ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2023-06-28 16:12:39 +02:00
parent 401b8b1bbe
commit 91ef9394f8
9 changed files with 354 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
group_vars/all/main.yml
View File

@ -876,6 +876,75 @@ apt_remove_jammy: []
apt_remove_purge: false apt_remove_purge: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: false
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
resolved_nameserver:
- 195.10.195.195
- 1.1.1.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- oopen.de
resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ========== # ==========
# vars used by roles/common/tasks/git.yml # vars used by roles/common/tasks/git.yml
# ========== # ==========

8
group_vars/mbr.yml
View File

@ -427,6 +427,14 @@ nis_user:
is_samba_user: true is_samba_user: true
password: 'frueh_FREI_22!' password: 'frueh_FREI_22!'
- name: karim.kahn
groups:
- all-users
- buero-scan
- bgn
is_samba_user: true
password: 'g6Gb/J.fZU9F'
- name: laura.berner - name: laura.berner
groups: groups:
- all-users - all-users

8
group_vars/sprachenatelier.yml
View File

@ -204,6 +204,13 @@ nis_user:
is_samba_user: true is_samba_user: true
password: '100978' password: '100978'
- name: lena
groups:
- no-backup
- buero
is_samba_user: true
password: '6-uXi-wc/CM3'
- name: lara - name: lara
groups: groups:
- intern - intern
@ -456,6 +463,7 @@ samba_shares:
- jessica - jessica
- konstantin - konstantin
- lara - lara
- lena
- linda - linda
- margit - margit
- mariam - mariam

68
host_vars/file-akb.akb.netz.yml
View File

@ -56,6 +56,74 @@ network_interfaces:
set_default_limit_nofile: true set_default_limit_nofile: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
resolved_nameserver:
- 192.168.82.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- akb.netz
resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
# vars used by roles/common/tasks/sshd.yml # vars used by roles/common/tasks/sshd.yml
# --- # ---

79
host_vars/gw-akb.oopen.de.yml Normal file
View File

@ -0,0 +1,79 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
set_default_limit_nofile: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- akb.netz
resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168

5
roles/common/handlers/main.yml
View File

@ -89,4 +89,7 @@
name: pure-ftpd name: pure-ftpd
state: restarted state: restarted
- name: Restart systemd-resolved
service:
name: systemd-resolved
state: restarted

12
roles/common/tasks/main.yml
View File

@ -31,6 +31,18 @@
tags: apt tags: apt
# tags supported inside systemd-resolved.yml
#
# systemd-resolved
- import_tasks: systemd-resolved.yml
tags:
- systemd-resolved
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] > "11"
- systemd_resolved is defined and systemd_resolved|bool
# tags supportetd inside git.yml # tags supportetd inside git.yml
# #
# git-default-repositories # git-default-repositories

76
roles/common/tasks/systemd-resolved.yml Normal file
View File

@ -0,0 +1,76 @@
---
# ---
# Set some facts
# ---
- name: (systemd-resolved.yml) Set fact_resolved_nameserver (blank separated list)
set_fact:
fact_resolved_nameserver: "{{ resolved_nameserver | join (' ') }}"
when:
- resolved_nameserver is defined and resolved_nameserver | length > 0
tags:
- systemd-resolved
- name: (systemd-resolved.yml) Set fact_resolved_fallback_nameserver (blank separated list)
set_fact:
fact_resolved_fallback_nameserver: "{{ resolved_fallback_nameserver | join (' ') }}"
when:
- resolved_fallback_nameserver is defined and resolved_fallback_nameserver | length > 0
tags:
- systemd-resolved
- name: (systemd-resolved.yml) Set fact_resolved_domains (blank separated list)
set_fact:
fact_resolved_domains: "{{ resolved_domains | join (' ') }}"
when:
- resolved_domains is defined and resolved_domains | length > 0
tags:
- systemd-resolved
# ---
# Install/Enable systemd-resolved package
# ---
- name: (systemd-resolved.yml) Ensure systemd-resolved package is installed.
package:
pkg: systemd-resolved
state: present
when:
- systemd_resolved is defined and systemd_resolved|bool
tags:
- systemd-resolved
- name: (systemd-services.yml) Enable service
systemd:
name: systemd-resolved
enabled: true
when:
- systemd_resolved is defined and systemd_resolved|bool
tags:
- systemd-resolved
# ---
# Create configuration for systemd-resolved
# ---
- name: (systemd-resolved.yml) Ensure directory '/etc/systemd/resolved.conf.d' exists
file:
path: /etc/systemd/resolved.conf.d
state: directory
mode: 0755
group: root
owner: root
- name: (systemd-resolved.yml) Create/Update file '/etc/systemd/resolved.conf.d/50-resolved-local.conf' from template sshd_config.j2
template:
src: etc/systemd/resolved.conf.d/50-resolved-local.conf
dest: /etc/systemd/resolved.conf.d/50-resolved-local.conf
owner: root
group: root
mode: 0644
notify: "Restart systemd-resolved"

30
roles/common/templates/etc/systemd/resolved.conf.d/50-resolved-local.conf Normal file
View File

@ -0,0 +1,30 @@
# *** ---------------------------------------------- ***
# *** ***
# {{ ansible_managed }}
# *** ***
# *** ---------------------------------------------- ***
[Resolve]
{% if (fact_resolved_nameserver is defined) and fact_resolved_nameserver %}
DNS={{ fact_resolved_nameserver}}
{% else %}
#DNS=
{% endif -%}
{% if (fact_resolved_fallback_nameserver is defined) and fact_resolved_fallback_nameserver %}
FallbackDNS={{ fact_resolved_fallback_nameserver }}
{% else %}
#FallbackDNS=
{% endif -%}
{% if (fact_resolved_domains is defined) and fact_resolved_domains %}
Domains={{ fact_resolved_domains }}
{% else %}
#Domains=
{% endif -%}
{% if (resolved_dnssec is defined) and resolved_dnssec %}
DNSSEC={{ resolved_dnssec }}
{% else %}
#Domains=
{% endif %}