update ..

group_vars/all/main.yml

@@ -1077,6 +1077,7 @@ sshd_gateway_ports: !!str "no"
 #      - diffie-hellman-group14-sha1
 #
 #sshd_kexalgorithms: {}
+
 sshd_hostkeyalgorithms:
   - ssh-ed25519
   - ssh-ed25519-cert-v01@openssh.com
@@ -1818,7 +1819,7 @@ samba_netbios_name:
 
 # samba_server_min_protocol
 #
-samba_server_min_protocol:
+samba_server_min_protocol: []
 
 samba_groups: []
 

host_vars/file-ah.kanzlei-kiel.netz.yml

@@ -135,17 +135,6 @@ default_user:
       - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
       - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
-
   - name: back
     user_id: 1060
     group_id: 1060

host_vars/file-ebs.ebs.netz.yml

@@ -219,15 +219,35 @@ samba_netbios_name: FILE-EBS
 
 samba_groups:
 
+  - name: admin
+    group_id: 1100
+
   - name: alle
     group_id: 1110
 
+  - name: akten
+    group_id: 1120
+
+  - name: archiv
+    group_id: 1130
+
+  - name: kanzlei
+    group_id: 1140
+
+  - name: recherche
+    group_id: 1150
+
 
 samba_user:
 
   - name: chris
     groups:
+      - admin
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           63643330373231636537366333326630333265303265653933613835656262323863363038653234
@@ -238,37 +258,66 @@ samba_user:
 
   - name: sysadm
     groups:
+      - admin
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: 'IrcR3uo-QJ.5'
 
   - name: buero
     groups:
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: 'buero-ebs/2022.%'
 
   - name: axel
     groups:
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: 'ah-ebs.2022-!'
 
   - name: bjoern
     groups:
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: 'be-ebs-2022/%'
 
   - name: christoph
     groups:
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: 'ck-ebs-2022.%'
 
   - name: kristin
     groups:
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: 'kp-ebs.2022_%'
 
   - name: maik
     groups:
       - alle
+      - akten
+      - archiv
+      - kanzlei
+      - recherche
     password: 'me-ebs_2022.!'
 
 
@@ -291,6 +340,57 @@ samba_shares:
     file_create_mask: !!str 660
     dir_create_mask: !!str 2770
     vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
+
+  - name: Akten
+    comment: Akten auf Fileserver
+    path: /data/samba/Akten
+    group_valid_users: akten
+    group_write_list: akten
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
+
+  - name: Archiv
+    comment: Archiv auf Fileserver
+    path: /data/samba/Archiv
+    group_valid_users: archiv
+    group_write_list: archiv
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
+
+  - name: Kanzlei
+    comment: Kanzlei auf Fileserver
+    path: /data/samba/Kanzlei
+    group_valid_users: kanzlei
+    group_write_list: kanzlei
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
+
+  - name: Recherche
+    comment: Recherche auf Fileserver
+    path: /data/samba/Recherche
+    group_valid_users: recherche
+    group_write_list: recherche
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
+
+  - name: Install
+    comment: Install auf Fileserver
+    path: /data/samba/Install
+    group_valid_users: admin
+    group_write_list: admin
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
 
 
 

host_vars/gw-123.oopen.de.yml

@@ -26,6 +26,15 @@ copy_additional_plain_files_sysctl:
 # vars used by roles/common/tasks/sshd.yml
 # ---
 
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - ecdsa-sha2-nistp256
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
+
 
 # ---
 # vars used by roles/common/tasks/apt.yml

host_vars/gw-ah.oopen.de.yml

@@ -21,6 +21,15 @@
 
 sshd_permit_root_login: !!str "prohibit-password"
 
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - ecdsa-sha2-nistp256
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
+
 
 # ---
 # vars used by roles/common/tasks/apt.yml

host_vars/gw-ckubu.local.netz.yml

@@ -19,6 +19,13 @@
 # vars used by roles/common/tasks/sshd.yml
 # ---
 
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
 
 # ---
 # vars used by roles/common/tasks/apt.yml

host_vars/gw-ebs.oopen.de.yml

@@ -19,6 +19,15 @@
 # vars used by roles/common/tasks/sshd.yml
 # ---
 
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - ecdsa-sha2-nistp256
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
+
 
 # ---
 # vars used by roles/common/tasks/apt.yml

host_vars/gw-elster.oopen.de.yml

@@ -127,6 +127,15 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/sshd.yml
 # ---
 
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - ecdsa-sha2-nistp256
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
+
 
 # ---
 # vars used by roles/common/tasks/apt.yml

hosts

@@ -36,6 +36,7 @@ gw-b3.oopen.de
 gw-blkr.oopen.de
 gw-d11.oopen.de
 gw-flr.oopen.de
+172.16.102.22
 gw-irights.irights.netz
 gw-km.oopen.de
 gw-mbr.oopen.de
@@ -406,6 +407,7 @@ file-fhxb.fhxb.netz
 
 # Fluechtlingsrat BRB
 gw-flr.oopen.de
+172.16.102.22
 
 # iRights
 gw-irights.irights.netz
@@ -1545,7 +1547,6 @@ bbb.b3-bornim.netz
 
 gw-blkr.oopen.de
 gw-replacement2.local.netz
-gw-replacement3.local.netz
 
 
 [gateway_server_rw]
@@ -1563,7 +1564,9 @@ gw-ak.oopen.de
 gw-akb.oopen.de
 gw-ckubu.local.netz
 gw-flr.oopen.de
+172.16.102.22
 gw-replacement.local.netz
+gw-replacement3.local.netz
 gw-irights.irights.netz
 gw-km.oopen.de
 gw-mbr.oopen.de

roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts

@@ -63,4 +63,4 @@ kitchenfantasy\.com$
 kitchenfaucetcenter\.com$
 fqmeta\.net$
 kitchenespial\.com$
-
+owboyhardware\.com$

roles/common/files/mailserver/etc/postfix/postfwd.bl-nets

@@ -117,3 +117,9 @@
  146.59.88.240/29
 # UA (Ukraine)
 193.3.23.0/24
+# DE (u.a. lagerexpress.com)
+41.216.188.0/24
+# US (u.a. echtzeit-video.com>)
+104.161.0.0/17
+158.51.124.0/22
+193.42.38.0/24

roles/common/files/mailserver/etc/postfix/postfwd.bl-sender

@@ -79,6 +79,9 @@ firmen-infos\.com$
 @premiumversender\.com$
 @longhornvapor\.com$
 @d-logistik\.com$
+@corvsport\.com$
+@echtzeit-video\.com$
+@cortlandparkcashmere\.com$
 
 # annoying spammer addresses
 ^error@mailfrom\.com$

roles/common/templates/etc/samba/smb.conf.j2

@@ -57,7 +57,7 @@
 #
 #   Example: server min protocol = NT1
 #
-   server min protocol = {{ samba_server_min_protocol|default('SMB2_02') }}
+   server min protocol = {{ samba_server_min_protocol }}
 
 {% endif %}