From 01f489e90dc2cad10db325d2d260f65fc662666b Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 20 Feb 2022 01:43:00 +0100 Subject: [PATCH] update.. --- host_vars/bbb-server.b3-bornim.netz.yml | 371 ++++++++++++++++++ roles/common/tasks/samba-config-server.yml | 2 +- roles/common/templates/etc/samba/smb.conf.j2 | 2 +- .../conf/set_permissions_samba_shares.conf.j2 | 4 +- 4 files changed, 376 insertions(+), 3 deletions(-) create mode 100644 host_vars/bbb-server.b3-bornim.netz.yml diff --git a/host_vars/bbb-server.b3-bornim.netz.yml b/host_vars/bbb-server.b3-bornim.netz.yml new file mode 100644 index 0000000..e061a47 --- /dev/null +++ b/host_vars/bbb-server.b3-bornim.netz.yml @@ -0,0 +1,371 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + - resolvconf + + +network_interfaces: + + - device: eth0 + # use only once per device (for the first device entry) + headline: eth0 - The primary network interface + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + description: + address: 192.168.42.10 + netmask: 24 + gateway: 192.168.42.254 + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + nameservers: + - 192.168.42.1 + search: b3-bornim.netz + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 10 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + + +# --- +# vars used by roles/common/tasks/samba-config-server.yml +# vars used by roles/common/tasks/samba-user.yml +# --- + +samba_workgroup: B3-BORNIM + +samba_netbios_name: BBB-SERVER + +samba_groups: + - name: buero + group_id: 1100 + - name: team + group_id: 1110 + - name: fnr + group_id: 1120 + - name: gs + group_id: 1130 + - name: gf + group_id: 1140 + - name: praktikant + group_id: 1150 + + +samba_user: + + - name: caroline + groups: + - praktikant + password: '19-caro_20-line%' + + - name: chris + groups: + - buero + - team + - fnr + - gs + - gf + - praktikant + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + - name: christian + groups: + - buero + - team + - fnr + - praktikant + password: '17-chris_tian%20' + + - name: christiane + groups: + - buero + - team + - fnr + - praktikant + password: '18-chris_tiane%20!' + + - name: ingo + groups: + - buero + - team + - fnr + - praktikant + password: '20ib11' + + - name: janin + groups: + - buero + - team + - fnr + - praktikant + password: '20_janin-17%' + + - name: matthias + groups: + - buero + - team + - fnr + - gs + - gf + - praktikant + password: 'bornim' + + - name: prakti + groups: + - buero + - team + - fnr + - praktikant + password: 'pr2011' + + - name: susi + groups: + - buero + - team + - fnr + - gf + - praktikant + password: '21susi21' + # password system: 1.Larsi2 + # password samba: 21susi21 + +base_home: /home + +# remove_samba_users: +# - name: name1 +# - name: name2 +# +remove_samba_users: [] + +samba_shares: + + - name: bhoch3-verzeichnis + comment: bhoch3 - READONLY + path: /home/bhoch3 + read_only: !!str yes + browsable: !!str yes + guest_ok: !!str no + writeable: !!str no + group_valid_users: buero + vfs_object_recycle: false + + - name: bhoch3 + path: /data/samba/share/bhoch3 + group_valid_users: buero + group_write_list: buero + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: team + path: '/data/samba/share/team' + group_valid_users: 'team' + group_write_list: 'team' + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: team-praktikant + path: '/data/samba/share/team-praktikant' + group_valid_users: 'praktikant' + group_write_list: 'praktikant' + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: fnr-projekt + comment: FNR Projekt + path: /data/samba/share/fnr-projekt + group_valid_users: fnr + group_write_list: fnr + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: buero + path: /data/samba/share/buero + group_valid_users: buero + group_write_list: buero + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: gs + comment: Gesellschafter + path: /data/samba/share/gesellschafter + group_valid_users: gs + group_write_list: gs + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: gf + comment: Geschäftsführer + path: /data/samba/share/geschaeftsfuehrer + group_valid_users: gf + group_write_list: gf + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: private_mp + comment: Matthias - privat + path: /data/samba/share-not-backuped/private_mp + group_valid_users: matthias + group_write_list: matthias + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/roles/common/tasks/samba-config-server.yml b/roles/common/tasks/samba-config-server.yml index 0fa32a3..5ef4d71 100644 --- a/roles/common/tasks/samba-config-server.yml +++ b/roles/common/tasks/samba-config-server.yml @@ -11,7 +11,7 @@ group: "{{ item.group_write_list | default('root', true) }}" mode: '2770' state: directory - recurse: yes + recurse: no with_items: "{{ samba_shares }}" loop_control: label: '{{ item.name }}' diff --git a/roles/common/templates/etc/samba/smb.conf.j2 b/roles/common/templates/etc/samba/smb.conf.j2 index f83f7f1..5cc82ae 100644 --- a/roles/common/templates/etc/samba/smb.conf.j2 +++ b/roles/common/templates/etc/samba/smb.conf.j2 @@ -321,7 +321,7 @@ {% else %} read only = no {% endif %} -{% if item.writeable is defined and item.writeable |length > 0 %} +{% if item.writeable is defined and item.writeable|length > 0 %} writeable = {{ item.writeable }} {% else %} writeable = yes diff --git a/roles/common/templates/root/bin/samba/conf/set_permissions_samba_shares.conf.j2 b/roles/common/templates/root/bin/samba/conf/set_permissions_samba_shares.conf.j2 index 92b0dc1..a7909c9 100644 --- a/roles/common/templates/root/bin/samba/conf/set_permissions_samba_shares.conf.j2 +++ b/roles/common/templates/root/bin/samba/conf/set_permissions_samba_shares.conf.j2 @@ -27,7 +27,9 @@ {% if count.samba_shares > 0 %} dir_permissions=" {% for item in samba_shares | default([]) %} -{% if 'backup' not in item.path %} +{% if item.file_create_mask is defined and item.file_create_mask|length > 0 + and item.dir_create_mask is defined and item.dir_create_mask|length > 0 + and item.group_write_list is defined and item.group_write_list|length > 0 %} {{ item.path }}:{{ item.group_write_list | default('root', true) }}:{{ item.file_create_mask|string | default('660', true) }}:{{ item.dir_create_mask | default('2770', true) }}; {% endif %} {% endfor %}