ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
aba9aa61127b6d152f09a94c10f0f7d9f9137cff
nis/group_vars/all/main.yml
Christoph 8a4da8c615 update..
2025-10-27 23:17:40 +01:00

2064 lines
36 KiB
YAML
Raw Blame History

---
ansible_managed: >
*** ANSIBLE MANAGED FILE - DO NOT EDIT ***
This file was generated by {{ ansible_user_id }} on {{ ansible_date_time.iso8601 }}
ansible_python_interpreter: /usr/bin/python3
# ==========
# vars used by roles/ansible_dependencies
# ==========
apt_ansible_dependencies:
- apt-transport-https
- ca-certificates
- dbus
- lsb-release
- mc
- net-tools
- openssl
- python-apt-common
- python3
- python3-apt
- software-properties-common
- sudo
- vim
- vlan
# software-properties-common no longer available
apt_ansible_dependencies_trixie:
- apt-transport-https
- ca-certificates
- dbus
- lsb-release
- mc
- net-tools
- openssl
- python-apt-common
- python3
- python3-apt
- sudo
- vim
- vlan
# ==========
# vars used by roles/common/tasks/basic.yml
# ==========
time_zone: Europe/Berlin
locales:
- en_US.UTF-8
- de_DE.UTF-8
#copy_plain_files_security_limits: []
copy_plain_files_security_limits:
# /etc/security/limits.d/*.conf
#
- name: 90-user-NOFILE.conf
src_path: etc/security/limits.d/90-user-NOFILE.conf
dest_path: /etc/security/limits.d/90-user-NOFILE.conf
#copy_plain_files_systemd: []
copy_plain_files_systemd:
# /etc/systemd/system.conf.d/*.conf
#
- name: DefaultLimitNOFILE
src_path: etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf
dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf
- name: DefaultTasksMax
src_path: etc/systemd/system.conf.d/20-DefaultTasksMax.conf
dest_path: /etc/systemd/system.conf.d/20-DefaultTasksMax.conf
- name: DefaultLimitCORE
src_path: etc/systemd/system.conf.d/20-DefaultLimitCORE.conf
dest_path: /etc/systemd/system.conf.d/20-DefaultLimitCORE.conf
- name: DefaultLimitNPROC
src_path: etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf
dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf
- name: DefaultLimitRTPRIO
src_path: etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf
dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf
- name: DefaultLimitRTTIME
src_path: etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf
dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf
#copy_plain_files_journald: []
copy_plain_files_journald:
- name: SystemMaxUse
src_path: etc/systemd/journald.conf.d/50-SystemMaxUse.conf
dest_path: /etc/systemd/journald.conf.d/50-SystemMaxUse.conf
- name: SystemMaxFileSize
src_path: etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf
dest_path: /etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf
- name: MaxFileSec
src_path: etc/systemd/journald.conf.d/50-MaxFileSec.conf
dest_path: /etc/systemd/journald.conf.d/50-MaxFileSec.conf
#copy_plain_files_sysctl: []
#set_default_limit_nofile: false
# ==========
# vars used by roles/common/tasks/sshd.yml
# ==========
sshd_ports:
- 22
sshd_listen_address:
- '::'
- '0.0.0.0'
sshd_host_keys:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
sshd_max_startups: !!str "10:30:100"
sshd_max_auth_tries: 6
sshd_max_sessions: 10
# only for debian version <= 9
#
sshd_use_privilege_separation: !!str "sandbox"
sshd_permit_root_login: !!str "prohibit-password"
sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2"
sshd_pubkey_authentication: !!str "yes"
sshd_password_authentication: !!str "yes"
sshd_use_pam: !!str "yes"
#sshd_allowed_users:
# - chris
# - sysadm
sshd_allowed_users: {}
sshd_print_motd: !!str "no"
sshd_use_dns: !!str "no"
sshd_gateway_ports: !!str "no"
# sshd_kexalgorithms
#
# Example:
# sshd_kexalgorithms:
# - curve25519-sha256@libssh.org
# - diffie-hellman-group-exchange-sha256
# - diffie-hellman-group14-sha1
#
#sshd_kexalgorithms: {}
sshd_hostkeyalgorithms:
- ssh-ed25519
- ssh-ed25519-cert-v01@openssh.com
- rsa-sha2-256
- rsa-sha2-512
- rsa-sha2-256-cert-v01@openssh.com
- rsa-sha2-512-cert-v01@openssh.com
# sshd_kexalgorithms
#
# Example:
# sshd_ciphers:
# - chacha20-poly1305@openssh.com
# - aes256-gcm@openssh.com
# - aes256-ctr
#sshd_ciphers: {}
sshd_ciphers:
- chacha20-poly1305@openssh.com
- aes256-gcm@openssh.com
- aes128-gcm@openssh.com
- aes256-ctr
- aes192-ctr
- aes128-ctr
#sshd_macs: {}
sshd_macs:
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512-etm@openssh.com
- umac-128-etm@openssh.com
# ==========
# vars used by roles/common/tasks/apt.yml
# ==========
apt_manage_sources_list: true
apt_src_enable: false
apt_backports_enable: true
apt_debian_mirror: http://ftp.de.debian.org/debian/
apt_debian_contrib_nonfree_enable: true
# Ubuntu mirror
apt_ubuntu_mirror: http://archive.ubuntu.com/ubuntu
apt_update_cache_valid_time: 3600
apt_upgrade: true
apt_update: true
apt_clean: true
apt_autoremove: true
apt_dpkg_configure: true
apt_upgrade_type: dist
apt_upgrade_dpkg_options:
- force-confdef
- force-confold
apt_initial_install_stretch:
- apt-transport-https
- cryptsetup
- dbus
- openssh-server
- rssh
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- exuberant-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- realpath
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.24
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man-db
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- wakeonlan
apt_initial_install_buster:
- apt-transport-https
- cryptsetup
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.28
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- wakeonlan
apt_initial_install_bullseye:
- apt-transport-https
- cryptsetup
- gnupg
- gpgv
- deborphan
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- cron
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.32
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline-dev
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- zsh
- lua5.4
- btrfs-progs
- fdisk
apt_initial_install_bookworm:
- cryptsetup
- gnupg
- gpgv
- deborphan
- zstd
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- cron
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.36
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline-dev
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- zsh
- lua5.4
- btrfs-progs
- fdisk
# mime-support no longer exists
# rcconf no longer exists
apt_initial_install_trixie:
- acl
- aptitude
- apt-utils
- arj
- arp-scan
- attr
- bash
- bash-completion
- bc
- bridge-utils
- btrfs-progs
- bzip2
- coreutils
- cron
- cryptsetup
- curl
- dbus
- debian-keyring
- dnsutils
- dselect
- ethtool
- fdisk
- figlet
- file
- freeipmi-tools
- ftp
- gawk
- gdisk
- gettext
- gettext-base
- gettext-doc
- git
- groff
- groff
- haveged
- hdparm
- htop
- iperf
- ipmitool
- iproute2
- iptables
- iptraf
- iputils-ping
- less
- libio-compress-perl
- libmail-imapclient-perl
- libpcre2-8-0
- libpcre2-16-0
- libpcre2-32-0
- libperl-dev
- libreadline-dev
- librecode3
- librecode-dev
- libterm-readkey-perl
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libtimedate-perl
- libtime-duration-perl
- libwww-perl
- links
- locate
- logrotate
- lsb-release
- lshw
- lsof
- lua5.4
- lynx
- man
- mawk
- mc
- moreutils
- mtr
- needrestart
- net-tools
- ntpsec-ntpdate
- openssh-server
- parted
- patch
- patchutils
- perl
- perl-doc
- perl-modules
- psmisc
- quota
- quotatool
- rblcheck
- rdate
- re2c
- recode
- recode-doc
- rsync
- rsyslog
- rush
- screen
- sharutils
- shellcheck
- sipcalc
- smartmontools
- socat
- ssl-cert
- ssl-cert-check
- sudo
- tcpdump
- tmux
- unhide
- universal-ctags
- unzip
- util-linux
- vim
- vim-common
- vim-doc
- vlan
- w3m
- wget
- whois
- wipe
- wipe
- zip
- zsh
apt_initial_install_xenial:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.22
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- ifupdown
- socat
apt_initial_install_noble:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- exuberant-ctags
- universal-ctags
- media-types
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline8
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- ifupdown
- socat
- ubuntu-advantage-tools
apt_initial_install_jammy:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- exuberant-ctags
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- ifupdown
- socat
microcode_intel_package:
- intel-microcode
microcode_amd_package:
- amd64-microcode
firmware_packages_ubuntu:
- linux-firmware
firmware_packages_debian:
- firmware-linux
firmware_non_free_packages_debian:
- firmware-linux-nonfree
apt_install_state: latest
apt_remove:
- apt-transport-tor
- tor
- tor-geoipdb
- torsocks
apt_remove_xenial: []
apt_remove_bionic: []
apt_remove_jammy: []
apt_remove_noble: []
apt_remove_purge: false
# ---
# vars used by roles/common/tasks/default-users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server: []
insert_keypair_backup_client: false
ssh_keypair_backup_client: []
insert_root_ssh_keypair: false
root_ssh_keypair: []
default_user:
- name: chris
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$4wy4SwNtfaPdASKLmvq6J0$fjW80fwULnVppLCZpzs1XC5fOi2SB34g3QC6XsE8I/A
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
home: /home/localadmin
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
extra_user: []
extra_system_user: []
create_sftp_group: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: false
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
resolved_nameserver:
- 195.10.195.195
- 1.1.1.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ==========
# vars used by roles/common/tasks/git.yml
# ==========
# ---
# default
# ---
git_default_repositories:
# script repositories (destination /root/bin/)
- name: admin-stuff
repo: https://git.oopen.de/script/admin-stuff
dest: /root/bin/admin-stuff
# ---
# group [file_server]
# ---
git_oopen_server_repositories:
# install repositories (destination: /usr/local/src/)
# mailsystem
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# script repositories (destination /root/bin/)
# Monitoring
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# script repositories (destination /root/bin/)
- name: backup-rcopy
repo: https://git.oopen.de/backup/backup-rcopy
dest: /root/crontab/backup-rcopy
# ---
# group [samba_server]
# ---
git_samba_repositories:
# script repositories (destination /root/bin/)
- name: samba
repo: https://git.oopen.de/script/samba
dest: /root/bin/samba
# ---
# group [gateway_server]
# ---
git_gateway_repositories:
# install repositories (destination: /usr/local/src/)
# mailsystem
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# firewall
- name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# script repositories (destination /root/bin/)
# Monitoring
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# ==========
# vars used by roles/common/tasks/cups-install.yml
# ==========
apt_install_server_cups:
- cups
apt_install_client_cups:
- cups
- cups-client
- cups-common
- cups-ppdc
- cups-bsd
- cups-filters-ippusbxd
- lsb-printing
- hpijs-ppds
- printer-driver-hpcups
# ==========
# vars used by roles/common/tasks/ntp.yml
# ==========
# name or ip-adress from the (local) ntp server, mostly the gateway
#
ntp_server: {}
# ==========
# vars used by roles/common/tasks/nfs.yml
# ==========
nfs_server: {}
nfs_start_servers: 16
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
#nfs_exports:
# - src: 192.168.112.10:/data/home
# path: /data/home
# mount_opts: users,rsize=8192,wsize=8192,hard,intr
# export_opt: rw,root_squash,sync,subtree_check
# export_networks:
# - 192.168.112.0/24
# - 10.0.112.0/24
# - 10.1.112.0/24
# - 192.168.63.0/24
# use_fsid_option: true
#
nfs_exports: []
# ==========
# vars used by roles/common/tasks/pure-ftpd-install.yml
# ==========
pureftpd_global_config_file: /etc/default/pure-ftpd-common
pureftpd_config_dir: /etc/pure-ftpd
pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf"
pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth"
pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db"
pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt"
pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem
pureftpd_packages:
- pure-ftpd-common
- pure-ftpd
# pure-ftpd-common.j2
pureftpd_global_config_mode: standalone
pureftpd_global_config_virtualchroot: false
pureftpd_global_config_uploadscript: ''
pureftpd_global_config_uploaduid: ''
pureftpd_global_config_uploadgid: ''
pureftpd_config:
AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
AnonymousCantUpload: 'yes'
Bind: ',21'
CustomerProof: 'yes'
DisplayDotFiles: 'yes'
DontResolve: 'yes'
FSCharset: 'UTF-8'
ForcePassiveIP: ''
MaxDiskUsage: '80'
MinUID: '1000'
NoAnonymous: 'yes'
PAMAuthentication: 'no'
PassivePortRange: '50000 50400'
ProhibitDotFilesRead: 'no'
ProhibitDotFilesWrite: 'yes'
PureDB: '/etc/pure-ftpd/pureftpd.pdb'
SyslogFacility: 'ftp'
TLS: '1'
TLSCipherSuite: 'HIGH'
UnixAuthentication: 'no'
#
# Available properties
#
# Available properties
# AllowAnonymousFXP: 'no'
# AllowUserFXP: 'no'
# AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
# AnonymousBandwidth: '8'
# AnonymousCanCreateDirs: 'no'
# AnonymousCantUpload: 'yes'
# AnonymousOnly: 'no'
# AnonymousRatio: '1 10'
# AntiWarez: 'yes'
# AutoRename: 'no'
# Bind: '127.0.0.1,21'
# BrokenClientsCompatibility: 'no'
# CallUploadScript: 'yes'
# ChrootEveryone: 'yes'
# ClientCharset: 'UTF-8'
# CreateHomeDir: 'yes'
# CustomerProof: 'yes'
# Daemonize: 'yes'
# DisplayDotFiles: 'yes'
# DontResolve: 'yes'
# ExtAuth: /var/run/ftpd.sock
# ForcePassiveIP: '192.168.0.1'
# FortunesFile: '/etc/pure-ftpd/cookie'
# FSCharset: 'utf8'
# IPV4Only: 'yes'
# IPV6Only: 'yes'
# KeepAllFiles: 'yes'
# LDAPConfigFile: /etc/pureftpd-ldap.conf
# LimitRecursion: '10000 8'
# LogPID: 'yes'
# MaxClientsNumber: '10'
# MaxClientsPerIP: "{{ ansible_processor_cores }}"
# MaxDiskUsage: '80'
# MaxIdleTime: '15'
# MaxLoad: '4'
# MinUID: '1000'
# MySQLConfigFile: /etc/pure-ftpd/mysql.conf
# NoAnonymous: 'yes'
# NoChmod: 'yes'
# NoRename: 'yes'
# NoTruncate: 'yes'
# PAMAuthentication: 'no'
# PassivePortRange: '30000 50000'
# PerUserLimits: '3 20'
# PGSQLConfigFile: /etc/pureftpd-pgsql.conf
# PIDFile: '/var/run/pure-ftpd.pid'
# ProhibitDotFilesRead: 'yes'
# ProhibitDotFilesWrite: 'yes'
# PureDB: /etc/pure-ftpd/pureftpd.pdb
# Quota: '1000 10'
# SyslogFacility: 'ftp'
# TLS: '0'
# TLSCipherSuite: 'ALL:!aNULL:!SSLv3'
# TrustedIP: '10.1.1.1'
# Umask: '113 002'
# UnixAuthentication: 'no'
# UserBandwidth: '8'
# UserRatio: '1 10'
# VerboseLog: 'no'
pureftpd_auth_puredb: 50
pureftpd_auth_mysql: 0
pureftpd_auth_postgresql: 0
pureftpd_auth_ldap: 0
pureftpd_auth_unix: 65
pureftpd_auth_pam: 70
# Default FTP user/group
pureftpd_virtual_users_group: nobody
pureftpd_virtual_users_user: nogroup
# pureftpd_virtual_users_gid: '65534'
# pureftpd_virtual_users_uid: '65534'
#pureftpd_virtual_users:
#
# Available properties
# - name: vuser1
# password: p4ssW0rd
# homedir: /var/ftp/vuser1
# uid: 2000
# gid: 2000
# quota_files: 2000
# quota_size: 500
# bandwidth_ul: 5
# bandwidth_dl: 5
# ratio_ul: 10
# ratio_dl: 1
pureftpd_virtual_users: []
#pureftpd_virtual_deleted_users:
#
# Available properties
# - name: vuser2
pureftpd_virtual_deleted_users: []
pureftpd_virtual_users_import: false
# pureftpd_tls_certificate_method
#
# possible values:
# - generate
# - certbot - Not YET integrated
# - upload - Not YET integrated
#
pureftpd_tls_certificate_method: 'generate'
# for method 'generate'
#
# # Available properties
#
#pureftpd_tls_certificate_openssl:
# size: 4096
# days: 365
# fqdn: ftp.example.com
# country: 'DE'
# state: 'Berlin'
# locality: 'Berlin'
# organization: 'O.OPEN'
# unit: 'Network services'
#
pureftpd_tls_certificate_openssl: []
# ==========
# vars used by roles/common/tasks/system-user.yml
# ==========
# ! Notice !
#
# On NIS supported Server put your users and groups in the
# appropriate section for playbook 'nis-user.yml'
#
# ! Notice !
remove_system_users: []
#remove_system_users:
# - name: test
# - name: jennifer.prost
system_users: []
#system_users:
# - name: sysadm
# password: '9xFXkdPR_2'
system_groups: []
# ==========
# vars used by roles/common/tasks/nis-install-server.yml
# vars used by roles/common/tasks/nis-user.yml
# vars used by roles/common/tasks/nis-install-client.yml
# ==========
# used by templates
# - yp.conf.j2
# - defaultdomain.j2
#
# example:
# nis_domain: sprachenatelier.netz
#
nis_domain: {}
# also used by template
# - yp.conf.j2
# example:
# nis_server_address: 192.168.92.10
#
nis_server_address: {}
#nis_server_name: file-spr.sprachenatelier.netz
#
nis_server_name: file-mbr.mbr-bln.netz
nis_common_packages:
- nis
- nscd
nis_base_home: /data/home
#nis_groups:
# - name: intern
# group_id: 1100
# - name: buero
# group_id: 1110
# - name: no-backup
# group_id: 1120
#
nis_groups: []
#remove_nis_users:
# - name: test
# - name: jennifer.prost
remove_nis_users: []
#nis_user:
# - anahit
# groups:
# - intern
# - buero
# is_samba_user: true
# password: '150290'
#
# - name: andrea
# groups:
# - intern
# - buero
# - lpadmin
# is_samba_user: true
# password: 'kurse2010'
#
nis_user: []
# ==========
# vars used by roles/common/tasks/samba-install.yml
# vars used by roles/common/tasks/samba-user.yml
# vars used by roles/common/tasks/mount_samba_shares.yml
# ==========
samba_server_ip:
samba_server_cidr_prefix: 24
apt_install_server_samba:
- samba
- nscd
apt_install_client_samba:
- samba-client
- samba-common
# samba_workgroup
#
# example:
# samba_workgroup: MBR
#
samba_workgroup: {}
# samba_netbios_name
#
# example:
# samba_netbios_name: FILE-MBR
#
samba_netbios_name: {}
# samba_server_min_protocol
#
samba_server_min_protocol: {}
# samba_allow_insecure_wide_links
#
samba_allow_insecure_wide_links: !!str no
samba_groups: []
# samba_user:
# - name: chris
# groups:
# - group1
# - group2
# password: 'H-.T/TvN5S9J'
#
samba_user: []
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
# samba_shares
#
# samba_shares:
# - name: Arbeitsrechtliches
# comment:
# path: /data/shares/Arbeitsrechtliches
# browseable: !!str yes
# read_only: !!str no
# writeable: !!str yes
# guest_ok: !!str no
# file_create_mask: !!str 0660
# dir_create_mask: !!str 2770
# valid_users: '%S'
# group_valid_users: mbr-finanzen
# group_write_list: mbr-finanzen
# vfs_object_recycle: true
# recycle_path: '@Recycle.Bin'
# vfs_object_recycle_is_visible: false
#
samba_shares: []
samba_cronjob_trash_dirs:
name: Clean up Samba Trash Dirs
minute: "02"
hour: "23"
day: "*"
month: "*"
weekday: '*'
user: root
job: "/root/bin/samba/clean_samba_trash.sh"
samba_cronjob_permissions:
name: Set (group and access) Permissons for Samba shares
minute: "14"
hour: "23"
day: "*"
month: "*"
weekday: '*'
user: root
job: "/root/bin/samba/set_permissions_samba_shares.sh"
# ==========
# vars used by roles/common/tasks/samba-user.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - remove_system_users: roles/common/tasks/system-user.yml
# - remove_nis_users: roles/common/tasks/nis-install-server.yml
# - nis_user: roles/common/tasks/nis-install-server.yml
# ==========
# vars used by roles/common/tasks/mount_samba_shares.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - nis_user: roles/common/tasks/nis-install-server.yml
# ==========
# vars used by roles/common/tasks/system-user-systemfiles.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - system_users: roles/common/tasks/system-user.yml
# ==========
# vars used by roles/common/tasks/nis-user-systemfiles.yml
# ==========
# ! Notice !
#
# variables used from other previos sections:
#
# - nis_user: roles/common/tasks/nis-install-server.yml
# ==========
# vars used by roles/common/tasks/sudoers-pc.yml
# ==========
sudo_pc_users:
- chris
- sysadm
- lokaladmin
# /etc/sudoers
#
sudoers_pc_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_pc_host_aliases: []
sudoers_pc_user_aliases: []
sudoers_pc_cmnd_aliases: []
sudoers_pc_runas_aliases: []
sudoers_pc_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_pc_group_privileges: []
# /etc/sudoers.d/50-user
#
sudoers_pc_file_defaults: []
sudoers_pc_file_host_aliases: []
sudoers_pc_file_user_aliases: []
sudoers_pc_file_cmnd_aliases:
- name: MOUNT
entry: '/bin/mount,/bin/umount'
sudoers_pc_file_runas_aliases: []
# ==========
# vars used by roles/common/tasks/sudoers-server.yml
# ==========
sudo_server_users:
- chris
- sysadm
- localadmin
# /etc/sudoers
#
sudoers_server_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_server_host_aliases: []
sudoers_server_user_aliases: []
sudoers_server_cmnd_aliases: []
sudoers_server_runas_aliases: []
sudoers_server_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_server_group_privileges: []
sudoers_server_remove_user:
- back
- www-data
# /etc/sudoers.d/50-user
#
sudoers_server_file_defaults: []
sudoers_server_file_host_aliases: []
sudoers_server_file_user_aliases: []
sudoers_server_file_cmnd_aliases: []
sudoers_server_file_runas_aliases: []
sudoers_server_file_user_back_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/rsync'
- 'ALL=(root) NOPASSWD: /usr/bin/find'
- 'ALL=(root) NOPASSWD: /usr/bin/realpath'
sudoers_server_file_user_back_disk_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/which'
- 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*'
- 'ALL=(root) NOPASSWD: /sbin/fdisk'
- 'ALL=(root) NOPASSWD: /sbin/sgdisk'
- 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*'
- 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*'
- 'ALL=(root) NOPASSWD: /sbin/parted'
- 'ALL=(root) NOPASSWD: /sbin/gdisk'
# sudoers_server_file_user_privileges
# - name: <name1>
# entry: <sudoer-entry1>
# - name : <name2>
# entry: <sudoer-entry22>
# - ...
#
sudoers_server_file_user_privileges: []
# sudoers_server_file_group_privileges
# - name: <name1>
# entry: <sudoer-entry1>
# - name : <name2>
# entry: <sudoer-entry22>
# - ...
#
sudoers_server_file_group_privileges: []
# ---
# vars used by cron.yml
# ---
cron_env_entries: []
#cron_env_entries:
# - name: PATH
# job: /root/bin/admin-stuff:/root/bin:usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
#
# - name: SHELLforwarding
# job: /bin/bash
cron_user_entries: []
#cron_user_entries:
#
# - name: "Check if Postfix Mailservice is up and running?"
# minute: "*/15"
# job: /root/bin/monitoring/check_postfix.sh
#
# - name: "Check if SSH service is up and running?"
# minute: "*/15"
# job: /root/bin/monitoring/check_ssh.sh
cron_user_special_time_entries: []
#cron_user_special_time_entries:
#
# - name: "Check if Postfix Service is running at boot time"
# special_time: reboot
# job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
# insertafter: PATH
# ==========
# vars used by roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml
# vars used by roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml
# ==========
vnc_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64383239623730396134656439333864323230323435653135636532346132656131336365346262
3566656435646336373037663566376661666136616534320a656239626537633034663137626136
64333161386533616337613538643535386463316664663936333439306364336330326331613437
6136613337313665350a366163313934643834353439346164666464623630613765373432383934
6265
# ==========
# vars used by roles/common/tasks/luks.yml
# ==========
# Note!
#
# Define this vriable client specific in files
# 'host_vars/<client-pc>'
#
luks_device: []
Reference in New Issue View Git Blame Copy Permalink