update..

2023-04-06 11:53:54 +02:00 · 2023-04-06 11:53:54 +02:00 · 12c86849c2
commit 12c86849c2
parent 912ec16cdb
59 changed files with 1065 additions and 102 deletions
--- a/ansible-dependencies-bullseye-sudo.yml
+++ b/ansible-dependencies-bullseye-sudo.yml
@ -5,4 +5,4 @@
  roles:
     - ansible_dependencies-bullseye
-     - ansible_user
+     - ansible_user_debian
--- a/ansible-dependencies-bullseye.yml
+++ b/ansible-dependencies-bullseye.yml
@ -12,4 +12,4 @@
  roles:
     - ansible_dependencies-bullseye
-     - ansible_user
+     - ansible_user_debian
--- a/ansible-dependencies-centos-7-sudo.yml
+++ b/ansible-dependencies-centos-7-sudo.yml
@ -0,0 +1,8 @@
 ---
 - hosts: initial_setup
  gather_facts: false
  roles:
     - ansible_dependencies-centos-7
     - ansible_user_centos
--- a/ansible-dependencies-centos-7.yml
+++ b/ansible-dependencies-centos-7.yml
@ -0,0 +1,15 @@
 ---
 - hosts: initial_setup
  remote_user: root
  become: false
  gather_facts: false
  vars_prompt:
    - name: ansible_ssh_pass
      prompt: "Give root's password here"
  roles:
     - ansible_dependencies-centos-7
     - ansible_user_centos
--- a/files/homedirs/axel/_bash_profile
+++ b/files/homedirs/axel/_bash_profile
@ -0,0 +1,29 @@
 # ~/.profile: executed by Bourne-compatible login shells.
 if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
 fi
 # set PATH so it includes user's private bin if it exists
 if [ -d "$HOME/bin" ] ; then
   PATH="$HOME/bin:$PATH"
 fi
 if [ -d "$HOME/bin/admin-stuff" ] ; then
   PATH="$HOME/bin/admin-stuff:$PATH"
 fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
 if [ -f "/etc/profile.d/mc.sh" ]; then
   source /etc/profile.d/mc.sh
 elif [ -f "/usr/share/mc/bin/mc.sh" ]; then
   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
 mesg n
--- a/files/homedirs/back/_bash_profile
+++ b/files/homedirs/back/_bash_profile
@ -0,0 +1,27 @@
 # ~/.profile: executed by Bourne-compatible login shells.
 if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
 fi
 # set PATH so it includes user's private bin if it exists
 if [ -d "$HOME/bin" ] ; then
   PATH="$HOME/bin:$PATH"
 fi
 if [ -d "$HOME/bin/admin-stuff" ] ; then
   PATH="$HOME/bin/admin-stuff:$PATH"
 fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
 if [ -f "/etc/profile.d/mc.sh" ]; then
   source /etc/profile.d/mc.sh
 elif [ -f "/usr/share/mc/bin/mc.sh" ]; then
   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
--- a/files/homedirs/chris/_bash_profile
+++ b/files/homedirs/chris/_bash_profile
@ -0,0 +1,27 @@
 # ~/.profile: executed by Bourne-compatible login shells.
 if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
 fi
 # set PATH so it includes user's private bin if it exists
 if [ -d "$HOME/bin" ] ; then
   PATH="$HOME/bin:$PATH"
 fi
 if [ -d "$HOME/bin/admin-stuff" ] ; then
   PATH="$HOME/bin/admin-stuff:$PATH"
 fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
 if [ -f "/etc/profile.d/mc.sh" ]; then
   source /etc/profile.d/mc.sh
 elif [ -f "/usr/share/mc/bin/mc.sh" ]; then
   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
--- a/files/homedirs/chris/_profile
+++ b/files/homedirs/chris/_profile
@ -25,6 +25,9 @@ fi
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
-#. /usr/lib/mc/bin/mc.sh
+if [ -f "/usr/share/mc/bin/mc.sh" ]; then
-. /usr/share/mc/bin/mc.sh
+   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
--- a/files/homedirs/root/_bash_profile
+++ b/files/homedirs/root/_bash_profile
@ -0,0 +1,29 @@
 # ~/.profile: executed by Bourne-compatible login shells.
 if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
 fi
 # set PATH so it includes user's private bin if it exists
 if [ -d "$HOME/bin" ] ; then
   PATH="$HOME/bin:$PATH"
 fi
 if [ -d "$HOME/bin/admin-stuff" ] ; then
   PATH="$HOME/bin/admin-stuff:$PATH"
 fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
 if [ -f "/etc/profile.d/mc.sh" ]; then
   source /etc/profile.d/mc.sh
 elif [ -f "/usr/share/mc/bin/mc.sh" ]; then
   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
 mesg n
--- a/files/homedirs/root/_profile
+++ b/files/homedirs/root/_profile
@ -1,8 +1,18 @@
-# ~/.profile: executed by Bourne-compatible login shells.
+# ~/.profile: executed by the command interpreter for login shells.
 # This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
 # exists.
 # see /usr/share/doc/bash/examples/startup-files for examples.
 # the files are located in the bash-doc package.
-if [ "$BASH" ]; then
+# the default umask is set in /etc/profile; for setting the umask
-  if [ -f ~/.bashrc ]; then
+# for ssh logins, install and configure the libpam-umask package.
-    . ~/.bashrc
+#umask 022
 # if running bash
 if [ -n "$BASH_VERSION" ]; then
    # include .bashrc if it exists
    if [ -f "$HOME/.bashrc" ]; then
 	. "$HOME/.bashrc"
    fi
 fi
@ -10,15 +20,15 @@ fi
 if [ -d "$HOME/bin" ] ; then
    PATH="$HOME/bin:$PATH"
 fi
 if [ -d "$HOME/bin/admin-stuff" ] ; then
   PATH="$HOME/bin/admin-stuff:$PATH"
 fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
-# . /usr/lib/mc/bin/mc.sh
+if [ -f "/usr/share/mc/bin/mc.sh" ]; then
-. /usr/share/mc/bin/mc.sh
+   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
 mesg n
--- a/files/homedirs/sysadm/_bash_profile
+++ b/files/homedirs/sysadm/_bash_profile
@ -0,0 +1,27 @@
 # ~/.profile: executed by Bourne-compatible login shells.
 if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
 fi
 # set PATH so it includes user's private bin if it exists
 if [ -d "$HOME/bin" ] ; then
   PATH="$HOME/bin:$PATH"
 fi
 if [ -d "$HOME/bin/admin-stuff" ] ; then
   PATH="$HOME/bin/admin-stuff:$PATH"
 fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
 if [ -f "/etc/profile.d/mc.sh" ]; then
   source /etc/profile.d/mc.sh
 elif [ -f "/usr/share/mc/bin/mc.sh" ]; then
   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
--- a/files/homedirs/webadmin/_bash_profile
+++ b/files/homedirs/webadmin/_bash_profile
@ -0,0 +1,27 @@
 # ~/.profile: executed by Bourne-compatible login shells.
 if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
 fi
 # set PATH so it includes user's private bin if it exists
 if [ -d "$HOME/bin" ] ; then
   PATH="$HOME/bin:$PATH"
 fi
 if [ -d "$HOME/bin/admin-stuff" ] ; then
   PATH="$HOME/bin/admin-stuff:$PATH"
 fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
 #
 if [ -f "/etc/profile.d/mc.sh" ]; then
   source /etc/profile.d/mc.sh
 elif [ -f "/usr/share/mc/bin/mc.sh" ]; then
   source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
   source /usr/lib/mc/bin/mc.sh
 fi
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -840,11 +840,15 @@ apt_install_postgresql_pkgs: false
 apt_postgresql_pkgs:
  - postgresql
-apt_install_bind9_packages: false
+install_bind_packages: false
-apt_bind9_pkgs:
+apt_bind_pkgs:
  - bind9
-apt_install_lxc_host_pkgs: false
+yum_bind_pks:
  - bind
 install_lxc_host_pkgs: false
 apt_lxc_host_pkgs:
  - bridge-utils
  - lxc
@ -854,7 +858,16 @@ apt_lxc_host_pkgs:
  - debootstrap
  - ntp
-apt_install_kvm_host_pkgs: false
+yum_lxc_host_pkgs:
  - bridge-utils
  - lxc
  - lxc-templates
  - python36-lxc
  - debootstrap
  - ntp
 install_kvm_host_pkgs: false
 apt_kvm_host_pkgs:
  - lvm2
  - bridge-utils
@ -893,6 +906,136 @@ microcode_package:
  - amd64-microcode
 # ---
 # vars used by yum.yml
 # ---
 yum_install_state: latest
 yum_ansible_dependencies:
  - ca-certificates
  - dbus
  - redhat-lsb-core
  - mc
  - net-tools
  - openssl
  - python3
  - sudo
  - vim
 yum_base_install_centos_7:
  - redhat-lsb-core
  - ca-certificates
  - git
  - iproute
  - mc
  - net-tools
  - bind-utils
  - openssl
  - python2
  - python3
  - sudo
  - vim
  - yum-utils
 yum_initial_install_centos_7:
  - cryptsetup
  - dbus
  - openssh-server
  - bash
  - bash-completion
  - vim
  - vim-common
  - mc
  - screen
  - tmux
  - cronie
  - bc
  - figlet
  - sudo
  - rsync
  - dselect
  - iputils
  - zip
  - unzip
  - bzip2
  - arj
  - mlocate
  - curl
  - gawk
  - mawk
  - lynx
  - links
  - w3m
  - ctags
  - file
  - coreutils
  - moreutils
  - less
  - sipcalc
  - psmisc
  - whois
  - gettext
  - gettext-devel
  - debian-keyring
  - patch
  - patchutils
  - recode
  - recode-devel
  - sharutils
  - perl 
  - perl-devel
  - readline 
  - readline-devel
  - libtermkey 
  - libtermkey-devel
  - perl-Time-Duration-Parse
  - perl-DateTime
  - perl-libwww-perl
  - pcre 
  - pcre2
  - perl-IO-Compress
  - re2c
  - util-linux
  - parted
  - lshw
  - gdisk
  - smartmontools
  - tcpdump
  - telnet
  - unhide
  - lsof
  - hdparm
  - groff
  - bridge-utils
  - ethtool
  - nwipe
  - iperf
  - mtr
  - iptraf
  - wget
  - logrotate
  - rsyslog
  - haveged
  - rdate
  - ntpdate
  - man
  - groff
  - iptables
  - ShellCheck
  - ftp
  - htop
  - net-tools
  - attr
  - acl
  - quota
  - quotatool
  - needrestart
  - socat
  - zsh
  - lua
  - btrfs-progs
 # ---
 # vars used by tor.yml
 # ---
@ -1893,6 +2036,33 @@ samba_cronjob_permissions:
  job: "/root/bin/samba/set_permissions_samba_shares.sh"
 # ==========
 # vars used by roles/common/tasks/systemd-services.yml
 # ==========
 # Take care that if these services are installed, they are running and 
 # start automatically after boot.
 #
 debian_services_active_and_started:
   - bind
   - cron
   - haveged
   - ntp
   - redis-server
   - ssh
   - tor
 redhat_services_active_and_started:
   - crond
   - haveged
   - named
   - ntpd
   - redis
   - sshd
   - tor
 # ==============================
--- a/group_vars/caching_nameserver.yml
+++ b/group_vars/caching_nameserver.yml
@ -51,7 +51,7 @@
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 # ---
--- a/group_vars/caching_nameserver.yml.bak
+++ b/group_vars/caching_nameserver.yml.bak
@ -0,0 +1,70 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 apt_install_bind9_packages: true
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
--- a/host_vars/172.16.162.89.yml
+++ b/host_vars/172.16.162.89.yml
@ -223,7 +223,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
  - local-net:
--- a/host_vars/172.16.63.32.yml
+++ b/host_vars/172.16.63.32.yml
@ -91,7 +91,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 # ---
 # vars used by roles/common/tasks/git.yml
--- a/host_vars/file-blkr.blkr.netz.yml
+++ b/host_vars/file-blkr.blkr.netz.yml
@ -222,6 +222,10 @@ samba_user:
      - buero
      - verwaltung
    password: 'fx9j/3X-thPr'
  - name: julius-e
    groups:
      - buero
    password: '2/kcx3jju-tr'
  - name: leonie
    groups:
      - buero
--- a/host_vars/file-fhxb.fhxb.netz.yml
+++ b/host_vars/file-fhxb.fhxb.netz.yml
@ -253,6 +253,9 @@ samba_groups:
  - name: altlasten
    group_id: 1510
  - name: administration
    group_id: 1610
 samba_user:
@ -463,6 +466,7 @@ samba_user:
    # Heike Müller
  - name : h.mueller
    groups:
      - administration
      - buero
      - team
    password: 'VT7/n5hHy-Av'
@ -470,6 +474,7 @@ samba_user:
    # Jana König
  - name : j.koenig
    groups:
      - administration
      - archiv
      - ausstellungen
      - buero
@ -493,6 +498,7 @@ samba_user:
    # Jorinde Splettstößer
  - name : j.splettstoesser
    groups:
      - administration
      - archiv
      - ausstellungen
      - buero
@ -517,6 +523,7 @@ samba_user:
    # Natalie Bayer
  - name : n.bayer
    groups:
      - administration
      - altlasten
      - archiv
      - ausstellungen
@ -651,6 +658,15 @@ remove_samba_users:
 samba_shares:
  - name: Administration
    comment: Administration auf Fileserver
    path: /data/samba/FHXB-Server/Administration
    group_valid_users: administration
    group_write_list: administration
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
  - name: Altlasten
    comment: Altlasten auf Fileserver
    path: /data/samba/FHXB-Server/Altlasten
--- a/host_vars/ga-al-gw.oopen.de.yml
+++ b/host_vars/ga-al-gw.oopen.de.yml
@ -339,7 +339,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
--- a/host_vars/ga-nh-gw.oopen.de.yml
+++ b/host_vars/ga-nh-gw.oopen.de.yml
@ -215,7 +215,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
  - local-net:
--- a/host_vars/ga-st-gw-ersatz.ga.netz.yml
+++ b/host_vars/ga-st-gw-ersatz.ga.netz.yml
@ -150,7 +150,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
  - local-net:
--- a/host_vars/ga-st-gw.oopen.de.yml
+++ b/host_vars/ga-st-gw.oopen.de.yml
@ -385,7 +385,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
  - local-net:
--- a/host_vars/gw-123.oopen.de.yml
+++ b/host_vars/gw-123.oopen.de.yml
@ -101,7 +101,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_listen_on_v6:
  - none
--- a/host_vars/gw-ah.oopen.de.yml
+++ b/host_vars/gw-ah.oopen.de.yml
@ -114,7 +114,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
--- a/host_vars/gw-blkr.oopen.de.yml
+++ b/host_vars/gw-blkr.oopen.de.yml
@ -224,7 +224,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
  - local-net:
--- a/host_vars/gw-ckubu.local.netz.yml
+++ b/host_vars/gw-ckubu.local.netz.yml
@ -91,7 +91,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_listen_on_v6:
  - none
--- a/host_vars/gw-ebs.oopen.de.yml
+++ b/host_vars/gw-ebs.oopen.de.yml
@ -165,7 +165,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
--- a/host_vars/gw-elster.oopen.de.yml
+++ b/host_vars/gw-elster.oopen.de.yml
@ -219,7 +219,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 bind9_gateway_acl:
  - local-net:
--- a/host_vars/gw-flr.oopen.de.yml
+++ b/host_vars/gw-flr.oopen.de.yml
@ -218,7 +218,7 @@ sudo_users:
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
-apt_install_bind9_packages: true
+install_bind_packages: true
 # ---
--- a/host_vars/mail-neu.cadus.org.yml
+++ b/host_vars/mail-neu.cadus.org.yml
@ -150,10 +150,10 @@ copy_plain_files_postfwd_host_specific:
 # ---
 hostname: mail.cadus.org
-ipv4_address: 46.4.25.245
+ipv4_address: 135.181.22.153
-ipv6_address: 2a01:4f8:221:3b4e::245
+ipv6_address: 2a01:4f9:4b:46d1::153
-admin_email: admin@cadus.org
+admin_email: it@cadus.org
 is_relay_host: !!str "false"
 db_in_use: !!str "true"
@ -165,6 +165,7 @@ postfix_db_name: postfix
 postfix_db_user: postfix
 #postfix_db_host:
 postfix_db_pass: T3CJnFMJNX9wmhNs
 mysql_credentials: !!str "-u root -S /run/mysqld/mysqld.sock"
 # install_amavis.conf
 #
--- a/host_vars/mail.cadus.org.yml
+++ b/host_vars/mail.cadus.org.yml
@ -150,8 +150,8 @@ copy_plain_files_postfwd_host_specific:
 # ---
 hostname: mail.cadus.org
-ipv4_address: 46.4.25.245
+ipv4_address: 135.181.22.153
-ipv6_address: 2a01:4f8:221:3b4e::245
+ipv6_address: 2a01:4f9:4b:46d1::153
 admin_email: admin@cadus.org
 is_relay_host: !!str "false"
--- a/host_vars/o17.oopen.de.yml
+++ b/host_vars/o17.oopen.de.yml
@ -307,7 +307,7 @@ samba_user:
      - buero
      - intern
      - verwaltung
-    password:
+    password: '20-buch_holz-20'
  - name: schmidt
    groups:
      - intern
@ -360,15 +360,15 @@ samba_shares:
    guest_ok: !!str no
    browseable: !!str no
    valid_users: '%S'
-    file_create_mask: '600'
+    file_create_mask: !!str 600
-    dir_create_mask: '700'
+    dir_create_mask:  !!str 700
  - name: Buero
    path: /data/samba/shares/Buero
    group_valid_users: intern
    group_write_list: intern
-    file_create_mask: 664
+    file_create_mask: !!str 664
-    dir_create_mask: 2775
+    dir_create_mask: !!str 2775
    vfs_object_recycle: true
    recycle_path: recycle
@ -376,8 +376,8 @@ samba_shares:
    path: /data/samba/shares/Verwaltung
    group_valid_users: verwaltung
    group_write_list: verwaltung
-    file_create_mask: 660
+    file_create_mask: !!str 660
-    dir_create_mask: 2770
+    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: recycle
@ -385,8 +385,8 @@ samba_shares:
    path: /data/samba/shares/Scans_schnell
    group_valid_users: intern
    group_write_list: intern
-    file_create_mask: '664'
+    file_create_mask: !!str 664
-    dir_create_mask: 2775
+    dir_create_mask: !!str 2775
    vfs_object_recycle: true
    recycle_path: recycle
@ -394,8 +394,8 @@ samba_shares:
    path: /data/samba/shares/Hoffmann-Elberling
    group_valid_users: hoffmann-elberling
    group_write_list: hoffmann-elberling
-    file_create_mask: '664'
+    file_create_mask: !!str 664
-    dir_create_mask: 2775
+    dir_create_mask: !!str 2775
    vfs_object_recycle: true
    recycle_path: recycle
@ -403,8 +403,8 @@ samba_shares:
    path: /data/samba/shares/Gubitz-Partner
    group_valid_users: gubitz-partner
    group_write_list: gubitz-partner
-    file_create_mask: '664'
+    file_create_mask: !!str 664
-    dir_create_mask: 2775
+    dir_create_mask: !!str 2775
    vfs_object_recycle: true
    recycle_path: recycle
@ -412,8 +412,8 @@ samba_shares:
    path: /data/samba/shares/Gubitz-Backup
    group_valid_users: gubitz
    group_write_list: gubitz
-    file_create_mask: 660
+    file_create_mask: !!str 660
-    dir_create_mask: 2770
+    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: recycle
@ -422,8 +422,8 @@ samba_shares:
    path: /data/samba/shares/WinServer2016-Backup
    group_valid_users: {}
    group_write_list: {}
-    file_create_mask: 664
+    file_create_mask: !!str 664
-    dir_create_mask: 2775
+    dir_create_mask: !!str 2775
    guest_ok: !!str yes
    vfs_object_recycle: true
    recycle_path: {}
@ -433,8 +433,8 @@ samba_shares:
    path: /data/samba/shares/Advoware-Backup
    group_valid_users: back
    group_write_list: back
-    file_create_mask: 664
+    file_create_mask: !!str 664
-    dir_create_mask: 2775
+    dir_create_mask: !!str 2775
    guest_ok: !!str yes
    vfs_object_recycle: true
--- a/host_vars/zapata.opp.netz.yml
+++ b/host_vars/zapata.opp.netz.yml
@ -198,6 +198,12 @@ samba_user:
      - beratung
    password: 'D1dPWdPvopp4!'
  - name: anika
    groups:
      - buero
      - beratung
    password: '4n1k4*adb_23'
  - name: anna
    groups:
      - buero
@ -475,7 +481,7 @@ samba_shares:
    writeable: !!str  no
    guest_ok: !!str  no
    file_create_mask: !!str 0664
-    dir_create_mask: !!str 2775
+    dir_create_mask: !!str 0755
    vfs_object_recycle: false
--- a/42
+++ b/42
@ -9,6 +9,10 @@
 #schleuder3.so36.net ansible_user=ckubu
 #site36.net ansible_user=ckubu
 #web.so36.net ansible_user=ckubu
 [so36_server]
 #kvm05.so36.net ansible_ssh_user=ckubu ansible_ssh_port=1036
 #kvm13.so36.net ansible_ssh_user=ckubu ansible_ssh_port=1036
 [dns_sinma]
@ -52,6 +56,9 @@ gw-replacement.local.netz
 gw-replacement2.local.netz
 gw-replacement3.local.netz
 kvm-ipa.local.netz
 file-ipa.local.netz
 k1371.dyndns.org
 ga-st-gw-ersatz.ga.netz
@ -124,8 +131,8 @@ o20.oopen.de
 o21.oopen.de
 o31.oopen.de
 mail.cadus.org
 mail-neu.cadus.org
 web.cadus.org
 wiki.cadus.org
 o22.oopen.de
 oolm-db.oopen.de
@ -199,7 +206,6 @@ lxc-host-kb.anw-kb.netz
 [initial_setup]
 # ---
 # - Warenform Server
 # ---
@ -278,8 +284,8 @@ o20.oopen.de
 o21.oopen.de
 o31.oopen.de
 mail.cadus.org
 mail-neu.cadus.org
 web.cadus.org
 wiki.cadus.org
 # - o22.oopen.de
 o22.oopen.de
@ -367,6 +373,9 @@ gw-replacement.local.netz
 gw-replacement2.local.netz
 gw-replacement3.local.netz
 kvm-ipa.local.netz
 file-ipa.local.netz
 # 123Comics
 gw-123.oopen.de
@ -455,7 +464,6 @@ devel-php.wf.netz
 devel-todo.wf.netz
 devel-wiki.wf.netz
 [apache2_webserver]
 # ---
@ -485,8 +493,8 @@ o20.oopen.de
 # o21.oopen.de
 # o31.oopen.de
 web.cadus.org
 wiki.cadus.org
 mail.cadus.org
 mail-neu.cadus.org
 # o22.oopen.de
 oolm-shop-dev.oopen.de
@ -531,6 +539,8 @@ cl-test.oopen.de
 #  O.OPEN office network
 # ---
 file-ipa.local.netz
 # - GA - Gemeinschaft Altensclirf
 ga-st-mail.ga.netz
 ga-al-ws1.ga.netz
@ -643,6 +653,9 @@ o26.oopen.de
 # o30.oopen.de - AK Server Nextcloud/Jitsi Meet
 meet.akweb.de
 # o31.oopen.de
 wiki.cadus.org
 # etventure
 o32.oopen.de
@ -678,6 +691,7 @@ o13-web.oopen.de
 # o21.oopen.de
 # o31.oopen.de
 web.cadus.org
 wiki.cadus.org
 # o20.oopen.de (srv-cityslang.cityslang.com)
 o20.oopen.de
@ -728,7 +742,6 @@ test.mx.oopen.de
 # o21.oopen.de
 # o31.oopen.de
 mail.cadus.org
 mail-neu.cadus.org
 # o27.oopen.de
 mail.faire-mobilitaet.de
@ -757,6 +770,12 @@ ga-st-mail.ga.netz
 mx.warenform.de
 lists.mx.warenform.de
 # ---
 # so36.net
 # ---
 #rage.so36.net ansible_ssh_user=ckubu ansible_ssh_port=1036
 [sympa_list_server]
@ -833,8 +852,8 @@ o20.oopen.de
 # o21.oopen.de
 web.cadus.org
 wiki.cadus.org
 mail.cadus.org
 mail-neu.cadus.org
 # o22.oopen.de
 oolm-db-dev.oopen.de
@ -992,7 +1011,6 @@ nscache.oopen.de
 # o21.oopen.de
 # o31.oopen.de
 mail.cadus.org
 mail-neu.cadus.org
 o22.oopen.de
@ -1014,6 +1032,8 @@ b.mx.oopen.de
 # - GA - Gemeinschaft Altensclirf
 ga-st-mail.ga.netz
 file-ipa.local.netz
 # ---
 # Warenform
@ -1161,6 +1181,8 @@ lxc-host-kb.anw-kb.netz
 #  O.OPEN office network
 # ---
 file-ipa.local.netz
 bbb-server.b3-bornim.netz
 file-ah.kanzlei-kiel.netz
 file-km.anw-km.netz
@ -1218,8 +1240,8 @@ meet2.oopen.de
 # - o21.oopen.de
 # - o31.oopen.de
 mail.cadus.org
 mail-neu.cadus.org
 web.cadus.org
 wiki.cadus.org
 # - o22.oopen.de
 oolm-db.oopen.de
@ -1385,8 +1407,8 @@ o20.oopen.de
 o21.oopen.de
 o31.oopen.de
 mail.cadus.org
 mail-neu.cadus.org
 web.cadus.org
 wiki.cadus.org
 # - o22.oopen.de
 o22.oopen.de
--- a/roles/ansible_dependencies-centos-7/tasks/main.yml
+++ b/roles/ansible_dependencies-centos-7/tasks/main.yml
@ -0,0 +1,24 @@
 ---
 - name: (ansible_dependencies-centos-7) System updates 
  yum:
    name: '*'
    state: latest
    update_cache: yes
    #cache_valid_time: 3600
  tags:
    - yum-update
 - name: Ensure python2 is present (This is necessary for ansible to work properly)
  raw: test -e /usr/bin/python2 || (yum -y install python2)
 - name: Ensure python3 is present (This is necessary for ansible to work properly)
  raw: test -e /usr/bin/python3 || (yum install -y python3)
 - name: yum install ansible dependencies
  yum:
    name: "{{ yum_ansible_dependencies }}"
    state: "{{ yum_install_state }}"
  tags:
    - ansible-dependencies
--- a/roles/ansible_user_centos/tasks/main.yml
+++ b/roles/ansible_user_centos/tasks/main.yml
@ -0,0 +1,35 @@
 ---
 - name: Ensure remote users for ansible exists
  user:
    name: '{{ item.name }}'
    state: present
    uid: '{{ item.user_id | default(omit) }}'
    #group: '{{ item.name | default(omit) }}'
    shell: '{{ item.shell|d("/bin/bash") }}'
    password: "{{ item.password }}"
    update_password: on_create
  with_items: '{{ ansible_remote_user }}'
  tags:
    - ansible-remote-user
 - name: Ensure ansible user is part of sudo group
  user:
    name: "{{ item.name }}"
    groups: wheel
    append: yes
  with_items: "{{ ansible_remote_user }}"
  tags:
    - sudo-users
 - name: Ensure authorized_key files are present
  authorized_key:
    user: "{{ item.0.name }}"
    key: "{{ item.1 }}"
    state: present
  with_subelements:
    - '{{ ansible_remote_user }}'
    - ssh_keys
  tags:
    - authorized_key
--- a/roles/ansible_user_debian/tasks/main.yml
+++ b/roles/ansible_user_debian/tasks/main.yml
--- a/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
@ -62,7 +62,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf
@ -74,7 +74,7 @@ check_website=false
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
-mysql_credential_args="--login-path=local"
+mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf"
 # - Additional Settings for check_php_fpm
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf
@ -62,7 +62,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
@ -74,7 +74,7 @@ check_website=false
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
-mysql_credential_args="--login-path=local"
+mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf"
 # - Additional Settings for check_php_fpm
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
@ -70,3 +70,9 @@ convinceandconvert\.com$
 thelargest\.homes$
 eamyobai\.cfd$
 countryfields\.ca$
 urgencypasture\.shop$
 detectivecomics\.net$
 bell\.net$
 beheshtfoundation\.com$
 tohochina\.com$
 mailer-service\.de$
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
@ -133,3 +133,16 @@
 103.114.162.0/24
 # US (u.a.versender50.com)
 204.152.197.0/24
 # US (u.a.vs-dienst.com)
 45.134.11.0/24
 212.83.56.0/24
 # US ( u.a. urgencypasture.shop)
 194.87.84.0/24
 # US ( u.a. dkdirekt.com)
 64.188.1.176/28
 # CA (Canada) (u.a. bell.net)
 209.71.192.0/18
 # HU (u.a. beheshtfoundation.com)
 83.137.158.0/24
 # US (u.a. josephraffael.com / auftrag@v-markt-direkt.com)
 64.188.4.0/22
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
@ -92,4 +92,13 @@ firmen-infos\.com$
 ^info@webmeinung\.de$
 ^info@handel-versand\.com$
 ^order@direktversender\.net$
-versender.*.com$
+versender.*\.com$
 vs-dienst\.com$
 urgencypasture\.shop$
 dkdirekt\.com$
 nb\.sympatico\.ca$
 beheshtfoundation\.com$
 josephraffael\.com$
 v-markt-direkt\.com$
 mailer-service\.de$
 swissad\.biz$
--- a/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
@ -69,7 +69,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -63,8 +63,10 @@
    state: restarted
 - name: Restart redis-server
  vars:
    _daemon: "{{ 'redis' if ansible_distribution == 'CentOS' else 'redis-server' }}"
  service:
-    name: redis-server
+    name: "{{ _daemon }}"
    state: restarted
 - name: Restart tor service
--- a/roles/common/tasks/basic.yml
+++ b/roles/common/tasks/basic.yml
@ -11,6 +11,8 @@
    name: "{{ item }}"
    state: present
  with_items: "{{ locales }}"
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - locales
@ -150,28 +152,38 @@
 - name: (basic.yml) install unattended-upgrades
  apt: pkg=unattended-upgrades state=present
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades
 - name: (basic.yml) install apt-listchanges
  apt: pkg=apt-listchanges state=present
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades
 - name: (basic.yml) remove apticron
  apt: pkg=apticron state=absent
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades
 - name: (basic.yml) check if /etc/apt/apt.conf.d/20auto-upgrades exists
  stat: path=/etc/apt/apt.conf.d/20auto-upgrades
  register: ua_enabled
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades
 - name: (basic.yml) activate unattended upgrades
  shell: DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true dpkg-reconfigure -plow unattended-upgrades
-  when: ua_enabled.stat.exists == False
+  when: 
    - ansible_facts['distribution'] == "Debian"
    - ua_enabled.stat.exists == False
  tags:
    - unattended-upgrades
@ -182,6 +194,8 @@
    owner: root
    group: root
    mode: 0644
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades
@ -193,5 +207,7 @@
    owner: root
    group: root
    mode: 0644
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades
--- a/roles/common/tasks/caching-nameserver.yml
+++ b/roles/common/tasks/caching-nameserver.yml
@ -1,11 +1,17 @@
 ---
 # ---
 # Install 'bind' apt based OS
 # ---
 - name: (caching-nameserver.yml) update
  apt:
    update_cache: true
    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
-  when: apt_update|bool
+  when:
    - ansible_distribution == "Debian"
    - apt_update|bool
  tags:
    - apt-caching-nameserver
@ -17,7 +23,9 @@
    warn: false
  changed_when: _dpkg_configure.stdout_lines | length
  register: _dpkg_configure
-  when: apt_dpkg_configure|bool
+  when:
    - ansible_distribution == "Debian"
    - apt_update|bool
  tags:
    - apt-caching-nameserver
@ -27,19 +35,52 @@
    upgrade: "{{ apt_upgrade_type }}"
    update_cache: true
    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
-  when: apt_upgrade|bool
+  when:
    - ansible_distribution == "Debian"
    - apt_dpkg_configure|bool
  tags:
    - apt-caching-nameserver
- name: (caching-nameserver.yml) Install bind9 packages
+- name: (caching-nameserver.yml) Install bind packages (using apt)
  apt:
-    name: "{{ apt_bind9_pkgs }}"
+    name: "{{ apt_bind_pkgs }}"
    state: present
-  when: apt_install_bind9_packages|bool == true
+  when:
    - ansible_distribution == "Debian"
    - install_bind_packages|bool == true
  tags:
    - apt-caching-nameserver
 # ---
 # Install 'bind' - yum based OS
 # ---
 - name: (yum.yml) Install system updates for centos systems
  yum:
    name: '*'
    state: latest
    update_cache: yes
    #cache_valid_time: 3600
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution == "CentOS"
  tags:
    - yum-update
 - name: (yum.yml) Install bind packages (using yum)
  yum:
    name: "{{ yum_bind_pks }}"
    state: "{{ yum_install_state }}"
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution == "CentOS"
  tags:
    - yum-caching-nameserver
 # ---
 # Configure bind on debian systems
 # --
 - name: (caching-nameserver.yml) Create directory /var/log/named if it does not exist
  file:
@ -48,6 +89,8 @@
    owner: bind
    group: bind
    mode: '0755'
  when:
    - ansible_distribution == "Debian"
 - name: (caching-nameserver.yml) update named.conf.options configuration file (normal server)
@ -64,6 +107,7 @@
    - apt-caching-nameserver
    - caching-nameserver
  when: 
    - ansible_distribution == "Debian"
    - inventory_hostname not in groups["gateway_server"]
 # --------------------
@ -89,6 +133,7 @@
    - apt-caching-nameserver
    - caching-nameserver
  when: 
    - ansible_distribution == "Debian"
    - inventory_hostname in groups["gateway_server"]
 #    - not file_named_conf_options.stat.exists
@ -107,4 +152,6 @@
    mode: '0644'
  tags:
    - apt-caching-nameserver
  when: 
    - ansible_distribution == "Debian"
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -26,11 +26,26 @@
 #   apt-autoremove
 #   apt-clean
 - import_tasks: apt.yml
  when:
    - ansible_facts['distribution'] == "Debian"
  tags: apt
 #
 #    yum-update
 #    yum-base-install
 #    yum-initial-install
 - import_tasks: yum.yml
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution == "CentOS"
  tags: yum
 - import_tasks: tor.yml
-  when: inventory_hostname in groups['mail_server']
+  when:
    - inventory_hostname in groups['mail_server']
    - ansible_facts['distribution'] == "Debian"
  tags: 
    - tor-service
@ -44,6 +59,8 @@
 #  zsh-config
 #
 - import_tasks: shell.yml
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
     - shell-config
     - vim-config
@ -208,7 +225,23 @@
 # tags supportetd inside caching-nameserver.yml
 #
 # apt-caching-nameserver
 # yum-caching-nameserver
 #
 - import_tasks: caching-nameserver.yml
  when: groups['caching_nameserver']|string is search(inventory_hostname)
  tags: caching-nameserver
 - import_tasks: systemd-services_debian_based_OS.yml
  when:
    - ansible_os_family == "Debian"
  tags:
    - services
 - import_tasks: systemd-services_redhat_based_OS.yml
  when:
    - ansible_os_family == "RedHat"
  tags:
    - services
--- a/roles/common/tasks/redis-server.yml
+++ b/roles/common/tasks/redis-server.yml
@ -1,11 +1,17 @@
 ---
 - name: (redis-server.yml) Set var '_redis_conf'
  set_fact:
     _redis_conf: "{{ '/etc/redis.conf' if ansible_distribution == 'CentOS' else '/etc/redis/redis.conf' }}"
 - name: (redis-server.yml) update
  apt:
    update_cache: true
    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
-  when: apt_update|bool
+  when:
    - ansible_facts['distribution'] == "Debian"
    - apt_update|bool
  tags:
    - redis-server
@ -17,7 +23,9 @@
    warn: false
  changed_when: _dpkg_configure.stdout_lines | length
  register: _dpkg_configure
-  when: apt_dpkg_configure|bool
+  when:
    - ansible_facts['distribution'] == "Debian"
    - apt_update|bool
  tags:
    - redis-server
@ -27,15 +35,30 @@
    upgrade: "{{ apt_upgrade_type }}"
    update_cache: true
    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
-  when: apt_upgrade|bool
+  when:
    - ansible_facts['distribution'] == "Debian"
    - apt_upgrade|bool
  tags:
    - redis-server
- name: (redis-server.yml) Install redis-server packages
+- name: (redis-server.yml) Install redis-server packages (debian system)
  apt:
    name: redis-server
    state: present
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - redis-server
 - name: (redis-server.yml) Install redis packages (centos system)
  yum:
    name: redis
    state: latest
    update_cache: yes
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution == "CentOS"
  tags:
    - redis-server
@ -79,23 +102,23 @@
  tags:
    - redis-server
- name: (redis-server.yml)  Check if file '/etc/redis/redis.conf.ORIG' exists
+- name: (redis-server.yml)  Check if redis configuration file exists
  stat:
-    path: /etc/redis/redis.conf.ORIG
+    path: "{{ _redis_conf }}.ORIG"
  register: redis_conf_exists
  tags:
    - redis-server
- name: (redis-server.yml) Backup existing file /etc/redis/redis.conf.
+- name: (redis-server.yml) Backup existing redis configuration file.
-  command: cp -a /etc/redis/redis.conf /etc/redis/redis.conf.ORIG
+  command: cp -a  "{{ _redis_conf }}" "{{ _redis_conf }}".ORIG
  when:
    - redis_conf_exists.stat.exists == False
  tags:
    - redis-server
- name: (redis-server.yml) adjust configuration '/etc/redis/redis.conf'
+- name: (redis-server.yml) adjust redis configuration 
  lineinfile:
-    dest: /etc/redis/redis.conf
+    dest: "{{ _redis_conf }}"
    regexp: "{{ item.regexp }}"
    insertafter: "{{ item.insertafter }}"
    line: "{{ item.key }} {{ item.val }}"
--- a/roles/common/tasks/samba-config-server.yml
+++ b/roles/common/tasks/samba-config-server.yml
@ -19,7 +19,7 @@
    path: "{{ item.path }}"
    owner: "root"
    group: "{{ item.group_write_list | default('root', true) }}"
-    mode: '2770'
+    mode: "{{ dir_create_mask | default('2770', true) }}"
    state: directory
    recurse: no
  with_items: "{{ samba_shares }}"
--- a/roles/common/tasks/systemd-services_debian_based_OS.yml
+++ b/roles/common/tasks/systemd-services_debian_based_OS.yml
@ -0,0 +1,61 @@
 ---
 - name: (systemd-services.yml) Check if Service Exists (Debian based OS)
  shell: 'systemctl list-unit-files | grep -q -e "^{{ item }}.service";'
  changed_when: "service_exists.rc > 1"
  failed_when: "service_exists.rc > 1"
  register: service_exists
  with_items: 
    - "{{ debian_services_active_and_started }}"
 #- debug: msg="{{ service_exists.results }}"
 - name: (systemd-services.yml) Check if Service is disabled (Debian based OS)
  shell: 'systemctl list-unit-files | grep -e "^{{ item.item }}.service"  | grep -q "disabled";'
  register: service_is_enabled
  changed_when: "service_is_enabled.rc == 0"
  failed_when: "service_is_enabled.rc > 1"
  with_items: 
    - "{{ service_exists.results }}"
  loop_control:
    label: '{{ item.item }}'
  when: 
    - item.rc == 0 
 #- debug: msg="{{ service_is_enabled.results }}"
 - name: (systemd-services.yml) Enable service
  systemd:
    name: "{{ item.item.item }}.service"
    enabled: true
  with_items:
    - "{{ service_is_enabled.results }}"
  loop_control:
    label: '{{ item.item.item }}'
  when:
    - item.changed
 - name: (systemd-services.yml) Check if Service is active
  shell: 'systemctl is-active {{ item.item }}.service'
  register: service_is_active
  changed_when: 'service_is_active.stdout == "inactive"'
  failed_when: 'service_is_active.rc > 3'
  with_items:
    - "{{ service_exists.results }}"
  loop_control:
    label: '{{ item.item }}'
  when:
    - item.rc == 0
 - name: (systemd-services.yml) Start service
  systemd:
    name: "{{ item.item.item }}.service"
    state: started
  with_items:
    - "{{ service_is_active.results }}"
  loop_control:
    label: '{{ item.item.item }}'
  when:
    - item.changed
--- a/roles/common/tasks/systemd-services_redhat_based_OS.yml
+++ b/roles/common/tasks/systemd-services_redhat_based_OS.yml
@ -0,0 +1,64 @@
 ---
 - name: (systemd-services.yml) Check if Service Exists (RedHat based OS)
  shell: 'systemctl list-unit-files | grep -q -e "^{{ item }}.service";'
  changed_when: "service_exists.rc > 1"
  failed_when: "service_exists.rc > 1"
  register: service_exists
  with_items: 
    - "{{ redhat_services_active_and_started }}"
  when: 
    - ansible_os_family == "RedHat"
 #- debug: msg="{{ service_exists.results }}"
 - name: (systemd-services.yml) Check if Service is disabled (RedHat based OS)
  shell: 'systemctl list-unit-files | grep -e "^{{ item.item }}.service"  | grep -q "disabled";'
  register: service_is_enabled
  changed_when: "service_is_enabled.rc == 0"
  failed_when: "service_is_enabled.rc > 1"
  with_items: 
    - "{{ service_exists.results }}"
  loop_control:
    label: '{{ item.item }}'
  when: 
    - item.rc == 0 
    - ansible_os_family == "RedHat"
 #- debug: msg="{{ service_is_enabled.results }}"
 - name: (systemd-services.yml) Enable service
  systemd:
    name: "{{ item.item.item }}.service"
    enabled: true
  with_items:
    - "{{ service_is_enabled.results }}"
  loop_control:
    label: '{{ item.item.item }}'
  when:
    - item.changed
 - name: (systemd-services.yml) Check if Service is active
  shell: 'systemctl is-active {{ item.item }}.service'
  register: service_is_active
  changed_when: 'service_is_active.stdout == "inactive"'
  failed_when: 'service_is_active.rc > 3'
  with_items:
    - "{{ service_exists.results }}"
  loop_control:
    label: '{{ item.item }}'
  when:
    - item.rc == 0
 - name: (systemd-services.yml) Start service
  systemd:
    name: "{{ item.item.item }}.service"
    state: started
  with_items:
    - "{{ service_is_active.results }}"
  loop_control:
    label: '{{ item.item.item }}'
  when:
    - item.changed
--- a/roles/common/tasks/users-systemfiles.yml
+++ b/roles/common/tasks/users-systemfiles.yml
@ -83,7 +83,7 @@
    - bash
 # --
-# Copy .profile
+# Copy .profile (Debian System)
 # ---
 - name: (users-systemfiles.yml) Check if users file '.profile.ORIG' exists
@ -93,6 +93,8 @@
  loop: "{{ default_user }}"
  loop_control:
    label: '{{ item.name }}'
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - profile
@ -101,7 +103,9 @@
  loop: "{{ profile_user_orig_exists.results }}"
  loop_control:
    label: '{{ item.item.name }}'
-  when: item.stat.exists == False 
+  when:
    - ansible_facts['distribution'] == "Debian"
    - item.stat.exists == False
  tags:
    - profile
@ -116,6 +120,7 @@
  loop_control:
    label: '{{ item.item.name }}'
  when:
    - ansible_facts['distribution'] == "Debian"
    - item.stat.exists
    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
  tags:
@ -125,12 +130,16 @@
  stat:
    path: /root/.profile.ORIG
  register: profile_root_orig_exists
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
    - profile
 - name: (users-systemfiles.yml) Backup existing users .profile file
  command: cp -a /root/.profile /root/.profile.ORIG
-  when: profile_root_orig_exists.stat.exists == False 
+  when:
    - ansible_facts['distribution'] == "Debian"
    - profile_root_orig_exists.stat.exists == False
  tags:
    - profile
@ -142,11 +151,88 @@
    group: root
    mode: 0644
  when: 
    - ansible_facts['distribution'] == "Debian"
    - local_template_dir_root.stat.exists
    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
  tags:
    - profile
 # --
 # Copy .bash_profile (CentOS/Fedora?/RedHat? System)
 # ---
 - name: (users-systemfiles.yml) Check if users file '.bash_profile.ORIG' exists
  stat:
    path: "~{{ item.name }}/.bash_profile.ORIG"
  register: bash_profile_user_orig_exists
  loop: "{{ default_user }}"
  loop_control:
    label: '{{ item.name }}'
  when:
    - ansible_facts['distribution'] == "CentOS"
  tags:
    - profile
 - name: (users-systemfiles.yml) Backup existing users .bash_profile file
  command: cp -a ~{{ item.item.name }}/.bash_profile ~{{ item.item.name }}/.bash_profile.ORIG
  loop: "{{ bash_profile_user_orig_exists.results }}"
  loop_control:
    label: '{{ item.item.name }}'
  when:
    - ansible_facts['distribution'] == "CentOS"
    - item.stat.exists == False
  tags:
    - profile
 - name: (users-systemfiles.yml) copy .bash_profile if it exists
  copy: 
    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile') }}"
    dest: "~{{ item.item.name }}/.bash_profile"
    owner: "{{ item.item.name }}"
    group: "{{ item.item.name }}"
    mode: 0644
  loop: "{{  local_template_dir_default_user.results }}"
  loop_control:
    label: '{{ item.item.name }}'
  when:
    - ansible_facts['distribution'] == "CentOS"
    - item.stat.exists
    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile')
  tags:
    - profile
 - name: (users-systemfiles.yml) Check if file '/root/.bash_profile.ORIG' exists
  stat:
    path: /root/.bash_profile.ORIG
  register: profile_root_orig_exists
  when:
    - ansible_facts['distribution'] == "CentOS"
  tags:
    - profile
 - name: (users-systemfiles.yml) Backup existing users .bash_profile file
  command: cp -a /root/.bash_profile /root/.bash_profile.ORIG
  when:
    - ansible_facts['distribution'] == "CentOS"
    - profile_root_orig_exists.stat.exists == False
  tags:
    - profile
 - name: (users-systemfiles.yml) copy .bash_profile for user root
  copy: 
    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile') }}"
    dest: "/root/.bash_profile"
    owner: root
    group: root
    mode: 0644
  when: 
    - ansible_facts['distribution'] == "CentOS"
    - local_template_dir_root.stat.exists
    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile')
  tags:
    - profile
 # --
 # Copy .vimrc
 # ---
--- a/roles/common/tasks/yum.yml
+++ b/roles/common/tasks/yum.yml
@ -0,0 +1,53 @@
 ---
 - name: (yum.yml) Install system updates for centos systems
  yum:
    name: '*'
    state: latest
    update_cache: yes
    #cache_valid_time: 3600
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution == "CentOS"
  tags:
    - yum-update
 - name: Install the EPEL Repository in CentOS 7
  yum:
    name: epel-release
    state: latest
 # Its more eficient to in
 - name: (yum.yml) Base install CentOS packages (CentOS 7)
  yum:
    name: "{{ yum_base_install_centos_7 }}"
    state: "{{ yum_install_state }}"
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "7"
  tags:
    - yum-base-install
 - name: (yum.yml) Initial install CentOS packages (CentOS 7)
  yum:
    name: "{{ yum_initial_install_centos_7 }}"
    state: "{{ yum_install_state }}"
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "7"
  tags:
    - yum-initial-install
 - name: (yum.yml) Install lxc_host related packages
  yum:
    name: "{{ yum_lxc_host_pkgs }}"
    state: "{{ yum_install_state }}"
  when:
    - groups['lxc_host']|string is search(inventory_hostname)
  tags:
    - yum-lxc-hosts-pkgs
--- a/roles/common/templates/usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
+++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
@ -147,7 +147,7 @@ APACHE_SERVER_KEY="privkey.pem"
 # -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '/usr/local/mysql/sys-maint.cnf' otherwise
 # -
-#MYSQL_CREDENTIALS=""
+MYSQL_CREDENTIALS='{{ mysql_credentials | default(omit) }}'
 # - The wa passwords will be encrypted.