ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Christoph
2019-06-28 02:28:50 +02:00
commit 21fcd86115
107 changed files with 8346 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
roles/common/files/root/.ssh/id_ed25519.oopen-server Normal file
View File

@ -0,0 +1,25 @@
$ANSIBLE_VAULT;1.1;AES256
63643737376337323337623439396262306134613362643439653232343866633263363236623635
6538653437613666343435323030663235636537666438320a326462646262613962316335363764
32343265373238373432313039393464343934613039303937326634333361303362306462646437
3032333239616631350a383935333138336464373261333734313137363730356363373163346637
34336164323630343364373065613234383163393634653531363363663761653834663336396234
64303336393762633065373638653963383063353666373461633662383538633733653339326262
64316339663566313039656238373133353733356537323935646531636363616666623764336165
66613565613739386231623262663532393463646565373333333061326234346162353637666631
65623766643765376537656466623738356437666634316565623038623839303761393562633534
64643839626163323962356264313563613834353633633030636466393931366661313233633830
63336431353566333161643831333662373163636164346335643937353730363832363036376434
30636230303333663965336166663162653330636436336438663861343064643238316662393665
61656438373631303836656332636165616663393462613035343430653362313938336534323734
37353665373330343034653064333536643133366661353033633662323562386366306136636230
34663562373731316266383430353262376333366366316561633165636233353332626438373238
63633161363639613263636461326162613663353365396464636434353533653939393136316263
34396238346134396565326230363634346662653739333666356666373864656265636531633162
63333737333438333234343433646165333161316636356662313663353939393739626566383864
39346535323866393061613065623031616333363132623433373634373466356531626630643931
62626635613666623539386335656630653666383839613730323839303737346161656438333239
30343463393438643065326466306636393561643164613332643239613261613432326362616233
38363366616265363134616265656636663636366366316261316135666661623939633637616239
65386331376665336335383739386538613539306239303363303537373332303465376465323133
32346362636235323161

1
roles/common/files/root/.ssh/id_ed25519.oopen-server.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server

25
roles/common/files/root/.ssh/id_ed25519.warenform-office Normal file
View File

@ -0,0 +1,25 @@
$ANSIBLE_VAULT;1.1;AES256
32313732326132663062643663366337663462386532333331393338393233646262383338366330
3561356332626435336438616130323363626561396634330a313730343639373566623030633030
62386565313639613837353338653432336465633364333532666338633362643536303165636630
6139626539356634660a613839373666613161343265366564383362316361363633363764353135
63323064393065633263323735643864643236386532643565653631366564393337343261326337
62353938336463653934313333333963666233313231326466383864343564393837306164633730
33316236393530613631316264633935383734373938316466623339366464393836663139653034
36643466343231663663383337626238623330326266396261393439393833653130363738333134
66313664333634666538613335333733313834663764306235643939373034653362363462306138
63396436623936623339336632303562333764353231346432643834363234373437363437343530
61366337313330616132303437303232326339336137396337336636393931306463626434346533
63323930323432616334656335643662333062313835323138333538383437623234316238346430
63626430653365623037383262383164616531353938373166343465656237656136313562623961
62393035663766356466353462653532303863333466353730386331393465313662666337323166
37316265323635623662313632383434306138343534316431383632646361626264643266616265
66323939386365323234626661326638323338616266383437343936643530633361653062646261
34346631656130613136633138323430373263353537386134656334326233633733643061653933
38313334336361326431336238343832646431396663386330633933343263376331633561396261
36623033316439373433623732346662616464633364613239373264396232653431623132386466
34336362363761613036346333633066633533306134386564383238396363393734326566323662
63326364663336333233306532353665323262383037336561663565393033626439623861313462
30353364396231333932366438303563326536353532653063383832623262383933656161616163
32663765643862393362653432636665643630353862653665353663396237343761653630626432
63646537636338323366

1
roles/common/files/root/.ssh/id_ed25519.warenform-office.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyBC92KgCv9Iwjk42UacEfApt/7D5ylEvCOYTxNVLLu root@default-warenform-office

25
roles/common/files/root/.ssh/id_ed25519.warenform-server Normal file
View File

@ -0,0 +1,25 @@
$ANSIBLE_VAULT;1.1;AES256
31326563643538343063303835386261363066373739336131333663313431383439653638333032
3834303864343835356139393036616334663362613366330a613864333737303739626537343565
39333938363030663564396637633536633931623736396332653133303066373432376638396431
6439633265316562390a626663306463643164303031616534373665366433393933346165383732
34346539323964376134663832303265393762383638316639636235353337393135613437643335
36656230393663383765356237616130356663323036336231633662363465313734663366363639
62313232353737653338343933316337313263336161386565336562336336363439613137366432
64663761346131363535653435316535353138363061383932386262393939313435356166613366
63636135366338363638653066333639643236363931333231623639326265346363366661306238
35316135303130633530303133623531363462396435653063646435623961306231643565633265
32393965363261336230323632376233623831303930653534666335656665386163376435613138
34643434623563643564633264653162646630306236653632393538303765386238336465623735
66333061366533306533313033353934353865623866633932333462326439356236396664386634
38386333636237623239313732376662313165653737663437376462383134633362386237653762
36626339653062636162666639326631393530623161636639383337663661656431386461373731
33343933383436666432663536313465393835633538613030323239343236623762376433343239
64346563333432333765633137636461653332316131376235613065356534613532653563663831
65346166363963373230313137343231636639303962646462383464306539663764373165653738
33356666366561373733373664393666313931343632306537363632313838356262653263346637
38346133373865366137306534643161633232393066393736306464643634633836313161333137
66363830323530353037333334656462356564373133633861376633326361373739363038313566
39336630373964613332616339313066363464386564333161396466363065666635393865393836
61336334313037653534663232633261373239663465386538616565376636633363656335306138
66613564373637646430

1
roles/common/files/root/.ssh/id_ed25519.warenform-server.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server

89
roles/common/files/root/.ssh/id_rsa.backup.oopen.de Normal file
View File

@ -0,0 +1,89 @@
$ANSIBLE_VAULT;1.1;AES256
64303262313639313931393565303137333836316431623232363531356332353132393663373834
6262363338643932346536653130346465396537666637630a346633363738316164656433356636
38393861643534386162316631356564666162636535333062626335386161663236343932333565
3938623338363465300a376334633332303063363630323635396336663837303237666461633930
31313764393336373061313963613863346333613732383662613435363930633534623936313163
63633063626331616630336431383231383234643065626438383961383535366661616661373563
66356165393432663364303866666561386434323836653134646131363535613136326339323933
63666562393161666638663433633638643131356138613762353066613931393634316432343433
64663035633638646236383635356561616662643330336336363765313539346631663535383730
38383132656235393630643637353031306434666232306439653635353266343363323665613932
32653237393430626633623439333466663265333438343662633835643938366137343538653936
61326136336234353361383630663035633232653465666637313036323430386535383835393832
32383234306563336137623562626539656536626237666264663461356137363464386238303263
36396333313735336566303032613866613736623534306664373164353331363363633562383066
61353339353131303565373462653536346234383936643761646662363362643037373765333030
65356639363235316539623233393636616561653135623438613932636461313566366337363837
33663030623039613237383738363863343462323330303634633636366465323135633636326366
65346235373162366163353831306333613939666539636430303439383933323162633066383236
36383563643238653032353131343631356232326437323464373164323336333739353231636334
35366265353733323831333836653732313830613332396161396565613733626663663734646364
32643436623638326364643766633434366264396230623863376532653063343463396235613561
64363339613766363966366462613239353964653735613830643830383535633938343836626539
66383738373661323566616232643066376632333964366536336465316361623434313461323735
31326366323266366531303331393335383763373131333130643732373935643730636161656638
30336566343361396662643430346262306632623932326434333334343566656564636330396465
61323261366537313664353965626362636339383030626139643735326665393332336531663337
38633765623562643362666564386563396638623565613536343737366666656561383765363939
30643536336664386666656438653830656262386661656638623566356633613131336661316463
35386137656664363430666436623339336437613830336434376534373134343461623065353931
37306135663131393563343237333761353130396532613263366232363161643638306637643838
36656236663166373766346432313762663966313033356664376163376131363635333535333632
64656262613430623563613037646535613361343362366364346338636163643462353232356139
34623034393930353039633437343163313865643636633566333931353731313466633761376161
31386365633336363230616162383936323538346662653736336466653936303736666566643936
61353766356363356535303166633966623134383937376335646338346363356135376465363837
34356364613134373263323564383266356561373163303736386466373464353733303936653964
65616232643631326233373930336530386234393564626132633637346537363561666166373163
39626162666466363530396438393064323065306665613336383739353132636533336636643733
65633032383933623334323431633539623533326333333833613631333865646664653765386130
34373861353361336537303832363762396233653736363238336264336233303439643664633866
33303963633666383563333831666530313631623365363833393837303764323331366532336262
61383738323935393633636535363238343337363164333963306531636635663536336563383338
32646163353265386264613662653866366639353437616262386461633431646633373463396631
64323838383334326361626266316636396232653863313237333936383062333136663433373935
64313764393463626231623462663366313663656264653339633461653463663630613633326539
38373230363733636231346538373361313964613536363664373663663662306537613164363934
63363532393165363435643161393362346466363235643338396535383865323138636138343962
66386530356335373833306639383166356131306464326461663965333631613964336136623731
63663539386461663738336133363134656634643931333762303535336634386331306332656230
37326335326162613932303264636534353337303132663437393732663465313432646662323462
61353433323130363662643633326565346235633034623661323133306432396238663830626564
39386533343562656337643238373531366333616332346331306563626266643236316533303732
61383437373839663430366163383034623737323234393839393364363133376535373333323963
33393766366630613037613436376361643935643262363662363638333966336137363134346334
32656362643835646464376437623462306238613437636332383330303433663065333433623865
33343562333031616331373065366664663765316366336338633139313664663462313637646234
34316566623166343834343232653432303931666436313830366439363438663330656538623430
65316633336163653862653163613135633166646538653132303734333136303863643861366134
31396633623935343734623836343662333464643563653437646236323230336630646431663061
39396236643639356466666535356533386464643930633636343137343637366635653037356135
37343662356466393534653939333263663063396137366264303961383461366433653438333065
31303164666337353366376462343937663539643539383433393962633033663965663965303836
32626662643562363131396466313733666631616432653361636163633733666131643261326265
35366232636533383162376366393466636239343863396162633038316165363336383834383631
63656163616531303034626132613532643164616461386334396266656565393462323863376531
39653435393865633832613734336639623933363034653137376361393534373263623138643566
61653261383164346134383934653561323337656134366538316364303066383663386231616332
31646132313935613866326233383338353031316366303562333233663631353933663166613530
30376361303231373666316465646630376332396530353533323961633739303736386136353831
36623234363338386239363862333337656432656231373166343564646230313866616664653932
38653934313537323562346363373138656162333562393461346536333463313265316438383664
36313737366463323662326237393239376533646330653365643265393839343061313764633738
37663461313733316333636634346333313564383765663135333733313565353766386130626164
32613030633864383138386665343565373837303166666361373936303535363866656235643036
64366665373764303834643431393063643062633237313764363336363935336664653530303062
34303963363261636135363738303064303466663732633932326539643930346238333935343833
62323964363030383931343836616532376635623531336532373263646264393239373365313461
63393033323630346264336264316364326334663961663335356434386334633035383662633634
65643337663164343832323632363734376463323063383835343563323437653634346464613238
32373236646361613132633334396630303236626238306663333261613764633762373663343636
32653033393839633037346639396230616465326235323164343635363534346161656364303832
33393634343665343962353066303333663761323834333836363335666236643164333062366561
65643531616133623437303239353638333037313935363633646562666365386433656264343133
63663461666439613234653864363539353935383134356637643330653738326631636466386137
32366337376132633835393935663465396662363136346334323263373035393837346133613632
35633266613766613362383761393032326265303930613238666638376534643638336662336538
66343231356564396435636139303964363562366331366637663438323164633436623539646366
34393538383431343963

1
roles/common/files/root/.ssh/id_rsa.backup.oopen.de.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxRcrdHX8UHik7l1gpm7Oc4t4+1AKrkcbGtFlzrlwHV4HmMf29nMxYWdOGUv47CFoAHCPSJAH2fnER22HUozsBlMkPrAgXTsMAfpMZB2gP+F7r4c7wiCuK1+uFy2dz2yBIG+1RK+ygJ5GickHPj7baWRQVbYwWeK15YJqL8oxrL6MpmNYr/cVZ7SDLRJp/44ZgnfxC83O00yJf8VEvoOvvj46JkhgnY9RETRfp7RaziIkJGs8EfNRZ6I0vRPC/shVTXf01GH5rdBcklZYZ2ptMvriyUZ2FfMMEOA86jWs73ZGuTcx8ZQGB3m9TCvz8kTBr9CKjz+fAkfKUpMbGOpO5w== root@backup.oopen.de

89
roles/common/files/root/.ssh/id_rsa.backup.so36.net Normal file
View File

@ -0,0 +1,89 @@
$ANSIBLE_VAULT;1.1;AES256
37376262343361306238666238313238333762353662636136386263343763613964643338613235
6139323162386539386138363966613932633863623339310a363636343437663439613665333730
39656565396631333736343364313365623166663363313761393963306331386262636533653538
3932643536326233300a356661306137393230613139633432333638373466303136663136323364
65313134326562303134646539386565373130663738313333396635666364613839633163393061
31396161343763653632623932633533383265396466343961323935623365643035393331663332
31323432623832643635383830383133346235356439376362323066666239666635336434306461
64623664636537623839363562366661316566353838663463633230613430343930613539326530
37303039656464363062323438653339373930653361383333363962326362623235616538376361
30333638303561353965653032626462623061313066303863633334313433363566366437643632
30336162393734333332623238316162373865343637393966326666366534373663636464633539
39336632376666663737343462386432346631373161623463366334353662376539623039393966
39333133393164613263343238333931386434643566343537313566323066383934353862373962
64653631316331666535353161663930636461376662616538613461633362666238656336666637
37336661343163623065643734356266323430343935393465303839613230626261613835303566
33376364363738623664613430366533333739346438633165663737356264393138626337383638
63643732336162633537616261616664663461363137393332623130383135373630303763643932
66343862626432653263643238623731383266623935343066363562346337393738353737623137
63663436313835643561376239623935336434633933656239356535363439363638613034343838
34383936393531323038333436643535653365386566386535636135386439653433646665393937
33613839623038636465396532346133303930393433336136383562636134656430306337616135
64666434303732333034656163383838313435616635316435383266613939623362313061323430
39396565626638363637613230616238323638613533383966626136616462346632383837333862
38633435393766623632353131663639626461313765303964343162633636373636306337303539
33623065613362393362343766643939306165303832343238353966333234663633313737613864
39373938323232336533646134383261303232656161386135646462333333373034646263343339
65353037396431366361333162643162666538623530396166373637363135636164613937643832
66373932383734393735616165616564373134373934366133616564663537343663326430313561
35656135623332336531373063636163383836386636653362656339323062383563663134616133
66306330633834393338373230393365656365386632663763326234633464613231343730336236
37376631366334336562346462616639663864323039623135326562636334663864396562346430
65383332363737633436346435616133393935323830363135653132373266323936666137633564
64653265623733336633343361333562613130353938333765626663633036363631396664386464
37663066326238306531316134343934353132386463636235323966666136643933626666616536
61633261383862616231373465306664313938386438376465363033626339383564386461633634
32323739363937376431333738343936373332316536343262643935616366643265666338666665
65313136373065653031626565346438663061336631326164373631343331306331353564373532
38343731386631373162393639333534323835376437616636656164643330316532396433396461
39313834303262353761616364333663656432393465306238333031353462643263306335616633
62663134316532393439303835343730626561666135656166373836376139353363303333373136
38333838656538653731376164383064346330656462346363336663356437616639323832633635
39336564363462353065626666303339643637623533613834316437663431346265653662643538
38326137363366353838326638376434313861376263383764323839633661373465366237646637
66313261336439653137626166663531353063343931376333306630346566336537333832346331
31326663663436393363383439653366393839343565366530653561343331353338656234616162
63316161353939663538353964623361353863313736663162643731656365373530633965323663
35376632356236376434386133643266626663663864353432386434343934623063366262636238
30336239333035613936346331353862333666396166363534366433616234663863316564373237
32616537336639666566623631306631313033633633613663643335373836646630666534366263
65386365376330323739373535623236643838363064383034343239663337633562333532373531
30326439623536353666633036303736373161393133323430313965613834363862623931346430
39343165633939633762396432393631656532376462373265656333363966653835613932303065
32633236323266633266323765306466663233333535616232353064343535303863306662666265
64393239333032363964393234623331393138636262393961653939356137336238343733643537
64313961643635346136386132623933616639646234326537326531313739336330376538303933
61346634636233343463633936343965303261323963336230343339653035633339333938353338
35643166323065383965666266616361646663326137393134303338373037356339333832613839
37636266356363626330643735366636386636333134333030323465616138623839333730346663
34386665393338356462333933303238333065636634393364316431303136316232663239386166
32616331346666313364326235393436313665306637633433316166326261663135623131363639
32353930356162373136663339323663313164353164323536613032386464353730373731373332
64616439326130323161326534653032663836643632643465643939346339336435313063666166
35346265636430313463613863613563616234393933366135333632306330653831323934393638
35653863333765616632303265386263383335346665323439316436623135353362333162663264
31373132316665666664653039623332366434346362386163363532643537363938613432396334
32666534376332326333373237663738383739343939333062393535643531396431333164393230
62633239653130623332626466613565383434363432363364643165633135316632666638623631
63646438373834353935633562666433373636326165646437623838663531333539336366653933
62343531373031653930646164316638666430656236303032313339646136393834643462613366
34333636313031376264376131383961373066383532373030626263363336646663613564666530
33356261363965656336396464636133306335636463303462373937666162353663393636613962
61333637326236306132336133663838623033343564663739393537343165316539316437666432
37363234383662356231393439303962306537386461336463336265316433316130333563383163
63333766396332613265383338396236336232636664616136363361653430613531663534306437
36353530343335626439626538366531616635656265633634613664363166333030306464666265
37303064633962383837323162303932373035323064396130616136353366303662356366326639
34353530306264343438323730323361616335626438343033313430353061313964303464613638
38383266633232623766643439356132656662616163623038313433323065326566396266666131
35353061613963323531343866303265333338646430376664356536386538333937323861303636
62366239366561393930616661663961613439393630396534383431393864343037373062656132
35376266383564393038653466626632653037306662373733613065313662306137636335363662
36653831626431376432643263646535303930356265303530316632326138323066373038636139
63313033643230386438396530366533646436323337386134323431656535633234376332396339
65353632386465393531636635353439616464386361316136366565323538373631303732626133
36623933353261383132373734653039623661663762353834396639303838326533333264623135
31643839653730306561653863393762346430653431653937326434623236656664323732346163
36633739623830626330313738646364373066343438373239303538396438616637663038633035
62383333313766313661

1
roles/common/files/root/.ssh/id_rsa.backup.so36.net.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTiMHFphDclvwqu4WXkF/kIfSxseH8hqvZjUydZGMbUbBRvrs9Lii4JLtf4NuePG/T1nNek+3Dg4WNO55TM2ufdt9W6aqimmcMVG+D0Z9yCPwHc5H7VWGyP9kDcK+ngwIZk1j/tPXLPcCmyaan4Fbhoqk3Mauo381VInJzA3FHov6b8G48401zVcdS9L84SjTtU/Smg/36XOCEQyX3zVEXtwFVlmijgQwJDXeheZCnIrLUi/cf18WawqHU5E+o6dWhpuP+1aFtmv7Bb7OWCQOKRyWDN8I5wq/Gpax1eUS4uNyCprv6XoyXL6CO/qK7SmI9bB+90diNDnzu2FfTS+Er root@backup.so36.net

89
roles/common/files/root/.ssh/id_rsa.backup.warenform.de Normal file
View File

@ -0,0 +1,89 @@
$ANSIBLE_VAULT;1.1;AES256
65623731373563393261633131363166333330353065336662616332313633313265383539646537
3063313165613561663863353536623137373664336234340a323033346339333239653534373834
39353766623438643431393930393762356331336338353963313764656365643438393530323834
6538343332653635630a643836666163326363666233623738663261633966646437366138383261
35396339363735343139393934643738613638656661666366623438326364333932396233396131
32353330336334396266323234353036656437313032333538656363333261363066643739666365
33323638663638353231363432313432316666633439396430393764616365656162313936343036
31353562366363363738393036336465346330613536313234316333336136336339626338303835
65383838306538373639653866643632333666393537373132613463326666626265633539383638
61363062653033356535666533353066343530323231613962323838613864386465386235356437
64326239616664613961336434643534303864393434393665353966323238323962646263333334
36313034643164656234353330383062613339396235343937383062656566363862313266363462
65653437356464373230336530623664666661643539663662396232393761663439313166663430
62323064336331366532353762333162373934376336636466653237616433633238313663363661
66343765366164643433623632353833346436636634646461366436346633396464343032373737
63626364366665656535323562623964623537353164313637306162316561663164346635643535
39376161616166316539666666343035643964343431643264376563306262346634643336646665
39323033633733373630336139353761626633643835633235376239626537373235643536343734
33643366376430376339666137316231373632386464343736393736366331383336383635656431
34646138333162386335363739643661326636373230376663633366383465316539313432343438
37656564393965666630346161333632333738376636376438313864323663326334653037393332
62653537393065393163326638303766623237373839353262343632353135613162666531343139
33343266623337653434333665343832303930363561363665376165616538353139366436303135
33346562393264333333643965306564653238666530363633643463343333616264393963323630
34336231663737306665383339656538343062623166333932303537336537643537336137323161
32366461343932623634626537353934316534373365646662383530373165353339363834613435
33613265633265356262323365613131363265643830643636383537653666376539636130373131
39616161306265653538383931646363303933656535306439663662663333306139636463383339
66663166626366323430643137336533623763663339363336656563353861306539323631663064
38623565633730383561653965623466376566366166386364343433643937303639383463376430
65653034373135386362646465393039623531626530383133636266643232366238356262656261
65643431623139353663333064633164306330633436326431663239656663623631653965396632
35313435373562373062633663393330626436376337626563613863663362336562316635663938
63626666353264323666306366356366666137313830393364326133323933333339333161613938
30646533393334613862393566646433316433343562393063633162336438313837353963646163
62616437663431633365323966383966306232376430383762316235316533666662343335356430
37623038646462376432363830633531376330656665633134363861613963653461626435323539
62623763303563613362666336343466656166303138643837353934376563656137376331353832
35396130666663353937356164623438653434313030376562643664306666326435343130626162
66626464386338653262636537633165316639323063393561393334393764343966303930383437
64313435643637343535303161633263336230613934326330636537396136666264323634326465
38363231326362656637396133393733333866323930333563303137653237663962336163613366
30396166356635623364626133333936333563616230623738663731376638663536623964353933
31326230353735636236333035623863663738643038306330376365643532646563373765633530
64373239383863376665366364663161306637383333643465643161396630663364306361663932
66383261313339616230333066623364303138323538303135633030383138613931393634333932
66393261383234633465613262376466626632653336363431653961643532326230396138316436
31313362633565653730626339636235653461636530393234653936376362336236633232623332
38623965323261306362303061303964363862393236653532373737666334613833336331373064
64613666613536616463623165316439646130376532313361643163323632386164303338323364
30623063356337333963396264376563613532376363336330653730343162373433646666616263
30623161373061623230356439643165383665383563326130376134643065653536396366613465
34386161303430323232343163306166643765663932306131373936313139326636333638363763
66663262373564316136366364633236343966373763623061306139346666623330623566313331
31343835323764343032386534393163326139383734666137323332663765633963613066363132
33663630646333656133666432643538626565376534623536323530323530646264653766623536
34386334636231616339656564396437303733333965336439626335306230316237396234313366
62306334613134396636366662663036396338666463323765383566373434316436363939663333
64313665303965636435303562363566366539306638356462373638643933376237323433663866
37306635376665306631663036623964663366663138663534656133643935373239303335346437
61613038623633316566326664313761343035333563633233313031323564353030376437663461
36386633613266656564666438613262633535636366333833393932346337663639393964323737
35643234383065383933306263326562396534633733643737626633313237646161616333646332
66363133636562363336303135393439613732353838383962636537626664666466643839363138
64656137386531393230616163613738306437613966663231313734343931613866356265346434
37396138366666653135643830616162343165373134306131373762623233653034376130343136
36663665396230653833653638313933323361646438366135353938323938616332333862393561
63643265623139646532323332653437633461636363633465373339653137336431333566623637
37623532303634656161313434626139323763393830613663326266303066386430376463643464
36353532343430656439316464306631626631663564383963366638653936306261303033353863
37363835323064316266333830653066643437393032336335653938373062616265343034356266
33613864356666656437613661326238326432313964646334323061306137353834623863653736
61313965656138386662366231623363306164326364616161303432653139396230376436363636
32636463313666346461646539383038656461363439353533383561393764306432643131356138
31623931323438376365393138343035613465613462613230336433643731356563316132333534
66323531333733383565646534653032376633313766373837613537643538636565653766653865
30316365393432393632646263383131396565613565636363643437363461396465383531353330
38656435313639383936663761646338336133613564636331343164653166376134363933396336
31383833323938613963326363616235323230646438656531313866653266346566643232396563
62623530366330623131336262316334383537323332323536356165316238643932643335623135
31636262653734656663316461323761626635303538326133396435653936356363336331626161
37353938663666656436626438646463303661356538343738326331346332663430653438613361
38373830346134653932643363316163666339393234663064653238613038666138333230353437
65313535666235313434663663646332626333643665616231326266393732363333373539393265
63373033356334306261313966386263393138376635326161663731383138313766363862333138
62663335323832313163636565343237386663323439633564386239383764383837653462646266
37626430616363616131356463356235323834343932373761383362653635303437623261306236
63393833323436633533

1
roles/common/files/root/.ssh/id_rsa.backup.warenform.de.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmQffh8lmO69ukeW0hC7wQ8EEqEsKPja5IvYr1fVqmR5gUJDRFQ015sxpIIuLgo4kCbe6pz7aV6rLUAxysMV06PbBRJPzq0SvaXek3Begygt11U0+HFQN7pVw+agxvbdE0YwxhOfJWl8f/wkti+p/G7+G7O0bMyFdzH2eeYXmzh3Nf4NoST8moQ2PVpDaJ73u/s7Z2oPng2LhVneGqyRdV40exiFOBS5pGJZ/10GZthkrhUAEGzPTusenN4+Vw2oriKP3+eyLzsB8qSPX5u7oR4Su9QY2VxTwkuXZDrxTBZwpIB/mXobMRZeRQxDGeSsU1mCf9cquanFLIx4a1ySUDw== root@backup.warenform.de

167
roles/common/files/root/.ssh/id_rsa.devel-root Normal file
View File

@ -0,0 +1,167 @@
$ANSIBLE_VAULT;1.1;AES256
30626637633734333432353462666463663664313837303662323731666633636663326335643364
3263363965353864663236636537653433663638666633390a306436363936383835613830663734
64306432386263326265343164306137343632616630663964343835646362383338326237356530
3336656435343438640a326539656137323966373965653835616437653236636635343434313832
62306533366133316233633932663038343138393061336665386130626431343039366331326137
65346534353939326235383663356536396665656137376564666661623738323561323262313333
31386336363937306530316439383062616434653932633135326339346461613037343136366462
31653637366230343834373666353335303562336133373333616130353566373563646234613064
35376563343836316438376636666166373363393637303030373065666333666337353730313561
30653862333366666638616132653133316431396465663564663931623634343962653937636136
36663038356366633333346333656537656365386465343931363932343439613130663435633461
62366439646530373961396333343536393162616138316636346338356230313762393762353037
63623162616265306135396363393634353239623232363433313266653765386366363330393636
66623964666561303665303761353563366331626338653465393839383630633734363139326562
30623162663661353763333735613464616634353533653135363065613532396131363563333233
37656165653466313366303365396630376266316165373764613730326466653330313663643335
63336133333732363032636234376134656663636265316232366234333965343632373264346639
62353932306131396266623935373766383934623134363862303262646439326366303130393530
62343838613433653133336339313933366135613730666534636130326663656161373761656463
34623331623162623737346435303134383831343536333166366462363330653034376335353764
35393636393538663935316438653330643339623937613262356563616630626535343535326262
66383733303430376339633637613334666365346263316139643664303466626434383363393930
39363262623038663165306164353739323230663733363331373765663939336437303564376330
36613739393835336133373030313165656137383763636262633461636163346634313466323535
37303139386638333066633633663536633636653134316366636164376130323439383561623566
35373033396337373932393866376435623539613935333435373333346563613665656464643536
61613132356239346437353439313166306437626332656463383263613730633530626335306533
33356432376562366635386339313265393933643366376163343663336338356463653334643738
37306537343439336234346532316432633865616635346538343439616230326632323161383932
64653431323636373432313939326131356135326437663266303336386434653536383065386336
30326465346137666563383038646366396261613261613361366232653239623334303765333834
63323265363434316339326137363932366265633435623663366138343366313630366661396566
34373837323835356565396565346438353663316237393634636531303164333138336431643161
37373833313735363761386639386533316238666534656137396332613034343264343165633236
31343139616330306634613235643839326333633034396638383236323937326239633037316635
61373836336237643633383964653166363331643337663561376135643837333764663536313363
64333730626566323962386462346666336262363931353634633835303837356233363136643166
61306533356137343361303063333535363932393936343663303438396161363930656330373961
35306536653135366236333738386230366139366363363439636535313738646364633837386135
38306636343834306133353434393766306462303937663964623466343531303432663335303039
63333838643864303533393361353161353138366465353231373362626534303132323835666438
66366566323264616563346361306235343666386338663737393238343461353730383136353462
64323436316635383132623463663964396565313265323036316462316331356330393036353861
64333066326261646632663663373438643635323766626238333330636430333133623638303863
32333364626336376635666464653133613261343662623332373631343961316334343638656361
30636337313130666332313136366636323533636534653262306233326337643239613739303539
62643266393562636330323363386262326662636137353331326532386462333965653737383135
66393162326634623138346336343134376362356631613834373832343335333231613231366539
30366634353231313265653763316230663266373938636330363330386163373034666431626431
39383363363531396536646364643739306132646632323531653031656466313035613433663964
62306165366431333366613761626365366637303338333663666666383566613531353036393439
62666530643438663637366430323530326536653137333963393835386161313565366531373731
39633133363438376661323534656566343066633835306265323438613035636661666362313336
65633064376634643062386634663935613264653133623964613666326362623936323633366635
31316130336139666531666331353435363139663631636562306431383038386538346337376363
37303534353262373835393463393764396131386662303266623135396165323166643534613561
32326130373863626464653764643764336162376534383533353335376433353330383763653836
64323537323032316139363733323864623136343664383064666232663136626236653335396365
30646439316433373065663437633231363465323662343237373631633336663931346531623565
64643836323766646436373335646331643165633331343264333362326138323065383666353462
64376439366665306638643261363162386436366563653961383532663032363535313331613530
62646266633464303933623363346265353736316163326161303836366161323663333035353031
39653535343730333264396534613262653437646532393835666135363937343339613461373937
34353230656662346531343338663834346631643166346364363832383861653635666532383864
63336532623463663535393263636162666331383935383539636535626562653536616134386436
33343165613563336562616130306263396164326539656662646266633162353762363538383064
37373435613461623436626565316235333534363662353963346165663864623261393036383938
36326465306530303535643261663831343031663963646234623231356366346536396266623339
33646364363535303139363332623733343361323766653737616534656334333937313061303165
30623836663135316561363962626133313564623464646265376231613462613465396264633339
34346362393637626261376365623934616165623134376437303331303932323536616235316164
39613339623835363432633462663631363762316561656263376661373531396536643030383463
65383165623665653130636566383965643938643866306230303739626462313337643635373939
36366162616462323331633464653838373433353630386363333265346633666130633433366664
31393839616133323637653865353333393264373931613162653232653566663530336538643162
35343835643835656437666366656230353933353438373835613066666237663365323138656365
38396231346334656430653231333130363831316265343662613630313934326464633862353762
39633137656638643033653466376135643866623339346537343932336432616435393563636462
36383931636230666466396534616239343064333565633639373431323364363431323962343666
34663063383564643565336461653162643934343063646136633532343537643836386135633963
39353837333834356431346337623063363430336366326433646338386637323736333331326164
38636432653638616563326533626637613536326635363738336631633130646361353564653133
34656130313936393937333635323930313563303436343234343238623833663964663865386232
34363862336132643566336434623465393737656231353065656266636662613430356234316632
36303862653864363365613661383935353464663935653763613934376537623763303230353530
31623866646333646264656538393132663033626634366361366465653439323561386364363635
37623531623165373336646438343537653339326536623534643734663662336263353833613931
36656561653836393963666639316534313036356532656533393464363432323866313734643135
65373261623265376637383732316139343734303135643664343338633833626231316539396565
32663530306430633734303633303039343737383633633231366561333833343962333735363130
39656266636663316334303832343664633235626136396130306134663265396363623864643330
36626464373164323134313233343065656666616565396337343766643764646238323765356263
33663862356332393730323938623634346664666439656631353734376665383966333432366361
63653561373539396464306335623462323263643961303837393539356231323232343838636566
33666566343334373639353536373437643063336162316531393931653531386139383438663030
61633263333533623666323534623432633133386561376234323636323238643038376433376262
30313966303865396438303762303962303239663064323739303731643533643264316266303631
64646638313834323036396437306436333738616131306436323337353237373939383334663930
37353836303337333562333361346366383933363632626631336631386136396534336665383834
64373763303364353235383439666264333433343439333939666363616232643735376332383639
61383166663231336433623661353433633533633830356437353764313136383564316336383133
34643737386565336138643532633962666536323664383832336530636130343532663165363737
32613938353161303265393037316439633835383035356666306437333538656536376461323764
62303731386338363538666435393132643533373439386537616634626231623935633630336330
30663265666231666366613035653135643763353834316466626239366231653534376635336332
30303936326163623637396433376661386634663031323132363064313630363930646165333364
33363065646339616539653136633663303934633436356665313636373734626361356632636534
33653735356362306637343030623130623461613966346339653065346534643435363063323538
32663938363233613036663734653064323262306138313966356266313864633633643134643735
39616266363933613063663035303763613162643537363364316133393864393735313232373161
63356231636237383533323264396139636366393663653162656533633037323962323865663736
66623538353165643363653237323466613362666536363963386434373064653638343330326266
37306630346661326131623865646166626331336261396366623462383933346437653661643039
37343339613963363561616334346131343531613033316261313563626637393963643866386364
62306662633331323734663261333532616264663261323663313161663430333165396238306634
63646333383135636235616266633264313138303036323037666161386464333633316631653865
63346132336562643631343762346539633766333539356334306335306233313830326362313461
33663665643362643934373162636663323435653965336266613466333436363866323831623535
63616532353539396337323137306533306363373536656362326233366139623462616234633133
34653061643632376539636536373336396335313161623733646262316238663732383337323162
38383439353830636364646534343432396665363363356265666661663563383337613232363763
64303961616566353133633764636333636564633635393064336163353833663636656236366331
65333936306266333262613638633366623433623036343263666238626662306137346639643531
61613334373833653830613865393430623064613431626665363335663130376261336264643034
64616536643034333566643737663538316539646339303930326235626433306639386635613436
37313433663263613037656165663933663839653339343861393131343433656330643262393338
64353365333531373232326331633832383838386232313862326538396361333333326337326433
31386432316534653062353036383936333033356665323162633665383632386132373034643637
38316437373034303062343135663262313961623764646333326531356530653734346438386336
61303734303532626466633739303634373730386538333434356564333361616563306332373530
36346365333331616236343163636463653938383538366439336635353938343337656434363636
37633834326433333466363234373132363833666563333136666462316233636438633538323066
38633866346163326562613761666562343630323935393262313439386137613964666637633864
39633361373133323463646363666361376530666562383464616638656465653732343366333933
63376535313064646166633766393662313330323133353861623738363134353330356437333864
30623932663133623437656361333566393134623430613162663432636132333362363830656562
66626634653536393164643965633232333839663131656233303937386431386133393939313339
61653539656239633930363435326566363561313163356564393533623766636637646135386362
61383837363562663264656134616238313832363431336666353738373464353339393264343435
62386562326133376535613363626638346638646365383535336562306331303161313063663063
33663536376266613965373065303163336335336136373263653631316161653839303566343437
63316462303630346438663066343635353132336131643332303866396238366462323165303966
38383861366663373435333864636263373039306465663666363936313663396333313862613061
31646435656166383232356464306362336638333364656532313635396639633366643837396535
61633334353839623566356436313532363666646566306134373530626434383263646263393164
66316236616439366161613631363961343862353135666337633037366565646464623035326232
35333639623939366162366565396566303562393737306237303064636364343132613464303032
37383632376536636263616464626663333334316132326630666266653036613564626164383438
32396135343266653564636130326336663439343661373231623564386434613963643661636161
66303336623066633466346434306362643531363666376563313039643130663866363836363330
37306533396265626365363230663362353863613462656638633435313036663130333132313163
32636165303162653139396132633137353335653430303166393435623964613333316236323031
30623736666433393736386634363430336239613162333837383335326565653239316561353330
63303636383131376230313235343863303631356263316365353837323634633335346537323232
31613061616264326362636234663737343939386165356532326666386365386164646634383431
61306239373565336239646232623262623930303466666238316163333466653135333132633262
33396133386634373766646635336433363862343863663936363035386665663861323364663330
38656434396134313466613337346332646162653030363633393139326634616261653238653837
36303838646436363738313163313235653065623863303432346462303239633537346164643764
34646434613533353262323531626431363661373962353230666165646264306661336461356336
62396635343561336331353432303735333930326664643138646232633262633062303334323937
33356338336636613735326530383932326337313866393731643239613535643664323162616363
30346130633563616165656636623430616439353061373861626362633562373339336435393338
39393437663838343863656138643931343962376465363361386465663466346666353566643735
66653161313337306165313631323837623565396237366530633062613134306231376437383836
6564386362323064386263366534623833623663613561333433

1
roles/common/files/root/.ssh/id_rsa.devel-root.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCd4puiVlcoHytkIpmticagS/yo5fIWhsGwdjWLoH8I4GU9le1TQYwSxdFMhoDbwOPeoAPFeccW8787OgaMT9HFSH8OSePsWhYNBD/OnR2OlXtbEXFEwKU/wD7GJLbXGjkcR3JEOioRJI9wC3OTjCjC6ZX/D8S5yJAZKQAAPHMJziESyrhZeNnWISbxuosqeYW6Y6phYpGt9V6LgeqAf5Ztb6lwmthQdIru8enl4CenQGKrJaclhdl6xNtCfXBAj+02W3FNYof7J/dvb1e8SkkXjM6vWwzIN/Qd6Yy7pFof/zq1tAVy3iFRQ4ASX5ghNdxgF6YzIzw1t+DIo8rz1TJ9ANFNuKuEfmKtHa4Ppunyjvgo2N+sDEYt4zn4lMwO+m3ROZ1KRBGbMCqhBw19ZxYMLMUJYMe9YEX4tvxXiny9QfHeKJLFEpuqdcwSOkoz35gbmACtZ/lxt8rDvU+7+An/PEQX8f2/kUD75L6GJ4TaE2qhkI3o8wH7bxOSbt0QTK3D55wPb9cqFTMCdQhy19PPy2cWskPc6mY+IeW8Vcbops9tpyTDVqjmokw8Gga3++AIxaNdsCEzQlTY1/0DRQuPjmgofVefCCk21sRjn//XNuie3sXNF9+6yxWzR1Ln82VqNaiLwGWlhiqO2+4pWiTm+Can8/GlnTX2a3uRuGj+Zw== root@devel-root

25
roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform Normal file
View File

@ -0,0 +1,25 @@
$ANSIBLE_VAULT;1.1;AES256
37353766323665666361653537393334666365653637376232643432363037653462646366663065
3264316565623766393237643938373239353465336238630a343361616532303934636232636333
30383934633134646131353631353631613239386132393631393531316361623239373736336563
3738323464343962300a623262626566316339313032343637613631383661643234316234393162
31326161376666653363383737396337316139623835363234373535396466386231646531346630
61653063643233373262646635363737333464343666333232383736643032326132333433363035
34316137396336316266643537656535666637656161616164613434303661333533353937366438
64653366363665353061666636623235323434633030633533376463653131333432653034346230
31333634666638363863313563643462353731323465336162396239346263356635366634626262
31653434386636376466353538396234396635343735383861306135353635633961623736313733
63363930613438363335323533356564316338383733613635346532633238623335393739373130
39343932653336653730343463336434663231613861636164663439323136313464623934636562
62366437383334366362306231623738376439323462306362376636326465343730303639666239
32363766373737363765346261333330366132363939326438373165666563666339616536353239
38336666656466613363366533643263393232323837663130306262396531393034643665663361
37663035633133393631633734653832633034666563306631383935633530336633313663316264
35656238633364383165303035613239333434646631383538653761303430626139363139633731
38353631333435663866366561323266333030663536383465316161373731633238373431386263
30303862316261366133376162303839656332643432613338383437373362326533623032613865
65633866316537303935663233303330663834636164383937313362646261633966363865336336
37336561386230373264336230643866353236653631613034353432373637656138323031333639
63643861386534623533346631396437616332343865343032363532323339666433613964333638
61666663383031666533396135653066333931313265663132626235303036366439336533643131
65343063643735396365

1
roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0uz8MeNyKvKxyqCLE1KCuATRFOMd5RV0a6TpnqwVZu webadmin@default-svn

27
roles/common/handlers/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
- name: Update timezone
command: dpkg-reconfigure --frontend noninteractive tzdata
#- name: Restart ssh
# shell: sleep 3; systemctl restart sshd
# async: 1
# poll: 0
# Does NOT Work
#
# Error was:
# Start request repeated too quickly.
#
# See also: https://github.com/ansible/ansible-modules-core/issues/1533
#
- name: Restart ssh
service:
name: ssh
state: restarted
- name: Restart postfix
service:
name: postfix
state: restarted

206
roles/common/tasks/apt.yml Normal file
View File

@ -0,0 +1,206 @@
---
- name: (apt.yml) update configuration file - /etc/apt/sources.list
template:
src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
dest: /etc/apt/sources.list
owner: root
group: root
mode: 0644
register: apt_config_updated
when: apt_manage_sources_list|bool
tags:
- apt-configuration
- name: (apt.yml) apt update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
tags:
- apt-update
- apt-upgrade
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) dpkg --configure
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- apt-upgrade
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) Initial install debian packages (stretch)
apt:
name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (buster)
apt:
name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- apt-initial-install
- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-microcode
- name: (apt.yml) Install CPU microcode (debian buster)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-microcode
- name: (apt.yml) Install lxc_host related packages
apt:
name: "{{ apt_lxc_host_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_lxc_host_pkgs|bool
tags:
- apt-lxc-hosts-pkgs|bool
- name: (apt.yml) Install compiler related packages
apt:
name: "{{ apt_compiler_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_compiler_pkgs|bool
tags:
- apt-compiler-pkgs|bool
- name: (apt.yml) Install postgresql_server related packages
apt:
name: "{{ apt_postgresql_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_postgresql_pkgs|bool
tags:
- apt-postgresql-server-pkgs
- name: (apt.yml) Install webserver related packages
apt:
name: "{{ apt_webserver_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_webserver_pkgs|bool
tags:
- apt-webserver-pkgs
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"
state: absent
purge: "{{ apt_remove_purge }}"
tags:
- apt-remove
- name: (apt.yml) autoremove
apt:
autoremove: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_autoremove|bool
tags:
- apt-autoremove
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) clean
command: apt-get -y clean
args:
warn: false
changed_when: false
when: apt_clean|bool
tags:
- apt-clean
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-mysql-server-pkgs
- apt-webserver-pkgs
# Fix error if install/update of repository mysql-/mariadb-client breaks
# link '/etc/mysql/my.cnf' in case mysql/mariadb was installed from source
#
- name: (apt.yml) Check if file '/usr/local/mysql/etc/my.cnf' exists
stat:
path: /usr/local/mysql/etc/my.cnf
register: usr_local_mysql_etc_my_cnf
when: groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname)
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf
#- name: debug
# debug:
# msg:
# - usr_local_mysql_etc_my_cnf.stst.exists = {{ usr_local_mysql_etc_my_cnf.stat.exists }}
# - "Variable usr_local_mysql_etc_my_cnf: {{ usr_local_mysql_etc_my_cnf }}"
# tags:
# - check_mysql_cnf
- name: (apt.yml) Create a symbolic link /etc/my.cnf -> /usr/local/mysql/etc/my.cnf
file:
src: /usr/local/mysql/etc/my.cnf
dest: /etc/mysql/my.cnf
owner: root
group: root
state: link
when:
- (groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname))
- usr_local_mysql_etc_my_cnf.stat.exists
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf

46
roles/common/tasks/basic.yml Normal file
View File

@ -0,0 +1,46 @@
---
- name: (basic.yml) Ensure timezone is is correct
timezone: name={{ time_zone }}
when: "inventory_hostname not in groups['lxc_guest']|string"
tags:
- timezone
- name: (basic.yml) Ensure locales are present
locale_gen:
name: "{{ item }}"
state: present
with_items: "{{ locales }}"
tags:
- locales
- name: (basic.yml) Create a symbolic link /bin/sh -> bash
file:
src: bash
dest: /bin/sh
owner: root
group: root
state: link
tags:
- symlink-sh
- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
stat:
path: /etc/systemd/system
register: etc_systemd_system_conf
when:
- set_default_limit_nofile|bool == true
- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
lineinfile:
dest: /etc/systemd/system.conf
state: present
regexp: '^DefaultLimitNOFILE'
line: 'DefaultLimitNOFILE=1048576'
insertafter: '^#DefaultLimitNOFILE'
when:
- set_default_limit_nofile|bool == true
- etc_systemd_system_conf.stat.exists == true
tags:
- systemd-nofiles

83
roles/common/tasks/caching-nameserver.yml Normal file
View File

@ -0,0 +1,83 @@
---
- name: (caching-nameserver.yml) update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
tags:
- apt-caching-nameserver
- name: (caching-nameserver.yml) dpkg --configure
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- apt-caching-nameserver
- name: (caching-nameserver.yml) upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- apt-caching-nameserver
- name: (caching-nameserver.yml) Install bind9 packages
apt:
name: "{{ apt_bind9_pkgs }}"
state: present
when: apt_install_bind9_packages|bool == true
tags:
- apt-caching-nameserver
- name: (caching-nameserver.yml) Create directory /var/log/named if it does not exist
file:
path: /var/log/named
state: directory
owner: bind
group: bind
mode: '0755'
- name: (caching-nameserver.yml) update named.conf.options configuration file
template:
src: etc/bind/named.conf.options.j2
dest: /etc/bind/named.conf.options
backup: yes
owner: root
group: bind
mode: 0644
#validate: visudo -cf %s
tags:
- sudoers-global-configuration
- name: (caching-nameserver.yml) Add 127.0.0.1 as first nameserver entry to /etc/resolv.conf
lineinfile:
path: /etc/resolv.conf
line: nameserver 127.0.0.1
firstmatch: yes
insertbefore: '^nameserver'
state: present
owner: root
group: root
mode: '0644'
- name: (caching-nameserver.yml) Start service bind9, if not started
service:
name: bind9
state: reloaded
enabled: yes

237
roles/common/tasks/git.yml Normal file
View File

@ -0,0 +1,237 @@
---
- name: (git.yml) include variables
include_vars: "{{ item }}"
with_first_found:
- "git-{{ inventory_hostname }}.yml"
- "git-{{ ansible_distribution_release }}.yml"
- "git-{{ ansible_distribution | lower }}.yml"
- git-default.yml
tags:
- git-default-repositories
- git-lxc-guest-repositories
- git-apache2-repositories
- git-nginx-repositories
- git-mysql-server-repositories
- git-postgresql-server-repositories
- git-nextcloud-server-repositories
- git-dns-server-repositories
- git-backup-server-repositories
- git-samba-server-repositories
- git-mailservers-repositories
- git-sympa-repositories
- git-other-repositories
# ---
# Default reposotories
# ---
- name: (git.yml) Install/Update default repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_default_repositories }}'
tags:
- git-default-repositories
# ---
# Group [lxc_guest] reposotories
# ---
- name: (git.yml) Install/Update lxc_guest repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_lxc_guest_repositories }}'
when: "groups['lxc_guest']|string is search(inventory_hostname)"
tags:
- git-lxc-guest-repositories
# ---
# Group [lxc_host] reposotories
# ---
- name: (git.yml) Install/Update lxc_host repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_lxc_host_repositories }}'
when: "groups['lxc_host']|string is search(inventory_hostname)"
tags:
- git-lxc-host-repositories
# ---
# Group [apache2_webserver] reposotories
# ---
- name: (git.yml) Install/Update apache2 repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_apache2_repositories }}'
when: "groups['apache2_webserver']|string is search(inventory_hostname)"
tags:
- git-apache2-repositories
# ---
# Group [nginx_webserver] reposotories
# ---
- name: (git.yml) Install/Update nginx repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_nginx_repositories }}'
when: "groups['nginx_webserver']|string is search(inventory_hostname)"
tags:
- git-nginx-repositories
# ---
# Group [mysql_server] reposotories
# ---
- name: (git.yml) Install/Update mysql server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_mysql_repositories }}'
when: "groups['mysql_server']|string is search(inventory_hostname)"
tags:
- git-mysql-server-repositories
# ---
# Group [postgresql_server] reposotories
# ---
- name: (git.yml) Install/Update postgresql-server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_postgresql_repositories }}'
when: "groups['postgresql_server']|string is search(inventory_hostname)"
tags:
- git-postgresql-server-repositories
# ---
# Group [nextcloud_server] reposotories
# ---
- name: (git.yml) Install/Update nextcloud server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_nextcloud_repositories }}'
when: "groups['nextcloud_server']|string is search(inventory_hostname)"
tags:
- git-nextcloud-server-repositories
# ---
# Group [dns_server] reposotories
# ---
- name: (git.yml) Install/Update dns server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_dns_repositories }}'
when: "groups['dns_server']|string is search(inventory_hostname)"
tags:
- git-dns-server-repositories
# ---
# Group [backup_server] reposotories
# ---
- name: (git.yml) Install/Update backup server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_backup_repositories }}'
when: "groups['backup_server']|string is search(inventory_hostname)"
ignore_errors: True
tags:
- git-backup-server-repositories
# ---
# Group [samba_server] reposotories
# ---
- name: (git.yml) Install/Update samba server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_samba_repositories }}'
when: "groups['samba_server']|string is search(inventory_hostname)"
ignore_errors: True
tags:
- git-samba-server-repositories
# ---
# Group [mail_server] reposotories
# ---
#- name: include variables
# include_vars: "git-mailservers.yml"
# tags:
# - initial-setup
# - git
# - git-mailservers
- name: (git.yml) Install/Update default repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_mailserver_repositories }}'
when: "groups['mail_server']|string is search(inventory_hostname)"
tags:
- git-mailservers-repositories
# ---
# Group [sympa_list_servers] reposotories
# ---
- name: (git.yml) Install/Update sympa server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_sympa_repositories }}'
when: "groups['sympa_list_server']|string is search(inventory_hostname)"
tags:
- git-sympa-repositories
# ---
# Other (host specific) repositories
# ---
# Read in host specific vars file if exists
- name: (git.yml) Include only files matching git-<hostname>.yml (2.2)
include_vars:
dir: vars
extensions:
- yml
files_matching: "git-{{ inventory_hostname }}.yml"
tags:
- git-other-repositories
- name: (git.yml) Install/Update other repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_other_repositories }}'
tags:
- git-other-repositories

110
roles/common/tasks/main.yml Normal file
View File

@ -0,0 +1,110 @@
---
# tags supported inside basic.yml
#
# timezone
# locales
# systemd-nofiles
- import_tasks: basic.yml
tags:
- basic
# tags supported inside sshd.yml
#
# sshd-config
- import_tasks: sshd.yml
tags: sshd
# tags supported inside apt.yml
#
# apt-update
# apt-upgrade
# apt-dpkg-configure
# apt-initial-install
# apt-microcode
# apt-compiler-pkgs
# apt-webserver-pkgs
# apt-lxc-hosts-pkgs
# apt-mysql-server-pkgs
# apt-postgresql-server-pkgs
# apt-remove
# apt-autoremove
# apt-clean
- import_tasks: apt.yml
tags: apt
# tags supported inside users.yml:
#
# users-exists
# groups-exists
# authorized_key
# sudo-users
# insert-ssh-keypair-backup-server
# keypair-backup-server
# root-defaut-ssh-keypair
# insert_root_ssh_public_key
- import_tasks: users.yml
tags: users
# tags supported inside users-systemfiles.yml:
#
# bash
# profile
# vim
- import_tasks: users-systemfiles.yml
tags: users-systemfiles
# tags supported inside users.yml:
#
# users-exists
# groups-exists
# authorized_key
# sudo-users
# webadmin-defaut-ssh-keypair
# insert_webadmin_ssh_public_key
- import_tasks: webadmin-user.yml
when: groups['webadmin']|string is search(inventory_hostname)
tags:
- users
- users-systemfiles
- webadmin
# tags supported inside sudoers.yml:
#
# sudoers-remove
# sudoers-file-configuration
# sudoers-global-configuration
- import_tasks: sudoers.yml
tags: sudoers
# tags supportetd inside git.yml
#
# git-default-repositories
# git-lxc-guest-repositories
# git-apache2-repositories
# git-nginx-repositories
# git-mysql-server-repositories
# git-nextcloud-server-repositories
# git-postgresql-server-repositories
# git-dns-server-repositories
# git-backup-server-repositories
# git-mailservers-repositories
# git-sympa-repositories
# git-other-repositories
- import_tasks: git.yml
tags: git
# tags supportetd inside caching-nameserver.yml
#
# apt-caching-nameserver
- import_tasks: caching-nameserver.yml
when: groups['caching_nameserver']|string is search(inventory_hostname)
tags: caching-nameserver

28
roles/common/tasks/sshd.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
stat:
path: /etc/ssh/sshd_config.ORIG
register: etc_sshd_sshd_config_ORIG
tags:
- sshd-config
- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
when: etc_sshd_sshd_config_ORIG.stat.exists == False
tags:
- sshd-config
- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
validate: 'sshd -f %s -T'
#backup: yes
notify: "Restart ssh"
tags:
- sshd-config

57
roles/common/tasks/sudoers.yml Normal file
View File

@ -0,0 +1,57 @@
---
- name: (sudoers.yml) include variables
include_vars: "{{ item }}"
with_first_found:
- "sudoers-{{ inventory_hostname }}.yml"
- "sudoers-{{ ansible_distribution_release }}.yml"
- "sudoers-{{ ansible_distribution | lower }}.yml"
- "sudoers-default.yml"
tags:
- sudoers-remove
- sudoers-file-configuration
- sudoers-global-configuration
- name: (sudoers.yml) Remove user entries in file /etc/sudoers
lineinfile:
dest: /etc/sudoers
state: absent
regexp: '^{{ item }}'
owner: root
group: root
mode: 0440
validate: visudo -cf %s
with_items: '{{ sudoers_remove_user }}'
tags:
- sudoers-remove
- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
template:
src: etc/sudoers.d/50-user.j2
dest: /etc/sudoers.d/50-user
#validate: visudo -cf %s
owner: root
group: root
mode: 0440
tags:
- sudoers-file-configuration
- name: (sudoers.yml) update global sudoers configuration file
template:
src: etc/sudoers.j2
dest: /etc/sudoers
owner: root
group: root
mode: 0440
#validate: visudo -cf %s
tags:
- sudoers-global-configuration
- name: (sudoers.yml) Ensure all sudo_users are in sudo group
user:
name: "{{ item }}"
groups: sudo
append: yes
with_items: "{{ sudo_users }}"
tags:
- sudo-users

139
roles/common/tasks/users-systemfiles.yml Normal file
View File

@ -0,0 +1,139 @@
---
# --
# Copy .bashrc
# ---
- name: (users-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
stat:
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_user_orig_exists
with_items: "{{ default_user }}"
tags:
- bash
- name: (users-systemfiles.yml) Backup existing users .bashrc file
command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
with_items: "{{ bashrc_user_orig_exists.results }}"
when: item.stat.exists == False
tags:
- bash
- name: (users-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') }}"
dest: "~{{ item.name }}/.bashrc"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ default_user }}"
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc')
tags:
- bash
- name: (users-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
stat:
path: /root/.bashrc.ORIG
register: bashrc_root_orig_exists
tags:
- bash
- name: (users-systemfiles.yml) Backup /root/.bashrc file
command: cp /root/.bashrc /root/.bashrc.ORIG
when: bashrc_root_orig_exists.stat.exists == False
tags:
- bash
- name: (users-systemfiles.yml) copy .bashrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
dest: "/root/.bashrc"
owner: root
group: root
mode: 0644
when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
tags:
- bash
# --
# Copy .profile
# ---
- name: (users-systemfiles.yml) Check if users file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
with_items: "{{ default_user }}"
tags:
- profile
- name: (users-systemfiles.yml) Backup existing users .profile file
command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
with_items: "{{ profile_user_orig_exists.results }}"
when: item.stat.exists == False
tags:
- profile
- name: (users-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') }}"
dest: "~{{ item.name }}/.profile"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ default_user }}"
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile')
tags:
- profile
- name: (users-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
stat:
path: /root/.profile.ORIG
register: profile_root_orig_exists
tags:
- profile
- name: (users-systemfiles.yml) Backup existing users .profile file
command: cp -a /root/.profile /root/.profile.ORIG
when: profile_root_orig_exists.stat.exists == False
tags:
- profile
- name: (users-systemfiles.yml) copy .profile for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
dest: "/root/.profile"
owner: root
group: root
mode: 0644
when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
tags:
- profile
# --
# Copy .vimrc
# ---
- name: (users-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') }}"
dest: "~{{ item.name }}/.vimrc"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ default_user }}"
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc')
tags:
- vim
- name: (users-systemfiles.yml) copy .vimrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
dest: "/root/.vimrc"
owner: root
group: root
mode: 0644
when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
tags:
- vim

180
roles/common/tasks/users.yml Normal file
View File

@ -0,0 +1,180 @@
---
# ---
# - default user/groups
# ---
- name: (users.yml) Ensure default groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
with_items: '{{ default_user }}'
when: item.group_id is defined
tags:
- groups-exists
- name: (users.yml) Ensure default users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
group: '{{ item.name | default(omit) }}'
home: '{{ item.home | default(omit) }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password }}"
update_password: on_create
with_items: '{{ default_user }}'
tags:
- users-exists
- name: (users.yml) Ensure authorized_key files for default users are present
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- '{{ default_user }}'
- ssh_keys
tags:
- authorized_key
# ---
# - extra user/groups
# ---
- name: (users.yml) Ensure extra groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
with_items: '{{ extra_user }}'
when:
- extra_user is defined and extra_user|length > 0
- item.group_id is defined
tags:
- groups-exists
- name: (users.yml) Ensure extra users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
group: '{{ item.name | default(omit) }}'
home: '{{ item.home | default(omit) }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password }}"
update_password: on_create
with_items: '{{ extra_user }}'
when: extra_user is defined and extra_user|length > 0
tags:
- users-exists
- name: (users.yml) Ensure authorized_key files for extra users are present
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- '{{ extra_user }}'
- ssh_keys
when: extra_user is defined and extra_user|length > 0
tags:
- authorized_key
# ---
# - Take care backup host has rsa key to connect via ssh to the other hosts
# ---
- name: (users.yml) Copy ssh rsa private key to user root of backup server
copy:
src: '{{ item.priv_key_src }}'
dest: '{{ item.priv_key_dest }}'
owner: root
group: root
mode: '0600'
with_items: '{{ ssh_keypair_backup_server }}'
when:
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
- insert_ssh_keypair_backup_server|bool
tags:
- insert-ssh-keypair-backup-server
- keypair-backup-server
- name: (users.yml) Copy ssh rsa public key to user root of backup server
copy:
src: '{{ item.pub_key_src }}'
dest: '{{ item.pub_key_dest }}'
owner: root
group: root
mode: '0644'
with_items: '{{ ssh_keypair_backup_server }}'
when:
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
- insert_ssh_keypair_backup_server|bool
tags:
- insert-ssh-keypair-backup-server
- keypair-backup-server
- name: (users.yml) Ensure user back has public rsa key of backup server
authorized_key:
user: "{{ item.backup_user }}"
key: "{{ lookup('file', item.pub_key_src) }}"
state: present
with_items: '{{ ssh_keypair_backup_server }}'
when: ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
tags:
- authorized_key
- keypair-backup-server
# ---
# - Allow connection via ssh to backup host
# ---
- name: (users.yml) Copy default ed25519 ssh private key to user root
copy:
src: '{{ item.priv_key_src }}'
dest: '{{ item.priv_key_dest }}'
owner: root
group: root
mode: '0600'
#when: groups['oopen_server']|string is search(inventory_hostname)
when:
- insert_root_ssh_keypair|bool
- groups['backup_server']|string is not search(inventory_hostname)
with_items: '{{ root_ssh_keypair }}'
tags:
- insert_root_ssh_keypair
- root-defaut-ssh-keypair
- name: (users.yml) Copy default ed25519 ssh public key to user root
copy:
src: '{{ item.pub_key_src }}'
dest: '{{ item.pub_key_dest }}'
owner: root
group: root
mode: '0644'
with_items: '{{ root_ssh_keypair }}'
#when: groups['oopen_server']|string is search(inventory_hostname)
when:
- insert_root_ssh_keypair|bool
- groups['backup_server']|string is not search(inventory_hostname)
tags:
- insert_root_ssh_keypair
- root-defaut-ssh-keypair
- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key
authorized_key:
user: root
key: "{{ lookup('file', item.pub_key_src) }}"
state: present
with_items: '{{ root_ssh_keypair }}'
when: inventory_hostname == item.target
tags:
- authorized_key
- root-defaut-ssh-keypair

196
roles/common/tasks/webadmin-user.yml Normal file
View File

@ -0,0 +1,196 @@
---
# ---
# - webadmin user/group
# ---
- name: (webadmin-user.yml) Ensure webadmin group exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
with_items: '{{ webadmin_user }}'
when:
- groups['webadmin']|string is search(inventory_hostname)
- webadmin_user is defined
- item.group_id is defined
tags:
- webadmin
- groups-exists
- name: (webadmin-user.yml) Ensure webadmin user exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
group: '{{ item.name | default(omit) }}'
home: '{{ item.home | default(omit) }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password }}"
update_password: on_create
with_items: '{{ webadmin_user }}'
when:
- groups['webadmin']|string is search(inventory_hostname)
- webadmin_user is defined
tags:
- webadmin
- users-exists
- name: (webadmin-user.yml) Ensure authorized_key files for webadmin user is present
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- '{{ webadmin_user }}'
- ssh_keys
when:
- groups['webadmin']|string is search(inventory_hostname)
- webadmin_user is defined
tags:
- webadmin
- authorized_key
- name: (webadmin-user.yml) Copy default ed25519 ssh private key to user webadmin
copy:
src: '{{ item.priv_key_src }}'
dest: '{{ item.priv_key_dest }}'
owner: '{{ item.login }}'
group: '{{ item.login }}'
mode: '0600'
#when: groups['oopen_server']|string is search(inventory_hostname)
when:
- insert_webadmin_ssh_keypair|bool
with_items: '{{ webadmin_ssh_keypair }}'
tags:
- webadmin
- webadmin-defaut-ssh-keypair
- name: (webadmin-user.yml) Copy default ssh key ed25519 public key to user webadmin
copy:
src: '{{ item.pub_key_src }}'
dest: '{{ item.pub_key_dest }}'
owner: '{{ item.login }}'
group: '{{ item.login }}'
mode: '0644'
with_items: '{{ webadmin_ssh_keypair }}'
when:
- insert_webadmin_ssh_keypair|bool
tags:
- webadmin
- webadmin-defaut-ssh-keypair
- name: (webadmin-user.yml) Ensure .ssh/config of user webadmin is up-to-date
template:
src: var/www/.ssh/config.j2
dest: '~webadmin/.ssh/config'
owner: webadmin
group: webadmin
mode: '0644'
when:
- insert_webadmin_ssh_keypair|bool
tags:
- webadmin
- webadmin-defaut-ssh-keypair
# devel-repos contains SVN repositiries; webadmin must have ssh access to
# to webadmin at devel-repos to manage SVN repository
#
- name: (webadmin-user.yml) Ensure authorized_key on devel-repos hosts contains public key
authorized_key:
user: "{{ item.login }}"
key: "{{ lookup('file', item.pub_key_src) }}"
state: present
with_items: '{{ webadmin_ssh_keypair }}'
when: inventory_hostname == item.target
tags:
- webadmin
- authorized_key
- insert_webadmin_ssh_public_key
# --
# Copy .bashrc
# ---
- name: (webadmin-user.yml) Check if webadmin's file '.bashrc.ORIG' exists
stat:
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_webadmin_orig_exists
with_items: "{{ webadmin_user }}"
tags:
- webadmin
- bash
- name: (webadmin-user.yml) Backup existing webadmin's .bashrc file
command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
with_items: "{{ bashrc_webadmin_orig_exists.results }}"
when: item.stat.exists == False
tags:
- webadmin
- bash
- name: (webadmin-user.yml) copy new .bashrc ifor webadmin if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') }}"
dest: "~{{ item.name }}/.bashrc"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ webadmin_user }}"
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc')
tags:
- webadmin
- bash
# --
# Copy .profile
# ---
- name: (webadmin-user.yml) Check if webadmin's file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_webadmin_orig_exists
with_items: "{{ webadmin_user }}"
tags:
- webadmin
- profile
- name: (webadmin-user.yml) Backup existing users .profile file
command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
with_items: "{{ profile_webadmin_orig_exists.results }}"
when: item.stat.exists == False
tags:
- webadmin
- profile
- name: (webadmin-user.yml) copy .profile for user webadmin if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') }}"
dest: "~{{ item.name }}/.profile"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ webadmin_user }}"
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile')
tags:
- webadmin
- profile
# --
# Copy .vimrc
# ---
- name: (webadmin-user.yml) copy .vimrc for user webadmin if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') }}"
dest: "~{{ item.name }}/.vimrc"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ webadmin_user }}"
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc')
tags:
- webadmin
- vim

28
roles/common/templates/etc/apt/sources.list.Debian.j2 Normal file
View File

@ -0,0 +1,28 @@
# {{ ansible_managed }}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
{{ '# ' if not apt_src_enable else '' }}deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
# {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
# Contrib packages contain DFSG-compliant software,
# but have dependencies not in main (possibly packaged for Debian in non-free).
# Non-free contains software that does not comply with the DFSG.
{% if apt_debian_contrib_nonfree_enable %}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
{% endif %}
# # N.B. software from this repository may not have been tested as
# # extensively as that contained in the main release, although it includes
# # newer versions of some applications which may provide useful features.
{% if apt_backports_enable %}
deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
{% endif %}

106
roles/common/templates/etc/bind/named.conf.options.j2 Normal file
View File

@ -0,0 +1,106 @@
# {{ ansible_managed }}
{% if acl_caching_nameserver is defined and acl_caching_nameserver|length > 0 %}
{% for acl in acl_caching_nameserver %}
acl {{ acl.name }} {
{% for entry in acl.entries %}
{{ entry }}
{% endfor %}
};
{% endfor %}
{% endif %}
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
// caching name services
recursion yes;
{% if acl_caching_nameserver is defined and acl_caching_nameserver|length > 0 %}
listen-on port 53 {
any ;
};
listen-on-v6 port 53 {
any;
};
allow-recursion {
127.0.0.1;
::1 ;
{% for acl in acl_caching_nameserver %}
{{ acl.name }};
{% endfor %}
};
{% else %}
listen-on port 53 {
127.0.0.1;
};
listen-on-v6 port 53 {
::1;
};
allow-recursion {
127.0.0.1;
::1;
};
{% endif %}
};
logging {
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
channel queries_log {
file "/var/log/named/query.log" versions 5 size 2m;
severity info;
print-time yes;
print-severity yes;
print-category no;
};
channel dnssec_log {
file "/var/log/named/dnssec.log" versions 5 size 2m;
severity debug 3;
print-time yes;
print-severity yes;
print-category yes;
};
category resolver {
queries_log;
};
category queries {
queries_log;
};
category dnssec {
dnssec_log;
};
category default{
simple_log;
};
};

286
roles/common/templates/etc/ssh/sshd_config.j2 Normal file
View File

@ -0,0 +1,286 @@
# {{ ansible_managed }}
#-----------------------------
# Daemon
#-----------------------------
# What ports, IPs and protocols we listen for
{% for item in sshd_ports %}
Port {{ item }}
{% endfor %}
# Specifies the local addresses sshd(8) should listen on. The following forms may be used:
#
# ListenAddress host|IPv4_addr|IPv6_addr
# ListenAddress host|IPv4_addr:port
# ListenAddress [host|IPv6_addr]:port
#
# If port is not specified, sshd will listen on the address and all Port options specified. The default
# is to listen on all local addresses. Multiple ListenAddress options are permitted.
#
# ListenAddress ::
# ListenAddress 0.0.0.0
# ListenAddress 159.69.72.24
# ListenAddress 2a01:4f8:231:171f::2
#
{% if (sshd_listen_address is defined) and sshd_listen_address %}
{% for item in sshd_listen_address %}
ListenAddress {{ item }}
{% endfor %}
{% endif %}
# Specifies the protocol versions sshd(8) supports.
# The possible values are 1 , `2' and 1,2.
# The default is 2.
Protocol 2
# HostKeys for protocol version 2
{% for item in sshd_host_keys %}
HostKey {{ item }}
{% endfor %}
# Lifetime and size of ephemeral version 1 server key
#
# Note:
# Deprecated option KeyRegenerationInterval
# Deprecated option ServerKeyBits
#
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Specifies the maximum number of concurrent unauthenticated connections
# to the SSH daemon. See sshd_config(5) for specifiing the three colon
# separated values.
# The default is 10.
#MaxStartups 10:30:100
#MaxStartups 3
MaxStartups 10:30:100
# Specifies the maximum number of authentication attempts permitted per
# connection.
# The default is 6.
MaxAuthTries 3
# Specifies the maximum number of open sessions permitted per network
# connection.
# The default is 10.
MaxSessions 10
#-----------------------------
# Authentication
#-----------------------------
# Specifies whether sshd(8) separates privileges by creating an unprivileged
# child process to deal with incoming network traffic.
# The default is "yes" (for security).
UsePrivilegeSeparation yes
# The server disconnects after this time if the user has not
# successfully logged in.
# The default is 120 seconds.
LoginGraceTime 120
# Specifies whether root can log in using ssh(1).
# The default is "yes".
# Possible values: yes, no, prohibit-password (or teh older one: without-password)
#PermitRootLogin yes
PermitRootLogin {{ sshd_permit_root_login }}
# Specifies whether sshd(8) should check file modes and ownership of the
# user's files and home directory before accepting login. This is normally
# desirable because novices sometimes accidentally leave their directory or
# files world-writable. Note that this does not apply to ChrootDirectory,
# whose permissions and ownership are checked unconditionally.
# The default is “yes”.
StrictModes yes
# Specifies whether pure RSA authentication is allowed. This option
# applies to protocol version 1 only.
# The default is “yes”.
#
# Note:
# Deprecated option RSAAuthentication
#
#RSAAuthentication yes
# Specifies whether public key authentication is allowed. Note that this
# option applies to protocol version 2 only.
# The default is “yes”.
PubkeyAuthentication {{ sshd_pubkey_authentication }}
# Specifies the file that contains the public keys that can be used for
# user authentication. The format is described in the AUTHORIZED_KEYS FILE
# FORMAT section of sshd(8).
# AuthorizedKeysFile may contain tokens of the form %T which are substituted
# during connection setup. The following tokens are defined: %% is replaced
# by a literal '%', %h is replaced by the home directory of the user being
# authenticated, and %u is replaced by the username of that user. After
# expansion, AuthorizedKeysFile is taken to be an absolute path or one relative
# to the user's home directory. Multiple files may be listed, separated by
# whitespace.
# The default is “.ssh/authorized_keys .ssh/authorized_keys2”.
#AuthorizedKeysFile %h/.ssh/authorized_keys
AuthorizedKeysFile {{ sshd_authorized_keys_file }}
# Specifies whether password authentication is allowed.
# Change to no to disable tunnelled clear text passwords
# The default is "yes".
#PasswordAuthentication yes
PasswordAuthentication {{ sshd_password_authentication }}
# When password authentication is allowed, it specifies whether the
# server allows login to accounts with empty password strings.
# The default is “no”.
PermitEmptyPasswords no
# Specifies whether challenge-response authentication is allowed (e.g. via PAM).
# The default is “yes”.
ChallengeResponseAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
#
# Note:
# Deprecated option RhostsRSAAuthentication
#
#RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Specifies whether sshd(8) should ignore the user's ~/.ssh/known_hosts
# during RhostsRSAAuthentication or HostbasedAuthentication.
# The default is “no”.
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# If specified, login is allowed only for user names that match one of
# the patterns.
# The allow/deny directives are processed in the following order: DenyUsers,
# AllowUsers, DenyGroups, and finally AllowGroups.
# By default, login is allowed for all users.
#AllowUsers chris cityslang sysadm
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
# Specifies whether login(1) is used for interactive login sessions.
# Note that login(1) is never used for remote command execution.
# Note also, that if this is enabled, X11Forwarding will be disabled
# because login(1) does not know how to handle xauth(1) cookies. If
# UsePrivilegeSeparation is specified, it will be disabled after
# authentication.
# The default is “no”.
#UseLogin no
#-----------------------------
# Logging
#-----------------------------
# Gives the facility code that is used when logging messages from sshd(8).
# The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
# LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
# The default is AUTH.
SyslogFacility AUTH
# Gives the verbosity level that is used when logging messages from
# sshd(8).
# The default is INFO.
LogLevel INFO
#-----------------------------
# Behavior
#-----------------------------
# Specifies whether the distribution-specified extra version suffix is included
# during initial protocol handshake.
# The default is "yes".
DebianBanner no
# The contents of the specified file are sent to the remote user before
# authentication is allowed.
# By default, no banner is displayed.
#Banner /etc/issue.net
# Specifies whether sshd(8) should print /etc/motd when a user logs in
# interactively. (On some systems it is also printed by the shell,
# /etc/profile, or equivalent.)
# The default is “yes”.
PrintMotd {{ sshd_print_motd }}
# Specifies what environment variables sent by the client will be copied
# into the session's environ(7).
# The default is not to accept any environment variables.
AcceptEnv LANG LC_*
# Configures an external subsystem (e.g. file transfer daemon).
# By default no subsystems are defined.
Subsystem sftp /usr/lib/openssh/sftp-server
# Specifies whether sshd(8) should look up the remote host name and check
# that the resolved host name for the remote IP address maps back to the
# very same IP address.
# The default is “yes”.
UseDNS {{ sshd_use_dns }}
# Specifies whether X11 forwarding is permitted. The argument must be
# “yes” or “no”. See sshd_config(5) for further expalnation
# The default is “no”.
#X11Forwarding yes
# Specifies the first display number available for sshd(8)'s X11
# forwarding. This prevents sshd from interfering with real X11 servers.
# The default is 10.
X11DisplayOffset 10
# Specifies whether the system should send TCP keepalive messages to the
# other side. If they are sent, death of the connection or crash of one
# of the machines will be properly noticed. However, this means
# that connections will die if the route is down temporarily, and some
# people find it annoying. On the other hand, if TCP keepalives are not
# sent, sessions may hang indefinitely on the server, leaving “ghost” users
# and consuming server resources.
#
# The default is “yes” (to send TCP keepalive messages), and the server
# will notice if the network goes down or the client host crashes. This
# avoids infinitely hanging sessions.
TCPKeepAlive yes
#Specifies whether sshd(8) should print the date and time of the last
# user login when a user logs in interactively.
# The default is “yes”.
PrintLastLog yes
#-----------------------------
# Kerberos options
#-----------------------------
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#-----------------------------
# GSSAPI options
#-----------------------------
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

84
roles/common/templates/etc/sudoers.d/50-user.j2 Normal file
View File

@ -0,0 +1,84 @@
# {{ ansible_managed }}
{% for item in sudoers_file_defaults | default([]) %}
Defaults {{ item }}
{% endfor %}
# Host alias specification
{% for item in sudoers_file_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User alias specification
{% for item in sudoers_file_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Cmnd alias specification
{% for item in sudoers_file_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Runas alias specification
{% for item in sudoers_file_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User privilege specification
{# rule for user 'back' #}
{% for item in sudoers_file_user_back_privileges | default([]) %}
back {{ item }}
{% endfor -%}
{%- if ansible_virtualization_role == 'host' %}
{% for item in sudoers_file_user_back_disk_privileges | default([]) %}
back {{ item }}
{% endfor %}
{% endif -%}
{%- if groups['webadmin']|string is search(inventory_hostname) %}
{% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %}
webadmin {{ item }}
{% endfor %}
{% endif -%}
{%- if groups['postgresql_server']|string is search(inventory_hostname) %}
{% for item in sudoers_file_user_back_postgres_privileges | default([]) %}
back {{ item }}
{% endfor %}
{% endif -%}
{# dns server #}
{%- if groups['dns_server']|string is search(inventory_hostname) %}
{% for item in sudoers_file_dns_server_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif -%}
{# postfixadmin rules #}
{%- if groups['mail_server']|string is search(inventory_hostname) %}
{% for item in sudoers_file_postfixadmin_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif -%}
{# other (host specific) rules #}
{%- if (sudoers_file_user_privileges is defined and sudoers_file_user_privileges) %}
{% for item in sudoers_file_user_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif %}
# Group privilege specification

53
roles/common/templates/etc/sudoers.j2 Normal file
View File

@ -0,0 +1,53 @@
# {{ ansible_managed }}
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
{% for item in sudoers_defaults %}
{% if item != '' %}
Defaults {{ item }}
{% endif %}
{% endfor %}
# Host alias specification
{% for item in sudoers_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User alias specification
{% for item in sudoers_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Cmnd alias specification
{% for item in sudoers_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Runas alias specification
{% for item in sudoers_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User privilege specification
{% for item in sudoers_user_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Group privilege specification
{% for item in sudoers_group_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

8
roles/common/templates/var/www/.ssh/config.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Host wf.oopen.de 80.152.216.128 gw-d11.oopen.de d11.warenform.de
user webadmin
Protocol 2
Port 9998
ForwardAgent yes
StrictHostKeyChecking no

218
roles/common/vars/git-debian.yml Normal file
View File

@ -0,0 +1,218 @@
# vars file for git
---
# ---
# all servers
# ---
git_default_repositories:
# script repositories (destination /root/bin/)
- name: admin-stuff
repo: https://git.oopen.de/script/admin-stuff
dest: /root/bin/admin-stuff
- name: postfix
repo: https://git.oopen.de/script/postfix
dest: /root/bin/postfix
# install repositories (destination: /usr/local/src/)
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# ---
# group [lxc_host]
# ---
git_lxc_host_repositories:
# Monitoring
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# LXC
- name: LXC
repo: https://git.oopen.de/script/LXC
dest: /root/bin/LXC
# firewall
- name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# group [lxc_guest]
# ---
git_lxc_guest_repositories:
# dehydrated-cron
- name: dehydrated-cron
repo: https://git.codecoop.org/so36intern/dehydrated-cron.git
dest: /usr/local/src/dehydrated-cron
# firewall
- name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# group [apache2_webserver]
# ---
git_apache2_repositories:
# script repositories (destination /root/bin/)
- name: apache2
repo: https://git.oopen.de/script/apache2
dest: /root/bin/apache2
# install repositories (destination: /usr/local/src/)
- name: apache2
repo: https://git.oopen.de/install/apache2
dest: /usr/local/src/apache2
- name: php
repo: https://git.oopen.de/install/php
dest: /usr/local/src/php
# ---
# group [nginx_webserver]
# ---
git_nginx_repositories: []
# ---
# group [mysql_server]
# ---
git_mysql_repositories:
# script repositories (destination /root/bin/)
- name: mysql
repo: https://git.oopen.de/script/mysql
dest: /root/bin/mysql
# install repositories (destination: /usr/local/src/)
- name: mysql
repo: https://git.oopen.de/install/mysql
dest: /usr/local/src/mysql
# ---
# group [postgresql_server]
# ---
git_postgresql_repositories:
# script repositories (destination /root/bin/)
- name: postgres
repo: https://git.oopen.de/script/postgres
dest: /root/bin/postgres
# ---
# group [nextcloud_server]
# ---
git_nextcloud_repositories:
# script repositories (destination /root/bin/)
- name: nextcloud
repo: https://git.oopen.de/script/nextcloud
dest: /root/bin/nextcloud
# install repositories (destination: /usr/local/src/)
- name: nextcloud
repo: https://git.oopen.de/install/nextcloud
dest: /usr/local/src/nextcloud
# ---
# group [dns_server]
# ---
git_dns_repositories:
# script repositories (destination /root/bin/)
- name: bind
repo: https://git.oopen.de/script/bind
dest: /root/bin/bind
# ---
# group [backup_server]
# ---
git_backup_repositories:
# script repositories (destination /root/bin/)
- name: backup-rcopy
repo: https://git.oopen.de/backup/backup-rcopy
dest: /root/crontab/backup-rcopy
# ---
# group [samba_server]
# ---
git_samba_repositories:
# script repositories (destination /root/bin/)
- name: samba
repo: https://git.oopen.de/script/samba
dest: /root/bin/samba
# ---
# group [mail_server]
# ---
git_mailserver_repositories:
# script repositories (destination /root/bin/)
- name: apache2
repo: https://git.oopen.de/script/apache2
dest: /root/bin/apache2
- name: postfix
repo: https://git.oopen.de/script/postfix
dest: /root/bin/postfix
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# install repositories (destination: /usr/local/src/)
- name: apache2
repo: https://git.oopen.de/install/apache2
dest: /usr/local/src/apache2
- name: php
repo: https://git.oopen.de/install/php
dest: /usr/local/src/php
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# let's encrypt
- name: dehydrated-cron
repo: https://git.codecoop.org/so36intern/dehydrated-cron.git
dest: /usr/local/src/dehydrated-cron
# firewall
- name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# group [sympa_list_servers]
# ---
git_sympa_repositories:
# install repositories (destination: /usr/local/src/)
- name: sympa
repo: https://git.oopen.de/install/sympa
dest: /usr/local/src/sympa
# ---
# Use this for host specific repositories defined in files git-<hostname>.yaml
#
# Leave empty here
# ---
git_other_repositories: []

87
roles/common/vars/sudoers-debian.yml Normal file
View File

@ -0,0 +1,87 @@
# vars file for sudoers
---
# ---
# /etc/sudoers
# ---
sudoers_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_host_aliases: []
sudoers_user_aliases: []
sudoers_cmnd_aliases: []
sudoers_runas_aliases: []
sudoers_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_group_privileges: []
sudoers_remove_user:
- back
- www-data
# ---
# /etc/sudoers.d/50-user
# ---
sudoers_file_defaults: []
sudoers_file_host_aliases: []
sudoers_file_user_aliases: []
sudoers_file_cmnd_aliases: []
sudoers_file_runas_aliases: []
sudoers_file_user_back_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/rsync'
- 'ALL=(root) NOPASSWD: /usr/bin/find'
- 'ALL=(root) NOPASSWD: /usr/bin/realpath'
sudoers_file_user_back_postgres_privileges:
- 'ALL=(postgres) NOPASSWD: /usr/bin/psql'
- 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dump'
- 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dumpall'
sudoers_file_user_back_disk_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/which'
- 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*'
- 'ALL=(root) NOPASSWD: /sbin/fdisk'
- 'ALL=(root) NOPASSWD: /sbin/sgdisk'
- 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*'
- 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*'
- 'ALL=(root) NOPASSWD: /sbin/parted'
- 'ALL=(root) NOPASSWD: /sbin/gdisk'
sudoers_file_user_webadmin_disk_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/mailq'
- 'ALL=(root) NOPASSWD: /usr/bin/tail'
- 'ALL=(root) NOPASSWD: /usr/bin/view'
sudoers_file_dns_server_privileges:
- name: manage-bind
entry: 'ALL=(root) NOPASSWD: /usr/local/bin/bind_*'
- name: manage-bind
entry: 'ALL=(root) NOPASSWD: /root/bin/bind/bind_*'
- name: chris
entry: 'ALL=(root) NOPASSWD: /root/bin/bind/*'
sudoers_file_postfixadmin_privileges:
- name: www-data
entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh'
- name: www-data
entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-domain-postdeletion.sh'
sudoers_file_user_privileges: []
sudoers_file_group_privileges: []