Initial commit

.gitignore

@@ -0,0 +1 @@
+*.swp

NIS_the_vault.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+echoerr() { echo "$@" 1>&2; }
+
+PWFILE="$HOME/.private/ansible/ansible-NIS-vault-passphrase"
+
+if test ! -f "$PWFILE"
+then
+  echoerr "File doesn't exist!"
+  exit 1
+fi
+
+perm=$(/bin/ls -l "$PWFILE" | awk '{print $1}')
+owner=$(/bin/ls -l "$PWFILE" | awk '{print $3}')
+group=$(/bin/ls -l "$PWFILE" | awk '{print $4}')
+#not everyone is using debian based foo. get primary group of user and test file group permission against it
+pgroup=$(id -gn)
+
+if [[ "$perm" != "-rw-------" ]] && [[ "$perm" != "-r--------" ]]
+then
+  echoerr "Wrong permissions!"
+  exit 1
+fi
+
+if test "$USER" != "$owner"
+then
+  echoerr "Wrong owner!"
+  exit 1
+fi
+
+if test "$pgroup" != "$group"
+then
+  echoerr "Wrong group!"
+  exit 1
+fi
+
+cat "$PWFILE"
+exit 0

README.create_vault_string

@@ -0,0 +1,12 @@
+
+# Create entcypted string
+#
+#    ansible-vault encrypt_string '<string-to-encrypt>' --name 'password'
+#
+$ ansible-vault encrypt_string 'test100' --name 'password'
+password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          33663235396237373338323536643030393235323266656333323934663431323531316638383962
+          3536333065363364653561366464393262663832376339630a353236316431636338373034343566
+          31373136613434636562353237653230633162613531313466366437663730633931346131396531
+          3632653737643363350a306435656633343132366461346262623131323337633663363135313563

ansible.cfg

@@ -0,0 +1,41 @@
+# config file for ansible -- http://ansible.com/
+# ==============================================
+# exmaple:https://raw.github.com/ansible/ansible/devel/examples/ansible.cfg
+#
+# nearly all parameters can be overridden in ansible-playbook
+# or with command line flags. ansible will read ANSIBLE_CONFIG,
+# ansible.cfg in the current working directory, .ansible.cfg in
+# the home directory or /etc/ansible/ansible.cfg, whichever it
+# finds first
+
+
+[defaults]
+ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+#gathering = smart
+#fact_caching = jsonfile
+#fact_caching_connection = ~/.cache/
+#fact_caching_timeout = 86400
+#forks = 20
+inventory = ./hosts
+#remote_user = lokaladmin
+remote_user = root
+#ask_pass=True
+roles_path = ./roles
+vault_password_file = NIS_the_vault.sh
+#retry_files_enabled = False
+#allow_world_readable_tmpfiles = True
+interpreter_python: auto
+#interpreter_python: /usr/bin/python3
+
+[privilege_escalation]
+become=False
+#become=True
+#become_method=sudo
+#become_ask_pass=True
+
+[ssh_connection]
+
+# By default, this option is disabled to preserve compatibility with
+# sudoers configurations that have requiretty (the default on many distros).
+#
+#pipelining = True

ansible_dependencies-bullseye.yml

@@ -0,0 +1,20 @@
+---
+
+# Intended to be run once for every new server to secure the ssh connection allowing the team access
+# with their public keys. This script will lock itself out from every server it is run on.
+# Further playbooks are intended to be run by logging in as one of the created users.
+# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
+# the time of this writing.
+
+# The used login data depends on the used server provider. In most cases the ansible_user will be
+# root, but we can't safely assume anything.
+# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
+# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
+# For real providers it could look like:
+# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
+# If you don't have a ssh-key on the server and the server expects password authentication use:
+# ansible-playbook first_run.yml -i hosts -u root --ask-pass
+
+- hosts: all
+  roles:
+    - ansible_dependencies-bullseye

ansible_dependencies.yml

@@ -0,0 +1,20 @@
+---
+
+# Intended to be run once for every new server to secure the ssh connection allowing the team access
+# with their public keys. This script will lock itself out from every server it is run on.
+# Further playbooks are intended to be run by logging in as one of the created users.
+# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
+# the time of this writing.
+
+# The used login data depends on the used server provider. In most cases the ansible_user will be
+# root, but we can't safely assume anything.
+# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
+# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
+# For real providers it could look like:
+# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
+# If you don't have a ssh-key on the server and the server expects password authentication use:
+# ansible-playbook first_run.yml -i hosts -u root --ask-pass
+
+- hosts: all
+  roles:
+    - ansible_dependencies

ansible_user.yml

@@ -0,0 +1,20 @@
+---
+
+# Intended to be run once for every new server to secure the ssh connection allowing the team access
+# with their public keys. This script will lock itself out from every server it is run on.
+# Further playbooks are intended to be run by logging in as one of the created users.
+# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
+# the time of this writing.
+
+# The used login data depends on the used server provider. In most cases the ansible_user will be
+# root, but we can't safely assume anything.
+# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
+# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
+# For real providers it could look like:
+# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
+# If you don't have a ssh-key on the server and the server expects password authentication use:
+# ansible-playbook first_run.yml -i hosts -u root --ask-pass
+
+- hosts: all
+  roles:
+    - ansible_user

common.yml

@@ -0,0 +1,20 @@
+---
+
+# Intended to be run once for every new server to secure the ssh connection allowing the team access
+# with their public keys. This script will lock itself out from every server it is run on.
+# Further playbooks are intended to be run by logging in as one of the created users.
+# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
+# the time of this writing.
+
+# The used login data depends on the used server provider. In most cases the ansible_user will be
+# root, but we can't safely assume anything.
+# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
+# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
+# For real providers it could look like:
+# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
+# If you don't have a ssh-key on the server and the server expects password authentication use:
+# ansible-playbook first_run.yml -i hosts -u root --ask-pass
+
+- hosts: all
+  roles:
+    - common

files/homedirs/DEFAULT/.vim/.netrwhist

@@ -0,0 +1,11 @@
+let g:netrw_dirhistmax  =10
+let g:netrw_dirhist_cnt =9
+let g:netrw_dirhist_1='/home/chris/devel/git/git.oopen.de/script/bash/snippets'
+let g:netrw_dirhist_2='/home/chris/O.OPEN/Kunden/Anwaltsbuero-Kottbusser_Damm/carsten/ThinkPad_L380'
+let g:netrw_dirhist_3='/home/chris/devel/git/git.oopen.de/ansible/mbr-bln/group_vars/all'
+let g:netrw_dirhist_4='/home/chris/O.OPEN/Kunden/Gemeinschaft Altenschlirf/Intranet/VPN/VPN-GA-NH-chris'
+let g:netrw_dirhist_5='/home/chris/devel/git/git.oopen.de/firewall/ipt-server'
+let g:netrw_dirhist_6='/home/chris/devel/git/git.oopen.de/firewall/ipt-server/conf'
+let g:netrw_dirhist_7='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/group_vars'
+let g:netrw_dirhist_8='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies'
+let g:netrw_dirhist_9='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies/tasks'

files/homedirs/DEFAULT/.vim/colors/afterglow.vim

@@ -0,0 +1,547 @@
+" File: afterglow.vim
+" Author: Danilo Augusto <daniloaugusto.ita16@gmail.com>
+" Date: 2017-02-27
+" Vim color file - Afterglow (monokai version)
+"
+" Hex color conversion functions borrowed from the theme 'Desert256'
+
+set background=dark
+if version > 580
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+
+let g:colors_name = "afterglow"
+
+" Default GUI Colours
+let s:foreground = "d6d6d6"
+let s:background = "1a1a1a"
+let s:selection = "5a647e"
+let s:line = "393939"
+let s:comment = "797979"
+let s:red = "ac4142"
+let s:orange = "e87d3e"
+let s:yellow = "e5b567"
+let s:green = "b4c973"
+let s:blue = "6c99bb"
+let s:wine = "b05279"
+let s:purple = "9e86c8"
+let s:window = "4d5057"
+
+if has("gui_running") || &t_Co == 88 || &t_Co == 256
+    " Returns an approximate grey index for the given grey level
+    fun <SID>grey_number(x)
+        if &t_Co == 88
+            if a:x < 23
+                return 0
+            elseif a:x < 69
+                return 1
+            elseif a:x < 103
+                return 2
+            elseif a:x < 127
+                return 3
+            elseif a:x < 150
+                return 4
+            elseif a:x < 173
+                return 5
+            elseif a:x < 196
+                return 6
+            elseif a:x < 219
+                return 7
+            elseif a:x < 243
+                return 8
+            else
+                return 9
+            endif
+        else
+            if a:x < 14
+                return 0
+            else
+                let l:n = (a:x - 8) / 10
+                let l:m = (a:x - 8) % 10
+                if l:m < 5
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual grey level represented by the grey index
+    fun <SID>grey_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 46
+            elseif a:n == 2
+                return 92
+            elseif a:n == 3
+                return 115
+            elseif a:n == 4
+                return 139
+            elseif a:n == 5
+                return 162
+            elseif a:n == 6
+                return 185
+            elseif a:n == 7
+                return 208
+            elseif a:n == 8
+                return 231
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 8 + (a:n * 10)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given grey index
+    fun <SID>grey_colour(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 16
+            elseif a:n == 9
+                return 79
+            else
+                return 79 + a:n
+            endif
+        else
+            if a:n == 0
+                return 16
+            elseif a:n == 25
+                return 231
+            else
+                return 231 + a:n
+            endif
+        endif
+    endfun
+
+    " Returns an approximate colour index for the given colour level
+    fun <SID>rgb_number(x)
+        if &t_Co == 88
+            if a:x < 69
+                return 0
+            elseif a:x < 172
+                return 1
+            elseif a:x < 230
+                return 2
+            else
+                return 3
+            endif
+        else
+            if a:x < 75
+                return 0
+            else
+                let l:n = (a:x - 55) / 40
+                let l:m = (a:x - 55) % 40
+                if l:m < 20
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual colour level for the given colour index
+    fun <SID>rgb_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 139
+            elseif a:n == 2
+                return 205
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 55 + (a:n * 40)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given R/G/B colour indices
+    fun <SID>rgb_colour(x, y, z)
+        if &t_Co == 88
+            return 16 + (a:x * 16) + (a:y * 4) + a:z
+        else
+            return 16 + (a:x * 36) + (a:y * 6) + a:z
+        endif
+    endfun
+
+    " Returns the palette index to approximate the given R/G/B colour levels
+    fun <SID>colour(r, g, b)
+        " Get the closest grey
+        let l:gx = <SID>grey_number(a:r)
+        let l:gy = <SID>grey_number(a:g)
+        let l:gz = <SID>grey_number(a:b)
+
+        " Get the closest colour
+        let l:x = <SID>rgb_number(a:r)
+        let l:y = <SID>rgb_number(a:g)
+        let l:z = <SID>rgb_number(a:b)
+
+        if l:gx == l:gy && l:gy == l:gz
+            " There are two possibilities
+            let l:dgr = <SID>grey_level(l:gx) - a:r
+            let l:dgg = <SID>grey_level(l:gy) - a:g
+            let l:dgb = <SID>grey_level(l:gz) - a:b
+            let l:dgrey = (l:dgr * l:dgr) + (l:dgg * l:dgg) + (l:dgb * l:dgb)
+            let l:dr = <SID>rgb_level(l:gx) - a:r
+            let l:dg = <SID>rgb_level(l:gy) - a:g
+            let l:db = <SID>rgb_level(l:gz) - a:b
+            let l:drgb = (l:dr * l:dr) + (l:dg * l:dg) + (l:db * l:db)
+            if l:dgrey < l:drgb
+                " Use the grey
+                return <SID>grey_colour(l:gx)
+            else
+                " Use the colour
+                return <SID>rgb_colour(l:x, l:y, l:z)
+            endif
+        else
+            " Only one possibility
+            return <SID>rgb_colour(l:x, l:y, l:z)
+        endif
+    endfun
+
+    " Returns the palette index to approximate the 'rrggbb' hex string
+    fun <SID>rgb(rgb)
+        let l:r = ("0x" . strpart(a:rgb, 0, 2)) + 0
+        let l:g = ("0x" . strpart(a:rgb, 2, 2)) + 0
+        let l:b = ("0x" . strpart(a:rgb, 4, 2)) + 0
+
+        return <SID>colour(l:r, l:g, l:b)
+    endfun
+
+    " Sets the highlighting for the given group
+    fun <SID>X(group, fg, bg, attr)
+        if a:fg != ""
+            exec "hi " . a:group . " guifg=#" . a:fg . " ctermfg=" . <SID>rgb(a:fg)
+        endif
+        if a:bg != ""
+            exec "hi " . a:group . " guibg=#" . a:bg . " ctermbg=" . <SID>rgb(a:bg)
+        endif
+        if a:attr != ""
+            exec "hi " . a:group . " gui=" . a:attr . " cterm=" . a:attr
+        endif
+    endfun
+
+    " Vim Highlighting
+    call <SID>X("Normal", s:foreground, s:background, "")
+    call <SID>X("LineNr", s:comment, "", "")
+    call <SID>X("NonText", s:selection, "", "")
+    call <SID>X("SpecialKey", s:selection, "", "")
+    call <SID>X("Search", s:background, s:yellow, "")
+    call <SID>X("TabLine", s:window, s:foreground, "reverse")
+    call <SID>X("TabLineFill", s:window, s:foreground, "reverse")
+    call <SID>X("StatusLine", s:window, s:yellow, "reverse")
+    call <SID>X("StatusLineNC", s:window, s:foreground, "reverse")
+    call <SID>X("VertSplit", s:window, s:window, "none")
+    call <SID>X("Visual", "", s:selection, "")
+    call <SID>X("Directory", s:blue, "", "")
+    call <SID>X("ModeMsg", s:green, "", "")
+    call <SID>X("MoreMsg", s:green, "", "")
+    call <SID>X("Question", s:green, "", "")
+    call <SID>X("WarningMsg", s:orange, "", "bold")
+    call <SID>X("MatchParen", "", s:selection, "")
+    call <SID>X("Folded", s:comment, s:background, "")
+    call <SID>X("FoldColumn", "", s:background, "")
+    if version >= 700
+        call <SID>X("CursorLine", "", s:line, "none")
+        call <SID>X("CursorLineNR", s:orange, "", "none")
+        call <SID>X("CursorColumn", "", s:line, "none")
+        call <SID>X("PMenu", s:foreground, s:selection, "none")
+        call <SID>X("PMenuSel", s:foreground, s:selection, "reverse")
+        call <SID>X("SignColumn", "", s:background, "none")
+    end
+    if version >= 703
+        call <SID>X("ColorColumn", "", s:line, "none")
+    end
+
+    " Standard Highlighting
+    call <SID>X("Comment", s:comment, "", "")
+    call <SID>X("Todo", s:red, s:background, "bold")
+    call <SID>X("Title", s:comment, "", "bold")
+    call <SID>X("Identifier", s:orange, "", "")
+    call <SID>X("Statement", s:wine, "", "")
+    call <SID>X("Conditional", s:wine, "", "")
+    call <SID>X("Repeat", s:wine, "", "")
+    call <SID>X("Structure", s:wine, "", "")
+    call <SID>X("Function", s:orange, "", "")
+    call <SID>X("Constant", s:purple, "", "")
+    call <SID>X("Keyword", s:orange, "", "")
+    call <SID>X("String", s:yellow, "", "")
+    call <SID>X("Special", s:blue, "", "")
+    call <SID>X("PreProc", s:green, "", "")
+    call <SID>X("Operator", s:purple, "", "")
+    call <SID>X("Type", s:blue, "", "")
+    call <SID>X("Define", s:wine, "", "")
+    call <SID>X("Include", s:wine, "", "")
+    call <SID>X("Tag", s:orange, "", "bold")
+    call <SID>X("Underlined", s:orange, "", "underline")
+
+    syntax match commonOperator "\(+\|=\|-\|*\|\^\|\/\||\)"
+    hi link commonOperator Operator
+
+    " Vim Highlighting
+    call <SID>X("vimCommand", s:wine, "", "none")
+
+    " C Highlighting
+    call <SID>X("cType", s:wine, "", "")
+    call <SID>X("cStorageClass", s:orange, "", "")
+    call <SID>X("cConditional", s:wine, "", "")
+    call <SID>X("cRepeat", s:wine, "", "")
+
+    " PHP Highlighting
+    call <SID>X("phpVarSelector", s:wine, "", "")
+    call <SID>X("phpKeyword", s:wine, "", "")
+    call <SID>X("phpRepeat", s:wine, "", "")
+    call <SID>X("phpConditional", s:wine, "", "")
+    call <SID>X("phpStatement", s:wine, "", "")
+    call <SID>X("phpMemberSelector", s:foreground, "", "")
+
+    " Ruby Highlighting
+    call <SID>X("rubySymbol", s:blue, "", "")
+    call <SID>X("rubyConstant", s:green, "", "")
+    call <SID>X("rubyAccess", s:yellow, "", "")
+    call <SID>X("rubyAttribute", s:blue, "", "")
+    call <SID>X("rubyInclude", s:blue, "", "")
+    call <SID>X("rubyLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("rubyCurlyBlock", s:orange, "", "")
+    call <SID>X("rubyStringDelimiter", s:yellow, "", "")
+    call <SID>X("rubyInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("rubyConditional", s:wine, "", "")
+    call <SID>X("rubyRepeat", s:wine, "", "")
+    call <SID>X("rubyControl", s:wine, "", "")
+    call <SID>X("rubyException", s:wine, "", "")
+
+    " Crystal Highlighting
+    call <SID>X("crystalSymbol", s:green, "", "")
+    call <SID>X("crystalConstant", s:yellow, "", "")
+    call <SID>X("crystalAccess", s:yellow, "", "")
+    call <SID>X("crystalAttribute", s:blue, "", "")
+    call <SID>X("crystalInclude", s:blue, "", "")
+    call <SID>X("crystalLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("crystalCurlyBlock", s:orange, "", "")
+    call <SID>X("crystalStringDelimiter", s:green, "", "")
+    call <SID>X("crystalInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("crystalConditional", s:wine, "", "")
+    call <SID>X("crystalRepeat", s:wine, "", "")
+    call <SID>X("crystalControl", s:wine, "", "")
+    call <SID>X("crystalException", s:wine, "", "")
+
+    " Python Highlighting
+    call <SID>X("pythonInclude", s:green, "", "italic")
+    call <SID>X("pythonStatement", s:blue, "", "")
+    call <SID>X("pythonConditional", s:wine, "", "")
+    call <SID>X("pythonRepeat", s:wine, "", "")
+    call <SID>X("pythonException", s:wine, "", "")
+    call <SID>X("pythonFunction", s:green, "", "italic")
+    call <SID>X("pythonPreCondit", s:wine, "", "")
+    call <SID>X("pythonExClass", s:orange, "", "")
+    call <SID>X("pythonBuiltin", s:blue, "", "")
+    call <SID>X("pythonOperator", s:wine, "", "")
+    call <SID>X("pythonNumber", s:purple, "", "")
+    call <SID>X("pythonString", s:yellow, "", "")
+    call <SID>X("pythonRawString", s:yellow, "", "")
+    call <SID>X("pythonDecorator", s:wine, "", "")
+    call <SID>X("pythonDoctest", s:yellow, "", "")
+    call <SID>X("pythonImportFunction", s:orange, "", "")
+    call <SID>X("pythonImportModule", s:orange, "", "")
+    call <SID>X("pythonImportObject", s:orange, "", "")
+    call <SID>X("pythonImportedClassDef", s:orange, "", "")
+    call <SID>X("pythonImportedFuncDef", s:orange, "", "")
+    call <SID>X("pythonImportedModule", s:orange, "", "")
+    call <SID>X("pythonImportedObject", s:orange, "", "")
+
+    " JavaScript Highlighting
+    call <SID>X("javaScriptEndColons", s:foreground, "", "")
+    call <SID>X("javaScriptOpSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptLogicSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptBraces", s:foreground, "", "")
+    call <SID>X("javaScriptParens", s:foreground, "", "")
+    call <SID>X("javaScriptFunction", s:green, "", "")
+    call <SID>X("javaScriptComment", s:comment, "", "")
+    call <SID>X("javaScriptLineComment", s:comment, "", "")
+    call <SID>X("javaScriptDocComment", s:comment, "", "")
+    call <SID>X("javaScriptCommentTodo", s:red, "", "")
+    call <SID>X("javaScriptString", s:yellow, "", "")
+    call <SID>X("javaScriptRegexpString", s:yellow, "", "")
+    call <SID>X("javaScriptTemplateString", s:yellow, "", "")
+    call <SID>X("javaScriptNumber", s:purple, "", "")
+    call <SID>X("javaScriptFloat", s:purple, "", "")
+    call <SID>X("javaScriptGlobal", s:purple, "", "")
+    call <SID>X("javaScriptCharacter", s:blue, "", "")
+    call <SID>X("javaScriptPrototype", s:blue, "", "")
+    call <SID>X("javaScriptConditional", s:blue, "", "")
+    call <SID>X("javaScriptBranch", s:blue, "", "")
+    call <SID>X("javaScriptIdentifier", s:orange, "", "")
+    call <SID>X("javaScriptRepeat", s:blue, "", "")
+    call <SID>X("javaScriptStatement", s:blue, "", "")
+    call <SID>X("javaScriptMessage", s:blue, "", "")
+    call <SID>X("javaScriptReserved", s:blue, "", "")
+    call <SID>X("javaScriptOperator", s:blue, "", "")
+    call <SID>X("javaScriptNull", s:purple, "", "")
+    call <SID>X("javaScriptBoolean", s:purple, "", "")
+    call <SID>X("javaScriptLabel", s:blue, "", "")
+    call <SID>X("javaScriptSpecial", s:blue, "", "")
+    call <SID>X("javaScriptExceptions", s:red, "", "")
+    call <SID>X("javaScriptDeprecated", s:red, "", "")
+    call <SID>X("javaScriptError", s:red, "", "")
+
+    " LaTeX
+    call <SID>X("texStatement",s:blue, "", "")
+    call <SID>X("texMath", s:wine, "", "none")
+    call <SID>X("texMathMacher", s:yellow, "", "none")
+    call <SID>X("texRefLabel", s:wine, "", "none")
+    call <SID>X("texRefZone", s:blue, "", "none")
+    call <SID>X("texComment", s:comment, "", "none")
+    call <SID>X("texDelimiter", s:purple, "", "none")
+    call <SID>X("texMathZoneX", s:purple, "", "none")
+
+    " CoffeeScript Highlighting
+    call <SID>X("coffeeRepeat", s:wine, "", "")
+    call <SID>X("coffeeConditional", s:wine, "", "")
+    call <SID>X("coffeeKeyword", s:wine, "", "")
+    call <SID>X("coffeeObject", s:yellow, "", "")
+
+    " HTML Highlighting
+    call <SID>X("htmlTag", s:blue, "", "")
+    call <SID>X("htmlEndTag", s:blue, "", "")
+    call <SID>X("htmlTagName", s:wine, "", "bold")
+    call <SID>X("htmlArg", s:green, "", "italic")
+    call <SID>X("htmlScriptTag", s:wine, "", "")
+
+    " Diff Highlighting
+    call <SID>X("diffAdd", "", "4c4e39", "")
+    call <SID>X("diffDelete", s:background, s:red, "")
+    call <SID>X("diffChange", "", "2B5B77", "")
+    call <SID>X("diffText", s:line, s:blue, "")
+
+    " ShowMarks Highlighting
+    call <SID>X("ShowMarksHLl", s:orange, s:background, "none")
+    call <SID>X("ShowMarksHLo", s:wine, s:background, "none")
+    call <SID>X("ShowMarksHLu", s:yellow, s:background, "none")
+    call <SID>X("ShowMarksHLm", s:wine, s:background, "none")
+
+    " Lua Highlighting
+    call <SID>X("luaStatement", s:wine, "", "")
+    call <SID>X("luaRepeat", s:wine, "", "")
+    call <SID>X("luaCondStart", s:wine, "", "")
+    call <SID>X("luaCondElseif", s:wine, "", "")
+    call <SID>X("luaCond", s:wine, "", "")
+    call <SID>X("luaCondEnd", s:wine, "", "")
+
+    " Cucumber Highlighting
+    call <SID>X("cucumberGiven", s:blue, "", "")
+    call <SID>X("cucumberGivenAnd", s:blue, "", "")
+
+    " Go Highlighting
+    call <SID>X("goDirective", s:wine, "", "")
+    call <SID>X("goDeclaration", s:wine, "", "")
+    call <SID>X("goStatement", s:wine, "", "")
+    call <SID>X("goConditional", s:wine, "", "")
+    call <SID>X("goConstants", s:orange, "", "")
+    call <SID>X("goTodo", s:red, "", "")
+    call <SID>X("goDeclType", s:blue, "", "")
+    call <SID>X("goBuiltins", s:wine, "", "")
+    call <SID>X("goRepeat", s:wine, "", "")
+    call <SID>X("goLabel", s:wine, "", "")
+
+    " Clojure Highlighting
+    call <SID>X("clojureConstant", s:orange, "", "")
+    call <SID>X("clojureBoolean", s:orange, "", "")
+    call <SID>X("clojureCharacter", s:orange, "", "")
+    call <SID>X("clojureKeyword", s:green, "", "")
+    call <SID>X("clojureNumber", s:orange, "", "")
+    call <SID>X("clojureString", s:green, "", "")
+    call <SID>X("clojureRegexp", s:green, "", "")
+    call <SID>X("clojureParen", s:wine, "", "")
+    call <SID>X("clojureVariable", s:yellow, "", "")
+    call <SID>X("clojureCond", s:blue, "", "")
+    call <SID>X("clojureDefine", s:wine, "", "")
+    call <SID>X("clojureException", s:red, "", "")
+    call <SID>X("clojureFunc", s:blue, "", "")
+    call <SID>X("clojureMacro", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureSpecial", s:wine, "", "")
+    call <SID>X("clojureQuote", s:blue, "", "")
+    call <SID>X("clojureUnquote", s:blue, "", "")
+    call <SID>X("clojureMeta", s:blue, "", "")
+    call <SID>X("clojureDeref", s:blue, "", "")
+    call <SID>X("clojureAnonArg", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureDispatch", s:blue, "", "")
+
+    " Scala Highlighting
+    call <SID>X("scalaKeyword", s:wine, "", "")
+    call <SID>X("scalaKeywordModifier", s:wine, "", "")
+    call <SID>X("scalaOperator", s:blue, "", "")
+    call <SID>X("scalaPackage", s:wine, "", "")
+    call <SID>X("scalaFqn", s:foreground, "", "")
+    call <SID>X("scalaFqnSet", s:foreground, "", "")
+    call <SID>X("scalaImport", s:wine, "", "")
+    call <SID>X("scalaBoolean", s:orange, "", "")
+    call <SID>X("scalaDef", s:wine, "", "")
+    call <SID>X("scalaVal", s:wine, "", "")
+    call <SID>X("scalaVar", s:wine, "", "")
+    call <SID>X("scalaClass", s:wine, "", "")
+    call <SID>X("scalaObject", s:wine, "", "")
+    call <SID>X("scalaTrait", s:wine, "", "")
+    call <SID>X("scalaDefName", s:blue, "", "")
+    call <SID>X("scalaValName", s:foreground, "", "")
+    call <SID>X("scalaVarName", s:foreground, "", "")
+    call <SID>X("scalaClassName", s:foreground, "", "")
+    call <SID>X("scalaType", s:yellow, "", "")
+    call <SID>X("scalaTypeSpecializer", s:yellow, "", "")
+    call <SID>X("scalaAnnotation", s:orange, "", "")
+    call <SID>X("scalaNumber", s:orange, "", "")
+    call <SID>X("scalaDefSpecializer", s:yellow, "", "")
+    call <SID>X("scalaClassSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:green, "", "")
+    call <SID>X("scalaRoot", s:foreground, "", "")
+    call <SID>X("scalaMethodCall", s:blue, "", "")
+    call <SID>X("scalaCaseType", s:yellow, "", "")
+    call <SID>X("scalaLineComment", s:comment, "", "")
+    call <SID>X("scalaComment", s:comment, "", "")
+    call <SID>X("scalaDocComment", s:comment, "", "")
+    call <SID>X("scalaDocTags", s:comment, "", "")
+    call <SID>X("scalaEmptyString", s:green, "", "")
+    call <SID>X("scalaMultiLineString", s:green, "", "")
+    call <SID>X("scalaUnicode", s:orange, "", "")
+    call <SID>X("scalaString", s:green, "", "")
+    call <SID>X("scalaStringEscape", s:green, "", "")
+    call <SID>X("scalaSymbol", s:orange, "", "")
+    call <SID>X("scalaChar", s:orange, "", "")
+    call <SID>X("scalaXml", s:green, "", "")
+    call <SID>X("scalaConstructorSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:blue, "", "")
+
+    " Git
+    call <SID>X("diffAdded", s:green, "", "")
+    call <SID>X("diffRemoved", s:red, "", "")
+    call <SID>X("gitcommitSummary", "", "", "bold")
+
+    " Delete Functions
+    delf <SID>X
+    delf <SID>rgb
+    delf <SID>colour
+    delf <SID>rgb_colour
+    delf <SID>rgb_level
+    delf <SID>rgb_number
+    delf <SID>grey_colour
+    delf <SID>grey_level
+    delf <SID>grey_number
+endif

files/homedirs/DEFAULT/.vim/colors/ayu.vim

@@ -0,0 +1,268 @@
+" Initialisation:"{{{
+" ----------------------------------------------------------------------------
+hi clear
+if exists("syntax_on")
+  syntax reset
+endif
+
+let s:style = get(g:, 'ayucolor', 'dark')
+let g:colors_name = "ayu"
+"}}}
+
+" Palettes:"{{{
+" ----------------------------------------------------------------------------
+
+let s:palette = {}
+
+let s:palette.bg        = {'dark': "#0F1419",  'light': "#FAFAFA",  'mirage': "#212733"}
+
+let s:palette.comment   = {'dark': "#5C6773",  'light': "#ABB0B6",  'mirage': "#5C6773"}
+let s:palette.markup    = {'dark': "#F07178",  'light': "#F07178",  'mirage': "#F07178"}
+let s:palette.constant  = {'dark': "#FFEE99",  'light': "#A37ACC",  'mirage': "#D4BFFF"}
+let s:palette.operator  = {'dark': "#E7C547",  'light': "#E7C547",  'mirage': "#80D4FF"}
+let s:palette.tag       = {'dark': "#36A3D9",  'light': "#36A3D9",  'mirage': "#5CCFE6"}
+let s:palette.regexp    = {'dark': "#95E6CB",  'light': "#4CBF99",  'mirage': "#95E6CB"}
+let s:palette.string    = {'dark': "#B8CC52",  'light': "#86B300",  'mirage': "#BBE67E"}
+let s:palette.function  = {'dark': "#FFB454",  'light': "#F29718",  'mirage': "#FFD57F"}
+let s:palette.special   = {'dark': "#E6B673",  'light': "#E6B673",  'mirage': "#FFC44C"}
+let s:palette.keyword   = {'dark': "#FF7733",  'light': "#FF7733",  'mirage': "#FFAE57"}
+
+let s:palette.error     = {'dark': "#FF3333",  'light': "#FF3333",  'mirage': "#FF3333"}
+let s:palette.accent    = {'dark': "#F29718",  'light': "#FF6A00",  'mirage': "#FFCC66"}
+let s:palette.panel     = {'dark': "#14191F",  'light': "#FFFFFF",  'mirage': "#272D38"}
+let s:palette.guide     = {'dark': "#2D3640",  'light': "#D9D8D7",  'mirage': "#3D4751"}
+let s:palette.line      = {'dark': "#151A1E",  'light': "#F3F3F3",  'mirage': "#242B38"}
+let s:palette.selection = {'dark': "#253340",  'light': "#F0EEE4",  'mirage': "#343F4C"}
+let s:palette.fg        = {'dark': "#E6E1CF",  'light': "#5C6773",  'mirage': "#D9D7CE"}
+let s:palette.fg_idle   = {'dark': "#3E4B59",  'light': "#828C99",  'mirage': "#607080"}
+
+"}}}
+
+" Highlighting Primitives:"{{{
+" ----------------------------------------------------------------------------
+
+function! s:build_prim(hi_elem, field)
+  let l:vname = "s:" . a:hi_elem . "_" . a:field " s:bg_gray
+  let l:gui_assign = "gui".a:hi_elem."=".s:palette[a:field][s:style] " guibg=...
+  exe "let " . l:vname . " = ' " . l:gui_assign . "'"
+endfunction
+
+let s:bg_none = ' guibg=NONE ctermbg=NONE'
+let s:fg_none = ' guifg=NONE ctermfg=NONE'
+for [key_name, d_value] in items(s:palette)
+  call s:build_prim('bg', key_name)
+  call s:build_prim('fg', key_name)
+endfor
+" }}}
+
+" Formatting Options:"{{{
+" ----------------------------------------------------------------------------
+let s:none   = "NONE"
+let s:t_none = "NONE"
+let s:n      = "NONE"
+let s:c      = ",undercurl"
+let s:r      = ",reverse"
+let s:s      = ",standout"
+let s:b      = ",bold"
+let s:u      = ",underline"
+let s:i      = ",italic"
+
+exe "let s:fmt_none = ' gui=NONE".          " cterm=NONE".          " term=NONE"        ."'"
+exe "let s:fmt_bold = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_bldi = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_undr = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_undb = ' gui=NONE".s:u.s:b.  " cterm=NONE".s:u.s:b.  " term=NONE".s:u.s:b."'"
+exe "let s:fmt_undi = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_curl = ' gui=NONE".s:c.      " cterm=NONE".s:c.      " term=NONE".s:c    ."'"
+exe "let s:fmt_ital = ' gui=NONE".s:i.      " cterm=NONE".s:i.      " term=NONE".s:i    ."'"
+exe "let s:fmt_stnd = ' gui=NONE".s:s.      " cterm=NONE".s:s.      " term=NONE".s:s    ."'"
+exe "let s:fmt_revr = ' gui=NONE".s:r.      " cterm=NONE".s:r.      " term=NONE".s:r    ."'"
+exe "let s:fmt_revb = ' gui=NONE".s:r.s:b.  " cterm=NONE".s:r.s:b.  " term=NONE".s:r.s:b."'"
+"}}}
+
+
+" Vim Highlighting: (see :help highlight-groups)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Normal"        .s:fg_fg          .s:bg_bg          .s:fmt_none
+exe "hi! ColorColumn"   .s:fg_none        .s:bg_line        .s:fmt_none
+" Conceal, Cursor, CursorIM
+exe "hi! CursorColumn"  .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLine"    .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLineNr"  .s:fg_accent      .s:bg_line        .s:fmt_none
+exe "hi! LineNr"        .s:fg_guide       .s:bg_none        .s:fmt_none
+
+exe "hi! Directory"     .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! DiffAdd"       .s:fg_string      .s:bg_panel       .s:fmt_none
+exe "hi! DiffChange"    .s:fg_tag         .s:bg_panel       .s:fmt_none
+exe "hi! DiffText"      .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! ErrorMsg"      .s:fg_fg          .s:bg_error       .s:fmt_stnd
+exe "hi! VertSplit"     .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Folded"        .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! FoldColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+exe "hi! SignColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+"   Incsearch"
+
+exe "hi! MatchParen"    .s:fg_fg          .s:bg_bg          .s:fmt_undr
+exe "hi! ModeMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! MoreMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! NonText"       .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Pmenu"         .s:fg_fg          .s:bg_selection   .s:fmt_none
+exe "hi! PmenuSel"      .s:fg_fg          .s:bg_selection   .s:fmt_revr
+"   PmenuSbar"
+"   PmenuThumb"
+exe "hi! Question"      .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! Search"        .s:fg_bg          .s:bg_constant    .s:fmt_none
+exe "hi! SpecialKey"    .s:fg_selection   .s:bg_none        .s:fmt_none
+exe "hi! SpellCap"      .s:fg_tag         .s:bg_none        .s:fmt_undr
+exe "hi! SpellLocal"    .s:fg_keyword     .s:bg_none        .s:fmt_undr
+exe "hi! SpellBad"      .s:fg_error       .s:bg_none        .s:fmt_undr
+exe "hi! SpellRare"     .s:fg_regexp      .s:bg_none        .s:fmt_undr
+exe "hi! StatusLine"    .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! StatusLineNC"  .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! WildMenu"      .s:fg_bg          .s:bg_markup      .s:fmt_none
+exe "hi! TabLine"       .s:fg_fg          .s:bg_panel       .s:fmt_revr
+"   TabLineFill"
+"   TabLineSel"
+exe "hi! Title"         .s:fg_keyword     .s:bg_none        .s:fmt_none
+exe "hi! Visual"        .s:fg_none        .s:bg_selection   .s:fmt_none
+"   VisualNos"
+exe "hi! WarningMsg"    .s:fg_error       .s:bg_none        .s:fmt_none
+
+" TODO LongLineWarning to use variables instead of hardcoding
+hi LongLineWarning  guifg=NONE        guibg=#371F1C     gui=underline ctermfg=NONE        ctermbg=NONE        cterm=underline
+"   WildMenu"
+
+"}}}
+
+" Generic Syntax Highlighting: (see :help group-name)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Comment"         .s:fg_comment   .s:bg_none        .s:fmt_none
+
+exe "hi! Constant"        .s:fg_constant  .s:bg_none        .s:fmt_none
+exe "hi! String"          .s:fg_string    .s:bg_none        .s:fmt_none
+"   Character"
+"   Number"
+"   Boolean"
+"   Float"
+
+exe "hi! Identifier"      .s:fg_tag       .s:bg_none        .s:fmt_none
+exe "hi! Function"        .s:fg_function  .s:bg_none        .s:fmt_none
+
+exe "hi! Statement"       .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   Conditional"
+"   Repeat"
+"   Label"
+exe "hi! Operator"        .s:fg_operator  .s:bg_none        .s:fmt_none
+"   Keyword"
+"   Exception"
+
+exe "hi! PreProc"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   Include"
+"   Define"
+"   Macro"
+"   PreCondit"
+
+exe "hi! Type"            .s:fg_tag       .s:bg_none        .s:fmt_none
+"   StorageClass"
+exe "hi! Structure"       .s:fg_special   .s:bg_none        .s:fmt_none
+"   Typedef"
+
+exe "hi! Special"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   SpecialChar"
+"   Tag"
+"   Delimiter"
+"   SpecialComment"
+"   Debug"
+"
+exe "hi! Underlined"      .s:fg_tag       .s:bg_none        .s:fmt_undr
+
+exe "hi! Ignore"          .s:fg_none      .s:bg_none        .s:fmt_none
+
+exe "hi! Error"           .s:fg_fg        .s:bg_error       .s:fmt_none
+
+exe "hi! Todo"            .s:fg_markup    .s:bg_none        .s:fmt_none
+
+" Quickfix window highlighting
+exe "hi! qfLineNr"        .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   qfFileName"
+"   qfLineNr"
+"   qfError"
+
+exe "hi! Conceal"         .s:fg_guide     .s:bg_none        .s:fmt_none
+exe "hi! CursorLineConceal" .s:fg_guide   .s:bg_line        .s:fmt_none
+
+
+" Terminal in NVIM
+" ---------
+if has("nvim")
+  let g:terminal_color_0 =  s:palette.bg[s:style]
+  let g:terminal_color_1 =  s:palette.markup[s:style]
+  let g:terminal_color_2 =  s:palette.string[s:style]
+  let g:terminal_color_3 =  s:palette.accent[s:style]
+  let g:terminal_color_4 =  s:palette.tag[s:style]
+  let g:terminal_color_5 =  s:palette.constant[s:style]
+  let g:terminal_color_6 =  s:palette.regexp[s:style]
+  let g:terminal_color_7 =  "#FFFFFF"
+  let g:terminal_color_8 =  s:palette.fg_idle[s:style]
+  let g:terminal_color_9 =  s:palette.error[s:style]
+  let g:terminal_color_10 = s:palette.string[s:style]
+  let g:terminal_color_11 = s:palette.accent[s:style]
+  let g:terminal_color_12 = s:palette.tag[s:style]
+  let g:terminal_color_13 = s:palette.constant[s:style]
+  let g:terminal_color_14 = s:palette.regexp[s:style]
+  let g:terminal_color_15 = s:palette.comment[s:style]
+  let g:terminal_color_background = g:terminal_color_0
+  let g:terminal_color_foreground = s:palette.fg[s:style]
+endif
+
+
+" NerdTree
+" ---------
+exe "hi! NERDTreeOpenable"          .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeClosable"          .s:fg_accent      .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksHeader"   .s:fg_pink        .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksLeader"   .s:fg_bg          .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarkName"      .s:fg_keyword     .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeCWD"               .s:fg_pink        .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeUp"                .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDir"               .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeFile"              .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDirSlash"          .s:fg_guide      .s:bg_none        .s:fmt_none
+
+
+" GitGutter
+" ---------
+exe "hi! GitGutterAdd"          .s:fg_string     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChange"       .s:fg_tag        .s:bg_none        .s:fmt_none
+exe "hi! GitGutterDelete"       .s:fg_markup     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChangeDelete" .s:fg_function   .s:bg_none        .s:fmt_none
+
+"}}}
+
+" Diff Syntax Highlighting:"{{{
+" ----------------------------------------------------------------------------
+" Diff
+"   diffOldFile
+"   diffNewFile
+"   diffFile
+"   diffOnly
+"   diffIdentical
+"   diffDiffer
+"   diffBDiffer
+"   diffIsA
+"   diffNoEOL
+"   diffCommon
+hi! link diffRemoved Constant
+"   diffChanged
+hi! link diffAdded String
+"   diffLine
+"   diffSubname
+"   diffComment
+
+"}}}
+"
+" This is needed for some reason: {{{
+
+let &background = s:style
+
+" }}}

files/homedirs/DEFAULT/.vim/colors/molokai.vim

@@ -0,0 +1,276 @@
+" Vim color file
+"
+" Author: Tomas Restrepo <tomas@winterdom.com>
+" https://github.com/tomasr/molokai
+"
+" Note: Based on the Monokai theme for TextMate
+" by Wimer Hazenberg and its darker variant
+" by Hamish Stuart Macpherson
+"
+
+hi clear
+
+if version > 580
+    " no guarantees for version 5.8 and below, but this makes it stop
+    " complaining
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+let g:colors_name="molokai"
+
+if exists("g:molokai_original")
+    let s:molokai_original = g:molokai_original
+else
+    let s:molokai_original = 0
+endif
+
+
+hi Boolean         guifg=#AE81FF
+hi Character       guifg=#E6DB74
+hi Number          guifg=#AE81FF
+hi String          guifg=#E6DB74
+hi Conditional     guifg=#F92672               gui=bold
+hi Constant        guifg=#AE81FF               gui=bold
+hi Cursor          guifg=#000000 guibg=#F8F8F0
+hi iCursor         guifg=#000000 guibg=#F8F8F0
+hi Debug           guifg=#BCA3A3               gui=bold
+hi Define          guifg=#66D9EF
+hi Delimiter       guifg=#8F8F8F
+hi DiffAdd                       guibg=#13354A
+hi DiffChange      guifg=#89807D guibg=#4C4745
+hi DiffDelete      guifg=#960050 guibg=#1E0010
+hi DiffText                      guibg=#4C4745 gui=italic,bold
+
+hi Directory       guifg=#A6E22E               gui=bold
+hi Error           guifg=#E6DB74 guibg=#1E0010
+hi ErrorMsg        guifg=#F92672 guibg=#232526 gui=bold
+hi Exception       guifg=#A6E22E               gui=bold
+hi Float           guifg=#AE81FF
+hi FoldColumn      guifg=#465457 guibg=#000000
+hi Folded          guifg=#465457 guibg=#000000
+hi Function        guifg=#A6E22E
+hi Identifier      guifg=#FD971F
+hi Ignore          guifg=#808080 guibg=bg
+hi IncSearch       guifg=#C4BE89 guibg=#000000
+
+hi Keyword         guifg=#F92672               gui=bold
+hi Label           guifg=#E6DB74               gui=none
+hi Macro           guifg=#C4BE89               gui=italic
+hi SpecialKey      guifg=#66D9EF               gui=italic
+
+hi MatchParen      guifg=#000000 guibg=#FD971F gui=bold
+hi ModeMsg         guifg=#E6DB74
+hi MoreMsg         guifg=#E6DB74
+hi Operator        guifg=#F92672
+
+" complete menu
+hi Pmenu           guifg=#66D9EF guibg=#000000
+hi PmenuSel                      guibg=#808080
+hi PmenuSbar                     guibg=#080808
+hi PmenuThumb      guifg=#66D9EF
+
+hi PreCondit       guifg=#A6E22E               gui=bold
+hi PreProc         guifg=#A6E22E
+hi Question        guifg=#66D9EF
+hi Repeat          guifg=#F92672               gui=bold
+hi Search          guifg=#000000 guibg=#FFE792
+" marks
+hi SignColumn      guifg=#A6E22E guibg=#232526
+hi SpecialChar     guifg=#F92672               gui=bold
+hi SpecialComment  guifg=#7E8E91               gui=bold
+hi Special         guifg=#66D9EF guibg=bg      gui=italic
+if has("spell")
+    hi SpellBad    guisp=#FF0000 gui=undercurl
+    hi SpellCap    guisp=#7070F0 gui=undercurl
+    hi SpellLocal  guisp=#70F0F0 gui=undercurl
+    hi SpellRare   guisp=#FFFFFF gui=undercurl
+endif
+hi Statement       guifg=#F92672               gui=bold
+hi StatusLine      guifg=#455354 guibg=fg
+hi StatusLineNC    guifg=#808080 guibg=#080808
+hi StorageClass    guifg=#FD971F               gui=italic
+hi Structure       guifg=#66D9EF
+hi Tag             guifg=#F92672               gui=italic
+hi Title           guifg=#ef5939
+hi Todo            guifg=#FFFFFF guibg=bg      gui=bold
+
+hi Typedef         guifg=#66D9EF
+hi Type            guifg=#66D9EF               gui=none
+hi Underlined      guifg=#808080               gui=underline
+
+hi VertSplit       guifg=#808080 guibg=#080808 gui=bold
+hi VisualNOS                     guibg=#403D3D
+hi Visual                        guibg=#403D3D
+hi WarningMsg      guifg=#FFFFFF guibg=#333333 gui=bold
+hi WildMenu        guifg=#66D9EF guibg=#000000
+
+hi TabLineFill     guifg=#1B1D1E guibg=#1B1D1E
+hi TabLine         guibg=#1B1D1E guifg=#808080 gui=none
+
+if s:molokai_original == 1
+   hi Normal          guifg=#F8F8F2 guibg=#272822
+   hi Comment         guifg=#75715E
+   hi CursorLine                    guibg=#3E3D32
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#3E3D32
+   hi ColorColumn                   guibg=#3B3A32
+   hi LineNr          guifg=#BCBCBC guibg=#3B3A32
+   hi NonText         guifg=#75715E
+   hi SpecialKey      guifg=#75715E
+else
+   hi Normal          guifg=#F8F8F2 guibg=#1B1D1E
+   hi Comment         guifg=#7E8E91
+   hi CursorLine                    guibg=#293739
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#293739
+   hi ColorColumn                   guibg=#232526
+   hi LineNr          guifg=#465457 guibg=#232526
+   hi NonText         guifg=#465457
+   hi SpecialKey      guifg=#465457
+end
+
+"
+" Support for 256-color terminal
+"
+if &t_Co > 255
+   if s:molokai_original == 1
+      hi Normal                   ctermbg=234
+      hi CursorLine               ctermbg=235   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   else
+      hi Normal       ctermfg=252 ctermbg=233
+      hi CursorLine               ctermbg=234   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   endif
+   hi Boolean         ctermfg=135
+   hi Character       ctermfg=144
+   hi Number          ctermfg=135
+   hi String          ctermfg=144
+   hi Conditional     ctermfg=161               cterm=bold
+   hi Constant        ctermfg=135               cterm=bold
+   hi Cursor          ctermfg=16  ctermbg=253
+   hi Debug           ctermfg=225               cterm=bold
+   hi Define          ctermfg=81
+   hi Delimiter       ctermfg=241
+
+   hi DiffAdd                     ctermbg=24
+   hi DiffChange      ctermfg=181 ctermbg=239
+   hi DiffDelete      ctermfg=162 ctermbg=53
+   hi DiffText                    ctermbg=102 cterm=bold
+
+   hi Directory       ctermfg=118               cterm=bold
+   hi Error           ctermfg=219 ctermbg=89
+   hi ErrorMsg        ctermfg=199 ctermbg=16    cterm=bold
+   hi Exception       ctermfg=118               cterm=bold
+   hi Float           ctermfg=135
+   hi FoldColumn      ctermfg=67  ctermbg=16
+   hi Folded          ctermfg=67  ctermbg=16
+   hi Function        ctermfg=118
+   hi Identifier      ctermfg=208               cterm=none
+   hi Ignore          ctermfg=244 ctermbg=232
+   hi IncSearch       ctermfg=193 ctermbg=16
+
+   hi keyword         ctermfg=161               cterm=bold
+   hi Label           ctermfg=229               cterm=none
+   hi Macro           ctermfg=193
+   hi SpecialKey      ctermfg=81
+
+   hi MatchParen      ctermfg=233  ctermbg=208 cterm=bold
+   hi ModeMsg         ctermfg=229
+   hi MoreMsg         ctermfg=229
+   hi Operator        ctermfg=161
+
+   " complete menu
+   hi Pmenu           ctermfg=81  ctermbg=16
+   hi PmenuSel        ctermfg=255 ctermbg=242
+   hi PmenuSbar                   ctermbg=232
+   hi PmenuThumb      ctermfg=81
+
+   hi PreCondit       ctermfg=118               cterm=bold
+   hi PreProc         ctermfg=118
+   hi Question        ctermfg=81
+   hi Repeat          ctermfg=161               cterm=bold
+   hi Search          ctermfg=0   ctermbg=222   cterm=NONE
+
+   " marks column
+   hi SignColumn      ctermfg=118 ctermbg=235
+   hi SpecialChar     ctermfg=161               cterm=bold
+   hi SpecialComment  ctermfg=245               cterm=bold
+   hi Special         ctermfg=81
+   if has("spell")
+       hi SpellBad                ctermbg=52
+       hi SpellCap                ctermbg=17
+       hi SpellLocal              ctermbg=17
+       hi SpellRare  ctermfg=none ctermbg=none  cterm=reverse
+   endif
+   hi Statement       ctermfg=161               cterm=bold
+   hi StatusLine      ctermfg=238 ctermbg=253
+   hi StatusLineNC    ctermfg=244 ctermbg=232
+   hi StorageClass    ctermfg=208
+   hi Structure       ctermfg=81
+   hi Tag             ctermfg=161
+   hi Title           ctermfg=166
+   hi Todo            ctermfg=231 ctermbg=232   cterm=bold
+
+   hi Typedef         ctermfg=81
+   hi Type            ctermfg=81                cterm=none
+   hi Underlined      ctermfg=244               cterm=underline
+
+   hi VertSplit       ctermfg=244 ctermbg=232   cterm=bold
+   hi VisualNOS                   ctermbg=238
+   hi Visual                      ctermbg=235
+   hi WarningMsg      ctermfg=231 ctermbg=238   cterm=bold
+   hi WildMenu        ctermfg=81  ctermbg=16
+
+   hi Comment         ctermfg=59
+   hi CursorColumn                ctermbg=236
+   hi ColorColumn                 ctermbg=236
+   hi LineNr          ctermfg=250 ctermbg=236
+   hi NonText         ctermfg=59
+
+   hi SpecialKey      ctermfg=59
+
+   if exists("g:rehash256") && g:rehash256 == 1
+       hi Normal       ctermfg=252 ctermbg=234
+       hi CursorLine               ctermbg=236   cterm=none
+       hi CursorLineNr ctermfg=208               cterm=none
+
+       hi Boolean         ctermfg=141
+       hi Character       ctermfg=222
+       hi Number          ctermfg=141
+       hi String          ctermfg=222
+       hi Conditional     ctermfg=197               cterm=bold
+       hi Constant        ctermfg=141               cterm=bold
+
+       hi DiffDelete      ctermfg=125 ctermbg=233
+
+       hi Directory       ctermfg=154               cterm=bold
+       hi Error           ctermfg=222 ctermbg=233
+       hi Exception       ctermfg=154               cterm=bold
+       hi Float           ctermfg=141
+       hi Function        ctermfg=154
+       hi Identifier      ctermfg=208
+
+       hi Keyword         ctermfg=197               cterm=bold
+       hi Operator        ctermfg=197
+       hi PreCondit       ctermfg=154               cterm=bold
+       hi PreProc         ctermfg=154
+       hi Repeat          ctermfg=197               cterm=bold
+
+       hi Statement       ctermfg=197               cterm=bold
+       hi Tag             ctermfg=197
+       hi Title           ctermfg=203
+       hi Visual                      ctermbg=238
+
+       hi Comment         ctermfg=244
+       hi LineNr          ctermfg=239 ctermbg=235
+       hi NonText         ctermfg=239
+       hi SpecialKey      ctermfg=239
+   endif
+end
+
+" Must be at the end, because of ctermbg=234 bug.
+" https://groups.google.com/forum/#!msg/vim_dev/afPqwAFNdrU/nqh6tOM87QUJ
+set background=dark

files/homedirs/DEFAULT/.vim/colors/solarized8_dark.vim

@@ -0,0 +1,4 @@
+let s:dir = expand('<sfile>:p:h').(!exists("+shellslash") || &shellslash ? '/' : '\')
+set background=dark
+execute "source" s:dir."solarized8.vim"
+unlet s:dir

files/homedirs/DEFAULT/_bashrc

@@ -0,0 +1,124 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+if [ "$color_prompt" = yes ]; then
+    #PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@${__hostname}:\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    #PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\u@${__hostname}:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -l'
+alias la='ls -A'
+alias l='ls -CF'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi
+
+export EDITOR=vim
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/DEFAULT/_profile

@@ -0,0 +1,32 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [[ -f /usr/share/mc/bin/mc.sh ]]; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"

files/homedirs/DEFAULT/_profile.j2

@@ -0,0 +1,36 @@
+# {{ ansible_managed }}
+
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+   . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+#. /usr/lib/mc/bin/mc.sh
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ] ; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"

files/homedirs/DEFAULT/_vimrc

@@ -0,0 +1,173 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set shiftwidth=3
+set tabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+

files/homedirs/root/.vim/.netrwhist

@@ -0,0 +1,11 @@
+let g:netrw_dirhistmax  =10
+let g:netrw_dirhist_cnt =9
+let g:netrw_dirhist_1='/home/chris/devel/git/git.oopen.de/script/bash/snippets'
+let g:netrw_dirhist_2='/home/chris/O.OPEN/Kunden/Anwaltsbuero-Kottbusser_Damm/carsten/ThinkPad_L380'
+let g:netrw_dirhist_3='/home/chris/devel/git/git.oopen.de/ansible/mbr-bln/group_vars/all'
+let g:netrw_dirhist_4='/home/chris/O.OPEN/Kunden/Gemeinschaft Altenschlirf/Intranet/VPN/VPN-GA-NH-chris'
+let g:netrw_dirhist_5='/home/chris/devel/git/git.oopen.de/firewall/ipt-server'
+let g:netrw_dirhist_6='/home/chris/devel/git/git.oopen.de/firewall/ipt-server/conf'
+let g:netrw_dirhist_7='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/group_vars'
+let g:netrw_dirhist_8='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies'
+let g:netrw_dirhist_9='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies/tasks'

files/homedirs/root/.vim/colors/afterglow.vim

@@ -0,0 +1,547 @@
+" File: afterglow.vim
+" Author: Danilo Augusto <daniloaugusto.ita16@gmail.com>
+" Date: 2017-02-27
+" Vim color file - Afterglow (monokai version)
+"
+" Hex color conversion functions borrowed from the theme 'Desert256'
+
+set background=dark
+if version > 580
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+
+let g:colors_name = "afterglow"
+
+" Default GUI Colours
+let s:foreground = "d6d6d6"
+let s:background = "1a1a1a"
+let s:selection = "5a647e"
+let s:line = "393939"
+let s:comment = "797979"
+let s:red = "ac4142"
+let s:orange = "e87d3e"
+let s:yellow = "e5b567"
+let s:green = "b4c973"
+let s:blue = "6c99bb"
+let s:wine = "b05279"
+let s:purple = "9e86c8"
+let s:window = "4d5057"
+
+if has("gui_running") || &t_Co == 88 || &t_Co == 256
+    " Returns an approximate grey index for the given grey level
+    fun <SID>grey_number(x)
+        if &t_Co == 88
+            if a:x < 23
+                return 0
+            elseif a:x < 69
+                return 1
+            elseif a:x < 103
+                return 2
+            elseif a:x < 127
+                return 3
+            elseif a:x < 150
+                return 4
+            elseif a:x < 173
+                return 5
+            elseif a:x < 196
+                return 6
+            elseif a:x < 219
+                return 7
+            elseif a:x < 243
+                return 8
+            else
+                return 9
+            endif
+        else
+            if a:x < 14
+                return 0
+            else
+                let l:n = (a:x - 8) / 10
+                let l:m = (a:x - 8) % 10
+                if l:m < 5
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual grey level represented by the grey index
+    fun <SID>grey_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 46
+            elseif a:n == 2
+                return 92
+            elseif a:n == 3
+                return 115
+            elseif a:n == 4
+                return 139
+            elseif a:n == 5
+                return 162
+            elseif a:n == 6
+                return 185
+            elseif a:n == 7
+                return 208
+            elseif a:n == 8
+                return 231
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 8 + (a:n * 10)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given grey index
+    fun <SID>grey_colour(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 16
+            elseif a:n == 9
+                return 79
+            else
+                return 79 + a:n
+            endif
+        else
+            if a:n == 0
+                return 16
+            elseif a:n == 25
+                return 231
+            else
+                return 231 + a:n
+            endif
+        endif
+    endfun
+
+    " Returns an approximate colour index for the given colour level
+    fun <SID>rgb_number(x)
+        if &t_Co == 88
+            if a:x < 69
+                return 0
+            elseif a:x < 172
+                return 1
+            elseif a:x < 230
+                return 2
+            else
+                return 3
+            endif
+        else
+            if a:x < 75
+                return 0
+            else
+                let l:n = (a:x - 55) / 40
+                let l:m = (a:x - 55) % 40
+                if l:m < 20
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual colour level for the given colour index
+    fun <SID>rgb_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 139
+            elseif a:n == 2
+                return 205
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 55 + (a:n * 40)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given R/G/B colour indices
+    fun <SID>rgb_colour(x, y, z)
+        if &t_Co == 88
+            return 16 + (a:x * 16) + (a:y * 4) + a:z
+        else
+            return 16 + (a:x * 36) + (a:y * 6) + a:z
+        endif
+    endfun
+
+    " Returns the palette index to approximate the given R/G/B colour levels
+    fun <SID>colour(r, g, b)
+        " Get the closest grey
+        let l:gx = <SID>grey_number(a:r)
+        let l:gy = <SID>grey_number(a:g)
+        let l:gz = <SID>grey_number(a:b)
+
+        " Get the closest colour
+        let l:x = <SID>rgb_number(a:r)
+        let l:y = <SID>rgb_number(a:g)
+        let l:z = <SID>rgb_number(a:b)
+
+        if l:gx == l:gy && l:gy == l:gz
+            " There are two possibilities
+            let l:dgr = <SID>grey_level(l:gx) - a:r
+            let l:dgg = <SID>grey_level(l:gy) - a:g
+            let l:dgb = <SID>grey_level(l:gz) - a:b
+            let l:dgrey = (l:dgr * l:dgr) + (l:dgg * l:dgg) + (l:dgb * l:dgb)
+            let l:dr = <SID>rgb_level(l:gx) - a:r
+            let l:dg = <SID>rgb_level(l:gy) - a:g
+            let l:db = <SID>rgb_level(l:gz) - a:b
+            let l:drgb = (l:dr * l:dr) + (l:dg * l:dg) + (l:db * l:db)
+            if l:dgrey < l:drgb
+                " Use the grey
+                return <SID>grey_colour(l:gx)
+            else
+                " Use the colour
+                return <SID>rgb_colour(l:x, l:y, l:z)
+            endif
+        else
+            " Only one possibility
+            return <SID>rgb_colour(l:x, l:y, l:z)
+        endif
+    endfun
+
+    " Returns the palette index to approximate the 'rrggbb' hex string
+    fun <SID>rgb(rgb)
+        let l:r = ("0x" . strpart(a:rgb, 0, 2)) + 0
+        let l:g = ("0x" . strpart(a:rgb, 2, 2)) + 0
+        let l:b = ("0x" . strpart(a:rgb, 4, 2)) + 0
+
+        return <SID>colour(l:r, l:g, l:b)
+    endfun
+
+    " Sets the highlighting for the given group
+    fun <SID>X(group, fg, bg, attr)
+        if a:fg != ""
+            exec "hi " . a:group . " guifg=#" . a:fg . " ctermfg=" . <SID>rgb(a:fg)
+        endif
+        if a:bg != ""
+            exec "hi " . a:group . " guibg=#" . a:bg . " ctermbg=" . <SID>rgb(a:bg)
+        endif
+        if a:attr != ""
+            exec "hi " . a:group . " gui=" . a:attr . " cterm=" . a:attr
+        endif
+    endfun
+
+    " Vim Highlighting
+    call <SID>X("Normal", s:foreground, s:background, "")
+    call <SID>X("LineNr", s:comment, "", "")
+    call <SID>X("NonText", s:selection, "", "")
+    call <SID>X("SpecialKey", s:selection, "", "")
+    call <SID>X("Search", s:background, s:yellow, "")
+    call <SID>X("TabLine", s:window, s:foreground, "reverse")
+    call <SID>X("TabLineFill", s:window, s:foreground, "reverse")
+    call <SID>X("StatusLine", s:window, s:yellow, "reverse")
+    call <SID>X("StatusLineNC", s:window, s:foreground, "reverse")
+    call <SID>X("VertSplit", s:window, s:window, "none")
+    call <SID>X("Visual", "", s:selection, "")
+    call <SID>X("Directory", s:blue, "", "")
+    call <SID>X("ModeMsg", s:green, "", "")
+    call <SID>X("MoreMsg", s:green, "", "")
+    call <SID>X("Question", s:green, "", "")
+    call <SID>X("WarningMsg", s:orange, "", "bold")
+    call <SID>X("MatchParen", "", s:selection, "")
+    call <SID>X("Folded", s:comment, s:background, "")
+    call <SID>X("FoldColumn", "", s:background, "")
+    if version >= 700
+        call <SID>X("CursorLine", "", s:line, "none")
+        call <SID>X("CursorLineNR", s:orange, "", "none")
+        call <SID>X("CursorColumn", "", s:line, "none")
+        call <SID>X("PMenu", s:foreground, s:selection, "none")
+        call <SID>X("PMenuSel", s:foreground, s:selection, "reverse")
+        call <SID>X("SignColumn", "", s:background, "none")
+    end
+    if version >= 703
+        call <SID>X("ColorColumn", "", s:line, "none")
+    end
+
+    " Standard Highlighting
+    call <SID>X("Comment", s:comment, "", "")
+    call <SID>X("Todo", s:red, s:background, "bold")
+    call <SID>X("Title", s:comment, "", "bold")
+    call <SID>X("Identifier", s:orange, "", "")
+    call <SID>X("Statement", s:wine, "", "")
+    call <SID>X("Conditional", s:wine, "", "")
+    call <SID>X("Repeat", s:wine, "", "")
+    call <SID>X("Structure", s:wine, "", "")
+    call <SID>X("Function", s:orange, "", "")
+    call <SID>X("Constant", s:purple, "", "")
+    call <SID>X("Keyword", s:orange, "", "")
+    call <SID>X("String", s:yellow, "", "")
+    call <SID>X("Special", s:blue, "", "")
+    call <SID>X("PreProc", s:green, "", "")
+    call <SID>X("Operator", s:purple, "", "")
+    call <SID>X("Type", s:blue, "", "")
+    call <SID>X("Define", s:wine, "", "")
+    call <SID>X("Include", s:wine, "", "")
+    call <SID>X("Tag", s:orange, "", "bold")
+    call <SID>X("Underlined", s:orange, "", "underline")
+
+    syntax match commonOperator "\(+\|=\|-\|*\|\^\|\/\||\)"
+    hi link commonOperator Operator
+
+    " Vim Highlighting
+    call <SID>X("vimCommand", s:wine, "", "none")
+
+    " C Highlighting
+    call <SID>X("cType", s:wine, "", "")
+    call <SID>X("cStorageClass", s:orange, "", "")
+    call <SID>X("cConditional", s:wine, "", "")
+    call <SID>X("cRepeat", s:wine, "", "")
+
+    " PHP Highlighting
+    call <SID>X("phpVarSelector", s:wine, "", "")
+    call <SID>X("phpKeyword", s:wine, "", "")
+    call <SID>X("phpRepeat", s:wine, "", "")
+    call <SID>X("phpConditional", s:wine, "", "")
+    call <SID>X("phpStatement", s:wine, "", "")
+    call <SID>X("phpMemberSelector", s:foreground, "", "")
+
+    " Ruby Highlighting
+    call <SID>X("rubySymbol", s:blue, "", "")
+    call <SID>X("rubyConstant", s:green, "", "")
+    call <SID>X("rubyAccess", s:yellow, "", "")
+    call <SID>X("rubyAttribute", s:blue, "", "")
+    call <SID>X("rubyInclude", s:blue, "", "")
+    call <SID>X("rubyLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("rubyCurlyBlock", s:orange, "", "")
+    call <SID>X("rubyStringDelimiter", s:yellow, "", "")
+    call <SID>X("rubyInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("rubyConditional", s:wine, "", "")
+    call <SID>X("rubyRepeat", s:wine, "", "")
+    call <SID>X("rubyControl", s:wine, "", "")
+    call <SID>X("rubyException", s:wine, "", "")
+
+    " Crystal Highlighting
+    call <SID>X("crystalSymbol", s:green, "", "")
+    call <SID>X("crystalConstant", s:yellow, "", "")
+    call <SID>X("crystalAccess", s:yellow, "", "")
+    call <SID>X("crystalAttribute", s:blue, "", "")
+    call <SID>X("crystalInclude", s:blue, "", "")
+    call <SID>X("crystalLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("crystalCurlyBlock", s:orange, "", "")
+    call <SID>X("crystalStringDelimiter", s:green, "", "")
+    call <SID>X("crystalInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("crystalConditional", s:wine, "", "")
+    call <SID>X("crystalRepeat", s:wine, "", "")
+    call <SID>X("crystalControl", s:wine, "", "")
+    call <SID>X("crystalException", s:wine, "", "")
+
+    " Python Highlighting
+    call <SID>X("pythonInclude", s:green, "", "italic")
+    call <SID>X("pythonStatement", s:blue, "", "")
+    call <SID>X("pythonConditional", s:wine, "", "")
+    call <SID>X("pythonRepeat", s:wine, "", "")
+    call <SID>X("pythonException", s:wine, "", "")
+    call <SID>X("pythonFunction", s:green, "", "italic")
+    call <SID>X("pythonPreCondit", s:wine, "", "")
+    call <SID>X("pythonExClass", s:orange, "", "")
+    call <SID>X("pythonBuiltin", s:blue, "", "")
+    call <SID>X("pythonOperator", s:wine, "", "")
+    call <SID>X("pythonNumber", s:purple, "", "")
+    call <SID>X("pythonString", s:yellow, "", "")
+    call <SID>X("pythonRawString", s:yellow, "", "")
+    call <SID>X("pythonDecorator", s:wine, "", "")
+    call <SID>X("pythonDoctest", s:yellow, "", "")
+    call <SID>X("pythonImportFunction", s:orange, "", "")
+    call <SID>X("pythonImportModule", s:orange, "", "")
+    call <SID>X("pythonImportObject", s:orange, "", "")
+    call <SID>X("pythonImportedClassDef", s:orange, "", "")
+    call <SID>X("pythonImportedFuncDef", s:orange, "", "")
+    call <SID>X("pythonImportedModule", s:orange, "", "")
+    call <SID>X("pythonImportedObject", s:orange, "", "")
+
+    " JavaScript Highlighting
+    call <SID>X("javaScriptEndColons", s:foreground, "", "")
+    call <SID>X("javaScriptOpSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptLogicSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptBraces", s:foreground, "", "")
+    call <SID>X("javaScriptParens", s:foreground, "", "")
+    call <SID>X("javaScriptFunction", s:green, "", "")
+    call <SID>X("javaScriptComment", s:comment, "", "")
+    call <SID>X("javaScriptLineComment", s:comment, "", "")
+    call <SID>X("javaScriptDocComment", s:comment, "", "")
+    call <SID>X("javaScriptCommentTodo", s:red, "", "")
+    call <SID>X("javaScriptString", s:yellow, "", "")
+    call <SID>X("javaScriptRegexpString", s:yellow, "", "")
+    call <SID>X("javaScriptTemplateString", s:yellow, "", "")
+    call <SID>X("javaScriptNumber", s:purple, "", "")
+    call <SID>X("javaScriptFloat", s:purple, "", "")
+    call <SID>X("javaScriptGlobal", s:purple, "", "")
+    call <SID>X("javaScriptCharacter", s:blue, "", "")
+    call <SID>X("javaScriptPrototype", s:blue, "", "")
+    call <SID>X("javaScriptConditional", s:blue, "", "")
+    call <SID>X("javaScriptBranch", s:blue, "", "")
+    call <SID>X("javaScriptIdentifier", s:orange, "", "")
+    call <SID>X("javaScriptRepeat", s:blue, "", "")
+    call <SID>X("javaScriptStatement", s:blue, "", "")
+    call <SID>X("javaScriptMessage", s:blue, "", "")
+    call <SID>X("javaScriptReserved", s:blue, "", "")
+    call <SID>X("javaScriptOperator", s:blue, "", "")
+    call <SID>X("javaScriptNull", s:purple, "", "")
+    call <SID>X("javaScriptBoolean", s:purple, "", "")
+    call <SID>X("javaScriptLabel", s:blue, "", "")
+    call <SID>X("javaScriptSpecial", s:blue, "", "")
+    call <SID>X("javaScriptExceptions", s:red, "", "")
+    call <SID>X("javaScriptDeprecated", s:red, "", "")
+    call <SID>X("javaScriptError", s:red, "", "")
+
+    " LaTeX
+    call <SID>X("texStatement",s:blue, "", "")
+    call <SID>X("texMath", s:wine, "", "none")
+    call <SID>X("texMathMacher", s:yellow, "", "none")
+    call <SID>X("texRefLabel", s:wine, "", "none")
+    call <SID>X("texRefZone", s:blue, "", "none")
+    call <SID>X("texComment", s:comment, "", "none")
+    call <SID>X("texDelimiter", s:purple, "", "none")
+    call <SID>X("texMathZoneX", s:purple, "", "none")
+
+    " CoffeeScript Highlighting
+    call <SID>X("coffeeRepeat", s:wine, "", "")
+    call <SID>X("coffeeConditional", s:wine, "", "")
+    call <SID>X("coffeeKeyword", s:wine, "", "")
+    call <SID>X("coffeeObject", s:yellow, "", "")
+
+    " HTML Highlighting
+    call <SID>X("htmlTag", s:blue, "", "")
+    call <SID>X("htmlEndTag", s:blue, "", "")
+    call <SID>X("htmlTagName", s:wine, "", "bold")
+    call <SID>X("htmlArg", s:green, "", "italic")
+    call <SID>X("htmlScriptTag", s:wine, "", "")
+
+    " Diff Highlighting
+    call <SID>X("diffAdd", "", "4c4e39", "")
+    call <SID>X("diffDelete", s:background, s:red, "")
+    call <SID>X("diffChange", "", "2B5B77", "")
+    call <SID>X("diffText", s:line, s:blue, "")
+
+    " ShowMarks Highlighting
+    call <SID>X("ShowMarksHLl", s:orange, s:background, "none")
+    call <SID>X("ShowMarksHLo", s:wine, s:background, "none")
+    call <SID>X("ShowMarksHLu", s:yellow, s:background, "none")
+    call <SID>X("ShowMarksHLm", s:wine, s:background, "none")
+
+    " Lua Highlighting
+    call <SID>X("luaStatement", s:wine, "", "")
+    call <SID>X("luaRepeat", s:wine, "", "")
+    call <SID>X("luaCondStart", s:wine, "", "")
+    call <SID>X("luaCondElseif", s:wine, "", "")
+    call <SID>X("luaCond", s:wine, "", "")
+    call <SID>X("luaCondEnd", s:wine, "", "")
+
+    " Cucumber Highlighting
+    call <SID>X("cucumberGiven", s:blue, "", "")
+    call <SID>X("cucumberGivenAnd", s:blue, "", "")
+
+    " Go Highlighting
+    call <SID>X("goDirective", s:wine, "", "")
+    call <SID>X("goDeclaration", s:wine, "", "")
+    call <SID>X("goStatement", s:wine, "", "")
+    call <SID>X("goConditional", s:wine, "", "")
+    call <SID>X("goConstants", s:orange, "", "")
+    call <SID>X("goTodo", s:red, "", "")
+    call <SID>X("goDeclType", s:blue, "", "")
+    call <SID>X("goBuiltins", s:wine, "", "")
+    call <SID>X("goRepeat", s:wine, "", "")
+    call <SID>X("goLabel", s:wine, "", "")
+
+    " Clojure Highlighting
+    call <SID>X("clojureConstant", s:orange, "", "")
+    call <SID>X("clojureBoolean", s:orange, "", "")
+    call <SID>X("clojureCharacter", s:orange, "", "")
+    call <SID>X("clojureKeyword", s:green, "", "")
+    call <SID>X("clojureNumber", s:orange, "", "")
+    call <SID>X("clojureString", s:green, "", "")
+    call <SID>X("clojureRegexp", s:green, "", "")
+    call <SID>X("clojureParen", s:wine, "", "")
+    call <SID>X("clojureVariable", s:yellow, "", "")
+    call <SID>X("clojureCond", s:blue, "", "")
+    call <SID>X("clojureDefine", s:wine, "", "")
+    call <SID>X("clojureException", s:red, "", "")
+    call <SID>X("clojureFunc", s:blue, "", "")
+    call <SID>X("clojureMacro", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureSpecial", s:wine, "", "")
+    call <SID>X("clojureQuote", s:blue, "", "")
+    call <SID>X("clojureUnquote", s:blue, "", "")
+    call <SID>X("clojureMeta", s:blue, "", "")
+    call <SID>X("clojureDeref", s:blue, "", "")
+    call <SID>X("clojureAnonArg", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureDispatch", s:blue, "", "")
+
+    " Scala Highlighting
+    call <SID>X("scalaKeyword", s:wine, "", "")
+    call <SID>X("scalaKeywordModifier", s:wine, "", "")
+    call <SID>X("scalaOperator", s:blue, "", "")
+    call <SID>X("scalaPackage", s:wine, "", "")
+    call <SID>X("scalaFqn", s:foreground, "", "")
+    call <SID>X("scalaFqnSet", s:foreground, "", "")
+    call <SID>X("scalaImport", s:wine, "", "")
+    call <SID>X("scalaBoolean", s:orange, "", "")
+    call <SID>X("scalaDef", s:wine, "", "")
+    call <SID>X("scalaVal", s:wine, "", "")
+    call <SID>X("scalaVar", s:wine, "", "")
+    call <SID>X("scalaClass", s:wine, "", "")
+    call <SID>X("scalaObject", s:wine, "", "")
+    call <SID>X("scalaTrait", s:wine, "", "")
+    call <SID>X("scalaDefName", s:blue, "", "")
+    call <SID>X("scalaValName", s:foreground, "", "")
+    call <SID>X("scalaVarName", s:foreground, "", "")
+    call <SID>X("scalaClassName", s:foreground, "", "")
+    call <SID>X("scalaType", s:yellow, "", "")
+    call <SID>X("scalaTypeSpecializer", s:yellow, "", "")
+    call <SID>X("scalaAnnotation", s:orange, "", "")
+    call <SID>X("scalaNumber", s:orange, "", "")
+    call <SID>X("scalaDefSpecializer", s:yellow, "", "")
+    call <SID>X("scalaClassSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:green, "", "")
+    call <SID>X("scalaRoot", s:foreground, "", "")
+    call <SID>X("scalaMethodCall", s:blue, "", "")
+    call <SID>X("scalaCaseType", s:yellow, "", "")
+    call <SID>X("scalaLineComment", s:comment, "", "")
+    call <SID>X("scalaComment", s:comment, "", "")
+    call <SID>X("scalaDocComment", s:comment, "", "")
+    call <SID>X("scalaDocTags", s:comment, "", "")
+    call <SID>X("scalaEmptyString", s:green, "", "")
+    call <SID>X("scalaMultiLineString", s:green, "", "")
+    call <SID>X("scalaUnicode", s:orange, "", "")
+    call <SID>X("scalaString", s:green, "", "")
+    call <SID>X("scalaStringEscape", s:green, "", "")
+    call <SID>X("scalaSymbol", s:orange, "", "")
+    call <SID>X("scalaChar", s:orange, "", "")
+    call <SID>X("scalaXml", s:green, "", "")
+    call <SID>X("scalaConstructorSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:blue, "", "")
+
+    " Git
+    call <SID>X("diffAdded", s:green, "", "")
+    call <SID>X("diffRemoved", s:red, "", "")
+    call <SID>X("gitcommitSummary", "", "", "bold")
+
+    " Delete Functions
+    delf <SID>X
+    delf <SID>rgb
+    delf <SID>colour
+    delf <SID>rgb_colour
+    delf <SID>rgb_level
+    delf <SID>rgb_number
+    delf <SID>grey_colour
+    delf <SID>grey_level
+    delf <SID>grey_number
+endif

files/homedirs/root/.vim/colors/ayu.vim

@@ -0,0 +1,268 @@
+" Initialisation:"{{{
+" ----------------------------------------------------------------------------
+hi clear
+if exists("syntax_on")
+  syntax reset
+endif
+
+let s:style = get(g:, 'ayucolor', 'dark')
+let g:colors_name = "ayu"
+"}}}
+
+" Palettes:"{{{
+" ----------------------------------------------------------------------------
+
+let s:palette = {}
+
+let s:palette.bg        = {'dark': "#0F1419",  'light': "#FAFAFA",  'mirage': "#212733"}
+
+let s:palette.comment   = {'dark': "#5C6773",  'light': "#ABB0B6",  'mirage': "#5C6773"}
+let s:palette.markup    = {'dark': "#F07178",  'light': "#F07178",  'mirage': "#F07178"}
+let s:palette.constant  = {'dark': "#FFEE99",  'light': "#A37ACC",  'mirage': "#D4BFFF"}
+let s:palette.operator  = {'dark': "#E7C547",  'light': "#E7C547",  'mirage': "#80D4FF"}
+let s:palette.tag       = {'dark': "#36A3D9",  'light': "#36A3D9",  'mirage': "#5CCFE6"}
+let s:palette.regexp    = {'dark': "#95E6CB",  'light': "#4CBF99",  'mirage': "#95E6CB"}
+let s:palette.string    = {'dark': "#B8CC52",  'light': "#86B300",  'mirage': "#BBE67E"}
+let s:palette.function  = {'dark': "#FFB454",  'light': "#F29718",  'mirage': "#FFD57F"}
+let s:palette.special   = {'dark': "#E6B673",  'light': "#E6B673",  'mirage': "#FFC44C"}
+let s:palette.keyword   = {'dark': "#FF7733",  'light': "#FF7733",  'mirage': "#FFAE57"}
+
+let s:palette.error     = {'dark': "#FF3333",  'light': "#FF3333",  'mirage': "#FF3333"}
+let s:palette.accent    = {'dark': "#F29718",  'light': "#FF6A00",  'mirage': "#FFCC66"}
+let s:palette.panel     = {'dark': "#14191F",  'light': "#FFFFFF",  'mirage': "#272D38"}
+let s:palette.guide     = {'dark': "#2D3640",  'light': "#D9D8D7",  'mirage': "#3D4751"}
+let s:palette.line      = {'dark': "#151A1E",  'light': "#F3F3F3",  'mirage': "#242B38"}
+let s:palette.selection = {'dark': "#253340",  'light': "#F0EEE4",  'mirage': "#343F4C"}
+let s:palette.fg        = {'dark': "#E6E1CF",  'light': "#5C6773",  'mirage': "#D9D7CE"}
+let s:palette.fg_idle   = {'dark': "#3E4B59",  'light': "#828C99",  'mirage': "#607080"}
+
+"}}}
+
+" Highlighting Primitives:"{{{
+" ----------------------------------------------------------------------------
+
+function! s:build_prim(hi_elem, field)
+  let l:vname = "s:" . a:hi_elem . "_" . a:field " s:bg_gray
+  let l:gui_assign = "gui".a:hi_elem."=".s:palette[a:field][s:style] " guibg=...
+  exe "let " . l:vname . " = ' " . l:gui_assign . "'"
+endfunction
+
+let s:bg_none = ' guibg=NONE ctermbg=NONE'
+let s:fg_none = ' guifg=NONE ctermfg=NONE'
+for [key_name, d_value] in items(s:palette)
+  call s:build_prim('bg', key_name)
+  call s:build_prim('fg', key_name)
+endfor
+" }}}
+
+" Formatting Options:"{{{
+" ----------------------------------------------------------------------------
+let s:none   = "NONE"
+let s:t_none = "NONE"
+let s:n      = "NONE"
+let s:c      = ",undercurl"
+let s:r      = ",reverse"
+let s:s      = ",standout"
+let s:b      = ",bold"
+let s:u      = ",underline"
+let s:i      = ",italic"
+
+exe "let s:fmt_none = ' gui=NONE".          " cterm=NONE".          " term=NONE"        ."'"
+exe "let s:fmt_bold = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_bldi = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_undr = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_undb = ' gui=NONE".s:u.s:b.  " cterm=NONE".s:u.s:b.  " term=NONE".s:u.s:b."'"
+exe "let s:fmt_undi = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_curl = ' gui=NONE".s:c.      " cterm=NONE".s:c.      " term=NONE".s:c    ."'"
+exe "let s:fmt_ital = ' gui=NONE".s:i.      " cterm=NONE".s:i.      " term=NONE".s:i    ."'"
+exe "let s:fmt_stnd = ' gui=NONE".s:s.      " cterm=NONE".s:s.      " term=NONE".s:s    ."'"
+exe "let s:fmt_revr = ' gui=NONE".s:r.      " cterm=NONE".s:r.      " term=NONE".s:r    ."'"
+exe "let s:fmt_revb = ' gui=NONE".s:r.s:b.  " cterm=NONE".s:r.s:b.  " term=NONE".s:r.s:b."'"
+"}}}
+
+
+" Vim Highlighting: (see :help highlight-groups)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Normal"        .s:fg_fg          .s:bg_bg          .s:fmt_none
+exe "hi! ColorColumn"   .s:fg_none        .s:bg_line        .s:fmt_none
+" Conceal, Cursor, CursorIM
+exe "hi! CursorColumn"  .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLine"    .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLineNr"  .s:fg_accent      .s:bg_line        .s:fmt_none
+exe "hi! LineNr"        .s:fg_guide       .s:bg_none        .s:fmt_none
+
+exe "hi! Directory"     .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! DiffAdd"       .s:fg_string      .s:bg_panel       .s:fmt_none
+exe "hi! DiffChange"    .s:fg_tag         .s:bg_panel       .s:fmt_none
+exe "hi! DiffText"      .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! ErrorMsg"      .s:fg_fg          .s:bg_error       .s:fmt_stnd
+exe "hi! VertSplit"     .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Folded"        .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! FoldColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+exe "hi! SignColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+"   Incsearch"
+
+exe "hi! MatchParen"    .s:fg_fg          .s:bg_bg          .s:fmt_undr
+exe "hi! ModeMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! MoreMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! NonText"       .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Pmenu"         .s:fg_fg          .s:bg_selection   .s:fmt_none
+exe "hi! PmenuSel"      .s:fg_fg          .s:bg_selection   .s:fmt_revr
+"   PmenuSbar"
+"   PmenuThumb"
+exe "hi! Question"      .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! Search"        .s:fg_bg          .s:bg_constant    .s:fmt_none
+exe "hi! SpecialKey"    .s:fg_selection   .s:bg_none        .s:fmt_none
+exe "hi! SpellCap"      .s:fg_tag         .s:bg_none        .s:fmt_undr
+exe "hi! SpellLocal"    .s:fg_keyword     .s:bg_none        .s:fmt_undr
+exe "hi! SpellBad"      .s:fg_error       .s:bg_none        .s:fmt_undr
+exe "hi! SpellRare"     .s:fg_regexp      .s:bg_none        .s:fmt_undr
+exe "hi! StatusLine"    .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! StatusLineNC"  .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! WildMenu"      .s:fg_bg          .s:bg_markup      .s:fmt_none
+exe "hi! TabLine"       .s:fg_fg          .s:bg_panel       .s:fmt_revr
+"   TabLineFill"
+"   TabLineSel"
+exe "hi! Title"         .s:fg_keyword     .s:bg_none        .s:fmt_none
+exe "hi! Visual"        .s:fg_none        .s:bg_selection   .s:fmt_none
+"   VisualNos"
+exe "hi! WarningMsg"    .s:fg_error       .s:bg_none        .s:fmt_none
+
+" TODO LongLineWarning to use variables instead of hardcoding
+hi LongLineWarning  guifg=NONE        guibg=#371F1C     gui=underline ctermfg=NONE        ctermbg=NONE        cterm=underline
+"   WildMenu"
+
+"}}}
+
+" Generic Syntax Highlighting: (see :help group-name)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Comment"         .s:fg_comment   .s:bg_none        .s:fmt_none
+
+exe "hi! Constant"        .s:fg_constant  .s:bg_none        .s:fmt_none
+exe "hi! String"          .s:fg_string    .s:bg_none        .s:fmt_none
+"   Character"
+"   Number"
+"   Boolean"
+"   Float"
+
+exe "hi! Identifier"      .s:fg_tag       .s:bg_none        .s:fmt_none
+exe "hi! Function"        .s:fg_function  .s:bg_none        .s:fmt_none
+
+exe "hi! Statement"       .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   Conditional"
+"   Repeat"
+"   Label"
+exe "hi! Operator"        .s:fg_operator  .s:bg_none        .s:fmt_none
+"   Keyword"
+"   Exception"
+
+exe "hi! PreProc"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   Include"
+"   Define"
+"   Macro"
+"   PreCondit"
+
+exe "hi! Type"            .s:fg_tag       .s:bg_none        .s:fmt_none
+"   StorageClass"
+exe "hi! Structure"       .s:fg_special   .s:bg_none        .s:fmt_none
+"   Typedef"
+
+exe "hi! Special"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   SpecialChar"
+"   Tag"
+"   Delimiter"
+"   SpecialComment"
+"   Debug"
+"
+exe "hi! Underlined"      .s:fg_tag       .s:bg_none        .s:fmt_undr
+
+exe "hi! Ignore"          .s:fg_none      .s:bg_none        .s:fmt_none
+
+exe "hi! Error"           .s:fg_fg        .s:bg_error       .s:fmt_none
+
+exe "hi! Todo"            .s:fg_markup    .s:bg_none        .s:fmt_none
+
+" Quickfix window highlighting
+exe "hi! qfLineNr"        .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   qfFileName"
+"   qfLineNr"
+"   qfError"
+
+exe "hi! Conceal"         .s:fg_guide     .s:bg_none        .s:fmt_none
+exe "hi! CursorLineConceal" .s:fg_guide   .s:bg_line        .s:fmt_none
+
+
+" Terminal in NVIM
+" ---------
+if has("nvim")
+  let g:terminal_color_0 =  s:palette.bg[s:style]
+  let g:terminal_color_1 =  s:palette.markup[s:style]
+  let g:terminal_color_2 =  s:palette.string[s:style]
+  let g:terminal_color_3 =  s:palette.accent[s:style]
+  let g:terminal_color_4 =  s:palette.tag[s:style]
+  let g:terminal_color_5 =  s:palette.constant[s:style]
+  let g:terminal_color_6 =  s:palette.regexp[s:style]
+  let g:terminal_color_7 =  "#FFFFFF"
+  let g:terminal_color_8 =  s:palette.fg_idle[s:style]
+  let g:terminal_color_9 =  s:palette.error[s:style]
+  let g:terminal_color_10 = s:palette.string[s:style]
+  let g:terminal_color_11 = s:palette.accent[s:style]
+  let g:terminal_color_12 = s:palette.tag[s:style]
+  let g:terminal_color_13 = s:palette.constant[s:style]
+  let g:terminal_color_14 = s:palette.regexp[s:style]
+  let g:terminal_color_15 = s:palette.comment[s:style]
+  let g:terminal_color_background = g:terminal_color_0
+  let g:terminal_color_foreground = s:palette.fg[s:style]
+endif
+
+
+" NerdTree
+" ---------
+exe "hi! NERDTreeOpenable"          .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeClosable"          .s:fg_accent      .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksHeader"   .s:fg_pink        .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksLeader"   .s:fg_bg          .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarkName"      .s:fg_keyword     .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeCWD"               .s:fg_pink        .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeUp"                .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDir"               .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeFile"              .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDirSlash"          .s:fg_guide      .s:bg_none        .s:fmt_none
+
+
+" GitGutter
+" ---------
+exe "hi! GitGutterAdd"          .s:fg_string     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChange"       .s:fg_tag        .s:bg_none        .s:fmt_none
+exe "hi! GitGutterDelete"       .s:fg_markup     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChangeDelete" .s:fg_function   .s:bg_none        .s:fmt_none
+
+"}}}
+
+" Diff Syntax Highlighting:"{{{
+" ----------------------------------------------------------------------------
+" Diff
+"   diffOldFile
+"   diffNewFile
+"   diffFile
+"   diffOnly
+"   diffIdentical
+"   diffDiffer
+"   diffBDiffer
+"   diffIsA
+"   diffNoEOL
+"   diffCommon
+hi! link diffRemoved Constant
+"   diffChanged
+hi! link diffAdded String
+"   diffLine
+"   diffSubname
+"   diffComment
+
+"}}}
+"
+" This is needed for some reason: {{{
+
+let &background = s:style
+
+" }}}

files/homedirs/root/.vim/colors/molokai.vim

@@ -0,0 +1,276 @@
+" Vim color file
+"
+" Author: Tomas Restrepo <tomas@winterdom.com>
+" https://github.com/tomasr/molokai
+"
+" Note: Based on the Monokai theme for TextMate
+" by Wimer Hazenberg and its darker variant
+" by Hamish Stuart Macpherson
+"
+
+hi clear
+
+if version > 580
+    " no guarantees for version 5.8 and below, but this makes it stop
+    " complaining
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+let g:colors_name="molokai"
+
+if exists("g:molokai_original")
+    let s:molokai_original = g:molokai_original
+else
+    let s:molokai_original = 0
+endif
+
+
+hi Boolean         guifg=#AE81FF
+hi Character       guifg=#E6DB74
+hi Number          guifg=#AE81FF
+hi String          guifg=#E6DB74
+hi Conditional     guifg=#F92672               gui=bold
+hi Constant        guifg=#AE81FF               gui=bold
+hi Cursor          guifg=#000000 guibg=#F8F8F0
+hi iCursor         guifg=#000000 guibg=#F8F8F0
+hi Debug           guifg=#BCA3A3               gui=bold
+hi Define          guifg=#66D9EF
+hi Delimiter       guifg=#8F8F8F
+hi DiffAdd                       guibg=#13354A
+hi DiffChange      guifg=#89807D guibg=#4C4745
+hi DiffDelete      guifg=#960050 guibg=#1E0010
+hi DiffText                      guibg=#4C4745 gui=italic,bold
+
+hi Directory       guifg=#A6E22E               gui=bold
+hi Error           guifg=#E6DB74 guibg=#1E0010
+hi ErrorMsg        guifg=#F92672 guibg=#232526 gui=bold
+hi Exception       guifg=#A6E22E               gui=bold
+hi Float           guifg=#AE81FF
+hi FoldColumn      guifg=#465457 guibg=#000000
+hi Folded          guifg=#465457 guibg=#000000
+hi Function        guifg=#A6E22E
+hi Identifier      guifg=#FD971F
+hi Ignore          guifg=#808080 guibg=bg
+hi IncSearch       guifg=#C4BE89 guibg=#000000
+
+hi Keyword         guifg=#F92672               gui=bold
+hi Label           guifg=#E6DB74               gui=none
+hi Macro           guifg=#C4BE89               gui=italic
+hi SpecialKey      guifg=#66D9EF               gui=italic
+
+hi MatchParen      guifg=#000000 guibg=#FD971F gui=bold
+hi ModeMsg         guifg=#E6DB74
+hi MoreMsg         guifg=#E6DB74
+hi Operator        guifg=#F92672
+
+" complete menu
+hi Pmenu           guifg=#66D9EF guibg=#000000
+hi PmenuSel                      guibg=#808080
+hi PmenuSbar                     guibg=#080808
+hi PmenuThumb      guifg=#66D9EF
+
+hi PreCondit       guifg=#A6E22E               gui=bold
+hi PreProc         guifg=#A6E22E
+hi Question        guifg=#66D9EF
+hi Repeat          guifg=#F92672               gui=bold
+hi Search          guifg=#000000 guibg=#FFE792
+" marks
+hi SignColumn      guifg=#A6E22E guibg=#232526
+hi SpecialChar     guifg=#F92672               gui=bold
+hi SpecialComment  guifg=#7E8E91               gui=bold
+hi Special         guifg=#66D9EF guibg=bg      gui=italic
+if has("spell")
+    hi SpellBad    guisp=#FF0000 gui=undercurl
+    hi SpellCap    guisp=#7070F0 gui=undercurl
+    hi SpellLocal  guisp=#70F0F0 gui=undercurl
+    hi SpellRare   guisp=#FFFFFF gui=undercurl
+endif
+hi Statement       guifg=#F92672               gui=bold
+hi StatusLine      guifg=#455354 guibg=fg
+hi StatusLineNC    guifg=#808080 guibg=#080808
+hi StorageClass    guifg=#FD971F               gui=italic
+hi Structure       guifg=#66D9EF
+hi Tag             guifg=#F92672               gui=italic
+hi Title           guifg=#ef5939
+hi Todo            guifg=#FFFFFF guibg=bg      gui=bold
+
+hi Typedef         guifg=#66D9EF
+hi Type            guifg=#66D9EF               gui=none
+hi Underlined      guifg=#808080               gui=underline
+
+hi VertSplit       guifg=#808080 guibg=#080808 gui=bold
+hi VisualNOS                     guibg=#403D3D
+hi Visual                        guibg=#403D3D
+hi WarningMsg      guifg=#FFFFFF guibg=#333333 gui=bold
+hi WildMenu        guifg=#66D9EF guibg=#000000
+
+hi TabLineFill     guifg=#1B1D1E guibg=#1B1D1E
+hi TabLine         guibg=#1B1D1E guifg=#808080 gui=none
+
+if s:molokai_original == 1
+   hi Normal          guifg=#F8F8F2 guibg=#272822
+   hi Comment         guifg=#75715E
+   hi CursorLine                    guibg=#3E3D32
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#3E3D32
+   hi ColorColumn                   guibg=#3B3A32
+   hi LineNr          guifg=#BCBCBC guibg=#3B3A32
+   hi NonText         guifg=#75715E
+   hi SpecialKey      guifg=#75715E
+else
+   hi Normal          guifg=#F8F8F2 guibg=#1B1D1E
+   hi Comment         guifg=#7E8E91
+   hi CursorLine                    guibg=#293739
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#293739
+   hi ColorColumn                   guibg=#232526
+   hi LineNr          guifg=#465457 guibg=#232526
+   hi NonText         guifg=#465457
+   hi SpecialKey      guifg=#465457
+end
+
+"
+" Support for 256-color terminal
+"
+if &t_Co > 255
+   if s:molokai_original == 1
+      hi Normal                   ctermbg=234
+      hi CursorLine               ctermbg=235   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   else
+      hi Normal       ctermfg=252 ctermbg=233
+      hi CursorLine               ctermbg=234   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   endif
+   hi Boolean         ctermfg=135
+   hi Character       ctermfg=144
+   hi Number          ctermfg=135
+   hi String          ctermfg=144
+   hi Conditional     ctermfg=161               cterm=bold
+   hi Constant        ctermfg=135               cterm=bold
+   hi Cursor          ctermfg=16  ctermbg=253
+   hi Debug           ctermfg=225               cterm=bold
+   hi Define          ctermfg=81
+   hi Delimiter       ctermfg=241
+
+   hi DiffAdd                     ctermbg=24
+   hi DiffChange      ctermfg=181 ctermbg=239
+   hi DiffDelete      ctermfg=162 ctermbg=53
+   hi DiffText                    ctermbg=102 cterm=bold
+
+   hi Directory       ctermfg=118               cterm=bold
+   hi Error           ctermfg=219 ctermbg=89
+   hi ErrorMsg        ctermfg=199 ctermbg=16    cterm=bold
+   hi Exception       ctermfg=118               cterm=bold
+   hi Float           ctermfg=135
+   hi FoldColumn      ctermfg=67  ctermbg=16
+   hi Folded          ctermfg=67  ctermbg=16
+   hi Function        ctermfg=118
+   hi Identifier      ctermfg=208               cterm=none
+   hi Ignore          ctermfg=244 ctermbg=232
+   hi IncSearch       ctermfg=193 ctermbg=16
+
+   hi keyword         ctermfg=161               cterm=bold
+   hi Label           ctermfg=229               cterm=none
+   hi Macro           ctermfg=193
+   hi SpecialKey      ctermfg=81
+
+   hi MatchParen      ctermfg=233  ctermbg=208 cterm=bold
+   hi ModeMsg         ctermfg=229
+   hi MoreMsg         ctermfg=229
+   hi Operator        ctermfg=161
+
+   " complete menu
+   hi Pmenu           ctermfg=81  ctermbg=16
+   hi PmenuSel        ctermfg=255 ctermbg=242
+   hi PmenuSbar                   ctermbg=232
+   hi PmenuThumb      ctermfg=81
+
+   hi PreCondit       ctermfg=118               cterm=bold
+   hi PreProc         ctermfg=118
+   hi Question        ctermfg=81
+   hi Repeat          ctermfg=161               cterm=bold
+   hi Search          ctermfg=0   ctermbg=222   cterm=NONE
+
+   " marks column
+   hi SignColumn      ctermfg=118 ctermbg=235
+   hi SpecialChar     ctermfg=161               cterm=bold
+   hi SpecialComment  ctermfg=245               cterm=bold
+   hi Special         ctermfg=81
+   if has("spell")
+       hi SpellBad                ctermbg=52
+       hi SpellCap                ctermbg=17
+       hi SpellLocal              ctermbg=17
+       hi SpellRare  ctermfg=none ctermbg=none  cterm=reverse
+   endif
+   hi Statement       ctermfg=161               cterm=bold
+   hi StatusLine      ctermfg=238 ctermbg=253
+   hi StatusLineNC    ctermfg=244 ctermbg=232
+   hi StorageClass    ctermfg=208
+   hi Structure       ctermfg=81
+   hi Tag             ctermfg=161
+   hi Title           ctermfg=166
+   hi Todo            ctermfg=231 ctermbg=232   cterm=bold
+
+   hi Typedef         ctermfg=81
+   hi Type            ctermfg=81                cterm=none
+   hi Underlined      ctermfg=244               cterm=underline
+
+   hi VertSplit       ctermfg=244 ctermbg=232   cterm=bold
+   hi VisualNOS                   ctermbg=238
+   hi Visual                      ctermbg=235
+   hi WarningMsg      ctermfg=231 ctermbg=238   cterm=bold
+   hi WildMenu        ctermfg=81  ctermbg=16
+
+   hi Comment         ctermfg=59
+   hi CursorColumn                ctermbg=236
+   hi ColorColumn                 ctermbg=236
+   hi LineNr          ctermfg=250 ctermbg=236
+   hi NonText         ctermfg=59
+
+   hi SpecialKey      ctermfg=59
+
+   if exists("g:rehash256") && g:rehash256 == 1
+       hi Normal       ctermfg=252 ctermbg=234
+       hi CursorLine               ctermbg=236   cterm=none
+       hi CursorLineNr ctermfg=208               cterm=none
+
+       hi Boolean         ctermfg=141
+       hi Character       ctermfg=222
+       hi Number          ctermfg=141
+       hi String          ctermfg=222
+       hi Conditional     ctermfg=197               cterm=bold
+       hi Constant        ctermfg=141               cterm=bold
+
+       hi DiffDelete      ctermfg=125 ctermbg=233
+
+       hi Directory       ctermfg=154               cterm=bold
+       hi Error           ctermfg=222 ctermbg=233
+       hi Exception       ctermfg=154               cterm=bold
+       hi Float           ctermfg=141
+       hi Function        ctermfg=154
+       hi Identifier      ctermfg=208
+
+       hi Keyword         ctermfg=197               cterm=bold
+       hi Operator        ctermfg=197
+       hi PreCondit       ctermfg=154               cterm=bold
+       hi PreProc         ctermfg=154
+       hi Repeat          ctermfg=197               cterm=bold
+
+       hi Statement       ctermfg=197               cterm=bold
+       hi Tag             ctermfg=197
+       hi Title           ctermfg=203
+       hi Visual                      ctermbg=238
+
+       hi Comment         ctermfg=244
+       hi LineNr          ctermfg=239 ctermbg=235
+       hi NonText         ctermfg=239
+       hi SpecialKey      ctermfg=239
+   endif
+end
+
+" Must be at the end, because of ctermbg=234 bug.
+" https://groups.google.com/forum/#!msg/vim_dev/afPqwAFNdrU/nqh6tOM87QUJ
+set background=dark

files/homedirs/root/.vim/colors/solarized8_dark.vim

@@ -0,0 +1,4 @@
+let s:dir = expand('<sfile>:p:h').(!exists("+shellslash") || &shellslash ? '/' : '\')
+set background=dark
+execute "source" s:dir."solarized8.vim"
+unlet s:dir

files/homedirs/root/_bashrc

@@ -0,0 +1,75 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
+# ... or force ignoredups and ignorespace
+export HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
+# umask 022
+#export PS1='\h:\w \$ '
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+export PS1='${__hostname}:\w \$ '
+umask 022
+
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -al'
+alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+#alias rm='rm -i'
+#alias cp='cp -i'
+#alias mv='mv -i'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+
+alias poweroff='echo -e "\n\tplease use:  /sbin/poweroff\n"'
+alias reboot='echo -e "\n\tplease use:  /sbin/reboot\n"'
+
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+
+export EDITOR=vim
+
+export LINES=64
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/root/_profile

@@ -0,0 +1,25 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+   PATH="$HOME/bin:$PATH"
+fi
+if [ -d "$HOME/bin/admin-stuff" ] ; then
+   PATH="$HOME/bin/admin-stuff:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [[ -f /usr/share/mc/bin/mc.sh ]]; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+mesg n

files/homedirs/root/_vimrc

@@ -0,0 +1,178 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+"set noexpandtab
+set expandtab
+set shiftwidth=3
+set tabstop=3
+set softtabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+"set number
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+
+colorscheme PaperColor

files/homedirs/sysadm/.vim/.netrwhist

@@ -0,0 +1,11 @@
+let g:netrw_dirhistmax  =10
+let g:netrw_dirhist_cnt =9
+let g:netrw_dirhist_1='/home/chris/devel/git/git.oopen.de/script/bash/snippets'
+let g:netrw_dirhist_2='/home/chris/O.OPEN/Kunden/Anwaltsbuero-Kottbusser_Damm/carsten/ThinkPad_L380'
+let g:netrw_dirhist_3='/home/chris/devel/git/git.oopen.de/ansible/mbr-bln/group_vars/all'
+let g:netrw_dirhist_4='/home/chris/O.OPEN/Kunden/Gemeinschaft Altenschlirf/Intranet/VPN/VPN-GA-NH-chris'
+let g:netrw_dirhist_5='/home/chris/devel/git/git.oopen.de/firewall/ipt-server'
+let g:netrw_dirhist_6='/home/chris/devel/git/git.oopen.de/firewall/ipt-server/conf'
+let g:netrw_dirhist_7='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/group_vars'
+let g:netrw_dirhist_8='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies'
+let g:netrw_dirhist_9='/home/chris/devel/git/git.oopen.de/ansible/oopen-server/roles/ansible_dependencies/tasks'

files/homedirs/sysadm/.vim/colors/afterglow.vim

@@ -0,0 +1,547 @@
+" File: afterglow.vim
+" Author: Danilo Augusto <daniloaugusto.ita16@gmail.com>
+" Date: 2017-02-27
+" Vim color file - Afterglow (monokai version)
+"
+" Hex color conversion functions borrowed from the theme 'Desert256'
+
+set background=dark
+if version > 580
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+
+let g:colors_name = "afterglow"
+
+" Default GUI Colours
+let s:foreground = "d6d6d6"
+let s:background = "1a1a1a"
+let s:selection = "5a647e"
+let s:line = "393939"
+let s:comment = "797979"
+let s:red = "ac4142"
+let s:orange = "e87d3e"
+let s:yellow = "e5b567"
+let s:green = "b4c973"
+let s:blue = "6c99bb"
+let s:wine = "b05279"
+let s:purple = "9e86c8"
+let s:window = "4d5057"
+
+if has("gui_running") || &t_Co == 88 || &t_Co == 256
+    " Returns an approximate grey index for the given grey level
+    fun <SID>grey_number(x)
+        if &t_Co == 88
+            if a:x < 23
+                return 0
+            elseif a:x < 69
+                return 1
+            elseif a:x < 103
+                return 2
+            elseif a:x < 127
+                return 3
+            elseif a:x < 150
+                return 4
+            elseif a:x < 173
+                return 5
+            elseif a:x < 196
+                return 6
+            elseif a:x < 219
+                return 7
+            elseif a:x < 243
+                return 8
+            else
+                return 9
+            endif
+        else
+            if a:x < 14
+                return 0
+            else
+                let l:n = (a:x - 8) / 10
+                let l:m = (a:x - 8) % 10
+                if l:m < 5
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual grey level represented by the grey index
+    fun <SID>grey_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 46
+            elseif a:n == 2
+                return 92
+            elseif a:n == 3
+                return 115
+            elseif a:n == 4
+                return 139
+            elseif a:n == 5
+                return 162
+            elseif a:n == 6
+                return 185
+            elseif a:n == 7
+                return 208
+            elseif a:n == 8
+                return 231
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 8 + (a:n * 10)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given grey index
+    fun <SID>grey_colour(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 16
+            elseif a:n == 9
+                return 79
+            else
+                return 79 + a:n
+            endif
+        else
+            if a:n == 0
+                return 16
+            elseif a:n == 25
+                return 231
+            else
+                return 231 + a:n
+            endif
+        endif
+    endfun
+
+    " Returns an approximate colour index for the given colour level
+    fun <SID>rgb_number(x)
+        if &t_Co == 88
+            if a:x < 69
+                return 0
+            elseif a:x < 172
+                return 1
+            elseif a:x < 230
+                return 2
+            else
+                return 3
+            endif
+        else
+            if a:x < 75
+                return 0
+            else
+                let l:n = (a:x - 55) / 40
+                let l:m = (a:x - 55) % 40
+                if l:m < 20
+                    return l:n
+                else
+                    return l:n + 1
+                endif
+            endif
+        endif
+    endfun
+
+    " Returns the actual colour level for the given colour index
+    fun <SID>rgb_level(n)
+        if &t_Co == 88
+            if a:n == 0
+                return 0
+            elseif a:n == 1
+                return 139
+            elseif a:n == 2
+                return 205
+            else
+                return 255
+            endif
+        else
+            if a:n == 0
+                return 0
+            else
+                return 55 + (a:n * 40)
+            endif
+        endif
+    endfun
+
+    " Returns the palette index for the given R/G/B colour indices
+    fun <SID>rgb_colour(x, y, z)
+        if &t_Co == 88
+            return 16 + (a:x * 16) + (a:y * 4) + a:z
+        else
+            return 16 + (a:x * 36) + (a:y * 6) + a:z
+        endif
+    endfun
+
+    " Returns the palette index to approximate the given R/G/B colour levels
+    fun <SID>colour(r, g, b)
+        " Get the closest grey
+        let l:gx = <SID>grey_number(a:r)
+        let l:gy = <SID>grey_number(a:g)
+        let l:gz = <SID>grey_number(a:b)
+
+        " Get the closest colour
+        let l:x = <SID>rgb_number(a:r)
+        let l:y = <SID>rgb_number(a:g)
+        let l:z = <SID>rgb_number(a:b)
+
+        if l:gx == l:gy && l:gy == l:gz
+            " There are two possibilities
+            let l:dgr = <SID>grey_level(l:gx) - a:r
+            let l:dgg = <SID>grey_level(l:gy) - a:g
+            let l:dgb = <SID>grey_level(l:gz) - a:b
+            let l:dgrey = (l:dgr * l:dgr) + (l:dgg * l:dgg) + (l:dgb * l:dgb)
+            let l:dr = <SID>rgb_level(l:gx) - a:r
+            let l:dg = <SID>rgb_level(l:gy) - a:g
+            let l:db = <SID>rgb_level(l:gz) - a:b
+            let l:drgb = (l:dr * l:dr) + (l:dg * l:dg) + (l:db * l:db)
+            if l:dgrey < l:drgb
+                " Use the grey
+                return <SID>grey_colour(l:gx)
+            else
+                " Use the colour
+                return <SID>rgb_colour(l:x, l:y, l:z)
+            endif
+        else
+            " Only one possibility
+            return <SID>rgb_colour(l:x, l:y, l:z)
+        endif
+    endfun
+
+    " Returns the palette index to approximate the 'rrggbb' hex string
+    fun <SID>rgb(rgb)
+        let l:r = ("0x" . strpart(a:rgb, 0, 2)) + 0
+        let l:g = ("0x" . strpart(a:rgb, 2, 2)) + 0
+        let l:b = ("0x" . strpart(a:rgb, 4, 2)) + 0
+
+        return <SID>colour(l:r, l:g, l:b)
+    endfun
+
+    " Sets the highlighting for the given group
+    fun <SID>X(group, fg, bg, attr)
+        if a:fg != ""
+            exec "hi " . a:group . " guifg=#" . a:fg . " ctermfg=" . <SID>rgb(a:fg)
+        endif
+        if a:bg != ""
+            exec "hi " . a:group . " guibg=#" . a:bg . " ctermbg=" . <SID>rgb(a:bg)
+        endif
+        if a:attr != ""
+            exec "hi " . a:group . " gui=" . a:attr . " cterm=" . a:attr
+        endif
+    endfun
+
+    " Vim Highlighting
+    call <SID>X("Normal", s:foreground, s:background, "")
+    call <SID>X("LineNr", s:comment, "", "")
+    call <SID>X("NonText", s:selection, "", "")
+    call <SID>X("SpecialKey", s:selection, "", "")
+    call <SID>X("Search", s:background, s:yellow, "")
+    call <SID>X("TabLine", s:window, s:foreground, "reverse")
+    call <SID>X("TabLineFill", s:window, s:foreground, "reverse")
+    call <SID>X("StatusLine", s:window, s:yellow, "reverse")
+    call <SID>X("StatusLineNC", s:window, s:foreground, "reverse")
+    call <SID>X("VertSplit", s:window, s:window, "none")
+    call <SID>X("Visual", "", s:selection, "")
+    call <SID>X("Directory", s:blue, "", "")
+    call <SID>X("ModeMsg", s:green, "", "")
+    call <SID>X("MoreMsg", s:green, "", "")
+    call <SID>X("Question", s:green, "", "")
+    call <SID>X("WarningMsg", s:orange, "", "bold")
+    call <SID>X("MatchParen", "", s:selection, "")
+    call <SID>X("Folded", s:comment, s:background, "")
+    call <SID>X("FoldColumn", "", s:background, "")
+    if version >= 700
+        call <SID>X("CursorLine", "", s:line, "none")
+        call <SID>X("CursorLineNR", s:orange, "", "none")
+        call <SID>X("CursorColumn", "", s:line, "none")
+        call <SID>X("PMenu", s:foreground, s:selection, "none")
+        call <SID>X("PMenuSel", s:foreground, s:selection, "reverse")
+        call <SID>X("SignColumn", "", s:background, "none")
+    end
+    if version >= 703
+        call <SID>X("ColorColumn", "", s:line, "none")
+    end
+
+    " Standard Highlighting
+    call <SID>X("Comment", s:comment, "", "")
+    call <SID>X("Todo", s:red, s:background, "bold")
+    call <SID>X("Title", s:comment, "", "bold")
+    call <SID>X("Identifier", s:orange, "", "")
+    call <SID>X("Statement", s:wine, "", "")
+    call <SID>X("Conditional", s:wine, "", "")
+    call <SID>X("Repeat", s:wine, "", "")
+    call <SID>X("Structure", s:wine, "", "")
+    call <SID>X("Function", s:orange, "", "")
+    call <SID>X("Constant", s:purple, "", "")
+    call <SID>X("Keyword", s:orange, "", "")
+    call <SID>X("String", s:yellow, "", "")
+    call <SID>X("Special", s:blue, "", "")
+    call <SID>X("PreProc", s:green, "", "")
+    call <SID>X("Operator", s:purple, "", "")
+    call <SID>X("Type", s:blue, "", "")
+    call <SID>X("Define", s:wine, "", "")
+    call <SID>X("Include", s:wine, "", "")
+    call <SID>X("Tag", s:orange, "", "bold")
+    call <SID>X("Underlined", s:orange, "", "underline")
+
+    syntax match commonOperator "\(+\|=\|-\|*\|\^\|\/\||\)"
+    hi link commonOperator Operator
+
+    " Vim Highlighting
+    call <SID>X("vimCommand", s:wine, "", "none")
+
+    " C Highlighting
+    call <SID>X("cType", s:wine, "", "")
+    call <SID>X("cStorageClass", s:orange, "", "")
+    call <SID>X("cConditional", s:wine, "", "")
+    call <SID>X("cRepeat", s:wine, "", "")
+
+    " PHP Highlighting
+    call <SID>X("phpVarSelector", s:wine, "", "")
+    call <SID>X("phpKeyword", s:wine, "", "")
+    call <SID>X("phpRepeat", s:wine, "", "")
+    call <SID>X("phpConditional", s:wine, "", "")
+    call <SID>X("phpStatement", s:wine, "", "")
+    call <SID>X("phpMemberSelector", s:foreground, "", "")
+
+    " Ruby Highlighting
+    call <SID>X("rubySymbol", s:blue, "", "")
+    call <SID>X("rubyConstant", s:green, "", "")
+    call <SID>X("rubyAccess", s:yellow, "", "")
+    call <SID>X("rubyAttribute", s:blue, "", "")
+    call <SID>X("rubyInclude", s:blue, "", "")
+    call <SID>X("rubyLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("rubyCurlyBlock", s:orange, "", "")
+    call <SID>X("rubyStringDelimiter", s:yellow, "", "")
+    call <SID>X("rubyInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("rubyConditional", s:wine, "", "")
+    call <SID>X("rubyRepeat", s:wine, "", "")
+    call <SID>X("rubyControl", s:wine, "", "")
+    call <SID>X("rubyException", s:wine, "", "")
+
+    " Crystal Highlighting
+    call <SID>X("crystalSymbol", s:green, "", "")
+    call <SID>X("crystalConstant", s:yellow, "", "")
+    call <SID>X("crystalAccess", s:yellow, "", "")
+    call <SID>X("crystalAttribute", s:blue, "", "")
+    call <SID>X("crystalInclude", s:blue, "", "")
+    call <SID>X("crystalLocalVariableOrMethod", s:orange, "", "")
+    call <SID>X("crystalCurlyBlock", s:orange, "", "")
+    call <SID>X("crystalStringDelimiter", s:green, "", "")
+    call <SID>X("crystalInterpolationDelimiter", s:orange, "", "")
+    call <SID>X("crystalConditional", s:wine, "", "")
+    call <SID>X("crystalRepeat", s:wine, "", "")
+    call <SID>X("crystalControl", s:wine, "", "")
+    call <SID>X("crystalException", s:wine, "", "")
+
+    " Python Highlighting
+    call <SID>X("pythonInclude", s:green, "", "italic")
+    call <SID>X("pythonStatement", s:blue, "", "")
+    call <SID>X("pythonConditional", s:wine, "", "")
+    call <SID>X("pythonRepeat", s:wine, "", "")
+    call <SID>X("pythonException", s:wine, "", "")
+    call <SID>X("pythonFunction", s:green, "", "italic")
+    call <SID>X("pythonPreCondit", s:wine, "", "")
+    call <SID>X("pythonExClass", s:orange, "", "")
+    call <SID>X("pythonBuiltin", s:blue, "", "")
+    call <SID>X("pythonOperator", s:wine, "", "")
+    call <SID>X("pythonNumber", s:purple, "", "")
+    call <SID>X("pythonString", s:yellow, "", "")
+    call <SID>X("pythonRawString", s:yellow, "", "")
+    call <SID>X("pythonDecorator", s:wine, "", "")
+    call <SID>X("pythonDoctest", s:yellow, "", "")
+    call <SID>X("pythonImportFunction", s:orange, "", "")
+    call <SID>X("pythonImportModule", s:orange, "", "")
+    call <SID>X("pythonImportObject", s:orange, "", "")
+    call <SID>X("pythonImportedClassDef", s:orange, "", "")
+    call <SID>X("pythonImportedFuncDef", s:orange, "", "")
+    call <SID>X("pythonImportedModule", s:orange, "", "")
+    call <SID>X("pythonImportedObject", s:orange, "", "")
+
+    " JavaScript Highlighting
+    call <SID>X("javaScriptEndColons", s:foreground, "", "")
+    call <SID>X("javaScriptOpSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptLogicSymbols", s:foreground, "", "")
+    call <SID>X("javaScriptBraces", s:foreground, "", "")
+    call <SID>X("javaScriptParens", s:foreground, "", "")
+    call <SID>X("javaScriptFunction", s:green, "", "")
+    call <SID>X("javaScriptComment", s:comment, "", "")
+    call <SID>X("javaScriptLineComment", s:comment, "", "")
+    call <SID>X("javaScriptDocComment", s:comment, "", "")
+    call <SID>X("javaScriptCommentTodo", s:red, "", "")
+    call <SID>X("javaScriptString", s:yellow, "", "")
+    call <SID>X("javaScriptRegexpString", s:yellow, "", "")
+    call <SID>X("javaScriptTemplateString", s:yellow, "", "")
+    call <SID>X("javaScriptNumber", s:purple, "", "")
+    call <SID>X("javaScriptFloat", s:purple, "", "")
+    call <SID>X("javaScriptGlobal", s:purple, "", "")
+    call <SID>X("javaScriptCharacter", s:blue, "", "")
+    call <SID>X("javaScriptPrototype", s:blue, "", "")
+    call <SID>X("javaScriptConditional", s:blue, "", "")
+    call <SID>X("javaScriptBranch", s:blue, "", "")
+    call <SID>X("javaScriptIdentifier", s:orange, "", "")
+    call <SID>X("javaScriptRepeat", s:blue, "", "")
+    call <SID>X("javaScriptStatement", s:blue, "", "")
+    call <SID>X("javaScriptMessage", s:blue, "", "")
+    call <SID>X("javaScriptReserved", s:blue, "", "")
+    call <SID>X("javaScriptOperator", s:blue, "", "")
+    call <SID>X("javaScriptNull", s:purple, "", "")
+    call <SID>X("javaScriptBoolean", s:purple, "", "")
+    call <SID>X("javaScriptLabel", s:blue, "", "")
+    call <SID>X("javaScriptSpecial", s:blue, "", "")
+    call <SID>X("javaScriptExceptions", s:red, "", "")
+    call <SID>X("javaScriptDeprecated", s:red, "", "")
+    call <SID>X("javaScriptError", s:red, "", "")
+
+    " LaTeX
+    call <SID>X("texStatement",s:blue, "", "")
+    call <SID>X("texMath", s:wine, "", "none")
+    call <SID>X("texMathMacher", s:yellow, "", "none")
+    call <SID>X("texRefLabel", s:wine, "", "none")
+    call <SID>X("texRefZone", s:blue, "", "none")
+    call <SID>X("texComment", s:comment, "", "none")
+    call <SID>X("texDelimiter", s:purple, "", "none")
+    call <SID>X("texMathZoneX", s:purple, "", "none")
+
+    " CoffeeScript Highlighting
+    call <SID>X("coffeeRepeat", s:wine, "", "")
+    call <SID>X("coffeeConditional", s:wine, "", "")
+    call <SID>X("coffeeKeyword", s:wine, "", "")
+    call <SID>X("coffeeObject", s:yellow, "", "")
+
+    " HTML Highlighting
+    call <SID>X("htmlTag", s:blue, "", "")
+    call <SID>X("htmlEndTag", s:blue, "", "")
+    call <SID>X("htmlTagName", s:wine, "", "bold")
+    call <SID>X("htmlArg", s:green, "", "italic")
+    call <SID>X("htmlScriptTag", s:wine, "", "")
+
+    " Diff Highlighting
+    call <SID>X("diffAdd", "", "4c4e39", "")
+    call <SID>X("diffDelete", s:background, s:red, "")
+    call <SID>X("diffChange", "", "2B5B77", "")
+    call <SID>X("diffText", s:line, s:blue, "")
+
+    " ShowMarks Highlighting
+    call <SID>X("ShowMarksHLl", s:orange, s:background, "none")
+    call <SID>X("ShowMarksHLo", s:wine, s:background, "none")
+    call <SID>X("ShowMarksHLu", s:yellow, s:background, "none")
+    call <SID>X("ShowMarksHLm", s:wine, s:background, "none")
+
+    " Lua Highlighting
+    call <SID>X("luaStatement", s:wine, "", "")
+    call <SID>X("luaRepeat", s:wine, "", "")
+    call <SID>X("luaCondStart", s:wine, "", "")
+    call <SID>X("luaCondElseif", s:wine, "", "")
+    call <SID>X("luaCond", s:wine, "", "")
+    call <SID>X("luaCondEnd", s:wine, "", "")
+
+    " Cucumber Highlighting
+    call <SID>X("cucumberGiven", s:blue, "", "")
+    call <SID>X("cucumberGivenAnd", s:blue, "", "")
+
+    " Go Highlighting
+    call <SID>X("goDirective", s:wine, "", "")
+    call <SID>X("goDeclaration", s:wine, "", "")
+    call <SID>X("goStatement", s:wine, "", "")
+    call <SID>X("goConditional", s:wine, "", "")
+    call <SID>X("goConstants", s:orange, "", "")
+    call <SID>X("goTodo", s:red, "", "")
+    call <SID>X("goDeclType", s:blue, "", "")
+    call <SID>X("goBuiltins", s:wine, "", "")
+    call <SID>X("goRepeat", s:wine, "", "")
+    call <SID>X("goLabel", s:wine, "", "")
+
+    " Clojure Highlighting
+    call <SID>X("clojureConstant", s:orange, "", "")
+    call <SID>X("clojureBoolean", s:orange, "", "")
+    call <SID>X("clojureCharacter", s:orange, "", "")
+    call <SID>X("clojureKeyword", s:green, "", "")
+    call <SID>X("clojureNumber", s:orange, "", "")
+    call <SID>X("clojureString", s:green, "", "")
+    call <SID>X("clojureRegexp", s:green, "", "")
+    call <SID>X("clojureParen", s:wine, "", "")
+    call <SID>X("clojureVariable", s:yellow, "", "")
+    call <SID>X("clojureCond", s:blue, "", "")
+    call <SID>X("clojureDefine", s:wine, "", "")
+    call <SID>X("clojureException", s:red, "", "")
+    call <SID>X("clojureFunc", s:blue, "", "")
+    call <SID>X("clojureMacro", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureSpecial", s:wine, "", "")
+    call <SID>X("clojureQuote", s:blue, "", "")
+    call <SID>X("clojureUnquote", s:blue, "", "")
+    call <SID>X("clojureMeta", s:blue, "", "")
+    call <SID>X("clojureDeref", s:blue, "", "")
+    call <SID>X("clojureAnonArg", s:blue, "", "")
+    call <SID>X("clojureRepeat", s:blue, "", "")
+    call <SID>X("clojureDispatch", s:blue, "", "")
+
+    " Scala Highlighting
+    call <SID>X("scalaKeyword", s:wine, "", "")
+    call <SID>X("scalaKeywordModifier", s:wine, "", "")
+    call <SID>X("scalaOperator", s:blue, "", "")
+    call <SID>X("scalaPackage", s:wine, "", "")
+    call <SID>X("scalaFqn", s:foreground, "", "")
+    call <SID>X("scalaFqnSet", s:foreground, "", "")
+    call <SID>X("scalaImport", s:wine, "", "")
+    call <SID>X("scalaBoolean", s:orange, "", "")
+    call <SID>X("scalaDef", s:wine, "", "")
+    call <SID>X("scalaVal", s:wine, "", "")
+    call <SID>X("scalaVar", s:wine, "", "")
+    call <SID>X("scalaClass", s:wine, "", "")
+    call <SID>X("scalaObject", s:wine, "", "")
+    call <SID>X("scalaTrait", s:wine, "", "")
+    call <SID>X("scalaDefName", s:blue, "", "")
+    call <SID>X("scalaValName", s:foreground, "", "")
+    call <SID>X("scalaVarName", s:foreground, "", "")
+    call <SID>X("scalaClassName", s:foreground, "", "")
+    call <SID>X("scalaType", s:yellow, "", "")
+    call <SID>X("scalaTypeSpecializer", s:yellow, "", "")
+    call <SID>X("scalaAnnotation", s:orange, "", "")
+    call <SID>X("scalaNumber", s:orange, "", "")
+    call <SID>X("scalaDefSpecializer", s:yellow, "", "")
+    call <SID>X("scalaClassSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:green, "", "")
+    call <SID>X("scalaRoot", s:foreground, "", "")
+    call <SID>X("scalaMethodCall", s:blue, "", "")
+    call <SID>X("scalaCaseType", s:yellow, "", "")
+    call <SID>X("scalaLineComment", s:comment, "", "")
+    call <SID>X("scalaComment", s:comment, "", "")
+    call <SID>X("scalaDocComment", s:comment, "", "")
+    call <SID>X("scalaDocTags", s:comment, "", "")
+    call <SID>X("scalaEmptyString", s:green, "", "")
+    call <SID>X("scalaMultiLineString", s:green, "", "")
+    call <SID>X("scalaUnicode", s:orange, "", "")
+    call <SID>X("scalaString", s:green, "", "")
+    call <SID>X("scalaStringEscape", s:green, "", "")
+    call <SID>X("scalaSymbol", s:orange, "", "")
+    call <SID>X("scalaChar", s:orange, "", "")
+    call <SID>X("scalaXml", s:green, "", "")
+    call <SID>X("scalaConstructorSpecializer", s:yellow, "", "")
+    call <SID>X("scalaBackTick", s:blue, "", "")
+
+    " Git
+    call <SID>X("diffAdded", s:green, "", "")
+    call <SID>X("diffRemoved", s:red, "", "")
+    call <SID>X("gitcommitSummary", "", "", "bold")
+
+    " Delete Functions
+    delf <SID>X
+    delf <SID>rgb
+    delf <SID>colour
+    delf <SID>rgb_colour
+    delf <SID>rgb_level
+    delf <SID>rgb_number
+    delf <SID>grey_colour
+    delf <SID>grey_level
+    delf <SID>grey_number
+endif

files/homedirs/sysadm/.vim/colors/ayu.vim

@@ -0,0 +1,268 @@
+" Initialisation:"{{{
+" ----------------------------------------------------------------------------
+hi clear
+if exists("syntax_on")
+  syntax reset
+endif
+
+let s:style = get(g:, 'ayucolor', 'dark')
+let g:colors_name = "ayu"
+"}}}
+
+" Palettes:"{{{
+" ----------------------------------------------------------------------------
+
+let s:palette = {}
+
+let s:palette.bg        = {'dark': "#0F1419",  'light': "#FAFAFA",  'mirage': "#212733"}
+
+let s:palette.comment   = {'dark': "#5C6773",  'light': "#ABB0B6",  'mirage': "#5C6773"}
+let s:palette.markup    = {'dark': "#F07178",  'light': "#F07178",  'mirage': "#F07178"}
+let s:palette.constant  = {'dark': "#FFEE99",  'light': "#A37ACC",  'mirage': "#D4BFFF"}
+let s:palette.operator  = {'dark': "#E7C547",  'light': "#E7C547",  'mirage': "#80D4FF"}
+let s:palette.tag       = {'dark': "#36A3D9",  'light': "#36A3D9",  'mirage': "#5CCFE6"}
+let s:palette.regexp    = {'dark': "#95E6CB",  'light': "#4CBF99",  'mirage': "#95E6CB"}
+let s:palette.string    = {'dark': "#B8CC52",  'light': "#86B300",  'mirage': "#BBE67E"}
+let s:palette.function  = {'dark': "#FFB454",  'light': "#F29718",  'mirage': "#FFD57F"}
+let s:palette.special   = {'dark': "#E6B673",  'light': "#E6B673",  'mirage': "#FFC44C"}
+let s:palette.keyword   = {'dark': "#FF7733",  'light': "#FF7733",  'mirage': "#FFAE57"}
+
+let s:palette.error     = {'dark': "#FF3333",  'light': "#FF3333",  'mirage': "#FF3333"}
+let s:palette.accent    = {'dark': "#F29718",  'light': "#FF6A00",  'mirage': "#FFCC66"}
+let s:palette.panel     = {'dark': "#14191F",  'light': "#FFFFFF",  'mirage': "#272D38"}
+let s:palette.guide     = {'dark': "#2D3640",  'light': "#D9D8D7",  'mirage': "#3D4751"}
+let s:palette.line      = {'dark': "#151A1E",  'light': "#F3F3F3",  'mirage': "#242B38"}
+let s:palette.selection = {'dark': "#253340",  'light': "#F0EEE4",  'mirage': "#343F4C"}
+let s:palette.fg        = {'dark': "#E6E1CF",  'light': "#5C6773",  'mirage': "#D9D7CE"}
+let s:palette.fg_idle   = {'dark': "#3E4B59",  'light': "#828C99",  'mirage': "#607080"}
+
+"}}}
+
+" Highlighting Primitives:"{{{
+" ----------------------------------------------------------------------------
+
+function! s:build_prim(hi_elem, field)
+  let l:vname = "s:" . a:hi_elem . "_" . a:field " s:bg_gray
+  let l:gui_assign = "gui".a:hi_elem."=".s:palette[a:field][s:style] " guibg=...
+  exe "let " . l:vname . " = ' " . l:gui_assign . "'"
+endfunction
+
+let s:bg_none = ' guibg=NONE ctermbg=NONE'
+let s:fg_none = ' guifg=NONE ctermfg=NONE'
+for [key_name, d_value] in items(s:palette)
+  call s:build_prim('bg', key_name)
+  call s:build_prim('fg', key_name)
+endfor
+" }}}
+
+" Formatting Options:"{{{
+" ----------------------------------------------------------------------------
+let s:none   = "NONE"
+let s:t_none = "NONE"
+let s:n      = "NONE"
+let s:c      = ",undercurl"
+let s:r      = ",reverse"
+let s:s      = ",standout"
+let s:b      = ",bold"
+let s:u      = ",underline"
+let s:i      = ",italic"
+
+exe "let s:fmt_none = ' gui=NONE".          " cterm=NONE".          " term=NONE"        ."'"
+exe "let s:fmt_bold = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_bldi = ' gui=NONE".s:b.      " cterm=NONE".s:b.      " term=NONE".s:b    ."'"
+exe "let s:fmt_undr = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_undb = ' gui=NONE".s:u.s:b.  " cterm=NONE".s:u.s:b.  " term=NONE".s:u.s:b."'"
+exe "let s:fmt_undi = ' gui=NONE".s:u.      " cterm=NONE".s:u.      " term=NONE".s:u    ."'"
+exe "let s:fmt_curl = ' gui=NONE".s:c.      " cterm=NONE".s:c.      " term=NONE".s:c    ."'"
+exe "let s:fmt_ital = ' gui=NONE".s:i.      " cterm=NONE".s:i.      " term=NONE".s:i    ."'"
+exe "let s:fmt_stnd = ' gui=NONE".s:s.      " cterm=NONE".s:s.      " term=NONE".s:s    ."'"
+exe "let s:fmt_revr = ' gui=NONE".s:r.      " cterm=NONE".s:r.      " term=NONE".s:r    ."'"
+exe "let s:fmt_revb = ' gui=NONE".s:r.s:b.  " cterm=NONE".s:r.s:b.  " term=NONE".s:r.s:b."'"
+"}}}
+
+
+" Vim Highlighting: (see :help highlight-groups)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Normal"        .s:fg_fg          .s:bg_bg          .s:fmt_none
+exe "hi! ColorColumn"   .s:fg_none        .s:bg_line        .s:fmt_none
+" Conceal, Cursor, CursorIM
+exe "hi! CursorColumn"  .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLine"    .s:fg_none        .s:bg_line        .s:fmt_none
+exe "hi! CursorLineNr"  .s:fg_accent      .s:bg_line        .s:fmt_none
+exe "hi! LineNr"        .s:fg_guide       .s:bg_none        .s:fmt_none
+
+exe "hi! Directory"     .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! DiffAdd"       .s:fg_string      .s:bg_panel       .s:fmt_none
+exe "hi! DiffChange"    .s:fg_tag         .s:bg_panel       .s:fmt_none
+exe "hi! DiffText"      .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! ErrorMsg"      .s:fg_fg          .s:bg_error       .s:fmt_stnd
+exe "hi! VertSplit"     .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Folded"        .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! FoldColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+exe "hi! SignColumn"    .s:fg_none        .s:bg_panel       .s:fmt_none
+"   Incsearch"
+
+exe "hi! MatchParen"    .s:fg_fg          .s:bg_bg          .s:fmt_undr
+exe "hi! ModeMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! MoreMsg"       .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! NonText"       .s:fg_bg          .s:bg_none        .s:fmt_none
+exe "hi! Pmenu"         .s:fg_fg          .s:bg_selection   .s:fmt_none
+exe "hi! PmenuSel"      .s:fg_fg          .s:bg_selection   .s:fmt_revr
+"   PmenuSbar"
+"   PmenuThumb"
+exe "hi! Question"      .s:fg_string      .s:bg_none        .s:fmt_none
+exe "hi! Search"        .s:fg_bg          .s:bg_constant    .s:fmt_none
+exe "hi! SpecialKey"    .s:fg_selection   .s:bg_none        .s:fmt_none
+exe "hi! SpellCap"      .s:fg_tag         .s:bg_none        .s:fmt_undr
+exe "hi! SpellLocal"    .s:fg_keyword     .s:bg_none        .s:fmt_undr
+exe "hi! SpellBad"      .s:fg_error       .s:bg_none        .s:fmt_undr
+exe "hi! SpellRare"     .s:fg_regexp      .s:bg_none        .s:fmt_undr
+exe "hi! StatusLine"    .s:fg_fg          .s:bg_panel       .s:fmt_none
+exe "hi! StatusLineNC"  .s:fg_fg_idle     .s:bg_panel       .s:fmt_none
+exe "hi! WildMenu"      .s:fg_bg          .s:bg_markup      .s:fmt_none
+exe "hi! TabLine"       .s:fg_fg          .s:bg_panel       .s:fmt_revr
+"   TabLineFill"
+"   TabLineSel"
+exe "hi! Title"         .s:fg_keyword     .s:bg_none        .s:fmt_none
+exe "hi! Visual"        .s:fg_none        .s:bg_selection   .s:fmt_none
+"   VisualNos"
+exe "hi! WarningMsg"    .s:fg_error       .s:bg_none        .s:fmt_none
+
+" TODO LongLineWarning to use variables instead of hardcoding
+hi LongLineWarning  guifg=NONE        guibg=#371F1C     gui=underline ctermfg=NONE        ctermbg=NONE        cterm=underline
+"   WildMenu"
+
+"}}}
+
+" Generic Syntax Highlighting: (see :help group-name)"{{{
+" ----------------------------------------------------------------------------
+exe "hi! Comment"         .s:fg_comment   .s:bg_none        .s:fmt_none
+
+exe "hi! Constant"        .s:fg_constant  .s:bg_none        .s:fmt_none
+exe "hi! String"          .s:fg_string    .s:bg_none        .s:fmt_none
+"   Character"
+"   Number"
+"   Boolean"
+"   Float"
+
+exe "hi! Identifier"      .s:fg_tag       .s:bg_none        .s:fmt_none
+exe "hi! Function"        .s:fg_function  .s:bg_none        .s:fmt_none
+
+exe "hi! Statement"       .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   Conditional"
+"   Repeat"
+"   Label"
+exe "hi! Operator"        .s:fg_operator  .s:bg_none        .s:fmt_none
+"   Keyword"
+"   Exception"
+
+exe "hi! PreProc"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   Include"
+"   Define"
+"   Macro"
+"   PreCondit"
+
+exe "hi! Type"            .s:fg_tag       .s:bg_none        .s:fmt_none
+"   StorageClass"
+exe "hi! Structure"       .s:fg_special   .s:bg_none        .s:fmt_none
+"   Typedef"
+
+exe "hi! Special"         .s:fg_special   .s:bg_none        .s:fmt_none
+"   SpecialChar"
+"   Tag"
+"   Delimiter"
+"   SpecialComment"
+"   Debug"
+"
+exe "hi! Underlined"      .s:fg_tag       .s:bg_none        .s:fmt_undr
+
+exe "hi! Ignore"          .s:fg_none      .s:bg_none        .s:fmt_none
+
+exe "hi! Error"           .s:fg_fg        .s:bg_error       .s:fmt_none
+
+exe "hi! Todo"            .s:fg_markup    .s:bg_none        .s:fmt_none
+
+" Quickfix window highlighting
+exe "hi! qfLineNr"        .s:fg_keyword   .s:bg_none        .s:fmt_none
+"   qfFileName"
+"   qfLineNr"
+"   qfError"
+
+exe "hi! Conceal"         .s:fg_guide     .s:bg_none        .s:fmt_none
+exe "hi! CursorLineConceal" .s:fg_guide   .s:bg_line        .s:fmt_none
+
+
+" Terminal in NVIM
+" ---------
+if has("nvim")
+  let g:terminal_color_0 =  s:palette.bg[s:style]
+  let g:terminal_color_1 =  s:palette.markup[s:style]
+  let g:terminal_color_2 =  s:palette.string[s:style]
+  let g:terminal_color_3 =  s:palette.accent[s:style]
+  let g:terminal_color_4 =  s:palette.tag[s:style]
+  let g:terminal_color_5 =  s:palette.constant[s:style]
+  let g:terminal_color_6 =  s:palette.regexp[s:style]
+  let g:terminal_color_7 =  "#FFFFFF"
+  let g:terminal_color_8 =  s:palette.fg_idle[s:style]
+  let g:terminal_color_9 =  s:palette.error[s:style]
+  let g:terminal_color_10 = s:palette.string[s:style]
+  let g:terminal_color_11 = s:palette.accent[s:style]
+  let g:terminal_color_12 = s:palette.tag[s:style]
+  let g:terminal_color_13 = s:palette.constant[s:style]
+  let g:terminal_color_14 = s:palette.regexp[s:style]
+  let g:terminal_color_15 = s:palette.comment[s:style]
+  let g:terminal_color_background = g:terminal_color_0
+  let g:terminal_color_foreground = s:palette.fg[s:style]
+endif
+
+
+" NerdTree
+" ---------
+exe "hi! NERDTreeOpenable"          .s:fg_fg_idle     .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeClosable"          .s:fg_accent      .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksHeader"   .s:fg_pink        .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarksLeader"   .s:fg_bg          .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeBookmarkName"      .s:fg_keyword     .s:bg_none        .s:fmt_none
+" exe "hi! NERDTreeCWD"               .s:fg_pink        .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeUp"                .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDir"               .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeFile"              .s:fg_fg_idle    .s:bg_none        .s:fmt_none
+exe "hi! NERDTreeDirSlash"          .s:fg_guide      .s:bg_none        .s:fmt_none
+
+
+" GitGutter
+" ---------
+exe "hi! GitGutterAdd"          .s:fg_string     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChange"       .s:fg_tag        .s:bg_none        .s:fmt_none
+exe "hi! GitGutterDelete"       .s:fg_markup     .s:bg_none        .s:fmt_none
+exe "hi! GitGutterChangeDelete" .s:fg_function   .s:bg_none        .s:fmt_none
+
+"}}}
+
+" Diff Syntax Highlighting:"{{{
+" ----------------------------------------------------------------------------
+" Diff
+"   diffOldFile
+"   diffNewFile
+"   diffFile
+"   diffOnly
+"   diffIdentical
+"   diffDiffer
+"   diffBDiffer
+"   diffIsA
+"   diffNoEOL
+"   diffCommon
+hi! link diffRemoved Constant
+"   diffChanged
+hi! link diffAdded String
+"   diffLine
+"   diffSubname
+"   diffComment
+
+"}}}
+"
+" This is needed for some reason: {{{
+
+let &background = s:style
+
+" }}}

files/homedirs/sysadm/.vim/colors/molokai.vim

@@ -0,0 +1,276 @@
+" Vim color file
+"
+" Author: Tomas Restrepo <tomas@winterdom.com>
+" https://github.com/tomasr/molokai
+"
+" Note: Based on the Monokai theme for TextMate
+" by Wimer Hazenberg and its darker variant
+" by Hamish Stuart Macpherson
+"
+
+hi clear
+
+if version > 580
+    " no guarantees for version 5.8 and below, but this makes it stop
+    " complaining
+    hi clear
+    if exists("syntax_on")
+        syntax reset
+    endif
+endif
+let g:colors_name="molokai"
+
+if exists("g:molokai_original")
+    let s:molokai_original = g:molokai_original
+else
+    let s:molokai_original = 0
+endif
+
+
+hi Boolean         guifg=#AE81FF
+hi Character       guifg=#E6DB74
+hi Number          guifg=#AE81FF
+hi String          guifg=#E6DB74
+hi Conditional     guifg=#F92672               gui=bold
+hi Constant        guifg=#AE81FF               gui=bold
+hi Cursor          guifg=#000000 guibg=#F8F8F0
+hi iCursor         guifg=#000000 guibg=#F8F8F0
+hi Debug           guifg=#BCA3A3               gui=bold
+hi Define          guifg=#66D9EF
+hi Delimiter       guifg=#8F8F8F
+hi DiffAdd                       guibg=#13354A
+hi DiffChange      guifg=#89807D guibg=#4C4745
+hi DiffDelete      guifg=#960050 guibg=#1E0010
+hi DiffText                      guibg=#4C4745 gui=italic,bold
+
+hi Directory       guifg=#A6E22E               gui=bold
+hi Error           guifg=#E6DB74 guibg=#1E0010
+hi ErrorMsg        guifg=#F92672 guibg=#232526 gui=bold
+hi Exception       guifg=#A6E22E               gui=bold
+hi Float           guifg=#AE81FF
+hi FoldColumn      guifg=#465457 guibg=#000000
+hi Folded          guifg=#465457 guibg=#000000
+hi Function        guifg=#A6E22E
+hi Identifier      guifg=#FD971F
+hi Ignore          guifg=#808080 guibg=bg
+hi IncSearch       guifg=#C4BE89 guibg=#000000
+
+hi Keyword         guifg=#F92672               gui=bold
+hi Label           guifg=#E6DB74               gui=none
+hi Macro           guifg=#C4BE89               gui=italic
+hi SpecialKey      guifg=#66D9EF               gui=italic
+
+hi MatchParen      guifg=#000000 guibg=#FD971F gui=bold
+hi ModeMsg         guifg=#E6DB74
+hi MoreMsg         guifg=#E6DB74
+hi Operator        guifg=#F92672
+
+" complete menu
+hi Pmenu           guifg=#66D9EF guibg=#000000
+hi PmenuSel                      guibg=#808080
+hi PmenuSbar                     guibg=#080808
+hi PmenuThumb      guifg=#66D9EF
+
+hi PreCondit       guifg=#A6E22E               gui=bold
+hi PreProc         guifg=#A6E22E
+hi Question        guifg=#66D9EF
+hi Repeat          guifg=#F92672               gui=bold
+hi Search          guifg=#000000 guibg=#FFE792
+" marks
+hi SignColumn      guifg=#A6E22E guibg=#232526
+hi SpecialChar     guifg=#F92672               gui=bold
+hi SpecialComment  guifg=#7E8E91               gui=bold
+hi Special         guifg=#66D9EF guibg=bg      gui=italic
+if has("spell")
+    hi SpellBad    guisp=#FF0000 gui=undercurl
+    hi SpellCap    guisp=#7070F0 gui=undercurl
+    hi SpellLocal  guisp=#70F0F0 gui=undercurl
+    hi SpellRare   guisp=#FFFFFF gui=undercurl
+endif
+hi Statement       guifg=#F92672               gui=bold
+hi StatusLine      guifg=#455354 guibg=fg
+hi StatusLineNC    guifg=#808080 guibg=#080808
+hi StorageClass    guifg=#FD971F               gui=italic
+hi Structure       guifg=#66D9EF
+hi Tag             guifg=#F92672               gui=italic
+hi Title           guifg=#ef5939
+hi Todo            guifg=#FFFFFF guibg=bg      gui=bold
+
+hi Typedef         guifg=#66D9EF
+hi Type            guifg=#66D9EF               gui=none
+hi Underlined      guifg=#808080               gui=underline
+
+hi VertSplit       guifg=#808080 guibg=#080808 gui=bold
+hi VisualNOS                     guibg=#403D3D
+hi Visual                        guibg=#403D3D
+hi WarningMsg      guifg=#FFFFFF guibg=#333333 gui=bold
+hi WildMenu        guifg=#66D9EF guibg=#000000
+
+hi TabLineFill     guifg=#1B1D1E guibg=#1B1D1E
+hi TabLine         guibg=#1B1D1E guifg=#808080 gui=none
+
+if s:molokai_original == 1
+   hi Normal          guifg=#F8F8F2 guibg=#272822
+   hi Comment         guifg=#75715E
+   hi CursorLine                    guibg=#3E3D32
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#3E3D32
+   hi ColorColumn                   guibg=#3B3A32
+   hi LineNr          guifg=#BCBCBC guibg=#3B3A32
+   hi NonText         guifg=#75715E
+   hi SpecialKey      guifg=#75715E
+else
+   hi Normal          guifg=#F8F8F2 guibg=#1B1D1E
+   hi Comment         guifg=#7E8E91
+   hi CursorLine                    guibg=#293739
+   hi CursorLineNr    guifg=#FD971F               gui=none
+   hi CursorColumn                  guibg=#293739
+   hi ColorColumn                   guibg=#232526
+   hi LineNr          guifg=#465457 guibg=#232526
+   hi NonText         guifg=#465457
+   hi SpecialKey      guifg=#465457
+end
+
+"
+" Support for 256-color terminal
+"
+if &t_Co > 255
+   if s:molokai_original == 1
+      hi Normal                   ctermbg=234
+      hi CursorLine               ctermbg=235   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   else
+      hi Normal       ctermfg=252 ctermbg=233
+      hi CursorLine               ctermbg=234   cterm=none
+      hi CursorLineNr ctermfg=208               cterm=none
+   endif
+   hi Boolean         ctermfg=135
+   hi Character       ctermfg=144
+   hi Number          ctermfg=135
+   hi String          ctermfg=144
+   hi Conditional     ctermfg=161               cterm=bold
+   hi Constant        ctermfg=135               cterm=bold
+   hi Cursor          ctermfg=16  ctermbg=253
+   hi Debug           ctermfg=225               cterm=bold
+   hi Define          ctermfg=81
+   hi Delimiter       ctermfg=241
+
+   hi DiffAdd                     ctermbg=24
+   hi DiffChange      ctermfg=181 ctermbg=239
+   hi DiffDelete      ctermfg=162 ctermbg=53
+   hi DiffText                    ctermbg=102 cterm=bold
+
+   hi Directory       ctermfg=118               cterm=bold
+   hi Error           ctermfg=219 ctermbg=89
+   hi ErrorMsg        ctermfg=199 ctermbg=16    cterm=bold
+   hi Exception       ctermfg=118               cterm=bold
+   hi Float           ctermfg=135
+   hi FoldColumn      ctermfg=67  ctermbg=16
+   hi Folded          ctermfg=67  ctermbg=16
+   hi Function        ctermfg=118
+   hi Identifier      ctermfg=208               cterm=none
+   hi Ignore          ctermfg=244 ctermbg=232
+   hi IncSearch       ctermfg=193 ctermbg=16
+
+   hi keyword         ctermfg=161               cterm=bold
+   hi Label           ctermfg=229               cterm=none
+   hi Macro           ctermfg=193
+   hi SpecialKey      ctermfg=81
+
+   hi MatchParen      ctermfg=233  ctermbg=208 cterm=bold
+   hi ModeMsg         ctermfg=229
+   hi MoreMsg         ctermfg=229
+   hi Operator        ctermfg=161
+
+   " complete menu
+   hi Pmenu           ctermfg=81  ctermbg=16
+   hi PmenuSel        ctermfg=255 ctermbg=242
+   hi PmenuSbar                   ctermbg=232
+   hi PmenuThumb      ctermfg=81
+
+   hi PreCondit       ctermfg=118               cterm=bold
+   hi PreProc         ctermfg=118
+   hi Question        ctermfg=81
+   hi Repeat          ctermfg=161               cterm=bold
+   hi Search          ctermfg=0   ctermbg=222   cterm=NONE
+
+   " marks column
+   hi SignColumn      ctermfg=118 ctermbg=235
+   hi SpecialChar     ctermfg=161               cterm=bold
+   hi SpecialComment  ctermfg=245               cterm=bold
+   hi Special         ctermfg=81
+   if has("spell")
+       hi SpellBad                ctermbg=52
+       hi SpellCap                ctermbg=17
+       hi SpellLocal              ctermbg=17
+       hi SpellRare  ctermfg=none ctermbg=none  cterm=reverse
+   endif
+   hi Statement       ctermfg=161               cterm=bold
+   hi StatusLine      ctermfg=238 ctermbg=253
+   hi StatusLineNC    ctermfg=244 ctermbg=232
+   hi StorageClass    ctermfg=208
+   hi Structure       ctermfg=81
+   hi Tag             ctermfg=161
+   hi Title           ctermfg=166
+   hi Todo            ctermfg=231 ctermbg=232   cterm=bold
+
+   hi Typedef         ctermfg=81
+   hi Type            ctermfg=81                cterm=none
+   hi Underlined      ctermfg=244               cterm=underline
+
+   hi VertSplit       ctermfg=244 ctermbg=232   cterm=bold
+   hi VisualNOS                   ctermbg=238
+   hi Visual                      ctermbg=235
+   hi WarningMsg      ctermfg=231 ctermbg=238   cterm=bold
+   hi WildMenu        ctermfg=81  ctermbg=16
+
+   hi Comment         ctermfg=59
+   hi CursorColumn                ctermbg=236
+   hi ColorColumn                 ctermbg=236
+   hi LineNr          ctermfg=250 ctermbg=236
+   hi NonText         ctermfg=59
+
+   hi SpecialKey      ctermfg=59
+
+   if exists("g:rehash256") && g:rehash256 == 1
+       hi Normal       ctermfg=252 ctermbg=234
+       hi CursorLine               ctermbg=236   cterm=none
+       hi CursorLineNr ctermfg=208               cterm=none
+
+       hi Boolean         ctermfg=141
+       hi Character       ctermfg=222
+       hi Number          ctermfg=141
+       hi String          ctermfg=222
+       hi Conditional     ctermfg=197               cterm=bold
+       hi Constant        ctermfg=141               cterm=bold
+
+       hi DiffDelete      ctermfg=125 ctermbg=233
+
+       hi Directory       ctermfg=154               cterm=bold
+       hi Error           ctermfg=222 ctermbg=233
+       hi Exception       ctermfg=154               cterm=bold
+       hi Float           ctermfg=141
+       hi Function        ctermfg=154
+       hi Identifier      ctermfg=208
+
+       hi Keyword         ctermfg=197               cterm=bold
+       hi Operator        ctermfg=197
+       hi PreCondit       ctermfg=154               cterm=bold
+       hi PreProc         ctermfg=154
+       hi Repeat          ctermfg=197               cterm=bold
+
+       hi Statement       ctermfg=197               cterm=bold
+       hi Tag             ctermfg=197
+       hi Title           ctermfg=203
+       hi Visual                      ctermbg=238
+
+       hi Comment         ctermfg=244
+       hi LineNr          ctermfg=239 ctermbg=235
+       hi NonText         ctermfg=239
+       hi SpecialKey      ctermfg=239
+   endif
+end
+
+" Must be at the end, because of ctermbg=234 bug.
+" https://groups.google.com/forum/#!msg/vim_dev/afPqwAFNdrU/nqh6tOM87QUJ
+set background=dark

files/homedirs/sysadm/.vim/colors/solarized8_dark.vim

@@ -0,0 +1,4 @@
+let s:dir = expand('<sfile>:p:h').(!exists("+shellslash") || &shellslash ? '/' : '\')
+set background=dark
+execute "source" s:dir."solarized8.vim"
+unlet s:dir

files/homedirs/sysadm/_bashrc

@@ -0,0 +1,75 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
+# ... or force ignoredups and ignorespace
+export HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
+# umask 022
+#export PS1='\h:\w \$ '
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+export PS1='${__hostname%.*}:\w \$ '
+umask 022
+
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -al'
+alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+#alias rm='rm -i'
+#alias cp='cp -i'
+#alias mv='mv -i'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+
+alias poweroff='echo -e "\n\tplease use:  /sbin/poweroff\n"'
+alias reboot='echo -e "\n\tplease use:  /sbin/reboot\n"'
+
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+
+export EDITOR=vim
+
+export LINES=64
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/sysadm/_profile

@@ -0,0 +1,25 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+   PATH="$HOME/bin:$PATH"
+fi
+if [ -d "$HOME/bin/admin-stuff" ] ; then
+   PATH="$HOME/bin/admin-stuff:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [[ -f /usr/share/mc/bin/mc.sh ]]; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+mesg n

files/homedirs/sysadm/_vimrc

@@ -0,0 +1,178 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+"set noexpandtab
+set expandtab
+set shiftwidth=3
+set tabstop=3
+set softtabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+"set number
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+
+colorscheme PaperColor

host_vars/file-mbr.mbr-bln.netz.yml

@@ -0,0 +1,25 @@
+---
+
+ansible_python_interpreter: /usr/bin/python3
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+set_default_limit_nofile: true
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_max_auth_tries: 6
+
+sshd_permit_root_login: !!str "yes"
+
+sshd_password_authentication: !!str "yes"
+
+sshd_use_pam: !!str "no"
+
+sshd_print_motd: !!str "yes"
+

hosts

@@ -0,0 +1,132 @@
+
+[initial_setup]
+file-mbr.mbr-bln.netz ansible_user=root
+file-kb.anw-kb.netz ansible_user=root
+pc101.mbr-bln.netz
+pc102.mbr-bln.netz
+pc103.mbr-bln.netz
+pc104.mbr-bln.netz
+pc105.mbr-bln.netz
+pc107.mbr-bln.netz
+pc108.mbr-bln.netz
+pc109.mbr-bln.netz
+pc110.mbr-bln.netz
+pc111.mbr-bln.netz
+pc112.mbr-bln.netz
+pc113.mbr-bln.netz
+pc114.mbr-bln.netz
+pc115.mbr-bln.netz
+pc116.mbr-bln.netz
+pc117.mbr-bln.netz
+pc118.mbr-bln.netz
+pc121.mbr-bln.netz
+pc123.mbr-bln.netz
+pc124.mbr-bln.netz
+pc125.mbr-bln.netz
+pc126.mbr-bln.netz
+pc127.mbr-bln.netz
+pc128.mbr-bln.netz
+pc131.mbr-bln.netz
+pc135.mbr-bln.netz
+
+[client_pc]
+pc101.mbr-bln.netz
+pc102.mbr-bln.netz
+pc103.mbr-bln.netz
+pc104.mbr-bln.netz
+pc105.mbr-bln.netz
+pc107.mbr-bln.netz
+pc108.mbr-bln.netz
+pc109.mbr-bln.netz
+pc110.mbr-bln.netz
+pc111.mbr-bln.netz
+pc112.mbr-bln.netz
+pc113.mbr-bln.netz
+pc114.mbr-bln.netz
+pc115.mbr-bln.netz
+pc116.mbr-bln.netz
+pc117.mbr-bln.netz
+pc118.mbr-bln.netz
+pc121.mbr-bln.netz
+pc123.mbr-bln.netz
+pc124.mbr-bln.netz
+pc125.mbr-bln.netz
+pc126.mbr-bln.netz
+pc127.mbr-bln.netz
+pc128.mbr-bln.netz
+pc131.mbr-bln.netz
+pc135.mbr-bln.netz
+
+[nfs_client]
+pc101.mbr-bln.netz
+pc102.mbr-bln.netz
+pc103.mbr-bln.netz
+pc104.mbr-bln.netz
+pc105.mbr-bln.netz
+pc107.mbr-bln.netz
+pc108.mbr-bln.netz
+pc109.mbr-bln.netz
+pc110.mbr-bln.netz
+pc111.mbr-bln.netz
+pc112.mbr-bln.netz
+pc113.mbr-bln.netz
+pc114.mbr-bln.netz
+pc115.mbr-bln.netz
+pc116.mbr-bln.netz
+pc117.mbr-bln.netz
+pc118.mbr-bln.netz
+pc121.mbr-bln.netz
+pc123.mbr-bln.netz
+pc124.mbr-bln.netz
+pc125.mbr-bln.netz
+pc126.mbr-bln.netz
+pc127.mbr-bln.netz
+pc131.mbr-bln.netz
+pc135.mbr-bln.netz
+
+[nis_client]
+pc101.mbr-bln.netz
+pc102.mbr-bln.netz
+pc103.mbr-bln.netz
+pc104.mbr-bln.netz
+pc105.mbr-bln.netz
+pc107.mbr-bln.netz
+pc108.mbr-bln.netz
+pc109.mbr-bln.netz
+pc110.mbr-bln.netz
+pc111.mbr-bln.netz
+pc112.mbr-bln.netz
+pc113.mbr-bln.netz
+pc114.mbr-bln.netz
+pc115.mbr-bln.netz
+pc116.mbr-bln.netz
+pc117.mbr-bln.netz
+pc118.mbr-bln.netz
+pc121.mbr-bln.netz
+pc123.mbr-bln.netz
+pc124.mbr-bln.netz
+pc125.mbr-bln.netz
+pc126.mbr-bln.netz
+pc127.mbr-bln.netz
+pc128.mbr-bln.netz
+pc131.mbr-bln.netz
+pc135.mbr-bln.netz
+
+[file_server]
+file-mbr.mbr-bln.netz ansible_user=root
+file-kb.anw-kb.netz ansible_user=root
+
+[nfs_server]
+file-mbr.mbr-bln.netz ansible_user=root
+file-kb.anw-kb.netz ansible_user=root
+
+[nis_server]
+file-mbr.mbr-bln.netz ansible_user=root
+
+[samba_server]
+file-mbr.mbr-bln.netz ansible_user=root
+file-kb.anw-kb.netz ansible_user=root
+
+[ftp_server]
+
+[gateway_server]

initialize-ansible.yml

@@ -0,0 +1,16 @@
+---
+
+- hosts: initial_setup
+  #remote_user: root
+  #become: false
+  gather_facts: false
+
+#  vars_prompt:
+#
+#    - name: ansible_ssh_pass
+#      prompt: "Give root's password here"
+
+
+  roles:
+     - ansible_dependencies
+     - ansible_user

poweroff-clients.yml

@@ -0,0 +1,10 @@
+---
+  
+- hosts: client_pc
+  gather_facts: false
+
+  tasks:
+    - name: Power off client pcs
+      command: "/sbin/shutdown -h +1 >/dev/null 2>&1 &"
+
+

roles/ansible_dependencies-bullseye/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+
+- name: re-synchronize the package index files from their sources
+  raw: apt-get update
+  
+- name: Ensure aptitude is present
+  raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
+
+- name: Ensure python2 is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python2 || (apt -y update && apt install -y python-is-python2)
+
+- name: Ensure python3 is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
+
+- name: Ensure python-apt-common is present (This is necessary for ansible to work properly)
+  raw: test -e  /usr/bin/python2 && (apt -y update && apt install -y python-apt-common)
+
+- name: Ensure python-apt is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
+
+- name: dpkg --configure -a
+  command: >
+    dpkg --configure -a
+  args:
+    warn: false
+  changed_when: _dpkg_configure.stdout_lines | length
+  register: _dpkg_configure
+  when: apt_dpkg_configure|bool
+  tags:
+    - ansible-dependencies
+
+- name: apt upgrade
+  apt:
+    upgrade: "{{ apt_upgrade_type }}"
+    update_cache: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_upgrade|bool
+  tags:
+    - ansible-dependencies
+
+- name: apt install ansible dependencies
+  apt:
+    name: "{{ apt_ansible_dependencies }}"
+    state: "{{ apt_install_state }}"
+  tags:
+    - ansible-dependencies
+

roles/ansible_dependencies/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+
+- name: re-synchronize the package index files from their sources
+  raw: apt-get update
+  
+- name: Ensure aptitude is present
+  raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
+
+- name: Ensure python2 is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python2 || (apt -y update && apt install -y python)
+
+- name: Ensure python-apt is present (This is necessary for ansible to work properly)
+  raw: test -e  /usr/bin/python2 && (apt -y update && apt install -y python-apt)
+
+- name: Ensure python3 is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
+
+- name: Ensure python-apt is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
+
+- name: apt upgrade
+  apt:
+    upgrade: dist
+    update_cache: true
+    dpkg_options: force-confdef,force-confold
+  tags:
+    - ansible-dependencies
+
+- name: apt install ansible dependencies
+  apt:
+    name: "{{ apt_ansible_dependencies }}"
+    state: latest
+  tags:
+    - ansible-dependencies
+

roles/ansible_user/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+
+- name: Ensure remote users for ansible exists
+  user:
+    name: '{{ item.name }}'
+    state: present
+    uid: '{{ item.user_id | default(omit) }}'
+    #group: '{{ item.name | default(omit) }}'
+    shell: '{{ item.shell|d("/bin/bash") }}'
+    password: "{{ item.password }}"
+    update_password: on_create
+  with_items: '{{ ansible_remote_user }}'
+  loop_control:
+    label: ' user "{{ item.name }}" exists'
+  tags:
+    - ansible-remote-user
+
+- name: Ensure ansible user is part of sudo group
+  user:
+    name: "{{ item.name }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ ansible_remote_user }}"
+  loop_control:
+    label: ' user "{{ item.name }}" is part of sudo group'
+  tags:
+    - sudo-users
+
+- name: Ensure authorized_key files are present for ansible user
+  authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ ssh_keys_admin|join('\n') }}"
+    state: present
+  with_items:
+    - '{{ ansible_remote_user }}'
+  loop_control:
+    label: ' authorized_key of user "{{ item.name }}" is present'
+  tags:
+    - authorized_key
+
+- name: Ensure authorized_key files are present for user root
+  authorized_key:
+    user: root
+    key: "{{ ssh_keys_admin|join('\n') }}"
+    state: present
+  tags:
+    - authorized_key
+

roles/common/files/USER_HOME/.config/autostart/x11vnc.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Type=Application
+Exec=x11vnc -rfbport 5901 -rfbauth /etc/x11vnc.pass
+Hidden=false
+NoDisplay=false
+X-GNOME-Autostart-enabled=true
+Name[de_DE]=X11VNC User-Service
+Name=X11VNC User-Service
+Comment[de_DE]=
+Comment=

roles/common/files/etc/samba/users.map

@@ -0,0 +1,18 @@
+# ############################################ #
+#          --------------------------          #
+#          ** DO NOT EDIT DIRECTLY **          #
+#          --------------------------          #
+#             Ansible managed file             #
+# ############################################ #
+
+# This file allows you to map usernames from the clients to the server.
+# Unix_name = SMB_name1 SMB_name2 ...
+#
+# See section 'username map' in the manual page of smb.conf for more
+# information.
+#
+# This file is _not_ included in the default configuration as it makes the
+# usage of an user named administrator impossible.
+
+root = admin administrator
+

roles/common/files/etc/systemd/system/rpcbind.socket.d/override.conf

@@ -0,0 +1,4 @@
+[Unit]
+DefaultDependencies=no
+Wants=rpcbind.target
+Before=rpcbind.target

roles/common/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf

@@ -0,0 +1,3 @@
+[Service]
+IPAddressAllow=192.168.0.0/16
+

roles/common/files/vault/luks_chris_passwd

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+62323434623266663935613930616166356337326431363364343533643737333563626366303561
+3932643537656366666237653865356132646166373836300a663261383165356434313436653432
+37383766366337373463393532393534393461343631666239326161306132393766393232316431
+3838623633643964310a336132326136613738323863623536343739646135356464623832363932
+63316661346433373266623562613062386266396334643737643662313439393836

roles/common/files/vault/luks_default_passwd

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+61616531623932306237316562643665383565373865386562326662343031393165373339363039
+6365366161333663656235653238663139663063373939310a343035313832343861323331323038
+36316539636134363165653765306530373130383363376335323332663737393761636564613535
+3964373431393161340a623137376539363364313230633962343465393565316437623565363833
+3263

roles/common/handlers/main.yml

@@ -0,0 +1,83 @@
+---
+
+- name: Update timezone
+  command: dpkg-reconfigure --frontend noninteractive tzdata
+
+#- name: Restart ssh
+#  shell: sleep 3; systemctl restart sshd
+#  async: 1
+#  poll: 0
+
+# Does NOT Work
+#
+# Error was:
+#    Start request repeated too quickly.
+#
+# See also: https://github.com/ansible/ansible-modules-core/issues/1533
+#
+- name: Restart ssh
+  service:
+    name: ssh
+    state: restarted
+
+- name: Renew nis databases
+  shell: make -C /var/yp
+  when: 
+    - "groups['nis_server']|string is search(inventory_hostname)"
+
+- name: Reload nfs
+  service:
+    name: nfs-kernel-server
+    state: reloaded
+    enabled: yes
+  when: 
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+
+- name: Restart systemd-logind.service
+  service:
+    name: systemd-logind
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart rpcbind
+  service:
+    name: rpcbind
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart smbd
+  service:
+    name: smbd
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart nmbd
+  service:
+    name: nmbd
+    daemon_reload: yes
+    state: restarted
+
+- name: Reload samba config
+  shell: smbcontrol all reload-config
+  when: 
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+
+- name: Restart cups
+  service:
+    name: cups
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart ntp
+  service:
+    name: ntp
+    daemon_reload: yes
+    state: restarted
+
+- name: Restart cups-browsed
+  service:
+    name: cups-browsed
+    daemon_reload: yes
+    state: restarted
+

roles/common/tasks/apt.yml

@@ -0,0 +1,320 @@
+---
+
+- name: (apt.yml) update configuration file - /etc/apt/sources.list
+  template:
+    src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
+    dest: /etc/apt/sources.list
+    owner: root
+    group: root
+    mode: 0644
+  register: apt_config_updated
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - apt_manage_sources_list|bool
+  tags:
+    - apt-configuration
+
+
+- name: (apt.yml) apt update
+  apt:
+    update_cache: true
+    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
+  when: apt_update|bool
+  tags:
+    - apt-update
+    - apt-upgrade
+    - apt-dpkg-configure
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+
+- name: (apt.yml) dpkg --configure
+  command: >
+    dpkg --configure -a
+  args:
+    warn: false
+  changed_when: _dpkg_configure.stdout_lines | length
+  register: _dpkg_configure
+  when: apt_dpkg_configure|bool
+  tags:
+    - apt-dpkg-configure
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+
+- name: (apt.yml) apt upgrade
+  apt:
+    upgrade: "{{ apt_upgrade_type }}"
+    update_cache: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_upgrade|bool
+  tags:
+    - apt-upgrade
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+
+- name: (apt.yml) Initial install debian packages (stretch)
+  apt:
+    name: "{{ apt_initial_install_stretch }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "9"
+  tags:
+    - apt-initial-install
+
+
+- name: (apt.yml) Initial install debian packages (buster)
+  apt:
+    name: "{{ apt_initial_install_buster }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+  tags:
+    - apt-initial-install
+
+
+- name: (apt.yml) Initial install debian packages (bullseye)
+  apt:
+    name: "{{ apt_initial_install_bullseye }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "11"
+  tags:
+    - apt-initial-install
+
+
+- name: (apt.yml) Initial install ubuntu packages (bionic)
+  apt:
+    name: "{{ apt_initial_install_bionic }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+  tags:
+    - apt-initial-install
+
+- name: (apt.yml) Initial install ubuntu packages (xenial)
+  apt:
+    name: "{{ apt_initial_install_xenial }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+  tags:
+    - apt-initial-install
+
+
+# ---
+# Microcode
+# ---
+
+- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}-backports"
+  when:
+    - apt_backports_enable
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "9"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode (debian buster/bullseye)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster)
+  apt:
+    name: "{{ microcode_amd_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+    - ansible_facts['processor']|string is search("AMD")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic)
+  apt:
+    name: "{{ microcode_amd_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+    - ansible_facts['processor']|string is search("AMD")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial)
+  apt:
+    name: "{{ microcode_intel_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+
+- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial)
+  apt:
+    name: "{{ microcode_amd_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+    - ansible_facts['processor']|string is search("AMD")
+  tags:
+    - apt-initial-install
+    - apt-microcode
+
+# ---
+# Firmware
+# ---
+
+- name: (apt.yml) Install Firmware packages (Ubuntu)
+  apt:
+     name: "{{ firmware_packages_ubuntu }}"
+     state: present
+     default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+  tags:
+    - apt-initial-install
+    - apt-firmware
+
+
+- name: (apt.yml) Install Firmware packages (Debian)
+  apt:
+     name: "{{ firmware_packages_debian }}"
+     state: present
+     default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+  tags:
+    - apt-initial-install
+    - apt-firmware
+
+
+- name: (apt.yml) Install non-free Firmware packages (Debian)
+  apt:
+     name: "{{ firmware_non_free_packages_debian }}"
+     state: present
+     default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - apt_debian_contrib_nonfree_enable
+  tags:
+    - apt-initial-install
+    - apt-firmware
+
+
+# ---
+# unwanted packages
+# ---
+
+- name: (apt.yml) Remove unwanted packages
+  apt:
+    name: "{{ apt_remove }}"
+    state: absent
+    purge: "{{ apt_remove_purge }}"
+  tags:
+    - apt-remove
+
+- name: (apt.yml) Remove unwanted packages Ubuntu bionic
+  apt:
+    name: "{{ apt_remove_bionic }}"
+    state: absent
+    purge: "{{ apt_remove_purge }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "bionic"
+  tags:
+    - apt-remove
+
+- name: (apt.yml) Remove unwanted packages Ubuntu xenial
+  apt:
+    name: "{{ apt_remove_xenial }}"
+    state: absent
+    purge: "{{ apt_remove_purge }}"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_release'] == "xenial"
+  tags:
+    - apt-remove
+
+- name: (apt.yml) autoremove
+  apt:
+    autoremove: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_autoremove|bool
+  tags:
+    - apt-autoremove
+    - apt-initial-install
+    - apt-microcode
+
+- name: (apt.yml) clean
+  command: apt-get -y clean
+  args:
+    warn: false
+  changed_when: false
+  when: apt_clean|bool
+  tags:
+    - apt-clean
+    - apt-initial-install
+    - apt-microcode

roles/common/tasks/basic.yml

@@ -0,0 +1,105 @@
+---
+
+- name: (basic.yml) Ensure timezone is is correct
+  timezone: name={{ time_zone }}
+  tags:
+    - timezone
+
+
+- name: (basic.yml) Ensure locales are present
+  locale_gen:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ locales }}"
+  tags:
+    - locales
+
+
+- name: (basic.yml) Create a symbolic link /bin/sh -> bash
+  file:
+    src: bash
+    dest: /bin/sh
+    owner: root
+    group: root
+    state: link
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - symlink-sh
+
+
+- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
+  stat:
+    path: /etc/systemd/system
+  register: etc_systemd_system_conf
+  when:
+    - set_default_limit_nofile|bool == true
+
+
+- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
+  lineinfile:
+    dest: /etc/systemd/system.conf
+    state: present
+    regexp: '^DefaultLimitNOFILE'
+    line: 'DefaultLimitNOFILE=1048576'
+    insertafter: '^#DefaultLimitNOFILE'
+  when:
+    - set_default_limit_nofile|bool == true
+    -  etc_systemd_system_conf.stat.exists == true
+  tags:
+    - systemd-nofiles
+
+
+- name: (basic.yml) Check file '/etc/security/limits.conf.ORIG' exists
+  stat:
+    path: /etc/security/limits.conf.ORIG
+  register: etc_security_limits_conf_ORIG
+  tags:
+    - limits-conf
+
+- name: (basic.yml) Backup installation version of file '/etc/security/limits.conf'
+  command: cp -a /etc/security/limits.conf /etc/security/limits.conf.ORIG
+  when: etc_security_limits_conf_ORIG.stat.exists == False
+  tags:
+    - limits-conf
+
+
+- name: (basic.yml) Create new sshd_config from template limits.conf.j2
+  template:
+    src: etc/security/limits.conf.j2
+    dest: /etc/security/limits.conf
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - limits-conf
+
+# - /etc/hosts
+
+- name: (basic.yml) Check file '/etc/hosts.ORIG' exists
+  stat:
+    path: /etc/hosts.ORIG
+  register: etc_hosts_ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - etc_hosts
+
+- name: (basic.yml) Backup installation version of file '/etc/hosts'
+  command: cp -a /etc/hosts /etc/hosts.ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+    - etc_hosts_ORIG.stat.exists == False
+  tags:
+    - etc_hosts
+
+- name: (basic.yml) addjust '/etc/hosts' add nis-server ..
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^192\.168\.'
+    line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[0] }}'
+  when:
+    - "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - etc_hosts
+

roles/common/tasks/cups-install.yml

@@ -0,0 +1,152 @@
+---
+
+
+# ---
+# Cups Server
+# ---
+
+- name: (cups-install.yml) Ensure CUPS packages server (buster) are installed.
+  package:
+    pkg: '{{ apt_install_server_cups_buster }}'
+    state: present
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+  tags:
+    - cups-server
+
+
+# ---
+# Cups clients
+# ---
+
+- name: (cups.yml) Ensure CUPS packages clients are installed.
+  package:
+    pkg: "{{ apt_install_client_cups }}"
+    state: present
+  when: 
+    - ansible_distribution_version ==  "18.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - cups-client
+
+
+
+# -- file /etc/cups/cups-browsed.conf
+- name: (cups.yml) Check if file '/etc/cups/cups-browsed.conf.ORIGi' exists
+  stat:
+    path: /etc/cups/cups-browsed.conf.ORIG
+  register: cups_browsed_conf_orig_exists
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) Backup /etc/cups/cups-browsed.conf file
+  command: cp /etc/cups/cups-browsed.conf /etc/cups/cups-browsed.conf.ORIG
+  when: cups_browsed_conf_orig_exists.stat.exists == False
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) update configuration file server - /etc/cups/cups-browsed.conf
+  template:
+    src: "etc/cups/cups-browsed.conf.server.j2"
+    dest: /etc/cups/cups-browsed.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups-browsed
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - cups-server
+
+- name: (cups.yml) update configuration file client - /etc/cups/cups-browsed.conf
+  template:
+    src: "etc/cups/cups-browsed.conf.client.j2"
+    dest: /etc/cups/cups-browsed.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups-browsed
+  when:
+    - groups['client_pc']|string is search(inventory_hostname)
+  tags:
+    - cups-client
+
+
+# -- file /etc/cups/cupsd.conf
+- name: (cups.yml) Check if file '/etc/cups/cupsd.conf.ORIG' exists
+  stat:
+    path: /etc/cups/cupsd.conf.ORIG
+  register: cupsd_conf_orig_exists
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) Backup /etc/cups/cupsd.conf file
+  command: cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.ORIG
+  when: cupsd_conf_orig_exists.stat.exists == False
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) update configuration file server - /etc/cups/cupsd.conf
+  template:
+    src: "etc/cups/cupsd.conf.server.j2"
+    dest: /etc/cups/cupsd.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - cups-server
+
+- name: (cups.yml) update configuration file client - /etc/cups/cupsd.conf
+  template:
+    src: "etc/cups/cupsd.conf.client.j2"
+    dest: /etc/cups/cupsd.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups
+  when:
+    - groups['client_pc']|string is search(inventory_hostname)
+  tags:
+    - cups-server
+
+# -- file /etc/cups/cups-files.conf
+- name: (cups.yml) Check if file '/etc/cups/cups-files.conf.ORIGi' exists
+  stat:
+    path: /etc/cups/cups-files.conf.ORIG
+  register: cups_files_conf_orig_exists
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) Backup /etc/cups/cups-files.conf file
+  command: cp /etc/cups/cups-files.conf /etc/cups/cups-files.conf.ORIG
+  when: cups_files_conf_orig_exists.stat.exists == False
+  tags:
+    - cups-server
+    - cups-client
+
+- name: (cups.yml) update configuration file server - /etc/cups/cups-files.conf
+  template:
+    src: "etc/cups/cups-files.conf.j2"
+    dest: /etc/cups/cups-files.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+     Restart cups
+  tags:
+    - cups-server
+    - cups-client
+

roles/common/tasks/git.yml

@@ -0,0 +1,66 @@
+---
+
+# ---
+#  Default reposotories
+# ---
+
+- name: (git.yml) Install/Update default repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_default_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  tags:
+    - git-default-repositories
+
+
+# ---
+#  Group [file_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update file_server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_oopen_server_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - git-file-server-repositories
+
+
+# ---
+#  Group [samba_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update samba server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_samba_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  when: "groups['samba_server']|string is search(inventory_hostname)"
+  ignore_errors: True
+  tags:
+    - git-samba-server-repositories
+
+
+# ---
+#  Group [gateway_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update gateway repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_gateway_repositories }}'
+  loop_control:
+    label: "{{ item.name }}"
+  when: "groups['gateway_server']|string is search(inventory_hostname)"
+  tags:
+    - git-gateway-server-repositories
+
+

roles/common/tasks/luks.yml

@@ -0,0 +1,6 @@
+- name: (luks.ym) add new key to the LUKS container (container has to exist)
+  luks_device:
+    device: "{{ luks_device }}"
+    keyfile: "{{ role_path + '/files/vault/luks_default_passwd' }}"
+    new_keyfile: "{{ role_path + '/files/vault/luks_chris_passwd' }}"
+

roles/common/tasks/main.yml

@@ -0,0 +1,254 @@
+---
+
+# tags supported inside basic.yml
+#
+#    timezone
+#    locales
+#    systemd-nofiles
+- import_tasks: basic.yml
+  tags:
+    - basic
+
+
+# tags supported inside sshd.yml
+#
+#    sshd-config
+- import_tasks: sshd.yml
+  tags: sshd
+
+
+# tags supported inside apt.yml
+#
+#   apt-update
+#   apt-upgrade
+#   apt-dpkg-configure
+#   apt-initial-install
+#   apt-microcode
+#   apt-remove
+#   apt-autoremove
+#   apt-clean
+- import_tasks: apt.yml
+  tags: apt
+
+
+# tags supportetd inside git.yml
+#
+#   git-default-repositories
+#   git-file-server-repositories
+#   git-gateway-server-repositories
+- import_tasks: git.yml
+  tags: git
+
+
+# tags supported inside nis-user.yml:
+#
+#    nis-user
+- import_tasks: nis-user.yml
+  when: "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - nis-user
+
+
+# tags supported inside ntp.yml:
+#
+#    ntp-server
+- import_tasks: ntp.yml
+  tags:
+    - ntp
+
+
+# tags supported inside cups-install.yml:
+#
+#    cups-server
+#    cups-client
+- import_tasks: cups-install.yml
+  tags:
+    - cups
+
+
+# tags supported inside pure-ftpd-install.yml:
+#
+- import_tasks: pure-ftpd-install.yml
+  when:
+    - groups['ftp_server']|string is search(inventory_hostname)
+  tags:
+    - pure-ftpd
+
+
+# tags supported inside nfs.yml:
+#
+#    nfs-server
+#    nfs-client
+- import_tasks: nfs.yml
+  tags:
+    - nfs
+
+
+# tags supported inside samba-install.yml:
+#
+#    samba-server
+#    samba-client
+- import_tasks: samba-install.yml
+  tags:
+    - samba-install
+    - samba
+
+
+# tags supported inside samba-remove-user.yml:
+#
+- import_tasks: samba-remove-user.yml
+  tags:
+    - samba-remove-user
+
+
+# tags supported inside system-remove-user.yml:
+#
+- import_tasks: system-remove-user.yml
+  tags:
+    - system-remove-user
+
+
+# tags supported inside system-user.yml:
+#
+#    system-user
+- import_tasks: system-user.yml
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - system-user
+
+
+# tags supported inside nis-install-server.yml:
+#
+#    nis-install-server
+- import_tasks: nis-install-server.yml
+  when: "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# tags supported inside nis-install-client.yml:
+#
+#    nis-install-client
+- import_tasks: nis-install-client.yml
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# tags supported inside samba-user.yml:
+#
+#    samba-user
+- import_tasks: samba-user.yml
+  when: "groups['samba_server']|string is search(inventory_hostname)"
+  tags:
+    - nis-samba-user
+
+
+# tags supported system-user-systemfiles.yml:
+#
+#    profile
+#    bashrc
+#    vimrc
+- import_tasks: system-user-systemfiles.yml
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - user-systemfiles
+
+
+# tags supported nis-user-systemfiles.yml:
+#
+#    profile
+#    bashrc
+#    vimrc
+- import_tasks: nis-user-systemfiles.yml
+  when: "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - user-systemfiles
+    - nis-user-systemfiles
+
+
+# tags supported root-files-scripts.yml:
+
+#    wakeup_lan
+- import_tasks: root-files-scripts.yml
+  tags:
+    - root-files-scripts
+
+
+# tags supported inside sudoers-pc.yml:
+#
+#   sudoers-remove
+#   sudoers-file-configuration
+#   sudoers-global-configuration
+- import_tasks: sudoers-pc.yml
+  when: "groups['client_pc']|string is search(inventory_hostname)"
+  tags:
+    - sudoers
+
+
+# tags supported inside sudoers-server.yml:
+#
+#   sudoers-remove
+#   sudoers-file-configuration
+#   sudoers-global-configuration
+- import_tasks: sudoers-server.yml
+  when: "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - sudoers
+
+
+# tags supported inside mount_samba_shares.yml:
+#
+#- import_tasks: mount_samba_shares.yml
+#  when: "groups['client_pc']|string is search(inventory_hostname)"
+#  tags:
+#    - samba-shares
+
+
+# Tasks: Configure VNC (x11vnc) for Ubuntu systems
+#
+# Supported OS:
+#   - Ubuntu 16.04LTSi
+#   - Ubuntu 18.04LTSi
+
+- name: "For OS: Ubuntu 16.04LTS, Arch: amd64"
+  import_tasks: ubuntu-x11vnc-1604-amd64.yml
+  when:
+    - ansible_distribution_version ==  "16.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - x11vnc
+    - x11vnc-1604
+    - finish-client-install
+
+
+- name: "For OS: Ubuntu 18.04LTS, Arch: amd64"
+  import_tasks: ubuntu-x11vnc-1804-amd64.yml
+  when:
+    - ansible_distribution_version ==  "18.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - x11vnc
+    - x11vnc-1804
+    - finish-client-install
+
+
+- name: "For OS: Ubuntu 20.04LTS, Arch: amd64"
+  import_tasks: ubuntu-x11vnc-2004-amd64.yml
+  when:
+    - ansible_distribution_version ==  "20.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - x11vnc
+    - x11vnc-2004
+    - finish-client-install
+
+
+
+#- name: "Configure LUKS"
+#  import_tasks: luks.yml
+#  when: "groups['client_pc']|string is search(inventory_hostname)"
+#  tags:
+#    - luks

roles/common/tasks/mount_samba_shares.yml

@@ -0,0 +1,28 @@
+---
+
+
+- name: (mount_samba_shares.yml) Ensure (user separated) base mount directories for samba shares exists
+  file:
+    path: "/mnt/{{ item.name }}"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: '0700'
+    state: directory
+  with_items: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - item.is_samba_user is defined and item.is_samba_user|bool
+
+- name: (mount_samba_shares.yml) Ensure (user separated) mount directories for samba shares exists
+  file:
+    path: "/mnt/{{ item.1 }}/{{ item.0.name }}"
+    owner: "{{ item.1 }}"
+    group: "{{ item.1 }}"
+    mode: '0770'
+    state: directory
+  with_subelements: 
+    - "{{ samba_shares }}"
+    - user
+  loop_control:
+    label: '{{ item.1 }} share: {{ item.0.name }}'

roles/common/tasks/nfs.yml

@@ -0,0 +1,96 @@
+---
+
+# ---
+# NFS Server
+# ---
+
+- name: (nfs.yml) Ensure NFS utilities (server) are installed.
+  apt:
+    name:
+      - nfs-common
+      - nfs-kernel-server
+    state: present
+  when:
+    - ansible_os_family == "Debian"
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+  tags:
+    - nfs-server
+
+- name: (nfs.yml) Ensure directories to export exist
+  file:
+    path: '{{ item.src.split(":")[1] }}'
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  with_items: "{{ nfs_exports }}"
+  loop_control:
+    label: '{{ item.path }}'
+  when:
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+  tags:
+    - nfs-server
+
+- name: (nfs.yml) Copy exports file.
+  template:
+    src: etc/exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+  notify: Reload nfs
+  tags:
+    - nfs-server
+
+- name: Enable service rpc-statd and ensure it is not masked
+  systemd:
+    name: rpc-statd
+    enabled: yes
+    masked: no
+  when:
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+
+- name: Make sure service rpc-statd is running
+  systemd:
+    state: started
+    name: rpc-statd
+  when:
+    - "groups['nfs_server']|string is search(inventory_hostname)"
+  tags:
+    - nfs-server
+
+# ---
+# NFS clients
+# ---
+
+- name: (nfs.yml) Ensure NFS utilities (clients) are installed.
+  apt:
+    pkg: nfs-common
+    state: present
+  when: 
+    - ansible_os_family == "Debian"
+    - "groups['nfs_client']|string is search(inventory_hostname)"
+  tags:
+    - nfs-client
+
+- name: (nfs.yml) NFS Mount exports from nfs server
+  mount:
+    path: "{{ item.path }}"
+    src: "{{ item.src }}"
+    fstype: nfs
+    opts: "{{ item.mount_opts }}"
+    dump: "{{ item.dump | default(omit) }}"
+    passno: "{{ item.passno | default(omit) }}"
+    state: mounted
+  loop: "{{ nfs_exports }}"
+  loop_control:
+    label: '{{ item.src }}'
+  when:
+    - "groups['nfs_client']|string is search(inventory_hostname)"
+  tags:
+    - nfs-client
+
+
+

roles/common/tasks/nis-install-client.yml

@@ -0,0 +1,312 @@
+---
+
+# ---
+# Install nis
+# ---
+
+- name: (nis-install-client.yml) Set (nis) default domain (/etc/defaultdomain)
+  template:
+    dest: /etc/defaultdomain  
+    src: etc/defaultdomain.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Create preconfigured /etc/yp.conf on nis clients
+  template:
+    dest: /etc/yp.conf
+    src: etc/yp.conf.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Install nis common packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nis_common_packages }}"
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/default/nis
+# ---
+
+- name: (nis-install-client.yml) Check if file '/etc/default/nis.ORIG' exists
+  stat:
+    path: /etc/default/nis.ORIG
+  register: default_nis_exists
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Backup existing file /etc/default/nis
+  command: cp -a /etc/default/nis /etc/default/nis.ORIG
+  when:
+    - default_nis_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISSERVER' (client)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISSERVER=.*'
+    replace: 'NISSERVER=false'
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (client)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISCLIENT=.*'
+    replace: 'NISCLIENT=true'
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'YPBINDARGS' (client)
+  replace:
+    path: /etc/default/nis
+    regexp: '^YPBINDARGS=.*'
+    replace: 'YPBINDARGS='
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/{passwd,group,shadow}
+# ---
+
+- name: (nis-install-client.yml) Add '+::::::' to file /etc/passwd
+  lineinfile:
+    path: /etc/passwd
+    line: '+::::::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  when: "ansible_distribution_major_version|int  < 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Add '+:::' to file /etc/group
+  lineinfile:
+    path: /etc/group
+    line: '+:::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  when: "ansible_distribution_major_version|int  < 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Add '+::::::::' to file /etc/shadow
+  lineinfile:
+    path: /etc/shadow
+    line: '+::::::::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: shadow
+    mode: '0640'
+  when: "ansible_distribution_major_version|int  < 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/hosts
+# ---
+
+- name: (nis-install-client.yml) Check if file '/etc/hosts.ORIG' exists
+  stat:
+    path: /etc/hosts.ORIG
+  register: etc_hosts_orig_exists
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Backup existing file /etc/hosts
+  command: cp -a /etc/hosts /etc/hosts.ORIG
+  when:
+    - etc_hosts_orig_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Add nis-server to file /etc/hosts
+  lineinfile:
+    path: /etc/hosts
+    line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[0] }}'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/nsswitch.conf
+# ---
+
+- name: (nis-install-client.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
+  stat:
+    path: /etc/nsswitch.conf.ORIG
+  register: nsswitch_conf_orig_exists
+  tags:
+    - nis-install 
+    - nis-install-client
+
+- name: (nis-install-client.yml) Backup existing file /etc/nsswitch.conf
+  command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
+  when:
+    - nsswitch_conf_orig_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set hosts)
+  replace:
+    path: /etc/nsswitch.conf
+    regexp: '(hosts:\s+files)\s+((?!nis).*)$'
+    replace: '\1 nis \2'
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set passwd/group/shadow)
+  replace:
+    path: /etc/nsswitch.conf
+    regexp: '^({{ item }}:\s+((?!nis).)*)$'
+    replace: '\1 nis'
+  with_items:
+     - passwd
+     - group
+     - shadow
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+# ---
+
+# - !! Using NIS client in Ubuntu 18.04 crashes both Gnome and Unity !!
+# - ===================================================================
+#
+# - Unter NIS in Ubuntu 18.04 stütrzt Gnome und Unity ab
+# -
+# - Abhilfe schafft:
+# -
+#
+# - Create a new directory in /etc/systemd/system/ named exactly after the
+# - service you want to extend including a '.d', here this would be:
+# -    systemd-logind.service.d
+# -
+# -    mkdir /etc/systemd/system/systemd-logind.service.d
+#
+# - Create a new file choose_an_appropriate_name.conf (e.g. nis_allow_network.conf)
+# - inside the newly created directory with the following content, which specifies
+# - the IP or IP range you want to be allowed:
+# -
+# -    cat <<EOF > /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+# -    [Service]
+# -    IPAddressAllow=192.168.0.0/16
+# -    EOF
+# -
+# -    systemctl daemon-reload
+# -    systemctl restart systemd-logind.service
+
+- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/systemd-logind.service.d exists
+  file:
+    path: /etc/systemd/system/systemd-logind.service.d
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when: "ansible_distribution_major_version|int  >= 18"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf exists
+  copy:
+    src: "{{ role_path + '/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf' }}"
+    dest: /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+    owner: root
+    group: root
+    mode: '0755'
+  when: "ansible_distribution_major_version|int  >= 18"
+  notify:
+    - Restart systemd-logind.service
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# - Seit Ubuntu 16.04 startet nis vor dem portmapper (rpcbind). Das Starten
+# - schlägt deshalb fehl und nis steht nicht zur Verfügung.
+# -
+# - Abhilfe:
+# -
+# - Run "systemctl edit rpcbind.socket" and add the following:
+# -
+# -    [Unit]
+# -    DefaultDependencies=no
+# -    Wants=rpcbind.target
+# -    Before=rpcbind.target
+# -
+# - You can see your changes:
+# -    cat /etc/systemd/system/rpcbind.socket.d/override.conf
+
+- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/rpcbind.socket.d exists
+  file:
+    path: /etc/systemd/system/rpcbind.socket.d
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when: "ansible_distribution_major_version|int  >= 16"
+  tags:
+    - nis-install
+    - nis-install-client
+
+- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/rpcbind.socket.d/override.conf exists
+  copy:
+    src: "{{ role_path + '/files/etc/systemd/system/rpcbind.socket.d/override.conf' }}"
+    dest: /etc/systemd/system/rpcbind.socket.d/override.conf
+    owner: root
+    group: root
+    mode: '0755'
+  when: "ansible_distribution_major_version|int  >= 16"
+  notify:
+    - Restart rpcbind
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# TODO:
+# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+# /etc/systemd/system/rpcbind.socket.d/override.conf

roles/common/tasks/nis-install-server.yml

@@ -0,0 +1,268 @@
+---
+
+# ---
+# Install nis
+# ---
+
+- name: (nis-install-server.yml) Install nis common packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nis_common_packages }}"
+  register: nis_installed
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain)
+  template:
+    dest: /etc/defaultdomain  
+    src: etc/defaultdomain.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Create preconfigured /etc/yp.conf on nis clients
+  template:
+    dest: /etc/yp.conf
+    src: etc/yp.conf.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - nis-install
+    - nis-install-client
+
+
+# ---
+# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default. 
+#
+# Note:
+#    'yescrypt' is not supported by Debian 10 (buster) nor by Ubuntu 18.04 and smaller
+#
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists 
+  stat:
+    path: /etc/pam.d/common-password
+  register: file_etc_pam_d_common_password
+  tags:
+    - nis-install
+    - nis-install-server
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version']|int >= 11
+
+- name: (nis-install-server.yml) Check if default hash for password is 'yescrypt'
+  shell: "grep -i -q -E  '^password.+yescrypt' /etc/pam.d/common-password"
+  register: presence_of_passwprd_hashing_yescrypt
+  changed_when: 
+    - presence_of_passwprd_hashing_yescrypt.rc < 1
+  failed_when:
+    - presence_of_passwprd_hashing_yescrypt.rc >= 2
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_distribution_major_version|int >= 11
+    - ansible_distribution_major_version|int <= 12
+    - file_etc_pam_d_common_password.stat.exists == True
+
+- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt
+  shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version']|int >= 11
+    - ansible_facts['distribution_major_version']|int <= 12
+    - file_etc_pam_d_common_password.stat.exists == True
+    - presence_of_passwprd_hashing_yescrypt is changed
+
+
+# ---
+# /etc/default/nis
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists
+  stat:
+    path: /etc/default/nis.ORIG
+  register: default_nis_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /etc/default/nis
+  command: cp -a /etc/default/nis /etc/default/nis.ORIG
+  when:
+    - default_nis_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISSERVER=.*'
+    replace: 'NISSERVER=master'
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server)
+  replace:
+    path: /etc/default/nis
+    regexp: '^NISCLIENT=.*'
+    replace: 'NISCLIENT=false'
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# /etc/ypserv.securenets
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/ypserv.securenets.ORIG' exists
+  stat:
+    path: /etc/ypserv.securenets.ORIG
+  register: ypserv_securenets_orig_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /etc/ypserv.securenets
+  command: cp -a /etc/ypserv.securenets /etc/ypserv.securenets.ORIG
+  when:
+    - ypserv_securenets_orig_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
+  replace:
+    path: /etc/ypserv.securenets
+    regexp: '^(0.0.0.0\s+.*)'
+    replace: '#\1'
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
+  lineinfile:
+    path: /etc/ypserv.securenets
+    line: '255.255.0.0 192.168.0.0'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
+  lineinfile:
+    path: /etc/ypserv.securenets
+    line: '255.0.0.0 10.0.0.0'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Trigger '/usr/lib/yp/ypinit -m'
+  shell: printf '\n' | /usr/lib/yp/ypinit -m
+  when: nis_installed.changed
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# Base directory containing users' home directory
+# ---
+
+- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
+  file:
+    path: '{{ nis_base_home }}'
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when:
+    - "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# /etc/adduser.conf
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/adduser.conf.ORIG exists'
+  stat:
+    path: /etc/adduser.conf.ORIG
+  register: adduser_conf_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /etc/adduser.conf
+  command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG
+  when:
+    - adduser_conf_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file  '/etc/adduser.conf' - set 'DHOME'
+  replace:
+    path: /etc/adduser.conf
+    regexp: '^#?DHOME=.*'
+    replace: 'DHOME={{ nis_base_home }}'
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# ---
+# /var/yp/Makefile
+# ---
+
+- name: (nis-install-server.yml) Check if file '/var/yp/Makefile.ORIG exists'
+  stat:
+    path: /var/yp/Makefile.ORIG
+  register: adduser_conf_exists
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Backup existing file /var/yp/Makefile
+  command: cp -a /var/yp/Makefile /var/yp/Makefile.ORIG
+  when:
+    - adduser_conf_exists.stat.exists == False
+  tags:
+    - nis-install
+    - nis-install-server
+
+- name: (nis-install-server.yml) Adjust file  '/var/yp/Makefile'
+  replace:
+    path: /var/yp/Makefile
+    regexp: '^#?{{ item }}=.*'
+    replace: '{{ item }}=true'
+  with_items:
+    - MERGE_PASSWD
+    - MERGE_GROUP
+  notify: 
+    - Renew nis databases
+  tags:
+    - nis-install
+    - nis-install-server
+
+
+# TODO:
+# /var/yp/Makefile

roles/common/tasks/nis-user-systemfiles.yml

@@ -0,0 +1,183 @@
+---
+
+# ---
+# Check if local template directories exists
+# ---
+
+# nis_users
+- name: (nis-user-systemfiles.yml) Check if local template directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
+  with_items: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_nis_user
+
+
+# -- 
+# Copy .profile 
+# --- 
+
+- name: (nis-user-systemfiles.yml) Check if users file '.profile.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.profile.ORIG"
+  register: profile_user_orig_exists
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - profile
+
+- name: (nis-user-systemfiles.yml) Backup existing users .profile file
+  command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
+  loop: "{{ profile_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == False
+  tags:
+    - profile
+
+- name: (nis-user-systemfiles.yml) copy .profile if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{  local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
+  tags:
+    - profile
+
+- name: (nis-user-systemfiles.yml) copy default .profile if it exists
+  template:
+    src: files/homedirs/DEFAULT/_profile.j2
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - profile
+
+
+# --
+# Copy .bashrc
+# ---
+
+- name: (nis-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.bashrc.ORIG"
+  register: bashrc_user_orig_exists
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - bashrc
+
+- name: (nis-user-systemfiles.yml) Backup existing users .bashrc file
+  command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
+  loop: "{{ bashrc_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: item.stat.exists == False
+  tags:
+    - bashrc
+
+- name: (nis-user-systemfiles.yml) copy .bashrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
+  tags:
+    - bashrc
+
+- name: (nis-user-systemfiles.yml) copy default .bashrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_bashrc
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - bashrc
+
+
+# --
+# Copy .vimrc
+# ---
+
+- name: (nis-user-systemfiles.yml) copy .vimrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
+  tags:
+    - vimrc
+
+- name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
+  with_items: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_dotvim_default_user
+
+- name: (nis-user-systemfiles.yml) copy .vim directory if it exists
+  copy:
+    src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
+    dest: "~{{ item.item.name }}"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  with_items: "{{ local_template_dir_dotvim_default_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+  tags:
+    - vimrc
+
+- name: (nis-user-systemfiles.yml) copy default .vimrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_vimrc
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_nis_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - vimrc
+

roles/common/tasks/nis-user.yml

@@ -0,0 +1,175 @@
+---
+
+## # ---
+## # - Remove unwanted users
+## # ---
+##
+## - name: (nis_user.yml) Remove (old) users from system
+##   user:
+##     name: '{{ item.name }}'
+##     state: absent
+##   with_items:
+##     - "{{ remove_nis_users }}"
+##   loop_control:
+##     label: '{{ item.name }}'
+##   tags:
+##     - nis-user
+##     - system-user
+##
+## - name: (nis_user.yml) Remove home directory from deleted users
+##   file:
+##     path: '{{ nis_base_home }}/{{ item.name }}'
+##     state: absent
+##   with_items:
+##     - "{{ remove_nis_users }}"
+##   loop_control:
+##     label: '{{ item.name }}'
+##   tags:
+##     - nis-user
+##     - system-user
+
+# ---
+# - default user/groups
+# ---
+
+- name: (nis_user.yml) Ensure nis groups exists
+  group:
+    name: '{{ item.name }}'
+    state: present
+    gid: '{{ item.group_id | default(omit) }}'
+  loop: "{{ nis_groups }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: item.group_id is defined
+  notify: Renew nis databases
+  tags:
+    - nis-user
+    - system-user
+    
+#- meta: end_host
+
+- name: (nis_user.yml) Get database of nis (system) users
+  getent:
+    database: passwd
+  tags:
+    - nis-user
+    - system-user
+
+- name: (nis_user.yml) Add nis (system) users if not yet exists..
+  shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - item.name not in getent_passwd
+  notify: Renew nis databases
+  tags:
+    - nis-user
+    - system-user
+
+- name: (nis_user.yml) Ensure nis users exists
+  user:
+    name: '{{ item.name }}'
+    state: present
+    uid: '{{ item.user_id | default(omit) }}'
+    #group: '{{ item.0.name | default(omit) }}'
+    groups: "{{ item.groups|join(', ') }}"
+    home: '{{ nis_base_home }}/{{ item.name }}'
+    shell: '{{ item.shell|d("/bin/bash") }}'
+    password: "{{ item.password | password_hash('sha512') }}"
+    update_password: on_create
+    append: yes
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  notify: Renew nis databases
+  tags:
+    - nis-user
+    - system-user
+
+
+- name: (nis_user.yml) Check if directory ~/.config/autostart exists
+  stat:
+    path: '{{ nis_base_home }}/{{ item.name }}/.config/autostart'
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: home_config_autostart
+  tags:
+    - nis-user
+    - x11vnc
+
+
+- name: (nis_user.yml) Ensure directory ~/.config/autostart if not exists
+  file:
+    path: '{{ nis_base_home }}/{{ item.item.name }}/.config/autostart'
+    state: directory
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0700
+    recurse: yes
+  loop: "{{ home_config_autostart.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when : not item.stat.exists|bool
+  tags:
+    - nis-user
+    - x11vnc
+
+
+#- name: (nis_user.yml) Ensure directory ~/.config/autostart if not exists
+#  file:
+#    path: '{{ nis_base_home }}/{{ item.name }}/.config/autostart'
+#    state: directory
+#    owner: "{{ item.name }}"
+#    group: "{{ item.name }}"
+#    mode: 0700
+#    recurse: yes
+#  loop: "{{ nis_user }}"
+#  loop_control:
+#    label: '{{ item.name }}'
+#  tags:
+#    - nis-user
+#    - x11vnc
+
+
+- name: (nis_user.yml) Check if file ~/.config/autostart/x11vnc.desktop exists
+  stat:
+    path: '{{ nis_base_home }}/{{ item.name }}/.config/autostart/x11vnc.desktop'
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: home_config_autostart_x11vnc
+  tags:
+    - nis-user
+    - x11vnc
+
+- name: (nis_user.yml) Ensure file ~/.config/autostart/x11vnc.desktop exists
+  copy:
+    src: "{{ role_path + '/files/USER_HOME/.config/autostart/x11vnc.desktop' }}"
+    dest: '{{ nis_base_home }}/{{ item.item.name }}/.config/autostart/x11vnc.desktop'
+    owner: '{{ item.item.name }}'
+    group: '{{ item.item.name }}'
+    mode: 0600
+  loop: "{{ home_config_autostart_x11vnc.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  tags:
+    - nis-user
+    - x11vnc
+
+#- name: (nis_user.yml) Ensure file ~/.config/autostart/x11vnc.desktop exists
+#  copy:
+#    src: "{{ role_path + '/files/USER_HOME/.config/autostart/x11vnc.desktop' }}"
+#    dest: '{{ nis_base_home }}/{{ item.name }}/.config/autostart/x11vnc.desktop'
+#    owner: '{{ item.name }}'
+#    group: '{{ item.name }}'
+#    mode: 0600
+#  loop: "{{ nis_user }}"
+#  loop_control:
+#    label: '{{ item.name }}'
+#  tags:
+#    - nis-user
+#    - x11vnc
+
+

roles/common/tasks/ntp.yml

@@ -0,0 +1,47 @@
+---
+
+# ---
+# NTP Server
+# ---
+
+- name: (ntp.yml) Ensure ntp package is installed.
+  apt:
+    name:
+      - ntp
+    state: present
+  when:
+    - ansible_os_family == "Debian"
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - ntp-server
+
+- name: (ntp.yml) Check file '/etc/ntp.conf.ORIG' exists
+  stat:
+    path: /etc/ntp.conf.ORIG
+  register: etc_ntp_conf_ORIG
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - ntp-server
+
+- name: (ntp.yml) Backup installation version of file '/etc/ntp.conf'
+  command: cp -a /etc/ntp.conf /etc/ntp.conf.ORIG
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+    - etc_ntp_conf_ORIG.stat.exists == False
+  tags:
+    - ntp-server
+
+- name: (ntp.yml) Update '/etc/ntp.conf'
+  template:
+    src: "etc/ntp.conf.j2"
+    dest: /etc/ntp.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart ntp
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - ntp-server
+

roles/common/tasks/pure-ftpd-install.yml

@@ -0,0 +1,52 @@
+---
+
+# ==========
+#
+# mostly copied from:
+#    https://github.com/gcoop-libre/ansible-role-pure-ftpd
+#
+#    git clone https://github.com/gcoop-libre/ansible-role-pure-ftpd.git
+#
+# ==========
+
+# ---
+# Install PureFTP Daemon
+# ---
+
+- include: pure-ftpd/setup.yml
+
+
+# ---
+# Configure PureFTP Daemon
+# ---
+
+- include: pure-ftpd/configure.yml
+
+
+# ---
+# Authentication Configuration
+# ---
+
+- include: pure-ftpd/authentication.yml
+
+
+# ---
+# Virtual user
+# ---
+
+- include: pure-ftpd/virtual-users.yml
+
+ 
+# ---
+# TLS Certificate
+# ---
+
+- include: pure-ftpd/tls-certificate.yml
+
+
+- name: (pure-ftpd-install.yml) Ensure Pure-FTPd service is started enabled on startup.
+  service:
+    name: pure-ftpd
+    state: started
+    enabled: yes
+

roles/common/tasks/pure-ftpd/authentication.yml

@@ -0,0 +1,66 @@
+---
+
+# ---
+# Authentication Configuration
+# ---
+
+- name: (pure-ftpd-install.yml) Get current authentications.
+  command: ls -1 {{ pureftpd_config_auth_dir }}
+  register: pureftpd_current_auth
+  changed_when: false
+
+- name: (pure-ftpd-install.yml) Define empty pureftpd_authentications variable.
+  set_fact:
+    pureftpd_authentications: []
+
+- name: (pure-ftpd-install.yml) Enable PureDB authentication.
+  file:
+    src: "{{ pureftpd_config_conf_dir }}/PureDB"
+    dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_puredb }}pure"
+    state: link
+  when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined
+  notify: restart Pure-FTPd
+
+- name: (pure-ftpd-install.yml) Add PureDB to Pure-FTPd authentications.
+  set_fact:
+    pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_puredb }}pure']"
+  when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined
+
+- name: (pure-ftpd-install.yml) Add PAM to Pure-FTPd authentications.
+  set_fact:
+    pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_pam }}pam']"
+  when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined
+
+
+- name: (pure-ftpd-install.yml) Enable UNIX authentication.
+  file:
+    src: "{{ pureftpd_config_conf_dir }}/UnixAuthentication"
+    dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_unix }}unix"
+    state: link
+  when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined
+  notify: restart Pure-FTPd
+
+- name: (pure-ftpd-install.yml) Add UnixAuthentication to Pure-FTPd authentications.
+  set_fact:
+    pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_unix }}unix']"
+  when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined
+
+
+- name: (pure-ftpd-install.yml) Enable PAM authentication.
+  file:
+    src: "{{ pureftpd_config_conf_dir }}/PAMAuthentication"
+    dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_pam }}pam"
+    state: link
+  when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined
+  notify: restart Pure-FTPd
+
+
+# Delete unused authentification if exists
+
+- name: (pure-ftpd-install.yml) Delete old authentications.
+  file:
+    path: "{{ pureftpd_config_auth_dir }}/{{ item }}"
+    state: absent
+  when: item not in pureftpd_authentications
+  with_items: "{{ pureftpd_current_auth.stdout_lines }}"
+  notify: restart Pure-FTPd

roles/common/tasks/pure-ftpd/configure.yml

@@ -0,0 +1,45 @@
+---
+
+# ---
+# Configure PureFTP Daemon
+# ---
+
+# Remove old current configurations if exists
+
+- name: Upload Pure-FTPd global configuration file.
+  template:
+    src: etc/default/pure-ftpd-common.j2
+    dest: "{{ pureftpd_global_config_file }}"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart Pure-FTPd
+
+- name: (pure-ftpd-install.yml) Compile Pure-FTPd configurations (set fact..).
+  set_fact:
+    pureftpd_config_compiled: "{{ pureftpd_config }}"
+
+- name: (pure-ftpd-install.yml) Get current configuration.
+  command: ls -1 {{ pureftpd_config_conf_dir }}
+  register: pureftpd_current_config
+  changed_when: false
+
+- name: (pure-ftpd-install.yml) Delete old configuration.
+  file:
+    path: "{{ pureftpd_config_conf_dir }}/{{ item }}"
+    state: absent
+  when: pureftpd_config_compiled[item] is not defined
+  with_items: "{{ pureftpd_current_config.stdout_lines }}"
+  notify: restart Pure-FTPd
+
+# write new configuration
+
+- name: (pure-ftpd-install.yml) Write configuration.
+  template:
+    src: etc/pure-ftpd/conf/config.j2
+    dest: "{{ pureftpd_config_conf_dir }}/{{ item.key }}"
+    owner: root
+    group: root
+    mode: '0644'
+  with_dict: '{{ pureftpd_config_compiled }}'
+  notify: restart Pure-FTPd

roles/common/tasks/pure-ftpd/create-virtual-ftp-user.yml

@@ -0,0 +1,34 @@
+---
+
+# ---
+# Add virtual ftp users 
+# ---
+
+- name: "(create-virtual-ftp-user.yml) Verify if virtual ftp user {{ user.name }} exists"
+  command: pure-pw show {{ user.name }}
+  register: pureftpd_virtual_user_exists
+  changed_when: "pureftpd_virtual_user_exists.rc != 0"
+  failed_when: 
+    - "pureftpd_virtual_user_exists.rc != 0"
+    - "pureftpd_virtual_user_exists.rc != 16"
+  ignore_errors: true
+  loop_control:
+    label: '{{ user.name }}'
+
+- name: "(create-virtual-ftp-user.yml) Create virtual ftp user {{ user.name }} ."
+  shell: "(echo {{ user.password }}; echo {{ user.password }}) | pure-pw useradd {{ user.name }} -u {{ user.uid | default(pureftpd_virtual_users_user) }} -g {{ user.gid | default(pureftpd_virtual_users_group) }} -d {{ user.homedir }} -n {{ user.quota_files | default('\"\"') }} -N {{ user.quota_size | default('\"\"') }} -t {{ user.bandwidth_dl | default('\"\"') }} -T {{ user.bandwidth_ul | default('\"\"') }} -q {{ user.ratio_ul | default('\"\"') }} -Q {{ user.ratio_dl | default('\"\"') }}"
+  #when: pureftpd_virtual_user_exists.failed is defined and pureftpd_virtual_user_exists.failed
+  when: pureftpd_virtual_user_exists.changed
+  notify: reload Pure-FTPd users
+
+- name: "User {{ user.name }}: Update virtual user"
+  command: "pure-pw usermod {{ user.name }} -u {{ user.uid | default(pureftpd_virtual_users_user) }} -g {{ user.gid | default(pureftpd_virtual_users_group) }} -d {{ user.homedir }} -n {{ user.quota_files | default('\"\"') }} -N {{ user.quota_size | default('\"\"') }} -t {{ user.bandwidth_dl | default('\"\"') }} -T {{ user.bandwidth_ul | default('\"\"') }} -q {{ user.ratio_ul | default('\"\"') }} -Q {{ user.ratio_dl | default('\"\"') }}"
+  #when: pureftpd_virtual_user_exists.failed is defined and not pureftpd_virtual_user_exists.failed
+  when: not pureftpd_virtual_user_exists.changed
+  notify: reload Pure-FTPd users
+
+- name: "User {{ user.name }}: Update virtual user password"
+  shell: "(echo {{ user.password }}; echo {{ user.password }}) | pure-pw passwd {{ user.name }}"
+  when: not pureftpd_virtual_user_exists.changed
+  notify: reload Pure-FTPd users
+

roles/common/tasks/pure-ftpd/remove-virtual-user.yml

@@ -0,0 +1,19 @@
+---
+
+# ---
+# Remove virtual ftp users 
+# ---
+
+- name: "User {{ user.name }}: Verify if it exists"
+  command: pure-pw show {{ user.name }}
+  register: pureftpd_virtual_user_exists
+  changed_when: "pureftpd_virtual_user_exists.rc == 0"
+  failed_when: 
+    - "pureftpd_virtual_user_exists.rc != 0"
+    - "pureftpd_virtual_user_exists.rc != 16"
+  ignore_errors: true
+
+- name: "User {{ user.name }}: Remove virtual user"
+  shell: "pure-pw userdel {{ user.name }}"
+  when: pureftpd_virtual_user_exists.changed
+  notify: reload Pure-FTPd users

roles/common/tasks/pure-ftpd/setup.yml

@@ -0,0 +1,21 @@
+---
+  
+# ---
+# Install PureFTP Daemon
+# ---
+
+- name: (pure-ftpd-install.yml) Ensure Pure-FTPd is installed.
+  apt:
+    name: "{{ pureftpd_packages }}"
+    state: present
+    cache_valid_time: 3600
+    update_cache: yes
+
+- name: (pure-ftpd-install.yml) Upload Pure-FTPd global configuration file.
+  template:
+    src: etc/default/pure-ftpd-common.j2
+    dest: "{{ pureftpd_global_config_file }}"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart Pure-FTPd

roles/common/tasks/pure-ftpd/tls-certificate.yml

@@ -0,0 +1,40 @@
+---
+ 
+# ---
+# TLS Certificate
+# ---
+
+# - method 'generate'
+
+- name: Generate Pure-FTPd TLS certificate.
+  command: openssl req -x509 -nodes -newkey rsa:{{ pureftpd_tls_certificate_openssl.size | default(4096) }} -sha256 -days {{ pureftpd_tls_certificate_openssl.days | default(365) }} -keyout {{ pureftpd_tls_certificate_pem }} -out {{ pureftpd_tls_certificate_pem }} -subj "/C={{ pureftpd_tls_certificate_openssl.country | default('') }}/ST={{ pureftpd_tls_certificate_openssl.state | default('') }}/L={{ pureftpd_tls_certificate_openssl.locality | default('') }}/O={{ pureftpd_tls_certificate_openssl.organization | default('') }}/OU={{ pureftpd_tls_certificate_openssl.unit | default('') }}/CN={{ pureftpd_tls_certificate_openssl.fqdn }}"
+  args:
+    creates: "{{ pureftpd_tls_certificate_pem }}"
+  when: 
+    - pureftpd_tls_certificate_method == 'generate'
+    - pureftpd_tls_certificate_openssl | length > 0
+  notify: restart Pure-FTPd
+
+- name: Ensure Pure-FTPd TLS certificate permissions.
+  file:
+    path: "{{ pureftpd_tls_certificate_pem }}"
+    owner: root
+    group: root
+    mode: '0600'
+    state: file
+  when: 
+    - pureftpd_tls_certificate_method == 'generate'
+    - pureftpd_tls_certificate_openssl | length > 0
+
+# - final checks
+
+- name: (pure-ftpd-install.yml) Verify TLS certificate exists.
+  stat:
+    path: "{{ pureftpd_tls_certificate_pem }}"
+  register: pureftpd_tls_certificate
+
+- name: (pure-ftpd-install.yml) Fail when no certificate is found.
+  fail:
+    msg: |
+        The certificate file was not found at {{ pureftpd_tls_certificate_pem }}
+  when: not pureftpd_tls_certificate.stat.exists | default(False)

roles/common/tasks/pure-ftpd/virtual-users.yml

@@ -0,0 +1,57 @@
+---
+
+# Default virtual users/group
+
+- name: (pure-ftpd-install.yml) Ensure Pure-FTPd group exists.
+  group:
+    name: "{{ pureftpd_virtual_users_group }}"
+    gid: "{{ pureftpd_virtual_users_gid | default(omit) }}"
+    system: no
+    state: present
+  when: pureftpd_virtual_users | length > 0
+
+- name: (pure-ftpd-install.yml) Ensure Pure-FTPd user exists.
+  user:
+    name: "{{ pureftpd_virtual_users_user }}"
+    uid: "{{ pureftpd_virtual_users_uid | default(omit) }}"
+    group: "{{ pureftpd_virtual_users_group }}"
+    home: /dev/null
+    shell: /usr/sbin/nologin
+    system: no
+    state: present
+  when: pureftpd_virtual_users | length > 0
+
+# user databas
+
+- name: (pure-ftpd-install.yml) Verify virtual users database existence.
+  stat:
+    path: "{{ pureftpd_config_dir }}/pureftpd.passwd"
+  register: pureftpd_virtual_users_database
+
+- name: (pure-ftpd-install.yml) Ensure virtual users database exists.
+  file:
+    path: "{{ pureftpd_config_dir }}/pureftpd.passwd"
+    owner: root
+    group: root
+    mode: '0600'
+    state: touch
+  when: (pureftpd_virtual_users | length > 0) and not pureftpd_virtual_users_database.stat.exists | default(False)
+
+
+# - Cretate virtual user
+
+- include_tasks: create-virtual-ftp-user.yml
+  vars:
+    user: "{{ item }}"
+  with_items: "{{ pureftpd_virtual_users }}"
+  when: pureftpd_virtual_users | length > 0
+  no_log: true
+
+
+# Remove virtual user
+# -
+- include_tasks: remove-virtual-user.yml
+  vars:
+    user: "{{ item }}"
+  with_items: "{{ pureftpd_virtual_deleted_users }}"
+  when: pureftpd_virtual_deleted_users | length > 0

roles/common/tasks/root-files-scripts.yml

@@ -0,0 +1,51 @@
+---
+
+- name: (root_files_scripts.yml) Ensure directory /root/bin exists
+  file:
+    path: /root/bin
+    owner: root
+    group: root
+    mode: '0700'
+    state: directory
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+
+- name: (root_files_scripts.yml) Ensure script 'wakeup_lan.sh' is present
+  template:
+    src: "root/bin/wakeup_lan.sh.j2"
+    dest: /root/bin/wakeup_lan.sh
+    owner: root
+    group: root
+    mode: 0755
+  when:
+    - groups['file_server']|string is search(inventory_hostname)
+  tags:
+    - wakeup_lan
+
+- name: (root_files_scripts.yml) Check file '/etc/motd.ORIG' exists
+  stat:
+    path: /etc/motd.ORIG
+  register: etc_motd_ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+  tags:
+    - etc_motd
+
+- name: (basic.yml) Backup installation version of file '/etc/motd'
+  command: cp -a /etc/motd /etc/motd.ORIG
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+    - etc_motd_ORIG.stat.exists == False
+  tags:
+    - etc_motd
+
+
+- name: (root_files_scripts.yml) Write new '/etc/motd' file..
+  shell: >
+    figlet '{{ nis_server_name.split(".")[0] }}' > /etc/motd
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
+    - etc_motd_ORIG.stat.exists == False
+  tags:
+    - etc_motd
+

roles/common/tasks/samba-install.yml

@@ -0,0 +1,185 @@
+---
+
+# ---
+# Samba Server
+# ---
+
+- name: (samba-install.yml) Ensure samba packages server (buster) are installed.
+  package:
+    pkg: '{{ apt_install_server_samba }}'
+    state: present
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  tags:
+    - samba-server
+
+- name: (samba-install.yml) Ensure samba share directories exists
+  file:
+    path: "{{ item.path }}"
+    owner: "root"
+    group: "{{ item.group_write_list }}"
+    mode: '2770'
+    state: directory
+  with_items: "{{ samba_shares }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  tags:
+    - samba-shares
+
+
+# ---
+# /etc/samba/smb.conf
+# ---
+
+- name: (samba-install.yml) Check if file '/etc/samba/smb.conf.ORIG exists'
+  stat:
+    path: /etc/samba/smb.conf.ORIG
+  register: smb_conf_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  tags:
+    - samba-server
+
+- name: (samba-install.yml) Backup existing file /etc/samba/smb.conf
+  command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - smb_conf_exists.stat.exists == False
+  tags:
+    - samba-server
+
+
+- name: (samba-install.yml) /etc/samba/smb.conf
+  template:
+    dest: /etc/samba/smb.conf
+    src: etc/samba/smb.conf.j2
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  notify:
+    - Restart smbd
+    - Restart nmbd
+  tags:
+    - samba-server
+
+
+- name: (samba-install.yml) Ensure file /etc/samba/users.map exists
+  copy:
+    src: "{{ role_path + '/files/etc/samba/users.map' }}"
+    dest: /etc/samba/users.map
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  notify:
+    - Restart smbd
+    - Restart nmbd
+  tags:
+    - samba-server
+
+
+# ---
+# Cronjob for cleaning up samba trash dirs
+# ---
+
+- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists
+  stat:
+    path: /root/bin/samba/clean_samba_trash.sh
+  register: clean_samba_trash_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+- name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh'
+  template: 
+    dest: /root/bin/samba/conf/clean_samba_trash.conf
+    src: root/bin/samba/conf/clean_samba_trash.conf.j2
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - clean_samba_trash_exists.stat.exists|bool
+  tags:
+    - samba-server
+
+
+- name: (samba-install.yml) Check if cleaning up trash dirs is configured
+  lineinfile:
+    path: /root/bin/samba/conf/clean_samba_trash.conf
+    regexp: "^trash_dirs=*"
+    state: absent
+  check_mode: yes
+  changed_when: false
+  register: clean_samba_trash_dirs
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+
+- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
+  cron:
+    name: '{{ samba_cronjob_trash_dirs.name }}'
+    minute: '{{ samba_cronjob_trash_dirs.minute }}'
+    hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}"
+    day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}"
+    month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}"
+    weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}"
+    user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
+    job: "{{ samba_cronjob_trash_dirs.job }}"
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - clean_samba_trash_dirs.found
+
+
+# ---
+# Cronjob for setting permissions on samba shares
+# ---
+
+- name: (samba-install.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
+  stat:
+    path: /root/bin/samba/set_permissions_samba_shares.sh
+  register: set_permissions_on_samba_shares_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+
+- name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
+  template: 
+    dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
+    src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - set_permissions_on_samba_shares_exists.stat.exists|bool
+  tags:
+    - samba-server
+
+
+- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
+  cron:
+    name: '{{ samba_cronjob_permissions.name }}'
+    minute: '{{ samba_cronjob_permissions.minute }}'
+    hour: "{{ samba_cronjob_permissions.hour | default('*') }}"
+    day: "{{ samba_cronjob_permissions.day | default('*') }}"
+    month: "{{ samba_cronjob_permissions.month| default('*') }}"
+    weekday: "{{ samba_cronjob_permissions.weekday| default('*') }}"
+    user: "{{ samba_cronjob_permissions.user | default('root') }}"
+    job: "{{ samba_cronjob_permissions.job }}"
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - clean_samba_trash_dirs.found
+
+
+# ---
+# Samba clients
+# ---
+
+- name: (samba-install.yml) Ensure samba packages clients are installed.
+  package:
+    pkg: "{{ apt_install_client_samba }}"
+    state: present
+  when: 
+    - "groups['nis_client']|string is search(inventory_hostname)"
+    - ansible_distribution == "Ubuntu"
+  tags:
+    - samba-client
+

roles/common/tasks/samba-remove-user.yml

@@ -0,0 +1,57 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+
+- name: (samba-remove-user.yml) Check if samba user exists for removable system user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_remove_system_users_present
+  changed_when: "samba_remove_system_users_present.rc == 0"
+  failed_when: "samba_remove_system_users_present.rc > 1"
+  with_items: 
+    - "{{ remove_system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Remove (old) system users from samba
+  shell: >
+    smbpasswd -s -x {{ item.item.name }}
+  with_items: 
+    - "{{ samba_remove_system_users_present.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: 
+    - item.changed
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Check if samba user exists for removable nis user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_remove_nis_users_present
+  changed_when: "samba_remove_nis_users_present.rc == 0"
+  failed_when: "samba_remove_nis_users_present.rc > 1"
+  with_items:
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - samba-user
+
+
+- name: (samba-remove-user.yml) Remove (old) nis users from samba
+  shell: >
+    smbpasswd -s -x {{ item.item.name }}
+  with_items:
+    - "{{ samba_remove_nis_users_present.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.changed
+  tags:
+    - samba-user

roles/common/tasks/samba-user.yml

@@ -0,0 +1,30 @@
+---
+
+# ---
+# - default user/groups
+# ---
+
+- name: (samba-user.yml) Check if samba user exists for nis user
+  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
+  register: samba_nis_user_present
+  changed_when: "samba_nis_user_present.rc == 1"
+  failed_when: "samba_nis_user_present.rc > 1"
+  loop: "{{ nis_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - item.is_samba_user is defined and item.is_samba_user|bool
+  tags:
+    - samba-user
+
+- name: (samba-user.yml) Add nis user to samba (with nis users password)
+  shell: >
+    (echo '{{ item.item.password }}'; echo '{{ item.item.password }}') 
+    | smbpasswd -s -a {{ item.item.name }}
+  loop: "{{ samba_nis_user_present.results }}"
+  when: item.changed
+  loop_control:
+    label: '{{ item.item.name }}'
+  tags:
+    - samba-user
+

roles/common/tasks/sshd.yml

@@ -0,0 +1,29 @@
+---
+
+- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
+  stat:
+    path: /etc/ssh/sshd_config.ORIG
+  register: etc_sshd_sshd_config_ORIG
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
+  command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
+  when: etc_sshd_sshd_config_ORIG.stat.exists == False
+  tags:
+    - sshd-config
+
+
+- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+    validate: 'sshd -f %s -T'
+    #backup: yes
+  notify: "Restart ssh"
+  tags:
+    - sshd-config
+

roles/common/tasks/sudoers-pc.yml

@@ -0,0 +1,32 @@
+---
+
+- name: (sudoers-pc.yml) update specific sudoers configuration files (/etc/sudoers.d/)
+  template:
+    src: etc/sudoers.d/50-user.pc.j2
+    dest: /etc/sudoers.d/50-user
+    validate: visudo -cf %s
+    owner: root
+    group: root
+    mode: 0440
+  tags:
+    - sudoers-file-configuration
+
+- name: (sudoers-pc.yml) update global sudoers configuration file
+  template:
+    src: etc/sudoers.pc.j2
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+  tags:
+    - sudoers-global-configuration
+
+- name: (sudoers-pc.yml) Ensure all sudo_users are in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ sudo_pc_users }}"
+  tags:
+    - sudo-users

roles/common/tasks/sudoers-server.yml

@@ -0,0 +1,57 @@
+---
+
+#- name: (sudoers-server.yml) include variables
+#  include_vars: "{{ item }}"
+#  with_first_found:
+#    - "sudoers-{{ inventory_hostname }}.yml"
+#    - "sudoers-{{ ansible_distribution_release }}.yml"
+#    - "sudoers-{{ ansible_distribution | lower }}.yml"
+#    - "sudoers-default.yml"
+#  tags:
+#    - sudoers-remove
+#    - sudoers-file-configuration
+#    - sudoers-global-configuration
+    
+- name: (sudoers-server.yml) Remove user entries in file /etc/sudoers
+  lineinfile:
+    dest: /etc/sudoers
+    state: absent
+    regexp: '^{{ item }}'
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+  with_items: '{{ sudoers_server_remove_user }}'
+  tags:
+    - sudoers-remove
+
+- name: (sudoers-server.yml) update specific sudoers configuration files (/etc/sudoers.d/)
+  template:
+    src: etc/sudoers.d/50-user.server.j2
+    dest: /etc/sudoers.d/50-user
+    #validate: visudo -cf %s
+    owner: root
+    group: root
+    mode: 0440
+  tags:
+    - sudoers-file-configuration
+
+- name: (sudoers-server.yml) update global sudoers configuration file
+  template:
+    src: etc/sudoers.server.j2
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: 0440
+    #validate: visudo -cf %s
+  tags:
+    - sudoers-global-configuration
+
+- name: (sudoers-server.yml) Ensure all sudo_users are in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ sudo_server_users }}"
+  tags:
+    - sudo-users

roles/common/tasks/system-remove-user.yml

@@ -0,0 +1,29 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+- name: (system-remove-user.yml) Remove (old) users from system
+  user:
+    name: '{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - nis-user
+    - system-user
+
+- name: (system-remove-user.yml) Remove home directory from deleted users
+  file:
+    path: '{{ nis_base_home }}/{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - nis-user
+    - system-user

roles/common/tasks/system-user-systemfiles.yml

@@ -0,0 +1,278 @@
+---
+
+# ---
+# Check if local template directories exists
+# ---
+
+# system_user
+- name: (system-user-systemfiles.yml) Check if local template directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
+  with_items: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_system_users
+
+# root
+- name: (system-user-systemfiles.yml) Check if local template directory exists for root
+  local_action: stat path={{ inventory_dir }}/files/homedirs/root
+  register: local_template_dir_root
+
+
+# -- 
+# Copy .profile 
+# --- 
+
+- name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.profile.ORIG"
+  register: profile_user_orig_exists
+  loop: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - profile
+
+- name: (user-systemfiles.yml) Backup existing users .profile file
+  command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
+  loop: "{{ profile_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == False
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) copy .profile if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{  local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) copy default .profile if it exists
+  template:
+    src: files/homedirs/DEFAULT/_profile
+    dest: "~{{ item.item.name }}/.profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+    - lookup('fileglob', inventory_dir + '/files/homedirs/DEFAULT/_profile')
+  tags:
+    - profile
+
+# -- root user
+- name: (system-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
+  stat:
+    path: /root/.profile.ORIG
+  register: profile_root_orig_exists
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) Backup existing users .profile file
+  command: cp -a /root/.profile /root/.profile.ORIG
+  when: profile_root_orig_exists.stat.exists == False
+  tags:
+    - profile
+
+- name: (system-user-systemfiles.yml) copy .profile for user root
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
+    dest: "/root/.profile"
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
+  tags:
+    - profile
+
+# --
+# Copy .bashrc
+# ---
+
+- name: (system-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.bashrc.ORIG"
+  register: bashrc_user_orig_exists
+  loop: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - bashrc
+
+- name: (system-user-systemfiles.yml) Backup existing users .bashrc file
+  command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
+  loop: "{{ bashrc_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when: item.stat.exists == False
+  tags:
+    - bashrc
+
+- name: (system-user-systemfiles.yml) copy .bashrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
+  tags:
+    - bashrc
+
+- name: (system-user-systemfiles.yml) copy default .bashrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_bashrc
+    dest: "~{{ item.item.name }}/.bashrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - bashrc
+
+# -- root user
+- name: (system-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
+  stat:
+    path: /root/.bashrc.ORIG
+  register: bashrc_root_orig_exists
+  tags:
+    - bash
+
+- name: (system-user-systemfiles.yml) Backup /root/.bashrc file
+  command: cp /root/.bashrc /root/.bashrc.ORIG
+  when: bashrc_root_orig_exists.stat.exists == False
+  tags:
+    - bash
+
+- name: (system-user-systemfiles.yml) copy .bashrc for user root
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
+    dest: "/root/.bashrc"
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
+  tags:
+    - bash
+
+# --
+# Copy .vimrc
+# ---
+
+- name: (system-user-systemfiles.yml) copy .vimrc if it exists
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
+  tags:
+    - vimrc
+
+- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users
+  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
+  with_items: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  register: local_template_dir_dotvim_default_user
+
+- name: (system-user-systemfiles.yml) copy .vim directory if it exists
+  copy:
+    src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
+    dest: "~{{ item.item.name }}"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  with_items: "{{ local_template_dir_dotvim_default_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists
+  tags:
+    - vimrc
+
+- name: (system-user-systemfiles.yml) copy default .vimrc if it exists
+  copy:
+    src: files/homedirs/DEFAULT/_vimrc
+    dest: "~{{ item.item.name }}/.vimrc"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{ local_template_dir_system_users.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - item.stat.exists == false
+  tags:
+    - vimrc
+
+
+- name: (system-user-systemfiles.yml) copy .vimrc for user root
+  copy:
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
+    dest: "/root/.vimrc"
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
+  tags:
+    - vimrc
+
+- name: (system-user-systemfiles.yml) Check if local template directory .vim  exists for user root
+  local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
+  register: local_template_dir_vim_root
+  with_items: 'root'
+  loop_control:
+    label: 'root'
+
+- name: (system-user-systemfiles.yml) copy .vim directory for user root if it exists
+  copy:
+    src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
+    dest: "/root"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  with_items: "{{ local_template_dir_vim_root.results }}"
+  loop_control:
+    label: 'root'
+  when:
+    - item.stat.exists
+  tags:
+    - vim
+
+

roles/common/tasks/system-user.yml

@@ -0,0 +1,64 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+- name: (user.yml) Remove (old) users from system
+  user:
+    name: '{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - system-user
+
+- name: (user.yml) Remove home directory from deleted users
+  file:
+    path: '{{ base_home }}/{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - system-user
+
+# ---
+# - default user/groups
+# ---
+
+- name: (user.yml) Ensure system groups exists
+  group:
+    name: '{{ item.name }}'
+    state: present
+    gid: '{{ item.group_id | default(omit) }}'
+  loop: "{{ system_groups }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: item.group_id is defined
+  notify: Renew nis databases
+  tags:
+    - system-user
+    
+#- meta: end_host
+
+- name: (system-user.yml) Get database of nis (system) users
+  getent:
+    database: passwd
+  tags:
+    - system-user
+
+- name: (system-user.yml) Add (system) users if not yet exists..
+  shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
+  loop: "{{ system_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - item.name not in getent_passwd
+  notify: Renew nis databases
+  tags:
+    - system-user
+

roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml

@@ -0,0 +1,55 @@
+---
+  # Title: app-x11vnc-server
+  #
+  # Author: Luc Rutten
+  # Version: 1.0
+  # File: tasks/main.yml
+  #
+  # Description:
+  #   Remote support
+  #
+  # Source:
+  #   - http://c-nergy.be/blog/?p=8984
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) check if x11vnc is already installed, if not found skipping...."
+    stat:
+      path: /usr/bin/x11vnc
+    register: x11vnc_active
+ 
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Install packages"
+    apt:
+      name: ['x11vnc']
+      update_cache: yes
+      state: present
+    when: x11vnc_active.stat.exists == False
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Store password"
+    shell: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass"
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Set permissions on /etc/x11vnc.pass"
+    file:
+     path: /etc/x11vnc.pass
+     mode: 0644
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
+    template:
+      src: lib/systemd/system/x11vnc.service.j2
+      dest: /lib/systemd/system/x11vnc.service
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Start x11vnc service"
+    shell: service x11vnc start
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Enable x11vnc service on boot"
+    systemd:
+      name: x11vnc.service
+      daemon_reload: yes
+      enabled: yes
+      state: started
+
+#  - name: "(ubuntu-x11vnc-1604-amd64.yml) Blocks x11vnc in GreenOS Desktop Environment for enduser "
+#    file:
+#      path: "/usr/share/applications/x11vnc.desktop"
+#      mode: 0740
+#      owner: root
+#      group: administrator
+

roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml

@@ -0,0 +1,61 @@
+---
+  # Title: app-x11vnc-server
+  #
+  # Author: Luc Rutten
+  # Version: 1.0
+  # File: tasks/main.yml
+  #
+  # Description:
+  #   Remote support
+  #
+  # Source:
+  #   - http://c-nergy.be/blog/?p=8984
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Install packages"
+    apt:
+      name: "{{ packages }}"
+      update_cache: yes
+      state: present
+    vars:
+      packages:
+        - x11vnc
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) get numeric id for group 'gdm'"
+    shell: echo "$(id -u gdm)"
+    register: grp_id_gdm
+
+  - name: Check if file '/etc/gdm3/custom.conf' exists
+    stat:
+      path: /etc/gdm3/custom.conf
+    register: etc_gdm_custom_conf_exists
+
+  - name: Adjust file '/etc/gdm3/custom.conf'
+    lineinfile:
+      dest: /etc/gdm3/custom.conf
+      state: present
+      regexp: '^WaylandEnable'
+      line: 'WaylandEnable=false'
+      insertafter: '^#?\s*WaylandEnable'
+    when:
+      - etc_gdm_custom_conf_exists.stat.exists
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Store password"
+    raw: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass"
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Set permissions on /etc/x11vnc.pass"
+    file:
+     path: "/etc/x11vnc.pass"
+     mode: 0644
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
+    template:
+      src: lib/systemd/system/x11vnc-gdm3.service.j2
+      dest: /lib/systemd/system/x11vnc.service
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Enable service"
+    systemd:
+      name: x11vnc.service
+      daemon_reload: yes
+      enabled: yes
+      state: restarted
+

roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml

@@ -0,0 +1,71 @@
+---
+  # Title: app-x11vnc-server
+  #
+  # Author: Luc Rutten
+  # Version: 1.0
+  # File: tasks/main.yml
+  #
+  # Description:
+  #   Remote support
+  #
+  # Source:
+  #   - http://c-nergy.be/blog/?p=8984
+
+  - name: "(ubuntu-x11vnc-2004-amd64.yml) Install packages"
+    apt:
+      name: "{{ packages }}"
+      update_cache: yes
+      state: present
+    vars:
+      packages:
+        - x11vnc
+
+  - name: "(ubuntu-x11vnc-2004-amd64.yml) get numeric id for group 'gdm'"
+    shell: echo "$(id -u gdm)"
+    register: grp_id_gdm
+
+  - name: "(ubuntu-x11vnc-2004-amd64.yml) Store password"
+    raw: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass"
+
+  - name: Check if file '/etc/gdm3/custom.conf' exists
+    stat:
+      path: /etc/gdm3/custom.conf
+    register: etc_gdm_custom_conf_exists
+
+  - name: Adjust file '/etc/gdm3/custom.conf'
+    lineinfile:
+      dest: /etc/gdm3/custom.conf
+      state: present
+      regexp: '^WaylandEnable'
+      line: 'WaylandEnable=false'
+      insertafter: '^#?\s*WaylandEnable'
+    when:
+      - etc_gdm_custom_conf_exists.stat.exists
+
+
+  - name: "(ubuntu-x11vnc-2004-amd64.yml) Set permissions on /etc/x11vnc.pass"
+    file:
+      path: /etc/x11vnc.pass
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: "(ubuntu-x11vnc-2004-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
+    template:
+      src: lib/systemd/system/x11vnc-gdm3.service.j2
+      dest: /lib/systemd/system/x11vnc.service
+
+  - name: "(ubuntu-x11vnc-2004-amd64.yml) Enable service"
+    systemd:
+      name: x11vnc.service
+      daemon_reload: yes
+      enabled: yes
+      state: restarted
+
+#  - name: "(ubuntu-x11vnc-2004-amd64.yml) Remove whisker menu entry for allusers (except owner and group)"
+#    file:
+#      path: "/usr/share/applications/x11vnc.desktop"
+#      mode: 0750
+#      owner: root
+#      group: root
+

roles/common/templates/etc/apt/sources.list.Debian.j2

@@ -0,0 +1,44 @@
+# {{ ansible_managed }}
+
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+
+{% if ansible_facts['distribution_major_version'] | int >= 11 %}
+deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
+{% else %}
+deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
+{% endif %}
+{% if not apt_src_enable %}
+{% if ansible_facts['distribution_major_version'] | int >= 11 %}
+#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
+{% else %}
+#deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
+{% endif %}
+{% else %}
+{% if ansible_facts['distribution_major_version'] | int >= 11 %}
+deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
+{% else %}
+deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
+{% endif %}
+{% endif %}
+
+# {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+
+# Contrib packages contain DFSG-compliant software,
+# but have dependencies not in main (possibly packaged for Debian in non-free).
+# Non-free contains software that does not comply with the DFSG.
+{% if apt_debian_contrib_nonfree_enable %}
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+{% endif %}
+
+# # N.B. software from this repository may not have been tested as
+# # extensively as that contained in the main release, although it includes
+# # newer versions of some applications which may provide useful features.
+{% if apt_backports_enable %}
+deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+{% endif %}
+

roles/common/templates/etc/cups/cups-browsed.conf.client.j2

@@ -0,0 +1,746 @@
+# {{ ansible_managed }}
+
+# All configuration options described here can also be supplied on the
+# command line of cups-browsed via the "-o" option. In case of
+# contradicting settings the setting defined in the configuration file
+# will get used.
+
+# Unknown directives are ignored, also unknown values.
+
+
+# Where should cups-browsed save information about the print queues it had
+# generated when shutting down, like whether one of these queues was the
+# default printer, or default option settings of the queues?
+
+# CacheDir /var/cache/cups
+
+
+# Where should cups-browsed create its debug log file (if "DebugLogging file"
+# is set)?
+
+# LogDir /var/log/cups
+
+
+# How should debug logging be done? Into the file
+# /var/log/cups/cups-browsed_log ('file'), to stderr ('stderr'), or
+# not at all ('none')?
+
+# Note that if cups-browsed is running as a system service (for
+# example via systemd) logging to stderr makes the log output going to
+# the journal or syslog. Only if you run cups-browsed from the command
+# line (for development or debugging) it will actually appear on
+# stderr.
+
+# DebugLogging file
+# DebugLogging stderr
+# DebugLogging file stderr
+# DebugLogging none
+
+
+# Which protocols will we use to discover printers on the network?
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+#BrowseRemoteProtocols dnssd cups
+BrowseRemoteProtocols CUPS
+
+
+# Which protocols will we use to broadcast shared local printers to the network?
+# Can use DNSSD and/or CUPS, or 'none' for neither.
+# Only CUPS is actually supported, as DNSSD is done by CUPS itself (we ignore
+# DNSSD in this directive).
+
+# BrowseLocalProtocols none
+
+
+# Settings of this directive apply to both BrowseRemoteProtocols and
+# BrowseLocalProtocols.
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+# BrowseProtocols none
+
+
+# Only browse remote printers (via DNS-SD or CUPS browsing) from
+# selected servers using the "BrowseAllow", "BrowseDeny", and
+# "BrowseOrder" directives
+
+# This serves for restricting the choice of printers in print dialogs
+# to trusted servers or to reduce the number of listed printers in the
+# print dialogs to a more user-friendly amount in large networks with
+# very many shared printers.
+
+# This only filters the selection of remote printers for which
+# cups-browsed creates local queues. If the print dialog uses other
+# mechanisms to list remote printers as for example direct DNS-SD
+# access, cups-browsed has no influence. cups-browsed also does not
+# prevent the user from manually accessing non-listed printers.
+
+# "BrowseAllow": Accept printers from these hosts or networks. If
+# there are only "BrowseAllow" lines and no "BrowseOrder" and/or
+# "BrowseDeny" lines, only servers matching at last one "BrowseAllow"
+# line are accepted.
+
+# "BrowseDeny": Deny printers from these hosts or networks. If there
+# are only "BrowseDeny" lines and no "BrowseOrder" and/or
+# "BrowseAllow" lines, all servers NOT matching any of the
+# "BrowseDeny" lines are accepted.
+
+# "BrowseOrder": Determine the order in which "BrowseAllow" and
+# "BrowseDeny" lines are applied. With "BrowseOrder Deny,Allow" in the
+# beginning all servers are accepted, then the "BrowseDeny" lines are
+# applied to exclude unwished servers or networks and after that the
+# "BrowseAllow" lines to re-include servers or networks. With
+# "BrowseOrder Allow,Deny" we start with denying all servers, then
+# applying the "BrowseAllow" lines and afterwards the "BrowseDeny"
+# lines.
+
+# Default for "BrowseOrder" is "Deny.Allow" if there are both
+# "BrowseAllow" and "BrowseDeny" lines.
+
+# If there are no "Browse..." lines at all, all servers are accepted.
+
+# BrowseAllow All
+# BrowseAllow cups.example.com
+# BrowseAllow 192.168.1.12
+# BrowseAllow 192.168.1.0/24
+# BrowseAllow 192.168.1.0/255.255.255.0
+
+# BrowseDeny All
+# BrowseDeny printserver.example.com
+# BrowseDeny 192.168.1.13
+# BrowseDeny 192.168.3.0/24
+# BrowseDeny 192.168.3.0/255.255.255.0
+
+# BrowseOrder Deny,Allow
+# BrowseOrder Allow,Deny
+
+
+# The interval between browsing/broadcasting cycles, local and/or
+# remote, can be adjusted with the BrowseInterval directive.
+
+# BrowseInterval 60
+
+
+# Browsing-related operations such as adding or removing printer queues
+# and broadcasting are each allowed to take up to a given amount of time.
+# It can be configured, in seconds, with the BrowseTimeout directive.
+# Especially queues discovered by CUPS broadcasts will be removed after
+# this timeout if no further broadcast from the server happens.
+
+# BrowseTimeout 300
+
+# Filtering of remote printers by other properties than IP addresses
+# of their servers
+
+# Often the desired selection of printers cannot be reached by only
+# taking into account the IP addresses of the servers. For these cases
+# there is the BrowseFilter directive to filter by most of the known
+# properties of the printer.
+
+# By default there is no BrowseFilter line meaning that no filtering
+# is applied.
+
+# To do filtering one can supply one or more BrowseFilter directives
+# like this:
+
+# BrowseFilter [NOT] [EXACT] <FIELD> [<VALUE>]
+
+# The BrowseFilter directive always starts with the word
+# "BrowseFilter" and it must at least contain the name of the data
+# field (<FIELD>) of the printer's properties to which it should
+# apply.
+
+# Available field names are:
+
+#   name:    Name of the local print queue to be created
+#   host:    Host name of the remote print server
+#   port:    Port through which the printer is accessed on the server
+#   service: DNS/SD service name of the remote printer
+#   domain:  Domain of the remote print server
+
+# Also all field names in the TXT records of DNS-SD-advertised printers
+# are valid, like "color", "duplex", "pdl", ... If the field name of
+# the filter rule does not exist for the printer, the rule is skipped.
+
+# The optional <VALUE> field is either the exact value (when the
+# option EXACT is supplied) or a regular expression (Run "man 7 regex"
+# in a terminal window) to be matched with the data field.
+
+# If no <VALUE> filed is supplied, rules with field names of the TXT
+# record are considered for boolean matching (true/false) of boolean
+# field (like duplex, which can have the values "T" for true and "F"
+# for false).
+
+# If the option NOT is supplied, the filter rule is fulfilled if the
+# regular expression or the exact value DOES NOT match the content of
+# the data field. In a boolean rule (without <VALUE>) the rule matches
+# false.
+
+# Regular expressions are always considered case-insensitive and
+# extended POSIX regular expressions. Field names and options (NOT,
+# EXACT) are all evaluated case-insensitive. If there is an error in a
+# regular expression, the BrowseFilter line gets ignored.
+
+# Especially to note is that supplying any simple string consisting of
+# only letters, numbers, spaces, and some basic special characters as
+# a regular expression matches if it is contained somewhere in the
+# data field.
+
+# If there is more than one BrowseFilter directive, ALL the directives
+# need to be fulfilled for the remote printer to be accepted. If one
+# is not fulfilled, the printer will get ignored.
+
+# Examples:
+
+# Rules for standard data items which are supplied with any remote
+# printer advertised via DNS-SD:
+
+# Print queue name must contain "hum_res_", this matches
+# "hum_res_mono" or "hum_res_color" but also "old_hum_res_mono":
+
+# BrowseFilter name hum_res_
+
+# This matches if the remote host name contains "printserver", like
+# "printserver.local", "printserver2.example.com", "newprintserver":
+
+# BrowseFilter host printserver
+
+# This matches all ports with 631 int its number, for example 631,
+# 8631, 10631,...:
+
+# BrowseFilter port 631
+
+# This rule matches if the DNS-SD service name contains "@ printserver":
+
+# Browsefilter service @ printserver
+
+# Matches all domains with "local" in their names, not only "local" but
+# also things like "printlocally.com":
+
+# BrowseFilter domain local
+
+# Examples for rules applying to items of the TXT record:
+
+# This rule selects PostScript printers, as the "PDL" field in the TXT
+# record contains "postscript" then. This includes also remote CUPS
+# queues which accept PostScript, independent of whether the physical
+# printer behind the CUPS queue accepts PostScript or not.
+
+# BrowseFilter pdl postscript
+
+# Color printers usually contain a "Color" entry set to "T" (for true)
+# in the TXT record. This rule selects them:
+
+# BrowseFilter color
+
+# This is a similar rule to select only duplex (automatic double-sided
+# printing) printers:
+
+# BrowseFilter duplex
+
+# Rules with the NOT option:
+
+# This rule EXCLUDES printers from all hosts containing "financial" in
+# their names, nice to get rid of the 100s of printers of the
+# financial department:
+
+# BrowseFilter NOT host financial
+
+# Get only monochrome printers ("Color" set to "F", meaning false, in
+# the TXT record):
+
+# BrowseFilter NOT color
+
+# Rules with more advanced use of regular expressions:
+
+# Only queue names which BEGIN WITH "hum_res_" are accepted now, so we
+# still get "hum_res_mono" or "hum_res_color" but not
+# "old_hum_res_mono" any more:
+
+# BrowseFilter name ^hum_res_
+
+# Server names is accepted if it contains "print_server" OR
+# "graphics_dep_server":
+
+# BrowseFilter host print_server|graphics_dep_server
+
+# "printserver1", "printserver2", and "printserver3", nothing else:
+
+# BrowseFilter host ^printserver[1-3]$
+
+# Printers understanding at least one of PostScript, PCL, or PDF:
+
+# BrowseFilter pdl postscript|pcl|pdf
+
+# Examples for the EXACT option:
+
+# Only printers from "printserver.local" are accepted:
+
+# BrowseFilter EXACT host printserver.local
+
+# Printers from all servers except "prinserver2.local" are accepted:
+
+# BrowseFilter NOT EXACT host prinserver2.local
+
+
+# Use BrowsePoll to poll a particular CUPS server
+
+# BrowsePoll cups.example.com
+# BrowsePoll cups.example.com:631
+# BrowsePoll cups.example.com:631/version=1.1
+
+
+# LDAP browsing configuration
+# The default value for all options is an empty string. Example configuration:
+
+# BrowseLDAPBindDN cn=cups-browsed,dc=domain,dc=tld
+# BrowseLDAPCACertFile /path/to/server/certificate.pem
+# BrowseLDAPDN ou=printers,dc=domain,dc=tld
+# BrowseLDAPFilter (printerLocation=/Office 1/*)
+# BrowseLDAPPassword s3cret
+# BrowseLDAPServer ldaps://ldap.domain.tld
+
+
+# Use DomainSocket to access the local CUPS daemon via another than the
+# default domain socket. "None" or "Off" lets cups-browsed not use CUPS'
+# domain socket.
+
+# DomainSocket /var/run/cups/cups.sock
+# DomainSocket None
+# DomainSocket Off
+
+
+# Set HTTP timeout (in seconds) for requests sent to local/remote
+# resources Note that too short timeouts can make services getting
+# missed when they are present and operations be unneccessarily
+# repeated and too long timeouts can make operations take too long
+# when the server does not respond.
+
+# HttpLocalTimeout 5
+# HttpRemoteTimeout 10
+
+# Set how many retries (N) should cups-browsed do for creating print
+# queues for remote printers which receive timeouts during print queue
+# creation.  The printers which are not successfuly set up even after
+# N retries, are skipped until the next restart of the service.  Note
+# that too many retries can cause high CPU load.
+
+# HttpMaxRetries 5
+
+# Set OnlyUnsupportedByCUPS to "Yes" will make cups-browsed not create
+# local queues for remote printers for which CUPS creates queues by
+# itself.  These printers are printers advertised via DNS-SD and doing
+# CUPS-supported (currently PWG Raster and Apple Raster) driverless
+# printing, including remote CUPS queues. Queues for other printers
+# (like for legacy PostScript/PCL printers) are always created
+# (depending on the other configuration settings of cups-browsed).
+
+# With OnlyUnsupportedByCUPS set to "No", cups-browsed creates queues
+# for all printers which it supports, including printers for which
+# CUPS would create queues by itself. Temporary queues created by CUPS
+# will get overwritten. This way it is assured that any extra
+# functionality of cups-browsed will apply to these queues. As queues
+# created by cups-browsed are permanent CUPS queues this setting is
+# also recommended if applications/print dialogs which do not support
+# temporary CUPS queues are installed. This setting is the default.
+
+# OnlyUnsupportedByCUPS Yes
+
+
+# With UseCUPSGeneratedPPDs set to "Yes" cups-browsed creates queues
+# for IPP printers with PPDs generated by the PPD generator of CUPS
+# and not with the one of cups-browsed. So any new development in
+# CUPS' PPD generator gets available. As CUPS' PPD generator is not
+# directly accessible, we need to make CUPS generate a temporary print
+# queue with the desired PPD. Therefore we can only use these PPDs
+# when our queue replaces a temporary CUPS queue, meaning that the
+# queue is for a printer on which CUPS supports driverless printing
+# (IPP 2.x, PDLs: PDF, PWG Raster, and/or Apple Raster) and that its
+# name is the same as CUPS uses for the temporary queue
+# ("LocalQueueNamingIPPPrinter DNS-SD" must be set). The directive
+# applies only to IPP printers, not to remote CUPS queues, to not
+# break clustering. Setting this directive to "No" lets cups-browsed
+# generate the PPD file. Default setting is "No".
+
+# UseCUPSGeneratedPPDs No
+
+
+# With the directives LocalQueueNamingRemoteCUPS and
+# LocalQueueNamingIPPPrinter you can determine how the names for local
+# queues generated by cups-browsed are generated, separately for
+# remote CUPS printers and IPP printers.
+
+# DNS-SD (the default in both cases) bases the naming on the service
+# name of the printer's advertised DNS-SD record. This is exactly the
+# same naming scheme as CUPS uses for its temporary queues, so the
+# local queue from cups-browsed prevents CUPS from listing and
+# creating an additional queue. As DNS-SD service names have to be
+# unique, queue names of printers from different servers will also be
+# unique and so there is no automatic clustering for load-balanced
+# printing.
+
+# MakeModel bases the queue name on the printer's manufacturer and
+# model names. This scheme cups-browsed used formerly for IPP
+# printers.
+
+# RemoteName is only available for remote CUPS queues and uses the
+# name of the queue on the remote CUPS server as the local queue's
+# name. This makes printers on different CUPS servers with equal queue
+# names automatically forming a load-balancing cluster as CUPS did
+# formerly (CUPS 1.5.x and older) with CUPS-broadcasted remote
+# printers. This scheme cups-browsed used formerly for remote CUPS
+# printers.
+
+# LocalQueueNamingRemoteCUPS DNS-SD
+# LocalQueueNamingRemoteCUPS MakeModel
+# LocalQueueNamingRemoteCUPS RemoteName
+# LocalQueueNamingIPPPrinter DNS-SD
+# LocalQueueNamingIPPPrinter MakeModel
+
+
+# Set DNSSDBasedDeviceURIs to "Yes" if cups-browsed should use
+# DNS-SD-service-name-based device URIs for its local queues, as CUPS
+# also does. These queues use the DNS-SD service name of the
+# discovered printer. With this the URI is independent of network
+# interfaces and ports, giving reliable connections to always the same
+# physical device. This setting is the default.
+
+# Set DNSSDBasedDeviceURIs to "No" if cups-browsed should use the
+# conventional host-name/IP-based URIs.
+
+# Note that this option has only influence on URIs for printers
+# discovered via DNS-SD, not via legacy CUPS broewsing or LDAP.
+# Those printers get always assigned the conventional URIs.
+
+# DNSSDBasedDeviceURIs Yes
+
+
+# Set IPBasedDeviceURIs to "Yes" if cups-browsed should create its
+# local queues with device URIs with the IP addresses instead of the
+# host names of the remote servers. This mode is there for any
+# problems with host name resolution in the network, especially also
+# if avahi-daemon is only run for printer discovery and already
+# stopped while still printing. By default this mode is turned off,
+# meaning that we use URIs with host names.
+
+# Note that the IP addresses depend on the network interface through
+# which the printer is accessed. So do not use IP-based URIs on systems
+# with many network interfaces and where interfaces can appear and
+# disappear frequently.
+
+# This mode could also be useful for development and debugging.
+
+# If you prefer IPv4 or IPv6 IP addresses in the URIs, you can set
+# IPBasedDeviceURIs to "IPv4" to only get IPv4 IP addresses or
+# IPBasedDeviceURIs to "IPv6" to only get IPv6 IP addresses.
+
+# IPBasedDeviceURIs No
+# IPBasedDeviceURIs Yes
+# IPBasedDeviceURIs IPv4
+# IPBasedDeviceURIs IPv6
+
+# The AllowResharingRemoteCUPSPrinters directive determines whether a
+# print queue pointing to a remote CUPS queue will be re-shared to the
+# local network or not. Since the queues generated using the BrowsePoll
+# directive are also pointing to remote queues, they are also shared
+# automatically if the following option is set. Default is not to share
+# remote printers.
+
+# AllowResharingRemoteCUPSPrinters Yes
+
+# The NewBrowsePollQueuesShared directive determines whether a print
+# queue for a newly discovered printer (discovered by the BrowsePoll directive)
+# will be shared to the local network or not. This directive will only work
+# if AllowResharingRemoteCUPSPrinters is set to yes. Default is
+# not to share printers discovered using BrowsePoll.
+
+# NewBrowsePollQueuesShared Yes
+
+# Set CreateRemoteRawPrinterQueues to "Yes" to let cups-browsed also
+# create local queues pointing to remote raw CUPS queues. Normally,
+# only queues pointing to remote queues with PPD/driver are created
+# as we do not use drivers on the client side, but in some cases
+# accessing a remote raw queue can make sense, for example if the
+# queue forwards the jobs by a special backend like Tea4CUPS.
+
+# CreateRemoteRawPrinterQueues Yes
+
+
+# cups-browsed by default creates local print queues for each shared
+# CUPS print queue which it discovers on remote machines in the local
+# network(s). Set CreateRemoteCUPSPrinterQueues to "No" if you do not
+# want cups-browsed to do this. For example you can set cups-browsed
+# to only create queues for IPP network printers setting
+# CreateIPPPrinterQueues not to "No" and CreateRemoteCUPSPrinterQueues
+# to "No".
+
+# CreateRemoteCUPSPrinterQueues No
+
+
+# Set CreateIPPPrinterQueues to "All" to let cups-browsed discover IPP
+# network printers (native printers, not CUPS queues) with known page
+# description languages (PWG Raster, PDF, PostScript, PCL XL, PCL
+# 5c/e) in the local network and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Everywhere" to let cups-browsed
+# discover IPP Everywhere printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "AppleRaster" to let cups-browsed
+# discover Apple Raster printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Driverless" to let cups-browsed
+# discover printers designed for driverless use (currently IPP
+# Everywhere and Apple Raster) in the local network (native printers,
+# not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "LocalOnly" to auto-create print
+# queues only for local printers made available as IPP printers. These
+# are for example IPP-over-USB printers, made available via
+# ippusbxd. This is the default.
+
+# Set CreateIPPPrinterQueues to "No" to not auto-create print queues
+# for IPP network printers.
+
+# If queues with PPD file are created (see IPPPrinterQueueType
+# directive below) the PPDs are auto-generated by cups-browsed based
+# on properties of the printer polled via IPP. In case of missing
+# information, info from the Bonjour record is used asd as last mean
+# default values.
+
+# If queues without PPD (see IPPPrinterQueueType directive below) are
+# created clients have to IPP-poll the capabilities of the printer and
+# send option settings as standard IPP attributes. Then we do not poll
+# the capabilities by ourselves to not wake up the printer from
+# power-saving mode when creating the queues. Jobs have to be sent in
+# one of PDF, PWG Raster, or JPEG format. Other formats are not
+# accepted.
+
+# This functionality is primarily for mobile devices running
+# CUPS to not need a printer setup tool nor a collection of printer
+# drivers and PPDs.
+
+# CreateIPPPrinterQueues No
+# CreateIPPPrinterQueues LocalOnly
+# CreateIPPPrinterQueues Everywhere
+# CreateIPPPrinterQueues AppleRaster
+# CreateIPPPrinterQueues Everywhere AppleRaster
+# CreateIPPPrinterQueues Driverless
+# CreateIPPPrinterQueues All
+
+
+# If cups-browsed is automatically creating print queues for native
+# IPP network printers ("CreateIPPPrinterQueues Yes"), the type of
+# queue to be created can be selected by the "IPPPrinterQueueType"
+# directive. The "PPD" (default) setting makes queues with PPD file
+# being created. With "Interface" or "NoPPD" the queue is created with
+# a System V interface script (Not supported with CUPS 2.2.x or
+# later). "Auto" is for backward compatibility and also lets queues
+# with PPD get created.
+
+# IPPPrinterQueueType PPD
+# IPPPrinterQueueType NoPPD
+# IPPPrinterQueueType Interface
+# IPPPrinterQueueType Auto
+
+
+# The NewIPPPrinterQueuesShared directive determines whether a print
+# queue for a newly discovered IPP network printer (not remote CUPS
+# queue) will be shared to the local network or not. This is only
+# valid for newly discovered printers. For printers discovered in an
+# earlier cups-browsed session, cups-browsed will remember whether the
+# printer was shared, so changes by the user get conserved. Default is
+# not to share newly discovered IPP printers.
+
+# NewIPPPrinterQueuesShared Yes
+
+
+# If there is more than one remote CUPS printer whose local queue
+# would get the same name and AutoClustering is set to "Yes" (the
+# default) only one local queue is created which makes up a
+# load-balancing cluster of the remote printers which would get this
+# queue name (implicit class). This means that when several jobs are
+# sent to this queue they get distributed between the printers, using
+# the method chosen by the LoadBalancing directive.
+
+# Note that the forming of clusters depends on the naming scheme for
+# local queues created by cups-browsed. If you have set
+# LocalQueueNamingRemoteCUPS to "DNSSD" you will not get automatic
+# clustering as the DNS-SD service names are always unique. With
+# LocalQueueNamingRemoteCUPS set to "RemoteName" local queues are
+# named as the CUPS queues on the remote servers are named and so
+# equally named queues on different servers get clustered (this is how
+# CUPS did it in version 1.5.x or older). LocalQueueNamingRemoteCUPS
+# set to "MakeModel" makes remote printers of the same model get
+# clustered. Note that then a cluster can contain more than one queue
+# of the same server.
+
+# With AutoClustering set to "No", for each remote CUPS printer an
+# individual local queue is created, and to avoid name clashes when
+# using the LocalQueueNamingRemoteCUPS settings "RemoteName" or
+# "MakeModel" "@<server name>" is added to the local queue name.
+
+# Only remote CUPS printers get clustered, not IPP network printers or
+# IPP-over-USB printers.
+
+# AutoClustering Yes
+# AutoClustering No
+
+
+# Load-balancing printer cluster formation can also be manually
+# controlled by defining explicitly which remote CUPS printers should
+# get clustered together.
+
+# This is done by the "Cluster" directive:
+
+# Cluster <QUEUENAME>: <EXPRESSION1> <EXPRESSION2> ...
+# Cluster <QUEUENAME>
+
+# If no expressions are given, <QUEUENAME> is used as the first and
+# only expression for this cluster.
+
+# Discovered printers are matched against all the expressions of all
+# defined clusters. The first expression which matches the discovered
+# printer determines to which cluster it belongs. Note that this way a
+# printer can only belong to one cluster. Once matched, further
+# cluster definitions will not checked any more.
+
+# With the first printer matching a cluster's expression a local queue
+# with the name <QUEUENAME> is created. If more printers are
+# discovered and match this cluster, they join the cluster. Printing
+# to this queue prints to all these printers in a load-balancing
+# manner, according to to the setting of the LoadBalancing directive.
+
+# Each expression must be a string of characters without spaces. If
+# spaces are needed, replace them by underscores ('_').
+
+# An expression can be matched in three ways:
+
+# 1. By the name of the CUPS queue on the remote server
+# 2. By make and model name of the remote printer
+# 3. By the DNS-SD service name of the remote printer
+
+# Note that the matching is done case-insensitively and any group of
+# non-alphanumerical characters is replaced by a single underscore.
+
+# So if an expression is "HP_DeskJet_2540" and the remote server
+# reports "hp Deskjet-2540" the printer gets matched to this cluster.
+
+# If "AutoClustering" is not set to "No" both your manual cluster
+# definitions will be followed and automatic clustering of
+# equally-named remote queues will be performed. If a printer matches
+# in both categories the match to the manually defined cluster has
+# priority. Automatic clustering of equally-named remote printers is
+# not performed if there is a manually defined cluster with this name
+# (at least as the printers do not match this cluster).
+
+# Examples:
+
+# To cluster all remote CUPS queues named "laserprinter" in your local
+# network but not cluster any other equally-named remote CUPS printers
+# use (Local queue will get named "laserprinter"):
+
+# AutoClustering No
+# Cluster laserprinter
+
+# To cluster all remote CUPS queues of HP LaserJet 4050 printers in a
+# local queue named "LJ4050":
+
+# Cluster LJ4050: HP_LaserJet_4050
+
+# As DNS-SD service names are unique in a network you can create a
+# cluster from exactly specified printers (spaces replaced by
+# underscors):
+
+# Cluster hrdep: oldlaser_@_hr-server1 newlaser_@_hr-server2
+
+
+# The LoadBalancing directive switches between two methods of handling
+# load balancing between equally-named remote queues which are
+# represented by one local print queue making up a cluster of them
+# (implicit class).
+
+# The two methods are:
+
+# Queuing of jobs on the client (LoadBalancing QueueOnClient):
+
+# Here we queue up the jobs on the client and regularly check the
+# clustered remote print queues. If we find an idle queue, we pass
+# on a job to it.
+
+# This is also the method which CUPS uses for classes. Advantage is a
+# more even distribution of the job workload on the servers
+# (especially if the printing speed of the servers is very different),
+# and if a server fails, there are not several jobs stuck or
+# lost. Disadvantage is that if one takes the client (laptop, mobile
+# phone, ...) out of the local network, printing stops with the jobs
+# waiting in the local queue.
+
+# Queuing of jobs on the servers (LoadBalancing QueueOnServers):
+
+# Here we check the number of jobs on each of the clustered remote
+# printers and send an incoming job immediately to the remote printer
+# with the lowest amount of jobs in its queue. This way no jobs queue
+# up locally, all jobs which are waiting are waiting on one of the
+# remote servers.
+
+# Not having jobs waiting locally has the advantage that we can take
+# the local machine from the network and all jobs get printed.
+# Disadvantage is that if a server with a full queue of jobs goes
+# away, the jobs go away, too.
+
+# Default is queuing the jobs on the client as this is what CUPS does
+# with classes.
+
+# LoadBalancing QueueOnClient
+# LoadBalancing QueueOnServers
+
+
+# With the DefaultOptions directive one or more option settings can be
+# defined to be applied to every print queue newly created by
+# cups-browsed. Each option is supplied as one supplies options with
+# the "-o" command line argument to the "lpadmin" command (Run "man
+# lpadmin" for more details). More than one option can be supplied
+# separating the options by spaces. By default no option settings are
+# pre-defined.
+
+# Note that print queues which cups-browsed already created before
+# remember their previous settings and so these settings do not get
+# applied.
+
+# DefaultOptions Option1=Value1 Option2=Value2 Option3 noOption4
+
+
+# The AutoShutdown directive specifies whether cups-browsed should
+# automatically terminate when it has no local raw queues set up
+# pointing to any discovered remote printers or no jobs on such queues
+# depending on AutoShutdownOn setting (auto shutdown mode). Setting it
+# to "On" activates the auto-shutdown mode, setting it to "Off"
+# deactiivates it (the default). The special mode "avahi" turns auto
+# shutdown off while avahi-daemon is running and on when avahi-daemon
+# stops. This allows running cups-browsed on-demand when avahi-daemon
+# is run on-demand.
+
+# AutoShutdown Off
+# AutoShutdown On
+# AutoShutdown avahi
+
+
+# The AutoShutdownOn directive determines what event cups-browsed
+# considers as inactivity in auto shutdown mode. "NoQueues" (the
+# default) means that auto shutdown is initiated when there are no
+# queues for discovered remote printers generated by cups-browsed any
+# more. "NoJobs" means that all queues generated by cups-browsed are
+# without jobs.
+
+# AutoShutdownOn NoQueues
+# AutoShutdownOn NoJobs
+
+
+# The AutoShutdownTimeout directive specifies after how many seconds
+# without local raw queues set up pointing to any discovered remote
+# printers or jobs on these queues cups-browsed should actually shut
+# down in auto shutdown mode. Default is 30 seconds, 0 means immediate
+# shutdown.
+
+# AutoShutdownTimeout 30

roles/common/templates/etc/cups/cups-browsed.conf.server.j2

@@ -0,0 +1,747 @@
+# {{ ansible_managed }}
+
+# All configuration options described here can also be supplied on the
+# command line of cups-browsed via the "-o" option. In case of
+# contradicting settings the setting defined in the configuration file
+# will get used.
+
+# Unknown directives are ignored, also unknown values.
+
+
+# Where should cups-browsed save information about the print queues it had
+# generated when shutting down, like whether one of these queues was the
+# default printer, or default option settings of the queues?
+
+# CacheDir /var/cache/cups
+
+
+# Where should cups-browsed create its debug log file (if "DebugLogging file"
+# is set)?
+
+# LogDir /var/log/cups
+
+
+# How should debug logging be done? Into the file
+# /var/log/cups/cups-browsed_log ('file'), to stderr ('stderr'), or
+# not at all ('none')?
+
+# Note that if cups-browsed is running as a system service (for
+# example via systemd) logging to stderr makes the log output going to
+# the journal or syslog. Only if you run cups-browsed from the command
+# line (for development or debugging) it will actually appear on
+# stderr.
+
+# DebugLogging file
+# DebugLogging stderr
+# DebugLogging file stderr
+# DebugLogging none
+
+
+# Which protocols will we use to discover printers on the network?
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+#BrowseRemoteProtocols dnssd cups
+BrowseRemoteProtocols none
+
+
+# Which protocols will we use to broadcast shared local printers to the network?
+# Can use DNSSD and/or CUPS, or 'none' for neither.
+# Only CUPS is actually supported, as DNSSD is done by CUPS itself (we ignore
+# DNSSD in this directive).
+
+# BrowseLocalProtocols none
+BrowseLocalProtocols CUPS
+
+
+# Settings of this directive apply to both BrowseRemoteProtocols and
+# BrowseLocalProtocols.
+# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
+
+# BrowseProtocols none
+
+
+# Only browse remote printers (via DNS-SD or CUPS browsing) from
+# selected servers using the "BrowseAllow", "BrowseDeny", and
+# "BrowseOrder" directives
+
+# This serves for restricting the choice of printers in print dialogs
+# to trusted servers or to reduce the number of listed printers in the
+# print dialogs to a more user-friendly amount in large networks with
+# very many shared printers.
+
+# This only filters the selection of remote printers for which
+# cups-browsed creates local queues. If the print dialog uses other
+# mechanisms to list remote printers as for example direct DNS-SD
+# access, cups-browsed has no influence. cups-browsed also does not
+# prevent the user from manually accessing non-listed printers.
+
+# "BrowseAllow": Accept printers from these hosts or networks. If
+# there are only "BrowseAllow" lines and no "BrowseOrder" and/or
+# "BrowseDeny" lines, only servers matching at last one "BrowseAllow"
+# line are accepted.
+
+# "BrowseDeny": Deny printers from these hosts or networks. If there
+# are only "BrowseDeny" lines and no "BrowseOrder" and/or
+# "BrowseAllow" lines, all servers NOT matching any of the
+# "BrowseDeny" lines are accepted.
+
+# "BrowseOrder": Determine the order in which "BrowseAllow" and
+# "BrowseDeny" lines are applied. With "BrowseOrder Deny,Allow" in the
+# beginning all servers are accepted, then the "BrowseDeny" lines are
+# applied to exclude unwished servers or networks and after that the
+# "BrowseAllow" lines to re-include servers or networks. With
+# "BrowseOrder Allow,Deny" we start with denying all servers, then
+# applying the "BrowseAllow" lines and afterwards the "BrowseDeny"
+# lines.
+
+# Default for "BrowseOrder" is "Deny.Allow" if there are both
+# "BrowseAllow" and "BrowseDeny" lines.
+
+# If there are no "Browse..." lines at all, all servers are accepted.
+
+# BrowseAllow All
+# BrowseAllow cups.example.com
+# BrowseAllow 192.168.1.12
+# BrowseAllow 192.168.1.0/24
+# BrowseAllow 192.168.1.0/255.255.255.0
+
+# BrowseDeny All
+# BrowseDeny printserver.example.com
+# BrowseDeny 192.168.1.13
+# BrowseDeny 192.168.3.0/24
+# BrowseDeny 192.168.3.0/255.255.255.0
+
+# BrowseOrder Deny,Allow
+# BrowseOrder Allow,Deny
+
+
+# The interval between browsing/broadcasting cycles, local and/or
+# remote, can be adjusted with the BrowseInterval directive.
+
+# BrowseInterval 60
+
+
+# Browsing-related operations such as adding or removing printer queues
+# and broadcasting are each allowed to take up to a given amount of time.
+# It can be configured, in seconds, with the BrowseTimeout directive.
+# Especially queues discovered by CUPS broadcasts will be removed after
+# this timeout if no further broadcast from the server happens.
+
+# BrowseTimeout 300
+
+# Filtering of remote printers by other properties than IP addresses
+# of their servers
+
+# Often the desired selection of printers cannot be reached by only
+# taking into account the IP addresses of the servers. For these cases
+# there is the BrowseFilter directive to filter by most of the known
+# properties of the printer.
+
+# By default there is no BrowseFilter line meaning that no filtering
+# is applied.
+
+# To do filtering one can supply one or more BrowseFilter directives
+# like this:
+
+# BrowseFilter [NOT] [EXACT] <FIELD> [<VALUE>]
+
+# The BrowseFilter directive always starts with the word
+# "BrowseFilter" and it must at least contain the name of the data
+# field (<FIELD>) of the printer's properties to which it should
+# apply.
+
+# Available field names are:
+
+#   name:    Name of the local print queue to be created
+#   host:    Host name of the remote print server
+#   port:    Port through which the printer is accessed on the server
+#   service: DNS/SD service name of the remote printer
+#   domain:  Domain of the remote print server
+
+# Also all field names in the TXT records of DNS-SD-advertised printers
+# are valid, like "color", "duplex", "pdl", ... If the field name of
+# the filter rule does not exist for the printer, the rule is skipped.
+
+# The optional <VALUE> field is either the exact value (when the
+# option EXACT is supplied) or a regular expression (Run "man 7 regex"
+# in a terminal window) to be matched with the data field.
+
+# If no <VALUE> filed is supplied, rules with field names of the TXT
+# record are considered for boolean matching (true/false) of boolean
+# field (like duplex, which can have the values "T" for true and "F"
+# for false).
+
+# If the option NOT is supplied, the filter rule is fulfilled if the
+# regular expression or the exact value DOES NOT match the content of
+# the data field. In a boolean rule (without <VALUE>) the rule matches
+# false.
+
+# Regular expressions are always considered case-insensitive and
+# extended POSIX regular expressions. Field names and options (NOT,
+# EXACT) are all evaluated case-insensitive. If there is an error in a
+# regular expression, the BrowseFilter line gets ignored.
+
+# Especially to note is that supplying any simple string consisting of
+# only letters, numbers, spaces, and some basic special characters as
+# a regular expression matches if it is contained somewhere in the
+# data field.
+
+# If there is more than one BrowseFilter directive, ALL the directives
+# need to be fulfilled for the remote printer to be accepted. If one
+# is not fulfilled, the printer will get ignored.
+
+# Examples:
+
+# Rules for standard data items which are supplied with any remote
+# printer advertised via DNS-SD:
+
+# Print queue name must contain "hum_res_", this matches
+# "hum_res_mono" or "hum_res_color" but also "old_hum_res_mono":
+
+# BrowseFilter name hum_res_
+
+# This matches if the remote host name contains "printserver", like
+# "printserver.local", "printserver2.example.com", "newprintserver":
+
+# BrowseFilter host printserver
+
+# This matches all ports with 631 int its number, for example 631,
+# 8631, 10631,...:
+
+# BrowseFilter port 631
+
+# This rule matches if the DNS-SD service name contains "@ printserver":
+
+# Browsefilter service @ printserver
+
+# Matches all domains with "local" in their names, not only "local" but
+# also things like "printlocally.com":
+
+# BrowseFilter domain local
+
+# Examples for rules applying to items of the TXT record:
+
+# This rule selects PostScript printers, as the "PDL" field in the TXT
+# record contains "postscript" then. This includes also remote CUPS
+# queues which accept PostScript, independent of whether the physical
+# printer behind the CUPS queue accepts PostScript or not.
+
+# BrowseFilter pdl postscript
+
+# Color printers usually contain a "Color" entry set to "T" (for true)
+# in the TXT record. This rule selects them:
+
+# BrowseFilter color
+
+# This is a similar rule to select only duplex (automatic double-sided
+# printing) printers:
+
+# BrowseFilter duplex
+
+# Rules with the NOT option:
+
+# This rule EXCLUDES printers from all hosts containing "financial" in
+# their names, nice to get rid of the 100s of printers of the
+# financial department:
+
+# BrowseFilter NOT host financial
+
+# Get only monochrome printers ("Color" set to "F", meaning false, in
+# the TXT record):
+
+# BrowseFilter NOT color
+
+# Rules with more advanced use of regular expressions:
+
+# Only queue names which BEGIN WITH "hum_res_" are accepted now, so we
+# still get "hum_res_mono" or "hum_res_color" but not
+# "old_hum_res_mono" any more:
+
+# BrowseFilter name ^hum_res_
+
+# Server names is accepted if it contains "print_server" OR
+# "graphics_dep_server":
+
+# BrowseFilter host print_server|graphics_dep_server
+
+# "printserver1", "printserver2", and "printserver3", nothing else:
+
+# BrowseFilter host ^printserver[1-3]$
+
+# Printers understanding at least one of PostScript, PCL, or PDF:
+
+# BrowseFilter pdl postscript|pcl|pdf
+
+# Examples for the EXACT option:
+
+# Only printers from "printserver.local" are accepted:
+
+# BrowseFilter EXACT host printserver.local
+
+# Printers from all servers except "prinserver2.local" are accepted:
+
+# BrowseFilter NOT EXACT host prinserver2.local
+
+
+# Use BrowsePoll to poll a particular CUPS server
+
+# BrowsePoll cups.example.com
+# BrowsePoll cups.example.com:631
+# BrowsePoll cups.example.com:631/version=1.1
+
+
+# LDAP browsing configuration
+# The default value for all options is an empty string. Example configuration:
+
+# BrowseLDAPBindDN cn=cups-browsed,dc=domain,dc=tld
+# BrowseLDAPCACertFile /path/to/server/certificate.pem
+# BrowseLDAPDN ou=printers,dc=domain,dc=tld
+# BrowseLDAPFilter (printerLocation=/Office 1/*)
+# BrowseLDAPPassword s3cret
+# BrowseLDAPServer ldaps://ldap.domain.tld
+
+
+# Use DomainSocket to access the local CUPS daemon via another than the
+# default domain socket. "None" or "Off" lets cups-browsed not use CUPS'
+# domain socket.
+
+# DomainSocket /var/run/cups/cups.sock
+# DomainSocket None
+# DomainSocket Off
+
+
+# Set HTTP timeout (in seconds) for requests sent to local/remote
+# resources Note that too short timeouts can make services getting
+# missed when they are present and operations be unneccessarily
+# repeated and too long timeouts can make operations take too long
+# when the server does not respond.
+
+# HttpLocalTimeout 5
+# HttpRemoteTimeout 10
+
+# Set how many retries (N) should cups-browsed do for creating print
+# queues for remote printers which receive timeouts during print queue
+# creation.  The printers which are not successfuly set up even after
+# N retries, are skipped until the next restart of the service.  Note
+# that too many retries can cause high CPU load.
+
+# HttpMaxRetries 5
+
+# Set OnlyUnsupportedByCUPS to "Yes" will make cups-browsed not create
+# local queues for remote printers for which CUPS creates queues by
+# itself.  These printers are printers advertised via DNS-SD and doing
+# CUPS-supported (currently PWG Raster and Apple Raster) driverless
+# printing, including remote CUPS queues. Queues for other printers
+# (like for legacy PostScript/PCL printers) are always created
+# (depending on the other configuration settings of cups-browsed).
+
+# With OnlyUnsupportedByCUPS set to "No", cups-browsed creates queues
+# for all printers which it supports, including printers for which
+# CUPS would create queues by itself. Temporary queues created by CUPS
+# will get overwritten. This way it is assured that any extra
+# functionality of cups-browsed will apply to these queues. As queues
+# created by cups-browsed are permanent CUPS queues this setting is
+# also recommended if applications/print dialogs which do not support
+# temporary CUPS queues are installed. This setting is the default.
+
+# OnlyUnsupportedByCUPS Yes
+
+
+# With UseCUPSGeneratedPPDs set to "Yes" cups-browsed creates queues
+# for IPP printers with PPDs generated by the PPD generator of CUPS
+# and not with the one of cups-browsed. So any new development in
+# CUPS' PPD generator gets available. As CUPS' PPD generator is not
+# directly accessible, we need to make CUPS generate a temporary print
+# queue with the desired PPD. Therefore we can only use these PPDs
+# when our queue replaces a temporary CUPS queue, meaning that the
+# queue is for a printer on which CUPS supports driverless printing
+# (IPP 2.x, PDLs: PDF, PWG Raster, and/or Apple Raster) and that its
+# name is the same as CUPS uses for the temporary queue
+# ("LocalQueueNamingIPPPrinter DNS-SD" must be set). The directive
+# applies only to IPP printers, not to remote CUPS queues, to not
+# break clustering. Setting this directive to "No" lets cups-browsed
+# generate the PPD file. Default setting is "No".
+
+# UseCUPSGeneratedPPDs No
+
+
+# With the directives LocalQueueNamingRemoteCUPS and
+# LocalQueueNamingIPPPrinter you can determine how the names for local
+# queues generated by cups-browsed are generated, separately for
+# remote CUPS printers and IPP printers.
+
+# DNS-SD (the default in both cases) bases the naming on the service
+# name of the printer's advertised DNS-SD record. This is exactly the
+# same naming scheme as CUPS uses for its temporary queues, so the
+# local queue from cups-browsed prevents CUPS from listing and
+# creating an additional queue. As DNS-SD service names have to be
+# unique, queue names of printers from different servers will also be
+# unique and so there is no automatic clustering for load-balanced
+# printing.
+
+# MakeModel bases the queue name on the printer's manufacturer and
+# model names. This scheme cups-browsed used formerly for IPP
+# printers.
+
+# RemoteName is only available for remote CUPS queues and uses the
+# name of the queue on the remote CUPS server as the local queue's
+# name. This makes printers on different CUPS servers with equal queue
+# names automatically forming a load-balancing cluster as CUPS did
+# formerly (CUPS 1.5.x and older) with CUPS-broadcasted remote
+# printers. This scheme cups-browsed used formerly for remote CUPS
+# printers.
+
+# LocalQueueNamingRemoteCUPS DNS-SD
+# LocalQueueNamingRemoteCUPS MakeModel
+# LocalQueueNamingRemoteCUPS RemoteName
+# LocalQueueNamingIPPPrinter DNS-SD
+# LocalQueueNamingIPPPrinter MakeModel
+
+
+# Set DNSSDBasedDeviceURIs to "Yes" if cups-browsed should use
+# DNS-SD-service-name-based device URIs for its local queues, as CUPS
+# also does. These queues use the DNS-SD service name of the
+# discovered printer. With this the URI is independent of network
+# interfaces and ports, giving reliable connections to always the same
+# physical device. This setting is the default.
+
+# Set DNSSDBasedDeviceURIs to "No" if cups-browsed should use the
+# conventional host-name/IP-based URIs.
+
+# Note that this option has only influence on URIs for printers
+# discovered via DNS-SD, not via legacy CUPS broewsing or LDAP.
+# Those printers get always assigned the conventional URIs.
+
+# DNSSDBasedDeviceURIs Yes
+
+
+# Set IPBasedDeviceURIs to "Yes" if cups-browsed should create its
+# local queues with device URIs with the IP addresses instead of the
+# host names of the remote servers. This mode is there for any
+# problems with host name resolution in the network, especially also
+# if avahi-daemon is only run for printer discovery and already
+# stopped while still printing. By default this mode is turned off,
+# meaning that we use URIs with host names.
+
+# Note that the IP addresses depend on the network interface through
+# which the printer is accessed. So do not use IP-based URIs on systems
+# with many network interfaces and where interfaces can appear and
+# disappear frequently.
+
+# This mode could also be useful for development and debugging.
+
+# If you prefer IPv4 or IPv6 IP addresses in the URIs, you can set
+# IPBasedDeviceURIs to "IPv4" to only get IPv4 IP addresses or
+# IPBasedDeviceURIs to "IPv6" to only get IPv6 IP addresses.
+
+# IPBasedDeviceURIs No
+# IPBasedDeviceURIs Yes
+# IPBasedDeviceURIs IPv4
+# IPBasedDeviceURIs IPv6
+
+# The AllowResharingRemoteCUPSPrinters directive determines whether a
+# print queue pointing to a remote CUPS queue will be re-shared to the
+# local network or not. Since the queues generated using the BrowsePoll
+# directive are also pointing to remote queues, they are also shared
+# automatically if the following option is set. Default is not to share
+# remote printers.
+
+# AllowResharingRemoteCUPSPrinters Yes
+
+# The NewBrowsePollQueuesShared directive determines whether a print
+# queue for a newly discovered printer (discovered by the BrowsePoll directive)
+# will be shared to the local network or not. This directive will only work
+# if AllowResharingRemoteCUPSPrinters is set to yes. Default is
+# not to share printers discovered using BrowsePoll.
+
+# NewBrowsePollQueuesShared Yes
+
+# Set CreateRemoteRawPrinterQueues to "Yes" to let cups-browsed also
+# create local queues pointing to remote raw CUPS queues. Normally,
+# only queues pointing to remote queues with PPD/driver are created
+# as we do not use drivers on the client side, but in some cases
+# accessing a remote raw queue can make sense, for example if the
+# queue forwards the jobs by a special backend like Tea4CUPS.
+
+# CreateRemoteRawPrinterQueues Yes
+
+
+# cups-browsed by default creates local print queues for each shared
+# CUPS print queue which it discovers on remote machines in the local
+# network(s). Set CreateRemoteCUPSPrinterQueues to "No" if you do not
+# want cups-browsed to do this. For example you can set cups-browsed
+# to only create queues for IPP network printers setting
+# CreateIPPPrinterQueues not to "No" and CreateRemoteCUPSPrinterQueues
+# to "No".
+
+# CreateRemoteCUPSPrinterQueues No
+
+
+# Set CreateIPPPrinterQueues to "All" to let cups-browsed discover IPP
+# network printers (native printers, not CUPS queues) with known page
+# description languages (PWG Raster, PDF, PostScript, PCL XL, PCL
+# 5c/e) in the local network and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Everywhere" to let cups-browsed
+# discover IPP Everywhere printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "AppleRaster" to let cups-browsed
+# discover Apple Raster printers in the local network (native
+# printers, not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "Driverless" to let cups-browsed
+# discover printers designed for driverless use (currently IPP
+# Everywhere and Apple Raster) in the local network (native printers,
+# not CUPS queues) and auto-create print queues for them.
+
+# Set CreateIPPPrinterQueues to "LocalOnly" to auto-create print
+# queues only for local printers made available as IPP printers. These
+# are for example IPP-over-USB printers, made available via
+# ippusbxd. This is the default.
+
+# Set CreateIPPPrinterQueues to "No" to not auto-create print queues
+# for IPP network printers.
+
+# If queues with PPD file are created (see IPPPrinterQueueType
+# directive below) the PPDs are auto-generated by cups-browsed based
+# on properties of the printer polled via IPP. In case of missing
+# information, info from the Bonjour record is used asd as last mean
+# default values.
+
+# If queues without PPD (see IPPPrinterQueueType directive below) are
+# created clients have to IPP-poll the capabilities of the printer and
+# send option settings as standard IPP attributes. Then we do not poll
+# the capabilities by ourselves to not wake up the printer from
+# power-saving mode when creating the queues. Jobs have to be sent in
+# one of PDF, PWG Raster, or JPEG format. Other formats are not
+# accepted.
+
+# This functionality is primarily for mobile devices running
+# CUPS to not need a printer setup tool nor a collection of printer
+# drivers and PPDs.
+
+# CreateIPPPrinterQueues No
+# CreateIPPPrinterQueues LocalOnly
+# CreateIPPPrinterQueues Everywhere
+# CreateIPPPrinterQueues AppleRaster
+# CreateIPPPrinterQueues Everywhere AppleRaster
+# CreateIPPPrinterQueues Driverless
+# CreateIPPPrinterQueues All
+
+
+# If cups-browsed is automatically creating print queues for native
+# IPP network printers ("CreateIPPPrinterQueues Yes"), the type of
+# queue to be created can be selected by the "IPPPrinterQueueType"
+# directive. The "PPD" (default) setting makes queues with PPD file
+# being created. With "Interface" or "NoPPD" the queue is created with
+# a System V interface script (Not supported with CUPS 2.2.x or
+# later). "Auto" is for backward compatibility and also lets queues
+# with PPD get created.
+
+# IPPPrinterQueueType PPD
+# IPPPrinterQueueType NoPPD
+# IPPPrinterQueueType Interface
+# IPPPrinterQueueType Auto
+
+
+# The NewIPPPrinterQueuesShared directive determines whether a print
+# queue for a newly discovered IPP network printer (not remote CUPS
+# queue) will be shared to the local network or not. This is only
+# valid for newly discovered printers. For printers discovered in an
+# earlier cups-browsed session, cups-browsed will remember whether the
+# printer was shared, so changes by the user get conserved. Default is
+# not to share newly discovered IPP printers.
+
+# NewIPPPrinterQueuesShared Yes
+
+
+# If there is more than one remote CUPS printer whose local queue
+# would get the same name and AutoClustering is set to "Yes" (the
+# default) only one local queue is created which makes up a
+# load-balancing cluster of the remote printers which would get this
+# queue name (implicit class). This means that when several jobs are
+# sent to this queue they get distributed between the printers, using
+# the method chosen by the LoadBalancing directive.
+
+# Note that the forming of clusters depends on the naming scheme for
+# local queues created by cups-browsed. If you have set
+# LocalQueueNamingRemoteCUPS to "DNSSD" you will not get automatic
+# clustering as the DNS-SD service names are always unique. With
+# LocalQueueNamingRemoteCUPS set to "RemoteName" local queues are
+# named as the CUPS queues on the remote servers are named and so
+# equally named queues on different servers get clustered (this is how
+# CUPS did it in version 1.5.x or older). LocalQueueNamingRemoteCUPS
+# set to "MakeModel" makes remote printers of the same model get
+# clustered. Note that then a cluster can contain more than one queue
+# of the same server.
+
+# With AutoClustering set to "No", for each remote CUPS printer an
+# individual local queue is created, and to avoid name clashes when
+# using the LocalQueueNamingRemoteCUPS settings "RemoteName" or
+# "MakeModel" "@<server name>" is added to the local queue name.
+
+# Only remote CUPS printers get clustered, not IPP network printers or
+# IPP-over-USB printers.
+
+# AutoClustering Yes
+# AutoClustering No
+
+
+# Load-balancing printer cluster formation can also be manually
+# controlled by defining explicitly which remote CUPS printers should
+# get clustered together.
+
+# This is done by the "Cluster" directive:
+
+# Cluster <QUEUENAME>: <EXPRESSION1> <EXPRESSION2> ...
+# Cluster <QUEUENAME>
+
+# If no expressions are given, <QUEUENAME> is used as the first and
+# only expression for this cluster.
+
+# Discovered printers are matched against all the expressions of all
+# defined clusters. The first expression which matches the discovered
+# printer determines to which cluster it belongs. Note that this way a
+# printer can only belong to one cluster. Once matched, further
+# cluster definitions will not checked any more.
+
+# With the first printer matching a cluster's expression a local queue
+# with the name <QUEUENAME> is created. If more printers are
+# discovered and match this cluster, they join the cluster. Printing
+# to this queue prints to all these printers in a load-balancing
+# manner, according to to the setting of the LoadBalancing directive.
+
+# Each expression must be a string of characters without spaces. If
+# spaces are needed, replace them by underscores ('_').
+
+# An expression can be matched in three ways:
+
+# 1. By the name of the CUPS queue on the remote server
+# 2. By make and model name of the remote printer
+# 3. By the DNS-SD service name of the remote printer
+
+# Note that the matching is done case-insensitively and any group of
+# non-alphanumerical characters is replaced by a single underscore.
+
+# So if an expression is "HP_DeskJet_2540" and the remote server
+# reports "hp Deskjet-2540" the printer gets matched to this cluster.
+
+# If "AutoClustering" is not set to "No" both your manual cluster
+# definitions will be followed and automatic clustering of
+# equally-named remote queues will be performed. If a printer matches
+# in both categories the match to the manually defined cluster has
+# priority. Automatic clustering of equally-named remote printers is
+# not performed if there is a manually defined cluster with this name
+# (at least as the printers do not match this cluster).
+
+# Examples:
+
+# To cluster all remote CUPS queues named "laserprinter" in your local
+# network but not cluster any other equally-named remote CUPS printers
+# use (Local queue will get named "laserprinter"):
+
+# AutoClustering No
+# Cluster laserprinter
+
+# To cluster all remote CUPS queues of HP LaserJet 4050 printers in a
+# local queue named "LJ4050":
+
+# Cluster LJ4050: HP_LaserJet_4050
+
+# As DNS-SD service names are unique in a network you can create a
+# cluster from exactly specified printers (spaces replaced by
+# underscors):
+
+# Cluster hrdep: oldlaser_@_hr-server1 newlaser_@_hr-server2
+
+
+# The LoadBalancing directive switches between two methods of handling
+# load balancing between equally-named remote queues which are
+# represented by one local print queue making up a cluster of them
+# (implicit class).
+
+# The two methods are:
+
+# Queuing of jobs on the client (LoadBalancing QueueOnClient):
+
+# Here we queue up the jobs on the client and regularly check the
+# clustered remote print queues. If we find an idle queue, we pass
+# on a job to it.
+
+# This is also the method which CUPS uses for classes. Advantage is a
+# more even distribution of the job workload on the servers
+# (especially if the printing speed of the servers is very different),
+# and if a server fails, there are not several jobs stuck or
+# lost. Disadvantage is that if one takes the client (laptop, mobile
+# phone, ...) out of the local network, printing stops with the jobs
+# waiting in the local queue.
+
+# Queuing of jobs on the servers (LoadBalancing QueueOnServers):
+
+# Here we check the number of jobs on each of the clustered remote
+# printers and send an incoming job immediately to the remote printer
+# with the lowest amount of jobs in its queue. This way no jobs queue
+# up locally, all jobs which are waiting are waiting on one of the
+# remote servers.
+
+# Not having jobs waiting locally has the advantage that we can take
+# the local machine from the network and all jobs get printed.
+# Disadvantage is that if a server with a full queue of jobs goes
+# away, the jobs go away, too.
+
+# Default is queuing the jobs on the client as this is what CUPS does
+# with classes.
+
+# LoadBalancing QueueOnClient
+# LoadBalancing QueueOnServers
+
+
+# With the DefaultOptions directive one or more option settings can be
+# defined to be applied to every print queue newly created by
+# cups-browsed. Each option is supplied as one supplies options with
+# the "-o" command line argument to the "lpadmin" command (Run "man
+# lpadmin" for more details). More than one option can be supplied
+# separating the options by spaces. By default no option settings are
+# pre-defined.
+
+# Note that print queues which cups-browsed already created before
+# remember their previous settings and so these settings do not get
+# applied.
+
+# DefaultOptions Option1=Value1 Option2=Value2 Option3 noOption4
+
+
+# The AutoShutdown directive specifies whether cups-browsed should
+# automatically terminate when it has no local raw queues set up
+# pointing to any discovered remote printers or no jobs on such queues
+# depending on AutoShutdownOn setting (auto shutdown mode). Setting it
+# to "On" activates the auto-shutdown mode, setting it to "Off"
+# deactiivates it (the default). The special mode "avahi" turns auto
+# shutdown off while avahi-daemon is running and on when avahi-daemon
+# stops. This allows running cups-browsed on-demand when avahi-daemon
+# is run on-demand.
+
+# AutoShutdown Off
+# AutoShutdown On
+# AutoShutdown avahi
+
+
+# The AutoShutdownOn directive determines what event cups-browsed
+# considers as inactivity in auto shutdown mode. "NoQueues" (the
+# default) means that auto shutdown is initiated when there are no
+# queues for discovered remote printers generated by cups-browsed any
+# more. "NoJobs" means that all queues generated by cups-browsed are
+# without jobs.
+
+# AutoShutdownOn NoQueues
+# AutoShutdownOn NoJobs
+
+
+# The AutoShutdownTimeout directive specifies after how many seconds
+# without local raw queues set up pointing to any discovered remote
+# printers or jobs on these queues cups-browsed should actually shut
+# down in auto shutdown mode. Default is 30 seconds, 0 means immediate
+# shutdown.
+
+# AutoShutdownTimeout 30

roles/common/templates/etc/cups/cups-files.conf.j2

@@ -0,0 +1,95 @@
+# {{ ansible_managed }}
+
+#
+# File/directory/user/group configuration file for the CUPS scheduler.
+# See "man cups-files.conf" for a complete description of this file.
+#
+
+# List of events that are considered fatal errors for the scheduler...
+#FatalErrors config
+
+# Do we call fsync() after writing configuration or status files?
+#SyncOnClose Yes
+
+# Default user and group for filters/backends/helper programs; this cannot be
+# any user or group that resolves to ID 0 for security reasons...
+#User lp
+#Group lp
+
+# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
+# This cannot contain the Group value for security reasons...
+SystemGroup lpadmin
+
+
+# User that is substituted for unauthenticated (remote) root accesses...
+#RemoteRoot remroot
+
+# Do we allow file: device URIs other than to /dev/null?
+#FileDevice No
+
+# Permissions for configuration and log files...
+#ConfigFilePerm 0640
+#LogFilePerm 00640
+
+# Location of the file logging all access to the scheduler; may be the name
+# "syslog". If not an absolute path, the value of ServerRoot is used as the
+# root directory.  Also see the "AccessLogLevel" directive in cupsd.conf.
+AccessLog /var/log/cups/access_log
+
+# Location of cache files used by the scheduler...
+#CacheDir /var/cache/cups
+
+# Location of data files used by the scheduler...
+#DataDir /usr/share/cups
+
+# Location of the static web content served by the scheduler...
+#DocumentRoot /usr/share/cups/doc-root
+
+# Location of the file logging all messages produced by the scheduler and any
+# helper programs; may be the name "syslog". If not an absolute path, the value
+# of ServerRoot is used as the root directory.  Also see the "LogLevel"
+# directive in cupsd.conf.
+ErrorLog /var/log/cups/error_log
+
+# Location of fonts used by older print filters...
+#FontPath /usr/share/cups/fonts
+
+# Location of LPD configuration
+#LPDConfigFile 
+
+# Location of the file logging all pages printed by the scheduler and any
+# helper programs; may be the name "syslog". If not an absolute path, the value
+# of ServerRoot is used as the root directory.  Also see the "PageLogFormat"
+# directive in cupsd.conf.
+PageLog /var/log/cups/page_log
+
+# Location of the file listing all of the local printers...
+#Printcap /run/cups/printcap
+
+# Format of the Printcap file...
+#PrintcapFormat bsd
+#PrintcapFormat plist
+#PrintcapFormat solaris
+
+# Location of all spool files...
+#RequestRoot /var/spool/cups
+
+# Location of helper programs...
+#ServerBin /usr/lib/cups
+
+# SSL/TLS keychain for the scheduler...
+#ServerKeychain ssl
+
+# Location of other configuration files...
+#ServerRoot /etc/cups
+
+# Location of Samba configuration file...
+#SMBConfigFile 
+
+# Location of scheduler state files...
+#StateDir /run/cups
+
+# Location of scheduler/helper temporary files. This directory is emptied on
+# scheduler startup and cannot be one of the standard (public) temporary
+# directory locations for security reasons...
+#TempDir /var/spool/cups/tmp

roles/common/templates/etc/cups/cupsd.conf.client.j2

@@ -0,0 +1,307 @@
+# {{ ansible_managed }}
+
+#
+# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Deactivate CUPS' internal logrotating, as we provide a better one, especially
+# LogLevel debug2 gets usable now
+MaxLogSize 0
+
+# Only listen for connections from the local machine.
+#Listen localhost:631
+# Allow remote access
+Port 631
+Listen /var/run/cups/cups.sock
+
+ServerAlias *
+HostNameLookups Off
+
+## - Show shared printers on the local network.
+Browsing Off
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Restrict access to the server...
+<Location />
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to the admin pages...
+<Location /admin>
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to log files...
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Set the default printer/job policies...
+<Policy default>
+
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the authenticated printer/job policies...
+<Policy authenticated>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the kerberized printer/job policies...
+<Policy kerberos>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Negotiate
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>

roles/common/templates/etc/cups/cupsd.conf.server.j2

@@ -0,0 +1,307 @@
+# {{ ansible_managed }}
+
+#
+# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Deactivate CUPS' internal logrotating, as we provide a better one, especially
+# LogLevel debug2 gets usable now
+MaxLogSize 0
+
+# Only listen for connections from the local machine.
+#Listen localhost:631
+# Allow remote access
+Port 631
+Listen /var/run/cups/cups.sock
+
+ServerAlias *
+HostNameLookups Off
+
+# - Show shared printers on the local network.
+Browsing On
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Restrict access to the server...
+<Location />
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to the admin pages...
+<Location /admin>
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Restrict access to log files...
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+  Allow 127.0.0.0/8
+  Allow 192.168.0.0/16
+  Allow 172.16.0.0/16
+  Allow 10.0.0.0/8
+</Location>
+
+# Set the default printer/job policies...
+<Policy default>
+
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the authenticated printer/job policies...
+<Policy authenticated>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>
+
+# Set the kerberized printer/job policies...
+<Policy kerberos>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Negotiate
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+    Allow @LOCAL
+    Allow 127.0.0.0/8
+    Allow 192.168.0.0/16
+    Allow 172.16.0.0/16
+    Allow 10.0.0.0/8
+  </Limit>
+</Policy>

roles/common/templates/etc/default/pure-ftpd-common.j2

@@ -0,0 +1,27 @@
+# {{ ansible_managed }}
+# Configuration for pure-ftpd
+# (this file is sourced by /bin/sh, edit accordingly)
+
+# STANDALONE_OR_INETD
+# valid values are "standalone" and "inetd".
+# Any change here overrides the setting in debconf.
+STANDALONE_OR_INETD={{ pureftpd_global_config_mode }}
+
+# VIRTUALCHROOT:
+# whether to use binary with virtualchroot support
+# valid values are "true" or "false"
+# Any change here overrides the setting in debconf.
+VIRTUALCHROOT={{ pureftpd_global_config_virtualchroot }}
+
+# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
+# pure-uploadscript will also be run to spawn the program given below
+# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
+# pure-uploadscript(8)
+
+# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
+UPLOADSCRIPT={{ pureftpd_global_config_uploadscript }}
+
+# if set, pure-uploadscript will spawn  running as the
+# given uid and gid
+UPLOADUID={{ pureftpd_global_config_uploaduid }}
+UPLOADGID={{ pureftpd_global_config_uploadgid }}

roles/common/templates/etc/defaultdomain.j2

@@ -0,0 +1 @@
+{{ nis_domain }}

roles/common/templates/etc/exports.j2

@@ -0,0 +1,31 @@
+# {{ ansible_managed }}
+
+# /etc/exports: the access control list for filesystems which may be exported
+#   to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+
+{% set count = namespace(nfs_exports=100) %}
+{% for export in nfs_exports %}
+
+{% set export_str= namespace(nfs_exports = export.src.split(":")[1]) %}
+
+{%    set count.nfs_exports = count.nfs_exports + 10 %}
+{%    for network in export.export_networks %}
+{%       if export.use_fsid_option is defined and export.use_fsid_option is sameas true %}
+{%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
+#{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
+{%       else %}
+{%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~")" %}
+#{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }})
+{%       endif %}
+{%    endfor %}
+
+{{ export_str.nfs_exports }}
+{% endfor %}

roles/common/templates/etc/ntp.conf.j2

@@ -0,0 +1,64 @@
+# {{ ansible_managed }}
+
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+# Leap seconds definition provided by tzdata
+leapfile /usr/share/zoneinfo/leap-seconds.list
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+#server ntp.your-provider.example
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+#pool 0.debian.pool.ntp.org iburst
+#pool 1.debian.pool.ntp.org iburst
+#pool 2.debian.pool.ntp.org iburst
+#pool 3.debian.pool.ntp.org iburst
+server {{ ntp_server }}
+
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery limited
+restrict -6 default kod notrap nomodify nopeer noquery limited
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Needed for adding pool entries
+restrict source notrap nomodify noquery
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines.  Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+

roles/common/templates/etc/pure-ftpd/conf/config.j2

@@ -0,0 +1,2 @@
+# {{ ansible_managed }}
+{{ item.value }}

roles/common/templates/etc/samba/smb.conf.j2

@@ -0,0 +1,420 @@
+# {{ ansible_managed }}
+
+#
+# Sample configuration file for the Samba suite for Debian GNU/Linux.
+#
+#
+# This is the main Samba configuration file. You should read the
+# smb.conf(5) manual page in order to understand the options listed
+# here. Samba has a huge number of configurable options most of which 
+# are not shown in this example
+#
+# Some options that are often worth tuning have been included as
+# commented-out examples in this file.
+#  - When such options are commented with ";", the proposed setting
+#    differs from the default Samba behaviour
+#  - When commented with "#", the proposed setting is the default
+#    behaviour of Samba but the option is considered important
+#    enough to be mentioned here
+#
+# NOTE: Whenever you modify this file you should run the command
+# "testparm" to check that you have not made any basic syntactic 
+# errors. 
+
+#======================= Global Settings =======================
+
+[global]
+
+## Browsing/Identification ###
+
+# Change this to the workgroup/NT-domain name your Samba server will part of
+;   workgroup = WORKGROUP
+   workgroup = {{ samba_workgroup|default('WORKGROUP') }}
+
+# Option 'netbios name' added to debian's default smb.conf 
+#
+# This sets the NetBIOS name by which a Samba server is known. By default it
+# is the same as the first component of the host's DNS name. If a machine is
+# a browse server or logon server this name (or the first component of the 
+# hosts DNS name) will be the name that these services are advertised under.
+#
+# Note that the maximum length for a NetBIOS name is 15 characters.
+#
+# Default: netbios name =  # machine DNS name
+;   netbios name = FILE
+   netbios name = {{ samba_netbios_name|default('FILE') }}
+
+
+#### Networking ####
+
+# The specific set of interfaces / networks to bind to
+# This can be either the interface name or an IP address/netmask;
+# interface names are normally preferred
+;   interfaces = 127.0.0.0/8 eth0
+   interfaces =  {{ ansible_default_ipv4.address }}/24  127.0.0.1/8
+
+# Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf 
+   hosts deny = 0.0.0.0/0
+   hosts allow = 192.168.0.0/16 10.0.0.0/8 127.0.0.0/8
+
+# Only bind to the named interfaces and/or networks; you must use the
+# 'interfaces' option above to use this.
+# It is recommended that you enable this feature if your Samba machine is
+# not protected by a firewall or is a firewall itself.  However, this
+# option cannot handle dynamic or non-broadcast interfaces correctly.
+#
+# Notice:
+# If bind interfaces only is set and the network address 127.0.0.1 is not added to the 
+# interfaces parameter list smbpasswd(8) may not work as expected due to the reasons 
+# covered below.
+#
+# Default: bind interfaces only = no
+   bind interfaces only = yes
+
+
+#### Debugging/Accounting ####
+
+# This tells Samba to use a separate log file for each machine
+# that connects
+;   log file = /var/log/samba/log.%m
+   log file = /var/log/samba/%I.log
+
+# Cap the size of the individual log files (in KiB).
+;   max log size = 1000
+   max log size = 10000
+
+# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
+# Append syslog@1 if you want important messages to be sent to syslog too.
+   logging = file
+
+# Option 'log level' added to debian's default smb.conf 
+#
+# The value of the parameter (a astring) allows the debug level (logging level) to be 
+# specified in the smb.conf file.
+#
+# This parameter has been extended since the 2.2.x series, now it allows one to specify 
+# the debug level for multiple debug classes. This is to give greater flexibility in 
+# the configuration of the system.
+#
+# See manpage for implemented debug classes
+#
+# Default: log level = 0
+#
+# Example: log level = 3 passdb:5 auth:10 winbind:2
+   log level = 0
+
+# Do something sensible when Samba crashes: mail the admin a backtrace
+   panic action = /usr/share/samba/panic-action %d
+
+
+####### Authentication #######
+
+# Option 'ntlm auth' added to debian's default smb.conf 
+#
+# This parameter determines whether or not smbd(8) will attempt to authenticate
+# users using the NTLM encrypted password response for this local passdb (SAM
+# or account database).
+#
+# If disabled, both NTLM and LanMan authencication against the local passdb is
+# disabled.
+#
+# Note that these settings apply only to local users, authentication will still
+# be forwarded to and NTLM authentication accepted against any domain we are
+# joined to, and any trusted domain, even if disabled or if NTLMv2-only is
+# enforced here. To control NTLM authentiation for domain users, this must option
+# must be configured on each DC.
+#
+# By default with lanman auth set to no and ntlm auth set to ntlmv2-only only
+# NTLMv2 logins will be permited. Most clients support NTLMv2 by default, but some
+# older clients will require special configuration to use it.
+#
+# The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.
+#
+# The available settings are:
+#
+#    ntlmv1-permitted (alias yes) - Allow NTLMv1 and above for all clients.
+#
+#    ntlmv2-only (alias no) - Do not allow NTLMv1 to be used, but permit NTLMv2.
+#
+#    mschapv2-and-ntlmv2-only - Only allow NTLMv1 when the client promises that
+#    it is providing MSCHAPv2 authentication (such as the ntlm_auth tool).
+#
+#    disabled - Do not accept NTLM (or LanMan) authentication of any level, nor
+#    permit NTLM password changes.
+#
+# The default changed from yes to no with Samba 4.5. The default chagned again to
+# ntlmv2-only with Samba 4.7, however the behaviour is unchanged.
+#
+# Default: ntlm auth = ntlmv2-only
+   ntlm auth = ntlmv1-permitted
+
+# Server role. Defines in which mode Samba will operate. Possible
+# values are "standalone server", "member server", "classic primary
+# domain controller", "classic backup domain controller", "active
+# directory domain controller". 
+#
+# Most people will want "standalone server" or "member server".
+# Running as "active directory domain controller" will require first
+# running "samba-tool domain provision" to wipe databases and create a
+# new domain.
+   server role = standalone server
+
+   obey pam restrictions = yes
+
+# This boolean parameter controls whether Samba attempts to sync the Unix
+# password with the SMB password when the encrypted SMB password in the
+# passdb is changed.
+   unix password sync = yes
+
+# For Unix password sync to work on a Debian GNU/Linux system, the following
+# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
+# sending the correct chat script for the passwd program in Debian Sarge).
+   passwd program = /usr/bin/passwd %u
+   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+
+# This boolean controls whether PAM will be used for password changes
+# when requested by an SMB client instead of the program listed in
+# 'passwd program'. The default is 'no'.
+   pam password change = yes
+
+# This option controls how unsuccessful authentication attempts are mapped
+# to anonymous connections
+   map to guest = bad user
+
+# Option 'username map' added to debian's default smb.conf 
+#
+   username map = /etc/samba/users.map
+
+########## Domains ###########
+
+#
+# The following settings only takes effect if 'server role = primary
+# classic domain controller', 'server role = backup domain controller'
+# or 'domain logons' is set 
+#
+
+# It specifies the location of the user's
+# profile directory from the client point of view) The following
+# required a [profiles] share to be setup on the samba server (see
+# below)
+;   logon path = \\%N\profiles\%U
+# Another common choice is storing the profile in the user's home directory
+# (this is Samba's default)
+#   logon path = \\%N\%U\profile
+
+# The following setting only takes effect if 'domain logons' is set
+# It specifies the location of a user's home directory (from the client
+# point of view)
+;   logon drive = H:
+#   logon home = \\%N\%U
+
+# The following setting only takes effect if 'domain logons' is set
+# It specifies the script to run during logon. The script must be stored
+# in the [netlogon] share
+# NOTE: Must be store in 'DOS' file format convention
+;   logon script = logon.cmd
+
+# This allows Unix users to be created on the domain controller via the SAMR
+# RPC pipe.  The example command creates a user account with a disabled Unix
+# password; please adapt to your needs
+; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
+
+# This allows machine accounts to be created on the domain controller via the 
+# SAMR RPC pipe.  
+# The following assumes a "machines" group exists on the system
+; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
+
+# This allows Unix groups to be created on the domain controller via the SAMR
+# RPC pipe.  
+; add group script = /usr/sbin/addgroup --force-badname %g
+
+############ Misc ############
+
+# Using the following line enables you to customise your configuration
+# on a per machine basis. The %m gets replaced with the netbios name
+# of the machine that is connecting
+;   include = /home/samba/etc/smb.conf.%m
+
+# Some defaults for winbind (make sure you're not using the ranges
+# for something else.)
+;   idmap config * :              backend = tdb
+;   idmap config * :              range   = 3000-7999
+;   idmap config YOURDOMAINHERE : backend = tdb
+;   idmap config YOURDOMAINHERE : range   = 100000-999999
+;   template shell = /bin/bash
+
+# Setup usershare options to enable non-root users to share folders
+# with the net usershare command.
+
+# Maximum number of usershare. 0 means that usershare is disabled.
+#   usershare max shares = 100
+
+# Allow users who've been granted usershare privileges to create
+# public shares, not just authenticated ones
+   usershare allow guests = yes
+
+#======================= Share Definitions =======================
+
+# {{ ansible_managed }}
+
+[homes]
+   comment = Home Directories
+   browseable = no
+
+# By default, the home directories are exported read-only. Change the
+# next parameter to 'no' if you want to be able to write to them.
+   read only = no
+
+# File creation mask is set to 0700 for security reasons. If you want to
+# create files with group=rw permissions, set next parameter to 0775.
+   create mask = 0700
+
+# Directory creation mask is set to 0700 for security reasons. If you want to
+# create dirs. with group=rw permissions, set next parameter to 0775.
+   directory mask = 0700
+
+# By default, \\server\username shares can be connected to by anyone
+# with access to the samba server.
+# The following parameter makes sure that only "username" can connect
+# to \\server\username
+# This might need tweaking when using external authentication schemes
+   valid users = %S
+
+# Un-comment the following and create the netlogon directory for Domain Logons
+# (you need to configure Samba to act as a domain controller too.)
+;[netlogon]
+;   comment = Network Logon Service
+;   path = /home/samba/netlogon
+;   guest ok = yes
+;   read only = yes
+
+# Un-comment the following and create the profiles directory to store
+# users profiles (see the "logon path" option above)
+# (you need to configure Samba to act as a domain controller too.)
+# The path below should be writable by all users so that their
+# profile directory may be created the first time they log on
+;[profiles]
+;   comment = Users profiles
+;   path = /home/samba/profiles
+;   guest ok = no
+;   browseable = no
+;   create mask = 0600
+;   directory mask = 0700
+
+{% for item in samba_shares | default([]) %}
+
+[{{ item.name }}]
+{%  if item.comment is defined and item.comment|length > 0 %}
+   comment = {{ item.comment }}
+{%  else %}
+   comment = {{ item.name }}
+{% endif %}
+   path = {{ item.path }}
+
+{%  if item.browseable is defined and item.browseable|length > 0 %}
+   browseable = {{ item.browseable|string }}
+{%  else %}
+   browseable = yes
+{%  endif %}
+{%  if item.read_only is defined and item.read_only|length > 0  %}
+   read only = {{ item.read_only|string }}
+{%  else %}
+   read only = no
+{%  endif %}
+{%  if item.writeable is defined and item.writeable |length > 0 %}
+   writeable = {{ item.writeable }}
+{%  else %}
+   writeable = yes
+{%  endif %}
+
+{%  if item.guest_ok is defined and item.guest_ok|length > 0  %}
+   guest ok = {{ item.guest_ok }}
+
+{%    endif %}
+   create mask = {{ item.file_create_mask | default('0660') }}
+   force create mode = {{ item.file_create_mask | default('0660') }}
+   directory mask = {{ item.dir_create_mask | default('2770') }}
+   force directory mode = {{ item.dir_create_mask | default('2770') }}
+
+{%-  if item.valid_users is defined and item.valid_users|length > 0 %}
+
+   # can login into that share
+   valid users = {{ item.valid_users }}
+{%  elif item.group_valid_users is defined and item.group_valid_users|length > 0 %}
+
+   # can login into that share
+   valid users = @{{ item.group_valid_users }}
+{%    endif %}
+{%-  if item.group_write_list is defined and item.group_write_list|length > 0 %}
+
+   # allow to write
+   write list = @{{ item.group_write_list }}
+
+   force group = +{{ item.group_write_list }}
+{%    endif %}
+{%   if item.vfs_object_recycle is defined and item.vfs_object_recycle|bool %}
+{%      if item.recycle_path is defined and item.recycle_path|length > 0  %}
+
+   vfs objects = recycle
+   recycle:keeptree = yes
+   # touch access time from this file
+   # note: this is not the modified time, which is
+   #       outdatet by ls-command
+   # so yo can delete files older then n day with the following command:
+   #    find  /data/samba/share/<share>/.Trash -atime +<n> -exec rm -rf {} \;
+   #
+   recycle:touch = yes
+   recycle:touch_mtime = no
+   recycle:versions = yes
+   recycle:directory_mode = 2770
+
+   # - Dateien gößer als 10MB werden nicht
+   #recycle:maxsize = 10485760  # around 10MB
+
+   # - Keine Begrenzung der Dateigröße.
+   recycle:maxsize = 0
+
+   recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
+   recycle:excludedir = /tmp,/temp,/cache,.Trash
+   recycle:repository = {{ item.recycle_path | default('@Recycle.Bin') }}
+
+   # - This is a list of files and directories that are neither visible nor accessible. 
+   # - Each entry in the list must be separated by a '/', which allows spaces to be 
+   # - included in the entry. '*' and '?' can be used to  specify multiple files or
+   # - directories as in DOS wildcards.
+   # -
+   veto files = /{{ item.recycle_path | default('@Recycle.Bin') }}/.DS_Store/
+   delete veto files = yes
+{%       else %}
+
+{%       endif %}
+{%    else %}
+
+{%    endif %}
+
+{% endfor %}
+
+;[printers]
+;   comment = All Printers
+;   browseable = no
+;   path = /var/spool/samba
+;   printable = yes
+;   guest ok = no
+;   read only = yes
+;   create mask = 0700
+
+# Windows clients look for this share name as a source of downloadable
+# printer drivers
+;[print$]
+;   comment = Printer Drivers
+;   path = /var/lib/samba/printers
+;   browseable = yes
+;   read only = yes
+;   guest ok = no
+# Uncomment to allow remote administration of Windows print drivers.
+# You may need to replace 'lpadmin' with the name of the group your
+# admin users are members of.
+# Please note that you also need to set appropriate Unix permissions
+# to the drivers directory for these users to have write rights in it
+;   write list = root, @lpadmin
+