update..

2024-01-15 01:08:11 +01:00
parent c04e3070cd
commit b009cf5787
24 changed files with 501 additions and 31 deletions
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -34,7 +34,66 @@ locales:
  - en_US.UTF-8
  - de_DE.UTF-8

-set_default_limit_nofile: false
+#copy_plain_files_security_limits: []
+copy_plain_files_security_limits:
+
+  # /etc/security/limits.d/*.conf
+  #
+  - name: 90-user-NOFILE.conf
+    src_path: etc/security/limits.d/90-user-NOFILE.conf
+    dest_path: /etc/security/limits.d/90-user-NOFILE.conf
+
+
+#copy_plain_files_systemd: []
+copy_plain_files_systemd:
+
+  # /etc/systemd/system.conf.d/*.conf
+  #
+  - name: DefaultLimitNOFILE
+    src_path: etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf
+    dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf
+
+  - name: DefaultTasksMax
+    src_path: etc/systemd/system.conf.d/20-DefaultTasksMax.conf
+    dest_path: /etc/systemd/system.conf.d/20-DefaultTasksMax.conf
+
+  - name: DefaultLimitCORE
+    src_path: etc/systemd/system.conf.d/20-DefaultLimitCORE.conf
+    dest_path: /etc/systemd/system.conf.d/20-DefaultLimitCORE.conf
+
+  - name: DefaultLimitNPROC
+    src_path: etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf
+    dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf
+
+  - name: DefaultLimitRTPRIO
+    src_path: etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf
+    dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf
+
+  - name: DefaultLimitRTTIME
+    src_path: etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf
+    dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf
+
+
+#copy_plain_files_journald: []
+copy_plain_files_journald:
+
+   - name: SystemMaxUse
+     src_path: etc/systemd/journald.conf.d/50-SystemMaxUse.conf
+     dest_path: /etc/systemd/journald.conf.d/50-SystemMaxUse.conf
+
+   - name: SystemMaxFileSize
+     src_path: etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf
+     dest_path: /etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf
+
+   - name: MaxFileSec
+     src_path: etc/systemd/journald.conf.d/50-MaxFileSec.conf
+     dest_path: /etc/systemd/journald.conf.d/50-MaxFileSec.conf
+
+
+
+#copy_plain_files_sysctl: []
+
+#set_default_limit_nofile: false


 # ==========
--- a/group_vars/flr.yml
+++ b/group_vars/flr.yml
@ -17,6 +17,77 @@ sshd_permit_root_login: !!str "yes"
 # ==========


+# ---
+# vars used by roles/common/tasks/systemd-resolved.yml
+# ---
+
+systemd_resolved: true
+
+# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
+#   Primäre DNS-Adresse: 38.132.106.139
+#   Sekundäre DNS-Adresse: 194.187.251.67
+#
+# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
+#   primäre DNS-Adresse
+#      IPv4: 1.1.1.1
+#      IPv6: 2606:4700:4700::1111
+#   sekundäre DNS-Adresse
+#      IPv4: 1.0.0.1
+#      IPv6: 2606:4700:4700::1001
+#
+# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
+#   primäre DNS-Adresse
+#      IPv4: 8.8.8.8
+#      IPv6: 2001:4860:4860::8888
+#   sekundäre DNS-Adresse
+#      IPv4: 8.8.4.4
+#      IPv6: 2001:4860:4860::8844
+#
+# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
+#   primäre DNS-Adresse
+#      IPv4: 9.9.9.9
+#      IPv6: 2620:fe::fe
+#   sekundäre DNS-Adresse
+#      IPv4: 149.112.112.112
+#      IPv6: 2620:fe::9
+#
+# OpenNIC - https://www.opennic.org/
+#      IPv4: 195.10.195.195 - ns31.de
+#      IPv4: 94.16.114.254  - ns28.de
+#      IPv4: 51.254.162.59  - ns9.de
+#      IPv4: 194.36.144.87  - ns29.de
+#      IPv6: 2a00:f826:8:2::195 - ns31.de
+#
+# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
+#    IPv4: 5.1.66.255
+#    IPv6: 2001:678:e68:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    IPv4: 185.150.99.255
+#    IPv6: 2001:678:ed0:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
+resolved_nameserver:
+  - 192.168.102.1
+
+# search domains
+#
+# If there are more than one search domains, then specify them here in the order in which
+# the resolver should also search them
+#
+#resolved_domains: []
+resolved_domains:
+  - ~.
+  - flr.netz
+
+resolved_dnssec: false
+
+# dns.as250.net: 194.150.168.168
+#
+resolved_fallback_nameserver:
+   - 172.16.102.254
+
+
+
 # ==========
 # vars used by roles/common/tasks/git.yml
 # ==========
--- a/group_vars/mbr.yml
+++ b/group_vars/mbr.yml
@ -454,6 +454,13 @@ nis_user:
 #    is_samba_user: true
 #    password: 'YZ_bgn_2020!'

+  - name: praktikum.bgn1
+    groups:
+      - all-users
+      - buero-scan
+    is_samba_user: true
+    password: 'MPL_baerin_20!'
+
  - name: ulf.balmer
    groups:
      - all-users