--- # ========== # vars used by roles/common/tasks/basic.yml # ========== # ========== # vars used by roles/common/tasks/sshd.yml # ========== sshd_permit_root_login: !!str "prohibit-password" # ========== # vars used by roles/common/tasks/apt.yml # ========== # ========== # vars used by roles/common/tasks/git.yml # ========== # ========== # vars used by roles/common/tasks/cups-install.yml # ========== # ========== # vars used by roles/common/tasks/ntp.yml # ========== # name or ip-adress from the (local) ntp server, mostly the gateway # ntp_server: gw-mbr.mbr-bln.netz # ========== # vars used by roles/common/tasks/nfs.yml # ========== nfs_server: 192.168.112.10 nfs_start_servers: 64 # Set 'fs_encrypted' to true if filesystem lives on an encrypted # partition. # # NOTE !! # Take car to increase 'fsid' in case of more than one export # nfs_exports: - src: 192.168.112.10:/data/home path: /data/home mount_opts: users,rsize=8192,wsize=8192,hard,intr export_opt: rw,root_squash,sync,subtree_check export_networks: - 192.168.112.0/24 - 10.0.112.0/24 - 10.1.112.0/24 - 192.168.63.0/24 use_fsid_option: true - src: 192.168.112.10:/data/shares path: /data/shares mount_opts: users,rsize=8192,wsize=8192,hard,intr export_opt: rw,root_squash,sync,subtree_check export_networks: - 192.168.112.0/24 - 10.0.112.0/24 - 10.1.112.0/24 - 192.168.63.0/24 use_fsid_option: true # ========== # vars used by roles/common/tasks/system-user.yml # ========== # ! Notice ! # # On NIS supported Server put your users and groups in the # appropriate section for playbook 'nis-user.yml' # # ! Notice ! remove_system_users: [] #remove_system_users: # - name: test # - name: jennifer.prost system_users: [] #system_users: # - name: sysadm # password: '9xFXkdPR_2' system_groups: [] base_home: /home # ========== # vars used by roles/common/tasks/nis-install-server.yml # vars used by roles/common/tasks/nis-user.yml # vars used by roles/common/tasks/nis-install-client.yml # ========== # used by templates # - yp.conf.j2 # - defaultdomain.j2 nis_domain: mbr-bln.netz # also used by template # - yp.conf.j2 nis_server_address: 192.168.112.10 nis_server_name: file-mbr.mbr-bln.netz nis_base_home: /data/home nis_groups: - name: technik group_id: 1100 - name: mbr-buero group_id: 1200 - name: mbr-finanzen-personal group_id: 1210 - name: mbr-kamera group_id: 1250 - name: mbr-admins group_id: 1260 - name: ag-antisem group_id: 1270 - name: vdk group_id: 1300 - name: rias-berlin group_id: 1400 - name: rias-berlin-finanzen-personal group_id: 1420 - name: rias-bund group_id: 1430 - name: rias-bund-finanzen-personal group_id: 1410 - name: bgn group_id: 1500 - name: bgn-finanzen-personal group_id: 1510 - name: regishut group_id: 1600 - name: regishut-personal-finanzen group_id: 1610 - name: buero-scan group_id: 1700 - name: bmb group_id: 1800 - name: all-users group_id: 1900 - name: betriebsrat group_id: 2000 - name: direx group_id: 2100 - name: direx-personal-finanzen group_id: 2110 # !! Don't forgrt to delete also user konfiguration in this file !! # ================================================================= # #remove_nis_users: [] # !! Don't forgrt du delete also user konfiguration in this file !! # ================================================================= # #remove_nis_users: # - name: test # - name: jennifer.prost # - name: alexander.rasumny # - name: alexander.steder # - name: andreas.nowak # - name: bgn_mitarbeiter_in_3 # - name: bianca.loy # - name: carolin # - name: colin.kaggl # - name: daniel.poensgen # - name: dora.streibl # - name: felix.mueller # - name: franz.mohorn # - name: frederick.kannenberg # - name: hamid.mohseni # - name: honorar.rias1 # - name: isabella.greif # - name: isabell.wiesner # - name: jennifer.pross # - name: johannes.radke # - name: julius.gruber # - name: katharina.zachrau # - name: kristina.holzapfel # - name: laura.berner # - name: leah.vauth # - name: leeor.fink # - name: leonie.rupp # - name: lokaladmin # - name: marco.siegmund # - name: michael.sulies # - name: michael.trube # - name: praktikum.rias1 # - name: praktikum.rias2 # - name: sabine.kritter # - name: tanja.kinzel # - name: theresa.kuehnert # - name: till.hendlmeier # - name: vanessa.gelardo nis_user: - name: chris groups: - technik - mbr-buero - mbr-finanzen-personal - mbr-kamera - mbr-admins - ag-antisem - vdk - rias-berlin - rias-berlin-finanzen-personal - rias-bund - rias-bund-finanzen-personal - bgn - bgn-finanzen-personal - regishut - regishut-personal-finanzen - buero-scan - bmb - all-users - betriebsrat - direx - direx-personal-finanzen is_samba_user: true password: !vault | $ANSIBLE_VAULT;1.1;AES256 35653838343532663632326462656437363665316337316336316335383263633630616638313736 3937666561356232666136646435613361336437303637360a353561316633373265323931623565 32643966373962313334343565643130373535353238316161623837333130353231343332663930 3638386337333636390a393738373935646638383237373663376434366361363938346335663438 6637 # - name: lokaladmin # groups: # - technik # - mbr-buero # - mbr-finanzen-personal # - mbr-kamera # - mbr-admins # - ag-antisem # - vdk # - rias-berlin # - rias-berlin-finanzen-personal # - rias-bund # - rias-bund-finanzen-personal # - bgn # - bgn-finanzen-personal # - regishut # - regishut-personal-finanzen # - buero-scan # - bmb # - all-users # - betriebsrat # - direx # - direx-personal-finanzen # is_samba_user: true # password: 'd4r1usz' - name: sysadm groups: - technik - mbr-buero - mbr-finanzen-personal - mbr-kamera - mbr-admins - ag-antisem - vdk - rias-berlin - rias-berlin-finanzen-personal - rias-bund - rias-bund-finanzen-personal - bgn - bgn-finanzen-personal - regishut - regishut-personal-finanzen - buero-scan - bmb - all-users - betriebsrat - direx - direx-personal-finanzen is_samba_user: true password: 'KPk_Wf2F' - name: axis groups: - mbr-kamera is_samba_user: true password: '20_axis_16' - name: scan groups: - buero-scan is_samba_user: true password: '20scan13' # --- # Technik # --- - name: pierre.ahrent groups: - all-users - buero-scan - technik is_samba_user: true password: 'GYiI3-s/_7wG' # --- # Verwaltung # --- - name: anne groups: - all-users - buero-scan - vdk - bgn - bgn-finanzen-personal - mbr-buero - mbr-finanzen-personal - rias-bund - rias-bund-finanzen-personal - rias-berlin - rias-berlin-finanzen-personal - regishut - regishut-personal-finanzen is_samba_user: true password: 'YA!LiLiC0MP5' - name: bianca groups: - all-users - buero-scan - technik - ag-antisem - vdk - bgn - bgn-finanzen-personal - bmb - mbr-buero - mbr-finanzen-personal - rias-bund - rias-bund-finanzen-personal - rias-berlin - rias-berlin-finanzen-personal - regishut - regishut-personal-finanzen - direx - direx-personal-finanzen is_samba_user: true password: '73_BiBole_29' - name: birgit.erhardt groups: - all-users - buero-scan - vdk - bgn - bgn-finanzen-personal - mbr-buero - rias-bund - rias-bund-finanzen-personal - rias-berlin - rias-berlin-finanzen-personal is_samba_user: true password: '20_purpel!rain_17' - name: christina.wendt groups: - all-users - buero-scan - vdk - bgn - bgn-finanzen-personal - mbr-buero - mbr-finanzen-personal - rias-bund - rias-bund-finanzen-personal - rias-berlin - rias-berlin-finanzen-personal - regishut - regishut-personal-finanzen - direx - direx-personal-finanzen is_samba_user: true password: '8!Varianten' - name: janine.budich groups: - all-users - buero-scan - technik - ag-antisem - vdk - bgn - bgn-finanzen-personal - bmb - mbr-buero - mbr-finanzen-personal - rias-bund - rias-bund-finanzen-personal - rias-berlin - rias-berlin-finanzen-personal - regishut - regishut-personal-finanzen - direx - direx-personal-finanzen is_samba_user: true password: 'LoS_r3f_20_AS!' - name: luise.schirmer groups: - all-users - buero-scan - mbr-buero - vdk - direx - direx-personal-finanzen is_samba_user: true password: 'AfZg3-9S/4IX' - name: swetlana.nikitenko groups: - all-users - buero-scan - vdk - bgn-finanzen-personal - mbr-finanzen-personal - rias-bund-finanzen-personal - rias-berlin - rias-berlin-finanzen-personal - regishut-personal-finanzen - direx-personal-finanzen is_samba_user: true password: 'Ji53-dA.nwGz' # --- # BgN # --- - name: daniel.weber groups: - all-users - buero-scan - bgn - mbr-buero is_samba_user: true password: 'KQ+y-+9s/aL4' - name: karim.khan groups: - all-users - buero-scan - bgn - bgn-finanzen-personal - technik is_samba_user: true password: 'g6Gb/J.fZU9F' - name: katja.teich groups: - all-users - buero-scan - bgn - bgn-finanzen-personal - mbr-buero is_samba_user: true password: 'C+j3.w5.NJCI' - name: katrin.breston groups: - all-users - buero-scan - direx - mbr-buero - vdk is_samba_user: true password: 'nA-y.I6ReJ-M' - name: praktikum.bgn1 groups: - all-users - buero-scan is_samba_user: true password: 'MPL_baerin_20!' - name: stephanie.kammler groups: - all-users - buero-scan - vdk - bgn-finanzen-personal - rias-berlin-finanzen-personal - regishut-personal-finanzen - direx-personal-finanzen is_samba_user: true password: 'u-hw7.IMoQut' # - mbr-buero # - bgn # - mbr-finanzen-personal # - rias-bund # - rias-berlin # - regishut # - direx - name: ulf.balmer groups: - all-users - buero-scan - technik - bgn - bgn-finanzen-personal - mbr-buero is_samba_user: true password: 'ALL3_e6ene#' # --- # BMB # --- # - name: jennifer.pross # groups: # - all-users # - buero-scan # - bmb # is_samba_user: true # password: 'V-S9Y/R+Am7H' # --- # MBR # --- - name: anna.mueller1 groups: - all-users - buero-scan - technik - mbr-buero - direx - direx-personal-finanzen is_samba_user: true password: '5xp5ll9ar13us!' - name: doku.mbr2 groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: '*M0ss4d*' - name: doku.mbr4 groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'PwmNvPh9KM4T' - name: doku.mbr5 groups: - all-users - buero-scan - betriebsrat - mbr-buero is_samba_user: true password: 'G6Hz.ev/e24E' - name: florian.heuermann groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'i4/x3S-TJk.P' - name: franziska.schilling groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'L.35c-CgvZn3' - name: honorar.mbr1 groups: - all-users - buero-scan - mbr-buero - direx is_samba_user: true password: '_F313r4b3nd*' - name: honorar.mbr2 groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'kQviLU-4rA_2' - name: ljiljana.heise groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'Ib_k/c75W-u6' - name: judith.heinmueller groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 't32_aHxV.' - name: kathrin.hain groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'H/T3X_3M_c9R' - name: kerstin.kuballa groups: - all-users - buero-scan - ag-antisem - mbr-buero - direx-personal-finanzen is_samba_user: true password: 'sVY2_2t+a+db' - name: laura.poerzgen groups: - all-users - ag-antisem - buero-scan - mbr-buero - regishut is_samba_user: true password: 's9U.3xo-5Vq6' - name: manja.kasten groups: - all-users - betriebsrat - buero-scan - mbr-buero is_samba_user: true password: 'Rasili_&n' - name: mathias groups: - all-users - buero-scan - ag-antisem - mbr-buero is_samba_user: true password: 'p3r*45p3r4*4d*45tr4m' - name: matthias.mueller groups: - all-users - buero-scan - ag-antisem - mbr-buero is_samba_user: true password: 'V1v@H@f3rdr1nk' - name: nazanin.bakhschy groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'I.E7X.cUd-cc' - name: nina.rink groups: - all-users - betriebsrat - buero-scan - mbr-buero is_samba_user: true password: 'BMW_mobit_2020!' - name: praktikum.mbr1 groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: '2001_RAT_urban!' - name: praktikum.mbr2 groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: '20praktikum213' # - name: samuel.signer # groups: # - all-users # - buero-scan # - mbr-buero # is_samba_user: true # password: 'S4mmyC0mput3r!' - name: simon groups: - all-users - buero-scan - ag-antisem - betriebsrat - mbr-buero is_samba_user: true password: 'S4u3rkr4ut!' - name: stefan.jung groups: - all-users - buero-scan - mbr-buero is_samba_user: true password: 'q9.mL5-a-aYA' # --- # RIAS Berlin und Bund # --- - name: benjamin groups: - all-users - buero-scan - technik - ag-antisem - rias-bund - rias-bund-finanzen-personal - rias-berlin - rias-berlin-finanzen-personal is_samba_user: true password: 'C2-0U#ch' - name: christian.obermueller groups: - all-users - buero-scan - ag-antisem - rias-berlin is_samba_user: true password: 'i6...rs2ILRn' - name: jonas.empen groups: - all-users - buero-scan - rias-berlin is_samba_user: true password: 'GN-E.fd6w6n%' - name: julia.kopp groups: - all-users - buero-scan - ag-antisem - rias-bund - rias-berlin - rias-berlin-finanzen-personal is_samba_user: true password: '-a2%3bTzkW.A' - name: ruth.hatlapa groups: - all-users - buero-scan - technik - ag-antisem - rias-bund - rias-berlin - rias-berlin-finanzen-personal is_samba_user: true password: 'q2Sc.C7-6hZR' # --- # Regishut # --- - name: alexander.lorenz.milord groups: - all-users - buero-scan - technik - regishut - regishut-personal-finanzen is_samba_user: true password: 'R3GI_20_poliz_!' - name: christin.sommerfeld groups: - all-users - buero-scan - regishut - regishut-personal-finanzen - direx-personal-finanzen is_samba_user: true password: 'bbMIQ.3/gZ3s' - name: lilith.daxner groups: - all-users - buero-scan - regishut is_samba_user: true password: 'n2Ud7kwA-M-c' - name: mischa.luy groups: - all-users - buero-scan - regishut - regishut-personal-finanzen - technik - direx-personal-finanzen is_samba_user: true password: 'V-V3/2usuzjq' # ========== # vars used by roles/common/tasks/samba-install.yml # ========== samba_server: file-mbr.mbr-bln.netz samba_server_ip: 192.168.112.10 samba_server_cidr_prefix: 24 # ========== # vars used by roles/common/tasks/samba-user.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - remove_system_users: roles/common/tasks/system-user.yml # - remove_nis_users: roles/common/tasks/nis-install-server.yml # - nis_user: roles/common/tasks/nis-install-server.yml # ========== # vars used by roles/common/tasks/mount_samba_shares.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - nis_user: roles/common/tasks/nis-install-server.yml samba_workgroup: MBR samba_netbios_name: FILE-MBR samba_shares: # --- # Bürogemeinschaft # --- - name: Buero-Organisation path: /data/shares/Buero-Organisation group_valid_users: all-users group_write_list: all-users file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Install path: /data/shares/Install group_valid_users: mbr-admins group_write_list: mbr-admins file_create_mask: '0660' dir_create_mask: '2770' - name: Kamera path: /data/shares/Kamera group_valid_users: mbr-kamera group_write_list: mbr-kamera file_create_mask: '0660' dir_create_mask: '2770' - name: SCAN path: /data/shares/SCAN group_valid_users: buero-scan group_write_list: buero-scan file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Technik-und-Sicherheit path: /data/shares/Technik-und-Sicherheit group_valid_users: technik group_write_list: technik file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: AG-Antisemitismus path: /data/shares/AG-Antisemitismus group_valid_users: ag-antisem group_write_list: ag-antisem file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # --- # VDK # --- - name: Arbeitsrechtliches path: /data/shares/Arbeitsrechtliches group_valid_users: vdk group_write_list: vdk file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Finanzen path: /data/shares/Finanzen group_valid_users: vdk group_write_list: vdk file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: VDK path: /data/shares/VDK group_valid_users: vdk group_write_list: vdk file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Betriebsrat path: /data/shares/Betriebsrat group_valid_users: betriebsrat group_write_list: betriebsrat file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # --- # BgN # --- - name: BGN-Finanzen-Personal path: /data/shares/BGN-Finanzen-Personal group_valid_users: bgn-finanzen-personal group_write_list: bgn-finanzen-personal file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Mobilisierungsplattform path: /data/shares/Mobilisierungsplattform group_valid_users: bgn group_write_list: bgn file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # --- # BMB # --- - name: BMB path: /data/shares/BMB group_valid_users: bmb group_write_list: bmb file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # --- # MBR # --- - name: MBR-Finanzen-Personal path: /data/shares/MBR-Finanzen-Personal group_valid_users: mbr-finanzen-personal group_write_list: mbr-finanzen-personal file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: BVV-Projekt path: /data/shares/BVV-Projekt group_valid_users: mbr-buero group_write_list: mbr-buero file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: MBR path: /data/shares/MBR group_valid_users: mbr-buero group_write_list: mbr-buero file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Video path: /data/shares/Video group_valid_users: mbr-buero group_write_list: mbr-buero file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # --- # RIAS # --- - name: RIAS-Berlin path: /data/shares/RIAS-Berlin group_valid_users: rias-berlin group_write_list: rias-berlin file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: RIAS-Berlin-Finanzen-Personal path: /data/shares/RIAS-Berlin-Finanzen-Personal group_valid_users: rias-berlin-finanzen-personal group_write_list: rias-berlin-finanzen-personal file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: RIAS-Bund path: /data/shares/RIAS-Bund group_valid_users: rias-bund group_write_list: rias-bund file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: RIAS-Bund-Finanzen-Personal path: /data/shares/RIAS-Bund-Finanzen-Personal group_valid_users: rias-bund-finanzen-personal group_write_list: rias-bund-finanzen-personal file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # --- # Regishut # --- - name: Regishut path: /data/shares/Regishut group_valid_users: regishut group_write_list: regishut file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: Regishut-Personal-Finanzen path: /data/shares/Regishut-Personal-Finanzen group_valid_users: regishut-personal-finanzen group_write_list: regishut-personal-finanzen file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # --- # DiRex - Direkte Intervention bei Rechtsextremismus, Rassismus und Antisemitismus in der Schule" # --- - name: DiRex path: /data/shares/DiRex group_valid_users: direx group_write_list: direx file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' - name: DiRex-Personal-Finanzen path: /data/shares/DiRex-Personal-Finanzen group_valid_users: direx-personal-finanzen group_write_list: direx-personal-finanzen file_create_mask: '0660' dir_create_mask: '2770' vfs_object_recycle: true recycle_path: '@Recycle.Bin' # ========== # vars used by roles/common/tasks/system-user-systemfiles.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - system_users: roles/common/tasks/system-user.yml # ========== # vars used by roles/common/tasks/nis-user-systemfiles.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - nis_user: roles/common/tasks/nis-install-server.yml # ========== # vars used by roles/common/tasks/sudoers-pc.yml # ========== sudo_pc_users: - chris - sysadm - lokaladmin # ========== # vars used by roles/common/tasks/sudoers-server.yml # ========== # ========== # vars used by roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml # vars used by roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml # ========== # ========== # vars used by roles/common/tasks/luks.yml # ==========