Compare commits
3 Commits
a4fe2d3bad
...
7ff25744b5
| Author | SHA1 | Date | |
|---|---|---|---|
| 7ff25744b5 | |||
| ae412af1d2 | |||
| 2f5300f53f |
@@ -420,6 +420,8 @@ nis_user:
|
|||||||
password: '20-wieb.ke/24_%'
|
password: '20-wieb.ke/24_%'
|
||||||
|
|
||||||
|
|
||||||
|
samba_homes_virusfilter: true
|
||||||
|
|
||||||
# ==========
|
# ==========
|
||||||
# vars used by roles/common/tasks/samba-install.yml
|
# vars used by roles/common/tasks/samba-install.yml
|
||||||
# ==========
|
# ==========
|
||||||
|
|||||||
+8
-1
@@ -382,6 +382,7 @@ nis_user:
|
|||||||
|
|
||||||
- name: kirstin
|
- name: kirstin
|
||||||
groups:
|
groups:
|
||||||
|
- amif
|
||||||
- team
|
- team
|
||||||
- aktion-mensch
|
- aktion-mensch
|
||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
@@ -419,6 +420,12 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: '20_son+keng-25.%'
|
password: '20_son+keng-25.%'
|
||||||
|
|
||||||
|
- name: victoria
|
||||||
|
groups:
|
||||||
|
- amif
|
||||||
|
is_samba_user: true
|
||||||
|
password: '20.vic-to-ria/25%'
|
||||||
|
|
||||||
- name: vincent
|
- name: vincent
|
||||||
groups:
|
groups:
|
||||||
- team
|
- team
|
||||||
@@ -440,7 +447,7 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: '20-ver-wal-tung%23!'
|
password: '20-ver-wal-tung%23!'
|
||||||
|
|
||||||
|
samba_homes_virusfilter: true
|
||||||
|
|
||||||
|
|
||||||
# ==========
|
# ==========
|
||||||
|
|||||||
@@ -404,6 +404,18 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: '8!Varianten'
|
password: '8!Varianten'
|
||||||
|
|
||||||
|
- name: hendrik.roth
|
||||||
|
groups:
|
||||||
|
- all-users
|
||||||
|
- buero-scan
|
||||||
|
- bgn-finanzen-personal
|
||||||
|
- mbr-finanzen-personal
|
||||||
|
- rias-berlin-finanzen-personal
|
||||||
|
- regishut-personal-finanzen
|
||||||
|
- direx-personal-finanzen
|
||||||
|
is_samba_user: true
|
||||||
|
password: 'H-S.tG3/wV46'
|
||||||
|
|
||||||
- name: janine.budich
|
- name: janine.budich
|
||||||
groups:
|
groups:
|
||||||
- all-users
|
- all-users
|
||||||
@@ -438,6 +450,18 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: 'AfZg3-9S/4IX'
|
password: 'AfZg3-9S/4IX'
|
||||||
|
|
||||||
|
- name: olga.masson
|
||||||
|
groups:
|
||||||
|
- all-users
|
||||||
|
- buero-scan
|
||||||
|
- bgn-finanzen-personal
|
||||||
|
- mbr-finanzen-personal
|
||||||
|
- rias-berlin-finanzen-personal
|
||||||
|
- regishut-personal-finanzen
|
||||||
|
- direx-personal-finanzen
|
||||||
|
is_samba_user: true
|
||||||
|
password: '6.7.mQ-sPE.o'
|
||||||
|
|
||||||
- name: swetlana.nikitenko
|
- name: swetlana.nikitenko
|
||||||
groups:
|
groups:
|
||||||
- all-users
|
- all-users
|
||||||
@@ -669,6 +693,14 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: 't32_aHxV.'
|
password: 't32_aHxV.'
|
||||||
|
|
||||||
|
- name: katharina.mueller
|
||||||
|
groups:
|
||||||
|
- all-users
|
||||||
|
- buero-scan
|
||||||
|
- mbr-buero
|
||||||
|
is_samba_user: true
|
||||||
|
password: '6.3b-5Vy/7-3'
|
||||||
|
|
||||||
- name: kathrin.hain
|
- name: kathrin.hain
|
||||||
groups:
|
groups:
|
||||||
- ag-antisem
|
- ag-antisem
|
||||||
@@ -730,6 +762,7 @@ nis_user:
|
|||||||
- all-users
|
- all-users
|
||||||
- buero-scan
|
- buero-scan
|
||||||
- mbr-buero
|
- mbr-buero
|
||||||
|
- technik
|
||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: 'I.E7X.cUd-cc'
|
password: 'I.E7X.cUd-cc'
|
||||||
|
|
||||||
@@ -782,6 +815,14 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: 'q9.mL5-a-aYA'
|
password: 'q9.mL5-a-aYA'
|
||||||
|
|
||||||
|
- name: tirza.seene
|
||||||
|
groups:
|
||||||
|
- all-users
|
||||||
|
- buero-scan
|
||||||
|
- mbr-buero
|
||||||
|
is_samba_user: true
|
||||||
|
password: '7a9-7Rz-Rc2p'
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# RIAS Berlin und Bund
|
# RIAS Berlin und Bund
|
||||||
# ---
|
# ---
|
||||||
@@ -951,6 +992,8 @@ nis_user:
|
|||||||
password: 'RmMq-3Z--2.2'
|
password: 'RmMq-3Z--2.2'
|
||||||
|
|
||||||
|
|
||||||
|
samba_homes_virusfilter: true
|
||||||
|
|
||||||
|
|
||||||
# ==========
|
# ==========
|
||||||
# vars used by roles/common/tasks/samba-install.yml
|
# vars used by roles/common/tasks/samba-install.yml
|
||||||
|
|||||||
@@ -177,6 +177,13 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: 'spa2014'
|
password: 'spa2014'
|
||||||
|
|
||||||
|
- name: genia
|
||||||
|
groups:
|
||||||
|
- intern
|
||||||
|
- buero
|
||||||
|
is_samba_user: true
|
||||||
|
password: '240481'
|
||||||
|
|
||||||
- name: isadora
|
- name: isadora
|
||||||
groups:
|
groups:
|
||||||
- intern
|
- intern
|
||||||
@@ -340,100 +347,7 @@ nis_user:
|
|||||||
is_samba_user: true
|
is_samba_user: true
|
||||||
password: '300195'
|
password: '300195'
|
||||||
|
|
||||||
|
samba_homes_virusfilter: true
|
||||||
# deleted users
|
|
||||||
#
|
|
||||||
# - name: marei
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '220792'
|
|
||||||
#
|
|
||||||
# - name: virginia
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '160292'
|
|
||||||
#
|
|
||||||
# - name: alina
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '140686'
|
|
||||||
#
|
|
||||||
# - name: hannah
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '28031973'
|
|
||||||
#
|
|
||||||
# - name: kristin
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '49371'
|
|
||||||
#
|
|
||||||
# - name: thea
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '060995'
|
|
||||||
#
|
|
||||||
# - name: katrine
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '200290'
|
|
||||||
#
|
|
||||||
# - name: daniel
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '210984'
|
|
||||||
#
|
|
||||||
# - name: andrea
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# - lpadmin
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: 'kurse2010'
|
|
||||||
#
|
|
||||||
# - name: tali
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '220686'
|
|
||||||
#
|
|
||||||
# - name: eva
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '250791'
|
|
||||||
#
|
|
||||||
# - name: mariam
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '240991'
|
|
||||||
#
|
|
||||||
# - name: simone
|
|
||||||
# groups:
|
|
||||||
# - intern
|
|
||||||
# - buero
|
|
||||||
# is_samba_user: true
|
|
||||||
# password: '031189'
|
|
||||||
|
|
||||||
|
|
||||||
# ==========
|
# ==========
|
||||||
|
|||||||
@@ -198,7 +198,6 @@
|
|||||||
- samba-server
|
- samba-server
|
||||||
- samba-virusfilter
|
- samba-virusfilter
|
||||||
|
|
||||||
|
|
||||||
- name: (samba-config-server.yml) Configure AppArmor local profile for clamd (data paths)
|
- name: (samba-config-server.yml) Configure AppArmor local profile for clamd (data paths)
|
||||||
template:
|
template:
|
||||||
src: etc/apparmor.d/local/usr.sbin.clamd.j2
|
src: etc/apparmor.d/local/usr.sbin.clamd.j2
|
||||||
@@ -206,7 +205,9 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: Reload AppArmor profile clamd
|
notify:
|
||||||
|
- Reload AppArmor profile clamd
|
||||||
|
- Restart clamav-daemon
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['samba_server']
|
- inventory_hostname in groups['samba_server']
|
||||||
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
|
- samba_shares | selectattr('vfs_object_virusfilter', 'defined') |
|
||||||
@@ -214,7 +215,7 @@
|
|||||||
tags:
|
tags:
|
||||||
- samba-server
|
- samba-server
|
||||||
- samba-virusfilter
|
- samba-virusfilter
|
||||||
|
|
||||||
- name: (samba-config-server.yml) Ensure AllowAllMatchScan is enabled in clamd.conf
|
- name: (samba-config-server.yml) Ensure AllowAllMatchScan is enabled in clamd.conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/clamav/clamd.conf
|
path: /etc/clamav/clamd.conf
|
||||||
@@ -316,7 +317,7 @@
|
|||||||
register: clean_samba_trash_dirs
|
register: clean_samba_trash_dirs
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['samba_server']
|
- inventory_hostname in groups['samba_server']
|
||||||
tags: [ samba-server, samba-cron ]
|
tags: [samba-server, samba-cron]
|
||||||
|
|
||||||
- name: (samba-config-server.yml) Creates a cron job for cleaning up samba trash dirs
|
- name: (samba-config-server.yml) Creates a cron job for cleaning up samba trash dirs
|
||||||
ansible.builtin.cron:
|
ansible.builtin.cron:
|
||||||
@@ -332,7 +333,7 @@
|
|||||||
- inventory_hostname in groups['samba_server']
|
- inventory_hostname in groups['samba_server']
|
||||||
- clean_samba_trash_exists.stat.exists | bool
|
- clean_samba_trash_exists.stat.exists | bool
|
||||||
- (clean_samba_trash_dirs.found | int) > 0
|
- (clean_samba_trash_dirs.found | int) > 0
|
||||||
tags: [ samba-server, samba-cron ]
|
tags: [samba-server, samba-cron]
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# Cronjob for setting permissions on samba shares
|
# Cronjob for setting permissions on samba shares
|
||||||
@@ -344,7 +345,7 @@
|
|||||||
register: set_permissions_on_samba_shares_exists
|
register: set_permissions_on_samba_shares_exists
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['samba_server']
|
- inventory_hostname in groups['samba_server']
|
||||||
tags: [ samba-server, samba-cron ]
|
tags: [samba-server, samba-cron]
|
||||||
|
|
||||||
- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
|
- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
@@ -353,7 +354,7 @@
|
|||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['samba_server']
|
- inventory_hostname in groups['samba_server']
|
||||||
- set_permissions_on_samba_shares_exists.stat.exists | bool
|
- set_permissions_on_samba_shares_exists.stat.exists | bool
|
||||||
tags: [ samba-server, samba-cron ]
|
tags: [samba-server, samba-cron]
|
||||||
|
|
||||||
- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs
|
- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs
|
||||||
ansible.builtin.cron:
|
ansible.builtin.cron:
|
||||||
@@ -368,7 +369,7 @@
|
|||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['samba_server']
|
- inventory_hostname in groups['samba_server']
|
||||||
- (clean_samba_trash_dirs.found | int) > 0 # << int -> bool
|
- (clean_samba_trash_dirs.found | int) > 0 # << int -> bool
|
||||||
tags: [ samba-server, samba-cron ]
|
tags: [samba-server, samba-cron]
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# Samba clients
|
# Samba clients
|
||||||
|
|||||||
@@ -342,7 +342,10 @@
|
|||||||
virusfilter:cache entry limit = 1000
|
virusfilter:cache entry limit = 1000
|
||||||
virusfilter:cache time limit = 60
|
virusfilter:cache time limit = 60
|
||||||
|
|
||||||
virusfilter:max file size = 26214400
|
# Dateigröße: Was wird gescannt?
|
||||||
|
#virusfilter:max file size = 52428800 # 50 MB max
|
||||||
|
#virusfilter:max file size = 26214400 # 25 MB max
|
||||||
|
virusfilter:max file size = 15728640 # 15 MB max
|
||||||
virusfilter:min file size = 10
|
virusfilter:min file size = 10
|
||||||
|
|
||||||
virusfilter:scan on open = yes
|
virusfilter:scan on open = yes
|
||||||
@@ -522,7 +525,8 @@
|
|||||||
|
|
||||||
# Dateigröße: Was wird gescannt?
|
# Dateigröße: Was wird gescannt?
|
||||||
#virusfilter:max file size = 52428800 # 50 MB max
|
#virusfilter:max file size = 52428800 # 50 MB max
|
||||||
virusfilter:max file size = 26214400 # 25 MB max
|
#virusfilter:max file size = 26214400 # 25 MB max
|
||||||
|
virusfilter:max file size = 15728640 # 15 MB max
|
||||||
virusfilter:min file size = 10 # unter 10 Byte ignorieren
|
virusfilter:min file size = 10 # unter 10 Byte ignorieren
|
||||||
|
|
||||||
# Scan-Zeitpunkt: nur beim Öffnen, nicht beim Schließen
|
# Scan-Zeitpunkt: nur beim Öffnen, nicht beim Schließen
|
||||||
|
|||||||
Reference in New Issue
Block a user