From 1546d9e5c5a05d01fd19f034d6acaf54b1d07238 Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 13 Apr 2023 01:51:29 +0200 Subject: [PATCH] update.. --- group_vars/all/main.yml | 9 +- group_vars/mbr.yml | 1791 ++++++----------- group_vars/mbr.yml.2023-04-12 | 1629 +++++++++++++++ roles/common/tasks/apt.yml | 50 + roles/common/tasks/main.yml | 11 + roles/common/tasks/mount_samba_shares.yml | 24 +- roles/common/tasks/sudoers-pc.yml | 14 +- .../common/tasks/ubuntu-x11vnc-2204-amd64.yml | 71 + 8 files changed, 2451 insertions(+), 1148 deletions(-) create mode 100644 group_vars/mbr.yml.2023-04-12 create mode 100644 roles/common/tasks/ubuntu-x11vnc-2204-amd64.yml diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 58b4cef..b509008 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -613,7 +613,7 @@ apt_initial_install_xenial: - ifupdown - socat -apt_initial_install_bionic: +apt_initial_install_jammy: - apt-transport-https - dbus - openssh-server @@ -643,7 +643,8 @@ apt_initial_install_bionic: - lynx - links - w3m - - ctags + - exuberant-ctags + - universal-ctags - mime-support - file - coreutils @@ -666,7 +667,7 @@ apt_initial_install_bionic: - librecode-dev - sharutils - perl - - perl-modules-5.26 + - perl-modules - perl-doc - libperl-dev - libterm-readline-gnu-perl @@ -752,6 +753,8 @@ apt_remove_xenial: [] apt_remove_bionic: [] +apt_remove_jammy: [] + apt_remove_purge: false diff --git a/group_vars/mbr.yml b/group_vars/mbr.yml index 53351dd..a429465 100644 --- a/group_vars/mbr.yml +++ b/group_vars/mbr.yml @@ -104,6 +104,7 @@ base_home: /home # vars used by roles/common/tasks/nis-install-client.yml # ========== + # used by templates # - yp.conf.j2 # - defaultdomain.j2 @@ -122,24 +123,24 @@ nis_groups: group_id: 1100 - name: mbr-buero group_id: 1200 - - name: mbr-finanzen + - name: mbr-finanzen-personal group_id: 1210 - - name: mbr-personal - group_id: 1220 - name: mbr-kamera group_id: 1250 - name: mbr-admins group_id: 1260 + - name: ag-antisem + group_id: 1270 - name: vdk group_id: 1300 - - name: rias + - name: rias-berlin group_id: 1400 - - name: rias-finanzen-personal - group_id: 1410 - name: rias-berlin-finanzen-personal group_id: 1420 - name: rias-bund group_id: 1430 + - name: rias-bund-finanzen-personal + group_id: 1410 - name: bgn group_id: 1500 - name: bgn-finanzen-personal @@ -154,6 +155,16 @@ nis_groups: group_id: 1800 - name: all-users group_id: 1900 + - name: betriebsrat + group_id: 2000 + + + +#nis_groups: +# - name: mbr-finanzen (wird zu vdk) +# group_id: 1210 +# - name: mbr-personal (wird zu mbr-finanzen-personal) +# group_id: 1220 remove_nis_users: [] #remove_nis_users: @@ -164,23 +175,25 @@ nis_user: - name: chris groups: - - all-users + - technik - mbr-buero - - mbr-finanzen - - mbr-personal + - mbr-finanzen-personal - mbr-kamera - mbr-admins + - ag-antisem - vdk - - rias - - rias-finanzen-personal + - rias-berlin - rias-berlin-finanzen-personal - rias-bund + - rias-bund-finanzen-personal - bgn - bgn-finanzen-personal - regishut - regishut-personal-finanzen - buero-scan - bmb + - all-users + - betriebsrat is_samba_user: true password: !vault | $ANSIBLE_VAULT;1.1;AES256 @@ -192,124 +205,208 @@ nis_user: - name: lokaladmin groups: - - all-users + - technik - mbr-buero - - mbr-finanzen - - mbr-personal + - mbr-finanzen-personal - mbr-kamera - mbr-admins + - ag-antisem - vdk - - rias - - rias-finanzen-personal + - rias-berlin - rias-berlin-finanzen-personal - rias-bund + - rias-bund-finanzen-personal - bgn - bgn-finanzen-personal - regishut - regishut-personal-finanzen - buero-scan - bmb + - all-users + - betriebsrat is_samba_user: true password: 'd4r1usz' - name: sysadm groups: - - all-users + - technik - mbr-buero - - mbr-finanzen - - mbr-personal + - mbr-finanzen-personal - mbr-kamera - mbr-admins + - ag-antisem - vdk - - rias - - rias-finanzen-personal + - rias-berlin - rias-berlin-finanzen-personal - rias-bund + - rias-bund-finanzen-personal - bgn - bgn-finanzen-personal - regishut - regishut-personal-finanzen - buero-scan - bmb + - all-users + - betriebsrat is_samba_user: true password: 'KPk_Wf2F' - - name: alexander.lorenz.milord + - name: axis groups: - - all-users - - mbr-buero - - buero-scan - - regishut - - regishut-personal-finanzen + - mbr-kamera is_samba_user: true - password: 'R3GI_20_poliz_!' + password: '20_axis_16' - - name: alexander.rasumny - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'twT9Rjbv9mjq' - - - name: alexander.steder - groups: - - all-users - - regishut - - regishut-personal-finanzen - - buero-scan - is_samba_user: true - password: 'SHUT_20_s3nc3!' - - - name: anna.mueller1 - groups: - - all-users - - mbr-buero - - buero-scan - - technik - is_samba_user: true - password: '5xp5ll9ar13us!' +# --- +# Verwaltung +# --- - name: anne groups: - all-users - - mbr-buero - - mbr-finanzen - - mbr-personal - - mbr-kamera - - mbr-admins + - buero-scan - vdk - - rias - - rias-finanzen-personal - - rias-berlin-finanzen-personal - - rias-bund - bgn - bgn-finanzen-personal - - buero-scan + - mbr-buero + - mbr-finanzen-personal + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + - regishut + - regishut-personal-finanzen is_samba_user: true password: 'YA!LiLiC0MP5' - - name: axis + - name: bianca groups: - all-users - - mbr-buero - buero-scan + - technik + - ag-antisem + - vdk + - bgn + - bgn-finanzen-personal + - bmb + - mbr-buero + - mbr-finanzen-personal + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + - regishut + - regishut-personal-finanzen is_samba_user: true - password: '20_axis_16' + password: '73_BiBole_29' - - name: benjamin + - name: pierre.ahrent groups: - all-users - - mbr-buero - - vdk - - rias - - rias-finanzen-personal - - rias-berlin-finanzen-personal - - rias-bund - buero-scan - technik is_samba_user: true - password: 'C2-0U#ch' + password: 'GYiI3-s/_7wG' + + - name: birgit.erhardt + groups: + - all-users + - buero-scan + - vdk + - bgn + - bgn-finanzen-personal + - mbr-buero + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + is_samba_user: true + password: '20_purpel!rain_17' + + - name: christina.wendt + groups: + - all-users + - buero-scan + - vdk + - bgn + - bgn-finanzen-personal + - mbr-buero + - mbr-finanzen-personal + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + - regishut + - regishut-personal-finanzen + is_samba_user: true + password: '8!Varianten' + + - name: janine.budich + groups: + - all-users + - buero-scan + - technik + - ag-antisem + - vdk + - bgn + - bgn-finanzen-personal + - bmb + - mbr-buero + - mbr-finanzen-personal + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + - regishut + - regishut-personal-finanzen + is_samba_user: true + password: 'LoS_r3f_20_AS!' + + - name: isabell.wiesner + groups: + - all-users + - buero-scan + - vdk + - bgn + - bgn-finanzen-personal + - mbr-buero + - mbr-finanzen-personal + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + - regishut + - regishut-personal-finanzen + is_samba_user: true + password: 'XY_bunt_2020!' + + - name: leonie.rupp + groups: + - all-users + - buero-scan + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + is_samba_user: true + password: '3jzs.wv-4TX/' + + - name: swetlana.nikitenko + groups: + - all-users + - buero-scan + - vdk + - bgn-finanzen-personal + - mbr-finanzen-personal + - rias-bund-finanzen-personal + - rias-berlin-finanzen-personal + - regishut-personal-finanzen + is_samba_user: true + password: 'Ji53-dA.nwGz' + +# --- +# BgN +# --- - name: bgn_mitarbeiter_in_3 groups: @@ -318,519 +415,493 @@ nis_user: is_samba_user: true password: 'frueh_FREI_22!' - - name: bianca + - name: laura.berner groups: - all-users - - mbr-buero - - mbr-finanzen - - mbr-personal - - mbr-kamera - - mbr-admins - - vdk - - rias - - rias-finanzen-personal - - rias-berlin-finanzen-personal - - rias-bund + - buero-scan - bgn - bgn-finanzen-personal - - regishut - - regishut-personal-finanzen + - mbr-buero + is_samba_user: true + password: 'WAS_22_informi3r3n!' + +# - name: lena.mahler +# groups: +# - all-users +# - buero-scan +# - bgn +# is_samba_user: true +# password: 'YZ_bgn_2020!' + + - name: ulf.balmer + groups: + - all-users + - buero-scan + - technik + - bgn + - bgn-finanzen-personal + - mbr-buero + is_samba_user: true + password: 'ALL3_e6ene#' + + +# --- +# BMB +# --- + + - name: jennifer.pross + groups: + - all-users - buero-scan - bmb - - technik is_samba_user: true - password: '73_BiBole_29' + password: 'V-S9Y/R+Am7H' - - name: bianca.loy +# --- +# MBR +# --- + + - name: anna.mueller1 groups: - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'ctnrk3CczcJ9' - - - name: birgit.erhardt - groups: - - all-users - - mbr-buero - - mbr-finanzen - - rias - - rias-finanzen-personal - - rias-berlin-finanzen-personal - - rias-bund - - vdk - - buero-scan - is_samba_user: true - password: '20_purpel!rain_17' - - - name: bjoern.renkewitz - groups: - - all-users - - mbr-buero - buero-scan - technik - is_samba_user: true - password: 'Tz9-Wq-51' - - - name: christina.wendt - groups: - - all-users + - betriebsrat - mbr-buero - - mbr-personal - - mbr-finanzen - - vdk - - rias - - rias-finanzen-personal - - rias-berlin-finanzen-personal - - rias-bund - - bgn-finanzen-personal - - regishut - - regishut-personal-finanzen - - buero-scan - - technik is_samba_user: true - password: '8!Varianten' - - - name: swetlana.nikitenko - groups: - - all-users - - mbr-buero - - mbr-personal - - mbr-finanzen - - vdk - - rias-finanzen-personal - - rias-berlin-finanzen-personal - - rias-bund - - bgn-finanzen-personal - - regishut - - regishut-personal-finanzen - - buero-scan - - technik - is_samba_user: true - password: 'Ji53-dA.nwGz' - - - name: colin.kaggl - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: '3ZvY-I3-Z.2v' - - - name: daniel.poensgen - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'rcMRCm7jcpbp' + password: '5xp5ll9ar13us!' - name: doku.mbr2 groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: '*M0ss4d*' - name: doku.mbr4 groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: 'PwmNvPh9KM4T' - name: doku.mbr5 groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: 'G6Hz.ev/e24E' - - name: dora.streibl - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: '6jA,nmD,fdK!' - - - name: dorina.feldmann - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: '17?4XPQ_!abc' - - name: felix.mueller groups: - all-users - - mbr-buero - buero-scan + - technik + - mbr-buero is_samba_user: true password: 'U_i5zAR5H+ti' - - name: franz.mohorn - groups: - - buero-scan - is_samba_user: true - - password: 'Kq5/b.4uWZIV' - - name: frederick.kannenberg - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'riasFK2019!#' - - name: hamid.mohseni groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: 'TFhCW9J4Vn4F' - name: honorar.mbr1 groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: '_F313r4b3nd*' - name: honorar.mbr2 groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: 'kQviLU-4rA_2' - - name: honorar.rias1 - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: '6jA,nmD,fdK!' - - name: isabella.greif groups: - - mbr-buero + - all-users - buero-scan + - mbr-buero is_samba_user: true password: '5zv-Bo2.Cio9' - - name: isabell.wiesner - groups: - - all-users - - mbr-buero - - mbr-finanzen - - vdk - - rias - - rias-finanzen-personal - - rias-berlin-finanzen-personal - - rias-bund - - bgn-finanzen-personal - - regishut - - regishut-personal-finanzen - - buero-scan - - technik - is_samba_user: true - password: 'XY_bunt_2020!' - - - name: jennifer.pross - groups: - - all-users - - bmb - is_samba_user: true - password: 'V-S9Y/R+Am7H' - - - name: janine.budich - groups: - - all-users - - mbr-buero - - mbr-finanzen - - mbr-personal - - buero-scan - - technik - is_samba_user: true - password: 'LoS_r3f_20_AS!' - - name: johannes.radke groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: 'Furzf4brik!' + - name: judith.heinmueller groups: - all-users - - mbr-buero - buero-scan + - betriebsrat + - mbr-buero is_samba_user: true password: 't32_aHxV.' - - name: julia.kopp - groups: - - all-users - - mbr-buero - - buero-scan - - rias-berlin-finanzen-personal - is_samba_user: true - password: '-a2%3bTzkW.A' - - - name: julius.gruber - groups: - - all-users - - mbr-buero - - buero-scan - - rias - is_samba_user: true - password: 'uY-SbLux-4a9' - - - name: katharina.zachrau - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: '3X.mf/U3NXKe' - - name: kerstin.kuballa groups: - all-users - - mbr-buero - buero-scan + - ag-antisem + - mbr-buero is_samba_user: true password: 'sVY2_2t+a+db' - - name: laura.berner - groups: - - all-users - - mbr-buero - - buero-scan - - bgn-finanzen-personal - is_samba_user: true - password: 'WAS_22_informi3r3n!' - - - name: lavinia.schwedersky - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'xJw.3R9vKf/N' - - - name: lena.mahler - groups: - - all-users - - mbr-buero - - bgn - - bgn-finanzen-personal - - buero-scan - is_samba_user: true - password: 'YZ_bgn_2020!' - - - name: leonie.rupp - groups: - - all-users - - mbr-buero - - rias-bund - - buero-scan - is_samba_user: true - password: '3jzs.wv-4TX/' - - - name: linda.giesel - groups: - - all-users - - buero-scan - - regishut - - regishut-personal-finanzen - is_samba_user: true - password: 'SHUT_20_s3nc3!' +# - name: lavinia.schwedersky +# groups: +# - all-users +# - buero-scan +# - mbr-buero +# is_samba_user: true +# password: 'xJw.3R9vKf/N' - name: manja.kasten groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: 'Rasili_&n' - - name: marc.schwietring - groups: - - all-users - - mbr-buero - - buero-scan - - regishut - - regishut-personal-finanzen - is_samba_user: true - password: '69UnNr-g.ZuQ' - - - name: marco.siegmund - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'fTy-AY52.F-p' - - name: mathias groups: - all-users - - mbr-buero - buero-scan + - ag-antisem + - mbr-buero is_samba_user: true password: 'p3r*45p3r4*4d*45tr4m' - name: matthias.mueller groups: - all-users - - mbr-buero - - mbr-personal - buero-scan + - ag-antisem + - betriebsrat + - mbr-buero is_samba_user: true password: 'V1v@H@f3rdr1nk' - name: michael.sulies groups: - all-users - - mbr-buero - buero-scan + - ag-antisem + - mbr-buero is_samba_user: true password: 'Cryst4lp4l4c3' - name: nina.rink groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: 'BMW_mobit_2020!' - - name: pia.lamberty - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'oasd31*as+Q%' - - - name: pierre.ahrent - groups: - - all-users - - mbr-buero - - buero-scan - - technik - is_samba_user: true - password: 'GYiI3-s/_7wG' - - - name: praktikum.bgn1 - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'MPL_baerin_20!' - - name: praktikum.mbr1 groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: '2001_RAT_urban!' - name: praktikum.mbr2 groups: - all-users - - mbr-buero - buero-scan + - mbr-buero is_samba_user: true password: '20praktikum213' +# - name: samuel.signer +# groups: +# - all-users +# - buero-scan +# - mbr-buero +# is_samba_user: true +# password: 'S4mmyC0mput3r!' + + - name: simon + groups: + - all-users + - buero-scan + - ag-antisem + - mbr-buero + is_samba_user: true + password: 'S4u3rkr4ut!' + +# --- +# RIAS Berlin und Bund +# --- + + - name: alexander.rasumny + groups: + - all-users + - buero-scan + - rias-bund + - rias-berlin + is_samba_user: true + password: 'twT9Rjbv9mjq' + + - name: benjamin + groups: + - all-users + - buero-scan + - technik + - ag-antisem + - rias-bund + - rias-bund-finanzen-personal + - rias-berlin + - rias-berlin-finanzen-personal + is_samba_user: true + password: 'C2-0U#ch' + + - name: bianca.loy + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: 'ctnrk3CczcJ9' + +# - name: bjoern.renkewitz +# groups: +# - all-users +# - buero-scan +# - rias-bund +# - rias-berlin +# is_samba_user: true +# password: 'Tz9-Wq-51' + + - name: colin.kaggl + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: '3ZvY-I3-Z.2v' + + - name: daniel.poensgen + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: 'rcMRCm7jcpbp' + + - name: dora.streibl + groups: + - all-users + - buero-scan + - technik + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: '6jA,nmD,fdK!' + +# - name: dorina.feldmann +# groups: +# - all-users +# - buero-scan +# - rias-bund +# - rias-berlin +# is_samba_user: true +# password: '17?4XPQ_!abc' + + - name: franz.mohorn + groups: + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + + password: 'Kq5/b.4uWZIV' + - name: frederick.kannenberg + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: 'riasFK2019!#' + + - name: honorar.rias1 + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: '6jA,nmD,fdK!' + + - name: julia.kopp + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: '-a2%3bTzkW.A' + + - name: julius.gruber + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: 'uY-SbLux-4a9' + + - name: katharina.zachrau + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: '3X.mf/U3NXKe' + + - name: marco.siegmund + groups: + - all-users + - buero-scan + - ag-antisem + - rias-bund + - rias-berlin + is_samba_user: true + password: 'fTy-AY52.F-p' + +# - name: pia.lamberty +# groups: +# - all-users +# - buero-scan +# - rias-bund +# - rias-berlin +# is_samba_user: true +# password: 'oasd31*as+Q%' + - name: praktikum.rias1 groups: - all-users - - mbr-buero - buero-scan + - ag-antisem + - rias-bund + - rias-berlin is_samba_user: true password: '7z7F%d3cv_dfjz' - name: praktikum.rias2 groups: - all-users - - mbr-buero - buero-scan + - ag-antisem + - rias-bund + - rias-berlin is_samba_user: true password: 'Q56V.6kf/JLQ' - name: ruth.hatlapa groups: - all-users - - mbr-buero - buero-scan - - rias-berlin-finanzen-personal + - technik + - ag-antisem + - rias-bund + - rias-berlin is_samba_user: true password: 'q2Sc.C7-6hZR' - - name: samuel.signer - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'S4mmyC0mput3r!' - - - name: scan - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: '20scan13' - - - name: simon - groups: - - all-users - - mbr-buero - - buero-scan - is_samba_user: true - password: 'S4u3rkr4ut!' - - name: tanja.kinzel groups: - all-users - - mbr-buero - buero-scan + - ag-antisem + - rias-bund + - rias-berlin is_samba_user: true password: 'sd7/SAqzU+Qi' - name: till.hendlmeier groups: - all-users - - mbr-buero - buero-scan + - ag-antisem + - rias-bund + - rias-berlin is_samba_user: true password: '3/+v_7AGivxc' - - name: ulf.balmer + +# --- +# Regishut +# --- + + - name: alexander.lorenz.milord groups: - all-users - - mbr-buero - - bgn - - bgn-finanzen-personal - buero-scan - technik + - regishut + - regishut-personal-finanzen is_samba_user: true - password: 'ALL3_e6ene#' + password: 'R3GI_20_poliz_!' + + - name: alexander.steder + groups: + - all-users + - buero-scan + - regishut + is_samba_user: true + password: 'SHUT_20_s3nc3!' + + #- name: linda.giesel + # groups: + # - all-users + # - buero-scan + # - regishut + # - regishut-personal-finanzen + # is_samba_user: true + # password: 'SHUT_20_s3nc3!' + + #- name: marc.schwietring + # groups: + # - all-users + # - buero-scan + # - regishut + # - regishut-personal-finanzen + # is_samba_user: true + # password: '69UnNr-g.ZuQ' + # ========== @@ -868,99 +939,13 @@ samba_server_cidr_prefix: 24 samba_workgroup: MBR samba_netbios_name: FILE-MBR + + samba_shares: - - name: Technik-und-Sicherheit - path: /data/shares/Technik-und-Sicherheit - group_valid_users: technik - group_write_list: technik - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anna.mueller1 - - benjamin - - bianca - - bjoern.renkewitz - - christina.wendt - - isabell.wiesner - - janine.budich - - pierre.ahrent - - swetlana.nikitenko - - sysadm - - ulf.balmer - - - - name: Arbeitsrechtliches - path: /data/shares/Arbeitsrechtliches - group_valid_users: mbr-finanzen - group_write_list: mbr-finanzen - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anne - - bianca - - birgit.erhardt - - christina.wendt - - chris - - isabell.wiesner - - janine.budich - - swetlana.nikitenko - - sysadm - - - name: Ausschreibungen - path: /data/shares/Ausschreibungen - group_valid_users: mbr-personal - group_write_list: mbr-personal - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anne - - bianca - - christina.wendt - - chris - - matthias.mueller - - janine.budich - - swetlana.nikitenko - - sysadm - - - name: BGN-Finanzen-Personal - path: /data/shares/BGN-Finanzen-Personal - group_valid_users: bgn-finanzen-personal - group_write_list: bgn-finanzen-personal - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anne - - bianca - - christina.wendt - - chris - - isabell.wiesner - - lena.mahler - - swetlana.nikitenko - - sysadm - - ulf.balmer - - - name: BMB - path: /data/shares/BMB - group_valid_users: bmb - group_write_list: bmb - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - chris - - bianca - - jennifer.pross - - sysadm +# --- +# Bürogemeinschaft +# --- - name: Buero-Organisation path: /data/shares/Buero-Organisation @@ -970,153 +955,6 @@ samba_shares: dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - alexander.steder - - anna.mueller1 - - anne - - benjamin - - bgn_mitarbeiter_in_3 - - bianca - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - colin.kaggl - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dora.streibl - - dorina.feldmann - - frederick.kannenberg - - felix.mueller - - hamid.mohseni - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - katharina.zachrau - - kerstin.kuballa - - laura.berner - - lavinia.schwedersky - - lena.mahler - - linda.giesel - - leonie.rupp - - manja.kasten - - marc.schwietring - - marco.siegmund - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer - - - name: BVV-Projekt - path: /data/shares/BVV-Projekt - group_valid_users: mbr-buero - group_write_list: mbr-buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - anna.mueller1 - - anne - - benjamin - - bianca - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - colin.kaggl - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dora.streibl - - dorina.feldmann - - felix.mueller - - frederick.kannenberg - - hamid.mohseni - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - julius.gruber - - katharina.zachrau - - kerstin.kuballa - - lavinia.schwedersky - - lena.mahler - - leonie.rupp - - manja.kasten - - marc.schwietring - - marco.siegmund - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer - - - name: Finanzen - path: /data/shares/Finanzen - group_valid_users: mbr-finanzen - group_write_list: mbr-finanzen - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anne - - bianca - - birgit.erhardt - - christina.wendt - - chris - - isabell.wiesner - - janine.budich - - swetlana.nikitenko - - sysadm - name: Install path: /data/shares/Install @@ -1124,10 +962,6 @@ samba_shares: group_write_list: mbr-admins file_create_mask: '0660' dir_create_mask: '2770' - user: - - chris - - sysadm - - lokaladmin - name: Kamera path: /data/shares/Kamera @@ -1135,307 +969,6 @@ samba_shares: group_write_list: mbr-kamera file_create_mask: '0660' dir_create_mask: '2770' - user: - - anne - - axis - - bianca - - chris - - sysadm - - - name: MBR - path: /data/shares/MBR - group_valid_users: mbr-buero - group_write_list: mbr-buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - anna.mueller1 - - anne - - benjamin - - bianca - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - colin.kaggl - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dorina.feldmann - - dora.streibl - - felix.mueller - - frederick.kannenberg - - hamid.mohseni - - isabella.greif - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - julius.gruber - - katharina.zachrau - - kerstin.kuballa - - lavinia.schwedersky - - lena.mahler - - leonie.rupp - - manja.kasten - - marc.schwietring - - marco.siegmund - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer - - - name: Mobilisierungsplattform - path: /data/shares/Mobilisierungsplattform - group_valid_users: mbr-buero - group_write_list: mbr-buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - anna.mueller1 - - anne - - benjamin - - bianca - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - colin.kaggl - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dora.streibl - - dorina.feldmann - - frederick.kannenberg - - felix.mueller - - hamid.mohseni - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - julius.gruber - - katharina.zachrau - - kerstin.kuballa - - laura.berner - - lavinia.schwedersky - - lena.mahler - - leonie.rupp - - manja.kasten - - marc.schwietring - - marco.siegmund - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer - - - name: Regishut - path: /data/shares/Regishut - group_valid_users: regishut - group_write_list: regishut - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - alexander.steder - - alexander.lorenz.milord - - benjamin - - bianca - - christina.wendt - - isabell.wiesner - - linda.giesel - - marc.schwietring - - swetlana.nikitenko - - sysadm - - - name: Regishut-Personal-Finanzen - path: /data/shares/Regishut-Personal-Finanzen - group_valid_users: regishut-personal-finanzen - group_write_list: regishut-personal-finanzen - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - benjamin - - bianca - - christina.wendt - - isabell.wiesner - - linda.giesel - - marc.schwietring - - swetlana.nikitenko - - sysadm - - - name: RIAS - path: /data/shares/RIAS - group_valid_users: mbr-buero - group_write_list: mbr-buero - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - anna.mueller1 - - anne - - benjamin - - bianca - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - colin.kaggl - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dora.streibl - - dorina.feldmann - - felix.mueller - - hamid.mohseni - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - julius.gruber - - katharina.zachrau - - kerstin.kuballa - - lavinia.schwedersky - - lena.mahler - - leonie.rupp - - manja.kasten - - marc.schwietring - - marco.siegmund - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer - - - name: RIAS-Berlin-Finanzen-Personal - path: /data/shares/RIAS-Berlin-Finanzen-Personal - group_valid_users: rias-berlin-finanzen-personal - group_write_list: rias-berlin-finanzen-personal - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anne - - bianca - - christina.wendt - - julia.kopp - - ruth.hatlapa - - - name: RIAS-Bund - path: /data/shares/RIAS-Bund - group_valid_users: rias-bund - group_write_list: rias-bund - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anne - - benjamin - - bianca - - birgit.erhardt - - chris - - christina.wendt - - isabell.wiesner - - leonie.rupp - - swetlana.nikitenko - - sysadm - - - name: RIAS-Finanzen-Personal - path: /data/shares/RIAS-Finanzen-Personal - group_valid_users: rias-finanzen-personal - group_write_list: rias-finanzen-personal - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - anne - - bianca - - benjamin - - birgit.erhardt - - christina.wendt - - chris - - isabell.wiesner - - swetlana.nikitenko - - sysadm - name: SCAN path: /data/shares/SCAN @@ -1445,135 +978,130 @@ samba_shares: dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - alexander.steder - - anna.mueller1 - - anne - - benjamin - - bianca - - bgn_mitarbeiter_in_3 - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dora.streibl - - dorina.feldmann - - franz.mohorn - - frederick.kannenberg - - felix.mueller - - hamid.mohseni - - isabella.greif - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - katharina.zachrau - - kerstin.kuballa - - laura.berner - - lavinia.schwedersky - - lena.mahler - - leonie.rupp - - linda.giesel - - manja.kasten - - marco.siegmund - - marc.schwietring - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer + + - name: Technik-und-Sicherheit + path: /data/shares/Technik-und-Sicherheit + group_valid_users: technik + group_write_list: technik + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: AG-Antisemitismus + path: /data/shares/AG-Antisemitismus + group_valid_users: ag-antisem + group_write_list: ag-antisem + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + +# --- +# VDK +# --- + + - name: Arbeitsrechtliches + path: /data/shares/Arbeitsrechtliches + group_valid_users: vdk + group_write_list: vdk + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: Finanzen + path: /data/shares/Finanzen + group_valid_users: vdk + group_write_list: vdk + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' - name: VDK path: /data/shares/VDK + group_valid_users: vdk + group_write_list: vdk + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: Betriebsrat + path: /data/shares/Betriebsrat + group_valid_users: betriebsrat + group_write_list: betriebsrat + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + +# --- +# BgN +# --- + + - name: BGN-Finanzen-Personal + path: /data/shares/BGN-Finanzen-Personal + group_valid_users: bgn-finanzen-personal + group_write_list: bgn-finanzen-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: Mobilisierungsplattform + path: /data/shares/Mobilisierungsplattform + group_valid_users: bgn + group_write_list: bgn + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + +# --- +# BMB +# --- + + - name: BMB + path: /data/shares/BMB + group_valid_users: bmb + group_write_list: bmb + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + +# --- +# MBR +# --- + + - name: MBR-Finanzen-Personal + path: /data/shares/MBR-Finanzen-Personal + group_valid_users: mbr-finanzen-personal + group_write_list: mbr-finanzen-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: BVV-Projekt + path: /data/shares/BVV-Projekt + group_valid_users: mbr-buero + group_write_list: mbr-buero + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: MBR + path: /data/shares/MBR group_valid_users: mbr-buero group_write_list: mbr-buero file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - anna.mueller1 - - anne - - benjamin - - bianca - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - colin.kaggl - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dora.streibl - - dorina.feldmann - - felix.mueller - - frederick.kannenberg - - hamid.mohseni - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - julius.gruber - - katharina.zachrau - - kerstin.kuballa - - lavinia.schwedersky - - lena.mahler - - leonie.rupp - - manja.kasten - - marc.schwietring - - marco.siegmund - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer - name: Video path: /data/shares/Video @@ -1583,65 +1111,70 @@ samba_shares: dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - user: - - alexander.lorenz.milord - - alexander.rasumny - - anna.mueller1 - - anne - - benjamin - - bianca - - birgit.erhardt - - bjoern.renkewitz - - christina.wendt - - chris - - colin.kaggl - - daniel.poensgen - - doku.mbr2 - - doku.mbr4 - - doku.mbr5 - - dora.streibl - - dorina.feldmann - - felix.mueller - - frederick.kannenberg - - hamid.mohseni - - isabella.greif - - isabell.wiesner - - janine.budich - - johannes.radke - - judith.heinmueller - - julia.kopp - - julius.gruber - - katharina.zachrau - - kerstin.kuballa - - lavinia.schwedersky - - lena.mahler - - leonie.rupp - - manja.kasten - - marc.schwietring - - marco.siegmund - - mathias - - matthias.mueller - - michael.sulies - - pia.lamberty - - honorar.mbr1 - - honorar.mbr2 - - nina.rink - - praktikum.bgn1 - - praktikum.mbr1 - - praktikum.mbr2 - - praktikum.rias1 - - bianca.loy - - praktikum.rias2 - - honorar.rias1 - - ruth.hatlapa - - samuel.signer - - scan - - simon - - swetlana.nikitenko - - sysadm - - tanja.kinzel - - till.hendlmeier - - ulf.balmer + +# --- +# RIAS +# --- + + - name: RIAS-Berlin + path: /data/shares/RIAS-Berlin + group_valid_users: rias-berlin + group_write_list: rias-berlin + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: RIAS-Berlin-Finanzen-Personal + path: /data/shares/RIAS-Berlin-Finanzen-Personal + group_valid_users: rias-berlin-finanzen-personal + group_write_list: rias-berlin-finanzen-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: RIAS-Bund + path: /data/shares/RIAS-Bund + group_valid_users: rias-bund + group_write_list: rias-bund + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: RIAS-Bund-Finanzen-Personal + path: /data/shares/RIAS-Finanzen-Personal + group_valid_users: rias-bund-finanzen-personal + group_write_list: rias-bund-finanzen-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + +# --- +# Regishut +# --- + + - name: Regishut + path: /data/shares/Regishut + group_valid_users: regishut + group_write_list: regishut + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + - name: Regishut-Personal-Finanzen + path: /data/shares/Regishut-Personal-Finanzen + group_valid_users: regishut-personal-finanzen + group_write_list: regishut-personal-finanzen + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + + # ========== diff --git a/group_vars/mbr.yml.2023-04-12 b/group_vars/mbr.yml.2023-04-12 new file mode 100644 index 0000000..b4ea041 --- /dev/null +++ b/group_vars/mbr.yml.2023-04-12 @@ -0,0 +1,1629 @@ +--- + +# ========== +# vars used by roles/common/tasks/basic.yml +# ========== + + +# ========== +# vars used by roles/common/tasks/sshd.yml +# ========== + +sshd_permit_root_login: !!str "prohibit-password" + + +# ========== +# vars used by roles/common/tasks/apt.yml +# ========== + + +# ========== +# vars used by roles/common/tasks/git.yml +# ========== + + +# ========== +# vars used by roles/common/tasks/cups-install.yml +# ========== + + +# ========== +# vars used by roles/common/tasks/ntp.yml +# ========== + +# name or ip-adress from the (local) ntp server, mostly the gateway +# +ntp_server: gw-mbr.mbr-bln.netz + + +# ========== +# vars used by roles/common/tasks/nfs.yml +# ========== + +nfs_server: 192.168.112.10 + +# Set 'fs_encrypted' to true if filesystem lives on an encrypted +# partition. +# +# NOTE !! +# Take car to increase 'fsid' in case of more than one export +# +nfs_exports: + - src: 192.168.112.10:/data/home + path: /data/home + mount_opts: users,rsize=8192,wsize=8192,hard,intr + export_opt: rw,root_squash,sync,subtree_check + export_networks: + - 192.168.112.0/24 + - 10.0.112.0/24 + - 10.1.112.0/24 + - 192.168.63.0/24 + use_fsid_option: true + + - src: 192.168.112.10:/data/shares + path: /data/shares + mount_opts: users,rsize=8192,wsize=8192,hard,intr + export_opt: rw,root_squash,sync,subtree_check + export_networks: + - 192.168.112.0/24 + - 10.0.112.0/24 + - 10.1.112.0/24 + - 192.168.63.0/24 + use_fsid_option: true + + +# ========== +# vars used by roles/common/tasks/system-user.yml +# ========== + +# ! Notice ! +# +# On NIS supported Server put your users and groups in the +# appropriate section for playbook 'nis-user.yml' +# +# ! Notice ! + +remove_system_users: [] +#remove_system_users: +# - name: test +# - name: jennifer.prost + +system_users: [] +#system_users: +# - name: sysadm +# password: '9xFXkdPR_2' + +system_groups: [] + +base_home: /home + + +# ========== +# vars used by roles/common/tasks/nis-install-server.yml +# vars used by roles/common/tasks/nis-user.yml +# vars used by roles/common/tasks/nis-install-client.yml +# ========== + +# used by templates +# - yp.conf.j2 +# - defaultdomain.j2 +nis_domain: mbr-bln.netz + +# also used by template +# - yp.conf.j2 +nis_server_address: 192.168.112.10 + +nis_server_name: file-mbr.mbr-bln.netz + +nis_base_home: /data/home + +nis_groups: + - name: technik + group_id: 1100 + - name: mbr-buero + group_id: 1200 + - name: mbr-finanzen + group_id: 1210 + - name: mbr-personal + group_id: 1220 + - name: mbr-kamera + group_id: 1250 + - name: mbr-admins + group_id: 1260 + - name: vdk + group_id: 1300 + - name: rias + group_id: 1400 + - name: rias-finanzen-personal + group_id: 1410 + - name: rias-berlin-finanzen-personal + group_id: 1420 + - name: rias-bund + group_id: 1430 + - name: bgn + group_id: 1500 + - name: bgn-finanzen-personal + group_id: 1510 + - name: regishut + group_id: 1600 + - name: regishut-personal-finanzen + group_id: 1610 + - name: buero-scan + group_id: 1700 + - name: bmb + group_id: 1800 + - name: all-users + group_id: 1900 + +#remove_nis_users: [] +remove_nis_users: + - name: lavinia.schwedersky + - name: samuel.signer + - name: bjoern.renkewitz + - name: dorina.feldmann + - name: pia.lamberty + - name: linda.giesel + - name: lena.mahler + - name: marc.schwietring + +nis_user: + + - name: chris + groups: + - all-users + - mbr-buero + - mbr-finanzen + - mbr-personal + - mbr-kamera + - mbr-admins + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn + - bgn-finanzen-personal + - regishut + - regishut-personal-finanzen + - buero-scan + - bmb + is_samba_user: true + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35653838343532663632326462656437363665316337316336316335383263633630616638313736 + 3937666561356232666136646435613361336437303637360a353561316633373265323931623565 + 32643966373962313334343565643130373535353238316161623837333130353231343332663930 + 3638386337333636390a393738373935646638383237373663376434366361363938346335663438 + 6637 + + - name: lokaladmin + groups: + - all-users + - mbr-buero + - mbr-finanzen + - mbr-personal + - mbr-kamera + - mbr-admins + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn + - bgn-finanzen-personal + - regishut + - regishut-personal-finanzen + - buero-scan + - bmb + is_samba_user: true + password: 'd4r1usz' + + - name: sysadm + groups: + - all-users + - mbr-buero + - mbr-finanzen + - mbr-personal + - mbr-kamera + - mbr-admins + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn + - bgn-finanzen-personal + - regishut + - regishut-personal-finanzen + - buero-scan + - bmb + is_samba_user: true + password: 'KPk_Wf2F' + + - name: alexander.lorenz.milord + groups: + - all-users + - mbr-buero + - buero-scan + - regishut + - regishut-personal-finanzen + is_samba_user: true + password: 'R3GI_20_poliz_!' + + - name: alexander.rasumny + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'twT9Rjbv9mjq' + + - name: alexander.steder + groups: + - all-users + - regishut + - regishut-personal-finanzen + - buero-scan + is_samba_user: true + password: 'SHUT_20_s3nc3!' + + - name: anna.mueller1 + groups: + - all-users + - mbr-buero + - buero-scan + - technik + is_samba_user: true + password: '5xp5ll9ar13us!' + + - name: anne + groups: + - all-users + - mbr-buero + - mbr-finanzen + - mbr-personal + - mbr-kamera + - mbr-admins + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn + - bgn-finanzen-personal + - buero-scan + is_samba_user: true + password: 'YA!LiLiC0MP5' + + - name: axis + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '20_axis_16' + + - name: benjamin + groups: + - all-users + - mbr-buero + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - buero-scan + - technik + is_samba_user: true + password: 'C2-0U#ch' + + - name: bgn_mitarbeiter_in_3 + groups: + - all-users + - buero-scan + is_samba_user: true + password: 'frueh_FREI_22!' + + - name: bianca + groups: + - all-users + - mbr-buero + - mbr-finanzen + - mbr-personal + - mbr-kamera + - mbr-admins + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn + - bgn-finanzen-personal + - regishut + - regishut-personal-finanzen + - buero-scan + - bmb + - technik + is_samba_user: true + password: '73_BiBole_29' + + - name: bianca.loy + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'ctnrk3CczcJ9' + + - name: birgit.erhardt + groups: + - all-users + - mbr-buero + - mbr-finanzen + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - vdk + - buero-scan + is_samba_user: true + password: '20_purpel!rain_17' + + - name: christina.wendt + groups: + - all-users + - mbr-buero + - mbr-personal + - mbr-finanzen + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn-finanzen-personal + - regishut + - regishut-personal-finanzen + - buero-scan + - technik + is_samba_user: true + password: '8!Varianten' + + - name: swetlana.nikitenko + groups: + - all-users + - mbr-buero + - mbr-personal + - mbr-finanzen + - vdk + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn-finanzen-personal + - regishut + - regishut-personal-finanzen + - buero-scan + - technik + is_samba_user: true + password: 'Ji53-dA.nwGz' + + - name: colin.kaggl + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '3ZvY-I3-Z.2v' + + - name: daniel.poensgen + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'rcMRCm7jcpbp' + + - name: doku.mbr2 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '*M0ss4d*' + + - name: doku.mbr4 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'PwmNvPh9KM4T' + + - name: doku.mbr5 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'G6Hz.ev/e24E' + + - name: dora.streibl + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '6jA,nmD,fdK!' + + - name: felix.mueller + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'U_i5zAR5H+ti' + + - name: franz.mohorn + groups: + - buero-scan + is_samba_user: true + + password: 'Kq5/b.4uWZIV' + - name: frederick.kannenberg + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'riasFK2019!#' + + - name: hamid.mohseni + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'TFhCW9J4Vn4F' + + - name: honorar.mbr1 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '_F313r4b3nd*' + + - name: honorar.mbr2 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'kQviLU-4rA_2' + + - name: honorar.rias1 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '6jA,nmD,fdK!' + + - name: isabella.greif + groups: + - mbr-buero + - buero-scan + is_samba_user: true + password: '5zv-Bo2.Cio9' + + - name: isabell.wiesner + groups: + - all-users + - mbr-buero + - mbr-finanzen + - vdk + - rias + - rias-finanzen-personal + - rias-berlin-finanzen-personal + - rias-bund + - bgn-finanzen-personal + - regishut + - regishut-personal-finanzen + - buero-scan + - technik + is_samba_user: true + password: 'XY_bunt_2020!' + + - name: jennifer.pross + groups: + - all-users + - bmb + is_samba_user: true + password: 'V-S9Y/R+Am7H' + + - name: janine.budich + groups: + - all-users + - mbr-buero + - mbr-finanzen + - mbr-personal + - buero-scan + - technik + is_samba_user: true + password: 'LoS_r3f_20_AS!' + + - name: johannes.radke + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'Furzf4brik!' + - name: judith.heinmueller + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 't32_aHxV.' + + - name: julia.kopp + groups: + - all-users + - mbr-buero + - buero-scan + - rias-berlin-finanzen-personal + is_samba_user: true + password: '-a2%3bTzkW.A' + + - name: julius.gruber + groups: + - all-users + - mbr-buero + - buero-scan + - rias + is_samba_user: true + password: 'uY-SbLux-4a9' + + - name: katharina.zachrau + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '3X.mf/U3NXKe' + + - name: kerstin.kuballa + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'sVY2_2t+a+db' + + - name: laura.berner + groups: + - all-users + - mbr-buero + - buero-scan + - bgn-finanzen-personal + is_samba_user: true + password: 'WAS_22_informi3r3n!' + + - name: leonie.rupp + groups: + - all-users + - mbr-buero + - rias-bund + - buero-scan + is_samba_user: true + password: '3jzs.wv-4TX/' + + - name: manja.kasten + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'Rasili_&n' + + - name: marco.siegmund + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'fTy-AY52.F-p' + + - name: mathias + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'p3r*45p3r4*4d*45tr4m' + + - name: matthias.mueller + groups: + - all-users + - mbr-buero + - mbr-personal + - buero-scan + is_samba_user: true + password: 'V1v@H@f3rdr1nk' + + - name: michael.sulies + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'Cryst4lp4l4c3' + + - name: nina.rink + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'BMW_mobit_2020!' + + - name: pierre.ahrent + groups: + - all-users + - mbr-buero + - buero-scan + - technik + is_samba_user: true + password: 'GYiI3-s/_7wG' + + - name: praktikum.bgn1 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'MPL_baerin_20!' + + - name: praktikum.mbr1 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '2001_RAT_urban!' + + - name: praktikum.mbr2 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '20praktikum213' + + - name: praktikum.rias1 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '7z7F%d3cv_dfjz' + + - name: praktikum.rias2 + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'Q56V.6kf/JLQ' + + - name: ruth.hatlapa + groups: + - all-users + - mbr-buero + - buero-scan + - rias-berlin-finanzen-personal + is_samba_user: true + password: 'q2Sc.C7-6hZR' + + - name: scan + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '20scan13' + + - name: simon + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'S4u3rkr4ut!' + + - name: tanja.kinzel + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: 'sd7/SAqzU+Qi' + + - name: till.hendlmeier + groups: + - all-users + - mbr-buero + - buero-scan + is_samba_user: true + password: '3/+v_7AGivxc' + + - name: ulf.balmer + groups: + - all-users + - mbr-buero + - bgn + - bgn-finanzen-personal + - buero-scan + - technik + is_samba_user: true + password: 'ALL3_e6ene#' + + +# ========== +# vars used by roles/common/tasks/samba-install.yml +# ========== + +samba_server: file-mbr.mbr-bln.netz +samba_server_ip: 192.168.112.10 +samba_server_cidr_prefix: 24 + + +# ========== +# vars used by roles/common/tasks/samba-user.yml +# ========== + +# ! Notice ! +# +# variables used from other previos sections: +# +# - remove_system_users: roles/common/tasks/system-user.yml +# - remove_nis_users: roles/common/tasks/nis-install-server.yml +# - nis_user: roles/common/tasks/nis-install-server.yml + + +# ========== +# vars used by roles/common/tasks/mount_samba_shares.yml +# ========== + +# ! Notice ! +# +# variables used from other previos sections: +# +# - nis_user: roles/common/tasks/nis-install-server.yml + +samba_workgroup: MBR +samba_netbios_name: FILE-MBR + +samba_shares: + + - name: Technik-und-Sicherheit + path: /data/shares/Technik-und-Sicherheit + group_valid_users: technik + group_write_list: technik + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anna.mueller1 + - benjamin + - bianca + - bjoern.renkewitz + - christina.wendt + - isabell.wiesner + - janine.budich + - pierre.ahrent + - swetlana.nikitenko + - sysadm + - ulf.balmer + + + - name: Arbeitsrechtliches + path: /data/shares/Arbeitsrechtliches + group_valid_users: mbr-finanzen + group_write_list: mbr-finanzen + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anne + - bianca + - birgit.erhardt + - christina.wendt + - chris + - isabell.wiesner + - janine.budich + - swetlana.nikitenko + - sysadm + + - name: Ausschreibungen + path: /data/shares/Ausschreibungen + group_valid_users: mbr-personal + group_write_list: mbr-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anne + - bianca + - christina.wendt + - chris + - matthias.mueller + - janine.budich + - swetlana.nikitenko + - sysadm + + - name: BGN-Finanzen-Personal + path: /data/shares/BGN-Finanzen-Personal + group_valid_users: bgn-finanzen-personal + group_write_list: bgn-finanzen-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anne + - bianca + - christina.wendt + - chris + - isabell.wiesner + - lena.mahler + - swetlana.nikitenko + - sysadm + - ulf.balmer + + - name: BMB + path: /data/shares/BMB + group_valid_users: bmb + group_write_list: bmb + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - chris + - bianca + - jennifer.pross + - sysadm + + - name: Buero-Organisation + path: /data/shares/Buero-Organisation + group_valid_users: all-users + group_write_list: all-users + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - alexander.steder + - anna.mueller1 + - anne + - benjamin + - bgn_mitarbeiter_in_3 + - bianca + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - colin.kaggl + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dora.streibl + - dorina.feldmann + - frederick.kannenberg + - felix.mueller + - hamid.mohseni + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - katharina.zachrau + - kerstin.kuballa + - laura.berner + - lavinia.schwedersky + - lena.mahler + - linda.giesel + - leonie.rupp + - manja.kasten + - marc.schwietring + - marco.siegmund + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + - name: BVV-Projekt + path: /data/shares/BVV-Projekt + group_valid_users: mbr-buero + group_write_list: mbr-buero + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - anna.mueller1 + - anne + - benjamin + - bianca + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - colin.kaggl + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dora.streibl + - dorina.feldmann + - felix.mueller + - frederick.kannenberg + - hamid.mohseni + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - julius.gruber + - katharina.zachrau + - kerstin.kuballa + - lavinia.schwedersky + - lena.mahler + - leonie.rupp + - manja.kasten + - marc.schwietring + - marco.siegmund + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + - name: Finanzen + path: /data/shares/Finanzen + group_valid_users: mbr-finanzen + group_write_list: mbr-finanzen + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anne + - bianca + - birgit.erhardt + - christina.wendt + - chris + - isabell.wiesner + - janine.budich + - swetlana.nikitenko + - sysadm + + - name: Install + path: /data/shares/Install + group_valid_users: mbr-admins + group_write_list: mbr-admins + file_create_mask: '0660' + dir_create_mask: '2770' + user: + - chris + - sysadm + - lokaladmin + + - name: Kamera + path: /data/shares/Kamera + group_valid_users: mbr-kamera + group_write_list: mbr-kamera + file_create_mask: '0660' + dir_create_mask: '2770' + user: + - anne + - axis + - bianca + - chris + - sysadm + + - name: MBR + path: /data/shares/MBR + group_valid_users: mbr-buero + group_write_list: mbr-buero + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - anna.mueller1 + - anne + - benjamin + - bianca + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - colin.kaggl + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dorina.feldmann + - dora.streibl + - felix.mueller + - frederick.kannenberg + - hamid.mohseni + - isabella.greif + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - julius.gruber + - katharina.zachrau + - kerstin.kuballa + - lavinia.schwedersky + - lena.mahler + - leonie.rupp + - manja.kasten + - marc.schwietring + - marco.siegmund + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + - name: Mobilisierungsplattform + path: /data/shares/Mobilisierungsplattform + group_valid_users: mbr-buero + group_write_list: mbr-buero + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - anna.mueller1 + - anne + - benjamin + - bianca + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - colin.kaggl + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dora.streibl + - dorina.feldmann + - frederick.kannenberg + - felix.mueller + - hamid.mohseni + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - julius.gruber + - katharina.zachrau + - kerstin.kuballa + - laura.berner + - lavinia.schwedersky + - lena.mahler + - leonie.rupp + - manja.kasten + - marc.schwietring + - marco.siegmund + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + - name: Regishut + path: /data/shares/Regishut + group_valid_users: regishut + group_write_list: regishut + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.steder + - alexander.lorenz.milord + - benjamin + - bianca + - christina.wendt + - isabell.wiesner + - linda.giesel + - marc.schwietring + - swetlana.nikitenko + - sysadm + + - name: Regishut-Personal-Finanzen + path: /data/shares/Regishut-Personal-Finanzen + group_valid_users: regishut-personal-finanzen + group_write_list: regishut-personal-finanzen + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - benjamin + - bianca + - christina.wendt + - isabell.wiesner + - linda.giesel + - marc.schwietring + - swetlana.nikitenko + - sysadm + + - name: RIAS + path: /data/shares/RIAS + group_valid_users: mbr-buero + group_write_list: mbr-buero + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - anna.mueller1 + - anne + - benjamin + - bianca + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - colin.kaggl + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dora.streibl + - dorina.feldmann + - felix.mueller + - hamid.mohseni + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - julius.gruber + - katharina.zachrau + - kerstin.kuballa + - lavinia.schwedersky + - lena.mahler + - leonie.rupp + - manja.kasten + - marc.schwietring + - marco.siegmund + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + - name: RIAS-Berlin-Finanzen-Personal + path: /data/shares/RIAS-Berlin-Finanzen-Personal + group_valid_users: rias-berlin-finanzen-personal + group_write_list: rias-berlin-finanzen-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anne + - bianca + - christina.wendt + - julia.kopp + - ruth.hatlapa + + - name: RIAS-Bund + path: /data/shares/RIAS-Bund + group_valid_users: rias-bund + group_write_list: rias-bund + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anne + - benjamin + - bianca + - birgit.erhardt + - chris + - christina.wendt + - isabell.wiesner + - leonie.rupp + - swetlana.nikitenko + - sysadm + + - name: RIAS-Finanzen-Personal + path: /data/shares/RIAS-Finanzen-Personal + group_valid_users: rias-finanzen-personal + group_write_list: rias-finanzen-personal + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - anne + - bianca + - benjamin + - birgit.erhardt + - christina.wendt + - chris + - isabell.wiesner + - swetlana.nikitenko + - sysadm + + - name: SCAN + path: /data/shares/SCAN + group_valid_users: buero-scan + group_write_list: buero-scan + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - alexander.steder + - anna.mueller1 + - anne + - benjamin + - bianca + - bgn_mitarbeiter_in_3 + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dora.streibl + - dorina.feldmann + - franz.mohorn + - frederick.kannenberg + - felix.mueller + - hamid.mohseni + - isabella.greif + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - katharina.zachrau + - kerstin.kuballa + - laura.berner + - lavinia.schwedersky + - lena.mahler + - leonie.rupp + - linda.giesel + - manja.kasten + - marco.siegmund + - marc.schwietring + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + - name: VDK + path: /data/shares/VDK + group_valid_users: mbr-buero + group_write_list: mbr-buero + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - anna.mueller1 + - anne + - benjamin + - bianca + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - colin.kaggl + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dora.streibl + - dorina.feldmann + - felix.mueller + - frederick.kannenberg + - hamid.mohseni + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - julius.gruber + - katharina.zachrau + - kerstin.kuballa + - lavinia.schwedersky + - lena.mahler + - leonie.rupp + - manja.kasten + - marc.schwietring + - marco.siegmund + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + - name: Video + path: /data/shares/Video + group_valid_users: mbr-buero + group_write_list: mbr-buero + file_create_mask: '0660' + dir_create_mask: '2770' + vfs_object_recycle: true + recycle_path: '@Recycle.Bin' + user: + - alexander.lorenz.milord + - alexander.rasumny + - anna.mueller1 + - anne + - benjamin + - bianca + - birgit.erhardt + - bjoern.renkewitz + - christina.wendt + - chris + - colin.kaggl + - daniel.poensgen + - doku.mbr2 + - doku.mbr4 + - doku.mbr5 + - dora.streibl + - dorina.feldmann + - felix.mueller + - frederick.kannenberg + - hamid.mohseni + - isabella.greif + - isabell.wiesner + - janine.budich + - johannes.radke + - judith.heinmueller + - julia.kopp + - julius.gruber + - katharina.zachrau + - kerstin.kuballa + - lavinia.schwedersky + - lena.mahler + - leonie.rupp + - manja.kasten + - marc.schwietring + - marco.siegmund + - mathias + - matthias.mueller + - michael.sulies + - pia.lamberty + - honorar.mbr1 + - honorar.mbr2 + - nina.rink + - praktikum.bgn1 + - praktikum.mbr1 + - praktikum.mbr2 + - praktikum.rias1 + - bianca.loy + - praktikum.rias2 + - honorar.rias1 + - ruth.hatlapa + - samuel.signer + - scan + - simon + - swetlana.nikitenko + - sysadm + - tanja.kinzel + - till.hendlmeier + - ulf.balmer + + +# ========== +# vars used by roles/common/tasks/system-user-systemfiles.yml +# ========== + +# ! Notice ! +# +# variables used from other previos sections: +# +# - system_users: roles/common/tasks/system-user.yml + + +# ========== +# vars used by roles/common/tasks/nis-user-systemfiles.yml +# ========== + +# ! Notice ! +# +# variables used from other previos sections: +# +# - nis_user: roles/common/tasks/nis-install-server.yml + + +# ========== +# vars used by roles/common/tasks/sudoers-pc.yml +# ========== + +sudo_pc_users: + - chris + - sysadm + - lokaladmin + + +# ========== +# vars used by roles/common/tasks/sudoers-server.yml +# ========== + + +# ========== +# vars used by roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml +# vars used by roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml +# ========== + + +# ========== +# vars used by roles/common/tasks/luks.yml +# ========== + diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 8d113ca..c7606a8 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -116,6 +116,16 @@ tags: - apt-initial-install +- name: (apt.yml) Initial install ubuntu packages (jammy) + apt: + name: "{{ apt_initial_install_jammy }}" + state: "{{ apt_install_state }}" + when: + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "jammy" + tags: + - apt-initial-install + # --- # Microcode @@ -223,6 +233,35 @@ - apt-initial-install - apt-microcode + +- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu jammy) + apt: + name: "{{ microcode_intel_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "jammy" + - ansible_facts['processor']|string is search("Intel") + tags: + - apt-initial-install + - apt-microcode + + +- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu jammy) + apt: + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "jammy" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + # --- # Firmware # --- @@ -298,6 +337,17 @@ tags: - apt-remove +- name: (apt.yml) Remove unwanted packages Ubuntu jammy + apt: + name: "{{ apt_remove_jammy }}" + state: absent + purge: "{{ apt_remove_purge }}" + when: + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "jammy" + tags: + - apt-remove + - name: (apt.yml) autoremove apt: autoremove: true diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 35e09c8..662a533 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -252,6 +252,17 @@ - finish-client-install +- name: "For OS: Ubuntu 22.04LTS, Arch: amd64" + import_tasks: ubuntu-x11vnc-2204-amd64.yml + when: + - ansible_distribution_version == "22.04" + - ansible_architecture == "x86_64" + tags: + - x11vnc + - x11vnc-2204 + - finish-client-install + + #- name: "Configure LUKS" # import_tasks: luks.yml diff --git a/roles/common/tasks/mount_samba_shares.yml b/roles/common/tasks/mount_samba_shares.yml index 0c5ac8f..ba71c0a 100644 --- a/roles/common/tasks/mount_samba_shares.yml +++ b/roles/common/tasks/mount_samba_shares.yml @@ -14,15 +14,15 @@ when: - item.is_samba_user is defined and item.is_samba_user|bool -- name: (mount_samba_shares.yml) Ensure (user separated) mount directories for samba shares exists - file: - path: "/mnt/{{ item.1 }}/{{ item.0.name }}" - owner: "{{ item.1 }}" - group: "{{ item.1 }}" - mode: '0770' - state: directory - with_subelements: - - "{{ samba_shares }}" - - user - loop_control: - label: '{{ item.1 }} share: {{ item.0.name }}' +#- name: (mount_samba_shares.yml) Ensure (user separated) mount directories for samba shares exists +# file: +# path: "/mnt/{{ item.1 }}/{{ item.0.name }}" +# owner: "{{ item.1 }}" +# group: "{{ item.1 }}" +# mode: '0770' +# state: directory +# with_subelements: +# - "{{ samba_shares }}" +# # - user +# loop_control: +# label: '{{ item.1 }} share: {{ item.0.name }}' diff --git a/roles/common/tasks/sudoers-pc.yml b/roles/common/tasks/sudoers-pc.yml index 9604d57..c673b8b 100644 --- a/roles/common/tasks/sudoers-pc.yml +++ b/roles/common/tasks/sudoers-pc.yml @@ -22,11 +22,17 @@ tags: - sudoers-global-configuration +#- name: (sudoers-pc.yml) Ensure all sudo_users are in sudo group +# user: +# name: "{{ item }}" +# groups: sudo +# append: yes +# with_items: "{{ sudo_pc_users }}" +# tags: +# - sudo-users + - name: (sudoers-pc.yml) Ensure all sudo_users are in sudo group - user: - name: "{{ item }}" - groups: sudo - append: yes + shell: usermod -a -G sudo "{{ item }}" with_items: "{{ sudo_pc_users }}" tags: - sudo-users diff --git a/roles/common/tasks/ubuntu-x11vnc-2204-amd64.yml b/roles/common/tasks/ubuntu-x11vnc-2204-amd64.yml new file mode 100644 index 0000000..b13a807 --- /dev/null +++ b/roles/common/tasks/ubuntu-x11vnc-2204-amd64.yml @@ -0,0 +1,71 @@ +--- + # Title: app-x11vnc-server + # + # Author: Luc Rutten + # Version: 1.0 + # File: tasks/main.yml + # + # Description: + # Remote support + # + # Source: + # - http://c-nergy.be/blog/?p=8984 + + - name: "(ubuntu-x11vnc-2204-amd64.yml) Install packages" + apt: + name: "{{ packages }}" + update_cache: yes + state: present + vars: + packages: + - x11vnc + + - name: "(ubuntu-x11vnc-2204-amd64.yml) get numeric id for group 'gdm'" + shell: echo "$(id -u gdm)" + register: grp_id_gdm + + - name: "(ubuntu-x11vnc-2204-amd64.yml) Store password" + raw: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass" + + - name: Check if file '/etc/gdm3/custom.conf' exists + stat: + path: /etc/gdm3/custom.conf + register: etc_gdm_custom_conf_exists + + - name: Adjust file '/etc/gdm3/custom.conf' + lineinfile: + dest: /etc/gdm3/custom.conf + state: present + regexp: '^WaylandEnable' + line: 'WaylandEnable=false' + insertafter: '^#?\s*WaylandEnable' + when: + - etc_gdm_custom_conf_exists.stat.exists + + + - name: "(ubuntu-x11vnc-2204-amd64.yml) Set permissions on /etc/x11vnc.pass" + file: + path: /etc/x11vnc.pass + owner: root + group: root + mode: 0644 + + - name: "(ubuntu-x11vnc-2204-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service" + template: + src: lib/systemd/system/x11vnc-gdm3.service.j2 + dest: /lib/systemd/system/x11vnc.service + + - name: "(ubuntu-x11vnc-2204-amd64.yml) Enable service" + systemd: + name: x11vnc.service + daemon_reload: yes + enabled: yes + state: restarted + +# - name: "(ubuntu-x11vnc-2204-amd64.yml) Remove whisker menu entry for allusers (except owner and group)" +# file: +# path: "/usr/share/applications/x11vnc.desktop" +# mode: 0750 +# owner: root +# group: root +