial department:
+
+# BrowseFilter NOT host financial
+
+# Get only monochrome printers ("Color" set to "F", meaning false, in
+# the TXT record):
+
+# BrowseFilter NOT color
+
+# Rules with more advanced use of regular expressions:
+
+# Only queue names which BEGIN WITH "hum_res_" are accepted now, so we
+# still get "hum_res_mono" or "hum_res_color" but not
+# "old_hum_res_mono" any more:
+
+# BrowseFilter name ^hum_res_
+
+# Server names is accepted if it contains "print_server" OR
+# "graphics_dep_server":
+
+# BrowseFilter host print_server|graphics_dep_server
+
+# "printserver1", "printserver2", and "printserver3", nothing else:
+
+# BrowseFilter host ^printserver[1-3]$
+
+# Printers understanding at least one of PostScript, PCL, or PDF:
+
+# BrowseFilter pdl postscript|pcl|pdf
+
+# Examples for the EXACT option:
+
+# Only printers from "printserver.local" are accepted:
+
+# BrowseFilter EXACT host printserver.local
+
+# Printers from all servers except "prinserver2.local" are accepted:
+
+# BrowseFilter NOT EXACT host prinserver2.local
+
+
+# Use BrowsePoll to poll a particular CUPS server
+
+# BrowsePoll cups.example.com
+# BrowsePoll cups.example.com:631
+# BrowsePoll cups.example.com:631/version=1.1
+
+
+# LDAP browsing configuration
+# The default value for all options is an empty string. Example configuration:
+
+# BrowseLDAPBindDN cn=cups-browsed,dc=domain,dc=tld
+# BrowseLDAPCACertFile /path/to/server/certificate.pem
+# BrowseLDAPDN ou=printers,dc=domain,dc=tld
+# BrowseLDAPFilter (printerLocation=/Office 1/*)
+# BrowseLDAPPassword s3cret
+# BrowseLDAPServer ldaps://ldap.domain.tld
+
+
+# Use DomainSocket to access the local CUPS daemon via another than the
+# default domain socket. "None" or "Off" lets cups-browsed not use CUPS'
+# domain socket.
+
+# DomainSocket /var/run/cups/cups.sock
+# DomainSocket None
+# DomainSocket Off
+
+
+# Set HTTP timeout (in seconds) for requests sent to local/remote
+# resources Note that too short timeouts can make services getting
+# missed when they are present and operations be unneccessarily
+# repeated and too long timeouts can make operations take too long
+# when the server does not respond.
+
+# HttpLocalTimeout 5
+# HttpRemoteTimeout 10
+
+# Set how many retries (N) should cups-browsed do for creating print
+# queues for remote printers which receive timeouts during print queue
+# creation.  The printers which are not successfuly set up even after
+# N retries, are skipped until the next restart of the service.  Note
+# that too many retries can cause high CPU load.
+
+# HttpMaxRetries 5
+
+# Set OnlyUnsupportedByCUPS to "Yes" will make cups-browsed not create
+# local queues for remote printers for which CUPS creates queues by
+# itself.  These printers are printers advertised via DNS-SD and doing
+# CUPS-supported (currently PWG Raster and Apple Raster) driverless
+# printing, including remote CUPS queues. Queues for other printers
+# (like for legacy PostScript/PCL printers) are always created
+# (depending on the other configuration settings of cups-browsed).
+
+# With OnlyUnsupportedByCUPS set to "No", cups-browsed creates queues
+# for all printers which it supports, including printers for which
+# CUPS would create queues by itself. Temporary queues created by CUPS
+# will get overwritten. This way it is assured that any extra
+# functionality of cups-browsed will apply to these queues. As queues
+# created by cups-browsed are permanent CUPS queues this setting is
+# also recommended if applications/print dialogs which do not support
+# temporary CUPS queues are installed. This setting is the default.
+
+# OnlyUnsupportedByCUPS Yes
+
+
+# With UseCUPSGeneratedPPDs set to "Yes" cups-browsed creates queues
+# for IPP printers with PPDs generated by the PPD generator of CUPS
+# and not with the one of cups-browsed. So any new development in
+# CUPS' PPD generator gets available. As CUPS' PPD generator is not
+# directly accessible, we need to make CUPS generate a temporary print
+# queue with the desired PPD. Therefore we can only use these PPDs
+# when our queue replaces a temporary CUPS queue, meaning that the
+# queue is for a printer on which CUPS supports driverless printing
+# (IPP 2.x, PDLs: PDF, PWG Raster, and/or Apple Raster) and that its
+# name is the same as CUPS uses for the temporary queue
+# ("LocalQueueNamingIPPPrinter DNS-SD" must be set). The directive
+# applies only to IPP printers, not to remote CUPS queues, to not
+# break clustering. Setting this directive to "No" lets cups-browsed
+# generate the PPD file. Default setting is "No".
+
+# UseCUPSGeneratedPPDs No
+
+
+# With the directives LocalQueueNamingRemoteCUPS and
+# LocalQueueNamingIPPPrinter you can determine how the names for local
+# queues generated by cups-browsed are generated, separately for
+# remote CUPS printers and IPP printers.
+
+# DNS-SD (the default in both cases) bases the naming on the service
+# name of the printer's advertised DNS-SD record. This is exactly the
+# same naming scheme as CUPS uses for its temporary queues, so the
+# local queue from cups-browsed prevents CUPS from listing and
+# creating an additional queue. As DNS-SD service names have to be
+# unique, queue names of printers from different servers will also be
+# unique and so there is no automatic clustering for load-balanced
+# printing.
+
+# MakeModel bases the queue name on the printer's manufacturer and
+# model names. This scheme cups-browsed used formerly for IPP
+# printers.
+
+# RemoteName is only available for remote CUPS queues and uses the
+# name of the queue on the remote CUPS server as the local queue's
+# name. This makes printers on different CUPS servers with equal queue
+# names automatically forming a load-balancing cluster as CUPS did
+# formerly (CUPS 1.5.x and older) with CUPS-broadcasted remote
+# printers. This scheme cups-browsed used formerly for remote CUPS
+# printers.
+
+# LocalQueueNamingRemoteCUPS DNS-SD
+# LocalQueueNamingRemoteCUPS MakeModel
+# LocalQueueNamingRemoteCUPS RemoteName
+# LocalQueueNamingIPPPrinter DNS-SD
+# LocalQueueNamingIPPPrinter MakeModel
+
+
+# Set DNSSDBasedDeviceURIs to "Yes" if cups-browsed should use
+# DNS-SD-service-name-based device URIs for its local queues, as CUPS
+# also does. These queues use the DNS-SD service name of the
+# discovered printer. With this the URI is independent of network
+# interfaces and ports, giving reliable connections to always the same
+# physical device. This setting is the default.
+
+# Set DNSSDBasedDeviceURIs to "No" if cups-browsed should use the
+# conventional host-name/IP-based URIs.
+
+# Note that this option has only influence on URIs for printers
+# discovered via DNS-SD, not via legacy CUPS broewsing or LDAP.
+# Those printers get always assigned the conventional URIs.
+
+# DNSSDBasedDeviceURIs Yes
+
+
+# Set IPBasedDeviceURIs to "Yes" if cups-browsed should create its
+# local queues with device URIs with the IP addresses instead of the
+# host names of the remote servers. This mode is there for any
+# problems with host name resolution in the network, especially also
+# if avahi-daemon is only run for printer discovery and already
+# stopped while still printing. By default this mode is turned off,
+# meaning that we use URIs with host names.
+
+# Note that the IP addresses depend on the network interface through
+# which the printer is accessed. So do not use IP-based URIs on systems
+# with many network interfaces and where interfaces can appear and
+# disappear frequently.
+
+# This mode could also be useful for development and debugging.
+
+# If you prefer IPv4 or IPv6 IP addresses in the URIs, you can set
+# IPBasedDeviceURIs to "IPv4" to only get IPv4 IP addresses or
+# IPBasedDeviceURIs to "IPv6" to only get IPv6 IP addresses.
+
+# IPBasedDeviceURIs No
+# IPBasedDeviceURIs Yes
+# IPBasedDeviceURIs IPv4
+# IPBasedDeviceURIs IPv6
+
+# The AllowResharingRemoteCUPSPrinters directive determines whether a
+# print queue pointing to a remote CUPS queue will be re-shared to the
+# local network or not. Since the queues generated using the BrowsePoll
+# directive are also pointing to remote queues, they are also shared
+# automatically if the following option is set. Default is not to share
+# remote printers.
+
+# AllowResharingRemoteCUPSPrinters Yes
+
+# The NewBrowsePollQueuesShared directive determines whether a print
+# queue for a newly discovered printer (discovered by the BrowsePoll directive)
+# will be shared to the local network or not. This directive will only work
+# if AllowResharingRemoteCUPSPrinters is set to yes. Default is
+# not to share printers discovered using BrowsePoll.
+
+# NewBrowsePollQueuesShared Yes
+
+# Set CreateRemoteRawPrinterQueues to "Yes" to let cups-browsed also
+# create local queues pointing to remote raw CUPS queues. Normally,
+# only queues pointing to remote queues with PPD/driver are created
+# as we do not use drivers on the client side, but in some cases
+# accessing a remote raw queue can make sense, for example if the
+# queue forwards the jobs by a special backend like Tea4CUPS.
+
+# CreateRemoteRawPrinterQueues Yes
+
+
+# cups-browsed by default creates local print queues for each shared
+# CUPS print queue which it discovers on remote machines in the local
+# network(s). Set CreateRemoteCUPSPrinterQueues to "No" if you do not
+# want cups-browsed to do this. For example you can set cups-browsed
+# to only create queues for IPP network printers setting
+# CreateIPPPrinterQueues not to "No" and CreateRemoteCUPSPrinterQueues
+# to "No".
+
+# CreateRemoteCUPSPrinterQueues No
+
+
+# Set CreateIPPPrinterQueues to "All" to let cups-browsed discover IPP
+# network printers (native printers, not CUPS queues) with known page
+# description languages (PWG Raster, PDF, PostScript, PCL XL, PCL
+# 5c/e) in the local network and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Everywhere" to let cups-browsed
+# discover IPP Everywhere printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "AppleRaster" to let cups-browsed
+# discover Apple Raster printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Driverless" to let cups-browsed
+# discover printers designed for driverless use (currently IPP
+# Everywhere and Apple Raster) in the local network (native printers,
+# not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "LocalOnly" to auto-create print
+# queues only for local printers made available as IPP printers. These
+# are for example IPP-over-USB printers, made available via
+# ippusbxd. This is the default.
+
+# Set CreateIPPPrinterQueues to "No" to not auto-create print queues
+# for IPP network printers.
+
+# If queues with PPD file are created (see IPPPrinterQueueType
+# directive below) the PPDs are auto-generated by cups-browsed based
+# on properties of the printer polled via IPP. In case of missing
+# information, info from the Bonjour record is used asd as last mean
+# default values.
+
+# If queues without PPD (see IPPPrinterQueueType directive below) are
+# created clients have to IPP-poll the capabilities of the printer and
+# send option settings as standard IPP attributes. Then we do not poll
+# the capabilities by ourselves to not wake up the printer from
+# power-saving mode when creating the queues. Jobs have to be sent in
+# one of PDF, PWG Raster, or JPEG format. Other formats are not
+# accepted.
+
+# This functionality is primarily for mobile devices running
+# CUPS to not need a printer setup tool nor a collection of printer
+# drivers and PPDs.
+
+# CreateIPPPrinterQueues No
+# CreateIPPPrinterQueues LocalOnly
+# CreateIPPPrinterQueues Everywhere
+# CreateIPPPrinterQueues AppleRaster
+# CreateIPPPrinterQueues Everywhere AppleRaster
+# CreateIPPPrinterQueues Driverless
+# CreateIPPPrinterQueues All
+
+
+# If cups-browsed is automatically creating print queues for native
+# IPP network printers ("CreateIPPPrinterQueues Yes"), the type of
+# queue to be created can be selected by the "IPPPrinterQueueType"
+# directive. The "PPD" (default) setting makes queues with PPD file
+# being created. With "Interface" or "NoPPD" the queue is created with
+# a System V interface script (Not supported with CUPS 2.2.x or
+# later). "Auto" is for backward compatibility and also lets queues
+# with PPD get created.
+
+# IPPPrinterQueueType PPD
+# IPPPrinterQueueType NoPPD
+# IPPPrinterQueueType Interface
+# IPPPrinterQueueType Auto
+
+
+# The NewIPPPrinterQueuesShared directive determines whether a print
+# queue for a newly discovered IPP network printer (not remote CUPS
+# queue) will be shared to the local network or not. This is only
+# valid for newly discovered printers. For printers discovered in an
+# earlier cups-browsed session, cups-browsed will remember whether the
+# printer was shared, so changes by the user get conserved. Default is
+# not to share newly discovered IPP printers.
+
+# NewIPPPrinterQueuesShared Yes
+
+
+# If there is more than one remote CUPS printer whose local queue
+# would get the same name and AutoClustering is set to "Yes" (the
+# default) only one local queue is created which makes up a
+# load-balancing cluster of the remote printers which would get this
+# queue name (implicit class). This means that when several jobs are
+# sent to this queue they get distributed between the printers, using
+# the method chosen by the LoadBalancing directive.
+
+# Note that the forming of clusters depends on the naming scheme for
+# local queues created by cups-browsed. If you have set
+# LocalQueueNamingRemoteCUPS to "DNSSD" you will not get automatic
+# clustering as the DNS-SD service names are always unique. With
+# LocalQueueNamingRemoteCUPS set to "RemoteName" local queues are
+# named as the CUPS queues on the remote servers are named and so
+# equally named queues on different servers get clustered (this is how
+# CUPS did it in version 1.5.x or older). LocalQueueNamingRemoteCUPS
+# set to "MakeModel" makes remote printers of the same model get
+# clustered. Note that then a cluster can contain more than one queue
+# of the same server.
+
+# With AutoClustering set to "No", for each remote CUPS printer an
+# individual local queue is created, and to avoid name clashes when
+# using the LocalQueueNamingRemoteCUPS settings "RemoteName" or
+# "MakeModel" "@<server name>" is added to the local queue name.
+
+# Only remote CUPS printers get clustered, not IPP network printers or
+# IPP-over-USB printers.
+
+# AutoClustering Yes
+# AutoClustering No
+
+
+# Load-balancing printer cluster formation can also be manually
+# controlled by defining explicitly which remote CUPS printers should
+# get clustered together.
+
+# This is done by the "Cluster" directive:
+
+# Cluster <QUEUENAME>: <EXPRESSION1> <EXPRESSION2> ...
+# Cluster <QUEUENAME>
+
+# If no expressions are given, <QUEUENAME> is used as the first and
+# only expression for this cluster.
+
+# Discovered printers are matched against all the expressions of all
+# defined clusters. The first expression which matches the discovered
+# printer determines to which cluster it belongs. Note that this way a
+# printer can only belong to one cluster. Once matched, further
+# cluster definitions will not checked any more.
+
+# With the first printer matching a cluster's expression a local queue
+# with the name <QUEUENAME> is created. If more printers are
+# discovered and match this cluster, they join the cluster. Printing
+# to this queue prints to all these printers in a load-balancing
+# manner, according to to the setting of the LoadBalancing directive.
+
+# Each expression must be a string of characters without spaces. If
+# spaces are needed, replace them by underscores ('_').
+
+# An expression can be matched in three ways:
+
+# 1. By the name of the CUPS queue on the remote server
+# 2. By make and model name of the remote printer
+# 3. By the DNS-SD service name of the remote printer
+
+# Note that the matching is done case-insensitively and any group of
+# non-alphanumerical characters is replaced by a single underscore.
+
+# So if an expression is "HP_DeskJet_2540" and the remote server
+# reports "hp Deskjet-2540" the printer gets matched to this cluster.
+
+# If "AutoClustering" is not set to "No" both your manual cluster
+# definitions will be followed and automatic clustering of
+# equally-named remote queues will be performed. If a printer matches
+# in both categories the match to the manually defined cluster has
+# priority. Automatic clustering of equally-named remote printers is
+# not performed if there is a manually defined cluster with this name
+# (at least as the printers do not match this cluster).
+
+# Examples:
+
+# To cluster all remote CUPS queues named "laserprinter" in your local
+# network but not cluster any other equally-named remote CUPS printers
+# use (Local queue will get named "laserprinter"):
+
+# AutoClustering No
+# Cluster laserprinter
+
+# To cluster all remote CUPS queues of HP LaserJet 4050 printers in a
+# local queue named "LJ4050":
+
+# Cluster LJ4050: HP_LaserJet_4050
+
+# As DNS-SD service names are unique in a network you can create a
+# cluster from exactly specified printers (spaces replaced by
+# underscors):
+
+# Cluster hrdep: oldlaser_@_hr-server1 newlaser_@_hr-server2
+
+
+# The LoadBalancing directive switches between two methods of handling
+# load balancing between equally-named remote queues which are
+# represented by one local print queue making up a cluster of them
+# (implicit class).
+
+# The two methods are:
+
+# Queuing of jobs on the client (LoadBalancing QueueOnClient):
+
+# Here we queue up the jobs on the client and regularly check the
+# clustered remote print queues. If we find an idle queue, we pass
+# on a job to it.
+
+# This is also the method which CUPS uses for classes. Advantage is a
+# more even distribution of the job workload on the servers
+# (especially if the printing speed of the servers is very different),
+# and if a server fails, there are not several jobs stuck or
+# lost. Disadvantage is that if one takes the client (laptop, mobile
+# phone, ...) out of the local network, printing stops with the jobs
+# waiting in the local queue.
+
+# Queuing of jobs on the servers (LoadBalancing QueueOnServers):
+
+# Here we check the number of jobs on each of the clustered remote
+# printers and send an incoming job immediately to the remote printer
+# with the lowest amount of jobs in its queue. This way no jobs queue
+# up locally, all jobs which are waiting are waiting on one of the
+# remote servers.
+
+# Not having jobs waiting locally has the advantage that we can take
+# the local machine from the network and all jobs get printed.
+# Disadvantage is that if a server with a full queue of jobs goes
+# away, the jobs go away, too.
+
+# Default is queuing the jobs on the client as this is what CUPS does
+# with classes.
+
+# LoadBalancing QueueOnClient
+# LoadBalancing QueueOnServers
+
+
+# With the DefaultOptions directive one or more option settings can be
+# defined to be applied to every print queue newly created by
+# cups-browsed. Each option is supplied as one supplies options with
+# the "-o" command line argument to the "lpadmin" command (Run "man
+# lpadmin" for more details). More than one option can be supplied
+# separating the options by spaces. By default no option settings are
+# pre-defined.
+
+# Note that print queues which cups-browsed already created before
+# remember their previous settings and so these settings do not get
+# applied.
+
+# DefaultOptions Option1=Value1 Option2=Value2 Option3 noOption4
+
+
+# The AutoShutdown directive specifies whether cups-browsed should
+# automatically terminate when it has no local raw queues set up
+# pointing to any discovered remote printers or no jobs on such queues
+# depending on AutoShutdownOn setting (auto shutdown mode). Setting it
+# to "On" activates the auto-shutdown mode, setting it to "Off"
+# deactiivates it (the default). The special mode "avahi" turns auto
+# shutdown off while avahi-daemon is running and on when avahi-daemon
+# stops. This allows running cups-browsed on-demand when avahi-daemon
+# is run on-demand.
+
+# AutoShutdown Off
+# AutoShutdown On
+# AutoShutdown avahi
+
+
+# The AutoShutdownOn directive determines what event cups-browsed
+# considers as inactivity in auto shutdown mode. "NoQueues" (the
+# default) means that auto shutdown is initiated when there are no
+# queues for discovered remote printers generated by cups-browsed any
+# more. "NoJobs" means that all queues generated by cups-browsed are
+# without jobs.
+
+# AutoShutdownOn NoQueues
+# AutoShutdownOn NoJobs
+
+
+# The AutoShutdownTimeout directive specifies after how many seconds
+# without local raw queues set up pointing to any discovered remote
+# printers or jobs on these queues cups-browsed should actually shut
+# down in auto shutdown mode. Default is 30 seconds, 0 means immediate
+# shutdown.
+
+# AutoShutdownTimeout 30

roles/common/templates/etc/cups/cups-files.conf.j2

@@ -0,0 +1,95 @@
+# {{ ansible_managed }}
+
+#
+# File/directory/user/group configuration file for the CUPS scheduler.
+# See "man cups-files.conf" for a complete description of this file.
+#
+
+# List of events that are considered fatal errors for the scheduler...
+#FatalErrors config
+
+# Do we call fsync() after writing configuration or status files?
+#SyncOnClose Yes
+
+# Default user and group for filters/backends/helper programs; this cannot be
+# any user or group that resolves to ID 0 for security reasons...
+#User lp
+#Group lp
+
+# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
+# This cannot contain the Group value for security reasons...
+SystemGroup lpadmin
+
+
+# User that is substituted for unauthenticated (remote) root accesses...
+#RemoteRoot remroot
+
+# Do we allow file: device URIs other than to /dev/null?
+#FileDevice No
+
+# Permissions for configuration and log files...
+#ConfigFilePerm 0640
+#LogFilePerm 00640
+
+# Location of the file logging all access to the scheduler; may be the name
+# "syslog". If not an absolute path, the value of ServerRoot is used as the
+# root directory.  Also see the "AccessLogLevel" directive in cupsd.conf.
+AccessLog /var/log/cups/access_log
+
+# Location of cache files used by the scheduler...
+#CacheDir /var/cache/cups
+
+# Location of data files used by the scheduler...
+#DataDir /usr/share/cups
+
+# Location of the static web content served by the scheduler...
+#DocumentRoot /usr/share/cups/doc-root
+
+# Location of the file logging all messages produced by the scheduler and any
+# helper programs; may be the name "syslog". If not an absolute path, the value
+# of ServerRoot is used as the root directory.  Also see the "LogLevel"
+# directive in cupsd.conf.
+ErrorLog /var/log/cups/error_log
+
+# Location of fonts used by older print filters...
+#FontPath /usr/share/cups/fonts
+
+# Location of LPD configuration
+#LPDConfigFile 
+
+# Location of the file logging all pages printed by the scheduler and any
+# helper programs; may be the name "syslog". If not an absolute path, the value
+# of ServerRoot is used as the root directory.  Also see the "PageLogFormat"
+# directive in cupsd.conf.
+PageLog /var/log/cups/page_log
+
+# Location of the file listing all of the local printers...
+#Printcap /run/cups/printcap
+
+# Format of the Printcap file...
+#PrintcapFormat bsd
+#PrintcapFormat plist
+#PrintcapFormat solaris
+
+# Location of all spool files...
+#RequestRoot /var/spool/cups
+
+# Location of helper programs...
+#ServerBin /usr/lib/cups
+
+# SSL/TLS keychain for the scheduler...
+#ServerKeychain ssl
+
+# Location of other configuration files...
+#ServerRoot /etc/cups
+
+# Location of Samba configuration file...
+#SMBConfigFile 
+
+# Location of scheduler state files...
+#StateDir /run/cups
+
+# Location of scheduler/helper temporary files. This directory is emptied on
+# scheduler startup and cannot be one of the standard (public) temporary
+# directory locations for security reasons...
+#TempDir /var/spool/cups/tmp

roles/common/templates/etc/cups/cupsd.conf.client.j2

@@ -0,0 +1,307 @@
+# {{ ansible_managed }}
+
+#
+# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Deactivate CUPS' internal logrotating, as we provide a better one, especially
+# LogLevel debug2 gets usable now
+MaxLogSize 0
+
+# Only listen for connections from the local machine.
+#Listen localhost:631
+# Allow remote access
+Port 631
+Listen /var/run/cups/cups.sock
+
+ServerAlias *
+HostNameLookups Off
+
+## - Show shared printers on the local network.
+Browsing Off
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Restrict access to the server...
+<Location />
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to the admin pages...
+<Location /admin>
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to log files...
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Set the default printer/job policies...
+<Policy default>
+
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the authenticated printer/job policies...
+<Policy authenticated>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the kerberized printer/job policies...
+<Policy kerberos>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Negotiate
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>

roles/common/templates/etc/cups/cupsd.conf.server.j2

@@ -0,0 +1,307 @@
+# {{ ansible_managed }}
+
+#
+# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Deactivate CUPS' internal logrotating, as we provide a better one, especially
+# LogLevel debug2 gets usable now
+MaxLogSize 0
+
+# Only listen for connections from the local machine.
+#Listen localhost:631
+# Allow remote access
+Port 631
+Listen /var/run/cups/cups.sock
+
+ServerAlias *
+HostNameLookups Off
+
+# - Show shared printers on the local network.
+Browsing On
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Restrict access to the server...
+<Location />
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to the admin pages...
+<Location /admin>
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to log files...
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Set the default printer/job policies...
+<Policy default>
+
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the authenticated printer/job policies...
+<Policy authenticated>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the kerberized printer/job policies...
+<Policy kerberos>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Negotiate
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>

roles/common/templates/etc/exports.j2

@@ -18,7 +18,7 @@
 
 {%    set count.nfs_exports = count.nfs_exports + 10 %}
 {%    for network in export.export_networks %}
-{%       if export.fs_encrypted is defined and export.fs_encrypted is sameas true %}
+{%       if export.use_fsid_option is defined and export.use_fsid_option is sameas true %}
 {%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
 #{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
 {%       else %}

roles/common/templates/etc/ntp.conf.j2

@@ -0,0 +1,64 @@
+# {{ ansible_managed }}
+
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+# Leap seconds definition provided by tzdata
+leapfile /usr/share/zoneinfo/leap-seconds.list
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+#server ntp.your-provider.example
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+#pool 0.debian.pool.ntp.org iburst
+#pool 1.debian.pool.ntp.org iburst
+#pool 2.debian.pool.ntp.org iburst
+#pool 3.debian.pool.ntp.org iburst
+server {{ ntp_server }}
+
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery limited
+restrict -6 default kod notrap nomodify nopeer noquery limited
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Needed for adding pool entries
+restrict source notrap nomodify noquery
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines.  Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+

roles/common/templates/etc/samba/smb.conf.j2

@@ -0,0 +1,384 @@
+# {{ ansible_managed }}
+
+#
+# Sample configuration file for the Samba suite for Debian GNU/Linux.
+#
+#
+# This is the main Samba configuration file. You should read the
+# smb.conf(5) manual page in order to understand the options listed
+# here. Samba has a huge number of configurable options most of which 
+# are not shown in this example
+#
+# Some options that are often worth tuning have been included as
+# commented-out examples in this file.
+#  - When such options are commented with ";", the proposed setting
+#    differs from the default Samba behaviour
+#  - When commented with "#", the proposed setting is the default
+#    behaviour of Samba but the option is considered important
+#    enough to be mentioned here
+#
+# NOTE: Whenever you modify this file you should run the command
+# "testparm" to check that you have not made any basic syntactic 
+# errors. 
+
+#======================= Global Settings =======================
+
+[global]
+
+## Browsing/Identification ###
+
+# Change this to the workgroup/NT-domain name your Samba server will part of
+;   workgroup = WORKGROUP
+   workgroup = {{ samba_workgroup|default('WORKGROUP') }}
+
+# Option 'netbios name' added to debian's default smb.conf 
+#
+# This sets the NetBIOS name by which a Samba server is known. By default it
+# is the same as the first component of the host's DNS name. If a machine is
+# a browse server or logon server this name (or the first component of the 
+# hosts DNS name) will be the name that these services are advertised under.
+#
+# Note that the maximum length for a NetBIOS name is 15 characters.
+#
+# Default: netbios name =  # machine DNS name
+;   netbios name = FILE
+   netbios name = {{ samba_netbios_name|default('FILE') }}
+
+
+#### Networking ####
+
+# The specific set of interfaces / networks to bind to
+# This can be either the interface name or an IP address/netmask;
+# interface names are normally preferred
+;   interfaces = 127.0.0.0/8 eth0
+   interfaces =  {{ ansible_default_ipv4.address }}/24  127.0.0.1/8
+
+# Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf 
+   hosts deny = 0.0.0.0/0
+   hosts allow = 192.168.0.0/16 10.0.0.0/8 127.0.0.0/8
+
+# Only bind to the named interfaces and/or networks; you must use the
+# 'interfaces' option above to use this.
+# It is recommended that you enable this feature if your Samba machine is
+# not protected by a firewall or is a firewall itself.  However, this
+# option cannot handle dynamic or non-broadcast interfaces correctly.
+#
+# Notice:
+# If bind interfaces only is set and the network address 127.0.0.1 is not added to the 
+# interfaces parameter list smbpasswd(8) may not work as expected due to the reasons 
+# covered below.
+#
+# Default: bind interfaces only = no
+   bind interfaces only = yes
+
+
+#### Debugging/Accounting ####
+
+# This tells Samba to use a separate log file for each machine
+# that connects
+;   log file = /var/log/samba/log.%m
+   log file = /var/log/samba/%I.log
+
+# Cap the size of the individual log files (in KiB).
+;   max log size = 1000
+   max log size = 10000
+
+# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
+# Append syslog@1 if you want important messages to be sent to syslog too.
+   logging = file
+
+# Option 'log level' added to debian's default smb.conf 
+#
+# The value of the parameter (a astring) allows the debug level (logging level) to be 
+# specified in the smb.conf file.
+#
+# This parameter has been extended since the 2.2.x series, now it allows one to specify 
+# the debug level for multiple debug classes. This is to give greater flexibility in 
+# the configuration of the system.
+#
+# See manpage for implemented debug classes
+#
+# Default: log level = 0
+#
+# Example: log level = 3 passdb:5 auth:10 winbind:2
+   log level = 0
+
+# Do something sensible when Samba crashes: mail the admin a backtrace
+   panic action = /usr/share/samba/panic-action %d
+
+
+####### Authentication #######
+
+# Option 'ntlm auth' added to debian's default smb.conf 
+#
+# This parameter determines whether or not smbd(8) will attempt to authenticate
+# users using the NTLM encrypted password response for this local passdb (SAM
+# or account database).
+#
+# If disabled, both NTLM and LanMan authencication against the local passdb is
+# disabled.
+#
+# Note that these settings apply only to local users, authentication will still
+# be forwarded to and NTLM authentication accepted against any domain we are
+# joined to, and any trusted domain, even if disabled or if NTLMv2-only is
+# enforced here. To control NTLM authentiation for domain users, this must option
+# must be configured on each DC.
+#
+# By default with lanman auth set to no and ntlm auth set to ntlmv2-only only
+# NTLMv2 logins will be permited. Most clients support NTLMv2 by default, but some
+# older clients will require special configuration to use it.
+#
+# The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.
+#
+# The available settings are:
+#
+#    ntlmv1-permitted (alias yes) - Allow NTLMv1 and above for all clients.
+#
+#    ntlmv2-only (alias no) - Do not allow NTLMv1 to be used, but permit NTLMv2.
+#
+#    mschapv2-and-ntlmv2-only - Only allow NTLMv1 when the client promises that
+#    it is providing MSCHAPv2 authentication (such as the ntlm_auth tool).
+#
+#    disabled - Do not accept NTLM (or LanMan) authentication of any level, nor
+#    permit NTLM password changes.
+#
+# The default changed from yes to no with Samba 4.5. The default chagned again to
+# ntlmv2-only with Samba 4.7, however the behaviour is unchanged.
+#
+# Default: ntlm auth = ntlmv2-only
+   ntlm auth = ntlmv1-permitted
+
+# Server role. Defines in which mode Samba will operate. Possible
+# values are "standalone server", "member server", "classic primary
+# domain controller", "classic backup domain controller", "active
+# directory domain controller". 
+#
+# Most people will want "standalone server" or "member server".
+# Running as "active directory domain controller" will require first
+# running "samba-tool domain provision" to wipe databases and create a
+# new domain.
+   server role = standalone server
+
+   obey pam restrictions = yes
+
+# This boolean parameter controls whether Samba attempts to sync the Unix
+# password with the SMB password when the encrypted SMB password in the
+# passdb is changed.
+   unix password sync = yes
+
+# For Unix password sync to work on a Debian GNU/Linux system, the following
+# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
+# sending the correct chat script for the passwd program in Debian Sarge).
+   passwd program = /usr/bin/passwd %u
+   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+
+# This boolean controls whether PAM will be used for password changes
+# when requested by an SMB client instead of the program listed in
+# 'passwd program'. The default is 'no'.
+   pam password change = yes
+
+# This option controls how unsuccessful authentication attempts are mapped
+# to anonymous connections
+   map to guest = bad user
+
+# Option 'username map' added to debian's default smb.conf 
+#
+   username map = /etc/samba/users.map
+
+########## Domains ###########
+
+#
+# The following settings only takes effect if 'server role = primary
+# classic domain controller', 'server role = backup domain controller'
+# or 'domain logons' is set 
+#
+
+# It specifies the location of the user's
+# profile directory from the client point of view) The following
+# required a [profiles] share to be setup on the samba server (see
+# below)
+;   logon path = \\%N\profiles\%U
+# Another common choice is storing the profile in the user's home directory
+# (this is Samba's default)
+#   logon path = \\%N\%U\profile
+
+# The following setting only takes effect if 'domain logons' is set
+# It specifies the location of a user's home directory (from the client
+# point of view)
+;   logon drive = H:
+#   logon home = \\%N\%U
+
+# The following setting only takes effect if 'domain logons' is set
+# It specifies the script to run during logon. The script must be stored
+# in the [netlogon] share
+# NOTE: Must be store in 'DOS' file format convention
+;   logon script = logon.cmd
+
+# This allows Unix users to be created on the domain controller via the SAMR
+# RPC pipe.  The example command creates a user account with a disabled Unix
+# password; please adapt to your needs
+; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
+
+# This allows machine accounts to be created on the domain controller via the 
+# SAMR RPC pipe.  
+# The following assumes a "machines" group exists on the system
+; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
+
+# This allows Unix groups to be created on the domain controller via the SAMR
+# RPC pipe.  
+; add group script = /usr/sbin/addgroup --force-badname %g
+
+############ Misc ############
+
+# Using the following line enables you to customise your configuration
+# on a per machine basis. The %m gets replaced with the netbios name
+# of the machine that is connecting
+;   include = /home/samba/etc/smb.conf.%m
+
+# Some defaults for winbind (make sure you're not using the ranges
+# for something else.)
+;   idmap config * :              backend = tdb
+;   idmap config * :              range   = 3000-7999
+;   idmap config YOURDOMAINHERE : backend = tdb
+;   idmap config YOURDOMAINHERE : range   = 100000-999999
+;   template shell = /bin/bash
+
+# Setup usershare options to enable non-root users to share folders
+# with the net usershare command.
+
+# Maximum number of usershare. 0 means that usershare is disabled.
+#   usershare max shares = 100
+
+# Allow users who've been granted usershare privileges to create
+# public shares, not just authenticated ones
+   usershare allow guests = yes
+
+#======================= Share Definitions =======================
+
+# {{ ansible_managed }}
+
+[homes]
+   comment = Home Directories
+   browseable = no
+
+# By default, the home directories are exported read-only. Change the
+# next parameter to 'no' if you want to be able to write to them.
+   read only = yes
+
+# File creation mask is set to 0700 for security reasons. If you want to
+# create files with group=rw permissions, set next parameter to 0775.
+   create mask = 0700
+
+# Directory creation mask is set to 0700 for security reasons. If you want to
+# create dirs. with group=rw permissions, set next parameter to 0775.
+   directory mask = 0700
+
+# By default, \\server\username shares can be connected to by anyone
+# with access to the samba server.
+# The following parameter makes sure that only "username" can connect
+# to \\server\username
+# This might need tweaking when using external authentication schemes
+   valid users = %S
+
+# Un-comment the following and create the netlogon directory for Domain Logons
+# (you need to configure Samba to act as a domain controller too.)
+;[netlogon]
+;   comment = Network Logon Service
+;   path = /home/samba/netlogon
+;   guest ok = yes
+;   read only = yes
+
+# Un-comment the following and create the profiles directory to store
+# users profiles (see the "logon path" option above)
+# (you need to configure Samba to act as a domain controller too.)
+# The path below should be writable by all users so that their
+# profile directory may be created the first time they log on
+;[profiles]
+;   comment = Users profiles
+;   path = /home/samba/profiles
+;   guest ok = no
+;   browseable = no
+;   create mask = 0600
+;   directory mask = 0700
+
+{% for item in samba_shares | default([]) %}
+
+[{{ item.name }}]
+   comment = {{ item.name }}
+   path = {{ item.path }}
+
+   browseable = yes
+   read only = no
+   writeable = Yes
+
+   create mask = {{ item.file_create_mask | default('0660') }}
+   force create mode = {{ item.file_create_mask | default('0660') }}
+   directory mask = {{ item.dir_create_mask | default('2770') }}
+   force directory mode = {{ item.dir_create_mask | default('2770') }}
+
+   # can login into that share
+   valid users = @{{ item.group_valid_users }}
+   # allow to write
+   write list = @{{ item.group_write_list }}
+
+   force group = +{{ item.group_write_list }}
+{%   if item.vfs_object_recycle is defined and item.vfs_object_recycle|bool %}
+
+   vfs objects = recycle
+   recycle:keeptree = yes
+   # touch access time from this file
+   # note: this is not the modified time, which is
+   #       outdatet by ls-command
+   # so yo can delete files older then n day with the following command:
+   #    find  /data/samba/share/<share>/.Trash -atime +<n> -exec rm -rf {} \;
+   #
+   recycle:touch = yes
+   recycle:touch_mtime = no
+   recycle:versions = yes
+   recycle:directory_mode = 2770
+
+   # - Dateien gößer als 10MB werden nicht
+   #recycle:maxsize = 10485760  # around 10MB
+
+   # - Keine Begrenzung der Dateigröße.
+   recycle:maxsize = 0
+
+   recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
+   recycle:excludedir = /tmp,/temp,/cache,.Trash
+   recycle:repository = {{ item.recycle_path | default('@Recycle.Bin') }}
+
+   # - This is a list of files and directories that are neither visible nor accessible. 
+   # - Each entry in the list must be separated by a '/', which allows spaces to be 
+   # - included in the entry. '*' and '?' can be used to  specify multiple files or
+   # - directories as in DOS wildcards.
+   # -
+   veto files = /.Trash/
+   delete veto files = yes
+{%    endif %}
+
+{% endfor %}
+
+;[printers]
+;   comment = All Printers
+;   browseable = no
+;   path = /var/spool/samba
+;   printable = yes
+;   guest ok = no
+;   read only = yes
+;   create mask = 0700
+
+# Windows clients look for this share name as a source of downloadable
+# printer drivers
+;[print$]
+;   comment = Printer Drivers
+;   path = /var/lib/samba/printers
+;   browseable = yes
+;   read only = yes
+;   guest ok = no
+# Uncomment to allow remote administration of Windows print drivers.
+# You may need to replace 'lpadmin' with the name of the group your
+# admin users are members of.
+# Please note that you also need to set appropriate Unix permissions
+# to the drivers directory for these users to have write rights in it
+;   write list = root, @lpadmin
+

roles/common/templates/etc/security/limits.conf.j2

@@ -0,0 +1,62 @@
+# {{ ansible_managed }}
+
+# /etc/security/limits.conf
+# 
+#Each line describes a limit for a user in the form:
+#
+#<domain>        <type>  <item>  <value>
+#
+#Where:
+#<domain> can be:
+#        - a user name
+#        - a group name, with @group syntax
+#        - the wildcard *, for default entry
+#        - the wildcard %, can be also used with %group syntax,
+#                 for maxlogin limit
+#        - NOTE: group and wildcard limits are not applied to root.
+#          To apply a limit to the root user, <domain> must be
+#          the literal username root.
+#
+#<type> can have the two values:
+#        - "soft" for enforcing the soft limits
+#        - "hard" for enforcing hard limits
+#
+#<item> can be one of the following:
+#        - core - limits the core file size (KB)
+#        - data - max data size (KB)
+#        - fsize - maximum filesize (KB)
+#        - memlock - max locked-in-memory address space (KB)
+#        - nofile - max number of open file descriptors
+#        - rss - max resident set size (KB)
+#        - stack - max stack size (KB)
+#        - cpu - max CPU time (MIN)
+#        - nproc - max number of processes
+#        - as - address space limit (KB)
+#        - maxlogins - max number of logins for this user
+#        - maxsyslogins - max number of logins on the system
+#        - priority - the priority to run user process with
+#        - locks - max number of file locks the user can hold
+#        - sigpending - max number of pending signals
+#        - msgqueue - max memory used by POSIX message queues (bytes)
+#        - nice - max nice priority allowed to raise to values: [-20, 19]
+#        - rtprio - max realtime priority
+#        - chroot - change root to directory (Debian-specific)
+#
+#<domain>      <type>  <item>         <value>
+#
+
+#*               soft    core            0
+#root            hard    core            100000
+#*               hard    rss             10000
+#@student        hard    nproc           20
+#@faculty        soft    nproc           20
+#@faculty        hard    nproc           50
+#ftp             hard    nproc           0
+#ftp             -       chroot          /ftp
+#@student        -       maxlogins       4
+
+*     -  nofile   1048576
+root  -  nofile   1048576
+
+
+# End of file

roles/common/templates/etc/ssh/sshd_config.j2

@@ -0,0 +1,349 @@
+# {{ ansible_managed }}
+
+#-----------------------------
+# Daemon
+#-----------------------------
+
+# What ports, IPs and protocols we listen for
+{% for item in sshd_ports %}
+Port {{ item }}
+{% endfor %}
+
+# Specifies the local addresses sshd(8) should listen on.  The following forms may be used:
+# 
+#    ListenAddress host|IPv4_addr|IPv6_addr
+#    ListenAddress host|IPv4_addr:port
+#    ListenAddress [host|IPv6_addr]:port
+# 
+# If port is not specified, sshd will listen on the address and all Port options specified.  The default
+# is to listen on all local addresses.  Multiple ListenAddress options are permitted.
+#
+#    ListenAddress ::
+#    ListenAddress 0.0.0.0
+#    ListenAddress 159.69.72.24
+#    ListenAddress 2a01:4f8:231:171f::2
+#
+{% if (sshd_listen_address is defined) and sshd_listen_address %}
+{% for item in sshd_listen_address %}
+ListenAddress {{ item }}
+{% endfor %}
+{% endif %}
+
+# Specifies the protocol versions sshd(8) supports.
+# The possible values are ‘1’ , `2' and ‘1,2’.
+# The default is ‘2’.
+Protocol 2
+
+# HostKeys for protocol version 2
+{% for item in sshd_host_keys %}
+HostKey {{ item }}
+{% endfor %}
+
+# Lifetime and size of ephemeral version 1 server key
+#
+# Note:
+#    Deprecated option KeyRegenerationInterval
+#    Deprecated option ServerKeyBits
+#
+#KeyRegenerationInterval 3600
+#ServerKeyBits 768
+
+# Specifies the maximum number of concurrent unauthenticated connections
+# to the SSH daemon. See sshd_config(5) for specifiing the three colon 
+# separated values.
+# The default is 10.
+#MaxStartups 10:30:100
+#MaxStartups 3
+MaxStartups {{ sshd_max_startups }}
+
+# Specifies the maximum number of authentication attempts permitted per
+# connection.
+# The default is 6.
+MaxAuthTries {{ sshd_max_auth_tries }}
+
+# Specifies the maximum number of open sessions permitted per network
+# connection.
+# The default is 10.
+MaxSessions {{ sshd_max_sessions }}
+
+
+#-----------------------------
+# Authentication
+#-----------------------------
+
+# Specifies whether sshd(8) separates privileges by creating an unprivileged
+# child process to deal with incoming network traffic.
+# The default is "yes" (for security).
+{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 9) %}
+#
+# Note: (Release 7.5)
+#    Deprecated option UsePrivilegeSeparation
+#    Privilege separation has been on by default for almost 15 years
+#    sandboxing has been on by default for almost the last five
+#
+#UsePrivilegeSeparation sandbox
+{% else %}
+UsePrivilegeSeparation sandbox
+{% endif %}
+
+# The server disconnects after this time if the user has not
+# successfully logged in.
+# The default is 120 seconds.
+LoginGraceTime 120
+
+# Specifies whether root can log in using ssh(1).
+# The default is "yes".
+# Possible values: yes, no, prohibit-password (or teh older one: without-password)
+#PermitRootLogin yes
+PermitRootLogin {{ sshd_permit_root_login }}
+
+# Specifies whether sshd(8) should check file modes and ownership of the 
+# user's files and home directory before accepting login.  This is normally 
+# desirable because novices sometimes accidentally leave their directory or 
+# files world-writable. Note that this does not apply to ChrootDirectory, 
+# whose permissions and ownership are checked unconditionally.  
+# The default is “yes”.
+StrictModes yes
+
+# Specifies whether pure RSA authentication is allowed. This option 
+# applies to protocol version 1 only.
+# The default is “yes”.
+#
+# Note:
+#    Deprecated option RSAAuthentication
+#
+#RSAAuthentication yes
+
+# Specifies whether public key authentication is allowed. Note that this 
+# option applies to protocol version 2 only.
+# The default is “yes”.
+PubkeyAuthentication {{ sshd_pubkey_authentication }}
+
+# Specifies the file that contains the public keys that can be used for 
+# user authentication.  The format is described in the AUTHORIZED_KEYS FILE 
+# FORMAT section of sshd(8).
+# AuthorizedKeysFile may contain tokens of the form %T which are substituted
+# during connection setup. The following tokens are defined: %% is replaced 
+# by a literal '%', %h is replaced by the home directory of the user being 
+# authenticated, and %u is replaced by the username of that user. After 
+# expansion, AuthorizedKeysFile is taken to be an absolute path or one relative 
+# to the user's home directory. Multiple files may be listed, separated by 
+# whitespace.
+# The default is “.ssh/authorized_keys .ssh/authorized_keys2”.
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+AuthorizedKeysFile {{ sshd_authorized_keys_file }}
+
+# Specifies whether password authentication is allowed.
+# Change to no to disable tunnelled clear text passwords
+# The default is "yes".
+#PasswordAuthentication yes
+PasswordAuthentication {{ sshd_password_authentication }}
+
+# When password authentication is allowed, it specifies whether the 
+# server allows login to accounts with empty password strings.
+# The default is “no”.
+PermitEmptyPasswords no
+
+# Specifies whether challenge-response authentication is allowed (e.g. via PAM).
+# The default is “yes”.
+ChallengeResponseAuthentication no
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+#
+# Note:
+#    Deprecated option RhostsRSAAuthentication
+#
+#RhostsRSAAuthentication no
+
+# similar for protocol version 2
+HostbasedAuthentication no
+
+# Specifies whether sshd(8) should ignore the user's ~/.ssh/known_hosts 
+# during RhostsRSAAuthentication or HostbasedAuthentication. 
+# The default is “no”.
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# If specified, login is allowed only for user names that match one of
+# the patterns.
+# The allow/deny directives are processed in the following order: DenyUsers, 
+# AllowUsers, DenyGroups, and finally AllowGroups.
+# By default, login is allowed for all users.
+{% if (fact_sshd_allowed_users is defined) and fact_sshd_allowed_users %}
+AllowUsers {{ fact_sshd_allowed_users }}
+{% else %}
+#AllowUsers back chris sysadm cityslang christoph
+{% endif %}
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM {{ sshd_use_pam }}
+
+# Specifies whether login(1) is used for interactive login sessions.
+# Note that login(1) is never used for remote command execution. 
+# Note also, that if this is enabled, X11Forwarding will be disabled 
+# because login(1) does not know how to handle xauth(1) cookies. If
+# UsePrivilegeSeparation is specified, it will be disabled after 
+# authentication.
+# The default is “no”.
+#UseLogin no
+
+
+#-----------------------------
+# Cryptography
+#-----------------------------
+
+# Specifies the available KEX (Key Exchange) algorithms.
+# The default is:
+## curve25519-sha256@libssh.org,
+## ecdh-sha2-nistp256,
+## ecdh-sha2-nistp384,
+## ecdh-sha2-nistp521,
+## diffie-hellman-group-exchange-sha256,
+## diffie-hellman-group14-sha1.
+{% if (fact_sshd_kexalgorithms is defined) and fact_sshd_kexalgorithms %}
+KexAlgorithms {{ fact_sshd_kexalgorithms }}
+{% else %}
+#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+{% endif %}
+
+# Specifies the ciphers allowed for protocol version 2.
+# The default is:
+## aes128-ctr,
+## aes192-ctr,
+## aes256-ctr,
+## aes128-gcm@openssh.com,
+## aes256-gcm@openssh.com,
+## chacha20-poly1305@openssh.com.
+{% if (fact_sshd_ciphers is defined) and fact_sshd_ciphers %}
+Ciphers {{ fact_sshd_ciphers }}
+{% else %}
+#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
+{% endif %}
+
+# Specifies the available MAC (message authentication code) algorithms.
+# The default is:
+## umac-64-etm@openssh.com,
+## umac-128-etm@openssh.com,
+## hmac-sha2-256-etm@openssh.com,
+## hmac-sha2-512-etm@openssh.com,
+## umac-64@openssh.com,
+## umac-128@openssh.com,
+## hmac-sha2-256,
+## hmac-sha2-512.
+{% if (fact_sshd_macs is defined) and fact_sshd_macs %}
+MACs {{ fact_sshd_macs }}
+{% else %}
+#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+{% endif %}
+
+
+#-----------------------------
+# Logging
+#-----------------------------
+
+# Gives the facility code that is used when logging messages from sshd(8).  
+# The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 
+# LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  
+# The default is AUTH.
+SyslogFacility AUTH
+
+# Gives the verbosity level that is used when logging messages from
+# sshd(8).
+# The default is INFO.
+LogLevel INFO
+
+
+#-----------------------------
+# Behavior
+#-----------------------------
+
+# Specifies whether the distribution-specified extra version suffix is included
+# during initial protocol handshake.
+# The default is "yes".
+DebianBanner no
+
+# The contents of the specified file are sent to the remote user before
+# authentication is allowed.
+# By default, no banner is displayed.
+#Banner /etc/issue.net
+
+# Specifies whether sshd(8) should print /etc/motd when a user logs in 
+# interactively. (On some systems it is also printed by the shell, 
+# /etc/profile, or equivalent.)  
+# The default is “yes”.
+PrintMotd {{ sshd_print_motd }}
+
+# Specifies what environment variables sent by the client will be copied
+# into the session's environ(7).
+# The default is not to accept any environment variables.
+AcceptEnv LANG LC_*
+
+# Configures an external subsystem (e.g. file transfer daemon).
+# By default no subsystems are defined.
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Specifies whether sshd(8) should look up the remote host name and check 
+# that the resolved host name for the remote IP address maps back to the 
+# very same IP address.
+# The default is “yes”.
+UseDNS {{ sshd_use_dns }}
+
+# Specifies whether X11 forwarding is permitted. The argument must be 
+# “yes” or “no”. See sshd_config(5) for further expalnation
+# The default is “no”.
+#X11Forwarding yes
+
+# Specifies the first display number available for sshd(8)'s X11 
+# forwarding. This prevents sshd from interfering with real X11 servers.
+# The default is 10.
+X11DisplayOffset 10
+
+# Specifies whether the system should send TCP keepalive messages to the 
+# other side. If they are sent, death of the connection or crash of one 
+# of the machines will be properly noticed.  However, this means
+# that connections will die if the route is down temporarily, and some 
+# people find it annoying. On the other hand, if TCP keepalives are not 
+# sent, sessions may hang indefinitely on the server, leaving “ghost” users 
+# and consuming server resources.
+#
+# The default is “yes” (to send TCP keepalive messages), and the server 
+# will notice if the network goes down or the client host crashes. This 
+# avoids infinitely hanging sessions.
+TCPKeepAlive yes
+
+#Specifies whether sshd(8) should print the date and time of the last 
+# user login when a user logs in interactively.
+# The default is “yes”.
+PrintLastLog yes
+
+
+#-----------------------------
+# Kerberos options
+#-----------------------------
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+
+#-----------------------------
+# GSSAPI options
+#-----------------------------
+
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+
+
+
+

roles/common/templates/etc/sudoers.d/50-user.pc.j2

@@ -0,0 +1,34 @@
+# {{ ansible_managed }}
+
+{% for item in sudoers_pc_file_defaults | default([]) %}
+Defaults {{ item }}
+{% endfor %}
+
+# Host alias specification
+{% for item in sudoers_pc_file_host_aliases | default([]) %}
+Host_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User alias specification
+{% for item in sudoers_pc_file_user_aliases | default([]) %}
+User_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Cmnd alias specification
+{% for item in sudoers_pc_file_cmnd_aliases | default([]) %}
+Cmnd_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Runas alias specification
+{% for item in sudoers_pc_file_runas_aliases | default([]) %}
+Runas_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User privilege specification
+
+{# rules for nis users #}
+{% for item in nis_user | default([]) %}
+{{ item.name }}    ALL=(root)NOPASSWD: MOUNT
+{% endfor %}
+
+# Group privilege specification

roles/common/templates/etc/sudoers.d/50-user.server.j2

@@ -0,0 +1,53 @@
+# {{ ansible_managed }}
+
+{% for item in sudoers_server_file_defaults | default([]) %}
+Defaults {{ item }}
+{% endfor %}
+
+# Host alias specification
+{% for item in sudoers_server_file_host_aliases | default([]) %}
+Host_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User alias specification
+{% for item in sudoers_server_file_user_aliases | default([]) %}
+User_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Cmnd alias specification
+{% for item in sudoers_server_file_cmnd_aliases | default([]) %}
+Cmnd_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Runas alias specification
+{% for item in sudoers_server_file_runas_aliases | default([]) %}
+Runas_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User privilege specification
+
+{# rule for user 'back' #}
+{% for item in sudoers_server_file_user_back_privileges | default([]) %}
+back {{ item }}
+{% endfor -%}
+
+
+{%- if ansible_virtualization_role == 'host' %}
+
+{% for item in sudoers_server_file_user_back_disk_privileges | default([]) %}
+back {{ item }}
+{% endfor %}
+{% endif -%}
+
+{# other (host specific) rules #} 
+{%-  if (sudoers_server_file_user_privileges is defined and sudoers_server_file_user_privileges) %}
+
+{% for item in sudoers_server_file_user_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+{% endif %}
+
+# Group privilege specification
+{% for item in sudoers_server_file_group_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor -%}

roles/common/templates/etc/sudoers.pc.j2

@@ -7,34 +7,34 @@
 #
 # See the man page for details on how to write a sudoers file.
 #
-{% for item in sudoers_defaults %}
+{% for item in sudoers_pc_defaults %}
 {% if item != '' %}
 Defaults {{ item }}
 {% endif %}
 {% endfor %}
 
 # Host alias specification
-{% for item in sudoers_host_aliases | default([]) %}
+{% for item in sudoers_pc_host_aliases | default([]) %}
 Host_Alias {{ item.name }} = {{ item.entry }}
 {% endfor %}
 
 # User alias specification
-{% for item in sudoers_user_aliases | default([]) %}
+{% for item in sudoers_pc_user_aliases | default([]) %}
 User_Alias {{ item.name }} = {{ item.entry }}
 {% endfor %}
 
 # Cmnd alias specification
-{% for item in sudoers_cmnd_aliases | default([]) %}
+{% for item in sudoers_pc_cmnd_aliases | default([]) %}
 Cmnd_Alias {{ item.name }} = {{ item.entry }}
 {% endfor %}
 
 # Runas alias specification
-{% for item in sudoers_runas_aliases | default([]) %}
+{% for item in sudoers_pc_runas_aliases | default([]) %}
 Runas_Alias {{ item.name }} = {{ item.entry }}
 {% endfor %}
 
 # User privilege specification
-{% for item in sudoers_user_privileges | default([]) %}
+{% for item in sudoers_pc_user_privileges | default([]) %}
 {{ item.name }} {{ item.entry }}
 {% endfor %}
 
@@ -46,7 +46,7 @@ Runas_Alias {{ item.name }} = {{ item.entry }}
 
 # Group privilege specification
 
-{% for item in sudoers_group_privileges | default([]) %}
+{% for item in sudoers_pc_group_privileges | default([]) %}
 {{ item.name }} {{ item.entry }}
 {% endfor %}
 

roles/common/templates/etc/sudoers.server.j2

@@ -0,0 +1,53 @@
+# {{ ansible_managed }}
+
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+{% for item in sudoers_server_defaults %}
+{% if item != '' %}
+Defaults {{ item }}
+{% endif %}
+{% endfor %}
+
+# Host alias specification
+{% for item in sudoers_server_host_aliases | default([]) %}
+Host_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User alias specification
+{% for item in sudoers_server_user_aliases | default([]) %}
+User_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Cmnd alias specification
+{% for item in sudoers_server_cmnd_aliases | default([]) %}
+Cmnd_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Runas alias specification
+{% for item in sudoers_server_runas_aliases | default([]) %}
+Runas_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User privilege specification
+{% for item in sudoers_server_user_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+
+# Allow members of group sudo to execute any command
+%sudo ALL=(ALL:ALL) ALL
+
+# Group privilege specification
+
+{% for item in sudoers_server_group_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
+

roles/common/templates/root/bin/samba/conf/clean_samba_trash.conf.j2

@@ -0,0 +1,40 @@
+# {{ ansible_managed }}
+
+# ------------------------------------
+# - Settings for script clean_trash.sh
+# ------------------------------------
+
+# - days
+# -
+# - Files older then 'days' will be deleted.
+# -
+# - Defaults to: days=31
+# -
+#days=31
+
+# - trash_dirs
+# -
+# - Directories where files older than given days will be deleted.
+# -
+# - Example:
+# -    trash_dirs="/data/samba/transfer/.Trash /data/samba/no-backup-share/multimedia/.Trash"
+# -
+#trash_dirs=""
+
+{%- set count = namespace(trash_dirs=0) %}
+
+{%- for item in samba_shares | default([]) %}
+{%    if (item.vfs_object_recycle is defined and item.vfs_object_recycle|bool) %}
+{%       set count.trash_dirs = count.trash_dirs + 1 %}
+{%    endif %}
+{% endfor %}
+
+{% if count.trash_dirs > 0 %}
+trash_dirs="
+{%    for item in samba_shares %}
+{%       if (item.vfs_object_recycle is defined and item.vfs_object_recycle|bool) %}
+   {{ item.path }}/{{ item.recycle_path }}
+{%       endif %}
+{%    endfor %}
+"
+{% endif %}

roles/common/templates/root/bin/samba/conf/set_permissions_samba_shares.conf.j2

@@ -0,0 +1,33 @@
+# {{ ansible_managed }}
+
+# -----------------------------------------------------
+# - Settings for script set_permissions_samba_shares.sh
+# -----------------------------------------------------
+
+# - dir_permissions
+# -
+# - Recursive set Permissions (group and file- and directory-mode)
+# -
+# - Multiple options are possible. Use semicolon separated list.
+# -
+# - Usage:
+# -   dir_permissions="<directory>:<group>:<file-mod>:<dir-mod>;[<directory>:<group>:<file-mod>:<dir-mod>];[.."
+# -
+# - Example:
+# -    dir_permissions="/data/samba/transfer:buero:664:2775;/data/samba/verwaltung:intern:660:2770"
+# -
+#dir_permissions=""
+
+{%- set count = namespace(samba_shares=0) %}
+
+{%- for item in samba_shares | default([]) %}
+{%    set count.samba_shares = count.samba_shares + 1 %}
+{% endfor %}
+
+{% if count.samba_shares > 0 %}
+dir_permissions="
+{%    for item in samba_shares | default([]) %}
+   {{ item.path }}:{{ item.group_write_list }}:{{ item.file_create_mask | default('0660') }}:{{ item.dir_create_mask | default('2770') }};
+{%    endfor %}
+"
+{% endif %}

roles/common/templates/root/bin/wakeup_lan.sh.j2

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# {{ ansible_managed }}
+
+pcbuero1="90:e2:ba:0c:bb:fb"
+#pcbuero2="00:1d:7d:e5:3f:9f"
+pcbuero2="fc:aa:14:30:8c:35"
+pcbuero2_alt="90:e2:ba:0c:bc:0e"
+pcbuero3="80:ee:73:b9:8a:d6"
+pcbuero4="70:85:c2:fb:6a:c8"
+
+if [ $# = "1" ]; then
+   _nic=`eval eval echo  '$'$1`
+   wakeonlan $_nic
+else
+   wakeonlan $pcbuero1
+   sleep 2
+   wakeonlan $pcbuero2
+   sleep 2
+   wakeonlan $pcbuero3
+   sleep 2
+   wakeonlan $pcbuero4
+   sleep 2
+   wakeonlan $pcbuero2_alt
+fi
+
+
+exit 0