From 21fcd86115d3c0b15766386651059ea379f9cf79 Mon Sep 17 00:00:00 2001 From: Christoph Date: Fri, 28 Jun 2019 02:28:50 +0200 Subject: [PATCH] Initial commit --- .gitignore | 1 + DOC/README.ad-hoc | 21 + DOC/README.check-if-empty | 33 + DOC/README.disable-root-login | 12 + DOC/README.gather-facts | 8 + DOC/README.troubleshooting | 44 + ansible-dependencies-sudo.yml | 8 + ansible-dependencies.yml | 15 + ansible.cfg | 44 + common.yml | 20 + extra-run.yml | 6 + files/homedirs/axel/_bashrc | 117 +++ files/homedirs/axel/_profile | 30 + files/homedirs/axel/_vimrc | 177 ++++ files/homedirs/back/_bashrc | 113 +++ files/homedirs/back/_profile | 30 + files/homedirs/back/_vimrc | 173 ++++ files/homedirs/chris/_bashrc | 113 +++ files/homedirs/chris/_profile | 30 + files/homedirs/chris/_vimrc | 173 ++++ files/homedirs/root/_bashrc | 75 ++ files/homedirs/root/_profile | 24 + files/homedirs/root/_vimrc | 173 ++++ files/homedirs/sysadm/_bashrc | 75 ++ files/homedirs/sysadm/_profile | 24 + files/homedirs/sysadm/_vimrc | 173 ++++ files/homedirs/webadmin/_bashrc | 117 +++ files/homedirs/webadmin/_profile | 30 + files/homedirs/webadmin/_vimrc | 177 ++++ group_vars/all/main.yml | 514 ++++++++++ group_vars/all/vars.yml.sample | 68 ++ group_vars/apache2_webserver.yml | 63 ++ group_vars/backup_server.yml | 72 ++ group_vars/caching_nameserver.yml | 70 ++ group_vars/lxc_host.yml | 72 ++ group_vars/mail_server.yml | 63 ++ group_vars/mysql_server.yml | 61 ++ group_vars/oopen_server.yml | 124 +++ group_vars/postgresql_server.yml | 70 ++ group_vars/warenform_office | 135 +++ group_vars/warenform_server.yml | 136 +++ group_vars/webadmin.yml | 98 ++ host_vars/anita.wf.netz.yml | 110 +++ host_vars/nscache.oopen.de.yml | 94 ++ host_vars/o25.oopen.de.yml | 94 ++ host_vars/site36.net | 164 ++++ hosts | 882 ++++++++++++++++++ initial-setup-sudo.yml | 13 + initial-setup.yml | 26 + network-setup.yml | 6 + open_the_vault.sh | 38 + roles/ansible_dependencies/tasks/main.yml | 63 ++ roles/ansible_user/tasks/main.yml | 35 + .../files/root/.ssh/id_ed25519.oopen-server | 25 + .../root/.ssh/id_ed25519.oopen-server.pub | 1 + .../root/.ssh/id_ed25519.warenform-office | 25 + .../root/.ssh/id_ed25519.warenform-office.pub | 1 + .../root/.ssh/id_ed25519.warenform-server | 25 + .../root/.ssh/id_ed25519.warenform-server.pub | 1 + .../files/root/.ssh/id_rsa.backup.oopen.de | 89 ++ .../root/.ssh/id_rsa.backup.oopen.de.pub | 1 + .../files/root/.ssh/id_rsa.backup.so36.net | 89 ++ .../root/.ssh/id_rsa.backup.so36.net.pub | 1 + .../root/.ssh/id_rsa.backup.warenform.de | 89 ++ .../root/.ssh/id_rsa.backup.warenform.de.pub | 1 + .../common/files/root/.ssh/id_rsa.devel-root | 167 ++++ .../files/root/.ssh/id_rsa.devel-root.pub | 1 + .../.ssh/id_ed25519-webadmin.warenform | 25 + .../.ssh/id_ed25519-webadmin.warenform.pub | 1 + roles/common/handlers/main.yml | 27 + roles/common/tasks/apt.yml | 206 ++++ roles/common/tasks/basic.yml | 46 + roles/common/tasks/caching-nameserver.yml | 83 ++ roles/common/tasks/git.yml | 237 +++++ roles/common/tasks/main.yml | 110 +++ roles/common/tasks/sshd.yml | 28 + roles/common/tasks/sudoers.yml | 57 ++ roles/common/tasks/users-systemfiles.yml | 139 +++ roles/common/tasks/users.yml | 180 ++++ roles/common/tasks/webadmin-user.yml | 196 ++++ .../templates/etc/apt/sources.list.Debian.j2 | 28 + .../templates/etc/bind/named.conf.options.j2 | 106 +++ roles/common/templates/etc/ssh/sshd_config.j2 | 286 ++++++ .../common/templates/etc/sudoers.d/50-user.j2 | 84 ++ roles/common/templates/etc/sudoers.j2 | 53 ++ roles/common/templates/var/www/.ssh/config.j2 | 8 + roles/common/vars/git-debian.yml | 218 +++++ roles/common/vars/sudoers-debian.yml | 87 ++ roles/network_interfaces/README.md | 94 ++ roles/network_interfaces/defaults/main.yml | 13 + roles/network_interfaces/tasks/interfaces.yml | 59 ++ roles/network_interfaces/tasks/main.yml | 14 + roles/network_interfaces/tasks/packages.yml | 8 + .../etc/network/interfaces.d/device.j2 | 95 ++ .../templates/etc/network/interfaces.j2 | 24 + scripts/first-run.retry | 1 + scripts/first-run.yml | 11 + scripts/reset_root_passwd.yml | 11 + scripts/reset_user_passwd.yml | 34 + scripts/set-permission-user-back.yml | 17 + scripts/set-permission-user-sysadm.yml | 17 + scripts/test.yml | 19 + scripts/update-deb-repositories.yml | 7 + scripts/update-git-repositories.yml | 7 + test.yml | 14 + upgrade.yml | 53 ++ webserver.yml | 20 + 107 files changed, 8346 insertions(+) create mode 100644 .gitignore create mode 100644 DOC/README.ad-hoc create mode 100644 DOC/README.check-if-empty create mode 100644 DOC/README.disable-root-login create mode 100644 DOC/README.gather-facts create mode 100644 DOC/README.troubleshooting create mode 100644 ansible-dependencies-sudo.yml create mode 100644 ansible-dependencies.yml create mode 100644 ansible.cfg create mode 100644 common.yml create mode 100644 extra-run.yml create mode 100644 files/homedirs/axel/_bashrc create mode 100644 files/homedirs/axel/_profile create mode 100644 files/homedirs/axel/_vimrc create mode 100644 files/homedirs/back/_bashrc create mode 100644 files/homedirs/back/_profile create mode 100644 files/homedirs/back/_vimrc create mode 100644 files/homedirs/chris/_bashrc create mode 100644 files/homedirs/chris/_profile create mode 100644 files/homedirs/chris/_vimrc create mode 100644 files/homedirs/root/_bashrc create mode 100644 files/homedirs/root/_profile create mode 100644 files/homedirs/root/_vimrc create mode 100644 files/homedirs/sysadm/_bashrc create mode 100644 files/homedirs/sysadm/_profile create mode 100644 files/homedirs/sysadm/_vimrc create mode 100644 files/homedirs/webadmin/_bashrc create mode 100644 files/homedirs/webadmin/_profile create mode 100644 files/homedirs/webadmin/_vimrc create mode 100644 group_vars/all/main.yml create mode 100644 group_vars/all/vars.yml.sample create mode 100644 group_vars/apache2_webserver.yml create mode 100644 group_vars/backup_server.yml create mode 100644 group_vars/caching_nameserver.yml create mode 100644 group_vars/lxc_host.yml create mode 100644 group_vars/mail_server.yml create mode 100644 group_vars/mysql_server.yml create mode 100644 group_vars/oopen_server.yml create mode 100644 group_vars/postgresql_server.yml create mode 100644 group_vars/warenform_office create mode 100644 group_vars/warenform_server.yml create mode 100644 group_vars/webadmin.yml create mode 100644 host_vars/anita.wf.netz.yml create mode 100644 host_vars/nscache.oopen.de.yml create mode 100644 host_vars/o25.oopen.de.yml create mode 100644 host_vars/site36.net create mode 100644 hosts create mode 100644 initial-setup-sudo.yml create mode 100644 initial-setup.yml create mode 100644 network-setup.yml create mode 100755 open_the_vault.sh create mode 100644 roles/ansible_dependencies/tasks/main.yml create mode 100644 roles/ansible_user/tasks/main.yml create mode 100644 roles/common/files/root/.ssh/id_ed25519.oopen-server create mode 100644 roles/common/files/root/.ssh/id_ed25519.oopen-server.pub create mode 100644 roles/common/files/root/.ssh/id_ed25519.warenform-office create mode 100644 roles/common/files/root/.ssh/id_ed25519.warenform-office.pub create mode 100644 roles/common/files/root/.ssh/id_ed25519.warenform-server create mode 100644 roles/common/files/root/.ssh/id_ed25519.warenform-server.pub create mode 100644 roles/common/files/root/.ssh/id_rsa.backup.oopen.de create mode 100644 roles/common/files/root/.ssh/id_rsa.backup.oopen.de.pub create mode 100644 roles/common/files/root/.ssh/id_rsa.backup.so36.net create mode 100644 roles/common/files/root/.ssh/id_rsa.backup.so36.net.pub create mode 100644 roles/common/files/root/.ssh/id_rsa.backup.warenform.de create mode 100644 roles/common/files/root/.ssh/id_rsa.backup.warenform.de.pub create mode 100644 roles/common/files/root/.ssh/id_rsa.devel-root create mode 100644 roles/common/files/root/.ssh/id_rsa.devel-root.pub create mode 100644 roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform create mode 100644 roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform.pub create mode 100644 roles/common/handlers/main.yml create mode 100644 roles/common/tasks/apt.yml create mode 100644 roles/common/tasks/basic.yml create mode 100644 roles/common/tasks/caching-nameserver.yml create mode 100644 roles/common/tasks/git.yml create mode 100644 roles/common/tasks/main.yml create mode 100644 roles/common/tasks/sshd.yml create mode 100644 roles/common/tasks/sudoers.yml create mode 100644 roles/common/tasks/users-systemfiles.yml create mode 100644 roles/common/tasks/users.yml create mode 100644 roles/common/tasks/webadmin-user.yml create mode 100644 roles/common/templates/etc/apt/sources.list.Debian.j2 create mode 100644 roles/common/templates/etc/bind/named.conf.options.j2 create mode 100644 roles/common/templates/etc/ssh/sshd_config.j2 create mode 100644 roles/common/templates/etc/sudoers.d/50-user.j2 create mode 100644 roles/common/templates/etc/sudoers.j2 create mode 100644 roles/common/templates/var/www/.ssh/config.j2 create mode 100644 roles/common/vars/git-debian.yml create mode 100644 roles/common/vars/sudoers-debian.yml create mode 100644 roles/network_interfaces/README.md create mode 100644 roles/network_interfaces/defaults/main.yml create mode 100644 roles/network_interfaces/tasks/interfaces.yml create mode 100644 roles/network_interfaces/tasks/main.yml create mode 100644 roles/network_interfaces/tasks/packages.yml create mode 100644 roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 create mode 100644 roles/network_interfaces/templates/etc/network/interfaces.j2 create mode 100644 scripts/first-run.retry create mode 100644 scripts/first-run.yml create mode 100644 scripts/reset_root_passwd.yml create mode 100644 scripts/reset_user_passwd.yml create mode 100644 scripts/set-permission-user-back.yml create mode 100644 scripts/set-permission-user-sysadm.yml create mode 100644 scripts/test.yml create mode 100644 scripts/update-deb-repositories.yml create mode 100644 scripts/update-git-repositories.yml create mode 100644 test.yml create mode 100644 upgrade.yml create mode 100644 webserver.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/DOC/README.ad-hoc b/DOC/README.ad-hoc new file mode 100644 index 0000000..bd963d0 --- /dev/null +++ b/DOC/README.ad-hoc @@ -0,0 +1,21 @@ +# ---- +# Execute 'ad-hoc' command through ansible with extended privileges +# --- + +ansibl all --become --become-method sudo --ask-become-pass -a 'whoami' + +ansible all --become --become-method sudo --ask-become-pass -a 'uptime' + +# - Note: +# - alternatively, you can out the following entrie into your 'ansible-cfg' file: +# - +# - [privilege_escalation] +# - become=True +# - become_method=sudo +# - become_ask_pass=True +# - +# - Now you can omit the the 'becom' flags: +# - +ansible all -a 'whoami' +ansible all -a 'uptime' + diff --git a/DOC/README.check-if-empty b/DOC/README.check-if-empty new file mode 100644 index 0000000..a020f5a --- /dev/null +++ b/DOC/README.check-if-empty @@ -0,0 +1,33 @@ + + +# - Ansible List +# - +# - Python lists have a truthiness of False when empty. So you +# - can use: +# - when: +# - +# - Example: +# - root_user: {} or +# - root_user: +# - - value1 +# - - value2 +# - +# - Check if list 'root_user' is empty: +# - when: root_user + + +# - Ansible Array /Scalar +# - +# - use: +# - when is defined and .lenght > 0 +# - +# - Example: +# - apt_lxc_host_pkgs: [] +# - apt_lxc_host_pkgs: +# - - bridge-utils +# - - lxc +# - - btrfs-tools +# - - lua5.3 +# - +# - Check if list 'apt_lxc_host_pkgs'' is empty: +# - when: apt_lxc_host_pkgs is defined and apt_lxc_host_pkgs.length > 0 diff --git a/DOC/README.disable-root-login b/DOC/README.disable-root-login new file mode 100644 index 0000000..b08639b --- /dev/null +++ b/DOC/README.disable-root-login @@ -0,0 +1,12 @@ + handlers: + - name: "Restart sshd" + service: + name: "sshd" + state: "restarted" + + - name: "Disable root login via SSH" + lineinfile: + dest: "/etc/ssh/sshd_config" + regexp: "^PermitRootLogin" + line: "PermitRootLogin no" + notify: "Restart sshd" diff --git a/DOC/README.gather-facts b/DOC/README.gather-facts new file mode 100644 index 0000000..2317374 --- /dev/null +++ b/DOC/README.gather-facts @@ -0,0 +1,8 @@ +# ---- +# Execute 'ad-hoc' command to gather available 'facts' +# --- + +ansible test.mx.oopen.de -m setup + + +ansible test.mx.oopen.de -m setup -a "filter=*distribution*" diff --git a/DOC/README.troubleshooting b/DOC/README.troubleshooting new file mode 100644 index 0000000..758cda6 --- /dev/null +++ b/DOC/README.troubleshooting @@ -0,0 +1,44 @@ +# ========== +# running command: Troubleshooting, Tips, and Tricks +# ========== + +see also: https://ansible-tips-and-tricks.readthedocs.io/en/latest/ansible/commands/ + + +# --- +# - Busted Cache +# --- + +# Sometimes Ansible has a tendency to hold on to variables too long, which causes +# Ansible to think that a task/operation had already been done or changed when in +# fact it didn't. +# +# A simple fix is to flush the redis cache during a code execution. +# +# This can be done like this: +# +ansible-playbook playbooks/PLAYBOOK_NAME.yml --flush-cache + + +# --- +# - Check for bad syntax +# --- + +# One can check to see if code contains any syntax errors by running the playbook. +# +# Check for bad syntax: +# +ansible-playbook playbooks/PLAYBOOK_NAME.yml --syntax-check + + +# --- +# - Running a playbook in dry-run mode +# --- + +# Sometimes it can be useful to see what Ansible might do, but without actually +# changing anything. +# +# One can run in dry-run mode like this: +# +ansible-playbook playbooks/PLAYBOOK_NAME.yml --check + diff --git a/ansible-dependencies-sudo.yml b/ansible-dependencies-sudo.yml new file mode 100644 index 0000000..98ba18c --- /dev/null +++ b/ansible-dependencies-sudo.yml @@ -0,0 +1,8 @@ +--- + +- hosts: initial_setup + gather_facts: false + + roles: + - ansible_dependencies + - ansible_user diff --git a/ansible-dependencies.yml b/ansible-dependencies.yml new file mode 100644 index 0000000..1f1d107 --- /dev/null +++ b/ansible-dependencies.yml @@ -0,0 +1,15 @@ +--- + +- hosts: initial_setup + remote_user: root + become: false + gather_facts: false + + vars_prompt: + + - name: ansible_ssh_pass + prompt: "Give root's password here" + + roles: + - ansible_dependencies + - ansible_user diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..7f804ec --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,44 @@ +# config file for ansible -- http://ansible.com/ +# ============================================== +# exmaple:https://raw.github.com/ansible/ansible/devel/examples/ansible.cfg +# +# nearly all parameters can be overridden in ansible-playbook +# or with command line flags. ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory or /etc/ansible/ansible.cfg, whichever it +# finds first + + +[defaults] +#ansible_managed = ** Ansible managed: DO NOT EDIT DIRECTLY ** +ansible_managed = ############################################ # + # -------------------------- # + # ** DO NOT EDIT DIRECTLY ** # + # -------------------------- # + # Ansible managed file # + # ############################################ # +#gathering = smart +#fact_caching = jsonfile +#fact_caching_connection = ~/.cache/ +#fact_caching_timeout = 86400 +#forks = 20 +inventory = ./hosts +remote_user = chris +roles_path = ./roles +vault_password_file = open_the_vault.sh +#retry_files_enabled = False +#allow_world_readable_tmpfiles = True +#interpreter_python: auto +interpreter_python: /usr/bin/python3 + +[privilege_escalation] +become=True +become_method=sudo +become_ask_pass=True + +[ssh_connection] + +# By default, this option is disabled to preserve compatibility with +# sudoers configurations that have requiretty (the default on many distros). +# +#pipelining = True diff --git a/common.yml b/common.yml new file mode 100644 index 0000000..016774b --- /dev/null +++ b/common.yml @@ -0,0 +1,20 @@ +--- + +# Intended to be run once for every new server to secure the ssh connection allowing the team access +# with their public keys. This script will lock itself out from every server it is run on. +# Further playbooks are intended to be run by logging in as one of the created users. +# It also ensures python2 is installed as it's necessary for the modules used in this playbook at +# the time of this writing. + +# The used login data depends on the used server provider. In most cases the ansible_user will be +# root, but we can't safely assume anything. +# The following line is an example for securing a new vagrant maching, after running `vagrant up`: +# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key' +# For real providers it could look like: +# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa' +# If you don't have a ssh-key on the server and the server expects password authentication use: +# ansible-playbook first_run.yml -i hosts -u root --ask-pass + +- hosts: all + roles: + - common diff --git a/extra-run.yml b/extra-run.yml new file mode 100644 index 0000000..90eecdc --- /dev/null +++ b/extra-run.yml @@ -0,0 +1,6 @@ +--- + +- hosts: extra_hosts + + roles: + - common diff --git a/files/homedirs/axel/_bashrc b/files/homedirs/axel/_bashrc new file mode 100644 index 0000000..da71b98 --- /dev/null +++ b/files/homedirs/axel/_bashrc @@ -0,0 +1,117 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return + +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups +# ... or force ignoredups and ignorespace +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# some more ls aliases +alias ll='ls -l' +alias la='ls -A' +alias l='ls -CF' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if [ -f /etc/bash_completion ] && ! shopt -oq posix; then + . /etc/bash_completion +fi + +export EDITOR=vim + +## - set beep more quiet +## - +#xset b 10 500 50 + +### eigene definitionen +set ruler +set paste +set number +set shiftwidth=4 +set tabstop=4 + diff --git a/files/homedirs/axel/_profile b/files/homedirs/axel/_profile new file mode 100644 index 0000000..edc7a33 --- /dev/null +++ b/files/homedirs/axel/_profile @@ -0,0 +1,30 @@ +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. + +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +#. /usr/lib/mc/bin/mc.sh +. /usr/share/mc/bin/mc.sh + diff --git a/files/homedirs/axel/_vimrc b/files/homedirs/axel/_vimrc new file mode 100644 index 0000000..7eae287 --- /dev/null +++ b/files/homedirs/axel/_vimrc @@ -0,0 +1,177 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set noexpandtab +set shiftwidth=4 +set tabstop=4 +set softtabstop=4 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround +set number + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue + +colorscheme PaperColor diff --git a/files/homedirs/back/_bashrc b/files/homedirs/back/_bashrc new file mode 100644 index 0000000..e6124f0 --- /dev/null +++ b/files/homedirs/back/_bashrc @@ -0,0 +1,113 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return + +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups +# ... or force ignoredups and ignorespace +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi +__hostname="$(hostname -f)" +__hostname="${__hostname%.*}" +__hostname="${__hostname%.*}" +if [ "$color_prompt" = yes ]; then + #PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@${__hostname}:\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + #PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' + PS1='${debian_chroot:+($debian_chroot)}\u@${__hostname}:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# some more ls aliases +alias ll='ls -l' +alias la='ls -A' +alias l='ls -CF' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if [ -f /etc/bash_completion ] && ! shopt -oq posix; then + . /etc/bash_completion +fi + +export EDITOR=vim + +## - set beep more quiet +## - +#xset b 10 500 50 diff --git a/files/homedirs/back/_profile b/files/homedirs/back/_profile new file mode 100644 index 0000000..edc7a33 --- /dev/null +++ b/files/homedirs/back/_profile @@ -0,0 +1,30 @@ +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. + +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +#. /usr/lib/mc/bin/mc.sh +. /usr/share/mc/bin/mc.sh + diff --git a/files/homedirs/back/_vimrc b/files/homedirs/back/_vimrc new file mode 100644 index 0000000..0bf54d9 --- /dev/null +++ b/files/homedirs/back/_vimrc @@ -0,0 +1,173 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set shiftwidth=3 +set tabstop=3 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue + diff --git a/files/homedirs/chris/_bashrc b/files/homedirs/chris/_bashrc new file mode 100644 index 0000000..e6124f0 --- /dev/null +++ b/files/homedirs/chris/_bashrc @@ -0,0 +1,113 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return + +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups +# ... or force ignoredups and ignorespace +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi +__hostname="$(hostname -f)" +__hostname="${__hostname%.*}" +__hostname="${__hostname%.*}" +if [ "$color_prompt" = yes ]; then + #PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@${__hostname}:\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + #PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' + PS1='${debian_chroot:+($debian_chroot)}\u@${__hostname}:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# some more ls aliases +alias ll='ls -l' +alias la='ls -A' +alias l='ls -CF' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if [ -f /etc/bash_completion ] && ! shopt -oq posix; then + . /etc/bash_completion +fi + +export EDITOR=vim + +## - set beep more quiet +## - +#xset b 10 500 50 diff --git a/files/homedirs/chris/_profile b/files/homedirs/chris/_profile new file mode 100644 index 0000000..edc7a33 --- /dev/null +++ b/files/homedirs/chris/_profile @@ -0,0 +1,30 @@ +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. + +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +#. /usr/lib/mc/bin/mc.sh +. /usr/share/mc/bin/mc.sh + diff --git a/files/homedirs/chris/_vimrc b/files/homedirs/chris/_vimrc new file mode 100644 index 0000000..0bf54d9 --- /dev/null +++ b/files/homedirs/chris/_vimrc @@ -0,0 +1,173 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set shiftwidth=3 +set tabstop=3 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue + diff --git a/files/homedirs/root/_bashrc b/files/homedirs/root/_bashrc new file mode 100644 index 0000000..8f08932 --- /dev/null +++ b/files/homedirs/root/_bashrc @@ -0,0 +1,75 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. + +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups +# ... or force ignoredups and ignorespace +export HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + + +# Note: PS1 and umask are already set in /etc/profile. You should not +# need this unless you want different defaults for root. +# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ ' +# umask 022 +#export PS1='\h:\w \$ ' +__hostname="$(hostname -f)" +__hostname="${__hostname%.*}" +__hostname="${__hostname%.*}" +export PS1='${__hostname}:\w \$ ' +umask 022 + + +# You may uncomment the following lines if you want `ls' to be colorized: +export LS_OPTIONS='--color=auto' +eval "`dircolors`" +alias ls='ls $LS_OPTIONS' +alias ll='ls $LS_OPTIONS -l' +alias la='ls $LS_OPTIONS -al' +alias l='ls $LS_OPTIONS -lA' +# +# Some more alias to avoid making mistakes: +#alias rm='rm -i' +#alias cp='cp -i' +#alias mv='mv -i' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + + +alias poweroff='echo -e "\n\tplease use: /sbin/poweroff\n"' +alias reboot='echo -e "\n\tplease use: /sbin/reboot\n"' + + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if [ -f /etc/bash_completion ] && ! shopt -oq posix; then + . /etc/bash_completion +fi + + +export EDITOR=vim + +export LINES=64 + +## - set beep more quiet +## - +#xset b 10 500 50 diff --git a/files/homedirs/root/_profile b/files/homedirs/root/_profile new file mode 100644 index 0000000..1a97c71 --- /dev/null +++ b/files/homedirs/root/_profile @@ -0,0 +1,24 @@ +# ~/.profile: executed by Bourne-compatible login shells. + +if [ "$BASH" ]; then + if [ -f ~/.bashrc ]; then + . ~/.bashrc + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi +if [ -d "$HOME/bin/admin-stuff" ] ; then + PATH="$HOME/bin/admin-stuff:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +# . /usr/lib/mc/bin/mc.sh +. /usr/share/mc/bin/mc.sh + +mesg n diff --git a/files/homedirs/root/_vimrc b/files/homedirs/root/_vimrc new file mode 100644 index 0000000..0bf54d9 --- /dev/null +++ b/files/homedirs/root/_vimrc @@ -0,0 +1,173 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set shiftwidth=3 +set tabstop=3 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue + diff --git a/files/homedirs/sysadm/_bashrc b/files/homedirs/sysadm/_bashrc new file mode 100644 index 0000000..98fc5e6 --- /dev/null +++ b/files/homedirs/sysadm/_bashrc @@ -0,0 +1,75 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. + +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups +# ... or force ignoredups and ignorespace +export HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + + +# Note: PS1 and umask are already set in /etc/profile. You should not +# need this unless you want different defaults for root. +# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ ' +# umask 022 +#export PS1='\h:\w \$ ' +__hostname="$(hostname -f)" +__hostname="${__hostname%.*}" +__hostname="${__hostname%.*}" +export PS1='${__hostname%.*}:\w \$ ' +umask 022 + + +# You may uncomment the following lines if you want `ls' to be colorized: +export LS_OPTIONS='--color=auto' +eval "`dircolors`" +alias ls='ls $LS_OPTIONS' +alias ll='ls $LS_OPTIONS -l' +alias la='ls $LS_OPTIONS -al' +alias l='ls $LS_OPTIONS -lA' +# +# Some more alias to avoid making mistakes: +#alias rm='rm -i' +#alias cp='cp -i' +#alias mv='mv -i' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + + +alias poweroff='echo -e "\n\tplease use: /sbin/poweroff\n"' +alias reboot='echo -e "\n\tplease use: /sbin/reboot\n"' + + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if [ -f /etc/bash_completion ] && ! shopt -oq posix; then + . /etc/bash_completion +fi + + +export EDITOR=vim + +export LINES=64 + +## - set beep more quiet +## - +#xset b 10 500 50 diff --git a/files/homedirs/sysadm/_profile b/files/homedirs/sysadm/_profile new file mode 100644 index 0000000..1a97c71 --- /dev/null +++ b/files/homedirs/sysadm/_profile @@ -0,0 +1,24 @@ +# ~/.profile: executed by Bourne-compatible login shells. + +if [ "$BASH" ]; then + if [ -f ~/.bashrc ]; then + . ~/.bashrc + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi +if [ -d "$HOME/bin/admin-stuff" ] ; then + PATH="$HOME/bin/admin-stuff:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +# . /usr/lib/mc/bin/mc.sh +. /usr/share/mc/bin/mc.sh + +mesg n diff --git a/files/homedirs/sysadm/_vimrc b/files/homedirs/sysadm/_vimrc new file mode 100644 index 0000000..0bf54d9 --- /dev/null +++ b/files/homedirs/sysadm/_vimrc @@ -0,0 +1,173 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set shiftwidth=3 +set tabstop=3 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue + diff --git a/files/homedirs/webadmin/_bashrc b/files/homedirs/webadmin/_bashrc new file mode 100644 index 0000000..da71b98 --- /dev/null +++ b/files/homedirs/webadmin/_bashrc @@ -0,0 +1,117 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return + +# don't put duplicate lines in the history. See bash(1) for more options +# don't overwrite GNU Midnight Commander's setting of `ignorespace'. +HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups +# ... or force ignoredups and ignorespace +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# some more ls aliases +alias ll='ls -l' +alias la='ls -A' +alias l='ls -CF' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if [ -f /etc/bash_completion ] && ! shopt -oq posix; then + . /etc/bash_completion +fi + +export EDITOR=vim + +## - set beep more quiet +## - +#xset b 10 500 50 + +### eigene definitionen +set ruler +set paste +set number +set shiftwidth=4 +set tabstop=4 + diff --git a/files/homedirs/webadmin/_profile b/files/homedirs/webadmin/_profile new file mode 100644 index 0000000..edc7a33 --- /dev/null +++ b/files/homedirs/webadmin/_profile @@ -0,0 +1,30 @@ +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. + +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +#. /usr/lib/mc/bin/mc.sh +. /usr/share/mc/bin/mc.sh + diff --git a/files/homedirs/webadmin/_vimrc b/files/homedirs/webadmin/_vimrc new file mode 100644 index 0000000..7eae287 --- /dev/null +++ b/files/homedirs/webadmin/_vimrc @@ -0,0 +1,177 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set noexpandtab +set shiftwidth=4 +set tabstop=4 +set softtabstop=4 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround +set number + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue + +colorscheme PaperColor diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml new file mode 100644 index 0000000..f86d6ba --- /dev/null +++ b/group_vars/all/main.yml @@ -0,0 +1,514 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + +apt_ansible_dependencies: + - python + - python-apt + - python3 + - python3-apt + - lsb-release + - vim + + +# --- +# vars used by roles/ansible_user +# --- + +ansible_remote_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + +time_zone: Europe/Berlin + +locales: + - en_US.UTF-8 + - de_DE.UTF-8 + +set_default_limit_nofile: false + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_ports: + - 22 + +sshd_listen_address: + - '::' + - '0.0.0.0' + +sshd_host_keys: + - /etc/ssh/ssh_host_rsa_key + - /etc/ssh/ssh_host_ecdsa_key + - /etc/ssh/ssh_host_ed25519_key + +sshd_permit_root_login: !!str "no" + +sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2" + +sshd_pubkey_authentication: !!str "yes" + +sshd_password_authentication: !!str "no" + +sshd_print_motd: !!str "no" + +sshd_use_dns: !!str "no" + + +# --- +# vars used by apt.yml +# --- + +apt_manage_sources_list: true + +apt_src_enable: true +apt_backports_enable: true + +apt_debian_mirror: http://ftp.de.debian.org/debian/ +apt_debian_contrib_nonfree_enable: true + +apt_update_cache_valid_time: 3600 + +apt_upgrade: true +apt_update: true + +apt_clean: true +apt_autoremove: true + +apt_dpkg_configure: true +apt_upgrade_type: dist +apt_upgrade_dpkg_options: + - force-confdef + - force-confold + +apt_initial_install_stretch: + - openssh-server + - rssh + - vim + - vim-common + - vim-doc + - mc + - screen + - tmux + - bc + - figlet + - rcconf + - sudo + - rsync + - dselect + - iputils-ping + - apt-utils + - aptitude + - apt-transport-https + - zip + - unzip + - bzip2 + - arj + - locate + - curl + - gawk + - mawk + - lynx + - links + - w3m + - exuberant-ctags + - mime-support + - file + - coreutils + - moreutils + - less + - realpath + - sipcalc + - psmisc + - dnsutils + - rblcheck + - whois + - gettext + - gettext-base + - gettext-doc + - debian-keyring + - patch + - patchutils + - recode + - recode-doc + - librecode0 + - librecode-dev + - sharutils + - perl + - perl-modules-5.24 + - perl-doc + - libperl-dev + - libterm-readline-gnu-perl + - libterm-readline-perl-perl + - libterm-readkey-perl + - libmail-imapclient-perl + - libtime-duration-perl + - libtimedate-perl + - libwww-perl + - libpcre3 + - libreadline5 + - re2c + - util-linux + - parted + - lshw + - gdisk + - smartmontools + - tcpdump + - telnet + - unhide + - lsof + - hdparm + - groff + - iproute2 + - bridge-utils + - vlan + - ethtool + - wipe + - iperf + - mtr + - iptraf + - wget + - logrotate + - rsyslog + - haveged + - rdate + - ntpdate + - wipe + - man-db + - groff + - iptables + - shellcheck + - ssl-cert + - ssl-cert-check + - git + - ftp + - htop + - net-tools + - lsb-release + - attr + - acl + - quota + - quotatool + - needrestart + +apt_initial_install_buster: + - openssh-server + - rush + - vim + - vim-common + - vim-doc + - mc + - screen + - tmux + - bc + - figlet + - rcconf + - sudo + - rsync + - dselect + - iputils-ping + - apt-utils + - aptitude + - apt-transport-https + - zip + - unzip + - bzip2 + - arj + - locate + - curl + - gawk + - mawk + - lynx + - links + - w3m + - ctags + - mime-support + - file + - coreutils + - moreutils + - less + - sipcalc + - psmisc + - dnsutils + - rblcheck + - whois + - gettext + - gettext-base + - gettext-doc + - debian-keyring + - patch + - patchutils + - recode + - recode-doc + - librecode0 + - librecode-dev + - sharutils + - perl + - perl-modules-5.28 + - perl-doc + - libperl-dev + - libterm-readline-gnu-perl + - libterm-readline-perl-perl + - libterm-readkey-perl + - libmail-imapclient-perl + - libtime-duration-perl + - libtimedate-perl + - libwww-perl + - libpcre3 + - libio-compress-perl + - libreadline5 + - re2c + - util-linux + - parted + - lshw + - gdisk + - smartmontools + - tcpdump + - telnet + - unhide + - lsof + - hdparm + - groff + - iproute2 + - bridge-utils + - vlan + - ethtool + - wipe + - iperf + - mtr + - iptraf + - wget + - logrotate + - rsyslog + - haveged + - rdate + - ntpdate + - wipe + - man + - groff + - iptables + - shellcheck + - ssl-cert + - ssl-cert-check + - git + - ftp + - htop + - net-tools + - lsb-release + - attr + - acl + - quota + - quotatool + - needrestart + +apt_install_compiler_pkgs: false +apt_compiler_pkgs: + - g++ + - g++-multilib + - gcc + - gcc-multilib + - cpp + - make + - automake + - autoconf + - libtool + - flex + - bison + - gettext + - pkg-config + - gnu-standards + - libssl-dev + - libreadline-dev + - libncurses-dev + - libsystemd-dev + - libnss3-dev + - python-dev + +apt_install_webserver_pkgs: false +apt_webserver_pkgs: + - libdb-dev + - zlib1g + - zlib1g-dev + - libssl-dev + - libneon27-dev + - libxml2 + - libxml2-dev + - curl + - libcurl4-openssl-dev + - libqdbm-dev + - libgdbm-dev + - libpspell-dev + - libjpeg-dev + - libpng-dev + - libxpm-dev + - libfreetype6-dev + - libwmf-dev + - libtiff-dev + - libpaper-dev + - libmagic-dev + - libgraphics-magick-perl + - libgraphicsmagick++1-dev + - libgraphicsmagick-q16-3 + - libgraphicsmagick1-dev + - libgraphviz-dev + - libcroco3-dev + - libgsf-1-dev + - libilmbase-dev + - libvpx-dev + - vpx-tools + - libgpm-dev + - libkpathsea-dev + - libopenexr-dev + - librsvg2-dev + - libdjvulibre-dev + - libatm-dev + - libexpat-dev + - imagemagick + - graphicsmagick + - exif + - libexiv2-dev + - re2c + - netpbm + - libnetpbm10-dev + - libmcrypt-dev + - mcrypt + - default-libmysqlclient-dev + - libpq-dev + - postgresql-client + - libreadline-dev + - libncurses-dev + - libdb5.3 + - libdb5.3++ + - libdb5.3++-dev + - libdb5.3-dev + - libxslt1-dev + - libpcre3-dev + - libc-client2007e-dev + - libc-client-dev + - libicu-dev + - libtidy-dev + - libmm-dev + - libgmp-dev + - libkrb5-dev + - libldap-dev + - libmhash-dev + - libgd-dev + - liblua5.3-dev + - libapr1-dev + - libaprutil1-dev + - libsctp-dev + - libcrypto++-dev + - ffmpeg + - libmagickwand-dev + - libgeoip-dev + - tk-dev + - tcl-dev + - tclreadline + - expect + - expect-dev + - libexpect-perl + +apt_install_postgresql_pkgs: false +apt_postgresql_pkgs: + - postgresql + +apt_install_bind9_packages: false +apt_bind9_pkgs: + - bind9 + +apt_install_lxc_host_pkgs: false +apt_lxc_host_pkgs: + - bridge-utils + - lxc + - btrfs-tools + - lua5.3 + +apt_install: {} +apt_install_state: latest + +apt_remove: + - rpcbind + +apt_remove_purge: false + +microcode_package: intel-microcode + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +insert_ssh_keypair_backup_server: false + +ssh_keypair_backup_server: {} + +insert_root_ssh_keypair: false + +root_ssh_keypair: {} + +default_user: {} + +extra_user: {} + +sudo_users: {} + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + +insert_webadmin_ssh_keypair: false + +webadmin_ssh_keypair: {} + +webadmin_user: {} + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +acl_caching_nameserver: {} + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: {} diff --git a/group_vars/all/vars.yml.sample b/group_vars/all/vars.yml.sample new file mode 100644 index 0000000..8ef5fca --- /dev/null +++ b/group_vars/all/vars.yml.sample @@ -0,0 +1,68 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/group_vars/apache2_webserver.yml b/group_vars/apache2_webserver.yml new file mode 100644 index 0000000..aa5117c --- /dev/null +++ b/group_vars/apache2_webserver.yml @@ -0,0 +1,63 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by apt.yml +# --- + +apt_install_compiler_pkgs: true + +apt_install_webserver_pkgs: true + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars diff --git a/group_vars/backup_server.yml b/group_vars/backup_server.yml new file mode 100644 index 0000000..cb22c33 --- /dev/null +++ b/group_vars/backup_server.yml @@ -0,0 +1,72 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: prohibit-password + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + +insert_ssh_keypair_backup_server: true + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/group_vars/caching_nameserver.yml b/group_vars/caching_nameserver.yml new file mode 100644 index 0000000..8f6b972 --- /dev/null +++ b/group_vars/caching_nameserver.yml @@ -0,0 +1,70 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +apt_install_bind9_packages: true + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/group_vars/lxc_host.yml b/group_vars/lxc_host.yml new file mode 100644 index 0000000..fab14d0 --- /dev/null +++ b/group_vars/lxc_host.yml @@ -0,0 +1,72 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + +set_default_limit_nofile: true + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + +apt_install_lxc_host_pkgs: true + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/group_vars/mail_server.yml b/group_vars/mail_server.yml new file mode 100644 index 0000000..9603898 --- /dev/null +++ b/group_vars/mail_server.yml @@ -0,0 +1,63 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + +apt_install_compiler_pkgs: true + +apt_install_postgresql_pkgs: true + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars diff --git a/group_vars/mysql_server.yml b/group_vars/mysql_server.yml new file mode 100644 index 0000000..b899451 --- /dev/null +++ b/group_vars/mysql_server.yml @@ -0,0 +1,61 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + +apt_install_compiler_pkgs: true + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars diff --git a/group_vars/oopen_server.yml b/group_vars/oopen_server.yml new file mode 100644 index 0000000..d31f69e --- /dev/null +++ b/group_vars/oopen_server.yml @@ -0,0 +1,124 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.oopen.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_root_ssh_keypair: true + +root_ssh_keypair: + - name: backup + login: root + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.oopen.de + + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: sysadm + + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + +sudo_users: + - chris + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/group_vars/postgresql_server.yml b/group_vars/postgresql_server.yml new file mode 100644 index 0000000..fa745d0 --- /dev/null +++ b/group_vars/postgresql_server.yml @@ -0,0 +1,70 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + +apt_install_postgresql_pkgs: true + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/group_vars/warenform_office b/group_vars/warenform_office new file mode 100644 index 0000000..7b369f6 --- /dev/null +++ b/group_vars/warenform_office @@ -0,0 +1,135 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.devel-root + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.devel-root.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_root_ssh_keypair: true + +root_ssh_keypair: + - name: backup + priv_key_src: root/.ssh/id_ed25519.warenform-office + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.warenform-office.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: devel-root.wf.netz + + +default_user: + + - name: chris + user_id: 1000 + group_id: 1000 + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: axel + user_id: 1001 + group_id: 1001 + password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost' + + - name: sysadm + user_id: 1050 + group_id: 1050 + password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/ + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost' + + - name: back + user_id: 1060 + group_id: 1060 + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + +sudo_users: + - chris + - axel + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/group_vars/warenform_server.yml b/group_vars/warenform_server.yml new file mode 100644 index 0000000..ec1eee9 --- /dev/null +++ b/group_vars/warenform_server.yml @@ -0,0 +1,136 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.warenform.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.warenform.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_root_ssh_keypair: true + +root_ssh_keypair: + - name: backup + login: root + priv_key_src: root/.ssh/id_ed25519.warenform-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.warenform-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.warenform.de + + +default_user: + + - name: chris + user_id: 1000 + group_id: 1000 + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: axel + user_id: 1001 + group_id: 1001 + password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost' + + - name: sysadm + user_id: 1050 + group_id: 1050 + password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/ + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost' + + - name: back + user_id: 1060 + group_id: 1060 + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + +sudo_users: + - chris + - axel + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/group_vars/webadmin.yml b/group_vars/webadmin.yml new file mode 100644 index 0000000..b94686b --- /dev/null +++ b/group_vars/webadmin.yml @@ -0,0 +1,98 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + +insert_webadmin_ssh_keypair: true + +webadmin_ssh_keypair: + - name: backup + login: webadmin + priv_key_src: webadmin/.ssh/id_ed25519-webadmin.warenform + priv_key_dest: '~webadmin/.ssh/id_ed25519' + pub_key_src: webadmin/.ssh/id_ed25519-webadmin.warenform.pub + pub_key_dest: '~webadmin/.ssh/id_ed25519.pub' + target: devel-repos.wf.netz + +webadmin_user: + - name: webadmin + user_id: 1040 + group_id: 1040 + password: $6$2aGWK1gW$NyFFrSWgAbYhJTpOGkSgyVKellmFTzHLE5z.fWy6kbZbqppiLc9MwRjY7X0KX.q3iV5TAQJIemVm3dq873J/g0 + home: /var/www + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNeWlp4fwExBSttvzD1LvSI49+b4YfIncB1lpFcCzLU4yJoAmPFCgoquhiL7TAjUnXa2/7BWLEJhsNQgdtOhCm431idLcJomwtK1FYpRkY/qfBYsYs8lLtpZwasHGrikEswDt5LiKutNnMnRlUBRNiJLRv90dR0hSNuGnIMaQUDfTkiq/RtkbOPJLNMcSsNr7MPN3GqzxhN2WBpcQ9dLUZKRJbHfrDt8g1aaLMrZVu/mO/kRplaShzmHtkJSQTXCsuA/hZy9mO38NNQdSl0+IY2OPDXxZtdHLbi+KKymIHHtKV7rxGmP3CF/stV1ux0H2ZLuv7c5dy75EZ386iT2c0OfUVXHX5+IBFrDP5RR9usyfyvTcqNhlGi39MiAaxlkn1GI1M/PXnrExEO4hqTQRbu4lnDbWxgeC7RIoUp62Y4UVjEOrTk57Reg5MeUx2Lp20Kd0OMYv4nJB2eEZ6uCfrh1s1QediVZ0SSE1Z1vJc2hoaGRUUX1q8bww2HzZaF+rBJo+euOZiSkYWgXNBnag74BBM9RPHOSRMdajNrgop2ceBkC/G3Z71Z39QIisF1y0KExmfsPMO4k126o55DnbfsAzCDNiBqv8unBZcFCq+4EP6SWXzWhtS3/71/W3XK9/JJ9n7JS1SCl5USyJMxAV7VUIjEkmU+8nkxQB1/tzKXw== xayax@xAyAx-imac.local' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDdgc2H6HkxbELP12ZomFcccmGnaCPgmyocLqXx2bbvHRw7iaXPlSyiYIrT2jF4h19J5qi2qIrIZj8Y+Akky5ZfaYOvjLuxNA0wGEcZqjyGIRYRAifc2V/66GBYMkxSZch26vLlZIJT98g5RFMyWGtFHwYANnhPkn0lhfZz3X476H1WpfZvmcqu5h1AWh3aNeesdtf7XGQQkI7aA+HfHNHkvX2mJ75mC0uMH/6fcloBkvonRiV1hZy+11GnuX6m2Qpw6Q1rnCMrbelRQa9C26YJYQgZY8Gag0PCW8cxIr9dhCV00+CybY/XIx80FJmUvl0AKfPZAFnsYuKxQHi2Deera0c+AbrutaVoeaRGcTrm5ij8qOXGakfwZXy7gTANrWcwlf4Aplhuskit7hWeuM45ll4e4vbHajHLuXMt8FUhcmj+SV1gBClQ4ozwt2HocWIwljhgWenJHHzdflPm3pc6JhFgzSB1adIuHJ16lf2TSfWLH+89SZszQF9i3TF4o0g/X3/bQpRsYyXQi/dvpr3K/807OafSuPt8a5VPgqfVGQIMbruyO1EuKrOiCXADnjXDbzI3V4nusRdAjWklgOespyTIcrO6UGVGS2U3KJH6P8erNebhkwMbAfYqN3LVPGa40tluHrxvpO4bA7W6xhL8yFlbjq3qmFKcAeeD0Tg2Q== felix@Wilmas-iMac.local' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb6ngLE9Vh0H6IqiHF2yeQX11kCeVE4QaK8Ca0Ogqtz8drC4/3Ugl9ZDtJR+UH+GpP/bOQZDTGF6f+p8dNlfpeoHZ92Yg62yMeD9qx9iQT8NeloLvpHk3B3NV10Lrff/zoeTGP7U8zKvLQsYnCwSPEodKEsxbf5mFcJN13/m+PW3tW0veRtYGvBwhimxidpSr+DLcRTZrZGs2Jf8BVqqAL0BIdH7exuLeKpACQzDAk10+DfLTNEXPgZ5jNBu3MBXqjyNRTTU+wEGAyUmHxv+ZJfjeBIM2Hgkl+lp2Bi5qQlsUduYtbXXrPQZzbgzIk+Rr0yY7/mfYSEXR41Uqv1QLScs2+Dpf713Lyr7H97bf64m1mzLd5vrps94JlqHSmcRzqENsW7HpdRmnpD7R+2lJe2faVX1HIT/mh/PjMItefbOhgV5FtcHcUiINVqi/4bmK68fPTXD+OBLuOHRkp1rYME6Z9pxXa6H6Ji8rIGOAHf2XyGqbvR80pG8n/jMk8AmaZLlvzCk1YAocphZDFAV/jm5zwFiUCzrND6mz4xCWJ8lJb2ZPoQpuGUppg/agoASFPeimbJp5zRuUp9tLL1xra0b9NjAA42M6ju1CkDvvNnRGEk/E9AD/G6v4AxHP5dzzmIlLSS6sNIDADPkdIfRhwe1Y7aF3TrYNq/P97Z1whtQ== schroeder@Christians-MacBook-Pro.local' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost' + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/host_vars/anita.wf.netz.yml b/host_vars/anita.wf.netz.yml new file mode 100644 index 0000000..878ed89 --- /dev/null +++ b/host_vars/anita.wf.netz.yml @@ -0,0 +1,110 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +extra_user: + + - name: kaya + user_id: 1002 + group_id: 1002 + password: $6$t9gheUvd$hFTJ5mp0bdu4Hc5zGmS6HuSAfFOc4QRROLX4wnCauLjwTxUtvhgeLDlL5YkjGfiWOCEe84krH4op0DdKjTJWG/ + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNeWlp4fwExBSttvzD1LvSI49+b4YfIncB1lpFcCzLU4yJoAmPFCgoquhiL7TAjUnXa2/7BWLEJhsNQgdtOhCm431idLcJomwtK1FYpRkY/qfBYsYs8lLtpZwasHGrikEswDt5LiKutNnMnRlUBRNiJLRv90dR0hSNuGnIMaQUDfTkiq/RtkbOPJLNMcSsNr7MPN3GqzxhN2WBpcQ9dLUZKRJbHfrDt8g1aaLMrZVu/mO/kRplaShzmHtkJSQTXCsuA/hZy9mO38NNQdSl0+IY2OPDXxZtdHLbi+KKymIHHtKV7rxGmP3CF/stV1ux0H2ZLuv7c5dy75EZ386iT2c0OfUVXHX5+IBFrDP5RR9usyfyvTcqNhlGi39MiAaxlkn1GI1M/PXnrExEO4hqTQRbu4lnDbWxgeC7RIoUp62Y4UVjEOrTk57Reg5MeUx2Lp20Kd0OMYv4nJB2eEZ6uCfrh1s1QediVZ0SSE1Z1vJc2hoaGRUUX1q8bww2HzZaF+rBJo+euOZiSkYWgXNBnag74BBM9RPHOSRMdajNrgop2ceBkC/G3Z71Z39QIisF1y0KExmfsPMO4k126o55DnbfsAzCDNiBqv8unBZcFCq+4EP6SWXzWhtS3/71/W3XK9/JJ9n7JS1SCl5USyJMxAV7VUIjEkmU+8nkxQB1/tzKXw== xayax@xAyAx-imac.local' + + - name: lalix + user_id: 1003 + group_id: 1003 + password: $6$RKaAbxOz$LxvjoVclfkgo99VwmXi9cIhVmUdTNT.T0/pZAH9GNtFEQn5NoOak/DHTHHG9kn58soDRuhEAup1x4T2jG.Js0/ + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDdgc2H6HkxbELP12ZomFcccmGnaCPgmyocLqXx2bbvHRw7iaXPlSyiYIrT2jF4h19J5qi2qIrIZj8Y+Akky5ZfaYOvjLuxNA0wGEcZqjyGIRYRAifc2V/66GBYMkxSZch26vLlZIJT98g5RFMyWGtFHwYANnhPkn0lhfZz3X476H1WpfZvmcqu5h1AWh3aNeesdtf7XGQQkI7aA+HfHNHkvX2mJ75mC0uMH/6fcloBkvonRiV1hZy+11GnuX6m2Qpw6Q1rnCMrbelRQa9C26YJYQgZY8Gag0PCW8cxIr9dhCV00+CybY/XIx80FJmUvl0AKfPZAFnsYuKxQHi2Deera0c+AbrutaVoeaRGcTrm5ij8qOXGakfwZXy7gTANrWcwlf4Aplhuskit7hWeuM45ll4e4vbHajHLuXMt8FUhcmj+SV1gBClQ4ozwt2HocWIwljhgWenJHHzdflPm3pc6JhFgzSB1adIuHJ16lf2TSfWLH+89SZszQF9i3TF4o0g/X3/bQpRsYyXQi/dvpr3K/807OafSuPt8a5VPgqfVGQIMbruyO1EuKrOiCXADnjXDbzI3V4nusRdAjWklgOespyTIcrO6UGVGS2U3KJH6P8erNebhkwMbAfYqN3LVPGa40tluHrxvpO4bA7W6xhL8yFlbjq3qmFKcAeeD0Tg2Q== felix@Wilmas-iMac.local' + + - name: mariette + user_id: 1004 + group_id: 1004 + password: $6$QiYW4uMG$9bOGhsON8SnOSIC4.UTXhVpCpebcJNInI3t1JPhR7979D3CpoKroK7dXPAxGfDigrkxBwcqju..PuvCUqtshw1 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + + - name: christian + user_id: 1005 + group_id: 1005 + password: $6$2paWmEea$G51JZDzjjDNE75aBl/xuM1dyH.FWYHwNCRHeKWkHhxjUmRRC/v.hhNh5jOk5EbVWDeVh7r5dz1tO2HTZUMftb1 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb6ngLE9Vh0H6IqiHF2yeQX11kCeVE4QaK8Ca0Ogqtz8drC4/3Ugl9ZDtJR+UH+GpP/bOQZDTGF6f+p8dNlfpeoHZ92Yg62yMeD9qx9iQT8NeloLvpHk3B3NV10Lrff/zoeTGP7U8zKvLQsYnCwSPEodKEsxbf5mFcJN13/m+PW3tW0veRtYGvBwhimxidpSr+DLcRTZrZGs2Jf8BVqqAL0BIdH7exuLeKpACQzDAk10+DfLTNEXPgZ5jNBu3MBXqjyNRTTU+wEGAyUmHxv+ZJfjeBIM2Hgkl+lp2Bi5qQlsUduYtbXXrPQZzbgzIk+Rr0yY7/mfYSEXR41Uqv1QLScs2+Dpf713Lyr7H97bf64m1mzLd5vrps94JlqHSmcRzqENsW7HpdRmnpD7R+2lJe2faVX1HIT/mh/PjMItefbOhgV5FtcHcUiINVqi/4bmK68fPTXD+OBLuOHRkp1rYME6Z9pxXa6H6Ji8rIGOAHf2XyGqbvR80pG8n/jMk8AmaZLlvzCk1YAocphZDFAV/jm5zwFiUCzrND6mz4xCWJ8lJb2ZPoQpuGUppg/agoASFPeimbJp5zRuUp9tLL1xra0b9NjAA42M6ju1CkDvvNnRGEk/E9AD/G6v4AxHP5dzzmIlLSS6sNIDADPkdIfRhwe1Y7aF3TrYNq/P97Z1whtQ== schroeder@Christians-MacBook-Pro.local' + + - name: annette + user_id: 1006 + group_id: 1006 + password: $6$r7PHitZp$v4Av3Q/U1wJ/Bvndr10TU89nMYrsBwb4xOgqu.JTbnVGoubkOlwU6RCUNGGXqfwRo0UqprhXMvP0l5HoHL3271 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/nscache.oopen.de.yml b/host_vars/nscache.oopen.de.yml new file mode 100644 index 0000000..d5df8fd --- /dev/null +++ b/host_vars/nscache.oopen.de.yml @@ -0,0 +1,94 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +# Note: +# - if acl_caching_nameserver is set, caching nameserver will listen on +# all interfaces. +# +# - DON'T FORGET ';' sign at the end of ip-addresses +# +acl_caching_nameserver: + - so36net: + name: so36net + entries: + - /* so36.NET */ + - 192.68.11.64/27; + - 2001:678:a40:3000::/64; + - /* Backup wipe.so36.net / backup.so36.net */ + - 194.150.169.139; + - 194.150.169.138; + - sinma: + name: sinma + entries: + - 83.223.64.0/19; + - ckubu: + name: ckubu + entries: + - 2003:ec:df1b:7dfd:dfa8:efd5:14f3:5275; + - 84.140.145.23; + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/o25.oopen.de.yml b/host_vars/o25.oopen.de.yml new file mode 100644 index 0000000..af64e14 --- /dev/null +++ b/host_vars/o25.oopen.de.yml @@ -0,0 +1,94 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown2 + + +network_interfaces: + + - device: br0 + # use only once per device (for the first device entry) + headline: br0 - bridge over device enp8s0 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + mode: static + description: Bridge Interface IPv4 for LXC + address: '144.76.24.11' + netmask: '255.255.255.224' + network: '144.76.24.0' + broadcast: '144.76.24.31' + gateway: '144.76.24.1' + + # optional dns settings nameservers: [] + # nameservers: + # - "194.150.168.168" # dns.as250.net + # - "91.239.100.100" # anycast.censurfridns.dk + + # optional additional subnets/ips subnets: [] + # subnets: + # - '192.168.123.0/24' + # - '192.168.124.11/32' + + # optional bridge parameters bridge: {} + # bridge: + # ports: + # stp: + # fd: + # maxwait: + # waitport: + bridge: + ports: enp8s0 # for mor devices support a blan separated list + stp: !!str off + fd: 5 + hello: 2 + + # optional bonding parameters bond: {} + # bond: + # mode: + # miimon: + # master: + # slaves: + # lacp-rate: + bond: {} + + # optional vlan settings | vlan: {} + # vlan: {} + # raw-device: 'eth0' + vlan: {} + + # inline hook scripts + pre-up: [] # pre-up script lines + up: [] # up script lines + post-up: [] # post-up script lines (alias for up) + pre-down: [] # pre-down script lines (alias for down) + down: [] # down script lines + post-down: [] # post-down script lines + + + + - device: br0 + family: inet6 + mode: static + description: Bridge Interface IPv6 for LXC + address: '2a01:4f8:191:b::2' + netmask: 64 + gateway: 'fe80::1' diff --git a/host_vars/site36.net b/host_vars/site36.net new file mode 100644 index 0000000..897701d --- /dev/null +++ b/host_vars/site36.net @@ -0,0 +1,164 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.so36.net + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.so36.net.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_root_ssh_keypair: true + +root_ssh_keypair: + - name: backup + login: root + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.so36.net + + +default_user: + + - name: ckubu + password: $6$eLO.YJBg$YryN2tvRhI9HK3vffWcid7KH2uyh0e67KhbPp9FxW/bdUAepk/9GB5re7n/DXWhpthf3ifPCznPHU24X2YQVV/ + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: defa + password: $6$LMelojO.$TY0vb.xSBparEY5O7p86YT.E4RXKVH0bDfwGsszuFS6EAl3oh.s6V.jIZYg56P1RTDiVUh4A0BOwk87Q/utaS1 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAmPpPUHYmhTlN97lPAIdDjmkvM4xbCrWHiAjJJ7RdM8lW6hLbBaiMgbUwULOB86FB49V2YSoaVX09UkxJOCf15TYbq79P7W2x2UtFzYxVEVgpr/HVhJjytEDzmFYbsNN3VDK/2JEFqYqtLpTXOqf/TFihmqbvfbkUQOK/NMbE8udxj/RHnwRDMaJJ0IP7L6Z/v5s654H75nv7/IRm8Ov5DmcJyz9BcEL7fpow2HYexUzUozWN9zMXabrQ5AtEeJ0FYuBFIkYPLaUQ+WJ5bLCmoeE81+SIl+fw0UG5Zeb6SMo+NFFaMBIvwyEsNVyz9Gf2SUq/9weTr0JxVdCGKmEZLj9imcr2WtQxcXRhjTzAyq4m8F/2uA9GkisFUM2VybfZxNtkTZdIEHYE1X/36PYNI7P8Cp98cM7EKNLaPniDuQRh7IBixVt9oxxwxVFjZrG21ySanvg6GnpHHAkhM2nlwA0zcDMYd2h5rJt9JB8s8UQplTJzmo+lAbGBc47pZr4J0BKywjTsfQtQed1kClm/oEjO19mvRIC5DBznBtWJ4jWeTsjs91tEARE7LforRCy2VkA2rNxPsWz6Iks/towoySuWz8oUmA0FdfE5ULUavuv4uFZQXurIX0AvyWp3dg8dG2srnoZqqagr3VdZT7jV5nlNICeaEFbb5iShaxDBoBk= defa@walther' + + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLT3rq/wQpGV0Rn57qnD6PswMYmamUS8gqv2DqlwOrNxfrfO8X/H139KQNHE4blMPaGQ+9OzugkZzzp9SC/Tud7bdt9HI50WOe4xYqd8uiGywWznsTTvcHQeT5UqGiwzRwy5ozdzlTJIcbJt7NhwUwtVUGCFuW20jjWpyHBNMJPHkL6by+4APGF6jWO+crSvAqodvi544Uw9BCSzInSkxUbrgt97ta6QYgcdHrOGUv7Pe9qITFUPeuMmFDkq1wYIcXyfa6lUXvj+QxHVsnMee50HJhlHlUAc2PmyvZX5xl0H7hM9AwWbSSfstRn4nL7pmkcfSGv5Y2RQly8AT5UAgT defa@split' + + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDakC8eT7Uv2TS0lPDoBpuowHbCCP/4xM9DnRljVrI9l9Kdta5avRovpa8qHxnapY8+CWqx28+TcqmRw/y342Vf2BErXuoDeR5JtpZhiOZs27Km+FwG3Xwp4jcx2yYSksMuHzq7d2yL8pW9bL0/l6StJL/4DXaFg0Ym2ZSv/0CZG4HLSc4AC2UhMqwqgf7YFissm0Qc2iJru6S1RBTNL1hIVxe1KQz85VwU+VUtimacHQQDZ2VgSMHXSTRM2+naJMhLd4TrU0SGyQWYCcqch6lksNiFqVnDSa8P55rOG2eolY3cHraRI+x5s/wXLLoSWzt4aEm3GZPEkogAmX5CaECE4bV1gNk+4kVlW2ZEPeFGF1yUJgd+cqTzPT2JqusVfjLhDMsjmHpfBz/E3TuPBy18hYeRAa3zUPWRDlntPzHrcRb0E3EgLlojcA8w0g+3KBDL5psa7t16MtrEC/pQJ/VM1C/ZBRfsFGDRzyY+AnIkEif6BwHtyOhXaETKmlt+tC8oueWMtdbM85mFFEyWYLPccp0NlRdgtPh5AylotSdaRhfmZqKHtqcrieuwKLBGpZB/WQ0l7HRn4lVg1TzePUaSYCSPiCcflts9VMJJBhp/KbqWJoEwWQiRNkkhKUOC48crzI3s9QNNyqy/aLTPFjn0OsHa0SW9MQOaSTFsKwryfQ== defa@work' + + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxdRSyPmX5CyzgxyV4nrF2Q7Zu0lQikgNQSTt2o8jrakSlngCNT1u9vFnbT2tynBuCEd9fE05AKqwg7m9+X3FeBzq/PF0CiS1GdanyJkNoW3RIWSeO0Amt+yxCNTmr3hSPCR5hwyWT+gAYjLYyOfbMUi66NVFiXRuSvuZ1+z5iGgdRIGlxVI74V/6tO7CLwMEEUxs8tXu6y96u8bvQowTEBixfEhzOlS/NbkZElsBcJ0+eZJ/GzN4RuFxYjd2pmz5UL4gHFcXVMSs/Wq13XWtdlzawM5K9wfFZJ83UYGxHfW0OjvqSZ8IlZSVQeEEy9UKsMwrN16qznI5Od4XmbIMd' + + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAD95P6omJldgvTdsdibJDAqq0gVAyiKL6zdZEUIxDu1r+pFZHmAB554C+9I2XN9DFm3c/V2Aix7ni2DRT6IWV8GgLAFxCgf2uaL7fghRNwfYMLTLuJXRzcEpO8Ph9Nz45YO/7n1GN2MNm8swxlMrl2ewkrvD6TTc3t4em8n3NxO5iqbKM/U8GUmyiRYGeC2KRy8HA3PNGeGvv0uGIS3KurIMdPRVFyKUt0xkMwvHeP1AIC8DIAPvD6CJf9tB8OmFxnibvrXXZCfzbgi59aJ6TRpM8qzq6gG3EtqR4x6X9gZ0h4lpsOxiUOetzemej0CY3K19tZsTjGR879h0+s8/b root@rambox.spreebytes.net' + + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCog1AKXq/JlrFFAIE43jkGhHBZXayU8kc/xxQau7UPnOJNtt/NTt0zrdb0HA4Y4OYyZY/PZ424ufFio6yTeGnQEKRbYLh/Ot8KxemywODuimtHxTFo6wWjdNIbwTwr/erDy7THiUptYKJdyMnbUNkhB41Ea0mCsoJvw6f49P1uO0+4nLmmKLxo6qfKyreDKcydh2dIOcetc7x3zV+1WsCSWwQdtPfW2O9MJki/33sQzXyra+FrtCafXN+Zzwo6oqgymx1m3ErkNCWpOzUq4MDTORFKUq7girlVmWjL7KYBfFVWn9FZy0SYXulQLxd0nO0xhQslyQE+2KI5uECRKRoyw53v0h5P2lX2XWIQb3cypRJNlychgaqQJH4mp2XLOgQb3t84KcOKMw7jgU0NUby26MQ84m+P0bQZu4NWuBd8arjR7dPNjTEF+mWSy7YrlIUoF6jdqqZ/+N+fX+3S5abzOPfLCJSLXrd9xvA1q38tU3xdoTaRuKRmdXCmjadN/xh6nq4tZ4YoILDevGJaaMj2Mw9xA2YE8r1xI5MmhZ/lds4l4qii+0eA3A45pic674hiTUhgATuMKAtFrNTeIU7vEcmF17bL5J0s98CkR2dS9czrqeEEQZKy5kcr0gdMGd+dOy1pd3x+P8Xtwg/WgW6yVcmGWvj9XIejL3CcUHJeDQ== defa@devnull' + + - name: init + password: $6$NcRlPYtm$1YiBoiJUcEwB1ovXYLpQ.OM/ehceh46/G2K4jz0I/PK7tJzD/HDoKhaKVYEIe.uWld6zC63GrgEhq.UMJzFuS1 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcOAGa9XHPVGx7k5YWptABoMs2f1+OeqRr6UFXveCWtjdDuk+YUAWl1W8TlDaFmw0+kLGk4Sg5TEcDzlVL+9L1Du044mwieeGQx5WRnz2vtg9XP/AP19jmpn1gTUPt5HGvFWVCeCDkMnc2aEz+fbW1MGN3ZxRNXhoNZfSS/jC7B0RANu1o3nPDQ3fGxFee02bAWi76To+0dJJppH02qSmlkOSUExOI+9i5WSog5KuCim25isLTIwv/GJNWAASL2/OUMuH82mX1EIS6qRdvcRufWH8qxTAkSeNrLUjiJOtCcE9dchS566KDs8p0U02PBN/92VB9aS/ErQ23l7llVr4jr776qBlUQn4vMxv1MG9ETM+/tUErYNDYazx+FV4NT90sxvepc+8I/q0AZjD2HNp6P25LgPNIhegNznnF/Twy9wW4Jn50FB4GMf8tHCeD9clXOMA1gSGGQiyeyly+wzZ5eLduwWAtzzYJ7MpOfncPYq2kKqs/29p77/0fvdbH2zzJQDbR2A0kHK1z3K6A7I8c+dBdcf2Kb5pvmglHjjSS06rD3oJtl3EvTfBe7AFhCou+zaaIf9fjMyM5upOu/ik23gRcDD32pX6Y0ltixfIWm6PV+Rgl88q6mOeLMwnItKtXID/O2908JE4dyLao2JeauzhXBJjMY2yzbcPLSlz2xw== so_init_03' + + - name: alex + password: $6$.3m20/Um$nTsNhF5jwIF.FMW4gTqRt0o3S8B81q6UuRnMYQ9om77DwOTsPgm5RgCkX90PbPShPe3BYVBQvJp7e53qPedie. + shell: /usr/bin/zsh + ssh_keys: + + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMyXy0+TVREnROtJOzuFFrFW18UXaRyWWLm4Z1vCOXU home' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKb9VsHdwzIW8MpEtOKzWPJW+toe1UL1odj4k0mtYPac work' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJywUxxa2hNC8DNGmiyyLDaY0BP8muqqR1upMS8vBx6O laptop' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPKDhjGkGJNO9pmc3CDp0fi4TXmkXP1hm6wzAdqiMphE netbook' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk3tyHir3go59oZnp98WhauGJNwf6KTRYcBvfFMs8fY mobile' + + + - name: alis + password: $6$w9SVHwkQ$PrVrCuugHTObqdBMJNdHV4xkgUf.FPwD4a1HA6mFbPwZPApdcnTSTNWwFJgGu5p5/5lL0Tw4TFDPVaN2Y6O44/ + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEXvi4aBvd8777iALbpxMvzXdX+LnFYEOzHPuBEMjFt7+LArqqpfqU4rSCtfMD3QExAYbstIj0K/eyQ3S+Oe+Ry4Fr3hkZOtkpZF+MW1yvO2m1QuEzj+/2C9SU+yhGLo4cyIZN59wJOodWmLNy4u/vIQw305AHVwBdyE0zdq/5WRngk5nJmyjZHw7/rX5DPRgxOWk1zjruXt6mWoImRPk0Cy4jpouIl6DQ9gawryryX9+9E6aSI6Ona7ngUxKGcwe3ec3CM66c83J7xfC17EiZccjrJ+u9UPIlsXNs/ka3W/625wHTHCIaj2uOL2JZOj/TboZETPti5LO1fA5iLww+Iu1eGVPncdxojSgAcv4fcDKIG+IrEf8RyP7z7kABQH0jB+4jrnpptkOulrxccAYBxKp9AA0fp0dRo1IdSZ8IEnXluJ5pg2N73SFi/1MyC67urWC/qqhK5C32WjezDoXUx/n9DE9gKsFID6vEHmIZsuD1ohsIbksLkLq0Guh8goLfFxATJEdj1CpL+FtpaCcMLFSYYgSZwVsoCeEXz8h4nlYy8w7+kcweJIEJstjLHziZ0oIwmmRxqGLIeLrfQRF7miFUJzgIVmj+wIHrhk11ZdceP9RNT/TpnYFQvICRFJp7tYS4+uYS4rdNgJ0o9VtyHEoFrCKtB7mHvl1/MFGoYw== alis@mail36.net' + + - name: sysadm + + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + +sudo_users: + - chris + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/hosts b/hosts new file mode 100644 index 0000000..9241541 --- /dev/null +++ b/hosts @@ -0,0 +1,882 @@ +# ----------------------------------------------------------------------------- +# Use the following group to mark the hosts that are newly created. +# Remove all names after the first successful play. + +#[o18] +#o18.oopen.de +#site36.net ansible_user=ckubu + +[dns_sinma] +dns1.warenform.de +a.ns.oopen.de + + +[initial_setup] + +# --- +# - Warenform Server +# --- + +# server16 +server16.warenform.de +helden.warenform.de + +# server18 +server18.warenform.de +piwik.warenform.de + +# server20 +server20.warenform.de +cloud-giz.warenform.de + +# server22 +server22.warenform.de +nd.warenform.de +nd-archiv.warenform.de +nd-live.warenform.de + +# server23 +server23.warenform.de +vvn-shop.warenform.de +vvn-www.warenform.de +dns0.warenform.de + +# server24 +server24.warenform.de +mx.warenform.de +lists.mx.warenform.de + +# server25 +server25.warenform.de +web1.warenform.de +web0.warenform.de + +# server26 +server26.warenform.de +backup.warenform.de +git.warenform.de + +# VServer Sinma +dns1.warenform.de + +# --- +# - O.OPEN Server +# --- + +# - o10.oopen.de +o10.oopen.de +cloud.oopen.de +etherpad.oopen.de +limesurvey.oopen.de + +o12.oopen.de +c.mx.oopen.de +initiativenserver.oopen.de + +o13.oopen.de +o13-board.oopen.de +o13-mail.oopen.de +o13-mumble.oopen.de +o13-pad.oopen.de +o13-schleuder.oopen.de +o13-test.oopen.de +o13-web.oopen.de + +# - o14.oopen.de +o14.oopen.de +a.mx.oopen.de +b.ns.oopen.de +d.mx.oopen.de +e.mx.oopen.de +www2.oopen.de + +# - o15.oopen.de +o15.oopen.de +b.mx.oopen.de +piwik.oopen.de +www.oopen.de +www3.oopen.de + +o17.oopen.de +test.mx.oopen.de +test.mariadb.oopen.de + +# o19.oopen.de +o19.oopen.de +backup.oopen.de +munin.oopen.de +nscache.oopen.de + +# - o20.oopen.de (srv-cityslang.cityslang.com) +o20.oopen.de + +o21.oopen.de +mail.cadus.org +web.cadus.org + +# - o22.oopen.de +o22.oopen.de +oolm-db.oopen.de +oolm-db-dev.oopen.de +oolm-shop.oopen.de +oolm-shop-dev.oopen.de +oolm-web.oopen.de + +# - o23.oopen.de +o23.oopen.de +cl-01.oopen.de +cp-01.oopen.de + +# - o24.oopen.de +o24.oopen.de +cl-irights.oopen.de + +# - o25.oopen.de +o25.oopen.de +cl-fm.oopen.de +mail.faire-mobilitaet.de + +# - Vserver von Sinma +a.ns.oopen.de + + +# --- +# - Warenform Office +# --- + +devel-root.wf.netz +anita.wf.netz +devel-cloud.wf.netz +devel-db.wf.netz +devel-git.wf.netz +devel-php.wf.netz +devel-repos.wf.netz +devel-php.wf.netz +devel-todo.wf.netz +devel-wiki.wf.netz + + +[extra_hosts] + + +[apache2_webserver] + +# --- +# - O.OPEN Server +# --- + +# o10.oopen.de +cloud.oopen.de +limesurvey.oopen.de + +# o12.oopen.de +initiativenserver.oopen.de +c.mx.oopen.de + +# o13.oopen.de +o13-mail.oopen.de +o13-mumble.oopen.de +o13-web.oopen.de + +# o14.oopen.de +a.mx.oopen.de +d.mx.oopen.de +www2.oopen.de + +# o15.oopen.de +www.oopen.de +www3.oopen.de +piwik.oopen.de + +# o17.oopen.de +test.mariadb.oopen.de +test.mx.oopen.de + +# o19.oopen.de +munin.oopen.de + +# o20.oopen.de (srv-cityslang.cityslang.com) +o20.oopen.de + +# o21.oopen.de +web.cadus.org +mail.cadus.org + +# o22.oopen.de +oolm-shop-dev.oopen.de +oolm-shop.oopen.de +oolm-web.oopen.de + +# o23.oopen.de +cl-01.oopen.de + +# o24.oopen.de +cl-irights.oopen.de + +# o25.oopen.de +cl-fm.oopen.de +mail.faire-mobilitaet.de + + +# --- +# Warenform server +# --- + +# server16 +helden.warenform.de + +# server18 +piwik.warenform.de + +# server20 +cloud-giz.warenform.de + +# server22 +nd.warenform.de +nd-archiv.warenform.de +nd-live.warenform.de + +# server23 +vvn-shop.warenform.de +vvn-www.warenform.de + +# - server24 +mx.warenform.de +lists.mx.warenform.de + +# server25 +web1.warenform.de +web0.warenform.de + +# --- +# - Warenform Office +# --- + +devel-php.wf.netz +devel-todo.wf.netz +devel-repos.wf.netz +devel-wiki.wf.netz + + +[webadmin] + +# server22 +nd.warenform.de +nd-archiv.warenform.de +nd-live.warenform.de + +# server23 +vvn-shop.warenform.de +vvn-www.warenform.de + +# server25 +web1.warenform.de +web0.warenform.de + +devel-php.wf.netz +devel-todo.wf.netz + + +[nginx_webserver] + +# o10.oopen.de +etherpad.oopen.de + +# o13.oopen.de +o13-board.oopen.de +o13-pad.oopen.de + +# o23.oopen.de +cp-01.oopen.de + + +[mail_server] + +# --- +# O.OPEN +# --- + +# o12.oopen.de +c.mx.oopen.de + +# o13.oopen.de +o13-mail.oopen.de +o13-schleuder.oopen.de + +# o14.oopen.de +a.mx.oopen.de +d.mx.oopen.de +e.mx.oopen.de + +# o15.oopen.de +b.mx.oopen.de +www.oopen.de + +# o17.oopen.de +test.mx.oopen.de + +# o21.oopen.de +mail.cadus.org + +# o25.oopen.de +mail.faire-mobilitaet.de + +# --- +# Warenform server +# --- + +# server24.warenform.de +mx.warenform.de +lists.mx.warenform.de + + +[sympa_list_server] + +# o14.oopen.de +d.mx.oopen.de + +# server24.warenform.de +lists.mx.warenform.de + + +[postgresql_server] + +# --- +# O.OPEN +# --- + +# o13.oopen.de +o13-board.oopen.de +o13-mail.oopen.de + +# o14.oopen.de +a.mx.oopen.de + +# o15.oopen.de +www3.oopen.de +www.oopen.de + +# o25.oopen.de +mail.faire-mobilitaet.de + +# --- +# Warenform server +# --- + +# server23.warenform.de +vvn-shop.warenform.de + +# server24.warenform.de +mx.warenform.de + + +[mysql_server] + +# --- +# O.OPEN +# --- + +# o10.oopen.de +cloud.oopen.de +etherpad.oopen.de +limesurvey.oopen.de + +# o12.oopen.de +c.mx.oopen.de +initiativenserver.oopen.de + +# o13.oopen.de +o13-board.oopen.de +o13-mail.oopen.de +o13-web.oopen.de + +# o14.oopen.de +a.mx.oopen.de +d.mx.oopen.de +e.mx.oopen.de +www2.oopen.de + +# o15.oopen.de +piwik.oopen.de +www.oopen.de +www3.oopen.de + +# o17.oopen.de +test.mx.oopen.de +test.mariadb.oopen.de + +# o20.oopen.de (srv-cityslang.cityslang.com) +o20.oopen.de + +# o21.oopen.de +web.cadus.org +mail.cadus.org + +# o22.oopen.de +oolm-db-dev.oopen.de +oolm-db.oopen.de +oolm-web.oopen.de + +# o23.oopen.de +cl-01.oopen.de + +# o24.oopen.de +cl-irights.oopen.de + +# o25.oopen.de +cl-fm.oopen.de +cl-fm.oopen.de + +# --- +# Warenform +# --- + +# server16.warenform.de +helden.warenform.de + +# server18.warenform.de +piwik.warenform.de + +# server20.warenform.de +cloud-giz.warenform.de + +# server22.warenform.de +nd.warenform.de +nd-archiv.warenform.de +nd-live.warenform.de + +# server23.warenform.de +vvn-shop.warenform.de +vvn-www.warenform.de + +# server24.warenform.de +mx.warenform.de +lists.mx.warenform.de + +# server25.warenform.de +web1.warenform.de +web0.warenform.de + +# --- +# - Warenform Office +# --- + +devel-db.wf.netz +devel-wiki.wf.netz + + +[nextcloud_server] + +# --- +# O.OPEN +# --- + +# o10.oopen.de +cloud.oopen.de + +# o23.oopen.de +cl-01.oopen.de + +# o24.oopen.de +cl-irights.oopen.de + +# o25.oopen.de +cl-fm.oopen.de + +# --- +# Warenform +# --- + +# server20.warenform.de +cloud-giz.warenform.de + + +[dns_server] + +# --- +# O.OPEN +# --- +a.ns.oopen.de +b.ns.oopen.de + +# --- +# Warenform +# --- +dns0.warenform.de +dns1.warenform.de + + +[caching_nameserver] + +# --- +# O.OPEN +# --- + +# o12.oopen.de +c.mx.oopen.de + +# o13.oopen.de +o13-mail.oopen.de + +# o14.oopen.de +a.mx.oopen.de +d.mx.oopen.de +e.mx.oopen.de + +# o15.oopen.de +b.mx.oopen.de + +# o17.oopen.de +test.mx.oopen.de + +# o19.oopen.de +nscache.oopen.de + +# o21.oopen.de +mail.cadus.org + +# o25.oopen.de +mail.faire-mobilitaet.de + +# --- +# Warenform +# --- + +# server24.warenform.de +mx.warenform.de +lists.mx.warenform.de + + +[backup_server] + +# --- +# - O.OPEN Server +# --- + +backup.oopen.de +devel-root.wf.netz + +# --- +# Warenform +# --- + +backup.warenform.de + + +[samba_server] + +# --- +# Warenform +# --- +anita.wf.netz + + +[lxc_host] + +# --- +# O.OPEN +# --- + +o10.oopen.de +o12.oopen.de +o13.oopen.de +o14.oopen.de +o15.oopen.de +o17.oopen.de +o19.oopen.de +#o20.oopen.de +o21.oopen.de +o22.oopen.de +o23.oopen.de +o24.oopen.de +o25.oopen.de + +# --- +# Warenform +# --- + +server16.warenform.de +server18.warenform.de +server20.warenform.de +server22.warenform.de +server23.warenform.de +server24.warenform.de +server25.warenform.de +server26.warenform.de + +# --- +# Warenform Office +# --- + +devel-root.wf.netz + + +[lxc_guest] + +# --- +# O.OPEN +# --- + +# - o10.oopen.de +cloud.oopen.de +etherpad.oopen.de +limesurvey.oopen.de + +# - o12.oopen.de +c.mx.oopen.de +initiativenserver.oopen.de + +# - o13.oopen.de +o13-board.oopen.de +o13-mail.oopen.de +o13-mumble.oopen.de +o13-pad.oopen.de +o13-schleuder.oopen.de +o13-test.oopen.de +o13-web.oopen.de + +# - o14.oopen.de +a.mx.oopen.de +b.ns.oopen.de +d.mx.oopen.de +e.mx.oopen.de +www2.oopen.de + +# - o15.oopen.de +b.mx.oopen.de +piwik.oopen.de +www.oopen.de +www3.oopen.de + +# - o17.oopen.de +test.mx.oopen.de +test.mariadb.oopen.de + +# - o19.oopen.de +backup.oopen.de +nscache.oopen.de +munin.oopen.de +nc-gw.oopen.de + +# - o21.oopen.de +mail.cadus.org +web.cadus.org + +# - o22.oopen.de +oolm-db.oopen.de +oolm-db-dev.oopen.de +oolm-shop.oopen.de +oolm-shop-dev.oopen.de +oolm-web.oopen.de + +# - o23.oopen.de +cl-01.oopen.de +cp-01.oopen.de + +# - o24.oopen.de +cl-irights.oopen.de + +# - o25.oopen.de +cl-fm.oopen.de +mail.faire-mobilitaet.de + +# - Vserver von Sinma +a.ns.oopen.de + +# --- +# Warenform Server +# --- + +# server16 +helden.warenform.de + +# server18 +piwik.warenform.de + +# server20 +cloud-giz.warenform.de + +# server22 +nd.warenform.de +nd-archiv.warenform.de +nd-live.warenform.de + +# - server23 +dns0.warenform.de +vvn-shop.warenform.de +vvn-www.warenform.de + +# - server24 +mx.warenform.de +lists.mx.warenform.de + +# - server25 +web0.warenform.de +web1.warenform.de + +# - server26 +server26.warenform.de +backup.warenform.de +git.warenform.de + +# - Vserver von Sinma +dns1.warenform.de + +# --- +# Warenform Office +# --- + +# devel-root +anita.wf.netz +devel-cloud.wf.netz +devel-db.wf.netz +devel-git.wf.netz +devel-php.wf.netz +devel-repos.wf.netz +devel-todo.wf.netz +devel-wiki.wf.netz + + +# All oopen server (except office networks) +[oopen_server] + +# - o10.oopen.de +o10.oopen.de +cloud.oopen.de +etherpad.oopen.de +limesurvey.oopen.de + +# - o12.oopen.de +o12.oopen.de +c.mx.oopen.de +initiativenserver.oopen.de + +# - o13.oopen.de +o13.oopen.de +o13-board.oopen.de +o13-mail.oopen.de +o13-mumble.oopen.de +o13-pad.oopen.de +o13-schleuder.oopen.de +o13-test.oopen.de +o13-web.oopen.de + +# - o14.oopen.de +o14.oopen.de +a.mx.oopen.de +b.ns.oopen.de +d.mx.oopen.de +e.mx.oopen.de +www2.oopen.de + +# - o15.oopen.de +o15.oopen.de +b.mx.oopen.de +piwik.oopen.de +www.oopen.de +www3.oopen.de + +# - o17.oopen.de +o17.oopen.de +test.mx.oopen.de +test.mariadb.oopen.de + +# - o19.oopen.de +o19.oopen.de +backup.oopen.de +nscache.oopen.de +munin.oopen.de +nc-gw.oopen.de + +# - o20.oopen.de (srv-cityslang.cityslang.com) +o20.oopen.de + +# - o21.oopen.de +o21.oopen.de +mail.cadus.org +web.cadus.org + +# - o22.oopen.de +o22.oopen.de +oolm-db.oopen.de +oolm-db-dev.oopen.de +oolm-shop.oopen.de +oolm-shop-dev.oopen.de +oolm-web.oopen.de + +# - o23.oopen.de +o23.oopen.de +cl-01.oopen.de +cp-01.oopen.de + +# - o24.oopen.de +o24.oopen.de +cl-irights.oopen.de + +# - o25.oopen.de +o25.oopen.de +cl-fm.oopen.de +mail.faire-mobilitaet.de + +# - Vserver von Sinma +a.ns.oopen.de + + +[warenform_server] + +# server16 +server16.warenform.de +helden.warenform.de + +# server18 +server18.warenform.de +piwik.warenform.de + +# server20 +server20.warenform.de +cloud-giz.warenform.de + +# server22 +server22.warenform.de +nd.warenform.de +nd-archiv.warenform.de +nd-live.warenform.de + +# - server23 +server23.warenform.de +dns0.warenform.de +vvn-shop.warenform.de +vvn-www.warenform.de + +# - server24 +server24.warenform.de +mx.warenform.de +lists.mx.warenform.de + + +# - server25 +server25.warenform.de +web0.warenform.de +web1.warenform.de + +# - server26 +server26.warenform.de +backup.warenform.de +git.warenform.de + +# - Vserver von Sinma +dns1.warenform.de + + +[warenform_office] + +# devel-root +anita.wf.netz +devel-root.wf.netz +devel-db.wf.netz +devel-cloud.wf.netz +devel-git.wf.netz +devel-php.wf.netz +devel-repos.wf.netz +devel-todo.wf.netz +devel-wiki.wf.netz diff --git a/initial-setup-sudo.yml b/initial-setup-sudo.yml new file mode 100644 index 0000000..0ae553d --- /dev/null +++ b/initial-setup-sudo.yml @@ -0,0 +1,13 @@ +--- + + +- hosts: initial_setup + + roles: + - ansible_dependencies + - ansible_user + +- hosts: initial_setup + + roles: + - common diff --git a/initial-setup.yml b/initial-setup.yml new file mode 100644 index 0000000..35f9d5c --- /dev/null +++ b/initial-setup.yml @@ -0,0 +1,26 @@ +--- + +- hosts: initial_setup + remote_user: root + become: false + gather_facts: false + + vars_prompt: + + - name: ansible_ssh_pass + prompt: "Give root's password here" + + roles: + - ansible_dependencies + - ansible_user + +- hosts: extra_hosts + # remote_user: root + + # vars_prompt: + # + # - name: ansible_sudo_pass + # prompt: "Give ansible's sudo password here" + + roles: + - common diff --git a/network-setup.yml b/network-setup.yml new file mode 100644 index 0000000..f8c2d7e --- /dev/null +++ b/network-setup.yml @@ -0,0 +1,6 @@ +--- + +- hosts: extra_hosts + + roles: + - network_interfaces diff --git a/open_the_vault.sh b/open_the_vault.sh new file mode 100755 index 0000000..6e3153a --- /dev/null +++ b/open_the_vault.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash + +echoerr() { echo "$@" 1>&2; } + +PWFILE="$HOME/.private/ansible-oopen-vault-passphrase" + +if test ! -f "$PWFILE" +then + echoerr "File doesn't exist!" + exit 1 +fi + +perm=$(/bin/ls -l "$PWFILE" | awk '{print $1}') +owner=$(/bin/ls -l "$PWFILE" | awk '{print $3}') +group=$(/bin/ls -l "$PWFILE" | awk '{print $4}') +#not everyone is using debian based foo. get primary group of user and test file group permission against it +pgroup=$(id -gn) + +if [[ "$perm" != "-rw-------" ]] && [[ "$perm" != "-r--------" ]] +then + echoerr "Wrong permissions!" + exit 1 +fi + +if test "$USER" != "$owner" +then + echoerr "Wrong owner!" + exit 1 +fi + +if test "$pgroup" != "$group" +then + echoerr "Wrong group!" + exit 1 +fi + +cat "$PWFILE" +exit 0 diff --git a/roles/ansible_dependencies/tasks/main.yml b/roles/ansible_dependencies/tasks/main.yml new file mode 100644 index 0000000..be62f94 --- /dev/null +++ b/roles/ansible_dependencies/tasks/main.yml @@ -0,0 +1,63 @@ +--- + +- name: re-synchronize the package index files from their sources + raw: apt-get update + +- name: Ensure aptitude is present + raw: test -e /usr/bin/aptitude || apt-get install aptitude -y + +- name: dpkg --configure -a + command: > + dpkg --configure -a + args: + warn: false + changed_when: _dpkg_configure.stdout_lines | length + register: _dpkg_configure + when: apt_dpkg_configure|bool + tags: + - ansible-dependencies + +- name: apt upgrade + apt: + upgrade: "{{ apt_upgrade_type }}" + update_cache: true + dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" + when: apt_upgrade|bool + tags: + - ansible-dependencies + +- name: apt install ansible dependencies + apt: + name: "{{ apt_ansible_dependencies }}" + state: "{{ apt_install_state }}" + tags: + - ansible-dependencies + + +#- name: Ensure python2 is present (This is necessary for ansible to work properly) +# raw: test -e /usr/bin/python2 || (apt -y update && apt install -y python) +# +# +#- name: Ensure python-apt is present (This is necessary for ansible to work properly) +# raw: test -e /usr/bin/python2 && (apt -y update && apt install -y python-apt) +# +# +#- name: Ensure python3 is present (This is necessary for ansible to work properly) +# raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3) +# +# +#- name: Ensure python-apt is present (This is necessary for ansible to work properly) +# raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt) +# +# +#- name: Ensure sudo is present (This is necessary for ansible to work properly) +# raw: test -e /usr/bin/sudo || (apt -y update && apt install -y sudo) +# +# +#- name: Ensure lsb-releaseis present (This is necessary for ansible to work properly) +# raw: test -e /usr/bin/lsb_release || (apt -y update && apt install -y lsb-release) +# +# +#- name: Ensure vim is present (This is necessary for ansible to work properly) +# raw: test -e /usr/bin/vim || (apt -y update && apt install -y vim) +# diff --git a/roles/ansible_user/tasks/main.yml b/roles/ansible_user/tasks/main.yml new file mode 100644 index 0000000..e1c65fc --- /dev/null +++ b/roles/ansible_user/tasks/main.yml @@ -0,0 +1,35 @@ +--- + +- name: Ensure remote users for ansible exists + user: + name: '{{ item.name }}' + state: present + uid: '{{ item.user_id | default(omit) }}' + #group: '{{ item.name | default(omit) }}' + shell: '{{ item.shell|d("/bin/bash") }}' + password: "{{ item.password }}" + update_password: on_create + with_items: '{{ ansible_remote_user }}' + tags: + - ansible-remote-user + +- name: Ensure ansible user is part of sudo group + user: + name: "{{ item.name }}" + groups: sudo + append: yes + with_items: "{{ ansible_remote_user }}" + tags: + - sudo-users + +- name: Ensure authorized_key files are present + authorized_key: + user: "{{ item.0.name }}" + key: "{{ item.1 }}" + state: present + with_subelements: + - '{{ ansible_remote_user }}' + - ssh_keys + tags: + - authorized_key + diff --git a/roles/common/files/root/.ssh/id_ed25519.oopen-server b/roles/common/files/root/.ssh/id_ed25519.oopen-server new file mode 100644 index 0000000..0f30c6c --- /dev/null +++ b/roles/common/files/root/.ssh/id_ed25519.oopen-server @@ -0,0 +1,25 @@ +$ANSIBLE_VAULT;1.1;AES256 +63643737376337323337623439396262306134613362643439653232343866633263363236623635 +6538653437613666343435323030663235636537666438320a326462646262613962316335363764 +32343265373238373432313039393464343934613039303937326634333361303362306462646437 +3032333239616631350a383935333138336464373261333734313137363730356363373163346637 +34336164323630343364373065613234383163393634653531363363663761653834663336396234 +64303336393762633065373638653963383063353666373461633662383538633733653339326262 +64316339663566313039656238373133353733356537323935646531636363616666623764336165 +66613565613739386231623262663532393463646565373333333061326234346162353637666631 +65623766643765376537656466623738356437666634316565623038623839303761393562633534 +64643839626163323962356264313563613834353633633030636466393931366661313233633830 +63336431353566333161643831333662373163636164346335643937353730363832363036376434 +30636230303333663965336166663162653330636436336438663861343064643238316662393665 +61656438373631303836656332636165616663393462613035343430653362313938336534323734 +37353665373330343034653064333536643133366661353033633662323562386366306136636230 +34663562373731316266383430353262376333366366316561633165636233353332626438373238 +63633161363639613263636461326162613663353365396464636434353533653939393136316263 +34396238346134396565326230363634346662653739333666356666373864656265636531633162 +63333737333438333234343433646165333161316636356662313663353939393739626566383864 +39346535323866393061613065623031616333363132623433373634373466356531626630643931 +62626635613666623539386335656630653666383839613730323839303737346161656438333239 +30343463393438643065326466306636393561643164613332643239613261613432326362616233 +38363366616265363134616265656636663636366366316261316135666661623939633637616239 +65386331376665336335383739386538613539306239303363303537373332303465376465323133 +32346362636235323161 diff --git a/roles/common/files/root/.ssh/id_ed25519.oopen-server.pub b/roles/common/files/root/.ssh/id_ed25519.oopen-server.pub new file mode 100644 index 0000000..b9a9e1a --- /dev/null +++ b/roles/common/files/root/.ssh/id_ed25519.oopen-server.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server diff --git a/roles/common/files/root/.ssh/id_ed25519.warenform-office b/roles/common/files/root/.ssh/id_ed25519.warenform-office new file mode 100644 index 0000000..97cbcc9 --- /dev/null +++ b/roles/common/files/root/.ssh/id_ed25519.warenform-office @@ -0,0 +1,25 @@ +$ANSIBLE_VAULT;1.1;AES256 +32313732326132663062643663366337663462386532333331393338393233646262383338366330 +3561356332626435336438616130323363626561396634330a313730343639373566623030633030 +62386565313639613837353338653432336465633364333532666338633362643536303165636630 +6139626539356634660a613839373666613161343265366564383362316361363633363764353135 +63323064393065633263323735643864643236386532643565653631366564393337343261326337 +62353938336463653934313333333963666233313231326466383864343564393837306164633730 +33316236393530613631316264633935383734373938316466623339366464393836663139653034 +36643466343231663663383337626238623330326266396261393439393833653130363738333134 +66313664333634666538613335333733313834663764306235643939373034653362363462306138 +63396436623936623339336632303562333764353231346432643834363234373437363437343530 +61366337313330616132303437303232326339336137396337336636393931306463626434346533 +63323930323432616334656335643662333062313835323138333538383437623234316238346430 +63626430653365623037383262383164616531353938373166343465656237656136313562623961 +62393035663766356466353462653532303863333466353730386331393465313662666337323166 +37316265323635623662313632383434306138343534316431383632646361626264643266616265 +66323939386365323234626661326638323338616266383437343936643530633361653062646261 +34346631656130613136633138323430373263353537386134656334326233633733643061653933 +38313334336361326431336238343832646431396663386330633933343263376331633561396261 +36623033316439373433623732346662616464633364613239373264396232653431623132386466 +34336362363761613036346333633066633533306134386564383238396363393734326566323662 +63326364663336333233306532353665323262383037336561663565393033626439623861313462 +30353364396231333932366438303563326536353532653063383832623262383933656161616163 +32663765643862393362653432636665643630353862653665353663396237343761653630626432 +63646537636338323366 diff --git a/roles/common/files/root/.ssh/id_ed25519.warenform-office.pub b/roles/common/files/root/.ssh/id_ed25519.warenform-office.pub new file mode 100644 index 0000000..97f8d09 --- /dev/null +++ b/roles/common/files/root/.ssh/id_ed25519.warenform-office.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyBC92KgCv9Iwjk42UacEfApt/7D5ylEvCOYTxNVLLu root@default-warenform-office diff --git a/roles/common/files/root/.ssh/id_ed25519.warenform-server b/roles/common/files/root/.ssh/id_ed25519.warenform-server new file mode 100644 index 0000000..936dde9 --- /dev/null +++ b/roles/common/files/root/.ssh/id_ed25519.warenform-server @@ -0,0 +1,25 @@ +$ANSIBLE_VAULT;1.1;AES256 +31326563643538343063303835386261363066373739336131333663313431383439653638333032 +3834303864343835356139393036616334663362613366330a613864333737303739626537343565 +39333938363030663564396637633536633931623736396332653133303066373432376638396431 +6439633265316562390a626663306463643164303031616534373665366433393933346165383732 +34346539323964376134663832303265393762383638316639636235353337393135613437643335 +36656230393663383765356237616130356663323036336231633662363465313734663366363639 +62313232353737653338343933316337313263336161386565336562336336363439613137366432 +64663761346131363535653435316535353138363061383932386262393939313435356166613366 +63636135366338363638653066333639643236363931333231623639326265346363366661306238 +35316135303130633530303133623531363462396435653063646435623961306231643565633265 +32393965363261336230323632376233623831303930653534666335656665386163376435613138 +34643434623563643564633264653162646630306236653632393538303765386238336465623735 +66333061366533306533313033353934353865623866633932333462326439356236396664386634 +38386333636237623239313732376662313165653737663437376462383134633362386237653762 +36626339653062636162666639326631393530623161636639383337663661656431386461373731 +33343933383436666432663536313465393835633538613030323239343236623762376433343239 +64346563333432333765633137636461653332316131376235613065356534613532653563663831 +65346166363963373230313137343231636639303962646462383464306539663764373165653738 +33356666366561373733373664393666313931343632306537363632313838356262653263346637 +38346133373865366137306534643161633232393066393736306464643634633836313161333137 +66363830323530353037333334656462356564373133633861376633326361373739363038313566 +39336630373964613332616339313066363464386564333161396466363065666635393865393836 +61336334313037653534663232633261373239663465386538616565376636633363656335306138 +66613564373637646430 diff --git a/roles/common/files/root/.ssh/id_ed25519.warenform-server.pub b/roles/common/files/root/.ssh/id_ed25519.warenform-server.pub new file mode 100644 index 0000000..6e06e69 --- /dev/null +++ b/roles/common/files/root/.ssh/id_ed25519.warenform-server.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server diff --git a/roles/common/files/root/.ssh/id_rsa.backup.oopen.de b/roles/common/files/root/.ssh/id_rsa.backup.oopen.de new file mode 100644 index 0000000..b7ccec0 --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.backup.oopen.de @@ -0,0 +1,89 @@ +$ANSIBLE_VAULT;1.1;AES256 +64303262313639313931393565303137333836316431623232363531356332353132393663373834 +6262363338643932346536653130346465396537666637630a346633363738316164656433356636 +38393861643534386162316631356564666162636535333062626335386161663236343932333565 +3938623338363465300a376334633332303063363630323635396336663837303237666461633930 +31313764393336373061313963613863346333613732383662613435363930633534623936313163 +63633063626331616630336431383231383234643065626438383961383535366661616661373563 +66356165393432663364303866666561386434323836653134646131363535613136326339323933 +63666562393161666638663433633638643131356138613762353066613931393634316432343433 +64663035633638646236383635356561616662643330336336363765313539346631663535383730 +38383132656235393630643637353031306434666232306439653635353266343363323665613932 +32653237393430626633623439333466663265333438343662633835643938366137343538653936 +61326136336234353361383630663035633232653465666637313036323430386535383835393832 +32383234306563336137623562626539656536626237666264663461356137363464386238303263 +36396333313735336566303032613866613736623534306664373164353331363363633562383066 +61353339353131303565373462653536346234383936643761646662363362643037373765333030 +65356639363235316539623233393636616561653135623438613932636461313566366337363837 +33663030623039613237383738363863343462323330303634633636366465323135633636326366 +65346235373162366163353831306333613939666539636430303439383933323162633066383236 +36383563643238653032353131343631356232326437323464373164323336333739353231636334 +35366265353733323831333836653732313830613332396161396565613733626663663734646364 +32643436623638326364643766633434366264396230623863376532653063343463396235613561 +64363339613766363966366462613239353964653735613830643830383535633938343836626539 +66383738373661323566616232643066376632333964366536336465316361623434313461323735 +31326366323266366531303331393335383763373131333130643732373935643730636161656638 +30336566343361396662643430346262306632623932326434333334343566656564636330396465 +61323261366537313664353965626362636339383030626139643735326665393332336531663337 +38633765623562643362666564386563396638623565613536343737366666656561383765363939 +30643536336664386666656438653830656262386661656638623566356633613131336661316463 +35386137656664363430666436623339336437613830336434376534373134343461623065353931 +37306135663131393563343237333761353130396532613263366232363161643638306637643838 +36656236663166373766346432313762663966313033356664376163376131363635333535333632 +64656262613430623563613037646535613361343362366364346338636163643462353232356139 +34623034393930353039633437343163313865643636633566333931353731313466633761376161 +31386365633336363230616162383936323538346662653736336466653936303736666566643936 +61353766356363356535303166633966623134383937376335646338346363356135376465363837 +34356364613134373263323564383266356561373163303736386466373464353733303936653964 +65616232643631326233373930336530386234393564626132633637346537363561666166373163 +39626162666466363530396438393064323065306665613336383739353132636533336636643733 +65633032383933623334323431633539623533326333333833613631333865646664653765386130 +34373861353361336537303832363762396233653736363238336264336233303439643664633866 +33303963633666383563333831666530313631623365363833393837303764323331366532336262 +61383738323935393633636535363238343337363164333963306531636635663536336563383338 +32646163353265386264613662653866366639353437616262386461633431646633373463396631 +64323838383334326361626266316636396232653863313237333936383062333136663433373935 +64313764393463626231623462663366313663656264653339633461653463663630613633326539 +38373230363733636231346538373361313964613536363664373663663662306537613164363934 +63363532393165363435643161393362346466363235643338396535383865323138636138343962 +66386530356335373833306639383166356131306464326461663965333631613964336136623731 +63663539386461663738336133363134656634643931333762303535336634386331306332656230 +37326335326162613932303264636534353337303132663437393732663465313432646662323462 +61353433323130363662643633326565346235633034623661323133306432396238663830626564 +39386533343562656337643238373531366333616332346331306563626266643236316533303732 +61383437373839663430366163383034623737323234393839393364363133376535373333323963 +33393766366630613037613436376361643935643262363662363638333966336137363134346334 +32656362643835646464376437623462306238613437636332383330303433663065333433623865 +33343562333031616331373065366664663765316366336338633139313664663462313637646234 +34316566623166343834343232653432303931666436313830366439363438663330656538623430 +65316633336163653862653163613135633166646538653132303734333136303863643861366134 +31396633623935343734623836343662333464643563653437646236323230336630646431663061 +39396236643639356466666535356533386464643930633636343137343637366635653037356135 +37343662356466393534653939333263663063396137366264303961383461366433653438333065 +31303164666337353366376462343937663539643539383433393962633033663965663965303836 +32626662643562363131396466313733666631616432653361636163633733666131643261326265 +35366232636533383162376366393466636239343863396162633038316165363336383834383631 +63656163616531303034626132613532643164616461386334396266656565393462323863376531 +39653435393865633832613734336639623933363034653137376361393534373263623138643566 +61653261383164346134383934653561323337656134366538316364303066383663386231616332 +31646132313935613866326233383338353031316366303562333233663631353933663166613530 +30376361303231373666316465646630376332396530353533323961633739303736386136353831 +36623234363338386239363862333337656432656231373166343564646230313866616664653932 +38653934313537323562346363373138656162333562393461346536333463313265316438383664 +36313737366463323662326237393239376533646330653365643265393839343061313764633738 +37663461313733316333636634346333313564383765663135333733313565353766386130626164 +32613030633864383138386665343565373837303166666361373936303535363866656235643036 +64366665373764303834643431393063643062633237313764363336363935336664653530303062 +34303963363261636135363738303064303466663732633932326539643930346238333935343833 +62323964363030383931343836616532376635623531336532373263646264393239373365313461 +63393033323630346264336264316364326334663961663335356434386334633035383662633634 +65643337663164343832323632363734376463323063383835343563323437653634346464613238 +32373236646361613132633334396630303236626238306663333261613764633762373663343636 +32653033393839633037346639396230616465326235323164343635363534346161656364303832 +33393634343665343962353066303333663761323834333836363335666236643164333062366561 +65643531616133623437303239353638333037313935363633646562666365386433656264343133 +63663461666439613234653864363539353935383134356637643330653738326631636466386137 +32366337376132633835393935663465396662363136346334323263373035393837346133613632 +35633266613766613362383761393032326265303930613238666638376534643638336662336538 +66343231356564396435636139303964363562366331366637663438323164633436623539646366 +34393538383431343963 diff --git a/roles/common/files/root/.ssh/id_rsa.backup.oopen.de.pub b/roles/common/files/root/.ssh/id_rsa.backup.oopen.de.pub new file mode 100644 index 0000000..e79e449 --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.backup.oopen.de.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxRcrdHX8UHik7l1gpm7Oc4t4+1AKrkcbGtFlzrlwHV4HmMf29nMxYWdOGUv47CFoAHCPSJAH2fnER22HUozsBlMkPrAgXTsMAfpMZB2gP+F7r4c7wiCuK1+uFy2dz2yBIG+1RK+ygJ5GickHPj7baWRQVbYwWeK15YJqL8oxrL6MpmNYr/cVZ7SDLRJp/44ZgnfxC83O00yJf8VEvoOvvj46JkhgnY9RETRfp7RaziIkJGs8EfNRZ6I0vRPC/shVTXf01GH5rdBcklZYZ2ptMvriyUZ2FfMMEOA86jWs73ZGuTcx8ZQGB3m9TCvz8kTBr9CKjz+fAkfKUpMbGOpO5w== root@backup.oopen.de diff --git a/roles/common/files/root/.ssh/id_rsa.backup.so36.net b/roles/common/files/root/.ssh/id_rsa.backup.so36.net new file mode 100644 index 0000000..31f2b50 --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.backup.so36.net @@ -0,0 +1,89 @@ +$ANSIBLE_VAULT;1.1;AES256 +37376262343361306238666238313238333762353662636136386263343763613964643338613235 +6139323162386539386138363966613932633863623339310a363636343437663439613665333730 +39656565396631333736343364313365623166663363313761393963306331386262636533653538 +3932643536326233300a356661306137393230613139633432333638373466303136663136323364 +65313134326562303134646539386565373130663738313333396635666364613839633163393061 +31396161343763653632623932633533383265396466343961323935623365643035393331663332 +31323432623832643635383830383133346235356439376362323066666239666635336434306461 +64623664636537623839363562366661316566353838663463633230613430343930613539326530 +37303039656464363062323438653339373930653361383333363962326362623235616538376361 +30333638303561353965653032626462623061313066303863633334313433363566366437643632 +30336162393734333332623238316162373865343637393966326666366534373663636464633539 +39336632376666663737343462386432346631373161623463366334353662376539623039393966 +39333133393164613263343238333931386434643566343537313566323066383934353862373962 +64653631316331666535353161663930636461376662616538613461633362666238656336666637 +37336661343163623065643734356266323430343935393465303839613230626261613835303566 +33376364363738623664613430366533333739346438633165663737356264393138626337383638 +63643732336162633537616261616664663461363137393332623130383135373630303763643932 +66343862626432653263643238623731383266623935343066363562346337393738353737623137 +63663436313835643561376239623935336434633933656239356535363439363638613034343838 +34383936393531323038333436643535653365386566386535636135386439653433646665393937 +33613839623038636465396532346133303930393433336136383562636134656430306337616135 +64666434303732333034656163383838313435616635316435383266613939623362313061323430 +39396565626638363637613230616238323638613533383966626136616462346632383837333862 +38633435393766623632353131663639626461313765303964343162633636373636306337303539 +33623065613362393362343766643939306165303832343238353966333234663633313737613864 +39373938323232336533646134383261303232656161386135646462333333373034646263343339 +65353037396431366361333162643162666538623530396166373637363135636164613937643832 +66373932383734393735616165616564373134373934366133616564663537343663326430313561 +35656135623332336531373063636163383836386636653362656339323062383563663134616133 +66306330633834393338373230393365656365386632663763326234633464613231343730336236 +37376631366334336562346462616639663864323039623135326562636334663864396562346430 +65383332363737633436346435616133393935323830363135653132373266323936666137633564 +64653265623733336633343361333562613130353938333765626663633036363631396664386464 +37663066326238306531316134343934353132386463636235323966666136643933626666616536 +61633261383862616231373465306664313938386438376465363033626339383564386461633634 +32323739363937376431333738343936373332316536343262643935616366643265666338666665 +65313136373065653031626565346438663061336631326164373631343331306331353564373532 +38343731386631373162393639333534323835376437616636656164643330316532396433396461 +39313834303262353761616364333663656432393465306238333031353462643263306335616633 +62663134316532393439303835343730626561666135656166373836376139353363303333373136 +38333838656538653731376164383064346330656462346363336663356437616639323832633635 +39336564363462353065626666303339643637623533613834316437663431346265653662643538 +38326137363366353838326638376434313861376263383764323839633661373465366237646637 +66313261336439653137626166663531353063343931376333306630346566336537333832346331 +31326663663436393363383439653366393839343565366530653561343331353338656234616162 +63316161353939663538353964623361353863313736663162643731656365373530633965323663 +35376632356236376434386133643266626663663864353432386434343934623063366262636238 +30336239333035613936346331353862333666396166363534366433616234663863316564373237 +32616537336639666566623631306631313033633633613663643335373836646630666534366263 +65386365376330323739373535623236643838363064383034343239663337633562333532373531 +30326439623536353666633036303736373161393133323430313965613834363862623931346430 +39343165633939633762396432393631656532376462373265656333363966653835613932303065 +32633236323266633266323765306466663233333535616232353064343535303863306662666265 +64393239333032363964393234623331393138636262393961653939356137336238343733643537 +64313961643635346136386132623933616639646234326537326531313739336330376538303933 +61346634636233343463633936343965303261323963336230343339653035633339333938353338 +35643166323065383965666266616361646663326137393134303338373037356339333832613839 +37636266356363626330643735366636386636333134333030323465616138623839333730346663 +34386665393338356462333933303238333065636634393364316431303136316232663239386166 +32616331346666313364326235393436313665306637633433316166326261663135623131363639 +32353930356162373136663339323663313164353164323536613032386464353730373731373332 +64616439326130323161326534653032663836643632643465643939346339336435313063666166 +35346265636430313463613863613563616234393933366135333632306330653831323934393638 +35653863333765616632303265386263383335346665323439316436623135353362333162663264 +31373132316665666664653039623332366434346362386163363532643537363938613432396334 +32666534376332326333373237663738383739343939333062393535643531396431333164393230 +62633239653130623332626466613565383434363432363364643165633135316632666638623631 +63646438373834353935633562666433373636326165646437623838663531333539336366653933 +62343531373031653930646164316638666430656236303032313339646136393834643462613366 +34333636313031376264376131383961373066383532373030626263363336646663613564666530 +33356261363965656336396464636133306335636463303462373937666162353663393636613962 +61333637326236306132336133663838623033343564663739393537343165316539316437666432 +37363234383662356231393439303962306537386461336463336265316433316130333563383163 +63333766396332613265383338396236336232636664616136363361653430613531663534306437 +36353530343335626439626538366531616635656265633634613664363166333030306464666265 +37303064633962383837323162303932373035323064396130616136353366303662356366326639 +34353530306264343438323730323361616335626438343033313430353061313964303464613638 +38383266633232623766643439356132656662616163623038313433323065326566396266666131 +35353061613963323531343866303265333338646430376664356536386538333937323861303636 +62366239366561393930616661663961613439393630396534383431393864343037373062656132 +35376266383564393038653466626632653037306662373733613065313662306137636335363662 +36653831626431376432643263646535303930356265303530316632326138323066373038636139 +63313033643230386438396530366533646436323337386134323431656535633234376332396339 +65353632386465393531636635353439616464386361316136366565323538373631303732626133 +36623933353261383132373734653039623661663762353834396639303838326533333264623135 +31643839653730306561653863393762346430653431653937326434623236656664323732346163 +36633739623830626330313738646364373066343438373239303538396438616637663038633035 +62383333313766313661 diff --git a/roles/common/files/root/.ssh/id_rsa.backup.so36.net.pub b/roles/common/files/root/.ssh/id_rsa.backup.so36.net.pub new file mode 100644 index 0000000..246b8eb --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.backup.so36.net.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTiMHFphDclvwqu4WXkF/kIfSxseH8hqvZjUydZGMbUbBRvrs9Lii4JLtf4NuePG/T1nNek+3Dg4WNO55TM2ufdt9W6aqimmcMVG+D0Z9yCPwHc5H7VWGyP9kDcK+ngwIZk1j/tPXLPcCmyaan4Fbhoqk3Mauo381VInJzA3FHov6b8G48401zVcdS9L84SjTtU/Smg/36XOCEQyX3zVEXtwFVlmijgQwJDXeheZCnIrLUi/cf18WawqHU5E+o6dWhpuP+1aFtmv7Bb7OWCQOKRyWDN8I5wq/Gpax1eUS4uNyCprv6XoyXL6CO/qK7SmI9bB+90diNDnzu2FfTS+Er root@backup.so36.net diff --git a/roles/common/files/root/.ssh/id_rsa.backup.warenform.de b/roles/common/files/root/.ssh/id_rsa.backup.warenform.de new file mode 100644 index 0000000..d0ca6e8 --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.backup.warenform.de @@ -0,0 +1,89 @@ +$ANSIBLE_VAULT;1.1;AES256 +65623731373563393261633131363166333330353065336662616332313633313265383539646537 +3063313165613561663863353536623137373664336234340a323033346339333239653534373834 +39353766623438643431393930393762356331336338353963313764656365643438393530323834 +6538343332653635630a643836666163326363666233623738663261633966646437366138383261 +35396339363735343139393934643738613638656661666366623438326364333932396233396131 +32353330336334396266323234353036656437313032333538656363333261363066643739666365 +33323638663638353231363432313432316666633439396430393764616365656162313936343036 +31353562366363363738393036336465346330613536313234316333336136336339626338303835 +65383838306538373639653866643632333666393537373132613463326666626265633539383638 +61363062653033356535666533353066343530323231613962323838613864386465386235356437 +64326239616664613961336434643534303864393434393665353966323238323962646263333334 +36313034643164656234353330383062613339396235343937383062656566363862313266363462 +65653437356464373230336530623664666661643539663662396232393761663439313166663430 +62323064336331366532353762333162373934376336636466653237616433633238313663363661 +66343765366164643433623632353833346436636634646461366436346633396464343032373737 +63626364366665656535323562623964623537353164313637306162316561663164346635643535 +39376161616166316539666666343035643964343431643264376563306262346634643336646665 +39323033633733373630336139353761626633643835633235376239626537373235643536343734 +33643366376430376339666137316231373632386464343736393736366331383336383635656431 +34646138333162386335363739643661326636373230376663633366383465316539313432343438 +37656564393965666630346161333632333738376636376438313864323663326334653037393332 +62653537393065393163326638303766623237373839353262343632353135613162666531343139 +33343266623337653434333665343832303930363561363665376165616538353139366436303135 +33346562393264333333643965306564653238666530363633643463343333616264393963323630 +34336231663737306665383339656538343062623166333932303537336537643537336137323161 +32366461343932623634626537353934316534373365646662383530373165353339363834613435 +33613265633265356262323365613131363265643830643636383537653666376539636130373131 +39616161306265653538383931646363303933656535306439663662663333306139636463383339 +66663166626366323430643137336533623763663339363336656563353861306539323631663064 +38623565633730383561653965623466376566366166386364343433643937303639383463376430 +65653034373135386362646465393039623531626530383133636266643232366238356262656261 +65643431623139353663333064633164306330633436326431663239656663623631653965396632 +35313435373562373062633663393330626436376337626563613863663362336562316635663938 +63626666353264323666306366356366666137313830393364326133323933333339333161613938 +30646533393334613862393566646433316433343562393063633162336438313837353963646163 +62616437663431633365323966383966306232376430383762316235316533666662343335356430 +37623038646462376432363830633531376330656665633134363861613963653461626435323539 +62623763303563613362666336343466656166303138643837353934376563656137376331353832 +35396130666663353937356164623438653434313030376562643664306666326435343130626162 +66626464386338653262636537633165316639323063393561393334393764343966303930383437 +64313435643637343535303161633263336230613934326330636537396136666264323634326465 +38363231326362656637396133393733333866323930333563303137653237663962336163613366 +30396166356635623364626133333936333563616230623738663731376638663536623964353933 +31326230353735636236333035623863663738643038306330376365643532646563373765633530 +64373239383863376665366364663161306637383333643465643161396630663364306361663932 +66383261313339616230333066623364303138323538303135633030383138613931393634333932 +66393261383234633465613262376466626632653336363431653961643532326230396138316436 +31313362633565653730626339636235653461636530393234653936376362336236633232623332 +38623965323261306362303061303964363862393236653532373737666334613833336331373064 +64613666613536616463623165316439646130376532313361643163323632386164303338323364 +30623063356337333963396264376563613532376363336330653730343162373433646666616263 +30623161373061623230356439643165383665383563326130376134643065653536396366613465 +34386161303430323232343163306166643765663932306131373936313139326636333638363763 +66663262373564316136366364633236343966373763623061306139346666623330623566313331 +31343835323764343032386534393163326139383734666137323332663765633963613066363132 +33663630646333656133666432643538626565376534623536323530323530646264653766623536 +34386334636231616339656564396437303733333965336439626335306230316237396234313366 +62306334613134396636366662663036396338666463323765383566373434316436363939663333 +64313665303965636435303562363566366539306638356462373638643933376237323433663866 +37306635376665306631663036623964663366663138663534656133643935373239303335346437 +61613038623633316566326664313761343035333563633233313031323564353030376437663461 +36386633613266656564666438613262633535636366333833393932346337663639393964323737 +35643234383065383933306263326562396534633733643737626633313237646161616333646332 +66363133636562363336303135393439613732353838383962636537626664666466643839363138 +64656137386531393230616163613738306437613966663231313734343931613866356265346434 +37396138366666653135643830616162343165373134306131373762623233653034376130343136 +36663665396230653833653638313933323361646438366135353938323938616332333862393561 +63643265623139646532323332653437633461636363633465373339653137336431333566623637 +37623532303634656161313434626139323763393830613663326266303066386430376463643464 +36353532343430656439316464306631626631663564383963366638653936306261303033353863 +37363835323064316266333830653066643437393032336335653938373062616265343034356266 +33613864356666656437613661326238326432313964646334323061306137353834623863653736 +61313965656138386662366231623363306164326364616161303432653139396230376436363636 +32636463313666346461646539383038656461363439353533383561393764306432643131356138 +31623931323438376365393138343035613465613462613230336433643731356563316132333534 +66323531333733383565646534653032376633313766373837613537643538636565653766653865 +30316365393432393632646263383131396565613565636363643437363461396465383531353330 +38656435313639383936663761646338336133613564636331343164653166376134363933396336 +31383833323938613963326363616235323230646438656531313866653266346566643232396563 +62623530366330623131336262316334383537323332323536356165316238643932643335623135 +31636262653734656663316461323761626635303538326133396435653936356363336331626161 +37353938663666656436626438646463303661356538343738326331346332663430653438613361 +38373830346134653932643363316163666339393234663064653238613038666138333230353437 +65313535666235313434663663646332626333643665616231326266393732363333373539393265 +63373033356334306261313966386263393138376635326161663731383138313766363862333138 +62663335323832313163636565343237386663323439633564386239383764383837653462646266 +37626430616363616131356463356235323834343932373761383362653635303437623261306236 +63393833323436633533 diff --git a/roles/common/files/root/.ssh/id_rsa.backup.warenform.de.pub b/roles/common/files/root/.ssh/id_rsa.backup.warenform.de.pub new file mode 100644 index 0000000..f87a382 --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.backup.warenform.de.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmQffh8lmO69ukeW0hC7wQ8EEqEsKPja5IvYr1fVqmR5gUJDRFQ015sxpIIuLgo4kCbe6pz7aV6rLUAxysMV06PbBRJPzq0SvaXek3Begygt11U0+HFQN7pVw+agxvbdE0YwxhOfJWl8f/wkti+p/G7+G7O0bMyFdzH2eeYXmzh3Nf4NoST8moQ2PVpDaJ73u/s7Z2oPng2LhVneGqyRdV40exiFOBS5pGJZ/10GZthkrhUAEGzPTusenN4+Vw2oriKP3+eyLzsB8qSPX5u7oR4Su9QY2VxTwkuXZDrxTBZwpIB/mXobMRZeRQxDGeSsU1mCf9cquanFLIx4a1ySUDw== root@backup.warenform.de diff --git a/roles/common/files/root/.ssh/id_rsa.devel-root b/roles/common/files/root/.ssh/id_rsa.devel-root new file mode 100644 index 0000000..42902fa --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.devel-root @@ -0,0 +1,167 @@ +$ANSIBLE_VAULT;1.1;AES256 +30626637633734333432353462666463663664313837303662323731666633636663326335643364 +3263363965353864663236636537653433663638666633390a306436363936383835613830663734 +64306432386263326265343164306137343632616630663964343835646362383338326237356530 +3336656435343438640a326539656137323966373965653835616437653236636635343434313832 +62306533366133316233633932663038343138393061336665386130626431343039366331326137 +65346534353939326235383663356536396665656137376564666661623738323561323262313333 +31386336363937306530316439383062616434653932633135326339346461613037343136366462 +31653637366230343834373666353335303562336133373333616130353566373563646234613064 +35376563343836316438376636666166373363393637303030373065666333666337353730313561 +30653862333366666638616132653133316431396465663564663931623634343962653937636136 +36663038356366633333346333656537656365386465343931363932343439613130663435633461 +62366439646530373961396333343536393162616138316636346338356230313762393762353037 +63623162616265306135396363393634353239623232363433313266653765386366363330393636 +66623964666561303665303761353563366331626338653465393839383630633734363139326562 +30623162663661353763333735613464616634353533653135363065613532396131363563333233 +37656165653466313366303365396630376266316165373764613730326466653330313663643335 +63336133333732363032636234376134656663636265316232366234333965343632373264346639 +62353932306131396266623935373766383934623134363862303262646439326366303130393530 +62343838613433653133336339313933366135613730666534636130326663656161373761656463 +34623331623162623737346435303134383831343536333166366462363330653034376335353764 +35393636393538663935316438653330643339623937613262356563616630626535343535326262 +66383733303430376339633637613334666365346263316139643664303466626434383363393930 +39363262623038663165306164353739323230663733363331373765663939336437303564376330 +36613739393835336133373030313165656137383763636262633461636163346634313466323535 +37303139386638333066633633663536633636653134316366636164376130323439383561623566 +35373033396337373932393866376435623539613935333435373333346563613665656464643536 +61613132356239346437353439313166306437626332656463383263613730633530626335306533 +33356432376562366635386339313265393933643366376163343663336338356463653334643738 +37306537343439336234346532316432633865616635346538343439616230326632323161383932 +64653431323636373432313939326131356135326437663266303336386434653536383065386336 +30326465346137666563383038646366396261613261613361366232653239623334303765333834 +63323265363434316339326137363932366265633435623663366138343366313630366661396566 +34373837323835356565396565346438353663316237393634636531303164333138336431643161 +37373833313735363761386639386533316238666534656137396332613034343264343165633236 +31343139616330306634613235643839326333633034396638383236323937326239633037316635 +61373836336237643633383964653166363331643337663561376135643837333764663536313363 +64333730626566323962386462346666336262363931353634633835303837356233363136643166 +61306533356137343361303063333535363932393936343663303438396161363930656330373961 +35306536653135366236333738386230366139366363363439636535313738646364633837386135 +38306636343834306133353434393766306462303937663964623466343531303432663335303039 +63333838643864303533393361353161353138366465353231373362626534303132323835666438 +66366566323264616563346361306235343666386338663737393238343461353730383136353462 +64323436316635383132623463663964396565313265323036316462316331356330393036353861 +64333066326261646632663663373438643635323766626238333330636430333133623638303863 +32333364626336376635666464653133613261343662623332373631343961316334343638656361 +30636337313130666332313136366636323533636534653262306233326337643239613739303539 +62643266393562636330323363386262326662636137353331326532386462333965653737383135 +66393162326634623138346336343134376362356631613834373832343335333231613231366539 +30366634353231313265653763316230663266373938636330363330386163373034666431626431 +39383363363531396536646364643739306132646632323531653031656466313035613433663964 +62306165366431333366613761626365366637303338333663666666383566613531353036393439 +62666530643438663637366430323530326536653137333963393835386161313565366531373731 +39633133363438376661323534656566343066633835306265323438613035636661666362313336 +65633064376634643062386634663935613264653133623964613666326362623936323633366635 +31316130336139666531666331353435363139663631636562306431383038386538346337376363 +37303534353262373835393463393764396131386662303266623135396165323166643534613561 +32326130373863626464653764643764336162376534383533353335376433353330383763653836 +64323537323032316139363733323864623136343664383064666232663136626236653335396365 +30646439316433373065663437633231363465323662343237373631633336663931346531623565 +64643836323766646436373335646331643165633331343264333362326138323065383666353462 +64376439366665306638643261363162386436366563653961383532663032363535313331613530 +62646266633464303933623363346265353736316163326161303836366161323663333035353031 +39653535343730333264396534613262653437646532393835666135363937343339613461373937 +34353230656662346531343338663834346631643166346364363832383861653635666532383864 +63336532623463663535393263636162666331383935383539636535626562653536616134386436 +33343165613563336562616130306263396164326539656662646266633162353762363538383064 +37373435613461623436626565316235333534363662353963346165663864623261393036383938 +36326465306530303535643261663831343031663963646234623231356366346536396266623339 +33646364363535303139363332623733343361323766653737616534656334333937313061303165 +30623836663135316561363962626133313564623464646265376231613462613465396264633339 +34346362393637626261376365623934616165623134376437303331303932323536616235316164 +39613339623835363432633462663631363762316561656263376661373531396536643030383463 +65383165623665653130636566383965643938643866306230303739626462313337643635373939 +36366162616462323331633464653838373433353630386363333265346633666130633433366664 +31393839616133323637653865353333393264373931613162653232653566663530336538643162 +35343835643835656437666366656230353933353438373835613066666237663365323138656365 +38396231346334656430653231333130363831316265343662613630313934326464633862353762 +39633137656638643033653466376135643866623339346537343932336432616435393563636462 +36383931636230666466396534616239343064333565633639373431323364363431323962343666 +34663063383564643565336461653162643934343063646136633532343537643836386135633963 +39353837333834356431346337623063363430336366326433646338386637323736333331326164 +38636432653638616563326533626637613536326635363738336631633130646361353564653133 +34656130313936393937333635323930313563303436343234343238623833663964663865386232 +34363862336132643566336434623465393737656231353065656266636662613430356234316632 +36303862653864363365613661383935353464663935653763613934376537623763303230353530 +31623866646333646264656538393132663033626634366361366465653439323561386364363635 +37623531623165373336646438343537653339326536623534643734663662336263353833613931 +36656561653836393963666639316534313036356532656533393464363432323866313734643135 +65373261623265376637383732316139343734303135643664343338633833626231316539396565 +32663530306430633734303633303039343737383633633231366561333833343962333735363130 +39656266636663316334303832343664633235626136396130306134663265396363623864643330 +36626464373164323134313233343065656666616565396337343766643764646238323765356263 +33663862356332393730323938623634346664666439656631353734376665383966333432366361 +63653561373539396464306335623462323263643961303837393539356231323232343838636566 +33666566343334373639353536373437643063336162316531393931653531386139383438663030 +61633263333533623666323534623432633133386561376234323636323238643038376433376262 +30313966303865396438303762303962303239663064323739303731643533643264316266303631 +64646638313834323036396437306436333738616131306436323337353237373939383334663930 +37353836303337333562333361346366383933363632626631336631386136396534336665383834 +64373763303364353235383439666264333433343439333939666363616232643735376332383639 +61383166663231336433623661353433633533633830356437353764313136383564316336383133 +34643737386565336138643532633962666536323664383832336530636130343532663165363737 +32613938353161303265393037316439633835383035356666306437333538656536376461323764 +62303731386338363538666435393132643533373439386537616634626231623935633630336330 +30663265666231666366613035653135643763353834316466626239366231653534376635336332 +30303936326163623637396433376661386634663031323132363064313630363930646165333364 +33363065646339616539653136633663303934633436356665313636373734626361356632636534 +33653735356362306637343030623130623461613966346339653065346534643435363063323538 +32663938363233613036663734653064323262306138313966356266313864633633643134643735 +39616266363933613063663035303763613162643537363364316133393864393735313232373161 +63356231636237383533323264396139636366393663653162656533633037323962323865663736 +66623538353165643363653237323466613362666536363963386434373064653638343330326266 +37306630346661326131623865646166626331336261396366623462383933346437653661643039 +37343339613963363561616334346131343531613033316261313563626637393963643866386364 +62306662633331323734663261333532616264663261323663313161663430333165396238306634 +63646333383135636235616266633264313138303036323037666161386464333633316631653865 +63346132336562643631343762346539633766333539356334306335306233313830326362313461 +33663665643362643934373162636663323435653965336266613466333436363866323831623535 +63616532353539396337323137306533306363373536656362326233366139623462616234633133 +34653061643632376539636536373336396335313161623733646262316238663732383337323162 +38383439353830636364646534343432396665363363356265666661663563383337613232363763 +64303961616566353133633764636333636564633635393064336163353833663636656236366331 +65333936306266333262613638633366623433623036343263666238626662306137346639643531 +61613334373833653830613865393430623064613431626665363335663130376261336264643034 +64616536643034333566643737663538316539646339303930326235626433306639386635613436 +37313433663263613037656165663933663839653339343861393131343433656330643262393338 +64353365333531373232326331633832383838386232313862326538396361333333326337326433 +31386432316534653062353036383936333033356665323162633665383632386132373034643637 +38316437373034303062343135663262313961623764646333326531356530653734346438386336 +61303734303532626466633739303634373730386538333434356564333361616563306332373530 +36346365333331616236343163636463653938383538366439336635353938343337656434363636 +37633834326433333466363234373132363833666563333136666462316233636438633538323066 +38633866346163326562613761666562343630323935393262313439386137613964666637633864 +39633361373133323463646363666361376530666562383464616638656465653732343366333933 +63376535313064646166633766393662313330323133353861623738363134353330356437333864 +30623932663133623437656361333566393134623430613162663432636132333362363830656562 +66626634653536393164643965633232333839663131656233303937386431386133393939313339 +61653539656239633930363435326566363561313163356564393533623766636637646135386362 +61383837363562663264656134616238313832363431336666353738373464353339393264343435 +62386562326133376535613363626638346638646365383535336562306331303161313063663063 +33663536376266613965373065303163336335336136373263653631316161653839303566343437 +63316462303630346438663066343635353132336131643332303866396238366462323165303966 +38383861366663373435333864636263373039306465663666363936313663396333313862613061 +31646435656166383232356464306362336638333364656532313635396639633366643837396535 +61633334353839623566356436313532363666646566306134373530626434383263646263393164 +66316236616439366161613631363961343862353135666337633037366565646464623035326232 +35333639623939366162366565396566303562393737306237303064636364343132613464303032 +37383632376536636263616464626663333334316132326630666266653036613564626164383438 +32396135343266653564636130326336663439343661373231623564386434613963643661636161 +66303336623066633466346434306362643531363666376563313039643130663866363836363330 +37306533396265626365363230663362353863613462656638633435313036663130333132313163 +32636165303162653139396132633137353335653430303166393435623964613333316236323031 +30623736666433393736386634363430336239613162333837383335326565653239316561353330 +63303636383131376230313235343863303631356263316365353837323634633335346537323232 +31613061616264326362636234663737343939386165356532326666386365386164646634383431 +61306239373565336239646232623262623930303466666238316163333466653135333132633262 +33396133386634373766646635336433363862343863663936363035386665663861323364663330 +38656434396134313466613337346332646162653030363633393139326634616261653238653837 +36303838646436363738313163313235653065623863303432346462303239633537346164643764 +34646434613533353262323531626431363661373962353230666165646264306661336461356336 +62396635343561336331353432303735333930326664643138646232633262633062303334323937 +33356338336636613735326530383932326337313866393731643239613535643664323162616363 +30346130633563616165656636623430616439353061373861626362633562373339336435393338 +39393437663838343863656138643931343962376465363361386465663466346666353566643735 +66653161313337306165313631323837623565396237366530633062613134306231376437383836 +6564386362323064386263366534623833623663613561333433 diff --git a/roles/common/files/root/.ssh/id_rsa.devel-root.pub b/roles/common/files/root/.ssh/id_rsa.devel-root.pub new file mode 100644 index 0000000..d10af17 --- /dev/null +++ b/roles/common/files/root/.ssh/id_rsa.devel-root.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCd4puiVlcoHytkIpmticagS/yo5fIWhsGwdjWLoH8I4GU9le1TQYwSxdFMhoDbwOPeoAPFeccW8787OgaMT9HFSH8OSePsWhYNBD/OnR2OlXtbEXFEwKU/wD7GJLbXGjkcR3JEOioRJI9wC3OTjCjC6ZX/D8S5yJAZKQAAPHMJziESyrhZeNnWISbxuosqeYW6Y6phYpGt9V6LgeqAf5Ztb6lwmthQdIru8enl4CenQGKrJaclhdl6xNtCfXBAj+02W3FNYof7J/dvb1e8SkkXjM6vWwzIN/Qd6Yy7pFof/zq1tAVy3iFRQ4ASX5ghNdxgF6YzIzw1t+DIo8rz1TJ9ANFNuKuEfmKtHa4Ppunyjvgo2N+sDEYt4zn4lMwO+m3ROZ1KRBGbMCqhBw19ZxYMLMUJYMe9YEX4tvxXiny9QfHeKJLFEpuqdcwSOkoz35gbmACtZ/lxt8rDvU+7+An/PEQX8f2/kUD75L6GJ4TaE2qhkI3o8wH7bxOSbt0QTK3D55wPb9cqFTMCdQhy19PPy2cWskPc6mY+IeW8Vcbops9tpyTDVqjmokw8Gga3++AIxaNdsCEzQlTY1/0DRQuPjmgofVefCCk21sRjn//XNuie3sXNF9+6yxWzR1Ln82VqNaiLwGWlhiqO2+4pWiTm+Can8/GlnTX2a3uRuGj+Zw== root@devel-root diff --git a/roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform b/roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform new file mode 100644 index 0000000..164cde3 --- /dev/null +++ b/roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform @@ -0,0 +1,25 @@ +$ANSIBLE_VAULT;1.1;AES256 +37353766323665666361653537393334666365653637376232643432363037653462646366663065 +3264316565623766393237643938373239353465336238630a343361616532303934636232636333 +30383934633134646131353631353631613239386132393631393531316361623239373736336563 +3738323464343962300a623262626566316339313032343637613631383661643234316234393162 +31326161376666653363383737396337316139623835363234373535396466386231646531346630 +61653063643233373262646635363737333464343666333232383736643032326132333433363035 +34316137396336316266643537656535666637656161616164613434303661333533353937366438 +64653366363665353061666636623235323434633030633533376463653131333432653034346230 +31333634666638363863313563643462353731323465336162396239346263356635366634626262 +31653434386636376466353538396234396635343735383861306135353635633961623736313733 +63363930613438363335323533356564316338383733613635346532633238623335393739373130 +39343932653336653730343463336434663231613861636164663439323136313464623934636562 +62366437383334366362306231623738376439323462306362376636326465343730303639666239 +32363766373737363765346261333330366132363939326438373165666563666339616536353239 +38336666656466613363366533643263393232323837663130306262396531393034643665663361 +37663035633133393631633734653832633034666563306631383935633530336633313663316264 +35656238633364383165303035613239333434646631383538653761303430626139363139633731 +38353631333435663866366561323266333030663536383465316161373731633238373431386263 +30303862316261366133376162303839656332643432613338383437373362326533623032613865 +65633866316537303935663233303330663834636164383937313362646261633966363865336336 +37336561386230373264336230643866353236653631613034353432373637656138323031333639 +63643861386534623533346631396437616332343865343032363532323339666433613964333638 +61666663383031666533396135653066333931313265663132626235303036366439336533643131 +65343063643735396365 diff --git a/roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform.pub b/roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform.pub new file mode 100644 index 0000000..5102743 --- /dev/null +++ b/roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0uz8MeNyKvKxyqCLE1KCuATRFOMd5RV0a6TpnqwVZu webadmin@default-svn diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml new file mode 100644 index 0000000..9068d2c --- /dev/null +++ b/roles/common/handlers/main.yml @@ -0,0 +1,27 @@ +--- + +- name: Update timezone + command: dpkg-reconfigure --frontend noninteractive tzdata + +#- name: Restart ssh +# shell: sleep 3; systemctl restart sshd +# async: 1 +# poll: 0 + +# Does NOT Work +# +# Error was: +# Start request repeated too quickly. +# +# See also: https://github.com/ansible/ansible-modules-core/issues/1533 +# +- name: Restart ssh + service: + name: ssh + state: restarted + +- name: Restart postfix + service: + name: postfix + state: restarted + diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml new file mode 100644 index 0000000..2eb2b57 --- /dev/null +++ b/roles/common/tasks/apt.yml @@ -0,0 +1,206 @@ +--- + +- name: (apt.yml) update configuration file - /etc/apt/sources.list + template: + src: "etc/apt/sources.list.{{ ansible_distribution }}.j2" + dest: /etc/apt/sources.list + owner: root + group: root + mode: 0644 + register: apt_config_updated + when: apt_manage_sources_list|bool + tags: + - apt-configuration + +- name: (apt.yml) apt update + apt: + update_cache: true + cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}" + when: apt_update|bool + tags: + - apt-update + - apt-upgrade + - apt-dpkg-configure + - apt-initial-install + - apt-microcode + - apt-compiler-pkgs + - apt-webserver-pkgs + +- name: (apt.yml) dpkg --configure + command: > + dpkg --configure -a + args: + warn: false + changed_when: _dpkg_configure.stdout_lines | length + register: _dpkg_configure + when: apt_dpkg_configure|bool + tags: + - apt-dpkg-configure + - apt-initial-install + - apt-microcode + - apt-compiler-pkgs + - apt-webserver-pkgs + +- name: (apt.yml) apt upgrade + apt: + upgrade: "{{ apt_upgrade_type }}" + update_cache: true + dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" + when: apt_upgrade|bool + tags: + - apt-upgrade + - apt-initial-install + - apt-microcode + - apt-compiler-pkgs + - apt-webserver-pkgs + +- name: (apt.yml) Initial install debian packages (stretch) + apt: + name: "{{ apt_initial_install_stretch }}" + state: "{{ apt_install_state }}" + when: + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "9" + tags: + - apt-initial-install + +- name: (apt.yml) Initial install debian packages (buster) + apt: + name: "{{ apt_initial_install_buster }}" + state: "{{ apt_install_state }}" + when: + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "10" + tags: + - apt-initial-install + +- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch) + apt: + name: "{{ microcode_package }}" + state: present + default_release: "{{ ansible_distribution_release }}-backports" + when: + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "9" + - ansible_facts['processor']|string is search("Intel") + tags: + - apt-microcode + +- name: (apt.yml) Install CPU microcode (debian buster) + apt: + name: "{{ microcode_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "10" + - ansible_facts['processor']|string is search("Intel") + tags: + - apt-microcode + +- name: (apt.yml) Install lxc_host related packages + apt: + name: "{{ apt_lxc_host_pkgs }}" + state: "{{ apt_install_state }}" + when: apt_install_lxc_host_pkgs|bool + tags: + - apt-lxc-hosts-pkgs|bool + +- name: (apt.yml) Install compiler related packages + apt: + name: "{{ apt_compiler_pkgs }}" + state: "{{ apt_install_state }}" + when: apt_install_compiler_pkgs|bool + tags: + - apt-compiler-pkgs|bool + +- name: (apt.yml) Install postgresql_server related packages + apt: + name: "{{ apt_postgresql_pkgs }}" + state: "{{ apt_install_state }}" + when: apt_install_postgresql_pkgs|bool + tags: + - apt-postgresql-server-pkgs + +- name: (apt.yml) Install webserver related packages + apt: + name: "{{ apt_webserver_pkgs }}" + state: "{{ apt_install_state }}" + when: apt_install_webserver_pkgs|bool + tags: + - apt-webserver-pkgs + +- name: (apt.yml) Remove unwanted packages + apt: + name: "{{ apt_remove }}" + state: absent + purge: "{{ apt_remove_purge }}" + tags: + - apt-remove + +- name: (apt.yml) autoremove + apt: + autoremove: true + dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" + when: apt_autoremove|bool + tags: + - apt-autoremove + - apt-initial-install + - apt-microcode + - apt-compiler-pkgs + - apt-webserver-pkgs + +- name: (apt.yml) clean + command: apt-get -y clean + args: + warn: false + changed_when: false + when: apt_clean|bool + tags: + - apt-clean + - apt-initial-install + - apt-microcode + - apt-compiler-pkgs + - apt-mysql-server-pkgs + - apt-webserver-pkgs + +# Fix error if install/update of repository mysql-/mariadb-client breaks +# link '/etc/mysql/my.cnf' in case mysql/mariadb was installed from source +# +- name: (apt.yml) Check if file '/usr/local/mysql/etc/my.cnf' exists + stat: + path: /usr/local/mysql/etc/my.cnf + register: usr_local_mysql_etc_my_cnf + when: groups['mysql_server']|string is search(inventory_hostname) or + groups['apache2_webserver']|string is search(inventory_hostname) or + groups['nextcloud_server']|string is search(inventory_hostname) + tags: + - apt-webserver-pkgs + - apt-mysql-server-pkgs + - check_mysql_cnf + +#- name: debug +# debug: +# msg: +# - usr_local_mysql_etc_my_cnf.stst.exists = {{ usr_local_mysql_etc_my_cnf.stat.exists }} +# - "Variable usr_local_mysql_etc_my_cnf: {{ usr_local_mysql_etc_my_cnf }}" +# tags: +# - check_mysql_cnf + +- name: (apt.yml) Create a symbolic link /etc/my.cnf -> /usr/local/mysql/etc/my.cnf + file: + src: /usr/local/mysql/etc/my.cnf + dest: /etc/mysql/my.cnf + owner: root + group: root + state: link + when: + - (groups['mysql_server']|string is search(inventory_hostname) or + groups['apache2_webserver']|string is search(inventory_hostname) or + groups['nextcloud_server']|string is search(inventory_hostname)) + - usr_local_mysql_etc_my_cnf.stat.exists + tags: + - apt-webserver-pkgs + - apt-mysql-server-pkgs + - check_mysql_cnf + diff --git a/roles/common/tasks/basic.yml b/roles/common/tasks/basic.yml new file mode 100644 index 0000000..963c114 --- /dev/null +++ b/roles/common/tasks/basic.yml @@ -0,0 +1,46 @@ +--- + +- name: (basic.yml) Ensure timezone is is correct + timezone: name={{ time_zone }} + when: "inventory_hostname not in groups['lxc_guest']|string" + tags: + - timezone + + +- name: (basic.yml) Ensure locales are present + locale_gen: + name: "{{ item }}" + state: present + with_items: "{{ locales }}" + tags: + - locales + +- name: (basic.yml) Create a symbolic link /bin/sh -> bash + file: + src: bash + dest: /bin/sh + owner: root + group: root + state: link + tags: + - symlink-sh + +- name: (basic.yml) Check file '/etc/systemd/system.conf' exists + stat: + path: /etc/systemd/system + register: etc_systemd_system_conf + when: + - set_default_limit_nofile|bool == true + +- name: (basic.yml) Change DefaultLimitNOFILE to 1048576 + lineinfile: + dest: /etc/systemd/system.conf + state: present + regexp: '^DefaultLimitNOFILE' + line: 'DefaultLimitNOFILE=1048576' + insertafter: '^#DefaultLimitNOFILE' + when: + - set_default_limit_nofile|bool == true + - etc_systemd_system_conf.stat.exists == true + tags: + - systemd-nofiles diff --git a/roles/common/tasks/caching-nameserver.yml b/roles/common/tasks/caching-nameserver.yml new file mode 100644 index 0000000..8a047b7 --- /dev/null +++ b/roles/common/tasks/caching-nameserver.yml @@ -0,0 +1,83 @@ + +--- + +- name: (caching-nameserver.yml) update + apt: + update_cache: true + cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}" + when: apt_update|bool + tags: + - apt-caching-nameserver + + +- name: (caching-nameserver.yml) dpkg --configure + command: > + dpkg --configure -a + args: + warn: false + changed_when: _dpkg_configure.stdout_lines | length + register: _dpkg_configure + when: apt_dpkg_configure|bool + tags: + - apt-caching-nameserver + + +- name: (caching-nameserver.yml) upgrade + apt: + upgrade: "{{ apt_upgrade_type }}" + update_cache: true + dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" + when: apt_upgrade|bool + tags: + - apt-caching-nameserver + + +- name: (caching-nameserver.yml) Install bind9 packages + apt: + name: "{{ apt_bind9_pkgs }}" + state: present + when: apt_install_bind9_packages|bool == true + tags: + - apt-caching-nameserver + + +- name: (caching-nameserver.yml) Create directory /var/log/named if it does not exist + file: + path: /var/log/named + state: directory + owner: bind + group: bind + mode: '0755' + + +- name: (caching-nameserver.yml) update named.conf.options configuration file + template: + src: etc/bind/named.conf.options.j2 + dest: /etc/bind/named.conf.options + backup: yes + owner: root + group: bind + mode: 0644 + #validate: visudo -cf %s + tags: + - sudoers-global-configuration + + + +- name: (caching-nameserver.yml) Add 127.0.0.1 as first nameserver entry to /etc/resolv.conf + lineinfile: + path: /etc/resolv.conf + line: nameserver 127.0.0.1 + firstmatch: yes + insertbefore: '^nameserver' + state: present + owner: root + group: root + mode: '0644' + + +- name: (caching-nameserver.yml) Start service bind9, if not started + service: + name: bind9 + state: reloaded + enabled: yes diff --git a/roles/common/tasks/git.yml b/roles/common/tasks/git.yml new file mode 100644 index 0000000..a8fbdff --- /dev/null +++ b/roles/common/tasks/git.yml @@ -0,0 +1,237 @@ +--- + +- name: (git.yml) include variables + include_vars: "{{ item }}" + with_first_found: + - "git-{{ inventory_hostname }}.yml" + - "git-{{ ansible_distribution_release }}.yml" + - "git-{{ ansible_distribution | lower }}.yml" + - git-default.yml + tags: + - git-default-repositories + - git-lxc-guest-repositories + - git-apache2-repositories + - git-nginx-repositories + - git-mysql-server-repositories + - git-postgresql-server-repositories + - git-nextcloud-server-repositories + - git-dns-server-repositories + - git-backup-server-repositories + - git-samba-server-repositories + - git-mailservers-repositories + - git-sympa-repositories + - git-other-repositories + + +# --- +# Default reposotories +# --- + +- name: (git.yml) Install/Update default repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_default_repositories }}' + tags: + - git-default-repositories + + +# --- +# Group [lxc_guest] reposotories +# --- + +- name: (git.yml) Install/Update lxc_guest repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_lxc_guest_repositories }}' + when: "groups['lxc_guest']|string is search(inventory_hostname)" + tags: + - git-lxc-guest-repositories + + +# --- +# Group [lxc_host] reposotories +# --- + +- name: (git.yml) Install/Update lxc_host repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_lxc_host_repositories }}' + when: "groups['lxc_host']|string is search(inventory_hostname)" + tags: + - git-lxc-host-repositories + + +# --- +# Group [apache2_webserver] reposotories +# --- + +- name: (git.yml) Install/Update apache2 repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_apache2_repositories }}' + when: "groups['apache2_webserver']|string is search(inventory_hostname)" + tags: + - git-apache2-repositories + + +# --- +# Group [nginx_webserver] reposotories +# --- + +- name: (git.yml) Install/Update nginx repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_nginx_repositories }}' + when: "groups['nginx_webserver']|string is search(inventory_hostname)" + tags: + - git-nginx-repositories + + +# --- +# Group [mysql_server] reposotories +# --- + +- name: (git.yml) Install/Update mysql server repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_mysql_repositories }}' + when: "groups['mysql_server']|string is search(inventory_hostname)" + tags: + - git-mysql-server-repositories + + +# --- +# Group [postgresql_server] reposotories +# --- + +- name: (git.yml) Install/Update postgresql-server repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_postgresql_repositories }}' + when: "groups['postgresql_server']|string is search(inventory_hostname)" + tags: + - git-postgresql-server-repositories + + +# --- +# Group [nextcloud_server] reposotories +# --- + +- name: (git.yml) Install/Update nextcloud server repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_nextcloud_repositories }}' + when: "groups['nextcloud_server']|string is search(inventory_hostname)" + tags: + - git-nextcloud-server-repositories + + +# --- +# Group [dns_server] reposotories +# --- + +- name: (git.yml) Install/Update dns server repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_dns_repositories }}' + when: "groups['dns_server']|string is search(inventory_hostname)" + tags: + - git-dns-server-repositories + + +# --- +# Group [backup_server] reposotories +# --- + +- name: (git.yml) Install/Update backup server repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_backup_repositories }}' + when: "groups['backup_server']|string is search(inventory_hostname)" + ignore_errors: True + tags: + - git-backup-server-repositories + + +# --- +# Group [samba_server] reposotories +# --- + +- name: (git.yml) Install/Update samba server repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_samba_repositories }}' + when: "groups['samba_server']|string is search(inventory_hostname)" + ignore_errors: True + tags: + - git-samba-server-repositories + + + +# --- +# Group [mail_server] reposotories +# --- + +#- name: include variables +# include_vars: "git-mailservers.yml" +# tags: +# - initial-setup +# - git +# - git-mailservers + +- name: (git.yml) Install/Update default repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_mailserver_repositories }}' + when: "groups['mail_server']|string is search(inventory_hostname)" + tags: + - git-mailservers-repositories + + +# --- +# Group [sympa_list_servers] reposotories +# --- + +- name: (git.yml) Install/Update sympa server repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_sympa_repositories }}' + when: "groups['sympa_list_server']|string is search(inventory_hostname)" + tags: + - git-sympa-repositories + + +# --- +# Other (host specific) repositories +# --- + +# Read in host specific vars file if exists +- name: (git.yml) Include only files matching git-.yml (2.2) + include_vars: + dir: vars + extensions: + - yml + files_matching: "git-{{ inventory_hostname }}.yml" + tags: + - git-other-repositories + +- name: (git.yml) Install/Update other repositories + git: + repo: '{{ item.repo }}' + dest: '{{ item.dest }}' + with_items: '{{ git_other_repositories }}' + tags: + - git-other-repositories diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..c106694 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,110 @@ +--- + +# tags supported inside basic.yml +# +# timezone +# locales +# systemd-nofiles +- import_tasks: basic.yml + tags: + - basic + + +# tags supported inside sshd.yml +# +# sshd-config +- import_tasks: sshd.yml + tags: sshd + + +# tags supported inside apt.yml +# +# apt-update +# apt-upgrade +# apt-dpkg-configure +# apt-initial-install +# apt-microcode +# apt-compiler-pkgs +# apt-webserver-pkgs +# apt-lxc-hosts-pkgs +# apt-mysql-server-pkgs +# apt-postgresql-server-pkgs +# apt-remove +# apt-autoremove +# apt-clean +- import_tasks: apt.yml + tags: apt + + +# tags supported inside users.yml: +# +# users-exists +# groups-exists +# authorized_key +# sudo-users +# insert-ssh-keypair-backup-server +# keypair-backup-server +# root-defaut-ssh-keypair +# insert_root_ssh_public_key +- import_tasks: users.yml + tags: users + + +# tags supported inside users-systemfiles.yml: +# +# bash +# profile +# vim +- import_tasks: users-systemfiles.yml + tags: users-systemfiles + + +# tags supported inside users.yml: +# +# users-exists +# groups-exists +# authorized_key +# sudo-users +# webadmin-defaut-ssh-keypair +# insert_webadmin_ssh_public_key +- import_tasks: webadmin-user.yml + when: groups['webadmin']|string is search(inventory_hostname) + tags: + - users + - users-systemfiles + - webadmin + + +# tags supported inside sudoers.yml: +# +# sudoers-remove +# sudoers-file-configuration +# sudoers-global-configuration +- import_tasks: sudoers.yml + tags: sudoers + + +# tags supportetd inside git.yml +# +# git-default-repositories +# git-lxc-guest-repositories +# git-apache2-repositories +# git-nginx-repositories +# git-mysql-server-repositories +# git-nextcloud-server-repositories +# git-postgresql-server-repositories +# git-dns-server-repositories +# git-backup-server-repositories +# git-mailservers-repositories +# git-sympa-repositories +# git-other-repositories +- import_tasks: git.yml + tags: git + +# tags supportetd inside caching-nameserver.yml +# +# apt-caching-nameserver +- import_tasks: caching-nameserver.yml + when: groups['caching_nameserver']|string is search(inventory_hostname) + tags: caching-nameserver + diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml new file mode 100644 index 0000000..3ab1b69 --- /dev/null +++ b/roles/common/tasks/sshd.yml @@ -0,0 +1,28 @@ +--- + +- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists + stat: + path: /etc/ssh/sshd_config.ORIG + register: etc_sshd_sshd_config_ORIG + tags: + - sshd-config + +- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config' + command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG + when: etc_sshd_sshd_config_ORIG.stat.exists == False + tags: + - sshd-config + +- name: (sshd.yml) Create new sshd_config from template sshd_config.j2 + template: + src: etc/ssh/sshd_config.j2 + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: 0644 + validate: 'sshd -f %s -T' + #backup: yes + notify: "Restart ssh" + tags: + - sshd-config + diff --git a/roles/common/tasks/sudoers.yml b/roles/common/tasks/sudoers.yml new file mode 100644 index 0000000..be96ee6 --- /dev/null +++ b/roles/common/tasks/sudoers.yml @@ -0,0 +1,57 @@ +--- + +- name: (sudoers.yml) include variables + include_vars: "{{ item }}" + with_first_found: + - "sudoers-{{ inventory_hostname }}.yml" + - "sudoers-{{ ansible_distribution_release }}.yml" + - "sudoers-{{ ansible_distribution | lower }}.yml" + - "sudoers-default.yml" + tags: + - sudoers-remove + - sudoers-file-configuration + - sudoers-global-configuration + +- name: (sudoers.yml) Remove user entries in file /etc/sudoers + lineinfile: + dest: /etc/sudoers + state: absent + regexp: '^{{ item }}' + owner: root + group: root + mode: 0440 + validate: visudo -cf %s + with_items: '{{ sudoers_remove_user }}' + tags: + - sudoers-remove + +- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/) + template: + src: etc/sudoers.d/50-user.j2 + dest: /etc/sudoers.d/50-user + #validate: visudo -cf %s + owner: root + group: root + mode: 0440 + tags: + - sudoers-file-configuration + +- name: (sudoers.yml) update global sudoers configuration file + template: + src: etc/sudoers.j2 + dest: /etc/sudoers + owner: root + group: root + mode: 0440 + #validate: visudo -cf %s + tags: + - sudoers-global-configuration + +- name: (sudoers.yml) Ensure all sudo_users are in sudo group + user: + name: "{{ item }}" + groups: sudo + append: yes + with_items: "{{ sudo_users }}" + tags: + - sudo-users diff --git a/roles/common/tasks/users-systemfiles.yml b/roles/common/tasks/users-systemfiles.yml new file mode 100644 index 0000000..8817963 --- /dev/null +++ b/roles/common/tasks/users-systemfiles.yml @@ -0,0 +1,139 @@ +--- + +# -- +# Copy .bashrc +# --- + +- name: (users-systemfiles.yml) Check if users file '.bashrc.ORIG' exists + stat: + path: "~{{ item.name }}/.bashrc.ORIG" + register: bashrc_user_orig_exists + with_items: "{{ default_user }}" + tags: + - bash + +- name: (users-systemfiles.yml) Backup existing users .bashrc file + command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG + with_items: "{{ bashrc_user_orig_exists.results }}" + when: item.stat.exists == False + tags: + - bash + +- name: (users-systemfiles.yml) copy .bashrc if it exists + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') }}" + dest: "~{{ item.name }}/.bashrc" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0644 + with_items: "{{ default_user }}" + when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') + tags: + - bash + +- name: (users-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists + stat: + path: /root/.bashrc.ORIG + register: bashrc_root_orig_exists + tags: + - bash + +- name: (users-systemfiles.yml) Backup /root/.bashrc file + command: cp /root/.bashrc /root/.bashrc.ORIG + when: bashrc_root_orig_exists.stat.exists == False + tags: + - bash + +- name: (users-systemfiles.yml) copy .bashrc for user root + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}" + dest: "/root/.bashrc" + owner: root + group: root + mode: 0644 + when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') + tags: + - bash + +# -- +# Copy .profile +# --- + +- name: (users-systemfiles.yml) Check if users file '.profile.ORIG' exists + stat: + path: "~{{ item.name }}/.profile.ORIG" + register: profile_user_orig_exists + with_items: "{{ default_user }}" + tags: + - profile + +- name: (users-systemfiles.yml) Backup existing users .profile file + command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG + with_items: "{{ profile_user_orig_exists.results }}" + when: item.stat.exists == False + tags: + - profile + +- name: (users-systemfiles.yml) copy .profile if it exists + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') }}" + dest: "~{{ item.name }}/.profile" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0644 + with_items: "{{ default_user }}" + when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') + tags: + - profile + +- name: (users-systemfiles.yml) Check if file '/root/.profile.ORIG' exists + stat: + path: /root/.profile.ORIG + register: profile_root_orig_exists + tags: + - profile + +- name: (users-systemfiles.yml) Backup existing users .profile file + command: cp -a /root/.profile /root/.profile.ORIG + when: profile_root_orig_exists.stat.exists == False + tags: + - profile + +- name: (users-systemfiles.yml) copy .profile for user root + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}" + dest: "/root/.profile" + owner: root + group: root + mode: 0644 + when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') + tags: + - profile + +# -- +# Copy .vimrc +# --- + +- name: (users-systemfiles.yml) copy .vimrc if it exists + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') }}" + dest: "~{{ item.name }}/.vimrc" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0644 + with_items: "{{ default_user }}" + when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') + tags: + - vim + +- name: (users-systemfiles.yml) copy .vimrc for user root + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}" + dest: "/root/.vimrc" + owner: root + group: root + mode: 0644 + when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') + tags: + - vim + diff --git a/roles/common/tasks/users.yml b/roles/common/tasks/users.yml new file mode 100644 index 0000000..f2876d0 --- /dev/null +++ b/roles/common/tasks/users.yml @@ -0,0 +1,180 @@ +--- + +# --- +# - default user/groups +# --- + +- name: (users.yml) Ensure default groups exists + group: + name: '{{ item.name }}' + state: present + gid: '{{ item.group_id | default(omit) }}' + with_items: '{{ default_user }}' + when: item.group_id is defined + tags: + - groups-exists + +- name: (users.yml) Ensure default users exists + user: + name: '{{ item.name }}' + state: present + uid: '{{ item.user_id | default(omit) }}' + group: '{{ item.name | default(omit) }}' + home: '{{ item.home | default(omit) }}' + shell: '{{ item.shell|d("/bin/bash") }}' + password: "{{ item.password }}" + update_password: on_create + with_items: '{{ default_user }}' + tags: + - users-exists + +- name: (users.yml) Ensure authorized_key files for default users are present + authorized_key: + user: "{{ item.0.name }}" + key: "{{ item.1 }}" + state: present + with_subelements: + - '{{ default_user }}' + - ssh_keys + tags: + - authorized_key + +# --- +# - extra user/groups +# --- + +- name: (users.yml) Ensure extra groups exists + group: + name: '{{ item.name }}' + state: present + gid: '{{ item.group_id | default(omit) }}' + with_items: '{{ extra_user }}' + when: + - extra_user is defined and extra_user|length > 0 + - item.group_id is defined + tags: + - groups-exists + +- name: (users.yml) Ensure extra users exists + user: + name: '{{ item.name }}' + state: present + uid: '{{ item.user_id | default(omit) }}' + group: '{{ item.name | default(omit) }}' + home: '{{ item.home | default(omit) }}' + shell: '{{ item.shell|d("/bin/bash") }}' + password: "{{ item.password }}" + update_password: on_create + with_items: '{{ extra_user }}' + when: extra_user is defined and extra_user|length > 0 + tags: + - users-exists + +- name: (users.yml) Ensure authorized_key files for extra users are present + authorized_key: + user: "{{ item.0.name }}" + key: "{{ item.1 }}" + state: present + with_subelements: + - '{{ extra_user }}' + - ssh_keys + when: extra_user is defined and extra_user|length > 0 + tags: + - authorized_key + + +# --- +# - Take care backup host has rsa key to connect via ssh to the other hosts +# --- + +- name: (users.yml) Copy ssh rsa private key to user root of backup server + copy: + src: '{{ item.priv_key_src }}' + dest: '{{ item.priv_key_dest }}' + owner: root + group: root + mode: '0600' + with_items: '{{ ssh_keypair_backup_server }}' + when: + - ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0 + - insert_ssh_keypair_backup_server|bool + tags: + - insert-ssh-keypair-backup-server + - keypair-backup-server + + +- name: (users.yml) Copy ssh rsa public key to user root of backup server + copy: + src: '{{ item.pub_key_src }}' + dest: '{{ item.pub_key_dest }}' + owner: root + group: root + mode: '0644' + with_items: '{{ ssh_keypair_backup_server }}' + when: + - ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0 + - insert_ssh_keypair_backup_server|bool + tags: + - insert-ssh-keypair-backup-server + - keypair-backup-server + + +- name: (users.yml) Ensure user back has public rsa key of backup server + authorized_key: + user: "{{ item.backup_user }}" + key: "{{ lookup('file', item.pub_key_src) }}" + state: present + with_items: '{{ ssh_keypair_backup_server }}' + when: ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0 + tags: + - authorized_key + - keypair-backup-server + + +# --- +# - Allow connection via ssh to backup host +# --- + +- name: (users.yml) Copy default ed25519 ssh private key to user root + copy: + src: '{{ item.priv_key_src }}' + dest: '{{ item.priv_key_dest }}' + owner: root + group: root + mode: '0600' + #when: groups['oopen_server']|string is search(inventory_hostname) + when: + - insert_root_ssh_keypair|bool + - groups['backup_server']|string is not search(inventory_hostname) + with_items: '{{ root_ssh_keypair }}' + tags: + - insert_root_ssh_keypair + - root-defaut-ssh-keypair + +- name: (users.yml) Copy default ed25519 ssh public key to user root + copy: + src: '{{ item.pub_key_src }}' + dest: '{{ item.pub_key_dest }}' + owner: root + group: root + mode: '0644' + with_items: '{{ root_ssh_keypair }}' + #when: groups['oopen_server']|string is search(inventory_hostname) + when: + - insert_root_ssh_keypair|bool + - groups['backup_server']|string is not search(inventory_hostname) + tags: + - insert_root_ssh_keypair + - root-defaut-ssh-keypair + +- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key + authorized_key: + user: root + key: "{{ lookup('file', item.pub_key_src) }}" + state: present + with_items: '{{ root_ssh_keypair }}' + when: inventory_hostname == item.target + tags: + - authorized_key + - root-defaut-ssh-keypair + diff --git a/roles/common/tasks/webadmin-user.yml b/roles/common/tasks/webadmin-user.yml new file mode 100644 index 0000000..8da47d2 --- /dev/null +++ b/roles/common/tasks/webadmin-user.yml @@ -0,0 +1,196 @@ +--- + +# --- +# - webadmin user/group +# --- + +- name: (webadmin-user.yml) Ensure webadmin group exists + group: + name: '{{ item.name }}' + state: present + gid: '{{ item.group_id | default(omit) }}' + with_items: '{{ webadmin_user }}' + when: + - groups['webadmin']|string is search(inventory_hostname) + - webadmin_user is defined + - item.group_id is defined + tags: + - webadmin + - groups-exists + +- name: (webadmin-user.yml) Ensure webadmin user exists + user: + name: '{{ item.name }}' + state: present + uid: '{{ item.user_id | default(omit) }}' + group: '{{ item.name | default(omit) }}' + home: '{{ item.home | default(omit) }}' + shell: '{{ item.shell|d("/bin/bash") }}' + password: "{{ item.password }}" + update_password: on_create + with_items: '{{ webadmin_user }}' + when: + - groups['webadmin']|string is search(inventory_hostname) + - webadmin_user is defined + tags: + - webadmin + - users-exists + +- name: (webadmin-user.yml) Ensure authorized_key files for webadmin user is present + authorized_key: + user: "{{ item.0.name }}" + key: "{{ item.1 }}" + state: present + with_subelements: + - '{{ webadmin_user }}' + - ssh_keys + when: + - groups['webadmin']|string is search(inventory_hostname) + - webadmin_user is defined + tags: + - webadmin + - authorized_key + +- name: (webadmin-user.yml) Copy default ed25519 ssh private key to user webadmin + copy: + src: '{{ item.priv_key_src }}' + dest: '{{ item.priv_key_dest }}' + owner: '{{ item.login }}' + group: '{{ item.login }}' + mode: '0600' + #when: groups['oopen_server']|string is search(inventory_hostname) + when: + - insert_webadmin_ssh_keypair|bool + with_items: '{{ webadmin_ssh_keypair }}' + tags: + - webadmin + - webadmin-defaut-ssh-keypair + +- name: (webadmin-user.yml) Copy default ssh key ed25519 public key to user webadmin + copy: + src: '{{ item.pub_key_src }}' + dest: '{{ item.pub_key_dest }}' + owner: '{{ item.login }}' + group: '{{ item.login }}' + mode: '0644' + with_items: '{{ webadmin_ssh_keypair }}' + when: + - insert_webadmin_ssh_keypair|bool + tags: + - webadmin + - webadmin-defaut-ssh-keypair + +- name: (webadmin-user.yml) Ensure .ssh/config of user webadmin is up-to-date + template: + src: var/www/.ssh/config.j2 + dest: '~webadmin/.ssh/config' + owner: webadmin + group: webadmin + mode: '0644' + when: + - insert_webadmin_ssh_keypair|bool + tags: + - webadmin + - webadmin-defaut-ssh-keypair + +# devel-repos contains SVN repositiries; webadmin must have ssh access to +# to webadmin at devel-repos to manage SVN repository +# +- name: (webadmin-user.yml) Ensure authorized_key on devel-repos hosts contains public key + authorized_key: + user: "{{ item.login }}" + key: "{{ lookup('file', item.pub_key_src) }}" + state: present + with_items: '{{ webadmin_ssh_keypair }}' + when: inventory_hostname == item.target + tags: + - webadmin + - authorized_key + - insert_webadmin_ssh_public_key + + +# -- +# Copy .bashrc +# --- + +- name: (webadmin-user.yml) Check if webadmin's file '.bashrc.ORIG' exists + stat: + path: "~{{ item.name }}/.bashrc.ORIG" + register: bashrc_webadmin_orig_exists + with_items: "{{ webadmin_user }}" + tags: + - webadmin + - bash + +- name: (webadmin-user.yml) Backup existing webadmin's .bashrc file + command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG + with_items: "{{ bashrc_webadmin_orig_exists.results }}" + when: item.stat.exists == False + tags: + - webadmin + - bash + +- name: (webadmin-user.yml) copy new .bashrc ifor webadmin if it exists + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') }}" + dest: "~{{ item.name }}/.bashrc" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0644 + with_items: "{{ webadmin_user }}" + when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') + tags: + - webadmin + - bash + +# -- +# Copy .profile +# --- + +- name: (webadmin-user.yml) Check if webadmin's file '.profile.ORIG' exists + stat: + path: "~{{ item.name }}/.profile.ORIG" + register: profile_webadmin_orig_exists + with_items: "{{ webadmin_user }}" + tags: + - webadmin + - profile + +- name: (webadmin-user.yml) Backup existing users .profile file + command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG + with_items: "{{ profile_webadmin_orig_exists.results }}" + when: item.stat.exists == False + tags: + - webadmin + - profile + +- name: (webadmin-user.yml) copy .profile for user webadmin if it exists + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') }}" + dest: "~{{ item.name }}/.profile" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0644 + with_items: "{{ webadmin_user }}" + when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') + tags: + - webadmin + - profile + +# -- +# Copy .vimrc +# --- + +- name: (webadmin-user.yml) copy .vimrc for user webadmin if it exists + copy: + src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') }}" + dest: "~{{ item.name }}/.vimrc" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0644 + with_items: "{{ webadmin_user }}" + when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') + tags: + - webadmin + - vim + diff --git a/roles/common/templates/etc/apt/sources.list.Debian.j2 b/roles/common/templates/etc/apt/sources.list.Debian.j2 new file mode 100644 index 0000000..8e79f45 --- /dev/null +++ b/roles/common/templates/etc/apt/sources.list.Debian.j2 @@ -0,0 +1,28 @@ +# {{ ansible_managed }} + +deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main + +deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main +{{ '# ' if not apt_src_enable else '' }}deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main + +# {{ ansible_lsb.codename }}-updates, previously known as 'volatile' +deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main + +# Contrib packages contain DFSG-compliant software, +# but have dependencies not in main (possibly packaged for Debian in non-free). +# Non-free contains software that does not comply with the DFSG. +{% if apt_debian_contrib_nonfree_enable %} +deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free +{% endif %} + +# # N.B. software from this repository may not have been tested as +# # extensively as that contained in the main release, although it includes +# # newer versions of some applications which may provide useful features. +{% if apt_backports_enable %} +deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free +{% endif %} + diff --git a/roles/common/templates/etc/bind/named.conf.options.j2 b/roles/common/templates/etc/bind/named.conf.options.j2 new file mode 100644 index 0000000..e37c390 --- /dev/null +++ b/roles/common/templates/etc/bind/named.conf.options.j2 @@ -0,0 +1,106 @@ +# {{ ansible_managed }} + +{% if acl_caching_nameserver is defined and acl_caching_nameserver|length > 0 %} +{% for acl in acl_caching_nameserver %} + +acl {{ acl.name }} { +{% for entry in acl.entries %} + {{ entry }} +{% endfor %} +}; +{% endfor %} +{% endif %} + +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + // caching name services + recursion yes; + +{% if acl_caching_nameserver is defined and acl_caching_nameserver|length > 0 %} + listen-on port 53 { + any ; + }; + + listen-on-v6 port 53 { + any; + }; + + allow-recursion { + 127.0.0.1; + ::1 ; +{% for acl in acl_caching_nameserver %} + {{ acl.name }}; +{% endfor %} + }; + +{% else %} + listen-on port 53 { + 127.0.0.1; + }; + + listen-on-v6 port 53 { + ::1; + }; + + allow-recursion { + 127.0.0.1; + ::1; + }; +{% endif %} +}; + +logging { + channel simple_log { + file "/var/log/named/bind.log" versions 3 size 5m; + severity warning; + print-time yes; + print-severity yes; + print-category yes; + }; + channel queries_log { + file "/var/log/named/query.log" versions 5 size 2m; + severity info; + print-time yes; + print-severity yes; + print-category no; + }; + channel dnssec_log { + file "/var/log/named/dnssec.log" versions 5 size 2m; + severity debug 3; + print-time yes; + print-severity yes; + print-category yes; + }; + category resolver { + queries_log; + }; + category queries { + queries_log; + }; + category dnssec { + dnssec_log; + }; + category default{ + simple_log; + }; +}; diff --git a/roles/common/templates/etc/ssh/sshd_config.j2 b/roles/common/templates/etc/ssh/sshd_config.j2 new file mode 100644 index 0000000..da348c4 --- /dev/null +++ b/roles/common/templates/etc/ssh/sshd_config.j2 @@ -0,0 +1,286 @@ +# {{ ansible_managed }} + +#----------------------------- +# Daemon +#----------------------------- + +# What ports, IPs and protocols we listen for +{% for item in sshd_ports %} +Port {{ item }} +{% endfor %} + +# Specifies the local addresses sshd(8) should listen on. The following forms may be used: +# +# ListenAddress host|IPv4_addr|IPv6_addr +# ListenAddress host|IPv4_addr:port +# ListenAddress [host|IPv6_addr]:port +# +# If port is not specified, sshd will listen on the address and all Port options specified. The default +# is to listen on all local addresses. Multiple ListenAddress options are permitted. +# +# ListenAddress :: +# ListenAddress 0.0.0.0 +# ListenAddress 159.69.72.24 +# ListenAddress 2a01:4f8:231:171f::2 +# +{% if (sshd_listen_address is defined) and sshd_listen_address %} +{% for item in sshd_listen_address %} +ListenAddress {{ item }} +{% endfor %} +{% endif %} + +# Specifies the protocol versions sshd(8) supports. +# The possible values are ‘1’ , `2' and ‘1,2’. +# The default is ‘2’. +Protocol 2 + +# HostKeys for protocol version 2 +{% for item in sshd_host_keys %} +HostKey {{ item }} +{% endfor %} + +# Lifetime and size of ephemeral version 1 server key +# +# Note: +# Deprecated option KeyRegenerationInterval +# Deprecated option ServerKeyBits +# +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 + +# Specifies the maximum number of concurrent unauthenticated connections +# to the SSH daemon. See sshd_config(5) for specifiing the three colon +# separated values. +# The default is 10. +#MaxStartups 10:30:100 +#MaxStartups 3 +MaxStartups 10:30:100 + +# Specifies the maximum number of authentication attempts permitted per +# connection. +# The default is 6. +MaxAuthTries 3 + +# Specifies the maximum number of open sessions permitted per network +# connection. +# The default is 10. +MaxSessions 10 + + +#----------------------------- +# Authentication +#----------------------------- + +# Specifies whether sshd(8) separates privileges by creating an unprivileged +# child process to deal with incoming network traffic. +# The default is "yes" (for security). +UsePrivilegeSeparation yes + +# The server disconnects after this time if the user has not +# successfully logged in. +# The default is 120 seconds. +LoginGraceTime 120 + +# Specifies whether root can log in using ssh(1). +# The default is "yes". +# Possible values: yes, no, prohibit-password (or teh older one: without-password) +#PermitRootLogin yes +PermitRootLogin {{ sshd_permit_root_login }} + +# Specifies whether sshd(8) should check file modes and ownership of the +# user's files and home directory before accepting login. This is normally +# desirable because novices sometimes accidentally leave their directory or +# files world-writable. Note that this does not apply to ChrootDirectory, +# whose permissions and ownership are checked unconditionally. +# The default is “yes”. +StrictModes yes + +# Specifies whether pure RSA authentication is allowed. This option +# applies to protocol version 1 only. +# The default is “yes”. +# +# Note: +# Deprecated option RSAAuthentication +# +#RSAAuthentication yes + +# Specifies whether public key authentication is allowed. Note that this +# option applies to protocol version 2 only. +# The default is “yes”. +PubkeyAuthentication {{ sshd_pubkey_authentication }} + +# Specifies the file that contains the public keys that can be used for +# user authentication. The format is described in the AUTHORIZED_KEYS FILE +# FORMAT section of sshd(8). +# AuthorizedKeysFile may contain tokens of the form %T which are substituted +# during connection setup. The following tokens are defined: %% is replaced +# by a literal '%', %h is replaced by the home directory of the user being +# authenticated, and %u is replaced by the username of that user. After +# expansion, AuthorizedKeysFile is taken to be an absolute path or one relative +# to the user's home directory. Multiple files may be listed, separated by +# whitespace. +# The default is “.ssh/authorized_keys .ssh/authorized_keys2”. +#AuthorizedKeysFile %h/.ssh/authorized_keys +AuthorizedKeysFile {{ sshd_authorized_keys_file }} + +# Specifies whether password authentication is allowed. +# Change to no to disable tunnelled clear text passwords +# The default is "yes". +#PasswordAuthentication yes +PasswordAuthentication {{ sshd_password_authentication }} + +# When password authentication is allowed, it specifies whether the +# server allows login to accounts with empty password strings. +# The default is “no”. +PermitEmptyPasswords no + +# Specifies whether challenge-response authentication is allowed (e.g. via PAM). +# The default is “yes”. +ChallengeResponseAuthentication no + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +# +# Note: +# Deprecated option RhostsRSAAuthentication +# +#RhostsRSAAuthentication no + +# similar for protocol version 2 +HostbasedAuthentication no + +# Specifies whether sshd(8) should ignore the user's ~/.ssh/known_hosts +# during RhostsRSAAuthentication or HostbasedAuthentication. +# The default is “no”. +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# If specified, login is allowed only for user names that match one of +# the patterns. +# The allow/deny directives are processed in the following order: DenyUsers, +# AllowUsers, DenyGroups, and finally AllowGroups. +# By default, login is allowed for all users. +#AllowUsers chris cityslang sysadm + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +# Specifies whether login(1) is used for interactive login sessions. +# Note that login(1) is never used for remote command execution. +# Note also, that if this is enabled, X11Forwarding will be disabled +# because login(1) does not know how to handle xauth(1) cookies. If +# UsePrivilegeSeparation is specified, it will be disabled after +# authentication. +# The default is “no”. +#UseLogin no + + +#----------------------------- +# Logging +#----------------------------- + +# Gives the facility code that is used when logging messages from sshd(8). +# The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, +# LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. +# The default is AUTH. +SyslogFacility AUTH + +# Gives the verbosity level that is used when logging messages from +# sshd(8). +# The default is INFO. +LogLevel INFO + + +#----------------------------- +# Behavior +#----------------------------- + +# Specifies whether the distribution-specified extra version suffix is included +# during initial protocol handshake. +# The default is "yes". +DebianBanner no + +# The contents of the specified file are sent to the remote user before +# authentication is allowed. +# By default, no banner is displayed. +#Banner /etc/issue.net + +# Specifies whether sshd(8) should print /etc/motd when a user logs in +# interactively. (On some systems it is also printed by the shell, +# /etc/profile, or equivalent.) +# The default is “yes”. +PrintMotd {{ sshd_print_motd }} + +# Specifies what environment variables sent by the client will be copied +# into the session's environ(7). +# The default is not to accept any environment variables. +AcceptEnv LANG LC_* + +# Configures an external subsystem (e.g. file transfer daemon). +# By default no subsystems are defined. +Subsystem sftp /usr/lib/openssh/sftp-server + +# Specifies whether sshd(8) should look up the remote host name and check +# that the resolved host name for the remote IP address maps back to the +# very same IP address. +# The default is “yes”. +UseDNS {{ sshd_use_dns }} + +# Specifies whether X11 forwarding is permitted. The argument must be +# “yes” or “no”. See sshd_config(5) for further expalnation +# The default is “no”. +#X11Forwarding yes + +# Specifies the first display number available for sshd(8)'s X11 +# forwarding. This prevents sshd from interfering with real X11 servers. +# The default is 10. +X11DisplayOffset 10 + +# Specifies whether the system should send TCP keepalive messages to the +# other side. If they are sent, death of the connection or crash of one +# of the machines will be properly noticed. However, this means +# that connections will die if the route is down temporarily, and some +# people find it annoying. On the other hand, if TCP keepalives are not +# sent, sessions may hang indefinitely on the server, leaving “ghost” users +# and consuming server resources. +# +# The default is “yes” (to send TCP keepalive messages), and the server +# will notice if the network goes down or the client host crashes. This +# avoids infinitely hanging sessions. +TCPKeepAlive yes + +#Specifies whether sshd(8) should print the date and time of the last +# user login when a user logs in interactively. +# The default is “yes”. +PrintLastLog yes + + +#----------------------------- +# Kerberos options +#----------------------------- +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + + +#----------------------------- +# GSSAPI options +#----------------------------- + +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + + + + + diff --git a/roles/common/templates/etc/sudoers.d/50-user.j2 b/roles/common/templates/etc/sudoers.d/50-user.j2 new file mode 100644 index 0000000..f55dba4 --- /dev/null +++ b/roles/common/templates/etc/sudoers.d/50-user.j2 @@ -0,0 +1,84 @@ +# {{ ansible_managed }} + +{% for item in sudoers_file_defaults | default([]) %} +Defaults {{ item }} +{% endfor %} + +# Host alias specification +{% for item in sudoers_file_host_aliases | default([]) %} +Host_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# User alias specification +{% for item in sudoers_file_user_aliases | default([]) %} +User_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# Cmnd alias specification +{% for item in sudoers_file_cmnd_aliases | default([]) %} +Cmnd_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# Runas alias specification +{% for item in sudoers_file_runas_aliases | default([]) %} +Runas_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# User privilege specification + +{# rule for user 'back' #} +{% for item in sudoers_file_user_back_privileges | default([]) %} +back {{ item }} +{% endfor -%} + + +{%- if ansible_virtualization_role == 'host' %} + +{% for item in sudoers_file_user_back_disk_privileges | default([]) %} +back {{ item }} +{% endfor %} +{% endif -%} + + +{%- if groups['webadmin']|string is search(inventory_hostname) %} + +{% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %} +webadmin {{ item }} +{% endfor %} +{% endif -%} + + +{%- if groups['postgresql_server']|string is search(inventory_hostname) %} + +{% for item in sudoers_file_user_back_postgres_privileges | default([]) %} +back {{ item }} +{% endfor %} +{% endif -%} + + +{# dns server #} +{%- if groups['dns_server']|string is search(inventory_hostname) %} + +{% for item in sudoers_file_dns_server_privileges | default([]) %} +{{ item.name }} {{ item.entry }} +{% endfor %} +{% endif -%} + + +{# postfixadmin rules #} +{%- if groups['mail_server']|string is search(inventory_hostname) %} + +{% for item in sudoers_file_postfixadmin_privileges | default([]) %} +{{ item.name }} {{ item.entry }} +{% endfor %} +{% endif -%} + +{# other (host specific) rules #} +{%- if (sudoers_file_user_privileges is defined and sudoers_file_user_privileges) %} + +{% for item in sudoers_file_user_privileges | default([]) %} +{{ item.name }} {{ item.entry }} +{% endfor %} +{% endif %} + +# Group privilege specification diff --git a/roles/common/templates/etc/sudoers.j2 b/roles/common/templates/etc/sudoers.j2 new file mode 100644 index 0000000..c1399b6 --- /dev/null +++ b/roles/common/templates/etc/sudoers.j2 @@ -0,0 +1,53 @@ +# {{ ansible_managed }} + +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +{% for item in sudoers_defaults %} +{% if item != '' %} +Defaults {{ item }} +{% endif %} +{% endfor %} + +# Host alias specification +{% for item in sudoers_host_aliases | default([]) %} +Host_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# User alias specification +{% for item in sudoers_user_aliases | default([]) %} +User_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# Cmnd alias specification +{% for item in sudoers_cmnd_aliases | default([]) %} +Cmnd_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# Runas alias specification +{% for item in sudoers_runas_aliases | default([]) %} +Runas_Alias {{ item.name }} = {{ item.entry }} +{% endfor %} + +# User privilege specification +{% for item in sudoers_user_privileges | default([]) %} +{{ item.name }} {{ item.entry }} +{% endfor %} + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +# Group privilege specification + +{% for item in sudoers_group_privileges | default([]) %} +{{ item.name }} {{ item.entry }} +{% endfor %} + +# See sudoers(5) for more information on "#include" directives: + +#includedir /etc/sudoers.d + diff --git a/roles/common/templates/var/www/.ssh/config.j2 b/roles/common/templates/var/www/.ssh/config.j2 new file mode 100644 index 0000000..a8127c9 --- /dev/null +++ b/roles/common/templates/var/www/.ssh/config.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +Host wf.oopen.de 80.152.216.128 gw-d11.oopen.de d11.warenform.de + user webadmin + Protocol 2 + Port 9998 + ForwardAgent yes + StrictHostKeyChecking no + diff --git a/roles/common/vars/git-debian.yml b/roles/common/vars/git-debian.yml new file mode 100644 index 0000000..c61dd7c --- /dev/null +++ b/roles/common/vars/git-debian.yml @@ -0,0 +1,218 @@ +# vars file for git +--- + +# --- +# all servers +# --- +git_default_repositories: + + # script repositories (destination /root/bin/) + - name: admin-stuff + repo: https://git.oopen.de/script/admin-stuff + dest: /root/bin/admin-stuff + + - name: postfix + repo: https://git.oopen.de/script/postfix + dest: /root/bin/postfix + + # install repositories (destination: /usr/local/src/) + - name: mailsystem + repo: https://git.oopen.de/install/mailsystem + dest: /usr/local/src/mailsystem + +# --- +# group [lxc_host] +# --- +git_lxc_host_repositories: + + # Monitoring + - name: monitoring + repo: https://git.oopen.de/script/monitoring + dest: /root/bin/monitoring + + # LXC + - name: LXC + repo: https://git.oopen.de/script/LXC + dest: /root/bin/LXC + + # firewall + - name: ipt-server + repo: https://git.oopen.de/firewall/ipt-server + dest: /usr/local/src/ipt-server + +# --- +# group [lxc_guest] +# --- +git_lxc_guest_repositories: + + # dehydrated-cron + - name: dehydrated-cron + repo: https://git.codecoop.org/so36intern/dehydrated-cron.git + dest: /usr/local/src/dehydrated-cron + + # firewall + - name: ipt-server + repo: https://git.oopen.de/firewall/ipt-server + dest: /usr/local/src/ipt-server + + +# --- +# group [apache2_webserver] +# --- +git_apache2_repositories: + # script repositories (destination /root/bin/) + - name: apache2 + repo: https://git.oopen.de/script/apache2 + dest: /root/bin/apache2 + + # install repositories (destination: /usr/local/src/) + - name: apache2 + repo: https://git.oopen.de/install/apache2 + dest: /usr/local/src/apache2 + + - name: php + repo: https://git.oopen.de/install/php + dest: /usr/local/src/php + + +# --- +# group [nginx_webserver] +# --- +git_nginx_repositories: [] + + +# --- +# group [mysql_server] +# --- +git_mysql_repositories: + + # script repositories (destination /root/bin/) + - name: mysql + repo: https://git.oopen.de/script/mysql + dest: /root/bin/mysql + + # install repositories (destination: /usr/local/src/) + - name: mysql + repo: https://git.oopen.de/install/mysql + dest: /usr/local/src/mysql + + +# --- +# group [postgresql_server] +# --- +git_postgresql_repositories: + + # script repositories (destination /root/bin/) + - name: postgres + repo: https://git.oopen.de/script/postgres + dest: /root/bin/postgres + + +# --- +# group [nextcloud_server] +# --- +git_nextcloud_repositories: + + # script repositories (destination /root/bin/) + - name: nextcloud + repo: https://git.oopen.de/script/nextcloud + dest: /root/bin/nextcloud + + # install repositories (destination: /usr/local/src/) + - name: nextcloud + repo: https://git.oopen.de/install/nextcloud + dest: /usr/local/src/nextcloud + + +# --- +# group [dns_server] +# --- +git_dns_repositories: + + # script repositories (destination /root/bin/) + - name: bind + repo: https://git.oopen.de/script/bind + dest: /root/bin/bind + + +# --- +# group [backup_server] +# --- +git_backup_repositories: + + # script repositories (destination /root/bin/) + - name: backup-rcopy + repo: https://git.oopen.de/backup/backup-rcopy + dest: /root/crontab/backup-rcopy + + +# --- +# group [samba_server] +# --- +git_samba_repositories: + + # script repositories (destination /root/bin/) + - name: samba + repo: https://git.oopen.de/script/samba + dest: /root/bin/samba + + +# --- +# group [mail_server] +# --- +git_mailserver_repositories: + + # script repositories (destination /root/bin/) + - name: apache2 + repo: https://git.oopen.de/script/apache2 + dest: /root/bin/apache2 + + - name: postfix + repo: https://git.oopen.de/script/postfix + dest: /root/bin/postfix + + - name: monitoring + repo: https://git.oopen.de/script/monitoring + dest: /root/bin/monitoring + + # install repositories (destination: /usr/local/src/) + - name: apache2 + repo: https://git.oopen.de/install/apache2 + dest: /usr/local/src/apache2 + + - name: php + repo: https://git.oopen.de/install/php + dest: /usr/local/src/php + + - name: mailsystem + repo: https://git.oopen.de/install/mailsystem + dest: /usr/local/src/mailsystem + + # let's encrypt + - name: dehydrated-cron + repo: https://git.codecoop.org/so36intern/dehydrated-cron.git + dest: /usr/local/src/dehydrated-cron + + # firewall + - name: ipt-server + repo: https://git.oopen.de/firewall/ipt-server + dest: /usr/local/src/ipt-server + + +# --- +# group [sympa_list_servers] +# --- +git_sympa_repositories: + + # install repositories (destination: /usr/local/src/) + - name: sympa + repo: https://git.oopen.de/install/sympa + dest: /usr/local/src/sympa + + +# --- +# Use this for host specific repositories defined in files git-.yaml +# +# Leave empty here +# --- +git_other_repositories: [] diff --git a/roles/common/vars/sudoers-debian.yml b/roles/common/vars/sudoers-debian.yml new file mode 100644 index 0000000..af1417f --- /dev/null +++ b/roles/common/vars/sudoers-debian.yml @@ -0,0 +1,87 @@ +# vars file for sudoers +--- + +# --- +# /etc/sudoers +# --- + +sudoers_defaults: + - env_reset + - mail_badpass + - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' + +sudoers_host_aliases: [] + +sudoers_user_aliases: [] + +sudoers_cmnd_aliases: [] + +sudoers_runas_aliases: [] + +sudoers_user_privileges: + - name: root + entry: 'ALL=(ALL:ALL) ALL' + +sudoers_group_privileges: [] + +sudoers_remove_user: + - back + - www-data + + +# --- +# /etc/sudoers.d/50-user +# --- + +sudoers_file_defaults: [] + +sudoers_file_host_aliases: [] + +sudoers_file_user_aliases: [] + +sudoers_file_cmnd_aliases: [] + +sudoers_file_runas_aliases: [] + +sudoers_file_user_back_privileges: + - 'ALL=(root) NOPASSWD: /usr/bin/rsync' + - 'ALL=(root) NOPASSWD: /usr/bin/find' + - 'ALL=(root) NOPASSWD: /usr/bin/realpath' + +sudoers_file_user_back_postgres_privileges: + - 'ALL=(postgres) NOPASSWD: /usr/bin/psql' + - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dump' + - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dumpall' + +sudoers_file_user_back_disk_privileges: + - 'ALL=(root) NOPASSWD: /usr/bin/which' + - 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*' + - 'ALL=(root) NOPASSWD: /sbin/fdisk' + - 'ALL=(root) NOPASSWD: /sbin/sgdisk' + - 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*' + - 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*' + - 'ALL=(root) NOPASSWD: /sbin/parted' + - 'ALL=(root) NOPASSWD: /sbin/gdisk' + +sudoers_file_user_webadmin_disk_privileges: + - 'ALL=(root) NOPASSWD: /usr/bin/mailq' + - 'ALL=(root) NOPASSWD: /usr/bin/tail' + - 'ALL=(root) NOPASSWD: /usr/bin/view' + +sudoers_file_dns_server_privileges: + - name: manage-bind + entry: 'ALL=(root) NOPASSWD: /usr/local/bin/bind_*' + - name: manage-bind + entry: 'ALL=(root) NOPASSWD: /root/bin/bind/bind_*' + - name: chris + entry: 'ALL=(root) NOPASSWD: /root/bin/bind/*' + +sudoers_file_postfixadmin_privileges: + - name: www-data + entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh' + - name: www-data + entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-domain-postdeletion.sh' + +sudoers_file_user_privileges: [] + +sudoers_file_group_privileges: [] diff --git a/roles/network_interfaces/README.md b/roles/network_interfaces/README.md new file mode 100644 index 0000000..027bcdd --- /dev/null +++ b/roles/network_interfaces/README.md @@ -0,0 +1,94 @@ +based on: + +https://github.com/dresden-weekly/ansible-network-interfaces (https://galaxy.ansible.com/dresden-weekly/network-interfaces/) + + +Example Playbook +---------------- + +```yml +- hosts: all + become: true + become_user: root + + roles: + - role: dresden-weekly.network-interfaces + + network_interfaces: + - device: eth0 + description: just a description for humans to understand + auto: true + family: inet + method: static + address: 192.168.1.11 + network: 192.168.1.0 + netmask: 193.168.1.255 + gateway: 192.168.1.1 + mtu: 9000 + metric: 1 + nameservers: + - 8.8.8.8 + - 8.8.4.4 + subnets: + - 192.168.1.12/32 + + - device: eth1 + description: simple dhcp client interface + auto: true + family: inet + method: dhcp + + - device: wlan0 + description: sample wlan interface using wpa_supplicant (note: does not install wpasupplicant) + auto: true + family: inet + method: dhcp + additional_options: + wpa-driver: nl80211 + wpa-ssid: my-wifi + wpa-psk: password123 + + - device: eth0.123 + description: sample vlan interface using eth0 and tagged for VLAN 123. + method: static + address: 1.2.3.4 + netmask: 24 + broadcast: 1.2.3.255 + vlan: + raw-device: eth0 + up: + - route add default gw 1.2.3.254 + + - device: eth2 + description: First bonding device + auto: true + family: inet + method: manual + bond: + master: bond0 + + - device: eth3 + description: Second bonding device + auto: true + family: inet + method: manual + bond: + master: bond0 + + - device: bond0 + description: This bonding device only has one interface + allow: + - hotplug + family: inet + method: static + bond: + mode: 802.3ad + xmit-hash-policy: layer3+4 + miimon: 100 + slaves: eth2 eth3 + address: 192.160.50.1 + netmask: 255.255.255.0 + dns_search: "localdomain" + up: + - ip route add 172.16.0.0/24 via 192.168.50.254 dev bond0 +``` diff --git a/roles/network_interfaces/defaults/main.yml b/roles/network_interfaces/defaults/main.yml new file mode 100644 index 0000000..5fcedde --- /dev/null +++ b/roles/network_interfaces/defaults/main.yml @@ -0,0 +1,13 @@ +--- + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: False + +# Should the interfaces be reloaded after config change? +network_interface_reload: True + +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown2 diff --git a/roles/network_interfaces/tasks/interfaces.yml b/roles/network_interfaces/tasks/interfaces.yml new file mode 100644 index 0000000..81fc107 --- /dev/null +++ b/roles/network_interfaces/tasks/interfaces.yml @@ -0,0 +1,59 @@ +--- + +- name: (interfaces.yml) Check if file /etc/network/interfaces.ORIG exists + stat: + path: /etc/network/interfaces.ORIG + register: stat_result + tags: + - network-interfaces + +- name: (interfaces.yml) Backup existing file '/etc/network/interfaces' + command: cp -a /etc/network/interfaces /etc/network/interfaces.ORIG + when: stat_result.stat.exists == False + tags: + - network-interfaces + +- name: (interfaces.yml) Ensure interfaces file is latest + template: + src: "{{ inventory_hostname }}/interfaces.j2" + dest: /etc/network/interfaces + with_items: network_interfaces + tags: + - network-interfaces + +- name: (interfaces.yml) Ensure imported device files at interfaces.d are latest + template: + src: "{{ inventory_hostname }}/device.j2" + dest: "{{ network_interface_path }}/device-{{ item.0 }}" + with_items: + - "{{network_interfaces | default([]) | groupby('device') }}" + register: network_configuration_result + tags: + - network-interfaces + +# --- +# Remove device files not configured here +# --- + +- name: (interfaces.yml) list existing files + find: + path: "{{ network_interface_path }}" + file_type: file + register: files_matched + tags: + - network-interfaces + +- name: (interfaces.yml) configured files + set_fact: + network_configured_files: > + [{% for item in network_configuration_result.results | default([]) -%} + u"{{ item.dest | default(item.path) }}" + {{ '' if loop.last else ',' }} + {%- endfor %}] + +- name: (interfaces.yml) remove configurations + file: + dest: "{{ item.path }}" + state: absent + when: item.path not in network_configured_files + with_items: "{{ files_matched.files | default([]) }}" diff --git a/roles/network_interfaces/tasks/main.yml b/roles/network_interfaces/tasks/main.yml new file mode 100644 index 0000000..036a9c6 --- /dev/null +++ b/roles/network_interfaces/tasks/main.yml @@ -0,0 +1,14 @@ +--- + +- import_tasks: packages.yml + when: network_interfaces is defined and network_manage_devices|bool + tags: + - networking + - network_interfaces + +- import_tasks: interfaces.yml + when: network_interfaces is defined and network_manage_devices|bool + tags: + - networking + - network_interfaces + diff --git a/roles/network_interfaces/tasks/packages.yml b/roles/network_interfaces/tasks/packages.yml new file mode 100644 index 0000000..072087c --- /dev/null +++ b/roles/network_interfaces/tasks/packages.yml @@ -0,0 +1,8 @@ +--- + +- name: (packages.yml) Ensure basic networking tools are installed + apt: + pkg: "{{ network_interface_required_packages }}" + state: present + update_cache: yes + cache_valid_time: 86400 diff --git a/roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 b/roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 new file mode 100644 index 0000000..9f8e7ab --- /dev/null +++ b/roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 @@ -0,0 +1,95 @@ +# {{ ansible_managed }} + +{# {% for config in network_interfaces %} #} +{% for config in item.1 %} + +{% if config.headline is defined %} +#----------------------------- +# {{ config.headline }} +#----------------------------- + +{% endif %} +{# {% if config.auto is defined and config.auto is sameas true %} #} +{% if config.auto | default(loop.first) %} +auto {{ config.device }} +{% endif %} +{% for stanza in config.allow | default([]) %} +allow-{{ stanza }} +{% endfor -%} + +iface {{ config.device }} {{ config.family | default('inet', true) }} {{ config.method | default('static', true) }} +{% set iface_keys = ['description', 'address', 'netmask', 'network', 'broadcast', 'gateway'] %} +{% for key in iface_keys %} +{% if key in config %} + {{ key }} {{ config[key] }} +{% endif %} +{% endfor -%} + +{# nameservers #} +{%- if (config.nameservers is defined) and (0 < config.nameservers | length) %} + + # nameserver settings + dns-nameservers {{ config.nameservers | join(' ') }} +{% endif %} +{% if config.dns_search is defined %} + dns-search {{ config.dns_search }} +{% endif -%} + +{# subnets #} +{%- if (config.subnets is defined) and (0 < config.subnets | length) %} + + # additional subnets +{% for subnet in config.subnets %} + up /sbin/ip addr add {{ subnet }} dev {{ config.device }} + down /sbin/ip addr del {{ subnet }} dev {{ config.device }} +{% endfor %} +{% endif -%} + +{# bridge settings #} +{%- if config['bridge'] is defined %} + + # bridge settings +{% for key in config.bridge %} + bridge_{{ key }} {{ config.bridge[key] }} +{% endfor %} +{% endif -%} + +{# bond parameters #} +{% set bond_keys = ['mode', 'miimon', 'downdelay', 'updelay', 'master', 'slaves', 'lacp-rate'] %} +{%- if (config.bond is defined) and (bond_keys | intersect(config.bond.keys())) -%} + + # bond parameters +{% for key in bond_keys %} +{% if key in config.bond -%} + bond-{{ key }} {{ config.bond[key] }} +{% endif %} +{% endfor %} +{% endif -%} + +{# vlan #} +{% set vlan_keys = ['raw-device'] %} +{%- if (config.vlan is defined) and (vlan_keys | intersect(config.vlan.keys())) -%} + + # vlan +{% for key in vlan_keys %} +{% if key in config.vlan -%} + vlan-{{ key }} {{ config.vlan[key] }} +{% endif %} +{% endfor %} +{% endif -%} + +{# hook scripts #} +{% set hook_keys = ['pre-up', 'up', 'post-up', 'pre-down', 'down', 'post-down'] %} +{%- if hook_keys | intersect(config.keys()) %} + + # hook scripts +{% for key in hook_keys %} +{% if key in config %} +{% for value in config[key] %} + {{ key }} {{ value }} +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + +{% endfor %} diff --git a/roles/network_interfaces/templates/etc/network/interfaces.j2 b/roles/network_interfaces/templates/etc/network/interfaces.j2 new file mode 100644 index 0000000..489979c --- /dev/null +++ b/roles/network_interfaces/templates/etc/network/interfaces.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} + +#----------------------------- +# lo: loopback +#----------------------------- + +auto lo +iface lo inet loopback +{% if network_interfaces_additional_loopback_ip_v4|d() %} +{% for ip in network_interfaces_additional_loopback_ip_v4 %} + up /sbin/ip addr add {{ ip }} dev lo + down /sbin/ip addr del {{ ip }} dev lo +{% endfor %} +{% endif -%} + +iface lo inet6 loopback +{% if network_interfaces_additional_loopback_ip_v6|d() %} +{% for ip in network_interfaces_additional_loopback_ip_v6 %} + up /sbin/ip addr add {{ ip }} dev lo + down /sbin/ip addr del {{ ip }} dev lo +{% endfor %} +{% endif %} + +source /etc/network/interfaces.d/* diff --git a/scripts/first-run.retry b/scripts/first-run.retry new file mode 100644 index 0000000..c5d1a7e --- /dev/null +++ b/scripts/first-run.retry @@ -0,0 +1 @@ +o25.oopen.de diff --git a/scripts/first-run.yml b/scripts/first-run.yml new file mode 100644 index 0000000..2a18a71 --- /dev/null +++ b/scripts/first-run.yml @@ -0,0 +1,11 @@ +--- + +- hosts: o25.oopen.de + + tasks: + + - name: Ensure aptitude is present + raw: test -e /usr/bin/aptitude || apt-get install aptitude -y + + - name: Ensure python2 is present (This is necessary for ansible to work properly) + raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) diff --git a/scripts/reset_root_passwd.yml b/scripts/reset_root_passwd.yml new file mode 100644 index 0000000..78ca288 --- /dev/null +++ b/scripts/reset_root_passwd.yml @@ -0,0 +1,11 @@ +--- +- hosts: all + gather_facts: no + + tasks: + - name: Update Root user's Password + user: + name: root + update_password: always + password: "{{ root_user.password }}" + when: root_user is defined and root_user|length > 0 diff --git a/scripts/reset_user_passwd.yml b/scripts/reset_user_passwd.yml new file mode 100644 index 0000000..8f13e4f --- /dev/null +++ b/scripts/reset_user_passwd.yml @@ -0,0 +1,34 @@ +--- +- hosts: all + gather_facts: no + + vars_prompt: + + - name: _user_name + prompt: "Give username here" + private: no + + - name: _user_pass + prompt: "Give user password here" + private: yes + encrypt: "sha512_crypt" + confirm: yes + salt_size: 8 + + tasks: + + - name: Check if {{ _user_name }} exists. + shell: egrep "^{{ _user_name }}:" /etc/passwd || echo "user_not_exists" + register: user_exists + changed_when: false + + - debug: + msg: User does not exists ! + when: user_exists.stdout == 'user_not_exists' + + - name: Update User Password + user: + name: "{{ _user_name }}" + update_password: always + password: "{{ _user_pass }}" + when: user_exists.stdout != 'user_not_exists' diff --git a/scripts/set-permission-user-back.yml b/scripts/set-permission-user-back.yml new file mode 100644 index 0000000..4d327a3 --- /dev/null +++ b/scripts/set-permission-user-back.yml @@ -0,0 +1,17 @@ +--- + +- hosts: all + gather_facts: no + + tasks: + - name: Check if directory /home/back exists + stat: + path: /home/back + register: home_back + + - name: Set correct group recursivly for directory /home/back + file: + group: back + path: /home/back + recurse: yes + when: home_back.stat.exists diff --git a/scripts/set-permission-user-sysadm.yml b/scripts/set-permission-user-sysadm.yml new file mode 100644 index 0000000..05a3f39 --- /dev/null +++ b/scripts/set-permission-user-sysadm.yml @@ -0,0 +1,17 @@ +--- + +- hosts: all + gather_facts: no + + tasks: + - name: Check if directory /home/back exists + stat: + path: /home/sysadm + register: home_sysadm + + - name: Set correct group recursivly for directory /home/sysadm + file: + group: sysadm + path: /home/sysadm + recurse: yes + when: home_sysadm.stat.exists diff --git a/scripts/test.yml b/scripts/test.yml new file mode 100644 index 0000000..c113857 --- /dev/null +++ b/scripts/test.yml @@ -0,0 +1,19 @@ +--- + +- hosts: o25.oopen.de + + tasks: + + - name: debug print all interface ipv4 data + when: "hostvars[ansible_fqdn]['ansible_'~item]['ipv4'] is defined" + debug: + msg="{{ hostvars[ansible_fqdn]['ansible_'~item]['ipv4'] | pprint }}" + with_items: + - "{{ ansible_interfaces | map('replace', '-','_') | list }}" + + - name: define traditional ethernet facts + set_fact: + ansible_eth: "{% set ansible_eth = ansible_eth|default([]) + [hostvars[inventory_hostname]['ansible_' + item]] %}{{ ansible_eth|list }}" + when: hostvars[inventory_hostname]['ansible_' + item]['type'] == 'ether' + with_items: + - "{{ hostvars[inventory_hostname]['ansible_interfaces'] }}" diff --git a/scripts/update-deb-repositories.yml b/scripts/update-deb-repositories.yml new file mode 100644 index 0000000..e9b8b45 --- /dev/null +++ b/scripts/update-deb-repositories.yml @@ -0,0 +1,7 @@ +--- + +- hosts: all + + tasks: + - name: Update debian repositories + shell: /root/bin/admin-stuff/os-upgrade.sh diff --git a/scripts/update-git-repositories.yml b/scripts/update-git-repositories.yml new file mode 100644 index 0000000..c16801b --- /dev/null +++ b/scripts/update-git-repositories.yml @@ -0,0 +1,7 @@ +--- + +- hosts: all + + tasks: + - name: Update git repositories + shell: /root/bin/admin-stuff/update_git_repositories.sh diff --git a/test.yml b/test.yml new file mode 100644 index 0000000..9789c47 --- /dev/null +++ b/test.yml @@ -0,0 +1,14 @@ +--- + +- hosts: test.mariadb.oopen.de + + tasks: + + - getent: + database: passwd + fail_key: false + key: chis + + - debug: + msg: User cris not available + when: getent_passwd.cris is not defined diff --git a/upgrade.yml b/upgrade.yml new file mode 100644 index 0000000..9674db6 --- /dev/null +++ b/upgrade.yml @@ -0,0 +1,53 @@ +--- +- hosts: debian + become: yes + + tasks: + + - name: Update packages list + apt: update_cache=yes + when: ansible_os_family == 'Debian' + + - name: List packages to upgrade (1/2) + shell: aptitude -q -F%p --disable-columns search "~U" + register: updates + changed_when: False + when: ansible_os_family == 'Debian' + + - name: List packages to upgrade (2/2) + debug: msg="{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})" + when: (ansible_os_family == 'Debian' and updates.stdout_lines) + + - name: Upgrade packages + apt: upgrade=safe + when: ansible_os_family == 'Debian' + + - name: Check what the new version is + shell: lsb_release -r | awk '{print $2}' + changed_when: False + register: new_release + + - name: /jessie/ install the needrestart package if it is missing + apt: name=needrestart state=present default_release=jessie-backports + when: ansible_distribution_release == 'jessie' + + - name: /jessie/ list services to restart (1/3) + shell: needrestart -blrl | awk '/^NEEDRESTART-SVC/{print $2}' + register: services + changed_when: False + when: ansible_distribution_release == 'jessie' + +# - name: /jessie/ merge services list (2/3) +# set_fact: +# services: "{{ services }}" + +# - name: list services to restart (3/3) +# debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (", ") }})" +# when: (ansible_os_family == 'Debian' and services.stdout_lines) + +# - name: list services to restart (2/3) +# debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (", ") }})" +# when: (ansible_os_family == 'Debian' and services.stdout_lines) + + - name: cache cleanup + shell: apt-get autoclean diff --git a/webserver.yml b/webserver.yml new file mode 100644 index 0000000..4bd7868 --- /dev/null +++ b/webserver.yml @@ -0,0 +1,20 @@ +--- + +# Intended to be run once for every new server to secure the ssh connection allowing the team access +# with their public keys. This script will lock itself out from every server it is run on. +# Further playbooks are intended to be run by logging in as one of the created users. +# It also ensures python2 is installed as it's necessary for the modules used in this playbook at +# the time of this writing. + +# The used login data depends on the used server provider. In most cases the ansible_user will be +# root, but we can't safely assume anything. +# The following line is an example for securing a new vagrant maching, after running `vagrant up`: +# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key' +# For real providers it could look like: +# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa' +# If you don't have a ssh-key on the server and the server expects password authentication use: +# ansible-playbook first_run.yml -i hosts -u root --ask-pass + +- hosts: apache2_webserver + roles: + - common