--- ansible_python_interpreter: /usr/bin/python3 # ========== # vars used by roles/ansible_dependencies # ========== apt_ansible_dependencies: - apt-transport-https - ca-certificates - dbus - lsb-release - mc - net-tools - openssl - python-apt-common - python3 - python3-apt - software-properties-common - sudo - vim - vlan # ========== # vars used by roles/common/tasks/basic.yml # ========== time_zone: Europe/Berlin locales: - en_US.UTF-8 - de_DE.UTF-8 set_default_limit_nofile: false # ========== # vars used by roles/common/tasks/sshd.yml # ========== sshd_ports: - 22 sshd_listen_address: - '::' - '0.0.0.0' sshd_host_keys: - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key sshd_max_startups: !!str "10:30:100" sshd_max_auth_tries: 3 sshd_max_sessions: 10 # only for debian version <= 9 # sshd_use_privilege_separation: !!str "sandbox" sshd_permit_root_login: !!str "prohibit-password" sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2" sshd_pubkey_authentication: !!str "yes" sshd_password_authentication: !!str "yes" sshd_use_pam: !!str "yes" #sshd_allowed_users: # - chris # - sysadm sshd_allowed_users: {} sshd_print_motd: !!str "no" sshd_use_dns: !!str "no" sshd_gateway_ports: !!str "no" # sshd_kexalgorithms # # Example: # sshd_kexalgorithms: # - curve25519-sha256@libssh.org # - diffie-hellman-group-exchange-sha256 # - diffie-hellman-group14-sha1 # #sshd_kexalgorithms: {} sshd_hostkeyalgorithms: - ssh-ed25519 - ssh-ed25519-cert-v01@openssh.com - rsa-sha2-256 - rsa-sha2-512 - rsa-sha2-256-cert-v01@openssh.com - rsa-sha2-512-cert-v01@openssh.com # sshd_kexalgorithms # # Example: # sshd_ciphers: # - chacha20-poly1305@openssh.com # - aes256-gcm@openssh.com # - aes256-ctr #sshd_ciphers: {} sshd_ciphers: - chacha20-poly1305@openssh.com - aes256-gcm@openssh.com - aes128-gcm@openssh.com - aes256-ctr - aes192-ctr - aes128-ctr #sshd_macs: {} sshd_macs: - hmac-sha2-256-etm@openssh.com - hmac-sha2-512-etm@openssh.com - umac-128-etm@openssh.com # ========== # vars used by roles/common/tasks/apt.yml # ========== apt_manage_sources_list: true apt_src_enable: false apt_backports_enable: true apt_debian_mirror: http://ftp.de.debian.org/debian/ apt_debian_contrib_nonfree_enable: true # Ubuntu mirror apt_ubuntu_mirror: http://archive.ubuntu.com/ubuntu apt_update_cache_valid_time: 3600 apt_upgrade: true apt_update: true apt_clean: true apt_autoremove: true apt_dpkg_configure: true apt_upgrade_type: dist apt_upgrade_dpkg_options: - force-confdef - force-confold apt_initial_install_stretch: - apt-transport-https - dbus - openssh-server - rssh - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - exuberant-ctags - mime-support - file - coreutils - moreutils - less - realpath - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.24 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man-db - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - wakeonlan apt_initial_install_buster: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.28 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - wakeonlan apt_initial_install_bullseye: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - cron - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - universal-ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.32 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline-dev - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh - lua5.4 - btrfs-progs - fdisk apt_initial_install_xenial: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.22 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - ifupdown - socat apt_initial_install_bionic: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.26 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - ifupdown - socat microcode_intel_package: - intel-microcode microcode_amd_package: - amd64-microcode firmware_packages_ubuntu: - linux-firmware firmware_packages_debian: - firmware-linux firmware_non_free_packages_debian: - firmware-linux-nonfree apt_install_state: latest apt_remove: - apt-transport-tor - tor - tor-geoipdb - torsocks apt_remove_xenial: [] apt_remove_bionic: [] apt_remove_purge: false # ========== # vars used by roles/common/tasks/git.yml # ========== # --- # default # --- git_default_repositories: # script repositories (destination /root/bin/) - name: admin-stuff repo: https://git.oopen.de/script/admin-stuff dest: /root/bin/admin-stuff # --- # group [file_server] # --- git_oopen_server_repositories: # install repositories (destination: /usr/local/src/) # mailsystem - name: mailsystem repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem # script repositories (destination /root/bin/) # Monitoring - name: monitoring repo: https://git.oopen.de/script/monitoring dest: /root/bin/monitoring # script repositories (destination /root/bin/) - name: backup-rcopy repo: https://git.oopen.de/backup/backup-rcopy dest: /root/crontab/backup-rcopy # --- # group [samba_server] # --- git_samba_repositories: # script repositories (destination /root/bin/) - name: samba repo: https://git.oopen.de/script/samba dest: /root/bin/samba # --- # group [gateway_server] # --- git_gateway_repositories: # install repositories (destination: /usr/local/src/) # mailsystem - name: mailsystem repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem # firewall - name: ipt-gateway repo: https://git.oopen.de/firewall/ipt-gateway dest: /usr/local/src/ipt-gateway # script repositories (destination /root/bin/) # Monitoring - name: monitoring repo: https://git.oopen.de/script/monitoring dest: /root/bin/monitoring # ========== # vars used by roles/common/tasks/cups-install.yml # ========== apt_install_server_cups: - cups apt_install_client_cups: - cups - cups-client - cups-common - cups-ppdc - cups-bsd - cups-filters-ippusbxd - lsb-printing - hpijs-ppds - printer-driver-hpcups # ========== # vars used by roles/common/tasks/ntp.yml # ========== # name or ip-adress from the (local) ntp server, mostly the gateway # ntp_server: {} # ========== # vars used by roles/common/tasks/nfs.yml # ========== nfs_server: {} # Set 'fs_encrypted' to true if filesystem lives on an encrypted # partition. # # NOTE !! # Take car to increase 'fsid' in case of more than one export # #nfs_exports: # - src: 192.168.112.10:/data/home # path: /data/home # mount_opts: users,rsize=8192,wsize=8192,hard,intr # export_opt: rw,root_squash,sync,subtree_check # export_networks: # - 192.168.112.0/24 # - 10.0.112.0/24 # - 10.1.112.0/24 # - 192.168.63.0/24 # use_fsid_option: true # nfs_exports: [] # ========== # vars used by roles/common/tasks/pure-ftpd-install.yml # ========== pureftpd_global_config_file: /etc/default/pure-ftpd-common pureftpd_config_dir: /etc/pure-ftpd pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf" pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth" pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db" pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt" pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem pureftpd_packages: - pure-ftpd-common - pure-ftpd # pure-ftpd-common.j2 pureftpd_global_config_mode: standalone pureftpd_global_config_virtualchroot: false pureftpd_global_config_uploadscript: '' pureftpd_global_config_uploaduid: '' pureftpd_global_config_uploadgid: '' pureftpd_config: AltLog: 'clf:/var/log/pure-ftpd/transfer.log' AnonymousCantUpload: 'yes' Bind: ',21' CustomerProof: 'yes' DisplayDotFiles: 'yes' DontResolve: 'yes' FSCharset: 'UTF-8' ForcePassiveIP: '' MaxDiskUsage: '80' MinUID: '1000' NoAnonymous: 'yes' PAMAuthentication: 'no' PassivePortRange: '50000 50400' ProhibitDotFilesRead: 'no' ProhibitDotFilesWrite: 'yes' PureDB: '/etc/pure-ftpd/pureftpd.pdb' SyslogFacility: 'ftp' TLS: '1' TLSCipherSuite: 'HIGH' UnixAuthentication: 'no' # # Available properties # # Available properties # AllowAnonymousFXP: 'no' # AllowUserFXP: 'no' # AltLog: 'clf:/var/log/pure-ftpd/transfer.log' # AnonymousBandwidth: '8' # AnonymousCanCreateDirs: 'no' # AnonymousCantUpload: 'yes' # AnonymousOnly: 'no' # AnonymousRatio: '1 10' # AntiWarez: 'yes' # AutoRename: 'no' # Bind: '127.0.0.1,21' # BrokenClientsCompatibility: 'no' # CallUploadScript: 'yes' # ChrootEveryone: 'yes' # ClientCharset: 'UTF-8' # CreateHomeDir: 'yes' # CustomerProof: 'yes' # Daemonize: 'yes' # DisplayDotFiles: 'yes' # DontResolve: 'yes' # ExtAuth: /var/run/ftpd.sock # ForcePassiveIP: '192.168.0.1' # FortunesFile: '/etc/pure-ftpd/cookie' # FSCharset: 'utf8' # IPV4Only: 'yes' # IPV6Only: 'yes' # KeepAllFiles: 'yes' # LDAPConfigFile: /etc/pureftpd-ldap.conf # LimitRecursion: '10000 8' # LogPID: 'yes' # MaxClientsNumber: '10' # MaxClientsPerIP: "{{ ansible_processor_cores }}" # MaxDiskUsage: '80' # MaxIdleTime: '15' # MaxLoad: '4' # MinUID: '1000' # MySQLConfigFile: /etc/pure-ftpd/mysql.conf # NoAnonymous: 'yes' # NoChmod: 'yes' # NoRename: 'yes' # NoTruncate: 'yes' # PAMAuthentication: 'no' # PassivePortRange: '30000 50000' # PerUserLimits: '3 20' # PGSQLConfigFile: /etc/pureftpd-pgsql.conf # PIDFile: '/var/run/pure-ftpd.pid' # ProhibitDotFilesRead: 'yes' # ProhibitDotFilesWrite: 'yes' # PureDB: /etc/pure-ftpd/pureftpd.pdb # Quota: '1000 10' # SyslogFacility: 'ftp' # TLS: '0' # TLSCipherSuite: 'ALL:!aNULL:!SSLv3' # TrustedIP: '10.1.1.1' # Umask: '113 002' # UnixAuthentication: 'no' # UserBandwidth: '8' # UserRatio: '1 10' # VerboseLog: 'no' pureftpd_auth_puredb: 50 pureftpd_auth_mysql: 0 pureftpd_auth_postgresql: 0 pureftpd_auth_ldap: 0 pureftpd_auth_unix: 65 pureftpd_auth_pam: 70 # Default FTP user/group pureftpd_virtual_users_group: nobody pureftpd_virtual_users_user: nogroup # pureftpd_virtual_users_gid: '65534' # pureftpd_virtual_users_uid: '65534' #pureftpd_virtual_users: # # Available properties # - name: vuser1 # password: p4ssW0rd # homedir: /var/ftp/vuser1 # uid: 2000 # gid: 2000 # quota_files: 2000 # quota_size: 500 # bandwidth_ul: 5 # bandwidth_dl: 5 # ratio_ul: 10 # ratio_dl: 1 pureftpd_virtual_users: [] #pureftpd_virtual_deleted_users: # # Available properties # - name: vuser2 pureftpd_virtual_deleted_users: [] pureftpd_virtual_users_import: false # pureftpd_tls_certificate_method # # possible values: # - generate # - certbot - Not YET integrated # - upload - Not YET integrated # pureftpd_tls_certificate_method: 'generate' # for method 'generate' # # # Available properties # #pureftpd_tls_certificate_openssl: # size: 4096 # days: 365 # fqdn: ftp.example.com # country: 'DE' # state: 'Berlin' # locality: 'Berlin' # organization: 'O.OPEN' # unit: 'Network services' # pureftpd_tls_certificate_openssl: [] # ========== # vars used by roles/common/tasks/system-user.yml # ========== # ! Notice ! # # On NIS supported Server put your users and groups in the # appropriate section for playbook 'nis-user.yml' # # ! Notice ! remove_system_users: [] #remove_system_users: # - name: test # - name: jennifer.prost system_users: [] #system_users: # - name: sysadm # password: '9xFXkdPR_2' system_groups: [] # ========== # vars used by roles/common/tasks/nis-install-server.yml # vars used by roles/common/tasks/nis-user.yml # vars used by roles/common/tasks/nis-install-client.yml # ========== # used by templates # - yp.conf.j2 # - defaultdomain.j2 # # example: # nis_domain: sprachenatelier.netz # nis_domain: {} # also used by template # - yp.conf.j2 # example: # nis_server_address: 192.168.92.10 # nis_server_address: {} #nis_server_name: file-spr.sprachenatelier.netz # nis_server_name: file-mbr.mbr-bln.netz nis_common_packages: - nis - nscd nis_base_home: /data/home #nis_groups: # - name: intern # group_id: 1100 # - name: buero # group_id: 1110 # - name: no-backup # group_id: 1120 # nis_groups: [] #remove_nis_users: # - name: test # - name: jennifer.prost remove_nis_users: [] #nis_user: # - anahit # groups: # - intern # - buero # is_samba_user: true # password: '150290' # # - name: andrea # groups: # - intern # - buero # - lpadmin # is_samba_user: true # password: 'kurse2010' # nis_user: [] # ========== # vars used by roles/common/tasks/samba-install.yml # vars used by roles/common/tasks/samba-user.yml # vars used by roles/common/tasks/mount_samba_shares.yml # ========== apt_install_server_samba: - samba - nscd # samba_workgroup # # example: # samba_workgroup: MBR # samba_workgroup: {} # samba_netbios_name # # example: # samba_netbios_name: FILE-MBR # samba_netbios_name: {} # samba_server_min_protocol # samba_server_min_protocol: {} samba_groups: [] # samba_user: # - name: chris # groups: # - group1 # - group2 # password: 'H-.T/TvN5S9J' # samba_user: [] # remove_samba_users: # - name: name1 # - name: name2 # remove_samba_users: [] # samba_shares # # samba_shares: # - name: Arbeitsrechtliches # comment: # path: /data/shares/Arbeitsrechtliches # browseable: !!str yes # read_only: !!str no # writeable: !!str yes # guest_ok: !!str no # file_create_mask: !!str 0660 # dir_create_mask: !!str 2770 # valid_users: '%S' # group_valid_users: mbr-finanzen # group_write_list: mbr-finanzen # vfs_object_recycle: true # recycle_path: '@Recycle.Bin' # samba_shares: [] samba_cronjob_trash_dirs: name: Clean up Samba Trash Dirs minute: "02" hour: "23" day: "*" month: "*" weekday: '*' user: root job: "/root/bin/samba/clean_samba_trash.sh" samba_cronjob_permissions: name: Set (group and access) Permissons for Samba shares minute: "14" hour: "23" day: "*" month: "*" weekday: '*' user: root job: "/root/bin/samba/set_permissions_samba_shares.sh" # ========== # vars used by roles/common/tasks/samba-user.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - remove_system_users: roles/common/tasks/system-user.yml # - remove_nis_users: roles/common/tasks/nis-install-server.yml # - nis_user: roles/common/tasks/nis-install-server.yml # ========== # vars used by roles/common/tasks/mount_samba_shares.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - nis_user: roles/common/tasks/nis-install-server.yml # ========== # vars used by roles/common/tasks/system-user-systemfiles.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - system_users: roles/common/tasks/system-user.yml # ========== # vars used by roles/common/tasks/nis-user-systemfiles.yml # ========== # ! Notice ! # # variables used from other previos sections: # # - nis_user: roles/common/tasks/nis-install-server.yml # ========== # vars used by roles/common/tasks/sudoers-pc.yml # ========== sudo_pc_users: - chris - sysadm - lokaladmin # /etc/sudoers # sudoers_pc_defaults: - env_reset - mail_badpass - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' sudoers_pc_host_aliases: [] sudoers_pc_user_aliases: [] sudoers_pc_cmnd_aliases: [] sudoers_pc_runas_aliases: [] sudoers_pc_user_privileges: - name: root entry: 'ALL=(ALL:ALL) ALL' sudoers_pc_group_privileges: [] # /etc/sudoers.d/50-user # sudoers_pc_file_defaults: [] sudoers_pc_file_host_aliases: [] sudoers_pc_file_user_aliases: [] sudoers_pc_file_cmnd_aliases: - name: MOUNT entry: '/bin/mount,/bin/umount' sudoers_pc_file_runas_aliases: [] # ========== # vars used by roles/common/tasks/sudoers-server.yml # ========== sudo_server_users: - chris - sysadm # /etc/sudoers # sudoers_server_defaults: - env_reset - mail_badpass - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' sudoers_server_host_aliases: [] sudoers_server_user_aliases: [] sudoers_server_cmnd_aliases: [] sudoers_server_runas_aliases: [] sudoers_server_user_privileges: - name: root entry: 'ALL=(ALL:ALL) ALL' sudoers_server_group_privileges: [] sudoers_server_remove_user: - back - www-data # /etc/sudoers.d/50-user # sudoers_server_file_defaults: [] sudoers_server_file_host_aliases: [] sudoers_server_file_user_aliases: [] sudoers_server_file_cmnd_aliases: [] sudoers_server_file_runas_aliases: [] sudoers_server_file_user_back_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/rsync' - 'ALL=(root) NOPASSWD: /usr/bin/find' - 'ALL=(root) NOPASSWD: /usr/bin/realpath' sudoers_server_file_user_back_disk_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/which' - 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*' - 'ALL=(root) NOPASSWD: /sbin/fdisk' - 'ALL=(root) NOPASSWD: /sbin/sgdisk' - 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*' - 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*' - 'ALL=(root) NOPASSWD: /sbin/parted' - 'ALL=(root) NOPASSWD: /sbin/gdisk' # sudoers_server_file_user_privileges # - name: # entry: # - name : # entry: # - ... # sudoers_server_file_user_privileges: [] # sudoers_server_file_group_privileges # - name: # entry: # - name : # entry: # - ... # sudoers_server_file_group_privileges: [] # --- # vars used by cron.yml # --- cron_env_entries: [] #cron_env_entries: # - name: PATH # job: /root/bin/admin-stuff:/root/bin:usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin # # - name: SHELLforwarding # job: /bin/bash cron_user_entries: [] #cron_user_entries: # # - name: "Check if Postfix Mailservice is up and running?" # minute: "*/15" # job: /root/bin/monitoring/check_postfix.sh # # - name: "Check if SSH service is up and running?" # minute: "*/15" # job: /root/bin/monitoring/check_ssh.sh cron_user_special_time_entries: [] #cron_user_special_time_entries: # # - name: "Check if Postfix Service is running at boot time" # special_time: reboot # job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" # insertafter: PATH # ========== # vars used by roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml # vars used by roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml # ========== vnc_password: !vault | $ANSIBLE_VAULT;1.1;AES256 64383239623730396134656439333864323230323435653135636532346132656131336365346262 3566656435646336373037663566376661666136616534320a656239626537633034663137626136 64333161386533616337613538643535386463316664663936333439306364336330326331613437 6136613337313665350a366163313934643834353439346164666464623630613765373432383934 6265 # ========== # vars used by roles/common/tasks/luks.yml # ========== # Note! # # Define this vriable client specific in files # 'host_vars/' # luks_device: []