--- # ========== # vars used by roles/common/tasks/basic.yml # ========== # ========== # vars used by roles/common/tasks/sshd.yml # ========== sshd_permit_root_login: !!str "yes" # ========== # vars used by roles/common/tasks/apt.yml # ========== # --- # vars used by roles/common/tasks/systemd-resolved.yml # --- systemd_resolved: true # CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie # Primäre DNS-Adresse: 38.132.106.139 # Sekundäre DNS-Adresse: 194.187.251.67 # # Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen # primäre DNS-Adresse # IPv4: 1.1.1.1 # IPv6: 2606:4700:4700::1111 # sekundäre DNS-Adresse # IPv4: 1.0.0.1 # IPv6: 2606:4700:4700::1001 # # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit # primäre DNS-Adresse # IPv4: 8.8.8.8 # IPv6: 2001:4860:4860::8888 # sekundäre DNS-Adresse # IPv4: 8.8.4.4 # IPv6: 2001:4860:4860::8844 # # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug # primäre DNS-Adresse # IPv4: 9.9.9.9 # IPv6: 2620:fe::fe # sekundäre DNS-Adresse # IPv4: 149.112.112.112 # IPv6: 2620:fe::9 # # OpenNIC - https://www.opennic.org/ # IPv4: 195.10.195.195 - ns31.de # IPv4: 94.16.114.254 - ns28.de # IPv4: 51.254.162.59 - ns9.de # IPv4: 194.36.144.87 - ns29.de # IPv6: 2a00:f826:8:2::195 - ns31.de # # Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) # IPv4: 5.1.66.255 # IPv6: 2001:678:e68:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # IPv4: 185.150.99.255 # IPv6: 2001:678:ed0:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) resolved_nameserver: - 192.168.102.1 # search domains # # If there are more than one search domains, then specify them here in the order in which # the resolver should also search them # #resolved_domains: [] resolved_domains: - ~. - flr.netz resolved_dnssec: false # dns.as250.net: 194.150.168.168 # resolved_fallback_nameserver: - 172.16.102.254 # ========== # vars used by roles/common/tasks/git.yml # ========== # ========== # vars used by roles/common/tasks/ntp.yml # ========== # name or ip-adress from the (local) ntp server, mostly the gateway # ntp_server: gw-flr.flr.netz # ========== # vars used by roles/common/tasks/nfs.yml # ========== nfs_server: 192.168.102.10 nfs_start_servers: 16 # Set 'fs_encrypted' to true if filesystem lives on an encrypted # partition. # nfs_exports: - src: 192.168.102.10:/data/home path: /data/home mount_opts: users,rsize=8192,wsize=8192,hard,intr export_opt: rw,root_squash,sync,subtree_check export_networks: - 192.168.102.0/24 - 10.0.102.0/24 - 10.1.102.0/24 - 192.168.63.0/24 fs_encrypted: false use_fsid_option: true - src: 192.168.102.10:/data/samba path: /data/samba mount_opts: users,rsize=8192,wsize=8192,hard,intr export_opt: rw,root_squash,sync,subtree_check export_networks: - 192.168.102.0/24 - 10.0.102.0/24 - 10.1.102.0/24 - 192.168.63.0/24 fs_encrypted: false use_fsid_option: true # ========== # vars used by roles/common/tasks/pure-ftpd-install.yml # ========== # ========== # vars used by roles/common/tasks/system-user.yml # ========== # ! Notice ! # # On NIS supported Server put your users and groups in the # appropriate section for playbook 'nis-user.yml' # # ! Notice ! remove_system_users: [] system_users: [] #system_users: # - name: sysadm # password: '9xFXkdPR_2' system_groups: [] base_home: /home # ========== # vars used by roles/common/tasks/nis-install-server.yml # vars used by roles/common/tasks/nis-user.yml # vars used by roles/common/tasks/nis-install-client.yml # ========== # used by templates # - yp.conf.j2 # - defaultdomain.j2 nis_domain: flr.netz nis_server_address: 192.168.102.10 nis_server_name: file-flr.flr.netz nis_base_home: /data/home nis_groups: - name: team group_id: 1030 - name: esf-bleibnet group_id: 1031 - name: amif group_id: 1032 - name: quali group_id: 1033 - name: aktion-mensch group_id: 1034 - name: foerderung group_id: 1035 - name: buchhaltung group_id: 1036 - name: verwaltung group_id: 1037 - name: infrastruktur group_id: 1038 remove_nis_users: [] #remove_nis_users: # - name: test # - name: ivana nis_user: - name: chris groups: - team - esf-bleibnet - amif - quali - aktion-mensch - foerderung - buchhaltung - infrastruktur - verwaltung is_samba_user: true password: !vault | $ANSIBLE_VAULT;1.1;AES256 35653838343532663632326462656437363665316337316336316335383263633630616638313736 3937666561356232666136646435613361336437303637360a353561316633373265323931623565 32643966373962313334343565643130373535353238316161623837333130353231343332663930 3638386337333636390a393738373935646638383237373663376434366361363938346335663438 6637 - name: carla groups: - amif - foerderung - quali - team is_samba_user: true password: '20/car.la_24%' - name: joerdis groups: - team - esf-bleibnet - amif - quali - aktion-mensch - foerderung - buchhaltung - verwaltung is_samba_user: true password: '20-joer-dis_%24!' - name: mara groups: - foerderung - quali - team is_samba_user: true password: '20/mara_16!' - name: flr groups: - team - esf-bleibnet - amif - quali - aktion-mensch - foerderung - buchhaltung - verwaltung is_samba_user: true password: '20-flr-brb_18' - name: hannah groups: - team - esf-bleibnet - amif - quali - aktion-mensch - foerderung - buchhaltung - infrastruktur - verwaltung is_samba_user: true password: 'Y7ef%9+V_LoE' - name: henrike groups: - amif - quali - team is_samba_user: true password: '20%-hen-rike.22-!' - name: kamue groups: - team - esf-bleibnet - amif - quali - aktion-mensch - foerderung - buchhaltung - verwaltung is_samba_user: true password: '20_katha-mue%19' - name: lotta groups: - team - amif is_samba_user: true password: '20_lotta_15!' - name: mustafa groups: - team - aktion-mensch is_samba_user: true password: 'mu-20-sta-21_%!' - name: kirstin groups: - team - aktion-mensch is_samba_user: true password: '20_kir-17-stin!' - name: pierre groups: - team - esf-bleibnet is_samba_user: true password: '20_pierre16!20' - name: rola groups: - amif - team is_samba_user: true password: '20-ro-la%22!' - name: taraneh groups: - aktion-mensch - amif - buchhaltung - foerderung - team - verwaltung is_samba_user: true password: '20-amir-haeri.25!' - name: sonkeng groups: - team - esf-bleibnet is_samba_user: true password: '20_son+keng-25.%' - name: vincent groups: - team - esf-bleibnet - amif - quali - aktion-mensch - foerderung - buchhaltung - infrastruktur - verwaltung is_samba_user: true password: 'vin-20-cent_21!' - name: verwaltung-2 groups: - buchhaltung - verwaltung is_samba_user: true password: '20-ver-wal-tung%23!' # ========== # vars used by roles/common/tasks/samba-install.yml # ========== samba_server: file-flr.flr.netz samba_server_ip: 192.168.102.10 samba_server_cidr_prefix: 24 # ========== # vars used by roles/common/tasks/samba-user.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - remove_system_users: roles/common/tasks/system-user.yml # - remove_nis_users: roles/common/tasks/nis-install-server.yml # - nis_user: roles/common/tasks/nis-install-server.yml # ========== # vars used by roles/common/tasks/mount_samba_shares.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - nis_user: roles/common/tasks/nis-install-server.yml samba_workgroup: FLR samba_netbios_name: FILE-FLR samba_shares: - name: Team path: /data/samba/Team group_valid_users: team group_write_list: team file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: ESF-BleibNet path: /data/samba/ESF-BleibNet group_valid_users: esf-bleibnet group_write_list: esf-bleibnet file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: AMIF path: /data/samba/AMIF group_valid_users: amif group_write_list: amif file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Quali path: /data/samba/Quali group_valid_users: quali group_write_list: quali file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Aktion-Mensch path: /data/samba/Aktion-Mensch group_valid_users: aktion-mensch group_write_list: aktion-mensch file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Strukturfoerderung-und-Archiv-Projekte path: /data/samba/Strukturfoerderung-und-Archiv-Projekte group_valid_users: foerderung group_write_list: foerderung file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Buchhaltung path: /data/samba/Buchhaltung group_valid_users: buchhaltung group_write_list: buchhaltung file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Verwaltung path: /data/samba/Verwaltung group_valid_users: verwaltung group_write_list: verwaltung file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Infrastruktur path: /data/samba/Infrastruktur group_valid_users: infrastruktur group_write_list: infrastruktur file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Install path: /data/samba/Install group_valid_users: team group_write_list: team file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # ========== # vars used by roles/common/tasks/system-user-systemfiles.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - system_users: roles/common/tasks/system-user.yml # ========== # vars used by roles/common/tasks/nis-user-systemfiles.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - nis_user: roles/common/tasks/nis-install-server.yml # ========== # vars used by roles/common/tasks/sudoers-pc.yml # ========== sudo_pc_users: - chris - sysadm # ========== # vars used by roles/common/tasks/sudoers-server.yml # ========== # ========== # vars used by roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml # vars used by roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml # ========== # ========== # vars used by roles/common/tasks/luks.yml # ==========