ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
254fb31978
nis/group_vars/all/main.yml
Christoph 254fb31978 update..
2023-06-16 20:47:41 +02:00

1603 lines
27 KiB
YAML
Raw Blame History

---
ansible_python_interpreter: /usr/bin/python3
# ==========
# vars used by roles/ansible_dependencies
# ==========
apt_ansible_dependencies:
- apt-transport-https
- ca-certificates
- dbus
- lsb-release
- mc
- net-tools
- openssl
- python-apt-common
- python3
- python3-apt
- software-properties-common
- sudo
- vim
- vlan
# ==========
# vars used by roles/common/tasks/basic.yml
# ==========
time_zone: Europe/Berlin
locales:
- en_US.UTF-8
- de_DE.UTF-8
set_default_limit_nofile: false
# ==========
# vars used by roles/common/tasks/sshd.yml
# ==========
sshd_ports:
- 22
sshd_listen_address:
- '::'
- '0.0.0.0'
sshd_host_keys:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
sshd_max_startups: !!str "10:30:100"
sshd_max_auth_tries: 3
sshd_max_sessions: 10
# only for debian version <= 9
#
sshd_use_privilege_separation: !!str "sandbox"
sshd_permit_root_login: !!str "prohibit-password"
sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2"
sshd_pubkey_authentication: !!str "yes"
sshd_password_authentication: !!str "yes"
sshd_use_pam: !!str "yes"
#sshd_allowed_users:
# - chris
# - sysadm
sshd_allowed_users: {}
sshd_print_motd: !!str "no"
sshd_use_dns: !!str "no"
sshd_gateway_ports: !!str "no"
# sshd_kexalgorithms
#
# Example:
# sshd_kexalgorithms:
# - curve25519-sha256@libssh.org
# - diffie-hellman-group-exchange-sha256
# - diffie-hellman-group14-sha1
#
#sshd_kexalgorithms: {}
sshd_hostkeyalgorithms:
- ssh-ed25519
- ssh-ed25519-cert-v01@openssh.com
- rsa-sha2-256
- rsa-sha2-512
- rsa-sha2-256-cert-v01@openssh.com
- rsa-sha2-512-cert-v01@openssh.com
# sshd_kexalgorithms
#
# Example:
# sshd_ciphers:
# - chacha20-poly1305@openssh.com
# - aes256-gcm@openssh.com
# - aes256-ctr
#sshd_ciphers: {}
sshd_ciphers:
- chacha20-poly1305@openssh.com
- aes256-gcm@openssh.com
- aes128-gcm@openssh.com
- aes256-ctr
- aes192-ctr
- aes128-ctr
#sshd_macs: {}
sshd_macs:
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512-etm@openssh.com
- umac-128-etm@openssh.com
# ==========
# vars used by roles/common/tasks/apt.yml
# ==========
apt_manage_sources_list: true
apt_src_enable: false
apt_backports_enable: true
apt_debian_mirror: http://ftp.de.debian.org/debian/
apt_debian_contrib_nonfree_enable: true
# Ubuntu mirror
apt_ubuntu_mirror: http://archive.ubuntu.com/ubuntu
apt_update_cache_valid_time: 3600
apt_upgrade: true
apt_update: true
apt_clean: true
apt_autoremove: true
apt_dpkg_configure: true
apt_upgrade_type: dist
apt_upgrade_dpkg_options:
- force-confdef
- force-confold
apt_initial_install_stretch:
- apt-transport-https
- cryptsetup
- dbus
- openssh-server
- rssh
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- exuberant-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- realpath
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.24
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man-db
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- wakeonlan
apt_initial_install_buster:
- apt-transport-https
- cryptsetup
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.28
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- wakeonlan
apt_initial_install_bullseye:
- apt-transport-https
- cryptsetup
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- cron
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.32
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline-dev
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- zsh
- lua5.4
- btrfs-progs
- fdisk
apt_initial_install_bookworm:
- apt-transport-https
- cryptsetup
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- cron
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.32
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline-dev
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- zsh
- lua5.4
- btrfs-progs
- fdisk
apt_initial_install_xenial:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.22
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- ifupdown
- socat
apt_initial_install_jammy:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- exuberant-ctags
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- ifupdown
- socat
microcode_intel_package:
- intel-microcode
microcode_amd_package:
- amd64-microcode
firmware_packages_ubuntu:
- linux-firmware
firmware_packages_debian:
- firmware-linux
firmware_non_free_packages_debian:
- firmware-linux-nonfree
apt_install_state: latest
apt_remove:
- apt-transport-tor
- tor
- tor-geoipdb
- torsocks
apt_remove_xenial: []
apt_remove_bionic: []
apt_remove_jammy: []
apt_remove_purge: false
# ==========
# vars used by roles/common/tasks/git.yml
# ==========
# ---
# default
# ---
git_default_repositories:
# script repositories (destination /root/bin/)
- name: admin-stuff
repo: https://git.oopen.de/script/admin-stuff
dest: /root/bin/admin-stuff
# ---
# group [file_server]
# ---
git_oopen_server_repositories:
# install repositories (destination: /usr/local/src/)
# mailsystem
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# script repositories (destination /root/bin/)
# Monitoring
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# script repositories (destination /root/bin/)
- name: backup-rcopy
repo: https://git.oopen.de/backup/backup-rcopy
dest: /root/crontab/backup-rcopy
# ---
# group [samba_server]
# ---
git_samba_repositories:
# script repositories (destination /root/bin/)
- name: samba
repo: https://git.oopen.de/script/samba
dest: /root/bin/samba
# ---
# group [gateway_server]
# ---
git_gateway_repositories:
# install repositories (destination: /usr/local/src/)
# mailsystem
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# firewall
- name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# script repositories (destination /root/bin/)
# Monitoring
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# ==========
# vars used by roles/common/tasks/cups-install.yml
# ==========
apt_install_server_cups:
- cups
apt_install_client_cups:
- cups
- cups-client
- cups-common
- cups-ppdc
- cups-bsd
- cups-filters-ippusbxd
- lsb-printing
- hpijs-ppds
- printer-driver-hpcups
# ==========
# vars used by roles/common/tasks/ntp.yml
# ==========
# name or ip-adress from the (local) ntp server, mostly the gateway
#
ntp_server: {}
# ==========
# vars used by roles/common/tasks/nfs.yml
# ==========
nfs_server: {}
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
#nfs_exports:
# - src: 192.168.112.10:/data/home
# path: /data/home
# mount_opts: users,rsize=8192,wsize=8192,hard,intr
# export_opt: rw,root_squash,sync,subtree_check
# export_networks:
# - 192.168.112.0/24
# - 10.0.112.0/24
# - 10.1.112.0/24
# - 192.168.63.0/24
# use_fsid_option: true
#
nfs_exports: []
# ==========
# vars used by roles/common/tasks/pure-ftpd-install.yml
# ==========
pureftpd_global_config_file: /etc/default/pure-ftpd-common
pureftpd_config_dir: /etc/pure-ftpd
pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf"
pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth"
pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db"
pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt"
pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem
pureftpd_packages:
- pure-ftpd-common
- pure-ftpd
# pure-ftpd-common.j2
pureftpd_global_config_mode: standalone
pureftpd_global_config_virtualchroot: false
pureftpd_global_config_uploadscript: ''
pureftpd_global_config_uploaduid: ''
pureftpd_global_config_uploadgid: ''
pureftpd_config:
AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
AnonymousCantUpload: 'yes'
Bind: ',21'
CustomerProof: 'yes'
DisplayDotFiles: 'yes'
DontResolve: 'yes'
FSCharset: 'UTF-8'
ForcePassiveIP: ''
MaxDiskUsage: '80'
MinUID: '1000'
NoAnonymous: 'yes'
PAMAuthentication: 'no'
PassivePortRange: '50000 50400'
ProhibitDotFilesRead: 'no'
ProhibitDotFilesWrite: 'yes'
PureDB: '/etc/pure-ftpd/pureftpd.pdb'
SyslogFacility: 'ftp'
TLS: '1'
TLSCipherSuite: 'HIGH'
UnixAuthentication: 'no'
#
# Available properties
#
# Available properties
# AllowAnonymousFXP: 'no'
# AllowUserFXP: 'no'
# AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
# AnonymousBandwidth: '8'
# AnonymousCanCreateDirs: 'no'
# AnonymousCantUpload: 'yes'
# AnonymousOnly: 'no'
# AnonymousRatio: '1 10'
# AntiWarez: 'yes'
# AutoRename: 'no'
# Bind: '127.0.0.1,21'
# BrokenClientsCompatibility: 'no'
# CallUploadScript: 'yes'
# ChrootEveryone: 'yes'
# ClientCharset: 'UTF-8'
# CreateHomeDir: 'yes'
# CustomerProof: 'yes'
# Daemonize: 'yes'
# DisplayDotFiles: 'yes'
# DontResolve: 'yes'
# ExtAuth: /var/run/ftpd.sock
# ForcePassiveIP: '192.168.0.1'
# FortunesFile: '/etc/pure-ftpd/cookie'
# FSCharset: 'utf8'
# IPV4Only: 'yes'
# IPV6Only: 'yes'
# KeepAllFiles: 'yes'
# LDAPConfigFile: /etc/pureftpd-ldap.conf
# LimitRecursion: '10000 8'
# LogPID: 'yes'
# MaxClientsNumber: '10'
# MaxClientsPerIP: "{{ ansible_processor_cores }}"
# MaxDiskUsage: '80'
# MaxIdleTime: '15'
# MaxLoad: '4'
# MinUID: '1000'
# MySQLConfigFile: /etc/pure-ftpd/mysql.conf
# NoAnonymous: 'yes'
# NoChmod: 'yes'
# NoRename: 'yes'
# NoTruncate: 'yes'
# PAMAuthentication: 'no'
# PassivePortRange: '30000 50000'
# PerUserLimits: '3 20'
# PGSQLConfigFile: /etc/pureftpd-pgsql.conf
# PIDFile: '/var/run/pure-ftpd.pid'
# ProhibitDotFilesRead: 'yes'
# ProhibitDotFilesWrite: 'yes'
# PureDB: /etc/pure-ftpd/pureftpd.pdb
# Quota: '1000 10'
# SyslogFacility: 'ftp'
# TLS: '0'
# TLSCipherSuite: 'ALL:!aNULL:!SSLv3'
# TrustedIP: '10.1.1.1'
# Umask: '113 002'
# UnixAuthentication: 'no'
# UserBandwidth: '8'
# UserRatio: '1 10'
# VerboseLog: 'no'
pureftpd_auth_puredb: 50
pureftpd_auth_mysql: 0
pureftpd_auth_postgresql: 0
pureftpd_auth_ldap: 0
pureftpd_auth_unix: 65
pureftpd_auth_pam: 70
# Default FTP user/group
pureftpd_virtual_users_group: nobody
pureftpd_virtual_users_user: nogroup
# pureftpd_virtual_users_gid: '65534'
# pureftpd_virtual_users_uid: '65534'
#pureftpd_virtual_users:
#
# Available properties
# - name: vuser1
# password: p4ssW0rd
# homedir: /var/ftp/vuser1
# uid: 2000
# gid: 2000
# quota_files: 2000
# quota_size: 500
# bandwidth_ul: 5
# bandwidth_dl: 5
# ratio_ul: 10
# ratio_dl: 1
pureftpd_virtual_users: []
#pureftpd_virtual_deleted_users:
#
# Available properties
# - name: vuser2
pureftpd_virtual_deleted_users: []
pureftpd_virtual_users_import: false
# pureftpd_tls_certificate_method
#
# possible values:
# - generate
# - certbot - Not YET integrated
# - upload - Not YET integrated
#
pureftpd_tls_certificate_method: 'generate'
# for method 'generate'
#
# # Available properties
#
#pureftpd_tls_certificate_openssl:
# size: 4096
# days: 365
# fqdn: ftp.example.com
# country: 'DE'
# state: 'Berlin'
# locality: 'Berlin'
# organization: 'O.OPEN'
# unit: 'Network services'
#
pureftpd_tls_certificate_openssl: []
# ==========
# vars used by roles/common/tasks/system-user.yml
# ==========
# ! Notice !
#
# On NIS supported Server put your users and groups in the
# appropriate section for playbook 'nis-user.yml'
#
# ! Notice !
remove_system_users: []
#remove_system_users:
# - name: test
# - name: jennifer.prost
system_users: []
#system_users:
# - name: sysadm
# password: '9xFXkdPR_2'
system_groups: []
# ==========
# vars used by roles/common/tasks/nis-install-server.yml
# vars used by roles/common/tasks/nis-user.yml
# vars used by roles/common/tasks/nis-install-client.yml
# ==========
# used by templates
# - yp.conf.j2
# - defaultdomain.j2
#
# example:
# nis_domain: sprachenatelier.netz
#
nis_domain: {}
# also used by template
# - yp.conf.j2
# example:
# nis_server_address: 192.168.92.10
#
nis_server_address: {}
#nis_server_name: file-spr.sprachenatelier.netz
#
nis_server_name: file-mbr.mbr-bln.netz
nis_common_packages:
- nis
- nscd
nis_base_home: /data/home
#nis_groups:
# - name: intern
# group_id: 1100
# - name: buero
# group_id: 1110
# - name: no-backup
# group_id: 1120
#
nis_groups: []
#remove_nis_users:
# - name: test
# - name: jennifer.prost
remove_nis_users: []
#nis_user:
# - anahit
# groups:
# - intern
# - buero
# is_samba_user: true
# password: '150290'
#
# - name: andrea
# groups:
# - intern
# - buero
# - lpadmin
# is_samba_user: true
# password: 'kurse2010'
#
nis_user: []
# ==========
# vars used by roles/common/tasks/samba-install.yml
# vars used by roles/common/tasks/samba-user.yml
# vars used by roles/common/tasks/mount_samba_shares.yml
# ==========
samba_server_ip:
samba_server_cidr_prefix: 24
apt_install_server_samba:
- samba
- nscd
apt_install_client_samba:
- samba-client
- samba-common
# samba_workgroup
#
# example:
# samba_workgroup: MBR
#
samba_workgroup: {}
# samba_netbios_name
#
# example:
# samba_netbios_name: FILE-MBR
#
samba_netbios_name: {}
# samba_server_min_protocol
#
samba_server_min_protocol: {}
samba_groups: []
# samba_user:
# - name: chris
# groups:
# - group1
# - group2
# password: 'H-.T/TvN5S9J'
#
samba_user: []
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
# samba_shares
#
# samba_shares:
# - name: Arbeitsrechtliches
# comment:
# path: /data/shares/Arbeitsrechtliches
# browseable: !!str yes
# read_only: !!str no
# writeable: !!str yes
# guest_ok: !!str no
# file_create_mask: !!str 0660
# dir_create_mask: !!str 2770
# valid_users: '%S'
# group_valid_users: mbr-finanzen
# group_write_list: mbr-finanzen
# vfs_object_recycle: true
# recycle_path: '@Recycle.Bin'
#
samba_shares: []
samba_cronjob_trash_dirs:
name: Clean up Samba Trash Dirs
minute: "02"
hour: "23"
day: "*"
month: "*"
weekday: '*'
user: root
job: "/root/bin/samba/clean_samba_trash.sh"
samba_cronjob_permissions:
name: Set (group and access) Permissons for Samba shares
minute: "14"
hour: "23"
day: "*"
month: "*"
weekday: '*'
user: root
job: "/root/bin/samba/set_permissions_samba_shares.sh"
# ==========
# vars used by roles/common/tasks/samba-user.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - remove_system_users: roles/common/tasks/system-user.yml
# - remove_nis_users: roles/common/tasks/nis-install-server.yml
# - nis_user: roles/common/tasks/nis-install-server.yml
# ==========
# vars used by roles/common/tasks/mount_samba_shares.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - nis_user: roles/common/tasks/nis-install-server.yml
# ==========
# vars used by roles/common/tasks/system-user-systemfiles.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - system_users: roles/common/tasks/system-user.yml
# ==========
# vars used by roles/common/tasks/nis-user-systemfiles.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - nis_user: roles/common/tasks/nis-install-server.yml
# ==========
# vars used by roles/common/tasks/sudoers-pc.yml
# ==========
sudo_pc_users:
- chris
- sysadm
- lokaladmin
# /etc/sudoers
#
sudoers_pc_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_pc_host_aliases: []
sudoers_pc_user_aliases: []
sudoers_pc_cmnd_aliases: []
sudoers_pc_runas_aliases: []
sudoers_pc_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_pc_group_privileges: []
# /etc/sudoers.d/50-user
#
sudoers_pc_file_defaults: []
sudoers_pc_file_host_aliases: []
sudoers_pc_file_user_aliases: []
sudoers_pc_file_cmnd_aliases:
- name: MOUNT
entry: '/bin/mount,/bin/umount'
sudoers_pc_file_runas_aliases: []
# ==========
# vars used by roles/common/tasks/sudoers-server.yml
# ==========
sudo_server_users:
- chris
- sysadm
# /etc/sudoers
#
sudoers_server_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_server_host_aliases: []
sudoers_server_user_aliases: []
sudoers_server_cmnd_aliases: []
sudoers_server_runas_aliases: []
sudoers_server_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_server_group_privileges: []
sudoers_server_remove_user:
- back
- www-data
# /etc/sudoers.d/50-user
#
sudoers_server_file_defaults: []
sudoers_server_file_host_aliases: []
sudoers_server_file_user_aliases: []
sudoers_server_file_cmnd_aliases: []
sudoers_server_file_runas_aliases: []
sudoers_server_file_user_back_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/rsync'
- 'ALL=(root) NOPASSWD: /usr/bin/find'
- 'ALL=(root) NOPASSWD: /usr/bin/realpath'
sudoers_server_file_user_back_disk_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/which'
- 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*'
- 'ALL=(root) NOPASSWD: /sbin/fdisk'
- 'ALL=(root) NOPASSWD: /sbin/sgdisk'
- 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*'
- 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*'
- 'ALL=(root) NOPASSWD: /sbin/parted'
- 'ALL=(root) NOPASSWD: /sbin/gdisk'
# sudoers_server_file_user_privileges
# - name: <name1>
# entry: <sudoer-entry1>
# - name : <name2>
# entry: <sudoer-entry22>
# - ...
#
sudoers_server_file_user_privileges: []
# sudoers_server_file_group_privileges
# - name: <name1>
# entry: <sudoer-entry1>
# - name : <name2>
# entry: <sudoer-entry22>
# - ...
#
sudoers_server_file_group_privileges: []
# ---
# vars used by cron.yml
# ---
cron_env_entries: []
#cron_env_entries:
# - name: PATH
# job: /root/bin/admin-stuff:/root/bin:usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
#
# - name: SHELLforwarding
# job: /bin/bash
cron_user_entries: []
#cron_user_entries:
#
# - name: "Check if Postfix Mailservice is up and running?"
# minute: "*/15"
# job: /root/bin/monitoring/check_postfix.sh
#
# - name: "Check if SSH service is up and running?"
# minute: "*/15"
# job: /root/bin/monitoring/check_ssh.sh
cron_user_special_time_entries: []
#cron_user_special_time_entries:
#
# - name: "Check if Postfix Service is running at boot time"
# special_time: reboot
# job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
# insertafter: PATH
# ==========
# vars used by roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml
# vars used by roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml
# ==========
vnc_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64383239623730396134656439333864323230323435653135636532346132656131336365346262
3566656435646336373037663566376661666136616534320a656239626537633034663137626136
64333161386533616337613538643535386463316664663936333439306364336330326331613437
6136613337313665350a366163313934643834353439346164666464623630613765373432383934
6265
# ==========
# vars used by roles/common/tasks/luks.yml
# ==========
# Note!
#
# Define this vriable client specific in files
# 'host_vars/<client-pc>'
#
luks_device: []
Reference in New Issue View Git Blame Copy Permalink