From 04c420458c025b903e0c158340d8f9299e1c785b Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 11 Feb 2024 14:49:37 +0100 Subject: [PATCH] update.. --- group_vars/all/main.yml | 32 +---- host_vars/10.221.11.11.yml | 198 ++++++++++++++++++++++++++ host_vars/file-blkr-neu.blkr.netz.yml | 2 +- host_vars/file-ebs.ebs.netz.yml | 8 +- host_vars/ga-st-kvm5.ga.netz.yml | 1 - hosts | 4 + 6 files changed, 217 insertions(+), 28 deletions(-) create mode 100644 host_vars/10.221.11.11.yml diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 10b41d6..9d12c14 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1526,9 +1526,11 @@ apt_kvm_host_pkgs: - lvm2 - bridge-utils - ntfs-3g + - qemu-system - qemu-kvm - libvirt-clients - libvirt-daemon-system + - libosinfo-bin - virtinst - libguestfs-tools - kpartx @@ -2299,6 +2301,11 @@ git_default_repositories: repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem + # Monitoring + - name: monitoring + repo: https://git.oopen.de/script/monitoring + dest: /root/bin/monitoring + # --- # group [oopen_server] # --- @@ -2323,11 +2330,6 @@ git_warenform_server_repositories: # group [lxc_host] # --- git_lxc_host_repositories: - - # Monitoring - - name: monitoring - repo: https://git.oopen.de/script/monitoring - dest: /root/bin/monitoring # LXC - name: LXC @@ -2344,11 +2346,6 @@ git_lxc_guest_repositories: repo: https://git.oopen.de/certificates/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron - # Monitoring - - name: monitoring - repo: https://git.oopen.de/script/monitoring - dest: /root/bin/monitoring - # --- # group [gateway_server] # --- @@ -2366,12 +2363,6 @@ git_gateway_repositories: repo: https://git.oopen.de/firewall/ipt-gateway dest: /usr/local/src/ipt-gateway - # script repositories (destination /root/bin/) - # Monitoring - - name: monitoring - repo: https://git.oopen.de/script/monitoring - dest: /root/bin/monitoring - - name: manage-gw-config repo: https://git.oopen.de/script/manage-gw-config dest: /root/bin/manage-gw-config @@ -2386,11 +2377,6 @@ git_apache2_repositories: repo: https://git.oopen.de/script/apache2 dest: /root/bin/apache2 - # Monitoring - - name: monitoring - repo: https://git.oopen.de/script/monitoring - dest: /root/bin/monitoring - # install repositories (destination: /usr/local/src/) - name: apache2 repo: https://git.oopen.de/install/apache2 @@ -2509,10 +2495,6 @@ git_mailserver_repositories: repo: https://git.oopen.de/script/postfix dest: /root/bin/postfix - - name: monitoring - repo: https://git.oopen.de/script/monitoring - dest: /root/bin/monitoring - # install repositories (destination: /usr/local/src/) - name: apache2 repo: https://git.oopen.de/install/apache2 diff --git a/host_vars/10.221.11.11.yml b/host_vars/10.221.11.11.yml new file mode 100644 index 0000000..0e69b5e --- /dev/null +++ b/host_vars/10.221.11.11.yml @@ -0,0 +1,198 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 192.168.10.1 + - 192.168.10.3 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - ga.netz + - ga.intra + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 192.168.11.1 + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: wadmin + password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' + + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + +sudo_users: + - chris + - sysadm + - wadmin + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +# --- +# vars used by roles/common/tasks/copy_files.yml +# --- + + +# --- +# vars used by roles/common/tasks/symlink_files.yml +# --- + + +# --- +# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml +# --- + + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: {} diff --git a/host_vars/file-blkr-neu.blkr.netz.yml b/host_vars/file-blkr-neu.blkr.netz.yml index 3afa9d1..4eea09f 100644 --- a/host_vars/file-blkr-neu.blkr.netz.yml +++ b/host_vars/file-blkr-neu.blkr.netz.yml @@ -354,7 +354,7 @@ samba_user: - buero password: 'bhNC.P5eTy-2' -base_home: /home +base_home: /data/home # remove_samba_users: # - name: name1 diff --git a/host_vars/file-ebs.ebs.netz.yml b/host_vars/file-ebs.ebs.netz.yml index 077cb3e..70f680c 100644 --- a/host_vars/file-ebs.ebs.netz.yml +++ b/host_vars/file-ebs.ebs.netz.yml @@ -32,7 +32,6 @@ network_interfaces: family: inet method: static - hwaddress: 3c:ec:ef:96:ab:f6 description: address: 192.168.182.10 netmask: 24 @@ -97,6 +96,13 @@ network_interfaces: # vars used by roles/common/tasks/apt.yml # --- +apt_install_extra_pkgs: + - lvm2 + - kpartx + - ntfs-3g + - swtpm + - swtpm-tools + # --- # vars used by roles/common/tasks/systemd-resolved.yml diff --git a/host_vars/ga-st-kvm5.ga.netz.yml b/host_vars/ga-st-kvm5.ga.netz.yml index f8fc138..cbd6ea1 100644 --- a/host_vars/ga-st-kvm5.ga.netz.yml +++ b/host_vars/ga-st-kvm5.ga.netz.yml @@ -18,7 +18,6 @@ network_interface_required_packages: - ifmetric - ifupdown - ifenslave - - resolvconf network_interfaces: diff --git a/hosts b/hosts index 9e85306..124620b 100644 --- a/hosts +++ b/hosts @@ -79,6 +79,7 @@ ga-st-mail.ga.netz ga-st-kvm1.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz +10.221.11.11 server18.warenform.de piwik.warenform.de @@ -506,6 +507,7 @@ ga-al-ws1.ga.netz ga-st-kvm1.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz +10.221.11.11 # --- @@ -1277,6 +1279,7 @@ meet.akweb.de ga-st-kvm1.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz +10.221.11.11 [lxc_host] @@ -1791,6 +1794,7 @@ ga-st-mail.ga.netz ga-st-kvm1.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz +10.221.11.11 [o13_server]