From 1dda2b7063b71151a0327a09b738117cfe8b9d00 Mon Sep 17 00:00:00 2001 From: Christoph Date: Tue, 7 Dec 2021 02:12:46 +0100 Subject: [PATCH] Redesign samba shares.. --- group_vars/all/main.yml | 463 ++++++++-------------- roles/common/tasks/nis-install-client.yml | 9 + 2 files changed, 176 insertions(+), 296 deletions(-) diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index ac28e22..a7f1c74 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -870,12 +870,22 @@ nis_common_packages: nis_base_home: /data/home nis_groups: - - name: esf - group_id: 1021 - - name: buero - group_id: 1022 + - name: team + group_id: 1030 + - name: esf-bleibnet + group_id: 1031 + - name: amif + group_id: 1032 + - name: quali + group_id: 1033 + - name: aktion-mensch + group_id: 1034 + - name: foerderung + group_id: 1035 + - name: buchhaltung + group_id: 1036 - name: verwaltung - group_id: 1023 + group_id: 1037 remove_nis_users: [] #remove_nis_users: @@ -885,8 +895,13 @@ remove_nis_users: [] nis_user: - name: chris groups: - - esf - - buero + - team + - esf-bleibnet + - amif + - quali + - aktion-mensch + - foerderung + - buchhaltung - verwaltung is_samba_user: true password: !vault | @@ -899,78 +914,85 @@ nis_user: - name: mara groups: - - esf + - team + - amif + - quali is_samba_user: true password: '20/mara_16!' - name: flr groups: - - buero + - team + - esf-bleibnet + - amif + - quali + - aktion-mensch + - foerderung + - buchhaltung + - verwaltung is_samba_user: true password: '20-flr-brb_18' - name: hannah groups: - - esf - - buero + - team + - esf-bleibnet + - amif + - quali + - aktion-mensch + - foerderung + - buchhaltung - verwaltung is_samba_user: true password: 'Y7ef%9+V_LoE' - name: kamue groups: - - buero + - team + - esf-bleibnet + - amif + - quali + - aktion-mensch + - foerderung - verwaltung is_samba_user: true password: '20_katha-mue%19' - name: lotta groups: - - buero - - verwaltung + - team + - amif is_samba_user: true password: '20_lotta_15!' - name: mustafa groups: - - buero + - team + - aktion-mensch is_samba_user: true password: 'mu-20-sta-21_%!' - name: kirstin groups: - - esf - - buero - - verwaltung + - team + - aktion-mensch is_samba_user: true password: '20_kir-17-stin!' - name: pierre groups: - - esf - - buero + - team + - esf-bleibnet is_samba_user: true password: '20_pierre16!20' - - name: verwaltung - groups: - - verwaltung - is_samba_user: false - password: 'pLq3PvFRz7mx' - - name: vincent groups: - - esf - - buero + - team + - esf-bleibnet is_samba_user: true password: 'vin-20-cent_21!' - - name: buero - groups: - - buero - is_samba_user: false - password: 'dH3C4x7sfVj3' - @@ -1036,148 +1058,31 @@ samba_cronjob_permissions: samba_workgroup: FLR samba_netbios_name: FILE-FLR - samba_shares: - - name: Altlasten - path: /data/samba/Altlasten - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Archiv - path: /data/samba/Archiv - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Buchhaltung - path: /data/samba/Buchhaltung - group_valid_users: verwaltung - group_write_list: verwaltung - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - hannah - - marina - - name: Buero - path: /data/samba/Buero - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Buero_und_Film - path: /data/samba/Buero_und_Film - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Datenbank - path: /data/samba/Datenbank - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Einzelfaelle - path: /data/samba/Einzelfaelle - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: ESF-Teilnehmende - path: /data/samba/ESF-Teilnehmende - group_valid_users: esf - group_write_list: esf + - name: Team + path: /data/samba/Team + group_valid_users: team + group_write_list: team file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' user: - chris + - flr - hannah + - kamue - kirstin - mara - - marina + - lotta + - mustafa - pierre - vincent - - name: Finanzen - path: /data/samba/Finanzen - group_valid_users: verwaltung - group_write_list: verwaltung + + - name: ESF-BleibNet + path: /data/samba/ESF-BleibNet + group_valid_users: esf-bleibnet + group_write_list: esf-bleibnet file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true @@ -1185,138 +1090,104 @@ samba_shares: user: - chris - hannah - - marina - - name: Foerderverein - path: /data/samba/Foerderverein - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: FR - path: /data/samba/FR - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: install - path: /data/samba/install - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - name: Personal - path: /data/samba/Personal - group_valid_users: verwaltung - group_write_list: verwaltung - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - hannah - - marina - - name: Praktikum - path: /data/samba/Praktikum - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Pressearchiv - path: /data/samba/Pressearchiv - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Projektarbeit - path: /data/samba/Projektarbeit - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre - - vincent - - name: Projektverwaltung - path: /data/samba/Projektverwaltung - group_valid_users: buero - group_write_list: buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - flr - - hannah - - kamue - - marina - - mustafa - - kirstin - - pierre + - kamue + - pierre - vincent + - name: AMIF + path: /data/samba/AMIF + group_valid_users: amif + group_write_list: amif + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - hannah + - kamue + - lotta + - mara + + - name: Quali + path: /data/samba/Quali + group_valid_users: quali + group_write_list: quali + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - hannah + - kamue + - mara + + - name: Aktion-Mensch + path: /data/samba/Aktion-Mensch + group_valid_users: aktion-mensch + group_write_list: aktion-mensch + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - hannah + - kamue + - kirstin + - mustafa + + - name: Strukturfoerderung-und-Archiv-Projekte + path: /data/samba/Strukturfoerderung-und-Archiv-Projekte + group_valid_users: foerderung + group_write_list: foerderung + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - hannah + - kamue + + - name: Buchhaltung + path: /data/samba/Buchhaltung + group_valid_users: buchhaltung + group_write_list: buchhaltung + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - hannah + + - name: Verwaltung + path: /data/samba/Verwaltung + group_valid_users: verwaltung + group_write_list: verwaltung + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - hannah + - kamue + + - name: Install + path: /data/samba/Install + group_valid_users: team + group_write_list: team + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - hannah + - kamue # ========== @@ -1496,8 +1367,8 @@ apt_ansible_dependencies: # --- ssh_keys_admin: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' ansible_remote_user: - name: local diff --git a/roles/common/tasks/nis-install-client.yml b/roles/common/tasks/nis-install-client.yml index 665b378..6276cc0 100644 --- a/roles/common/tasks/nis-install-client.yml +++ b/roles/common/tasks/nis-install-client.yml @@ -74,6 +74,15 @@ - nis-install - nis-install-client +- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'YPBINDARGS' (client) + replace: + path: /etc/default/nis + regexp: '^YPBINDARGS=.*' + replace: 'YPBINDARGS=' + tags: + - nis-install + - nis-install-client + # --- # /etc/{passwd,group,shadow}