Initial commit

.gitignore

@@ -0,0 +1 @@
+*.swp

DOC/README.ad-hoc

@@ -0,0 +1,21 @@
+# ----
+# Execute 'ad-hoc' command through ansible with extended privileges
+# ---
+
+ansibl all --become --become-method sudo --ask-become-pass -a 'whoami'
+
+ansible all --become --become-method sudo --ask-become-pass -a 'uptime'
+
+# - Note:
+# -    alternatively, you can out the following entrie into your 'ansible-cfg' file:
+# -
+# -    [privilege_escalation]
+# -    become=True
+# -    become_method=sudo
+# -    become_ask_pass=True
+# -
+# -    Now you can omit the the 'becom' flags:
+# -
+ansible all -a 'whoami'
+ansible all -a 'uptime'
+

DOC/README.check-if-empty

@@ -0,0 +1,33 @@
+
+
+# - Ansible List
+# -
+# - Python lists have a truthiness of False when empty. So you
+# - can use:
+# -    when: <listname>
+# -
+# - Example:
+# -    root_user: {} or
+# -    root_user:
+# -      - value1
+# -      - value2
+# -
+# - Check if list 'root_user' is empty:
+# -    when: root_user
+
+
+# - Ansible Array /Scalar
+# -
+# - use:
+# -    when <var> is defined and <var>.lenght > 0
+# -
+# - Example:
+# -    apt_lxc_host_pkgs: []
+# -    apt_lxc_host_pkgs:
+# -      - bridge-utils
+# -      - lxc
+# -      - btrfs-tools
+# -      - lua5.3
+# -
+# - Check if list 'apt_lxc_host_pkgs'' is empty:
+# -    when: apt_lxc_host_pkgs is defined and apt_lxc_host_pkgs.length > 0

DOC/README.disable-root-login

@@ -0,0 +1,12 @@
+  handlers:
+  - name: "Restart sshd"
+    service:
+      name: "sshd"
+      state: "restarted"
+
+  - name: "Disable root login via SSH"
+    lineinfile:
+      dest: "/etc/ssh/sshd_config"
+      regexp: "^PermitRootLogin"
+      line: "PermitRootLogin no"
+    notify: "Restart sshd"

DOC/README.gather-facts

@@ -0,0 +1,8 @@
+# ----
+# Execute 'ad-hoc' command to gather available 'facts'
+# ---
+
+ansible test.mx.oopen.de -m setup 
+
+
+ansible test.mx.oopen.de -m setup -a "filter=*distribution*"

DOC/README.troubleshooting

@@ -0,0 +1,44 @@
+# ==========
+# running command: Troubleshooting, Tips, and Tricks
+# ==========
+
+see also: https://ansible-tips-and-tricks.readthedocs.io/en/latest/ansible/commands/
+
+
+# ---
+# - Busted Cache
+# ---
+
+# Sometimes Ansible has a tendency to hold on to variables too long, which causes 
+# Ansible to think that a task/operation had already been done or changed when in 
+# fact it didn't.
+# 
+# A simple fix is to flush the redis cache during a code execution.
+# 
+# This can be done like this:
+#
+ansible-playbook playbooks/PLAYBOOK_NAME.yml --flush-cache
+
+
+# ---
+# - Check for bad syntax
+# ---
+
+# One can check to see if code contains any syntax errors by running the playbook.
+# 
+# Check for bad syntax:
+#
+ansible-playbook playbooks/PLAYBOOK_NAME.yml --syntax-check
+
+
+# ---
+# - Running a playbook in dry-run mode
+# ---
+
+# Sometimes it can be useful to see what Ansible might do, but without actually 
+# changing anything.
+# 
+# One can run in dry-run mode like this:
+#
+ansible-playbook playbooks/PLAYBOOK_NAME.yml --check
+

ansible-dependencies-sudo.yml

@@ -0,0 +1,8 @@
+---
+
+- hosts: initial_setup
+  gather_facts: false
+
+  roles:
+     - ansible_dependencies
+     - ansible_user

ansible-dependencies.yml

@@ -0,0 +1,15 @@
+---
+
+- hosts: initial_setup
+  remote_user: root
+  become: false
+  gather_facts: false
+
+  vars_prompt:
+
+    - name: ansible_ssh_pass
+      prompt: "Give root's password here"
+
+  roles:
+     - ansible_dependencies
+     - ansible_user

ansible.cfg

@@ -0,0 +1,44 @@
+# config file for ansible -- http://ansible.com/
+# ==============================================
+# exmaple:https://raw.github.com/ansible/ansible/devel/examples/ansible.cfg
+#
+# nearly all parameters can be overridden in ansible-playbook
+# or with command line flags. ansible will read ANSIBLE_CONFIG,
+# ansible.cfg in the current working directory, .ansible.cfg in
+# the home directory or /etc/ansible/ansible.cfg, whichever it
+# finds first
+
+
+[defaults]
+#ansible_managed = ** Ansible managed: DO NOT EDIT DIRECTLY **
+ansible_managed = ############################################ #
+ #          --------------------------          #
+ #          ** DO NOT EDIT DIRECTLY **          #
+ #          --------------------------          #
+ #             Ansible managed file             #
+ # ############################################ #
+#gathering = smart
+#fact_caching = jsonfile
+#fact_caching_connection = ~/.cache/
+#fact_caching_timeout = 86400
+#forks = 20
+inventory = ./hosts
+remote_user = chris
+roles_path = ./roles
+vault_password_file = open_the_vault.sh
+#retry_files_enabled = False
+#allow_world_readable_tmpfiles = True
+#interpreter_python: auto
+interpreter_python: /usr/bin/python3
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_ask_pass=True
+
+[ssh_connection]
+
+# By default, this option is disabled to preserve compatibility with
+# sudoers configurations that have requiretty (the default on many distros).
+#
+#pipelining = True

common.yml

@@ -0,0 +1,20 @@
+---
+
+# Intended to be run once for every new server to secure the ssh connection allowing the team access
+# with their public keys. This script will lock itself out from every server it is run on.
+# Further playbooks are intended to be run by logging in as one of the created users.
+# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
+# the time of this writing.
+
+# The used login data depends on the used server provider. In most cases the ansible_user will be
+# root, but we can't safely assume anything.
+# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
+# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
+# For real providers it could look like:
+# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
+# If you don't have a ssh-key on the server and the server expects password authentication use:
+# ansible-playbook first_run.yml -i hosts -u root --ask-pass
+
+- hosts: all
+  roles:
+    - common

extra-run.yml

@@ -0,0 +1,6 @@
+---
+
+- hosts: extra_hosts
+
+  roles:
+    - common

files/homedirs/axel/_bashrc

@@ -0,0 +1,117 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups
+# ... or force ignoredups and ignorespace
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -l'
+alias la='ls -A'
+alias l='ls -CF'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+export EDITOR=vim
+
+## - set beep more quiet
+## -
+#xset b 10 500 50
+
+### eigene definitionen
+set ruler
+set paste
+set number
+set shiftwidth=4
+set tabstop=4
+

files/homedirs/axel/_profile

@@ -0,0 +1,30 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+#. /usr/lib/mc/bin/mc.sh
+. /usr/share/mc/bin/mc.sh
+

files/homedirs/axel/_vimrc

@@ -0,0 +1,177 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set noexpandtab
+set shiftwidth=4
+set tabstop=4
+set softtabstop=4
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+set number
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+
+colorscheme PaperColor

files/homedirs/back/_bashrc

@@ -0,0 +1,113 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups
+# ... or force ignoredups and ignorespace
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+if [ "$color_prompt" = yes ]; then
+    #PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@${__hostname}:\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    #PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\u@${__hostname}:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -l'
+alias la='ls -A'
+alias l='ls -CF'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+export EDITOR=vim
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/back/_profile

@@ -0,0 +1,30 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+#. /usr/lib/mc/bin/mc.sh
+. /usr/share/mc/bin/mc.sh
+

files/homedirs/back/_vimrc

@@ -0,0 +1,173 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set shiftwidth=3
+set tabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+

files/homedirs/chris/_bashrc

@@ -0,0 +1,113 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups
+# ... or force ignoredups and ignorespace
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+if [ "$color_prompt" = yes ]; then
+    #PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@${__hostname}:\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    #PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+    PS1='${debian_chroot:+($debian_chroot)}\u@${__hostname}:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -l'
+alias la='ls -A'
+alias l='ls -CF'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+export EDITOR=vim
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/chris/_profile

@@ -0,0 +1,30 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+#. /usr/lib/mc/bin/mc.sh
+. /usr/share/mc/bin/mc.sh
+

files/homedirs/chris/_vimrc

@@ -0,0 +1,173 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set shiftwidth=3
+set tabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+

files/homedirs/root/_bashrc

@@ -0,0 +1,75 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
+# ... or force ignoredups and ignorespace
+export HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
+# umask 022
+#export PS1='\h:\w \$ '
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+export PS1='${__hostname}:\w \$ '
+umask 022
+
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -al'
+alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+#alias rm='rm -i'
+#alias cp='cp -i'
+#alias mv='mv -i'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+
+alias poweroff='echo -e "\n\tplease use:  /sbin/poweroff\n"'
+alias reboot='echo -e "\n\tplease use:  /sbin/reboot\n"'
+
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+
+export EDITOR=vim
+
+export LINES=64
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/root/_profile

@@ -0,0 +1,24 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+   PATH="$HOME/bin:$PATH"
+fi
+if [ -d "$HOME/bin/admin-stuff" ] ; then
+   PATH="$HOME/bin/admin-stuff:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+# . /usr/lib/mc/bin/mc.sh
+. /usr/share/mc/bin/mc.sh
+
+mesg n

files/homedirs/root/_vimrc

@@ -0,0 +1,173 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set shiftwidth=3
+set tabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+

files/homedirs/sysadm/_bashrc

@@ -0,0 +1,75 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
+# ... or force ignoredups and ignorespace
+export HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
+# umask 022
+#export PS1='\h:\w \$ '
+__hostname="$(hostname -f)"
+__hostname="${__hostname%.*}"
+__hostname="${__hostname%.*}"
+export PS1='${__hostname%.*}:\w \$ '
+umask 022
+
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias la='ls $LS_OPTIONS -al'
+alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+#alias rm='rm -i'
+#alias cp='cp -i'
+#alias mv='mv -i'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+
+alias poweroff='echo -e "\n\tplease use:  /sbin/poweroff\n"'
+alias reboot='echo -e "\n\tplease use:  /sbin/reboot\n"'
+
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+
+export EDITOR=vim
+
+export LINES=64
+
+## - set beep more quiet
+## -
+#xset b 10 500 50

files/homedirs/sysadm/_profile

@@ -0,0 +1,24 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+   PATH="$HOME/bin:$PATH"
+fi
+if [ -d "$HOME/bin/admin-stuff" ] ; then
+   PATH="$HOME/bin/admin-stuff:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+# . /usr/lib/mc/bin/mc.sh
+. /usr/share/mc/bin/mc.sh
+
+mesg n

files/homedirs/sysadm/_vimrc

@@ -0,0 +1,173 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set shiftwidth=3
+set tabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+

files/homedirs/webadmin/_bashrc

@@ -0,0 +1,117 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+HISTCONTROL=$HISTCONTROL${HISTCONTROL+:}ignoredups
+# ... or force ignoredups and ignorespace
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -l'
+alias la='ls -A'
+alias l='ls -CF'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
+
+export EDITOR=vim
+
+## - set beep more quiet
+## -
+#xset b 10 500 50
+
+### eigene definitionen
+set ruler
+set paste
+set number
+set shiftwidth=4
+set tabstop=4
+

files/homedirs/webadmin/_profile

@@ -0,0 +1,30 @@
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+	. "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+#. /usr/lib/mc/bin/mc.sh
+. /usr/share/mc/bin/mc.sh
+

files/homedirs/webadmin/_vimrc

@@ -0,0 +1,177 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set noexpandtab
+set shiftwidth=4
+set tabstop=4
+set softtabstop=4
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+set number
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+
+colorscheme PaperColor

group_vars/all/main.yml

@@ -0,0 +1,514 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+apt_ansible_dependencies:
+  - python
+  - python-apt
+  - python3
+  - python3-apt
+  - lsb-release
+  - vim
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+ansible_remote_user: 
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+time_zone: Europe/Berlin
+
+locales:
+  - en_US.UTF-8
+  - de_DE.UTF-8
+
+set_default_limit_nofile: false
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_ports:
+  - 22
+
+sshd_listen_address:
+   - '::'
+   - '0.0.0.0'
+
+sshd_host_keys:
+  - /etc/ssh/ssh_host_rsa_key
+  - /etc/ssh/ssh_host_ecdsa_key
+  - /etc/ssh/ssh_host_ed25519_key
+
+sshd_permit_root_login: !!str "no"
+
+sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2"
+
+sshd_pubkey_authentication: !!str "yes"
+
+sshd_password_authentication: !!str "no"
+
+sshd_print_motd: !!str "no"
+
+sshd_use_dns: !!str "no"
+
+
+# ---
+# vars used by apt.yml
+# ---
+
+apt_manage_sources_list: true
+
+apt_src_enable: true
+apt_backports_enable: true
+
+apt_debian_mirror: http://ftp.de.debian.org/debian/
+apt_debian_contrib_nonfree_enable: true
+
+apt_update_cache_valid_time: 3600
+
+apt_upgrade: true
+apt_update: true
+
+apt_clean: true
+apt_autoremove: true
+
+apt_dpkg_configure: true
+apt_upgrade_type: dist
+apt_upgrade_dpkg_options:
+  - force-confdef
+  - force-confold
+
+apt_initial_install_stretch:
+   - openssh-server
+   - rssh
+   - vim
+   - vim-common
+   - vim-doc
+   - mc
+   - screen
+   - tmux
+   - bc
+   - figlet
+   - rcconf
+   - sudo
+   - rsync
+   - dselect
+   - iputils-ping
+   - apt-utils
+   - aptitude
+   - apt-transport-https
+   - zip
+   - unzip
+   - bzip2
+   - arj
+   - locate
+   - curl
+   - gawk
+   - mawk
+   - lynx
+   - links
+   - w3m
+   - exuberant-ctags
+   - mime-support
+   - file
+   - coreutils
+   - moreutils
+   - less
+   - realpath
+   - sipcalc
+   - psmisc
+   - dnsutils
+   - rblcheck
+   - whois
+   - gettext
+   - gettext-base
+   - gettext-doc
+   - debian-keyring
+   - patch
+   - patchutils
+   - recode
+   - recode-doc 
+   - librecode0
+   - librecode-dev
+   - sharutils
+   - perl
+   - perl-modules-5.24
+   - perl-doc
+   - libperl-dev
+   - libterm-readline-gnu-perl
+   - libterm-readline-perl-perl
+   - libterm-readkey-perl
+   - libmail-imapclient-perl
+   - libtime-duration-perl
+   - libtimedate-perl
+   - libwww-perl
+   - libpcre3
+   - libreadline5
+   - re2c
+   - util-linux
+   - parted
+   - lshw
+   - gdisk
+   - smartmontools
+   - tcpdump
+   - telnet
+   - unhide
+   - lsof
+   - hdparm
+   - groff
+   - iproute2
+   - bridge-utils
+   - vlan
+   - ethtool
+   - wipe
+   - iperf
+   - mtr
+   - iptraf
+   - wget
+   - logrotate
+   - rsyslog
+   - haveged
+   - rdate
+   - ntpdate
+   - wipe
+   - man-db
+   - groff
+   - iptables
+   - shellcheck
+   - ssl-cert
+   - ssl-cert-check
+   - git
+   - ftp
+   - htop
+   - net-tools
+   - lsb-release
+   - attr
+   - acl
+   - quota
+   - quotatool
+   - needrestart
+
+apt_initial_install_buster:
+   - openssh-server
+   - rush
+   - vim
+   - vim-common
+   - vim-doc
+   - mc
+   - screen
+   - tmux
+   - bc
+   - figlet
+   - rcconf
+   - sudo
+   - rsync
+   - dselect
+   - iputils-ping
+   - apt-utils
+   - aptitude
+   - apt-transport-https
+   - zip
+   - unzip
+   - bzip2
+   - arj
+   - locate
+   - curl
+   - gawk
+   - mawk
+   - lynx
+   - links
+   - w3m
+   - ctags
+   - mime-support
+   - file
+   - coreutils
+   - moreutils
+   - less
+   - sipcalc
+   - psmisc
+   - dnsutils
+   - rblcheck
+   - whois
+   - gettext
+   - gettext-base
+   - gettext-doc
+   - debian-keyring
+   - patch
+   - patchutils
+   - recode
+   - recode-doc 
+   - librecode0
+   - librecode-dev
+   - sharutils
+   - perl
+   - perl-modules-5.28
+   - perl-doc
+   - libperl-dev
+   - libterm-readline-gnu-perl
+   - libterm-readline-perl-perl
+   - libterm-readkey-perl
+   - libmail-imapclient-perl
+   - libtime-duration-perl
+   - libtimedate-perl
+   - libwww-perl
+   - libpcre3
+   - libio-compress-perl
+   - libreadline5
+   - re2c
+   - util-linux
+   - parted
+   - lshw
+   - gdisk
+   - smartmontools
+   - tcpdump
+   - telnet
+   - unhide
+   - lsof
+   - hdparm
+   - groff
+   - iproute2
+   - bridge-utils
+   - vlan
+   - ethtool
+   - wipe
+   - iperf
+   - mtr
+   - iptraf
+   - wget
+   - logrotate
+   - rsyslog
+   - haveged
+   - rdate
+   - ntpdate
+   - wipe
+   - man
+   - groff
+   - iptables
+   - shellcheck
+   - ssl-cert
+   - ssl-cert-check
+   - git
+   - ftp
+   - htop
+   - net-tools
+   - lsb-release
+   - attr
+   - acl
+   - quota
+   - quotatool
+   - needrestart
+
+apt_install_compiler_pkgs: false
+apt_compiler_pkgs:
+  - g++
+  - g++-multilib
+  - gcc
+  - gcc-multilib
+  - cpp
+  - make
+  - automake
+  - autoconf
+  - libtool
+  - flex
+  - bison
+  - gettext
+  - pkg-config
+  - gnu-standards
+  - libssl-dev
+  - libreadline-dev
+  - libncurses-dev
+  - libsystemd-dev
+  - libnss3-dev
+  - python-dev
+
+apt_install_webserver_pkgs: false
+apt_webserver_pkgs:
+  - libdb-dev
+  - zlib1g
+  - zlib1g-dev
+  - libssl-dev
+  - libneon27-dev
+  - libxml2
+  - libxml2-dev
+  - curl
+  - libcurl4-openssl-dev
+  - libqdbm-dev
+  - libgdbm-dev
+  - libpspell-dev
+  - libjpeg-dev
+  - libpng-dev
+  - libxpm-dev
+  - libfreetype6-dev
+  - libwmf-dev
+  - libtiff-dev
+  - libpaper-dev
+  - libmagic-dev
+  - libgraphics-magick-perl
+  - libgraphicsmagick++1-dev
+  - libgraphicsmagick-q16-3
+  - libgraphicsmagick1-dev
+  - libgraphviz-dev
+  - libcroco3-dev
+  - libgsf-1-dev
+  - libilmbase-dev
+  - libvpx-dev
+  - vpx-tools
+  - libgpm-dev
+  - libkpathsea-dev
+  - libopenexr-dev
+  - librsvg2-dev
+  - libdjvulibre-dev
+  - libatm-dev
+  - libexpat-dev
+  - imagemagick
+  - graphicsmagick
+  - exif
+  - libexiv2-dev
+  - re2c
+  - netpbm
+  - libnetpbm10-dev
+  - libmcrypt-dev
+  - mcrypt
+  - default-libmysqlclient-dev
+  - libpq-dev
+  - postgresql-client
+  - libreadline-dev
+  - libncurses-dev
+  - libdb5.3
+  - libdb5.3++
+  - libdb5.3++-dev
+  - libdb5.3-dev
+  - libxslt1-dev
+  - libpcre3-dev
+  - libc-client2007e-dev
+  - libc-client-dev
+  - libicu-dev
+  - libtidy-dev
+  - libmm-dev
+  - libgmp-dev
+  - libkrb5-dev
+  - libldap-dev
+  - libmhash-dev
+  - libgd-dev
+  - liblua5.3-dev
+  - libapr1-dev
+  - libaprutil1-dev
+  - libsctp-dev
+  - libcrypto++-dev
+  - ffmpeg
+  - libmagickwand-dev
+  - libgeoip-dev
+  - tk-dev
+  - tcl-dev
+  - tclreadline
+  - expect
+  - expect-dev
+  - libexpect-perl
+
+apt_install_postgresql_pkgs: false
+apt_postgresql_pkgs:
+  - postgresql
+
+apt_install_bind9_packages: false
+apt_bind9_pkgs:
+  - bind9
+
+apt_install_lxc_host_pkgs: false
+apt_lxc_host_pkgs:
+  - bridge-utils
+  - lxc
+  - btrfs-tools
+  - lua5.3
+
+apt_install: {}
+apt_install_state: latest
+
+apt_remove: 
+  - rpcbind
+
+apt_remove_purge: false
+
+microcode_package: intel-microcode
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+insert_ssh_keypair_backup_server: false
+
+ssh_keypair_backup_server: {}
+
+insert_root_ssh_keypair: false
+
+root_ssh_keypair: {}
+
+default_user: {}
+
+extra_user: {}
+
+sudo_users: {}
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+insert_webadmin_ssh_keypair: false
+
+webadmin_ssh_keypair: {}
+
+webadmin_user: {}
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+acl_caching_nameserver: {}
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user: {}

group_vars/all/vars.yml.sample

@@ -0,0 +1,68 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

group_vars/apache2_webserver.yml

@@ -0,0 +1,63 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by apt.yml
+# ---
+
+apt_install_compiler_pkgs: true
+
+apt_install_webserver_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars

group_vars/backup_server.yml

@@ -0,0 +1,72 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: prohibit-password
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+insert_ssh_keypair_backup_server: true
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

group_vars/caching_nameserver.yml

@@ -0,0 +1,70 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+apt_install_bind9_packages: true
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

group_vars/lxc_host.yml

@@ -0,0 +1,72 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+set_default_limit_nofile: true
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_lxc_host_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

group_vars/mail_server.yml

@@ -0,0 +1,63 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_compiler_pkgs: true
+
+apt_install_postgresql_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars

group_vars/mysql_server.yml

@@ -0,0 +1,61 @@
+---
+  
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_compiler_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars

group_vars/oopen_server.yml

@@ -0,0 +1,124 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+ssh_keypair_backup_server:
+  - name: backup
+    backup_user: back
+    priv_key_src: root/.ssh/id_rsa.backup.oopen.de
+    priv_key_dest: /root/.ssh/id_rsa
+    pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
+    pub_key_dest: /root/.ssh/id_rsa.pub
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: backup
+    login: root
+    priv_key_src: root/.ssh/id_ed25519.oopen-server
+    priv_key_dest: /root/.ssh/id_ed25519
+    pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
+    pub_key_dest: /root/.ssh/id_ed25519.pub
+    target: backup.oopen.de
+
+
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: sysadm
+
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+
+sudo_users:
+  - chris
+  - sysadm
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

group_vars/postgresql_server.yml

@@ -0,0 +1,70 @@
+---
+  
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_postgresql_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

group_vars/warenform_office

@@ -0,0 +1,135 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+ssh_keypair_backup_server:
+  - name: backup
+    backup_user: back
+    priv_key_src: root/.ssh/id_rsa.devel-root
+    priv_key_dest: /root/.ssh/id_rsa
+    pub_key_src: root/.ssh/id_rsa.devel-root.pub
+    pub_key_dest: /root/.ssh/id_rsa.pub
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: backup
+    priv_key_src: root/.ssh/id_ed25519.warenform-office
+    priv_key_dest: /root/.ssh/id_ed25519
+    pub_key_src: root/.ssh/id_ed25519.warenform-office.pub
+    pub_key_dest: /root/.ssh/id_ed25519.pub
+    target: devel-root.wf.netz
+
+
+default_user:
+
+  - name: chris
+    user_id: 1000
+    group_id: 1000
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: axel
+    user_id: 1001
+    group_id: 1001
+    password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost'
+
+  - name: sysadm
+    user_id: 1050
+    group_id: 1050
+    password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+
+sudo_users:
+  - chris
+  - axel
+  - sysadm
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

group_vars/warenform_server.yml

@@ -0,0 +1,136 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+ssh_keypair_backup_server:
+  - name: backup
+    backup_user: back
+    priv_key_src: root/.ssh/id_rsa.backup.warenform.de
+    priv_key_dest: /root/.ssh/id_rsa
+    pub_key_src: root/.ssh/id_rsa.backup.warenform.de.pub
+    pub_key_dest: /root/.ssh/id_rsa.pub
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: backup
+    login: root
+    priv_key_src: root/.ssh/id_ed25519.warenform-server
+    priv_key_dest: /root/.ssh/id_ed25519
+    pub_key_src: root/.ssh/id_ed25519.warenform-server.pub
+    pub_key_dest: /root/.ssh/id_ed25519.pub
+    target: backup.warenform.de
+
+
+default_user:
+
+  - name: chris
+    user_id: 1000
+    group_id: 1000
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: axel
+    user_id: 1001
+    group_id: 1001
+    password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost'
+
+  - name: sysadm
+    user_id: 1050
+    group_id: 1050
+    password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+
+sudo_users:
+  - chris
+  - axel
+  - sysadm
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

group_vars/webadmin.yml

@@ -0,0 +1,98 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+insert_webadmin_ssh_keypair: true
+
+webadmin_ssh_keypair:
+  - name: backup
+    login: webadmin
+    priv_key_src: webadmin/.ssh/id_ed25519-webadmin.warenform
+    priv_key_dest: '~webadmin/.ssh/id_ed25519'
+    pub_key_src: webadmin/.ssh/id_ed25519-webadmin.warenform.pub
+    pub_key_dest: '~webadmin/.ssh/id_ed25519.pub'
+    target: devel-repos.wf.netz
+
+webadmin_user:
+  - name: webadmin
+    user_id: 1040
+    group_id: 1040
+    password: $6$2aGWK1gW$NyFFrSWgAbYhJTpOGkSgyVKellmFTzHLE5z.fWy6kbZbqppiLc9MwRjY7X0KX.q3iV5TAQJIemVm3dq873J/g0
+    home: /var/www
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNeWlp4fwExBSttvzD1LvSI49+b4YfIncB1lpFcCzLU4yJoAmPFCgoquhiL7TAjUnXa2/7BWLEJhsNQgdtOhCm431idLcJomwtK1FYpRkY/qfBYsYs8lLtpZwasHGrikEswDt5LiKutNnMnRlUBRNiJLRv90dR0hSNuGnIMaQUDfTkiq/RtkbOPJLNMcSsNr7MPN3GqzxhN2WBpcQ9dLUZKRJbHfrDt8g1aaLMrZVu/mO/kRplaShzmHtkJSQTXCsuA/hZy9mO38NNQdSl0+IY2OPDXxZtdHLbi+KKymIHHtKV7rxGmP3CF/stV1ux0H2ZLuv7c5dy75EZ386iT2c0OfUVXHX5+IBFrDP5RR9usyfyvTcqNhlGi39MiAaxlkn1GI1M/PXnrExEO4hqTQRbu4lnDbWxgeC7RIoUp62Y4UVjEOrTk57Reg5MeUx2Lp20Kd0OMYv4nJB2eEZ6uCfrh1s1QediVZ0SSE1Z1vJc2hoaGRUUX1q8bww2HzZaF+rBJo+euOZiSkYWgXNBnag74BBM9RPHOSRMdajNrgop2ceBkC/G3Z71Z39QIisF1y0KExmfsPMO4k126o55DnbfsAzCDNiBqv8unBZcFCq+4EP6SWXzWhtS3/71/W3XK9/JJ9n7JS1SCl5USyJMxAV7VUIjEkmU+8nkxQB1/tzKXw== xayax@xAyAx-imac.local'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDdgc2H6HkxbELP12ZomFcccmGnaCPgmyocLqXx2bbvHRw7iaXPlSyiYIrT2jF4h19J5qi2qIrIZj8Y+Akky5ZfaYOvjLuxNA0wGEcZqjyGIRYRAifc2V/66GBYMkxSZch26vLlZIJT98g5RFMyWGtFHwYANnhPkn0lhfZz3X476H1WpfZvmcqu5h1AWh3aNeesdtf7XGQQkI7aA+HfHNHkvX2mJ75mC0uMH/6fcloBkvonRiV1hZy+11GnuX6m2Qpw6Q1rnCMrbelRQa9C26YJYQgZY8Gag0PCW8cxIr9dhCV00+CybY/XIx80FJmUvl0AKfPZAFnsYuKxQHi2Deera0c+AbrutaVoeaRGcTrm5ij8qOXGakfwZXy7gTANrWcwlf4Aplhuskit7hWeuM45ll4e4vbHajHLuXMt8FUhcmj+SV1gBClQ4ozwt2HocWIwljhgWenJHHzdflPm3pc6JhFgzSB1adIuHJ16lf2TSfWLH+89SZszQF9i3TF4o0g/X3/bQpRsYyXQi/dvpr3K/807OafSuPt8a5VPgqfVGQIMbruyO1EuKrOiCXADnjXDbzI3V4nusRdAjWklgOespyTIcrO6UGVGS2U3KJH6P8erNebhkwMbAfYqN3LVPGa40tluHrxvpO4bA7W6xhL8yFlbjq3qmFKcAeeD0Tg2Q== felix@Wilmas-iMac.local'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb6ngLE9Vh0H6IqiHF2yeQX11kCeVE4QaK8Ca0Ogqtz8drC4/3Ugl9ZDtJR+UH+GpP/bOQZDTGF6f+p8dNlfpeoHZ92Yg62yMeD9qx9iQT8NeloLvpHk3B3NV10Lrff/zoeTGP7U8zKvLQsYnCwSPEodKEsxbf5mFcJN13/m+PW3tW0veRtYGvBwhimxidpSr+DLcRTZrZGs2Jf8BVqqAL0BIdH7exuLeKpACQzDAk10+DfLTNEXPgZ5jNBu3MBXqjyNRTTU+wEGAyUmHxv+ZJfjeBIM2Hgkl+lp2Bi5qQlsUduYtbXXrPQZzbgzIk+Rr0yY7/mfYSEXR41Uqv1QLScs2+Dpf713Lyr7H97bf64m1mzLd5vrps94JlqHSmcRzqENsW7HpdRmnpD7R+2lJe2faVX1HIT/mh/PjMItefbOhgV5FtcHcUiINVqi/4bmK68fPTXD+OBLuOHRkp1rYME6Z9pxXa6H6Ji8rIGOAHf2XyGqbvR80pG8n/jMk8AmaZLlvzCk1YAocphZDFAV/jm5zwFiUCzrND6mz4xCWJ8lJb2ZPoQpuGUppg/agoASFPeimbJp5zRuUp9tLL1xra0b9NjAA42M6ju1CkDvvNnRGEk/E9AD/G6v4AxHP5dzzmIlLSS6sNIDADPkdIfRhwe1Y7aF3TrYNq/P97Z1whtQ== schroeder@Christians-MacBook-Pro.local'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClvkHVwgXYasrZQQnnCkPgvodwH0yG3QTNRAciJ8+Zh5L0G6OFFwh3EvQwtCNv0byK/1FwUA3LkIBcW69RSQ4sMRde3z1VK99imhBRRAwne9IelODwYK+0XZ07f/fid+yF80O3odWa6xRlgrIzbV9I8K73FcNQG2su9qEDHKjLJBp1NEnTrqAz30YVoDT3vQCgscoqe/yIPP7d3IrwrMIaAtjJn5I+SzOBhLMhB62x+FBbcOXIbTFkKx2zy71Fl87KtfpkrWHp5saif1XwLN/bzdViz79RMtnyRGFRMsZyyvIMkOg9A3z9dhAHEllHyU4PBkvgFv7WguOKYjz1lI4PxIyyyQ+xlbJdhyrYobLXehi7paS57DCUg25py0jf6F8bnXB8jY2UBP7RWPPqCEKdciWxs+a6BmIjbHFT0JoscO/lBMsqng6qB4HegJFQEvuUvPDz/YaPd+eq1Yo72El6OPxi+fq9Y6ttrqP3/8x/t6j9YBqkZG/reXnOU5a15aNcexqVBZ0owifc3luJfmzJEmYp+96NmkSQykcZO0EdLOg8LLwh+gEPTS54BgGg4izIoB58kGnSbmxQOosC7FiCxLW0gyf3zknDOSF/DSW405glgw06rdgR5Dk4lirACTlov3h6geh75eRW/tCwCutrd76vQi+RUUJUyh4vZbmtxw== axel@localhost'
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

host_vars/anita.wf.netz.yml

@@ -0,0 +1,110 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+extra_user: 
+
+  - name: kaya
+    user_id: 1002
+    group_id: 1002
+    password: $6$t9gheUvd$hFTJ5mp0bdu4Hc5zGmS6HuSAfFOc4QRROLX4wnCauLjwTxUtvhgeLDlL5YkjGfiWOCEe84krH4op0DdKjTJWG/
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNeWlp4fwExBSttvzD1LvSI49+b4YfIncB1lpFcCzLU4yJoAmPFCgoquhiL7TAjUnXa2/7BWLEJhsNQgdtOhCm431idLcJomwtK1FYpRkY/qfBYsYs8lLtpZwasHGrikEswDt5LiKutNnMnRlUBRNiJLRv90dR0hSNuGnIMaQUDfTkiq/RtkbOPJLNMcSsNr7MPN3GqzxhN2WBpcQ9dLUZKRJbHfrDt8g1aaLMrZVu/mO/kRplaShzmHtkJSQTXCsuA/hZy9mO38NNQdSl0+IY2OPDXxZtdHLbi+KKymIHHtKV7rxGmP3CF/stV1ux0H2ZLuv7c5dy75EZ386iT2c0OfUVXHX5+IBFrDP5RR9usyfyvTcqNhlGi39MiAaxlkn1GI1M/PXnrExEO4hqTQRbu4lnDbWxgeC7RIoUp62Y4UVjEOrTk57Reg5MeUx2Lp20Kd0OMYv4nJB2eEZ6uCfrh1s1QediVZ0SSE1Z1vJc2hoaGRUUX1q8bww2HzZaF+rBJo+euOZiSkYWgXNBnag74BBM9RPHOSRMdajNrgop2ceBkC/G3Z71Z39QIisF1y0KExmfsPMO4k126o55DnbfsAzCDNiBqv8unBZcFCq+4EP6SWXzWhtS3/71/W3XK9/JJ9n7JS1SCl5USyJMxAV7VUIjEkmU+8nkxQB1/tzKXw== xayax@xAyAx-imac.local'
+
+  - name: lalix
+    user_id: 1003
+    group_id: 1003
+    password: $6$RKaAbxOz$LxvjoVclfkgo99VwmXi9cIhVmUdTNT.T0/pZAH9GNtFEQn5NoOak/DHTHHG9kn58soDRuhEAup1x4T2jG.Js0/
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDdgc2H6HkxbELP12ZomFcccmGnaCPgmyocLqXx2bbvHRw7iaXPlSyiYIrT2jF4h19J5qi2qIrIZj8Y+Akky5ZfaYOvjLuxNA0wGEcZqjyGIRYRAifc2V/66GBYMkxSZch26vLlZIJT98g5RFMyWGtFHwYANnhPkn0lhfZz3X476H1WpfZvmcqu5h1AWh3aNeesdtf7XGQQkI7aA+HfHNHkvX2mJ75mC0uMH/6fcloBkvonRiV1hZy+11GnuX6m2Qpw6Q1rnCMrbelRQa9C26YJYQgZY8Gag0PCW8cxIr9dhCV00+CybY/XIx80FJmUvl0AKfPZAFnsYuKxQHi2Deera0c+AbrutaVoeaRGcTrm5ij8qOXGakfwZXy7gTANrWcwlf4Aplhuskit7hWeuM45ll4e4vbHajHLuXMt8FUhcmj+SV1gBClQ4ozwt2HocWIwljhgWenJHHzdflPm3pc6JhFgzSB1adIuHJ16lf2TSfWLH+89SZszQF9i3TF4o0g/X3/bQpRsYyXQi/dvpr3K/807OafSuPt8a5VPgqfVGQIMbruyO1EuKrOiCXADnjXDbzI3V4nusRdAjWklgOespyTIcrO6UGVGS2U3KJH6P8erNebhkwMbAfYqN3LVPGa40tluHrxvpO4bA7W6xhL8yFlbjq3qmFKcAeeD0Tg2Q== felix@Wilmas-iMac.local'
+
+  - name: mariette
+    user_id: 1004
+    group_id: 1004
+    password: $6$QiYW4uMG$9bOGhsON8SnOSIC4.UTXhVpCpebcJNInI3t1JPhR7979D3CpoKroK7dXPAxGfDigrkxBwcqju..PuvCUqtshw1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+
+  - name: christian
+    user_id: 1005
+    group_id: 1005
+    password: $6$2paWmEea$G51JZDzjjDNE75aBl/xuM1dyH.FWYHwNCRHeKWkHhxjUmRRC/v.hhNh5jOk5EbVWDeVh7r5dz1tO2HTZUMftb1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb6ngLE9Vh0H6IqiHF2yeQX11kCeVE4QaK8Ca0Ogqtz8drC4/3Ugl9ZDtJR+UH+GpP/bOQZDTGF6f+p8dNlfpeoHZ92Yg62yMeD9qx9iQT8NeloLvpHk3B3NV10Lrff/zoeTGP7U8zKvLQsYnCwSPEodKEsxbf5mFcJN13/m+PW3tW0veRtYGvBwhimxidpSr+DLcRTZrZGs2Jf8BVqqAL0BIdH7exuLeKpACQzDAk10+DfLTNEXPgZ5jNBu3MBXqjyNRTTU+wEGAyUmHxv+ZJfjeBIM2Hgkl+lp2Bi5qQlsUduYtbXXrPQZzbgzIk+Rr0yY7/mfYSEXR41Uqv1QLScs2+Dpf713Lyr7H97bf64m1mzLd5vrps94JlqHSmcRzqENsW7HpdRmnpD7R+2lJe2faVX1HIT/mh/PjMItefbOhgV5FtcHcUiINVqi/4bmK68fPTXD+OBLuOHRkp1rYME6Z9pxXa6H6Ji8rIGOAHf2XyGqbvR80pG8n/jMk8AmaZLlvzCk1YAocphZDFAV/jm5zwFiUCzrND6mz4xCWJ8lJb2ZPoQpuGUppg/agoASFPeimbJp5zRuUp9tLL1xra0b9NjAA42M6ju1CkDvvNnRGEk/E9AD/G6v4AxHP5dzzmIlLSS6sNIDADPkdIfRhwe1Y7aF3TrYNq/P97Z1whtQ== schroeder@Christians-MacBook-Pro.local'
+
+  - name: annette
+    user_id: 1006
+    group_id: 1006
+    password: $6$r7PHitZp$v4Av3Q/U1wJ/Bvndr10TU89nMYrsBwb4xOgqu.JTbnVGoubkOlwU6RCUNGGXqfwRo0UqprhXMvP0l5HoHL3271
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/nscache.oopen.de.yml

@@ -0,0 +1,94 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+# Note:
+#   - if acl_caching_nameserver is set, caching nameserver will listen on
+#     all interfaces.
+#
+#   - DON'T FORGET ';' sign at the end of ip-addresses
+#
+acl_caching_nameserver:
+  - so36net:
+    name: so36net
+    entries:
+      - /* so36.NET */
+      - 192.68.11.64/27;
+      - 2001:678:a40:3000::/64;
+      - /* Backup wipe.so36.net / backup.so36.net */
+      - 194.150.169.139;
+      - 194.150.169.138;
+  - sinma:
+    name: sinma
+    entries:
+      - 83.223.64.0/19;
+  - ckubu:
+    name: ckubu
+    entries:
+      - 2003:ec:df1b:7dfd:dfa8:efd5:14f3:5275;
+      - 84.140.145.23;
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/o25.oopen.de.yml

@@ -0,0 +1,94 @@
+---
+
+# ---
+# vars used by roles/network_interfaces
+# ---
+
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: True
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: False
+
+network_interface_path: /etc/network/interfaces.d
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown2
+
+
+network_interfaces:
+
+  - device: br0
+    # use only once per device (for the first device entry)
+    headline: br0 - bridge over device enp8s0
+
+    # auto & allow are only used for the first device entry
+    allow: [] # array of allow-[stanzas] eg. allow-hotplug
+    auto: true
+
+    family: inet
+    mode: static
+    description: Bridge Interface IPv4 for LXC
+    address: '144.76.24.11'
+    netmask: '255.255.255.224'
+    network: '144.76.24.0'
+    broadcast: '144.76.24.31'
+    gateway: '144.76.24.1'
+
+    # optional dns settings nameservers: []
+    # nameservers:
+    #  - "194.150.168.168"  # dns.as250.net
+    #  - "91.239.100.100"   # anycast.censurfridns.dk
+
+    # optional additional subnets/ips subnets: []
+    # subnets: 
+    #   - '192.168.123.0/24'
+    #   - '192.168.124.11/32'
+
+    # optional bridge parameters bridge: {}
+    # bridge:
+    #   ports:
+    #   stp:
+    #   fd:
+    #   maxwait:
+    #   waitport:
+    bridge:
+      ports: enp8s0 # for mor devices support a blan separated list
+      stp: !!str off
+      fd: 5
+      hello: 2
+
+    #  optional bonding parameters bond: {}
+    #  bond:
+    #    mode:
+    #    miimon:
+    #    master:
+    #    slaves:
+    #    lacp-rate:
+    bond: {}
+
+    # optional vlan settings | vlan: {}
+    # vlan: {}
+    #   raw-device: 'eth0'
+    vlan: {}
+
+    # inline hook scripts
+    pre-up: [] # pre-up script lines
+    up: [] # up script lines
+    post-up: [] # post-up script lines (alias for up)
+    pre-down: [] # pre-down script lines (alias for down)
+    down: [] # down script lines
+    post-down: [] # post-down script lines
+
+
+
+  - device: br0
+    family: inet6
+    mode: static
+    description: Bridge Interface IPv6 for LXC
+    address: '2a01:4f8:191:b::2'
+    netmask: 64
+    gateway: 'fe80::1'

host_vars/site36.net

@@ -0,0 +1,164 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+ssh_keypair_backup_server:
+  - name: backup
+    backup_user: back
+    priv_key_src: root/.ssh/id_rsa.backup.so36.net
+    priv_key_dest: /root/.ssh/id_rsa
+    pub_key_src: root/.ssh/id_rsa.backup.so36.net.pub
+    pub_key_dest: /root/.ssh/id_rsa.pub
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: backup
+    login: root
+    priv_key_src: root/.ssh/id_ed25519.oopen-server
+    priv_key_dest: /root/.ssh/id_ed25519
+    pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
+    pub_key_dest: /root/.ssh/id_ed25519.pub
+    target: backup.so36.net
+
+
+default_user:
+
+  - name: ckubu
+    password: $6$eLO.YJBg$YryN2tvRhI9HK3vffWcid7KH2uyh0e67KhbPp9FxW/bdUAepk/9GB5re7n/DXWhpthf3ifPCznPHU24X2YQVV/
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: defa
+    password: $6$LMelojO.$TY0vb.xSBparEY5O7p86YT.E4RXKVH0bDfwGsszuFS6EAl3oh.s6V.jIZYg56P1RTDiVUh4A0BOwk87Q/utaS1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAmPpPUHYmhTlN97lPAIdDjmkvM4xbCrWHiAjJJ7RdM8lW6hLbBaiMgbUwULOB86FB49V2YSoaVX09UkxJOCf15TYbq79P7W2x2UtFzYxVEVgpr/HVhJjytEDzmFYbsNN3VDK/2JEFqYqtLpTXOqf/TFihmqbvfbkUQOK/NMbE8udxj/RHnwRDMaJJ0IP7L6Z/v5s654H75nv7/IRm8Ov5DmcJyz9BcEL7fpow2HYexUzUozWN9zMXabrQ5AtEeJ0FYuBFIkYPLaUQ+WJ5bLCmoeE81+SIl+fw0UG5Zeb6SMo+NFFaMBIvwyEsNVyz9Gf2SUq/9weTr0JxVdCGKmEZLj9imcr2WtQxcXRhjTzAyq4m8F/2uA9GkisFUM2VybfZxNtkTZdIEHYE1X/36PYNI7P8Cp98cM7EKNLaPniDuQRh7IBixVt9oxxwxVFjZrG21ySanvg6GnpHHAkhM2nlwA0zcDMYd2h5rJt9JB8s8UQplTJzmo+lAbGBc47pZr4J0BKywjTsfQtQed1kClm/oEjO19mvRIC5DBznBtWJ4jWeTsjs91tEARE7LforRCy2VkA2rNxPsWz6Iks/towoySuWz8oUmA0FdfE5ULUavuv4uFZQXurIX0AvyWp3dg8dG2srnoZqqagr3VdZT7jV5nlNICeaEFbb5iShaxDBoBk= defa@walther'
+
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLT3rq/wQpGV0Rn57qnD6PswMYmamUS8gqv2DqlwOrNxfrfO8X/H139KQNHE4blMPaGQ+9OzugkZzzp9SC/Tud7bdt9HI50WOe4xYqd8uiGywWznsTTvcHQeT5UqGiwzRwy5ozdzlTJIcbJt7NhwUwtVUGCFuW20jjWpyHBNMJPHkL6by+4APGF6jWO+crSvAqodvi544Uw9BCSzInSkxUbrgt97ta6QYgcdHrOGUv7Pe9qITFUPeuMmFDkq1wYIcXyfa6lUXvj+QxHVsnMee50HJhlHlUAc2PmyvZX5xl0H7hM9AwWbSSfstRn4nL7pmkcfSGv5Y2RQly8AT5UAgT defa@split'
+
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDakC8eT7Uv2TS0lPDoBpuowHbCCP/4xM9DnRljVrI9l9Kdta5avRovpa8qHxnapY8+CWqx28+TcqmRw/y342Vf2BErXuoDeR5JtpZhiOZs27Km+FwG3Xwp4jcx2yYSksMuHzq7d2yL8pW9bL0/l6StJL/4DXaFg0Ym2ZSv/0CZG4HLSc4AC2UhMqwqgf7YFissm0Qc2iJru6S1RBTNL1hIVxe1KQz85VwU+VUtimacHQQDZ2VgSMHXSTRM2+naJMhLd4TrU0SGyQWYCcqch6lksNiFqVnDSa8P55rOG2eolY3cHraRI+x5s/wXLLoSWzt4aEm3GZPEkogAmX5CaECE4bV1gNk+4kVlW2ZEPeFGF1yUJgd+cqTzPT2JqusVfjLhDMsjmHpfBz/E3TuPBy18hYeRAa3zUPWRDlntPzHrcRb0E3EgLlojcA8w0g+3KBDL5psa7t16MtrEC/pQJ/VM1C/ZBRfsFGDRzyY+AnIkEif6BwHtyOhXaETKmlt+tC8oueWMtdbM85mFFEyWYLPccp0NlRdgtPh5AylotSdaRhfmZqKHtqcrieuwKLBGpZB/WQ0l7HRn4lVg1TzePUaSYCSPiCcflts9VMJJBhp/KbqWJoEwWQiRNkkhKUOC48crzI3s9QNNyqy/aLTPFjn0OsHa0SW9MQOaSTFsKwryfQ== defa@work'
+
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxdRSyPmX5CyzgxyV4nrF2Q7Zu0lQikgNQSTt2o8jrakSlngCNT1u9vFnbT2tynBuCEd9fE05AKqwg7m9+X3FeBzq/PF0CiS1GdanyJkNoW3RIWSeO0Amt+yxCNTmr3hSPCR5hwyWT+gAYjLYyOfbMUi66NVFiXRuSvuZ1+z5iGgdRIGlxVI74V/6tO7CLwMEEUxs8tXu6y96u8bvQowTEBixfEhzOlS/NbkZElsBcJ0+eZJ/GzN4RuFxYjd2pmz5UL4gHFcXVMSs/Wq13XWtdlzawM5K9wfFZJ83UYGxHfW0OjvqSZ8IlZSVQeEEy9UKsMwrN16qznI5Od4XmbIMd'
+
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAD95P6omJldgvTdsdibJDAqq0gVAyiKL6zdZEUIxDu1r+pFZHmAB554C+9I2XN9DFm3c/V2Aix7ni2DRT6IWV8GgLAFxCgf2uaL7fghRNwfYMLTLuJXRzcEpO8Ph9Nz45YO/7n1GN2MNm8swxlMrl2ewkrvD6TTc3t4em8n3NxO5iqbKM/U8GUmyiRYGeC2KRy8HA3PNGeGvv0uGIS3KurIMdPRVFyKUt0xkMwvHeP1AIC8DIAPvD6CJf9tB8OmFxnibvrXXZCfzbgi59aJ6TRpM8qzq6gG3EtqR4x6X9gZ0h4lpsOxiUOetzemej0CY3K19tZsTjGR879h0+s8/b root@rambox.spreebytes.net'
+
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCog1AKXq/JlrFFAIE43jkGhHBZXayU8kc/xxQau7UPnOJNtt/NTt0zrdb0HA4Y4OYyZY/PZ424ufFio6yTeGnQEKRbYLh/Ot8KxemywODuimtHxTFo6wWjdNIbwTwr/erDy7THiUptYKJdyMnbUNkhB41Ea0mCsoJvw6f49P1uO0+4nLmmKLxo6qfKyreDKcydh2dIOcetc7x3zV+1WsCSWwQdtPfW2O9MJki/33sQzXyra+FrtCafXN+Zzwo6oqgymx1m3ErkNCWpOzUq4MDTORFKUq7girlVmWjL7KYBfFVWn9FZy0SYXulQLxd0nO0xhQslyQE+2KI5uECRKRoyw53v0h5P2lX2XWIQb3cypRJNlychgaqQJH4mp2XLOgQb3t84KcOKMw7jgU0NUby26MQ84m+P0bQZu4NWuBd8arjR7dPNjTEF+mWSy7YrlIUoF6jdqqZ/+N+fX+3S5abzOPfLCJSLXrd9xvA1q38tU3xdoTaRuKRmdXCmjadN/xh6nq4tZ4YoILDevGJaaMj2Mw9xA2YE8r1xI5MmhZ/lds4l4qii+0eA3A45pic674hiTUhgATuMKAtFrNTeIU7vEcmF17bL5J0s98CkR2dS9czrqeEEQZKy5kcr0gdMGd+dOy1pd3x+P8Xtwg/WgW6yVcmGWvj9XIejL3CcUHJeDQ== defa@devnull'
+
+  - name: init
+    password: $6$NcRlPYtm$1YiBoiJUcEwB1ovXYLpQ.OM/ehceh46/G2K4jz0I/PK7tJzD/HDoKhaKVYEIe.uWld6zC63GrgEhq.UMJzFuS1
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcOAGa9XHPVGx7k5YWptABoMs2f1+OeqRr6UFXveCWtjdDuk+YUAWl1W8TlDaFmw0+kLGk4Sg5TEcDzlVL+9L1Du044mwieeGQx5WRnz2vtg9XP/AP19jmpn1gTUPt5HGvFWVCeCDkMnc2aEz+fbW1MGN3ZxRNXhoNZfSS/jC7B0RANu1o3nPDQ3fGxFee02bAWi76To+0dJJppH02qSmlkOSUExOI+9i5WSog5KuCim25isLTIwv/GJNWAASL2/OUMuH82mX1EIS6qRdvcRufWH8qxTAkSeNrLUjiJOtCcE9dchS566KDs8p0U02PBN/92VB9aS/ErQ23l7llVr4jr776qBlUQn4vMxv1MG9ETM+/tUErYNDYazx+FV4NT90sxvepc+8I/q0AZjD2HNp6P25LgPNIhegNznnF/Twy9wW4Jn50FB4GMf8tHCeD9clXOMA1gSGGQiyeyly+wzZ5eLduwWAtzzYJ7MpOfncPYq2kKqs/29p77/0fvdbH2zzJQDbR2A0kHK1z3K6A7I8c+dBdcf2Kb5pvmglHjjSS06rD3oJtl3EvTfBe7AFhCou+zaaIf9fjMyM5upOu/ik23gRcDD32pX6Y0ltixfIWm6PV+Rgl88q6mOeLMwnItKtXID/O2908JE4dyLao2JeauzhXBJjMY2yzbcPLSlz2xw== so_init_03'
+
+  - name: alex
+    password: $6$.3m20/Um$nTsNhF5jwIF.FMW4gTqRt0o3S8B81q6UuRnMYQ9om77DwOTsPgm5RgCkX90PbPShPe3BYVBQvJp7e53qPedie.
+    shell: /usr/bin/zsh
+    ssh_keys:
+
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMyXy0+TVREnROtJOzuFFrFW18UXaRyWWLm4Z1vCOXU home'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKb9VsHdwzIW8MpEtOKzWPJW+toe1UL1odj4k0mtYPac work'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJywUxxa2hNC8DNGmiyyLDaY0BP8muqqR1upMS8vBx6O laptop'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPKDhjGkGJNO9pmc3CDp0fi4TXmkXP1hm6wzAdqiMphE netbook'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk3tyHir3go59oZnp98WhauGJNwf6KTRYcBvfFMs8fY mobile'
+
+
+  - name: alis
+    password: $6$w9SVHwkQ$PrVrCuugHTObqdBMJNdHV4xkgUf.FPwD4a1HA6mFbPwZPApdcnTSTNWwFJgGu5p5/5lL0Tw4TFDPVaN2Y6O44/
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEXvi4aBvd8777iALbpxMvzXdX+LnFYEOzHPuBEMjFt7+LArqqpfqU4rSCtfMD3QExAYbstIj0K/eyQ3S+Oe+Ry4Fr3hkZOtkpZF+MW1yvO2m1QuEzj+/2C9SU+yhGLo4cyIZN59wJOodWmLNy4u/vIQw305AHVwBdyE0zdq/5WRngk5nJmyjZHw7/rX5DPRgxOWk1zjruXt6mWoImRPk0Cy4jpouIl6DQ9gawryryX9+9E6aSI6Ona7ngUxKGcwe3ec3CM66c83J7xfC17EiZccjrJ+u9UPIlsXNs/ka3W/625wHTHCIaj2uOL2JZOj/TboZETPti5LO1fA5iLww+Iu1eGVPncdxojSgAcv4fcDKIG+IrEf8RyP7z7kABQH0jB+4jrnpptkOulrxccAYBxKp9AA0fp0dRo1IdSZ8IEnXluJ5pg2N73SFi/1MyC67urWC/qqhK5C32WjezDoXUx/n9DE9gKsFID6vEHmIZsuD1ohsIbksLkLq0Guh8goLfFxATJEdj1CpL+FtpaCcMLFSYYgSZwVsoCeEXz8h4nlYy8w7+kcweJIEJstjLHziZ0oIwmmRxqGLIeLrfQRF7miFUJzgIVmj+wIHrhk11ZdceP9RNT/TpnYFQvICRFJp7tYS4+uYS4rdNgJ0o9VtyHEoFrCKtB7mHvl1/MFGoYw== alis@mail36.net'
+
+  - name: sysadm
+
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+
+sudo_users:
+  - chris
+  - sysadm
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

hosts

@@ -0,0 +1,882 @@
+# -----------------------------------------------------------------------------
+# Use the following group to mark the hosts that are newly created.
+# Remove all names after the first successful play.
+
+#[o18]
+#o18.oopen.de
+#site36.net ansible_user=ckubu
+
+[dns_sinma]
+dns1.warenform.de
+a.ns.oopen.de
+
+
+[initial_setup]
+
+# ---
+# - Warenform Server
+# ---
+
+# server16
+server16.warenform.de
+helden.warenform.de
+
+# server18
+server18.warenform.de
+piwik.warenform.de
+
+# server20
+server20.warenform.de
+cloud-giz.warenform.de
+
+# server22
+server22.warenform.de
+nd.warenform.de
+nd-archiv.warenform.de
+nd-live.warenform.de
+
+# server23
+server23.warenform.de
+vvn-shop.warenform.de
+vvn-www.warenform.de
+dns0.warenform.de
+
+# server24
+server24.warenform.de
+mx.warenform.de
+lists.mx.warenform.de
+
+# server25
+server25.warenform.de
+web1.warenform.de
+web0.warenform.de
+
+# server26
+server26.warenform.de
+backup.warenform.de
+git.warenform.de
+
+# VServer Sinma
+dns1.warenform.de
+
+# ---
+# - O.OPEN Server
+# ---
+
+# - o10.oopen.de
+o10.oopen.de
+cloud.oopen.de
+etherpad.oopen.de
+limesurvey.oopen.de
+
+o12.oopen.de
+c.mx.oopen.de
+initiativenserver.oopen.de
+
+o13.oopen.de
+o13-board.oopen.de
+o13-mail.oopen.de
+o13-mumble.oopen.de
+o13-pad.oopen.de
+o13-schleuder.oopen.de
+o13-test.oopen.de
+o13-web.oopen.de
+
+# - o14.oopen.de
+o14.oopen.de
+a.mx.oopen.de
+b.ns.oopen.de
+d.mx.oopen.de
+e.mx.oopen.de
+www2.oopen.de
+
+# - o15.oopen.de
+o15.oopen.de
+b.mx.oopen.de
+piwik.oopen.de
+www.oopen.de
+www3.oopen.de
+
+o17.oopen.de
+test.mx.oopen.de
+test.mariadb.oopen.de
+
+# o19.oopen.de
+o19.oopen.de
+backup.oopen.de
+munin.oopen.de
+nscache.oopen.de
+
+# - o20.oopen.de (srv-cityslang.cityslang.com)
+o20.oopen.de
+
+o21.oopen.de
+mail.cadus.org
+web.cadus.org
+
+# - o22.oopen.de
+o22.oopen.de
+oolm-db.oopen.de
+oolm-db-dev.oopen.de
+oolm-shop.oopen.de
+oolm-shop-dev.oopen.de
+oolm-web.oopen.de
+
+# - o23.oopen.de
+o23.oopen.de
+cl-01.oopen.de
+cp-01.oopen.de
+
+# - o24.oopen.de
+o24.oopen.de
+cl-irights.oopen.de
+
+# - o25.oopen.de
+o25.oopen.de
+cl-fm.oopen.de
+mail.faire-mobilitaet.de
+
+# - Vserver von Sinma
+a.ns.oopen.de
+
+
+# ---
+# - Warenform Office
+# ---
+
+devel-root.wf.netz
+anita.wf.netz
+devel-cloud.wf.netz
+devel-db.wf.netz
+devel-git.wf.netz
+devel-php.wf.netz
+devel-repos.wf.netz
+devel-php.wf.netz
+devel-todo.wf.netz
+devel-wiki.wf.netz
+
+
+[extra_hosts]
+
+
+[apache2_webserver]
+
+# ---
+# - O.OPEN Server
+# ---
+
+# o10.oopen.de
+cloud.oopen.de
+limesurvey.oopen.de
+
+# o12.oopen.de
+initiativenserver.oopen.de
+c.mx.oopen.de
+
+# o13.oopen.de
+o13-mail.oopen.de
+o13-mumble.oopen.de
+o13-web.oopen.de
+
+# o14.oopen.de
+a.mx.oopen.de
+d.mx.oopen.de
+www2.oopen.de
+
+# o15.oopen.de
+www.oopen.de
+www3.oopen.de
+piwik.oopen.de
+
+# o17.oopen.de
+test.mariadb.oopen.de
+test.mx.oopen.de
+
+# o19.oopen.de
+munin.oopen.de
+
+# o20.oopen.de (srv-cityslang.cityslang.com)
+o20.oopen.de
+
+# o21.oopen.de
+web.cadus.org
+mail.cadus.org
+
+# o22.oopen.de
+oolm-shop-dev.oopen.de
+oolm-shop.oopen.de
+oolm-web.oopen.de
+
+# o23.oopen.de
+cl-01.oopen.de
+
+# o24.oopen.de
+cl-irights.oopen.de
+
+# o25.oopen.de
+cl-fm.oopen.de
+mail.faire-mobilitaet.de
+
+
+# ---
+# Warenform server
+# ---
+
+# server16
+helden.warenform.de
+
+# server18
+piwik.warenform.de
+
+# server20
+cloud-giz.warenform.de
+
+# server22
+nd.warenform.de
+nd-archiv.warenform.de
+nd-live.warenform.de
+
+# server23
+vvn-shop.warenform.de
+vvn-www.warenform.de
+
+# - server24
+mx.warenform.de
+lists.mx.warenform.de
+
+# server25
+web1.warenform.de
+web0.warenform.de
+
+# ---
+# - Warenform Office
+# ---
+
+devel-php.wf.netz
+devel-todo.wf.netz
+devel-repos.wf.netz
+devel-wiki.wf.netz
+
+
+[webadmin]
+
+# server22
+nd.warenform.de
+nd-archiv.warenform.de
+nd-live.warenform.de
+
+# server23
+vvn-shop.warenform.de
+vvn-www.warenform.de
+
+# server25
+web1.warenform.de
+web0.warenform.de
+
+devel-php.wf.netz
+devel-todo.wf.netz
+
+
+[nginx_webserver]
+
+# o10.oopen.de
+etherpad.oopen.de
+
+# o13.oopen.de
+o13-board.oopen.de
+o13-pad.oopen.de
+
+# o23.oopen.de
+cp-01.oopen.de
+
+
+[mail_server]
+
+# ---
+# O.OPEN
+# ---
+
+# o12.oopen.de
+c.mx.oopen.de
+
+# o13.oopen.de
+o13-mail.oopen.de
+o13-schleuder.oopen.de
+
+# o14.oopen.de
+a.mx.oopen.de
+d.mx.oopen.de
+e.mx.oopen.de
+
+# o15.oopen.de
+b.mx.oopen.de
+www.oopen.de
+
+# o17.oopen.de
+test.mx.oopen.de
+
+# o21.oopen.de
+mail.cadus.org
+
+# o25.oopen.de
+mail.faire-mobilitaet.de
+
+# ---
+# Warenform server
+# ---
+
+# server24.warenform.de
+mx.warenform.de
+lists.mx.warenform.de
+
+
+[sympa_list_server]
+
+# o14.oopen.de
+d.mx.oopen.de
+
+# server24.warenform.de
+lists.mx.warenform.de
+
+
+[postgresql_server]
+
+# ---
+# O.OPEN
+# ---
+
+# o13.oopen.de
+o13-board.oopen.de
+o13-mail.oopen.de
+
+# o14.oopen.de
+a.mx.oopen.de
+
+# o15.oopen.de
+www3.oopen.de
+www.oopen.de
+
+# o25.oopen.de
+mail.faire-mobilitaet.de
+
+# ---
+# Warenform server
+# ---
+
+# server23.warenform.de
+vvn-shop.warenform.de
+
+# server24.warenform.de
+mx.warenform.de
+
+
+[mysql_server]
+
+# ---
+# O.OPEN
+# ---
+
+# o10.oopen.de
+cloud.oopen.de
+etherpad.oopen.de
+limesurvey.oopen.de
+
+# o12.oopen.de
+c.mx.oopen.de
+initiativenserver.oopen.de
+
+# o13.oopen.de
+o13-board.oopen.de
+o13-mail.oopen.de
+o13-web.oopen.de
+
+# o14.oopen.de
+a.mx.oopen.de
+d.mx.oopen.de
+e.mx.oopen.de
+www2.oopen.de
+
+# o15.oopen.de
+piwik.oopen.de
+www.oopen.de
+www3.oopen.de
+
+# o17.oopen.de
+test.mx.oopen.de
+test.mariadb.oopen.de
+
+# o20.oopen.de (srv-cityslang.cityslang.com)
+o20.oopen.de
+
+# o21.oopen.de
+web.cadus.org
+mail.cadus.org
+
+# o22.oopen.de
+oolm-db-dev.oopen.de
+oolm-db.oopen.de
+oolm-web.oopen.de
+
+# o23.oopen.de
+cl-01.oopen.de
+
+# o24.oopen.de
+cl-irights.oopen.de
+
+# o25.oopen.de
+cl-fm.oopen.de
+cl-fm.oopen.de
+
+# ---
+# Warenform
+# ---
+
+# server16.warenform.de
+helden.warenform.de
+
+# server18.warenform.de
+piwik.warenform.de
+
+# server20.warenform.de
+cloud-giz.warenform.de
+
+# server22.warenform.de
+nd.warenform.de
+nd-archiv.warenform.de
+nd-live.warenform.de
+
+# server23.warenform.de
+vvn-shop.warenform.de
+vvn-www.warenform.de
+
+# server24.warenform.de
+mx.warenform.de
+lists.mx.warenform.de
+
+# server25.warenform.de
+web1.warenform.de
+web0.warenform.de
+
+# ---
+# - Warenform Office
+# ---
+
+devel-db.wf.netz
+devel-wiki.wf.netz
+
+
+[nextcloud_server]
+
+# ---
+# O.OPEN
+# ---
+
+# o10.oopen.de
+cloud.oopen.de
+
+# o23.oopen.de
+cl-01.oopen.de
+
+# o24.oopen.de
+cl-irights.oopen.de
+
+# o25.oopen.de
+cl-fm.oopen.de
+
+# ---
+# Warenform
+# ---
+
+# server20.warenform.de
+cloud-giz.warenform.de
+
+
+[dns_server]
+
+# ---
+# O.OPEN 
+# ---
+a.ns.oopen.de
+b.ns.oopen.de
+
+# ---
+# Warenform
+# ---
+dns0.warenform.de
+dns1.warenform.de
+
+
+[caching_nameserver]
+
+# ---
+# O.OPEN 
+# ---
+
+# o12.oopen.de
+c.mx.oopen.de
+
+# o13.oopen.de
+o13-mail.oopen.de
+
+# o14.oopen.de
+a.mx.oopen.de
+d.mx.oopen.de
+e.mx.oopen.de
+
+# o15.oopen.de
+b.mx.oopen.de
+
+# o17.oopen.de
+test.mx.oopen.de
+
+# o19.oopen.de
+nscache.oopen.de
+
+# o21.oopen.de
+mail.cadus.org
+
+# o25.oopen.de
+mail.faire-mobilitaet.de
+
+# ---
+# Warenform
+# ---
+
+# server24.warenform.de
+mx.warenform.de
+lists.mx.warenform.de
+
+
+[backup_server]
+
+# ---
+# - O.OPEN Server
+# ---
+
+backup.oopen.de
+devel-root.wf.netz
+
+# ---
+# Warenform
+# ---
+
+backup.warenform.de
+
+
+[samba_server]
+
+# ---
+# Warenform
+# ---
+anita.wf.netz
+
+
+[lxc_host]
+
+# ---
+# O.OPEN
+# ---
+
+o10.oopen.de
+o12.oopen.de
+o13.oopen.de
+o14.oopen.de
+o15.oopen.de
+o17.oopen.de
+o19.oopen.de
+#o20.oopen.de
+o21.oopen.de
+o22.oopen.de
+o23.oopen.de
+o24.oopen.de
+o25.oopen.de
+
+# ---
+# Warenform
+# ---
+
+server16.warenform.de
+server18.warenform.de
+server20.warenform.de
+server22.warenform.de
+server23.warenform.de
+server24.warenform.de
+server25.warenform.de
+server26.warenform.de
+
+# ---
+# Warenform Office
+# ---
+
+devel-root.wf.netz
+
+
+[lxc_guest]
+
+# ---
+# O.OPEN
+# ---
+
+# - o10.oopen.de
+cloud.oopen.de
+etherpad.oopen.de
+limesurvey.oopen.de
+
+# - o12.oopen.de
+c.mx.oopen.de
+initiativenserver.oopen.de
+
+# - o13.oopen.de
+o13-board.oopen.de
+o13-mail.oopen.de
+o13-mumble.oopen.de
+o13-pad.oopen.de
+o13-schleuder.oopen.de
+o13-test.oopen.de
+o13-web.oopen.de
+
+# - o14.oopen.de
+a.mx.oopen.de
+b.ns.oopen.de
+d.mx.oopen.de
+e.mx.oopen.de
+www2.oopen.de
+
+# - o15.oopen.de
+b.mx.oopen.de
+piwik.oopen.de
+www.oopen.de
+www3.oopen.de
+
+# - o17.oopen.de
+test.mx.oopen.de
+test.mariadb.oopen.de
+
+# - o19.oopen.de
+backup.oopen.de
+nscache.oopen.de
+munin.oopen.de
+nc-gw.oopen.de
+
+# - o21.oopen.de
+mail.cadus.org
+web.cadus.org
+
+# - o22.oopen.de
+oolm-db.oopen.de
+oolm-db-dev.oopen.de
+oolm-shop.oopen.de
+oolm-shop-dev.oopen.de
+oolm-web.oopen.de
+
+# - o23.oopen.de
+cl-01.oopen.de
+cp-01.oopen.de
+
+# - o24.oopen.de
+cl-irights.oopen.de
+
+# - o25.oopen.de
+cl-fm.oopen.de
+mail.faire-mobilitaet.de
+
+# - Vserver von Sinma
+a.ns.oopen.de
+
+# ---
+# Warenform Server
+# ---
+
+# server16
+helden.warenform.de
+
+# server18
+piwik.warenform.de
+
+# server20
+cloud-giz.warenform.de
+
+# server22
+nd.warenform.de
+nd-archiv.warenform.de
+nd-live.warenform.de
+
+# - server23
+dns0.warenform.de
+vvn-shop.warenform.de
+vvn-www.warenform.de
+
+# - server24
+mx.warenform.de
+lists.mx.warenform.de
+
+# - server25
+web0.warenform.de
+web1.warenform.de
+
+# - server26
+server26.warenform.de
+backup.warenform.de
+git.warenform.de
+
+# - Vserver von Sinma
+dns1.warenform.de
+
+# ---
+# Warenform Office
+# ---
+
+# devel-root
+anita.wf.netz
+devel-cloud.wf.netz
+devel-db.wf.netz
+devel-git.wf.netz
+devel-php.wf.netz
+devel-repos.wf.netz
+devel-todo.wf.netz
+devel-wiki.wf.netz
+
+
+# All oopen server (except office networks)
+[oopen_server]
+
+# - o10.oopen.de
+o10.oopen.de
+cloud.oopen.de
+etherpad.oopen.de
+limesurvey.oopen.de
+
+# - o12.oopen.de
+o12.oopen.de
+c.mx.oopen.de
+initiativenserver.oopen.de
+
+# - o13.oopen.de
+o13.oopen.de
+o13-board.oopen.de
+o13-mail.oopen.de
+o13-mumble.oopen.de
+o13-pad.oopen.de
+o13-schleuder.oopen.de
+o13-test.oopen.de
+o13-web.oopen.de
+
+# - o14.oopen.de
+o14.oopen.de
+a.mx.oopen.de
+b.ns.oopen.de
+d.mx.oopen.de
+e.mx.oopen.de
+www2.oopen.de
+
+# - o15.oopen.de
+o15.oopen.de
+b.mx.oopen.de
+piwik.oopen.de
+www.oopen.de
+www3.oopen.de
+
+# - o17.oopen.de
+o17.oopen.de
+test.mx.oopen.de
+test.mariadb.oopen.de
+
+# - o19.oopen.de
+o19.oopen.de
+backup.oopen.de
+nscache.oopen.de
+munin.oopen.de
+nc-gw.oopen.de
+
+# - o20.oopen.de (srv-cityslang.cityslang.com)
+o20.oopen.de
+
+# - o21.oopen.de
+o21.oopen.de
+mail.cadus.org
+web.cadus.org
+
+# - o22.oopen.de
+o22.oopen.de
+oolm-db.oopen.de
+oolm-db-dev.oopen.de
+oolm-shop.oopen.de
+oolm-shop-dev.oopen.de
+oolm-web.oopen.de
+
+# - o23.oopen.de
+o23.oopen.de
+cl-01.oopen.de
+cp-01.oopen.de
+
+# - o24.oopen.de
+o24.oopen.de
+cl-irights.oopen.de
+
+# - o25.oopen.de
+o25.oopen.de
+cl-fm.oopen.de
+mail.faire-mobilitaet.de
+
+# - Vserver von Sinma
+a.ns.oopen.de
+
+
+[warenform_server]
+
+# server16
+server16.warenform.de
+helden.warenform.de
+
+# server18
+server18.warenform.de
+piwik.warenform.de
+
+# server20
+server20.warenform.de
+cloud-giz.warenform.de
+
+# server22
+server22.warenform.de
+nd.warenform.de
+nd-archiv.warenform.de
+nd-live.warenform.de
+
+# - server23
+server23.warenform.de
+dns0.warenform.de
+vvn-shop.warenform.de
+vvn-www.warenform.de
+
+# - server24
+server24.warenform.de
+mx.warenform.de
+lists.mx.warenform.de
+
+
+# - server25
+server25.warenform.de
+web0.warenform.de
+web1.warenform.de
+
+# - server26
+server26.warenform.de
+backup.warenform.de
+git.warenform.de
+
+# - Vserver von Sinma
+dns1.warenform.de
+
+
+[warenform_office]
+
+# devel-root
+anita.wf.netz
+devel-root.wf.netz
+devel-db.wf.netz
+devel-cloud.wf.netz
+devel-git.wf.netz
+devel-php.wf.netz
+devel-repos.wf.netz
+devel-todo.wf.netz
+devel-wiki.wf.netz

initial-setup-sudo.yml

@@ -0,0 +1,13 @@
+---
+
+
+- hosts: initial_setup
+
+  roles:
+     - ansible_dependencies
+     - ansible_user
+
+- hosts: initial_setup
+
+  roles:
+    - common

initial-setup.yml

@@ -0,0 +1,26 @@
+---
+
+- hosts: initial_setup
+  remote_user: root
+  become: false
+  gather_facts: false
+
+  vars_prompt:
+
+    - name: ansible_ssh_pass
+      prompt: "Give root's password here"
+
+  roles:
+     - ansible_dependencies
+     - ansible_user
+
+- hosts: extra_hosts
+  #  remote_user: root
+
+  #  vars_prompt:
+  #
+  # - name: ansible_sudo_pass
+  #   prompt: "Give ansible's sudo password here"
+
+  roles:
+    - common

network-setup.yml

@@ -0,0 +1,6 @@
+---
+
+- hosts: extra_hosts
+
+  roles:
+     - network_interfaces

open_the_vault.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+echoerr() { echo "$@" 1>&2; }
+
+PWFILE="$HOME/.private/ansible-oopen-vault-passphrase"
+
+if test ! -f "$PWFILE"
+then
+  echoerr "File doesn't exist!"
+  exit 1
+fi
+
+perm=$(/bin/ls -l "$PWFILE" | awk '{print $1}')
+owner=$(/bin/ls -l "$PWFILE" | awk '{print $3}')
+group=$(/bin/ls -l "$PWFILE" | awk '{print $4}')
+#not everyone is using debian based foo. get primary group of user and test file group permission against it
+pgroup=$(id -gn)
+
+if [[ "$perm" != "-rw-------" ]] && [[ "$perm" != "-r--------" ]]
+then
+  echoerr "Wrong permissions!"
+  exit 1
+fi
+
+if test "$USER" != "$owner"
+then
+  echoerr "Wrong owner!"
+  exit 1
+fi
+
+if test "$pgroup" != "$group"
+then
+  echoerr "Wrong group!"
+  exit 1
+fi
+
+cat "$PWFILE"
+exit 0

roles/ansible_dependencies/tasks/main.yml

@@ -0,0 +1,63 @@
+---
+
+- name: re-synchronize the package index files from their sources
+  raw: apt-get update
+  
+- name: Ensure aptitude is present
+  raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
+
+- name: dpkg --configure -a
+  command: >
+    dpkg --configure -a
+  args:
+    warn: false
+  changed_when: _dpkg_configure.stdout_lines | length
+  register: _dpkg_configure
+  when: apt_dpkg_configure|bool
+  tags:
+    - ansible-dependencies
+
+- name: apt upgrade
+  apt:
+    upgrade: "{{ apt_upgrade_type }}"
+    update_cache: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_upgrade|bool
+  tags:
+    - ansible-dependencies
+
+- name: apt install ansible dependencies
+  apt:
+    name: "{{ apt_ansible_dependencies }}"
+    state: "{{ apt_install_state }}"
+  tags:
+    - ansible-dependencies
+
+
+#- name: Ensure python2 is present (This is necessary for ansible to work properly)
+#  raw: test -e /usr/bin/python2 || (apt -y update && apt install -y python)
+#
+#
+#- name: Ensure python-apt is present (This is necessary for ansible to work properly)
+#  raw: test -e  /usr/bin/python2 && (apt -y update && apt install -y python-apt)
+#
+#
+#- name: Ensure python3 is present (This is necessary for ansible to work properly)
+#  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
+#
+#
+#- name: Ensure python-apt is present (This is necessary for ansible to work properly)
+#  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
+#
+#
+#- name: Ensure sudo is present (This is necessary for ansible to work properly)
+#  raw: test -e /usr/bin/sudo || (apt -y update && apt install -y sudo)
+#
+#
+#- name: Ensure  lsb-releaseis present (This is necessary for ansible to work properly)
+#  raw: test -e /usr/bin/lsb_release || (apt -y update && apt install -y lsb-release)
+#
+#
+#- name: Ensure vim is present (This is necessary for ansible to work properly)
+#  raw: test -e /usr/bin/vim || (apt -y update && apt install -y vim)
+#

roles/ansible_user/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+
+- name: Ensure remote users for ansible exists
+  user:
+    name: '{{ item.name }}'
+    state: present
+    uid: '{{ item.user_id | default(omit) }}'
+    #group: '{{ item.name | default(omit) }}'
+    shell: '{{ item.shell|d("/bin/bash") }}'
+    password: "{{ item.password }}"
+    update_password: on_create
+  with_items: '{{ ansible_remote_user }}'
+  tags:
+    - ansible-remote-user
+
+- name: Ensure ansible user is part of sudo group
+  user:
+    name: "{{ item.name }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ ansible_remote_user }}"
+  tags:
+    - sudo-users
+
+- name: Ensure authorized_key files are present
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ item.1 }}"
+    state: present
+  with_subelements:
+    - '{{ ansible_remote_user }}'
+    - ssh_keys
+  tags:
+    - authorized_key
+

roles/common/files/root/.ssh/id_ed25519.oopen-server

@@ -0,0 +1,25 @@
+$ANSIBLE_VAULT;1.1;AES256
+63643737376337323337623439396262306134613362643439653232343866633263363236623635
+6538653437613666343435323030663235636537666438320a326462646262613962316335363764
+32343265373238373432313039393464343934613039303937326634333361303362306462646437
+3032333239616631350a383935333138336464373261333734313137363730356363373163346637
+34336164323630343364373065613234383163393634653531363363663761653834663336396234
+64303336393762633065373638653963383063353666373461633662383538633733653339326262
+64316339663566313039656238373133353733356537323935646531636363616666623764336165
+66613565613739386231623262663532393463646565373333333061326234346162353637666631
+65623766643765376537656466623738356437666634316565623038623839303761393562633534
+64643839626163323962356264313563613834353633633030636466393931366661313233633830
+63336431353566333161643831333662373163636164346335643937353730363832363036376434
+30636230303333663965336166663162653330636436336438663861343064643238316662393665
+61656438373631303836656332636165616663393462613035343430653362313938336534323734
+37353665373330343034653064333536643133366661353033633662323562386366306136636230
+34663562373731316266383430353262376333366366316561633165636233353332626438373238
+63633161363639613263636461326162613663353365396464636434353533653939393136316263
+34396238346134396565326230363634346662653739333666356666373864656265636531633162
+63333737333438333234343433646165333161316636356662313663353939393739626566383864
+39346535323866393061613065623031616333363132623433373634373466356531626630643931
+62626635613666623539386335656630653666383839613730323839303737346161656438333239
+30343463393438643065326466306636393561643164613332643239613261613432326362616233
+38363366616265363134616265656636663636366366316261316135666661623939633637616239
+65386331376665336335383739386538613539306239303363303537373332303465376465323133
+32346362636235323161

roles/common/files/root/.ssh/id_ed25519.oopen-server.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server

roles/common/files/root/.ssh/id_ed25519.warenform-office

@@ -0,0 +1,25 @@
+$ANSIBLE_VAULT;1.1;AES256
+32313732326132663062643663366337663462386532333331393338393233646262383338366330
+3561356332626435336438616130323363626561396634330a313730343639373566623030633030
+62386565313639613837353338653432336465633364333532666338633362643536303165636630
+6139626539356634660a613839373666613161343265366564383362316361363633363764353135
+63323064393065633263323735643864643236386532643565653631366564393337343261326337
+62353938336463653934313333333963666233313231326466383864343564393837306164633730
+33316236393530613631316264633935383734373938316466623339366464393836663139653034
+36643466343231663663383337626238623330326266396261393439393833653130363738333134
+66313664333634666538613335333733313834663764306235643939373034653362363462306138
+63396436623936623339336632303562333764353231346432643834363234373437363437343530
+61366337313330616132303437303232326339336137396337336636393931306463626434346533
+63323930323432616334656335643662333062313835323138333538383437623234316238346430
+63626430653365623037383262383164616531353938373166343465656237656136313562623961
+62393035663766356466353462653532303863333466353730386331393465313662666337323166
+37316265323635623662313632383434306138343534316431383632646361626264643266616265
+66323939386365323234626661326638323338616266383437343936643530633361653062646261
+34346631656130613136633138323430373263353537386134656334326233633733643061653933
+38313334336361326431336238343832646431396663386330633933343263376331633561396261
+36623033316439373433623732346662616464633364613239373264396232653431623132386466
+34336362363761613036346333633066633533306134386564383238396363393734326566323662
+63326364663336333233306532353665323262383037336561663565393033626439623861313462
+30353364396231333932366438303563326536353532653063383832623262383933656161616163
+32663765643862393362653432636665643630353862653665353663396237343761653630626432
+63646537636338323366

roles/common/files/root/.ssh/id_ed25519.warenform-office.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyBC92KgCv9Iwjk42UacEfApt/7D5ylEvCOYTxNVLLu root@default-warenform-office

roles/common/files/root/.ssh/id_ed25519.warenform-server

@@ -0,0 +1,25 @@
+$ANSIBLE_VAULT;1.1;AES256
+31326563643538343063303835386261363066373739336131333663313431383439653638333032
+3834303864343835356139393036616334663362613366330a613864333737303739626537343565
+39333938363030663564396637633536633931623736396332653133303066373432376638396431
+6439633265316562390a626663306463643164303031616534373665366433393933346165383732
+34346539323964376134663832303265393762383638316639636235353337393135613437643335
+36656230393663383765356237616130356663323036336231633662363465313734663366363639
+62313232353737653338343933316337313263336161386565336562336336363439613137366432
+64663761346131363535653435316535353138363061383932386262393939313435356166613366
+63636135366338363638653066333639643236363931333231623639326265346363366661306238
+35316135303130633530303133623531363462396435653063646435623961306231643565633265
+32393965363261336230323632376233623831303930653534666335656665386163376435613138
+34643434623563643564633264653162646630306236653632393538303765386238336465623735
+66333061366533306533313033353934353865623866633932333462326439356236396664386634
+38386333636237623239313732376662313165653737663437376462383134633362386237653762
+36626339653062636162666639326631393530623161636639383337663661656431386461373731
+33343933383436666432663536313465393835633538613030323239343236623762376433343239
+64346563333432333765633137636461653332316131376235613065356534613532653563663831
+65346166363963373230313137343231636639303962646462383464306539663764373165653738
+33356666366561373733373664393666313931343632306537363632313838356262653263346637
+38346133373865366137306534643161633232393066393736306464643634633836313161333137
+66363830323530353037333334656462356564373133633861376633326361373739363038313566
+39336630373964613332616339313066363464386564333161396466363065666635393865393836
+61336334313037653534663232633261373239663465386538616565376636633363656335306138
+66613564373637646430

roles/common/files/root/.ssh/id_ed25519.warenform-server.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server

roles/common/files/root/.ssh/id_rsa.backup.oopen.de

@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+64303262313639313931393565303137333836316431623232363531356332353132393663373834
+6262363338643932346536653130346465396537666637630a346633363738316164656433356636
+38393861643534386162316631356564666162636535333062626335386161663236343932333565
+3938623338363465300a376334633332303063363630323635396336663837303237666461633930
+31313764393336373061313963613863346333613732383662613435363930633534623936313163
+63633063626331616630336431383231383234643065626438383961383535366661616661373563
+66356165393432663364303866666561386434323836653134646131363535613136326339323933
+63666562393161666638663433633638643131356138613762353066613931393634316432343433
+64663035633638646236383635356561616662643330336336363765313539346631663535383730
+38383132656235393630643637353031306434666232306439653635353266343363323665613932
+32653237393430626633623439333466663265333438343662633835643938366137343538653936
+61326136336234353361383630663035633232653465666637313036323430386535383835393832
+32383234306563336137623562626539656536626237666264663461356137363464386238303263
+36396333313735336566303032613866613736623534306664373164353331363363633562383066
+61353339353131303565373462653536346234383936643761646662363362643037373765333030
+65356639363235316539623233393636616561653135623438613932636461313566366337363837
+33663030623039613237383738363863343462323330303634633636366465323135633636326366
+65346235373162366163353831306333613939666539636430303439383933323162633066383236
+36383563643238653032353131343631356232326437323464373164323336333739353231636334
+35366265353733323831333836653732313830613332396161396565613733626663663734646364
+32643436623638326364643766633434366264396230623863376532653063343463396235613561
+64363339613766363966366462613239353964653735613830643830383535633938343836626539
+66383738373661323566616232643066376632333964366536336465316361623434313461323735
+31326366323266366531303331393335383763373131333130643732373935643730636161656638
+30336566343361396662643430346262306632623932326434333334343566656564636330396465
+61323261366537313664353965626362636339383030626139643735326665393332336531663337
+38633765623562643362666564386563396638623565613536343737366666656561383765363939
+30643536336664386666656438653830656262386661656638623566356633613131336661316463
+35386137656664363430666436623339336437613830336434376534373134343461623065353931
+37306135663131393563343237333761353130396532613263366232363161643638306637643838
+36656236663166373766346432313762663966313033356664376163376131363635333535333632
+64656262613430623563613037646535613361343362366364346338636163643462353232356139
+34623034393930353039633437343163313865643636633566333931353731313466633761376161
+31386365633336363230616162383936323538346662653736336466653936303736666566643936
+61353766356363356535303166633966623134383937376335646338346363356135376465363837
+34356364613134373263323564383266356561373163303736386466373464353733303936653964
+65616232643631326233373930336530386234393564626132633637346537363561666166373163
+39626162666466363530396438393064323065306665613336383739353132636533336636643733
+65633032383933623334323431633539623533326333333833613631333865646664653765386130
+34373861353361336537303832363762396233653736363238336264336233303439643664633866
+33303963633666383563333831666530313631623365363833393837303764323331366532336262
+61383738323935393633636535363238343337363164333963306531636635663536336563383338
+32646163353265386264613662653866366639353437616262386461633431646633373463396631
+64323838383334326361626266316636396232653863313237333936383062333136663433373935
+64313764393463626231623462663366313663656264653339633461653463663630613633326539
+38373230363733636231346538373361313964613536363664373663663662306537613164363934
+63363532393165363435643161393362346466363235643338396535383865323138636138343962
+66386530356335373833306639383166356131306464326461663965333631613964336136623731
+63663539386461663738336133363134656634643931333762303535336634386331306332656230
+37326335326162613932303264636534353337303132663437393732663465313432646662323462
+61353433323130363662643633326565346235633034623661323133306432396238663830626564
+39386533343562656337643238373531366333616332346331306563626266643236316533303732
+61383437373839663430366163383034623737323234393839393364363133376535373333323963
+33393766366630613037613436376361643935643262363662363638333966336137363134346334
+32656362643835646464376437623462306238613437636332383330303433663065333433623865
+33343562333031616331373065366664663765316366336338633139313664663462313637646234
+34316566623166343834343232653432303931666436313830366439363438663330656538623430
+65316633336163653862653163613135633166646538653132303734333136303863643861366134
+31396633623935343734623836343662333464643563653437646236323230336630646431663061
+39396236643639356466666535356533386464643930633636343137343637366635653037356135
+37343662356466393534653939333263663063396137366264303961383461366433653438333065
+31303164666337353366376462343937663539643539383433393962633033663965663965303836
+32626662643562363131396466313733666631616432653361636163633733666131643261326265
+35366232636533383162376366393466636239343863396162633038316165363336383834383631
+63656163616531303034626132613532643164616461386334396266656565393462323863376531
+39653435393865633832613734336639623933363034653137376361393534373263623138643566
+61653261383164346134383934653561323337656134366538316364303066383663386231616332
+31646132313935613866326233383338353031316366303562333233663631353933663166613530
+30376361303231373666316465646630376332396530353533323961633739303736386136353831
+36623234363338386239363862333337656432656231373166343564646230313866616664653932
+38653934313537323562346363373138656162333562393461346536333463313265316438383664
+36313737366463323662326237393239376533646330653365643265393839343061313764633738
+37663461313733316333636634346333313564383765663135333733313565353766386130626164
+32613030633864383138386665343565373837303166666361373936303535363866656235643036
+64366665373764303834643431393063643062633237313764363336363935336664653530303062
+34303963363261636135363738303064303466663732633932326539643930346238333935343833
+62323964363030383931343836616532376635623531336532373263646264393239373365313461
+63393033323630346264336264316364326334663961663335356434386334633035383662633634
+65643337663164343832323632363734376463323063383835343563323437653634346464613238
+32373236646361613132633334396630303236626238306663333261613764633762373663343636
+32653033393839633037346639396230616465326235323164343635363534346161656364303832
+33393634343665343962353066303333663761323834333836363335666236643164333062366561
+65643531616133623437303239353638333037313935363633646562666365386433656264343133
+63663461666439613234653864363539353935383134356637643330653738326631636466386137
+32366337376132633835393935663465396662363136346334323263373035393837346133613632
+35633266613766613362383761393032326265303930613238666638376534643638336662336538
+66343231356564396435636139303964363562366331366637663438323164633436623539646366
+34393538383431343963

roles/common/files/root/.ssh/id_rsa.backup.oopen.de.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxRcrdHX8UHik7l1gpm7Oc4t4+1AKrkcbGtFlzrlwHV4HmMf29nMxYWdOGUv47CFoAHCPSJAH2fnER22HUozsBlMkPrAgXTsMAfpMZB2gP+F7r4c7wiCuK1+uFy2dz2yBIG+1RK+ygJ5GickHPj7baWRQVbYwWeK15YJqL8oxrL6MpmNYr/cVZ7SDLRJp/44ZgnfxC83O00yJf8VEvoOvvj46JkhgnY9RETRfp7RaziIkJGs8EfNRZ6I0vRPC/shVTXf01GH5rdBcklZYZ2ptMvriyUZ2FfMMEOA86jWs73ZGuTcx8ZQGB3m9TCvz8kTBr9CKjz+fAkfKUpMbGOpO5w== root@backup.oopen.de

roles/common/files/root/.ssh/id_rsa.backup.so36.net

@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+37376262343361306238666238313238333762353662636136386263343763613964643338613235
+6139323162386539386138363966613932633863623339310a363636343437663439613665333730
+39656565396631333736343364313365623166663363313761393963306331386262636533653538
+3932643536326233300a356661306137393230613139633432333638373466303136663136323364
+65313134326562303134646539386565373130663738313333396635666364613839633163393061
+31396161343763653632623932633533383265396466343961323935623365643035393331663332
+31323432623832643635383830383133346235356439376362323066666239666635336434306461
+64623664636537623839363562366661316566353838663463633230613430343930613539326530
+37303039656464363062323438653339373930653361383333363962326362623235616538376361
+30333638303561353965653032626462623061313066303863633334313433363566366437643632
+30336162393734333332623238316162373865343637393966326666366534373663636464633539
+39336632376666663737343462386432346631373161623463366334353662376539623039393966
+39333133393164613263343238333931386434643566343537313566323066383934353862373962
+64653631316331666535353161663930636461376662616538613461633362666238656336666637
+37336661343163623065643734356266323430343935393465303839613230626261613835303566
+33376364363738623664613430366533333739346438633165663737356264393138626337383638
+63643732336162633537616261616664663461363137393332623130383135373630303763643932
+66343862626432653263643238623731383266623935343066363562346337393738353737623137
+63663436313835643561376239623935336434633933656239356535363439363638613034343838
+34383936393531323038333436643535653365386566386535636135386439653433646665393937
+33613839623038636465396532346133303930393433336136383562636134656430306337616135
+64666434303732333034656163383838313435616635316435383266613939623362313061323430
+39396565626638363637613230616238323638613533383966626136616462346632383837333862
+38633435393766623632353131663639626461313765303964343162633636373636306337303539
+33623065613362393362343766643939306165303832343238353966333234663633313737613864
+39373938323232336533646134383261303232656161386135646462333333373034646263343339
+65353037396431366361333162643162666538623530396166373637363135636164613937643832
+66373932383734393735616165616564373134373934366133616564663537343663326430313561
+35656135623332336531373063636163383836386636653362656339323062383563663134616133
+66306330633834393338373230393365656365386632663763326234633464613231343730336236
+37376631366334336562346462616639663864323039623135326562636334663864396562346430
+65383332363737633436346435616133393935323830363135653132373266323936666137633564
+64653265623733336633343361333562613130353938333765626663633036363631396664386464
+37663066326238306531316134343934353132386463636235323966666136643933626666616536
+61633261383862616231373465306664313938386438376465363033626339383564386461633634
+32323739363937376431333738343936373332316536343262643935616366643265666338666665
+65313136373065653031626565346438663061336631326164373631343331306331353564373532
+38343731386631373162393639333534323835376437616636656164643330316532396433396461
+39313834303262353761616364333663656432393465306238333031353462643263306335616633
+62663134316532393439303835343730626561666135656166373836376139353363303333373136
+38333838656538653731376164383064346330656462346363336663356437616639323832633635
+39336564363462353065626666303339643637623533613834316437663431346265653662643538
+38326137363366353838326638376434313861376263383764323839633661373465366237646637
+66313261336439653137626166663531353063343931376333306630346566336537333832346331
+31326663663436393363383439653366393839343565366530653561343331353338656234616162
+63316161353939663538353964623361353863313736663162643731656365373530633965323663
+35376632356236376434386133643266626663663864353432386434343934623063366262636238
+30336239333035613936346331353862333666396166363534366433616234663863316564373237
+32616537336639666566623631306631313033633633613663643335373836646630666534366263
+65386365376330323739373535623236643838363064383034343239663337633562333532373531
+30326439623536353666633036303736373161393133323430313965613834363862623931346430
+39343165633939633762396432393631656532376462373265656333363966653835613932303065
+32633236323266633266323765306466663233333535616232353064343535303863306662666265
+64393239333032363964393234623331393138636262393961653939356137336238343733643537
+64313961643635346136386132623933616639646234326537326531313739336330376538303933
+61346634636233343463633936343965303261323963336230343339653035633339333938353338
+35643166323065383965666266616361646663326137393134303338373037356339333832613839
+37636266356363626330643735366636386636333134333030323465616138623839333730346663
+34386665393338356462333933303238333065636634393364316431303136316232663239386166
+32616331346666313364326235393436313665306637633433316166326261663135623131363639
+32353930356162373136663339323663313164353164323536613032386464353730373731373332
+64616439326130323161326534653032663836643632643465643939346339336435313063666166
+35346265636430313463613863613563616234393933366135333632306330653831323934393638
+35653863333765616632303265386263383335346665323439316436623135353362333162663264
+31373132316665666664653039623332366434346362386163363532643537363938613432396334
+32666534376332326333373237663738383739343939333062393535643531396431333164393230
+62633239653130623332626466613565383434363432363364643165633135316632666638623631
+63646438373834353935633562666433373636326165646437623838663531333539336366653933
+62343531373031653930646164316638666430656236303032313339646136393834643462613366
+34333636313031376264376131383961373066383532373030626263363336646663613564666530
+33356261363965656336396464636133306335636463303462373937666162353663393636613962
+61333637326236306132336133663838623033343564663739393537343165316539316437666432
+37363234383662356231393439303962306537386461336463336265316433316130333563383163
+63333766396332613265383338396236336232636664616136363361653430613531663534306437
+36353530343335626439626538366531616635656265633634613664363166333030306464666265
+37303064633962383837323162303932373035323064396130616136353366303662356366326639
+34353530306264343438323730323361616335626438343033313430353061313964303464613638
+38383266633232623766643439356132656662616163623038313433323065326566396266666131
+35353061613963323531343866303265333338646430376664356536386538333937323861303636
+62366239366561393930616661663961613439393630396534383431393864343037373062656132
+35376266383564393038653466626632653037306662373733613065313662306137636335363662
+36653831626431376432643263646535303930356265303530316632326138323066373038636139
+63313033643230386438396530366533646436323337386134323431656535633234376332396339
+65353632386465393531636635353439616464386361316136366565323538373631303732626133
+36623933353261383132373734653039623661663762353834396639303838326533333264623135
+31643839653730306561653863393762346430653431653937326434623236656664323732346163
+36633739623830626330313738646364373066343438373239303538396438616637663038633035
+62383333313766313661

roles/common/files/root/.ssh/id_rsa.backup.so36.net.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTiMHFphDclvwqu4WXkF/kIfSxseH8hqvZjUydZGMbUbBRvrs9Lii4JLtf4NuePG/T1nNek+3Dg4WNO55TM2ufdt9W6aqimmcMVG+D0Z9yCPwHc5H7VWGyP9kDcK+ngwIZk1j/tPXLPcCmyaan4Fbhoqk3Mauo381VInJzA3FHov6b8G48401zVcdS9L84SjTtU/Smg/36XOCEQyX3zVEXtwFVlmijgQwJDXeheZCnIrLUi/cf18WawqHU5E+o6dWhpuP+1aFtmv7Bb7OWCQOKRyWDN8I5wq/Gpax1eUS4uNyCprv6XoyXL6CO/qK7SmI9bB+90diNDnzu2FfTS+Er root@backup.so36.net

roles/common/files/root/.ssh/id_rsa.backup.warenform.de

@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+65623731373563393261633131363166333330353065336662616332313633313265383539646537
+3063313165613561663863353536623137373664336234340a323033346339333239653534373834
+39353766623438643431393930393762356331336338353963313764656365643438393530323834
+6538343332653635630a643836666163326363666233623738663261633966646437366138383261
+35396339363735343139393934643738613638656661666366623438326364333932396233396131
+32353330336334396266323234353036656437313032333538656363333261363066643739666365
+33323638663638353231363432313432316666633439396430393764616365656162313936343036
+31353562366363363738393036336465346330613536313234316333336136336339626338303835
+65383838306538373639653866643632333666393537373132613463326666626265633539383638
+61363062653033356535666533353066343530323231613962323838613864386465386235356437
+64326239616664613961336434643534303864393434393665353966323238323962646263333334
+36313034643164656234353330383062613339396235343937383062656566363862313266363462
+65653437356464373230336530623664666661643539663662396232393761663439313166663430
+62323064336331366532353762333162373934376336636466653237616433633238313663363661
+66343765366164643433623632353833346436636634646461366436346633396464343032373737
+63626364366665656535323562623964623537353164313637306162316561663164346635643535
+39376161616166316539666666343035643964343431643264376563306262346634643336646665
+39323033633733373630336139353761626633643835633235376239626537373235643536343734
+33643366376430376339666137316231373632386464343736393736366331383336383635656431
+34646138333162386335363739643661326636373230376663633366383465316539313432343438
+37656564393965666630346161333632333738376636376438313864323663326334653037393332
+62653537393065393163326638303766623237373839353262343632353135613162666531343139
+33343266623337653434333665343832303930363561363665376165616538353139366436303135
+33346562393264333333643965306564653238666530363633643463343333616264393963323630
+34336231663737306665383339656538343062623166333932303537336537643537336137323161
+32366461343932623634626537353934316534373365646662383530373165353339363834613435
+33613265633265356262323365613131363265643830643636383537653666376539636130373131
+39616161306265653538383931646363303933656535306439663662663333306139636463383339
+66663166626366323430643137336533623763663339363336656563353861306539323631663064
+38623565633730383561653965623466376566366166386364343433643937303639383463376430
+65653034373135386362646465393039623531626530383133636266643232366238356262656261
+65643431623139353663333064633164306330633436326431663239656663623631653965396632
+35313435373562373062633663393330626436376337626563613863663362336562316635663938
+63626666353264323666306366356366666137313830393364326133323933333339333161613938
+30646533393334613862393566646433316433343562393063633162336438313837353963646163
+62616437663431633365323966383966306232376430383762316235316533666662343335356430
+37623038646462376432363830633531376330656665633134363861613963653461626435323539
+62623763303563613362666336343466656166303138643837353934376563656137376331353832
+35396130666663353937356164623438653434313030376562643664306666326435343130626162
+66626464386338653262636537633165316639323063393561393334393764343966303930383437
+64313435643637343535303161633263336230613934326330636537396136666264323634326465
+38363231326362656637396133393733333866323930333563303137653237663962336163613366
+30396166356635623364626133333936333563616230623738663731376638663536623964353933
+31326230353735636236333035623863663738643038306330376365643532646563373765633530
+64373239383863376665366364663161306637383333643465643161396630663364306361663932
+66383261313339616230333066623364303138323538303135633030383138613931393634333932
+66393261383234633465613262376466626632653336363431653961643532326230396138316436
+31313362633565653730626339636235653461636530393234653936376362336236633232623332
+38623965323261306362303061303964363862393236653532373737666334613833336331373064
+64613666613536616463623165316439646130376532313361643163323632386164303338323364
+30623063356337333963396264376563613532376363336330653730343162373433646666616263
+30623161373061623230356439643165383665383563326130376134643065653536396366613465
+34386161303430323232343163306166643765663932306131373936313139326636333638363763
+66663262373564316136366364633236343966373763623061306139346666623330623566313331
+31343835323764343032386534393163326139383734666137323332663765633963613066363132
+33663630646333656133666432643538626565376534623536323530323530646264653766623536
+34386334636231616339656564396437303733333965336439626335306230316237396234313366
+62306334613134396636366662663036396338666463323765383566373434316436363939663333
+64313665303965636435303562363566366539306638356462373638643933376237323433663866
+37306635376665306631663036623964663366663138663534656133643935373239303335346437
+61613038623633316566326664313761343035333563633233313031323564353030376437663461
+36386633613266656564666438613262633535636366333833393932346337663639393964323737
+35643234383065383933306263326562396534633733643737626633313237646161616333646332
+66363133636562363336303135393439613732353838383962636537626664666466643839363138
+64656137386531393230616163613738306437613966663231313734343931613866356265346434
+37396138366666653135643830616162343165373134306131373762623233653034376130343136
+36663665396230653833653638313933323361646438366135353938323938616332333862393561
+63643265623139646532323332653437633461636363633465373339653137336431333566623637
+37623532303634656161313434626139323763393830613663326266303066386430376463643464
+36353532343430656439316464306631626631663564383963366638653936306261303033353863
+37363835323064316266333830653066643437393032336335653938373062616265343034356266
+33613864356666656437613661326238326432313964646334323061306137353834623863653736
+61313965656138386662366231623363306164326364616161303432653139396230376436363636
+32636463313666346461646539383038656461363439353533383561393764306432643131356138
+31623931323438376365393138343035613465613462613230336433643731356563316132333534
+66323531333733383565646534653032376633313766373837613537643538636565653766653865
+30316365393432393632646263383131396565613565636363643437363461396465383531353330
+38656435313639383936663761646338336133613564636331343164653166376134363933396336
+31383833323938613963326363616235323230646438656531313866653266346566643232396563
+62623530366330623131336262316334383537323332323536356165316238643932643335623135
+31636262653734656663316461323761626635303538326133396435653936356363336331626161
+37353938663666656436626438646463303661356538343738326331346332663430653438613361
+38373830346134653932643363316163666339393234663064653238613038666138333230353437
+65313535666235313434663663646332626333643665616231326266393732363333373539393265
+63373033356334306261313966386263393138376635326161663731383138313766363862333138
+62663335323832313163636565343237386663323439633564386239383764383837653462646266
+37626430616363616131356463356235323834343932373761383362653635303437623261306236
+63393833323436633533

roles/common/files/root/.ssh/id_rsa.backup.warenform.de.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmQffh8lmO69ukeW0hC7wQ8EEqEsKPja5IvYr1fVqmR5gUJDRFQ015sxpIIuLgo4kCbe6pz7aV6rLUAxysMV06PbBRJPzq0SvaXek3Begygt11U0+HFQN7pVw+agxvbdE0YwxhOfJWl8f/wkti+p/G7+G7O0bMyFdzH2eeYXmzh3Nf4NoST8moQ2PVpDaJ73u/s7Z2oPng2LhVneGqyRdV40exiFOBS5pGJZ/10GZthkrhUAEGzPTusenN4+Vw2oriKP3+eyLzsB8qSPX5u7oR4Su9QY2VxTwkuXZDrxTBZwpIB/mXobMRZeRQxDGeSsU1mCf9cquanFLIx4a1ySUDw== root@backup.warenform.de

roles/common/files/root/.ssh/id_rsa.devel-root

@@ -0,0 +1,167 @@
+$ANSIBLE_VAULT;1.1;AES256
+30626637633734333432353462666463663664313837303662323731666633636663326335643364
+3263363965353864663236636537653433663638666633390a306436363936383835613830663734
+64306432386263326265343164306137343632616630663964343835646362383338326237356530
+3336656435343438640a326539656137323966373965653835616437653236636635343434313832
+62306533366133316233633932663038343138393061336665386130626431343039366331326137
+65346534353939326235383663356536396665656137376564666661623738323561323262313333
+31386336363937306530316439383062616434653932633135326339346461613037343136366462
+31653637366230343834373666353335303562336133373333616130353566373563646234613064
+35376563343836316438376636666166373363393637303030373065666333666337353730313561
+30653862333366666638616132653133316431396465663564663931623634343962653937636136
+36663038356366633333346333656537656365386465343931363932343439613130663435633461
+62366439646530373961396333343536393162616138316636346338356230313762393762353037
+63623162616265306135396363393634353239623232363433313266653765386366363330393636
+66623964666561303665303761353563366331626338653465393839383630633734363139326562
+30623162663661353763333735613464616634353533653135363065613532396131363563333233
+37656165653466313366303365396630376266316165373764613730326466653330313663643335
+63336133333732363032636234376134656663636265316232366234333965343632373264346639
+62353932306131396266623935373766383934623134363862303262646439326366303130393530
+62343838613433653133336339313933366135613730666534636130326663656161373761656463
+34623331623162623737346435303134383831343536333166366462363330653034376335353764
+35393636393538663935316438653330643339623937613262356563616630626535343535326262
+66383733303430376339633637613334666365346263316139643664303466626434383363393930
+39363262623038663165306164353739323230663733363331373765663939336437303564376330
+36613739393835336133373030313165656137383763636262633461636163346634313466323535
+37303139386638333066633633663536633636653134316366636164376130323439383561623566
+35373033396337373932393866376435623539613935333435373333346563613665656464643536
+61613132356239346437353439313166306437626332656463383263613730633530626335306533
+33356432376562366635386339313265393933643366376163343663336338356463653334643738
+37306537343439336234346532316432633865616635346538343439616230326632323161383932
+64653431323636373432313939326131356135326437663266303336386434653536383065386336
+30326465346137666563383038646366396261613261613361366232653239623334303765333834
+63323265363434316339326137363932366265633435623663366138343366313630366661396566
+34373837323835356565396565346438353663316237393634636531303164333138336431643161
+37373833313735363761386639386533316238666534656137396332613034343264343165633236
+31343139616330306634613235643839326333633034396638383236323937326239633037316635
+61373836336237643633383964653166363331643337663561376135643837333764663536313363
+64333730626566323962386462346666336262363931353634633835303837356233363136643166
+61306533356137343361303063333535363932393936343663303438396161363930656330373961
+35306536653135366236333738386230366139366363363439636535313738646364633837386135
+38306636343834306133353434393766306462303937663964623466343531303432663335303039
+63333838643864303533393361353161353138366465353231373362626534303132323835666438
+66366566323264616563346361306235343666386338663737393238343461353730383136353462
+64323436316635383132623463663964396565313265323036316462316331356330393036353861
+64333066326261646632663663373438643635323766626238333330636430333133623638303863
+32333364626336376635666464653133613261343662623332373631343961316334343638656361
+30636337313130666332313136366636323533636534653262306233326337643239613739303539
+62643266393562636330323363386262326662636137353331326532386462333965653737383135
+66393162326634623138346336343134376362356631613834373832343335333231613231366539
+30366634353231313265653763316230663266373938636330363330386163373034666431626431
+39383363363531396536646364643739306132646632323531653031656466313035613433663964
+62306165366431333366613761626365366637303338333663666666383566613531353036393439
+62666530643438663637366430323530326536653137333963393835386161313565366531373731
+39633133363438376661323534656566343066633835306265323438613035636661666362313336
+65633064376634643062386634663935613264653133623964613666326362623936323633366635
+31316130336139666531666331353435363139663631636562306431383038386538346337376363
+37303534353262373835393463393764396131386662303266623135396165323166643534613561
+32326130373863626464653764643764336162376534383533353335376433353330383763653836
+64323537323032316139363733323864623136343664383064666232663136626236653335396365
+30646439316433373065663437633231363465323662343237373631633336663931346531623565
+64643836323766646436373335646331643165633331343264333362326138323065383666353462
+64376439366665306638643261363162386436366563653961383532663032363535313331613530
+62646266633464303933623363346265353736316163326161303836366161323663333035353031
+39653535343730333264396534613262653437646532393835666135363937343339613461373937
+34353230656662346531343338663834346631643166346364363832383861653635666532383864
+63336532623463663535393263636162666331383935383539636535626562653536616134386436
+33343165613563336562616130306263396164326539656662646266633162353762363538383064
+37373435613461623436626565316235333534363662353963346165663864623261393036383938
+36326465306530303535643261663831343031663963646234623231356366346536396266623339
+33646364363535303139363332623733343361323766653737616534656334333937313061303165
+30623836663135316561363962626133313564623464646265376231613462613465396264633339
+34346362393637626261376365623934616165623134376437303331303932323536616235316164
+39613339623835363432633462663631363762316561656263376661373531396536643030383463
+65383165623665653130636566383965643938643866306230303739626462313337643635373939
+36366162616462323331633464653838373433353630386363333265346633666130633433366664
+31393839616133323637653865353333393264373931613162653232653566663530336538643162
+35343835643835656437666366656230353933353438373835613066666237663365323138656365
+38396231346334656430653231333130363831316265343662613630313934326464633862353762
+39633137656638643033653466376135643866623339346537343932336432616435393563636462
+36383931636230666466396534616239343064333565633639373431323364363431323962343666
+34663063383564643565336461653162643934343063646136633532343537643836386135633963
+39353837333834356431346337623063363430336366326433646338386637323736333331326164
+38636432653638616563326533626637613536326635363738336631633130646361353564653133
+34656130313936393937333635323930313563303436343234343238623833663964663865386232
+34363862336132643566336434623465393737656231353065656266636662613430356234316632
+36303862653864363365613661383935353464663935653763613934376537623763303230353530
+31623866646333646264656538393132663033626634366361366465653439323561386364363635
+37623531623165373336646438343537653339326536623534643734663662336263353833613931
+36656561653836393963666639316534313036356532656533393464363432323866313734643135
+65373261623265376637383732316139343734303135643664343338633833626231316539396565
+32663530306430633734303633303039343737383633633231366561333833343962333735363130
+39656266636663316334303832343664633235626136396130306134663265396363623864643330
+36626464373164323134313233343065656666616565396337343766643764646238323765356263
+33663862356332393730323938623634346664666439656631353734376665383966333432366361
+63653561373539396464306335623462323263643961303837393539356231323232343838636566
+33666566343334373639353536373437643063336162316531393931653531386139383438663030
+61633263333533623666323534623432633133386561376234323636323238643038376433376262
+30313966303865396438303762303962303239663064323739303731643533643264316266303631
+64646638313834323036396437306436333738616131306436323337353237373939383334663930
+37353836303337333562333361346366383933363632626631336631386136396534336665383834
+64373763303364353235383439666264333433343439333939666363616232643735376332383639
+61383166663231336433623661353433633533633830356437353764313136383564316336383133
+34643737386565336138643532633962666536323664383832336530636130343532663165363737
+32613938353161303265393037316439633835383035356666306437333538656536376461323764
+62303731386338363538666435393132643533373439386537616634626231623935633630336330
+30663265666231666366613035653135643763353834316466626239366231653534376635336332
+30303936326163623637396433376661386634663031323132363064313630363930646165333364
+33363065646339616539653136633663303934633436356665313636373734626361356632636534
+33653735356362306637343030623130623461613966346339653065346534643435363063323538
+32663938363233613036663734653064323262306138313966356266313864633633643134643735
+39616266363933613063663035303763613162643537363364316133393864393735313232373161
+63356231636237383533323264396139636366393663653162656533633037323962323865663736
+66623538353165643363653237323466613362666536363963386434373064653638343330326266
+37306630346661326131623865646166626331336261396366623462383933346437653661643039
+37343339613963363561616334346131343531613033316261313563626637393963643866386364
+62306662633331323734663261333532616264663261323663313161663430333165396238306634
+63646333383135636235616266633264313138303036323037666161386464333633316631653865
+63346132336562643631343762346539633766333539356334306335306233313830326362313461
+33663665643362643934373162636663323435653965336266613466333436363866323831623535
+63616532353539396337323137306533306363373536656362326233366139623462616234633133
+34653061643632376539636536373336396335313161623733646262316238663732383337323162
+38383439353830636364646534343432396665363363356265666661663563383337613232363763
+64303961616566353133633764636333636564633635393064336163353833663636656236366331
+65333936306266333262613638633366623433623036343263666238626662306137346639643531
+61613334373833653830613865393430623064613431626665363335663130376261336264643034
+64616536643034333566643737663538316539646339303930326235626433306639386635613436
+37313433663263613037656165663933663839653339343861393131343433656330643262393338
+64353365333531373232326331633832383838386232313862326538396361333333326337326433
+31386432316534653062353036383936333033356665323162633665383632386132373034643637
+38316437373034303062343135663262313961623764646333326531356530653734346438386336
+61303734303532626466633739303634373730386538333434356564333361616563306332373530
+36346365333331616236343163636463653938383538366439336635353938343337656434363636
+37633834326433333466363234373132363833666563333136666462316233636438633538323066
+38633866346163326562613761666562343630323935393262313439386137613964666637633864
+39633361373133323463646363666361376530666562383464616638656465653732343366333933
+63376535313064646166633766393662313330323133353861623738363134353330356437333864
+30623932663133623437656361333566393134623430613162663432636132333362363830656562
+66626634653536393164643965633232333839663131656233303937386431386133393939313339
+61653539656239633930363435326566363561313163356564393533623766636637646135386362
+61383837363562663264656134616238313832363431336666353738373464353339393264343435
+62386562326133376535613363626638346638646365383535336562306331303161313063663063
+33663536376266613965373065303163336335336136373263653631316161653839303566343437
+63316462303630346438663066343635353132336131643332303866396238366462323165303966
+38383861366663373435333864636263373039306465663666363936313663396333313862613061
+31646435656166383232356464306362336638333364656532313635396639633366643837396535
+61633334353839623566356436313532363666646566306134373530626434383263646263393164
+66316236616439366161613631363961343862353135666337633037366565646464623035326232
+35333639623939366162366565396566303562393737306237303064636364343132613464303032
+37383632376536636263616464626663333334316132326630666266653036613564626164383438
+32396135343266653564636130326336663439343661373231623564386434613963643661636161
+66303336623066633466346434306362643531363666376563313039643130663866363836363330
+37306533396265626365363230663362353863613462656638633435313036663130333132313163
+32636165303162653139396132633137353335653430303166393435623964613333316236323031
+30623736666433393736386634363430336239613162333837383335326565653239316561353330
+63303636383131376230313235343863303631356263316365353837323634633335346537323232
+31613061616264326362636234663737343939386165356532326666386365386164646634383431
+61306239373565336239646232623262623930303466666238316163333466653135333132633262
+33396133386634373766646635336433363862343863663936363035386665663861323364663330
+38656434396134313466613337346332646162653030363633393139326634616261653238653837
+36303838646436363738313163313235653065623863303432346462303239633537346164643764
+34646434613533353262323531626431363661373962353230666165646264306661336461356336
+62396635343561336331353432303735333930326664643138646232633262633062303334323937
+33356338336636613735326530383932326337313866393731643239613535643664323162616363
+30346130633563616165656636623430616439353061373861626362633562373339336435393338
+39393437663838343863656138643931343962376465363361386465663466346666353566643735
+66653161313337306165313631323837623565396237366530633062613134306231376437383836
+6564386362323064386263366534623833623663613561333433

roles/common/files/root/.ssh/id_rsa.devel-root.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCd4puiVlcoHytkIpmticagS/yo5fIWhsGwdjWLoH8I4GU9le1TQYwSxdFMhoDbwOPeoAPFeccW8787OgaMT9HFSH8OSePsWhYNBD/OnR2OlXtbEXFEwKU/wD7GJLbXGjkcR3JEOioRJI9wC3OTjCjC6ZX/D8S5yJAZKQAAPHMJziESyrhZeNnWISbxuosqeYW6Y6phYpGt9V6LgeqAf5Ztb6lwmthQdIru8enl4CenQGKrJaclhdl6xNtCfXBAj+02W3FNYof7J/dvb1e8SkkXjM6vWwzIN/Qd6Yy7pFof/zq1tAVy3iFRQ4ASX5ghNdxgF6YzIzw1t+DIo8rz1TJ9ANFNuKuEfmKtHa4Ppunyjvgo2N+sDEYt4zn4lMwO+m3ROZ1KRBGbMCqhBw19ZxYMLMUJYMe9YEX4tvxXiny9QfHeKJLFEpuqdcwSOkoz35gbmACtZ/lxt8rDvU+7+An/PEQX8f2/kUD75L6GJ4TaE2qhkI3o8wH7bxOSbt0QTK3D55wPb9cqFTMCdQhy19PPy2cWskPc6mY+IeW8Vcbops9tpyTDVqjmokw8Gga3++AIxaNdsCEzQlTY1/0DRQuPjmgofVefCCk21sRjn//XNuie3sXNF9+6yxWzR1Ln82VqNaiLwGWlhiqO2+4pWiTm+Can8/GlnTX2a3uRuGj+Zw== root@devel-root

roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform

@@ -0,0 +1,25 @@
+$ANSIBLE_VAULT;1.1;AES256
+37353766323665666361653537393334666365653637376232643432363037653462646366663065
+3264316565623766393237643938373239353465336238630a343361616532303934636232636333
+30383934633134646131353631353631613239386132393631393531316361623239373736336563
+3738323464343962300a623262626566316339313032343637613631383661643234316234393162
+31326161376666653363383737396337316139623835363234373535396466386231646531346630
+61653063643233373262646635363737333464343666333232383736643032326132333433363035
+34316137396336316266643537656535666637656161616164613434303661333533353937366438
+64653366363665353061666636623235323434633030633533376463653131333432653034346230
+31333634666638363863313563643462353731323465336162396239346263356635366634626262
+31653434386636376466353538396234396635343735383861306135353635633961623736313733
+63363930613438363335323533356564316338383733613635346532633238623335393739373130
+39343932653336653730343463336434663231613861636164663439323136313464623934636562
+62366437383334366362306231623738376439323462306362376636326465343730303639666239
+32363766373737363765346261333330366132363939326438373165666563666339616536353239
+38336666656466613363366533643263393232323837663130306262396531393034643665663361
+37663035633133393631633734653832633034666563306631383935633530336633313663316264
+35656238633364383165303035613239333434646631383538653761303430626139363139633731
+38353631333435663866366561323266333030663536383465316161373731633238373431386263
+30303862316261366133376162303839656332643432613338383437373362326533623032613865
+65633866316537303935663233303330663834636164383937313362646261633966363865336336
+37336561386230373264336230643866353236653631613034353432373637656138323031333639
+63643861386534623533346631396437616332343865343032363532323339666433613964333638
+61666663383031666533396135653066333931313265663132626235303036366439336533643131
+65343063643735396365

roles/common/files/webadmin/.ssh/id_ed25519-webadmin.warenform.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0uz8MeNyKvKxyqCLE1KCuATRFOMd5RV0a6TpnqwVZu webadmin@default-svn

roles/common/handlers/main.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Update timezone
+  command: dpkg-reconfigure --frontend noninteractive tzdata
+
+#- name: Restart ssh
+#  shell: sleep 3; systemctl restart sshd
+#  async: 1
+#  poll: 0
+
+# Does NOT Work
+#
+# Error was:
+#    Start request repeated too quickly.
+#
+# See also: https://github.com/ansible/ansible-modules-core/issues/1533
+# 
+- name: Restart ssh
+  service:
+    name: ssh
+    state: restarted
+
+- name: Restart postfix
+  service:
+    name: postfix
+    state: restarted
+

roles/common/tasks/apt.yml

@@ -0,0 +1,206 @@
+---
+
+- name: (apt.yml) update configuration file - /etc/apt/sources.list
+  template:
+    src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
+    dest: /etc/apt/sources.list
+    owner: root
+    group: root
+    mode: 0644
+  register: apt_config_updated
+  when: apt_manage_sources_list|bool
+  tags:
+    - apt-configuration
+
+- name: (apt.yml) apt update
+  apt:
+    update_cache: true
+    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
+  when: apt_update|bool
+  tags:
+    - apt-update
+    - apt-upgrade
+    - apt-dpkg-configure
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+- name: (apt.yml) dpkg --configure
+  command: >
+    dpkg --configure -a
+  args:
+    warn: false
+  changed_when: _dpkg_configure.stdout_lines | length
+  register: _dpkg_configure
+  when: apt_dpkg_configure|bool
+  tags:
+    - apt-dpkg-configure
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+- name: (apt.yml) apt upgrade
+  apt:
+    upgrade: "{{ apt_upgrade_type }}"
+    update_cache: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_upgrade|bool
+  tags:
+    - apt-upgrade
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+- name: (apt.yml) Initial install debian packages (stretch)
+  apt:
+    name: "{{ apt_initial_install_stretch }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "9"
+  tags:
+    - apt-initial-install
+
+- name: (apt.yml) Initial install debian packages (buster)
+  apt:
+    name: "{{ apt_initial_install_buster }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+  tags:
+    - apt-initial-install
+
+- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
+  apt:
+    name: "{{ microcode_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}-backports"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "9"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-microcode
+
+- name: (apt.yml) Install CPU microcode (debian buster)
+  apt:
+    name: "{{ microcode_package }}"
+    state: present
+    default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "10"
+    - ansible_facts['processor']|string is search("Intel")
+  tags:
+    - apt-microcode
+
+- name: (apt.yml) Install lxc_host related packages
+  apt:
+    name: "{{ apt_lxc_host_pkgs }}"
+    state: "{{ apt_install_state }}"
+  when: apt_install_lxc_host_pkgs|bool
+  tags:
+    - apt-lxc-hosts-pkgs|bool
+
+- name: (apt.yml) Install compiler related packages
+  apt:
+    name: "{{ apt_compiler_pkgs }}"
+    state: "{{ apt_install_state }}"
+  when: apt_install_compiler_pkgs|bool
+  tags:
+    - apt-compiler-pkgs|bool
+
+- name: (apt.yml) Install postgresql_server related packages
+  apt:
+    name: "{{ apt_postgresql_pkgs }}"
+    state: "{{ apt_install_state }}"
+  when: apt_install_postgresql_pkgs|bool
+  tags:
+    - apt-postgresql-server-pkgs
+
+- name: (apt.yml) Install webserver related packages
+  apt:
+    name: "{{ apt_webserver_pkgs }}"
+    state: "{{ apt_install_state }}"
+  when: apt_install_webserver_pkgs|bool
+  tags:
+    - apt-webserver-pkgs
+
+- name: (apt.yml) Remove unwanted packages
+  apt:
+    name: "{{ apt_remove }}"
+    state: absent
+    purge: "{{ apt_remove_purge }}"
+  tags:
+    - apt-remove
+
+- name: (apt.yml) autoremove
+  apt:
+    autoremove: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_autoremove|bool
+  tags:
+    - apt-autoremove
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-webserver-pkgs
+
+- name: (apt.yml) clean
+  command: apt-get -y clean
+  args:
+    warn: false
+  changed_when: false
+  when: apt_clean|bool
+  tags:
+    - apt-clean
+    - apt-initial-install
+    - apt-microcode
+    - apt-compiler-pkgs
+    - apt-mysql-server-pkgs
+    - apt-webserver-pkgs
+
+# Fix error if install/update of repository mysql-/mariadb-client breaks
+# link '/etc/mysql/my.cnf' in case mysql/mariadb was installed from source
+#
+- name: (apt.yml) Check if file '/usr/local/mysql/etc/my.cnf' exists
+  stat:
+    path: /usr/local/mysql/etc/my.cnf
+  register: usr_local_mysql_etc_my_cnf
+  when: groups['mysql_server']|string is search(inventory_hostname) or 
+        groups['apache2_webserver']|string is search(inventory_hostname) or
+        groups['nextcloud_server']|string is search(inventory_hostname)
+  tags:
+    - apt-webserver-pkgs
+    - apt-mysql-server-pkgs
+    - check_mysql_cnf
+
+#- name: debug
+#  debug:
+#    msg:
+#      - usr_local_mysql_etc_my_cnf.stst.exists = {{ usr_local_mysql_etc_my_cnf.stat.exists }}
+#      - "Variable usr_local_mysql_etc_my_cnf: {{ usr_local_mysql_etc_my_cnf }}"
+#  tags:
+#    - check_mysql_cnf
+
+- name: (apt.yml) Create a symbolic link /etc/my.cnf -> /usr/local/mysql/etc/my.cnf
+  file:
+    src: /usr/local/mysql/etc/my.cnf
+    dest: /etc/mysql/my.cnf
+    owner: root
+    group: root
+    state: link
+  when: 
+    - (groups['mysql_server']|string is search(inventory_hostname) or 
+      groups['apache2_webserver']|string is search(inventory_hostname) or
+      groups['nextcloud_server']|string is search(inventory_hostname))
+    - usr_local_mysql_etc_my_cnf.stat.exists
+  tags:
+    - apt-webserver-pkgs
+    - apt-mysql-server-pkgs
+    - check_mysql_cnf
+

roles/common/tasks/basic.yml

@@ -0,0 +1,46 @@
+---
+
+- name: (basic.yml) Ensure timezone is is correct
+  timezone: name={{ time_zone }}
+  when: "inventory_hostname not in groups['lxc_guest']|string"
+  tags:
+    - timezone
+
+
+- name: (basic.yml) Ensure locales are present
+  locale_gen:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ locales }}"
+  tags:
+    - locales
+
+- name: (basic.yml) Create a symbolic link /bin/sh -> bash
+  file:
+    src: bash
+    dest: /bin/sh
+    owner: root
+    group: root
+    state: link
+  tags:
+    - symlink-sh
+
+- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
+  stat:
+    path: /etc/systemd/system
+  register: etc_systemd_system_conf
+  when:
+    - set_default_limit_nofile|bool == true
+
+- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
+  lineinfile:
+    dest: /etc/systemd/system.conf
+    state: present
+    regexp: '^DefaultLimitNOFILE'
+    line: 'DefaultLimitNOFILE=1048576'
+    insertafter: '^#DefaultLimitNOFILE'
+  when:
+    - set_default_limit_nofile|bool == true
+    -  etc_systemd_system_conf.stat.exists == true
+  tags:
+    - systemd-nofiles

roles/common/tasks/caching-nameserver.yml

@@ -0,0 +1,83 @@
+
+---
+
+- name: (caching-nameserver.yml) update
+  apt:
+    update_cache: true
+    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
+  when: apt_update|bool
+  tags:
+    - apt-caching-nameserver
+
+
+- name: (caching-nameserver.yml) dpkg --configure
+  command: >
+    dpkg --configure -a
+  args:
+    warn: false
+  changed_when: _dpkg_configure.stdout_lines | length
+  register: _dpkg_configure
+  when: apt_dpkg_configure|bool
+  tags:
+    - apt-caching-nameserver
+
+
+- name: (caching-nameserver.yml) upgrade
+  apt:
+    upgrade: "{{ apt_upgrade_type }}"
+    update_cache: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_upgrade|bool
+  tags:
+    - apt-caching-nameserver
+
+
+- name: (caching-nameserver.yml) Install bind9 packages
+  apt:
+    name: "{{ apt_bind9_pkgs }}"
+    state: present
+  when: apt_install_bind9_packages|bool == true
+  tags:
+    - apt-caching-nameserver
+
+
+- name: (caching-nameserver.yml) Create directory /var/log/named if it does not exist
+  file:
+    path: /var/log/named
+    state: directory
+    owner: bind
+    group: bind
+    mode: '0755'
+
+
+- name: (caching-nameserver.yml) update named.conf.options configuration file
+  template:
+    src: etc/bind/named.conf.options.j2
+    dest: /etc/bind/named.conf.options
+    backup: yes
+    owner: root
+    group: bind
+    mode: 0644
+    #validate: visudo -cf %s
+  tags:
+    - sudoers-global-configuration
+
+
+
+- name: (caching-nameserver.yml) Add 127.0.0.1 as first nameserver entry to /etc/resolv.conf
+  lineinfile:
+    path: /etc/resolv.conf
+    line: nameserver 127.0.0.1
+    firstmatch: yes
+    insertbefore: '^nameserver'
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+
+
+- name: (caching-nameserver.yml) Start service bind9, if not started
+  service:
+    name: bind9
+    state: reloaded
+    enabled: yes

roles/common/tasks/git.yml

@@ -0,0 +1,237 @@
+---
+
+- name: (git.yml) include variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "git-{{ inventory_hostname }}.yml"
+    - "git-{{ ansible_distribution_release }}.yml"
+    - "git-{{ ansible_distribution | lower }}.yml"
+    - git-default.yml
+  tags:
+    - git-default-repositories
+    - git-lxc-guest-repositories
+    - git-apache2-repositories
+    - git-nginx-repositories
+    - git-mysql-server-repositories
+    - git-postgresql-server-repositories
+    - git-nextcloud-server-repositories
+    - git-dns-server-repositories
+    - git-backup-server-repositories
+    - git-samba-server-repositories
+    - git-mailservers-repositories
+    - git-sympa-repositories
+    - git-other-repositories
+
+
+# ---
+#  Default reposotories
+# ---
+
+- name: (git.yml) Install/Update default repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_default_repositories }}'
+  tags:
+    - git-default-repositories
+
+
+# ---
+#  Group [lxc_guest] reposotories
+# ---
+
+- name: (git.yml) Install/Update lxc_guest repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_lxc_guest_repositories }}'
+  when: "groups['lxc_guest']|string is search(inventory_hostname)"
+  tags:
+    - git-lxc-guest-repositories
+
+
+# ---
+#  Group [lxc_host] reposotories
+# ---
+
+- name: (git.yml) Install/Update lxc_host repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_lxc_host_repositories }}'
+  when: "groups['lxc_host']|string is search(inventory_hostname)"
+  tags:
+    - git-lxc-host-repositories
+
+
+# ---
+#  Group [apache2_webserver] reposotories
+# ---
+
+- name: (git.yml) Install/Update apache2 repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_apache2_repositories }}'
+  when: "groups['apache2_webserver']|string is search(inventory_hostname)"
+  tags:
+    - git-apache2-repositories
+
+
+# ---
+#  Group [nginx_webserver] reposotories
+# ---
+
+- name: (git.yml) Install/Update nginx repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_nginx_repositories }}'
+  when: "groups['nginx_webserver']|string is search(inventory_hostname)"
+  tags:
+    - git-nginx-repositories
+
+
+# ---
+#  Group [mysql_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update mysql server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_mysql_repositories }}'
+  when: "groups['mysql_server']|string is search(inventory_hostname)"
+  tags:
+    - git-mysql-server-repositories
+
+
+# ---
+#  Group [postgresql_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update postgresql-server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_postgresql_repositories }}'
+  when: "groups['postgresql_server']|string is search(inventory_hostname)"
+  tags:
+    - git-postgresql-server-repositories
+
+
+# ---
+#  Group [nextcloud_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update nextcloud server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_nextcloud_repositories }}'
+  when: "groups['nextcloud_server']|string is search(inventory_hostname)"
+  tags:
+    - git-nextcloud-server-repositories
+
+
+# ---
+#  Group [dns_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update dns server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_dns_repositories }}'
+  when: "groups['dns_server']|string is search(inventory_hostname)"
+  tags:
+    - git-dns-server-repositories
+
+
+# ---
+#  Group [backup_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update backup server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_backup_repositories }}'
+  when: "groups['backup_server']|string is search(inventory_hostname)"
+  ignore_errors: True
+  tags:
+    - git-backup-server-repositories
+
+
+# ---
+#  Group [samba_server] reposotories
+# ---
+
+- name: (git.yml) Install/Update samba server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_samba_repositories }}'
+  when: "groups['samba_server']|string is search(inventory_hostname)"
+  ignore_errors: True
+  tags:
+    - git-samba-server-repositories
+
+
+
+# ---
+#  Group [mail_server] reposotories
+# ---
+
+#- name: include variables
+#  include_vars: "git-mailservers.yml"
+#  tags:
+#    - initial-setup
+#    - git
+#    - git-mailservers
+
+- name: (git.yml) Install/Update default repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_mailserver_repositories }}'
+  when: "groups['mail_server']|string is search(inventory_hostname)"
+  tags:
+    - git-mailservers-repositories
+
+
+# ---
+#  Group [sympa_list_servers] reposotories
+# ---
+
+- name: (git.yml) Install/Update sympa server repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_sympa_repositories }}'
+  when: "groups['sympa_list_server']|string is search(inventory_hostname)"
+  tags:
+    - git-sympa-repositories
+
+
+# ---
+#  Other (host specific) repositories
+# ---
+
+# Read in host specific vars file if exists
+- name: (git.yml) Include only files matching git-<hostname>.yml (2.2)
+  include_vars:
+    dir: vars
+    extensions:
+      - yml
+    files_matching: "git-{{ inventory_hostname }}.yml"
+  tags:
+    - git-other-repositories
+
+- name: (git.yml) Install/Update other repositories
+  git:
+    repo: '{{ item.repo }}'
+    dest: '{{ item.dest }}'
+  with_items: '{{ git_other_repositories }}'
+  tags:
+    - git-other-repositories

roles/common/tasks/main.yml

@@ -0,0 +1,110 @@
+---
+
+# tags supported inside basic.yml
+#
+#    timezone
+#    locales
+#    systemd-nofiles
+- import_tasks: basic.yml
+  tags:
+    - basic
+
+
+# tags supported inside sshd.yml
+#
+#    sshd-config
+- import_tasks: sshd.yml
+  tags: sshd
+
+
+# tags supported inside apt.yml
+#
+#   apt-update
+#   apt-upgrade
+#   apt-dpkg-configure
+#   apt-initial-install
+#   apt-microcode
+#   apt-compiler-pkgs
+#   apt-webserver-pkgs
+#   apt-lxc-hosts-pkgs
+#   apt-mysql-server-pkgs
+#   apt-postgresql-server-pkgs
+#   apt-remove
+#   apt-autoremove
+#   apt-clean
+- import_tasks: apt.yml
+  tags: apt
+
+
+# tags supported inside users.yml:
+#
+#   users-exists
+#   groups-exists
+#   authorized_key
+#   sudo-users
+#   insert-ssh-keypair-backup-server
+#   keypair-backup-server
+#   root-defaut-ssh-keypair
+#   insert_root_ssh_public_key
+- import_tasks: users.yml
+  tags: users
+
+
+# tags supported inside users-systemfiles.yml:
+#
+#   bash
+#   profile
+#   vim
+- import_tasks: users-systemfiles.yml
+  tags: users-systemfiles
+
+
+# tags supported inside users.yml:
+#
+#   users-exists
+#   groups-exists
+#   authorized_key
+#   sudo-users
+#   webadmin-defaut-ssh-keypair
+#   insert_webadmin_ssh_public_key
+- import_tasks: webadmin-user.yml
+  when: groups['webadmin']|string is search(inventory_hostname)
+  tags: 
+    - users
+    - users-systemfiles
+    - webadmin
+
+
+# tags supported inside sudoers.yml:
+#
+#   sudoers-remove
+#   sudoers-file-configuration
+#   sudoers-global-configuration
+- import_tasks: sudoers.yml
+  tags: sudoers
+
+
+# tags supportetd inside git.yml
+#
+#   git-default-repositories
+#   git-lxc-guest-repositories
+#   git-apache2-repositories
+#   git-nginx-repositories
+#   git-mysql-server-repositories
+#   git-nextcloud-server-repositories
+#   git-postgresql-server-repositories
+#   git-dns-server-repositories
+#   git-backup-server-repositories
+#   git-mailservers-repositories
+#   git-sympa-repositories
+#   git-other-repositories
+- import_tasks: git.yml
+  tags: git
+
+# tags supportetd inside caching-nameserver.yml
+#
+# apt-caching-nameserver
+- import_tasks: caching-nameserver.yml
+  when: groups['caching_nameserver']|string is search(inventory_hostname)
+  tags: caching-nameserver
+

roles/common/tasks/sshd.yml

@@ -0,0 +1,28 @@
+---
+
+- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
+  stat:
+    path: /etc/ssh/sshd_config.ORIG
+  register: etc_sshd_sshd_config_ORIG
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
+  command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
+  when: etc_sshd_sshd_config_ORIG.stat.exists == False
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+    validate: 'sshd -f %s -T'
+    #backup: yes
+  notify: "Restart ssh"
+  tags:
+    - sshd-config
+

roles/common/tasks/sudoers.yml

@@ -0,0 +1,57 @@
+---
+
+- name: (sudoers.yml) include variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "sudoers-{{ inventory_hostname }}.yml"
+    - "sudoers-{{ ansible_distribution_release }}.yml"
+    - "sudoers-{{ ansible_distribution | lower }}.yml"
+    - "sudoers-default.yml"
+  tags:
+    - sudoers-remove
+    - sudoers-file-configuration
+    - sudoers-global-configuration
+    
+- name: (sudoers.yml) Remove user entries in file /etc/sudoers
+  lineinfile:
+    dest: /etc/sudoers
+    state: absent
+    regexp: '^{{ item }}'
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+  with_items: '{{ sudoers_remove_user }}'
+  tags:
+    - sudoers-remove
+
+- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
+  template:
+    src: etc/sudoers.d/50-user.j2
+    dest: /etc/sudoers.d/50-user
+    #validate: visudo -cf %s
+    owner: root
+    group: root
+    mode: 0440
+  tags:
+    - sudoers-file-configuration
+
+- name: (sudoers.yml) update global sudoers configuration file
+  template:
+    src: etc/sudoers.j2
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: 0440
+    #validate: visudo -cf %s
+  tags:
+    - sudoers-global-configuration
+
+- name: (sudoers.yml) Ensure all sudo_users are in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items: "{{ sudo_users }}"
+  tags:
+    - sudo-users

roles/common/tasks/users-systemfiles.yml

@@ -0,0 +1,139 @@
+---
+
+# --
+# Copy .bashrc
+# ---
+
+- name: (users-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.bashrc.ORIG"
+  register: bashrc_user_orig_exists
+  with_items: "{{ default_user }}"
+  tags:
+    - bash
+
+- name: (users-systemfiles.yml) Backup existing users .bashrc file
+  command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
+  with_items: "{{ bashrc_user_orig_exists.results }}"
+  when: item.stat.exists == False
+  tags:
+    - bash
+    
+- name: (users-systemfiles.yml) copy .bashrc if it exists
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') }}"
+    dest: "~{{ item.name }}/.bashrc"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0644
+  with_items: "{{ default_user }}"
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc')
+  tags:
+    - bash
+
+- name: (users-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
+  stat:
+    path: /root/.bashrc.ORIG
+  register: bashrc_root_orig_exists
+  tags:
+    - bash
+
+- name: (users-systemfiles.yml) Backup /root/.bashrc file
+  command: cp /root/.bashrc /root/.bashrc.ORIG
+  when: bashrc_root_orig_exists.stat.exists == False 
+  tags:
+    - bash
+
+- name: (users-systemfiles.yml) copy .bashrc for user root
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
+    dest: "/root/.bashrc"
+    owner: root
+    group: root
+    mode: 0644
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
+  tags:
+    - bash
+
+# --
+# Copy .profile
+# ---
+
+- name: (users-systemfiles.yml) Check if users file '.profile.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.profile.ORIG"
+  register: profile_user_orig_exists
+  with_items: "{{ default_user }}"
+  tags:
+    - profile
+
+- name: (users-systemfiles.yml) Backup existing users .profile file
+  command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
+  with_items: "{{ profile_user_orig_exists.results }}"
+  when: item.stat.exists == False 
+  tags:
+    - profile
+    
+- name: (users-systemfiles.yml) copy .profile if it exists
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') }}"
+    dest: "~{{ item.name }}/.profile"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0644
+  with_items: "{{ default_user }}"
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile')
+  tags:
+    - profile
+
+- name: (users-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
+  stat:
+    path: /root/.profile.ORIG
+  register: profile_root_orig_exists
+  tags:
+    - profile
+
+- name: (users-systemfiles.yml) Backup existing users .profile file
+  command: cp -a /root/.profile /root/.profile.ORIG
+  when: profile_root_orig_exists.stat.exists == False 
+  tags:
+    - profile
+
+- name: (users-systemfiles.yml) copy .profile for user root
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
+    dest: "/root/.profile"
+    owner: root
+    group: root
+    mode: 0644
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
+  tags:
+    - profile
+    
+# --
+# Copy .vimrc
+# ---
+
+- name: (users-systemfiles.yml) copy .vimrc if it exists
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') }}"
+    dest: "~{{ item.name }}/.vimrc"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0644
+  with_items: "{{ default_user }}"
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc')
+  tags:
+    - vim
+
+- name: (users-systemfiles.yml) copy .vimrc for user root
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
+    dest: "/root/.vimrc"
+    owner: root
+    group: root
+    mode: 0644
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
+  tags:
+    - vim
+

roles/common/tasks/users.yml

@@ -0,0 +1,180 @@
+---
+
+# ---
+# - default user/groups
+# ---
+
+- name: (users.yml) Ensure default groups exists
+  group:
+    name: '{{ item.name }}'
+    state: present
+    gid: '{{ item.group_id | default(omit) }}'
+  with_items: '{{ default_user }}'
+  when: item.group_id is defined
+  tags:
+    - groups-exists
+
+- name: (users.yml) Ensure default users exists
+  user:
+    name: '{{ item.name }}'
+    state: present
+    uid: '{{ item.user_id | default(omit) }}'
+    group: '{{ item.name | default(omit) }}'
+    home: '{{ item.home | default(omit) }}'
+    shell: '{{ item.shell|d("/bin/bash") }}'
+    password: "{{ item.password }}"
+    update_password: on_create
+  with_items: '{{ default_user }}'
+  tags:
+    - users-exists
+
+- name: (users.yml) Ensure authorized_key files for default users are present
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ item.1 }}"
+    state: present
+  with_subelements:
+    - '{{ default_user }}'
+    - ssh_keys
+  tags:
+    - authorized_key
+
+# ---
+# - extra user/groups
+# ---
+
+- name: (users.yml) Ensure extra groups exists
+  group:
+    name: '{{ item.name }}'
+    state: present
+    gid: '{{ item.group_id | default(omit) }}'
+  with_items: '{{ extra_user }}'
+  when: 
+    - extra_user is defined and extra_user|length > 0
+    - item.group_id is defined
+  tags:
+    - groups-exists
+
+- name: (users.yml) Ensure extra users exists
+  user:
+    name: '{{ item.name }}'
+    state: present
+    uid: '{{ item.user_id | default(omit) }}'
+    group: '{{ item.name | default(omit) }}'
+    home: '{{ item.home | default(omit) }}'
+    shell: '{{ item.shell|d("/bin/bash") }}'
+    password: "{{ item.password }}"
+    update_password: on_create
+  with_items: '{{ extra_user }}'
+  when: extra_user is defined and extra_user|length > 0
+  tags:
+    - users-exists
+
+- name: (users.yml) Ensure authorized_key files for extra users are present
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ item.1 }}"
+    state: present
+  with_subelements:
+    - '{{ extra_user }}'
+    - ssh_keys
+  when: extra_user is defined and extra_user|length > 0
+  tags:
+    - authorized_key
+
+
+# ---
+# - Take care backup host has rsa key to connect via ssh to the other hosts
+# ---
+
+- name: (users.yml) Copy ssh rsa private key to user root of backup server
+  copy:
+    src: '{{ item.priv_key_src }}'
+    dest: '{{ item.priv_key_dest }}'
+    owner: root
+    group: root
+    mode: '0600'
+  with_items: '{{ ssh_keypair_backup_server }}'
+  when: 
+    - ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
+    - insert_ssh_keypair_backup_server|bool
+  tags:
+    - insert-ssh-keypair-backup-server
+    - keypair-backup-server
+
+
+- name: (users.yml) Copy ssh rsa public key to user root of backup server
+  copy:
+    src: '{{ item.pub_key_src }}'
+    dest: '{{ item.pub_key_dest }}'
+    owner: root
+    group: root
+    mode: '0644'
+  with_items: '{{ ssh_keypair_backup_server }}'
+  when:
+    - ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
+    - insert_ssh_keypair_backup_server|bool
+  tags:
+    - insert-ssh-keypair-backup-server
+    - keypair-backup-server
+
+
+- name: (users.yml) Ensure user back has public rsa key of backup server
+  authorized_key:
+    user: "{{ item.backup_user }}"
+    key: "{{ lookup('file', item.pub_key_src) }}"
+    state: present
+  with_items: '{{ ssh_keypair_backup_server }}'
+  when: ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
+  tags:
+    - authorized_key
+    - keypair-backup-server
+
+
+# ---
+# - Allow connection via ssh to backup host
+# ---
+
+- name: (users.yml) Copy default ed25519 ssh private key to user root
+  copy:
+    src: '{{ item.priv_key_src }}'
+    dest: '{{ item.priv_key_dest }}'
+    owner: root
+    group: root
+    mode: '0600'
+  #when: groups['oopen_server']|string is search(inventory_hostname)
+  when: 
+    - insert_root_ssh_keypair|bool
+    - groups['backup_server']|string is not search(inventory_hostname)
+  with_items: '{{ root_ssh_keypair }}'
+  tags:
+    - insert_root_ssh_keypair
+    - root-defaut-ssh-keypair
+
+- name: (users.yml) Copy default ed25519 ssh public key  to user root
+  copy:
+    src: '{{ item.pub_key_src }}'
+    dest: '{{ item.pub_key_dest }}'
+    owner: root
+    group: root
+    mode: '0644'
+  with_items: '{{ root_ssh_keypair }}'
+  #when: groups['oopen_server']|string is search(inventory_hostname)
+  when: 
+    - insert_root_ssh_keypair|bool
+    - groups['backup_server']|string is not search(inventory_hostname)
+  tags:
+    - insert_root_ssh_keypair
+    - root-defaut-ssh-keypair
+
+- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key
+  authorized_key:
+    user: root
+    key: "{{ lookup('file', item.pub_key_src) }}"
+    state: present
+  with_items: '{{ root_ssh_keypair }}'
+  when: inventory_hostname == item.target
+  tags:
+    - authorized_key
+    - root-defaut-ssh-keypair
+

roles/common/tasks/webadmin-user.yml

@@ -0,0 +1,196 @@
+---
+
+# ---
+# - webadmin user/group
+# ---
+
+- name: (webadmin-user.yml) Ensure webadmin group exists
+  group:
+    name: '{{ item.name }}'
+    state: present
+    gid: '{{ item.group_id | default(omit) }}'
+  with_items: '{{ webadmin_user }}'
+  when: 
+    - groups['webadmin']|string is search(inventory_hostname)
+    - webadmin_user is defined 
+    - item.group_id is defined
+  tags:
+    - webadmin
+    - groups-exists
+
+- name: (webadmin-user.yml) Ensure webadmin user exists
+  user:
+    name: '{{ item.name }}'
+    state: present
+    uid: '{{ item.user_id | default(omit) }}'
+    group: '{{ item.name | default(omit) }}'
+    home: '{{ item.home | default(omit) }}'
+    shell: '{{ item.shell|d("/bin/bash") }}'
+    password: "{{ item.password }}"
+    update_password: on_create
+  with_items: '{{ webadmin_user }}'
+  when: 
+    - groups['webadmin']|string is search(inventory_hostname)
+    - webadmin_user is defined
+  tags:
+    - webadmin
+    - users-exists
+
+- name: (webadmin-user.yml) Ensure authorized_key files for webadmin user is present
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ item.1 }}"
+    state: present
+  with_subelements:
+    - '{{ webadmin_user }}'
+    - ssh_keys
+  when: 
+    - groups['webadmin']|string is search(inventory_hostname)
+    - webadmin_user is defined
+  tags:
+    - webadmin
+    - authorized_key
+
+- name: (webadmin-user.yml) Copy default ed25519 ssh private key to user webadmin
+  copy:
+    src: '{{ item.priv_key_src }}'
+    dest: '{{ item.priv_key_dest }}'
+    owner: '{{ item.login }}'
+    group: '{{ item.login }}'
+    mode: '0600'
+  #when: groups['oopen_server']|string is search(inventory_hostname)
+  when: 
+    - insert_webadmin_ssh_keypair|bool
+  with_items: '{{ webadmin_ssh_keypair }}'
+  tags:
+    - webadmin
+    - webadmin-defaut-ssh-keypair
+
+- name: (webadmin-user.yml) Copy default ssh key ed25519 public key to user webadmin
+  copy:
+    src: '{{ item.pub_key_src }}'
+    dest: '{{ item.pub_key_dest }}'
+    owner: '{{ item.login }}'
+    group: '{{ item.login }}'
+    mode: '0644'
+  with_items: '{{ webadmin_ssh_keypair }}'
+  when: 
+    - insert_webadmin_ssh_keypair|bool
+  tags:
+    - webadmin
+    - webadmin-defaut-ssh-keypair
+
+- name: (webadmin-user.yml) Ensure .ssh/config of user webadmin is up-to-date
+  template:
+    src: var/www/.ssh/config.j2
+    dest: '~webadmin/.ssh/config'
+    owner: webadmin
+    group: webadmin
+    mode: '0644'
+  when: 
+    - insert_webadmin_ssh_keypair|bool
+  tags:
+    - webadmin
+    - webadmin-defaut-ssh-keypair
+
+# devel-repos contains SVN repositiries; webadmin must have ssh access to
+# to webadmin at devel-repos to manage SVN repository
+# 
+- name: (webadmin-user.yml) Ensure authorized_key on devel-repos hosts contains public key
+  authorized_key:
+    user: "{{ item.login }}"
+    key: "{{ lookup('file', item.pub_key_src) }}"
+    state: present
+  with_items: '{{ webadmin_ssh_keypair }}'
+  when: inventory_hostname == item.target
+  tags:
+    - webadmin
+    - authorized_key
+    - insert_webadmin_ssh_public_key
+
+
+# --
+# Copy .bashrc
+# ---
+
+- name: (webadmin-user.yml) Check if webadmin's file '.bashrc.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.bashrc.ORIG"
+  register: bashrc_webadmin_orig_exists
+  with_items: "{{ webadmin_user }}"
+  tags:
+    - webadmin
+    - bash
+
+- name: (webadmin-user.yml) Backup existing webadmin's .bashrc file
+  command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
+  with_items: "{{ bashrc_webadmin_orig_exists.results }}"
+  when: item.stat.exists == False
+  tags:
+    - webadmin
+    - bash
+    
+- name: (webadmin-user.yml) copy new .bashrc ifor webadmin if it exists
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') }}"
+    dest: "~{{ item.name }}/.bashrc"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0644
+  with_items: "{{ webadmin_user }}"
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc')
+  tags:
+    - webadmin
+    - bash
+
+# --
+# Copy .profile
+# ---
+
+- name: (webadmin-user.yml) Check if webadmin's file '.profile.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.profile.ORIG"
+  register: profile_webadmin_orig_exists
+  with_items: "{{ webadmin_user }}"
+  tags:
+    - webadmin
+    - profile
+
+- name: (webadmin-user.yml) Backup existing users .profile file
+  command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
+  with_items: "{{ profile_webadmin_orig_exists.results }}"
+  when: item.stat.exists == False 
+  tags:
+    - webadmin
+    - profile
+    
+- name: (webadmin-user.yml) copy .profile for user webadmin if it exists
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') }}"
+    dest: "~{{ item.name }}/.profile"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0644
+  with_items: "{{ webadmin_user }}"
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile')
+  tags:
+    - webadmin
+    - profile
+    
+# --
+# Copy .vimrc
+# ---
+
+- name: (webadmin-user.yml) copy .vimrc for user webadmin if it exists
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') }}"
+    dest: "~{{ item.name }}/.vimrc"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0644
+  with_items: "{{ webadmin_user }}"
+  when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc')
+  tags:
+    - webadmin
+    - vim
+

roles/common/templates/etc/apt/sources.list.Debian.j2

@@ -0,0 +1,28 @@
+# {{ ansible_managed }}
+
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+
+deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
+{{ '# ' if not apt_src_enable else '' }}deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
+
+# {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+
+# Contrib packages contain DFSG-compliant software,
+# but have dependencies not in main (possibly packaged for Debian in non-free).
+# Non-free contains software that does not comply with the DFSG.
+{% if apt_debian_contrib_nonfree_enable %}
+deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+{% endif %}
+
+# # N.B. software from this repository may not have been tested as
+# # extensively as that contained in the main release, although it includes
+# # newer versions of some applications which may provide useful features.
+{% if apt_backports_enable %}
+deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+{% endif %}
+

roles/common/templates/etc/bind/named.conf.options.j2

@@ -0,0 +1,106 @@
+# {{ ansible_managed }}
+
+{% if acl_caching_nameserver is defined and acl_caching_nameserver|length > 0 %}
+{% for acl in acl_caching_nameserver %}
+
+acl {{ acl.name }} {
+{%    for entry in acl.entries %}
+   {{ entry }}
+{%    endfor %}
+};
+{% endfor %}
+{% endif %}
+
+options {
+   directory "/var/cache/bind";
+
+   // If there is a firewall between you and nameservers you want
+   // to talk to, you may need to fix the firewall to allow multiple
+   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+   // If your ISP provided one or more IP addresses for stable
+   // nameservers, you probably want to use them as forwarders.
+   // Uncomment the following block, and insert the addresses replacing
+   // the all-0's placeholder.
+
+   // forwarders {
+   //    0.0.0.0;
+   // };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   // caching name services
+   recursion yes;
+
+{% if acl_caching_nameserver is defined and acl_caching_nameserver|length > 0 %}
+   listen-on port 53 {
+      any ;
+   };
+
+   listen-on-v6 port 53 {
+      any;
+   };
+
+   allow-recursion {
+      127.0.0.1;
+      ::1 ;
+{% for acl in acl_caching_nameserver %}
+      {{ acl.name }};
+{% endfor %}
+   };
+
+{% else %}
+   listen-on port 53 {
+      127.0.0.1;
+   };
+
+   listen-on-v6 port 53 {
+      ::1;
+   };
+
+   allow-recursion {
+      127.0.0.1;
+      ::1;
+   };
+{% endif %}
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      severity warning;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel dnssec_log {
+      file "/var/log/named/dnssec.log" versions 5 size 2m;
+      severity debug 3;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category dnssec {
+      dnssec_log;
+   };
+   category default{
+      simple_log;
+   };
+};

roles/common/templates/etc/ssh/sshd_config.j2

@@ -0,0 +1,286 @@
+# {{ ansible_managed }}
+
+#-----------------------------
+# Daemon
+#-----------------------------
+
+# What ports, IPs and protocols we listen for
+{% for item in sshd_ports %}
+Port {{ item }}
+{% endfor %}
+
+# Specifies the local addresses sshd(8) should listen on.  The following forms may be used:
+# 
+#    ListenAddress host|IPv4_addr|IPv6_addr
+#    ListenAddress host|IPv4_addr:port
+#    ListenAddress [host|IPv6_addr]:port
+# 
+# If port is not specified, sshd will listen on the address and all Port options specified.  The default
+# is to listen on all local addresses.  Multiple ListenAddress options are permitted.
+#
+#    ListenAddress ::
+#    ListenAddress 0.0.0.0
+#    ListenAddress 159.69.72.24
+#    ListenAddress 2a01:4f8:231:171f::2
+#
+{% if (sshd_listen_address is defined) and sshd_listen_address %}
+{% for item in sshd_listen_address %}
+ListenAddress {{ item }}
+{% endfor %}
+{% endif %}
+
+# Specifies the protocol versions sshd(8) supports.
+# The possible values are ‘1’ , `2' and ‘1,2’.
+# The default is ‘2’.
+Protocol 2
+
+# HostKeys for protocol version 2
+{% for item in sshd_host_keys %}
+HostKey {{ item }}
+{% endfor %}
+
+# Lifetime and size of ephemeral version 1 server key
+#
+# Note:
+#    Deprecated option KeyRegenerationInterval
+#    Deprecated option ServerKeyBits
+#
+#KeyRegenerationInterval 3600
+#ServerKeyBits 768
+
+# Specifies the maximum number of concurrent unauthenticated connections
+# to the SSH daemon. See sshd_config(5) for specifiing the three colon 
+# separated values.
+# The default is 10.
+#MaxStartups 10:30:100
+#MaxStartups 3
+MaxStartups 10:30:100
+
+# Specifies the maximum number of authentication attempts permitted per
+# connection.
+# The default is 6.
+MaxAuthTries 3
+
+# Specifies the maximum number of open sessions permitted per network
+# connection.
+# The default is 10.
+MaxSessions 10
+
+
+#-----------------------------
+# Authentication
+#-----------------------------
+
+# Specifies whether sshd(8) separates privileges by creating an unprivileged
+# child process to deal with incoming network traffic.
+# The default is "yes" (for security).
+UsePrivilegeSeparation yes
+
+# The server disconnects after this time if the user has not
+# successfully logged in.
+# The default is 120 seconds.
+LoginGraceTime 120
+
+# Specifies whether root can log in using ssh(1).
+# The default is "yes".
+# Possible values: yes, no, prohibit-password (or teh older one: without-password)
+#PermitRootLogin yes
+PermitRootLogin {{ sshd_permit_root_login }}
+
+# Specifies whether sshd(8) should check file modes and ownership of the 
+# user's files and home directory before accepting login.  This is normally 
+# desirable because novices sometimes accidentally leave their directory or 
+# files world-writable. Note that this does not apply to ChrootDirectory, 
+# whose permissions and ownership are checked unconditionally.  
+# The default is “yes”.
+StrictModes yes
+
+# Specifies whether pure RSA authentication is allowed. This option 
+# applies to protocol version 1 only.
+# The default is “yes”.
+#
+# Note:
+#    Deprecated option RSAAuthentication
+#
+#RSAAuthentication yes
+
+# Specifies whether public key authentication is allowed. Note that this 
+# option applies to protocol version 2 only.
+# The default is “yes”.
+PubkeyAuthentication {{ sshd_pubkey_authentication }}
+
+# Specifies the file that contains the public keys that can be used for 
+# user authentication.  The format is described in the AUTHORIZED_KEYS FILE 
+# FORMAT section of sshd(8).
+# AuthorizedKeysFile may contain tokens of the form %T which are substituted
+# during connection setup. The following tokens are defined: %% is replaced 
+# by a literal '%', %h is replaced by the home directory of the user being 
+# authenticated, and %u is replaced by the username of that user. After 
+# expansion, AuthorizedKeysFile is taken to be an absolute path or one relative 
+# to the user's home directory. Multiple files may be listed, separated by 
+# whitespace.
+# The default is “.ssh/authorized_keys .ssh/authorized_keys2”.
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+AuthorizedKeysFile {{ sshd_authorized_keys_file }}
+
+# Specifies whether password authentication is allowed.
+# Change to no to disable tunnelled clear text passwords
+# The default is "yes".
+#PasswordAuthentication yes
+PasswordAuthentication {{ sshd_password_authentication }}
+
+# When password authentication is allowed, it specifies whether the 
+# server allows login to accounts with empty password strings.
+# The default is “no”.
+PermitEmptyPasswords no
+
+# Specifies whether challenge-response authentication is allowed (e.g. via PAM).
+# The default is “yes”.
+ChallengeResponseAuthentication no
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+#
+# Note:
+#    Deprecated option RhostsRSAAuthentication
+#
+#RhostsRSAAuthentication no
+
+# similar for protocol version 2
+HostbasedAuthentication no
+
+# Specifies whether sshd(8) should ignore the user's ~/.ssh/known_hosts 
+# during RhostsRSAAuthentication or HostbasedAuthentication. 
+# The default is “no”.
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# If specified, login is allowed only for user names that match one of
+# the patterns.
+# The allow/deny directives are processed in the following order: DenyUsers, 
+# AllowUsers, DenyGroups, and finally AllowGroups.
+# By default, login is allowed for all users.
+#AllowUsers chris cityslang sysadm
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+# Specifies whether login(1) is used for interactive login sessions.
+# Note that login(1) is never used for remote command execution. 
+# Note also, that if this is enabled, X11Forwarding will be disabled 
+# because login(1) does not know how to handle xauth(1) cookies. If
+# UsePrivilegeSeparation is specified, it will be disabled after 
+# authentication.
+# The default is “no”.
+#UseLogin no
+
+
+#-----------------------------
+# Logging
+#-----------------------------
+
+# Gives the facility code that is used when logging messages from sshd(8).  
+# The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 
+# LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  
+# The default is AUTH.
+SyslogFacility AUTH
+
+# Gives the verbosity level that is used when logging messages from
+# sshd(8).
+# The default is INFO.
+LogLevel INFO
+
+
+#-----------------------------
+# Behavior
+#-----------------------------
+
+# Specifies whether the distribution-specified extra version suffix is included
+# during initial protocol handshake.
+# The default is "yes".
+DebianBanner no
+
+# The contents of the specified file are sent to the remote user before
+# authentication is allowed.
+# By default, no banner is displayed.
+#Banner /etc/issue.net
+
+# Specifies whether sshd(8) should print /etc/motd when a user logs in 
+# interactively. (On some systems it is also printed by the shell, 
+# /etc/profile, or equivalent.)  
+# The default is “yes”.
+PrintMotd {{ sshd_print_motd }}
+
+# Specifies what environment variables sent by the client will be copied
+# into the session's environ(7).
+# The default is not to accept any environment variables.
+AcceptEnv LANG LC_*
+
+# Configures an external subsystem (e.g. file transfer daemon).
+# By default no subsystems are defined.
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Specifies whether sshd(8) should look up the remote host name and check 
+# that the resolved host name for the remote IP address maps back to the 
+# very same IP address.
+# The default is “yes”.
+UseDNS {{ sshd_use_dns }}
+
+# Specifies whether X11 forwarding is permitted. The argument must be 
+# “yes” or “no”. See sshd_config(5) for further expalnation
+# The default is “no”.
+#X11Forwarding yes
+
+# Specifies the first display number available for sshd(8)'s X11 
+# forwarding. This prevents sshd from interfering with real X11 servers.
+# The default is 10.
+X11DisplayOffset 10
+
+# Specifies whether the system should send TCP keepalive messages to the 
+# other side. If they are sent, death of the connection or crash of one 
+# of the machines will be properly noticed.  However, this means
+# that connections will die if the route is down temporarily, and some 
+# people find it annoying. On the other hand, if TCP keepalives are not 
+# sent, sessions may hang indefinitely on the server, leaving “ghost” users 
+# and consuming server resources.
+#
+# The default is “yes” (to send TCP keepalive messages), and the server 
+# will notice if the network goes down or the client host crashes. This 
+# avoids infinitely hanging sessions.
+TCPKeepAlive yes
+
+#Specifies whether sshd(8) should print the date and time of the last 
+# user login when a user logs in interactively.
+# The default is “yes”.
+PrintLastLog yes
+
+
+#-----------------------------
+# Kerberos options
+#-----------------------------
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+
+#-----------------------------
+# GSSAPI options
+#-----------------------------
+
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+
+
+
+

roles/common/templates/etc/sudoers.d/50-user.j2

@@ -0,0 +1,84 @@
+# {{ ansible_managed }}
+
+{% for item in sudoers_file_defaults | default([]) %}
+Defaults {{ item }}
+{% endfor %}
+
+# Host alias specification
+{% for item in sudoers_file_host_aliases | default([]) %}
+Host_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User alias specification
+{% for item in sudoers_file_user_aliases | default([]) %}
+User_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Cmnd alias specification
+{% for item in sudoers_file_cmnd_aliases | default([]) %}
+Cmnd_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Runas alias specification
+{% for item in sudoers_file_runas_aliases | default([]) %}
+Runas_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User privilege specification
+
+{# rule for user 'back' #}
+{% for item in sudoers_file_user_back_privileges | default([]) %}
+back {{ item }}
+{% endfor -%}
+
+
+{%- if ansible_virtualization_role == 'host' %}
+
+{% for item in sudoers_file_user_back_disk_privileges | default([]) %}
+back {{ item }}
+{% endfor %}
+{% endif -%}
+
+
+{%- if groups['webadmin']|string is search(inventory_hostname) %}
+
+{% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %}
+webadmin {{ item }}
+{% endfor %}
+{% endif -%}
+
+
+{%- if groups['postgresql_server']|string is search(inventory_hostname) %}
+
+{% for item in sudoers_file_user_back_postgres_privileges | default([]) %}
+back {{ item }}
+{% endfor %}
+{% endif -%}
+
+
+{# dns server #}
+{%- if groups['dns_server']|string is search(inventory_hostname) %}
+
+{% for item in sudoers_file_dns_server_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+{% endif -%}
+
+
+{# postfixadmin rules #}
+{%- if groups['mail_server']|string is search(inventory_hostname) %}
+
+{% for item in sudoers_file_postfixadmin_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+{% endif -%}
+
+{# other (host specific) rules #} 
+{%-  if (sudoers_file_user_privileges is defined and sudoers_file_user_privileges) %}
+
+{% for item in sudoers_file_user_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+{% endif %}
+
+# Group privilege specification

roles/common/templates/etc/sudoers.j2

@@ -0,0 +1,53 @@
+# {{ ansible_managed }}
+
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+{% for item in sudoers_defaults %}
+{% if item != '' %}
+Defaults {{ item }}
+{% endif %}
+{% endfor %}
+
+# Host alias specification
+{% for item in sudoers_host_aliases | default([]) %}
+Host_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User alias specification
+{% for item in sudoers_user_aliases | default([]) %}
+User_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Cmnd alias specification
+{% for item in sudoers_cmnd_aliases | default([]) %}
+Cmnd_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Runas alias specification
+{% for item in sudoers_runas_aliases | default([]) %}
+Runas_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User privilege specification
+{% for item in sudoers_user_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+
+# Allow members of group sudo to execute any command
+%sudo ALL=(ALL:ALL) ALL
+
+# Group privilege specification
+
+{% for item in sudoers_group_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
+

roles/common/templates/var/www/.ssh/config.j2

@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+Host wf.oopen.de 80.152.216.128 gw-d11.oopen.de d11.warenform.de
+   user webadmin
+   Protocol 2
+   Port 9998
+   ForwardAgent yes
+   StrictHostKeyChecking no
+

roles/common/vars/git-debian.yml

@@ -0,0 +1,218 @@
+# vars file for git
+---
+
+# ---
+# all servers
+# ---
+git_default_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: admin-stuff
+    repo: https://git.oopen.de/script/admin-stuff
+    dest: /root/bin/admin-stuff
+
+  - name: postfix
+    repo: https://git.oopen.de/script/postfix
+    dest: /root/bin/postfix
+
+  # install repositories (destination: /usr/local/src/)
+  - name: mailsystem
+    repo: https://git.oopen.de/install/mailsystem
+    dest: /usr/local/src/mailsystem
+
+# ---
+# group [lxc_host]
+# ---
+git_lxc_host_repositories:
+
+  # Monitoring
+  - name: monitoring
+    repo: https://git.oopen.de/script/monitoring
+    dest: /root/bin/monitoring
+  
+  # LXC
+  - name: LXC
+    repo: https://git.oopen.de/script/LXC
+    dest: /root/bin/LXC
+
+  # firewall
+  - name: ipt-server
+    repo: https://git.oopen.de/firewall/ipt-server
+    dest: /usr/local/src/ipt-server
+
+# ---
+# group [lxc_guest]
+# ---
+git_lxc_guest_repositories:
+
+  # dehydrated-cron
+  - name: dehydrated-cron
+    repo: https://git.codecoop.org/so36intern/dehydrated-cron.git
+    dest: /usr/local/src/dehydrated-cron
+
+  # firewall
+  - name: ipt-server
+    repo: https://git.oopen.de/firewall/ipt-server
+    dest: /usr/local/src/ipt-server
+
+
+# ---
+# group [apache2_webserver]
+# ---
+git_apache2_repositories:
+  # script repositories (destination /root/bin/)
+  - name: apache2
+    repo: https://git.oopen.de/script/apache2
+    dest: /root/bin/apache2
+
+  # install repositories (destination: /usr/local/src/)
+  - name: apache2
+    repo: https://git.oopen.de/install/apache2
+    dest: /usr/local/src/apache2
+
+  - name: php
+    repo: https://git.oopen.de/install/php
+    dest: /usr/local/src/php
+
+
+# ---
+# group [nginx_webserver]
+# ---
+git_nginx_repositories: []
+
+
+# ---
+# group [mysql_server]
+# ---
+git_mysql_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: mysql
+    repo: https://git.oopen.de/script/mysql
+    dest: /root/bin/mysql
+
+  # install repositories (destination: /usr/local/src/)
+  - name: mysql
+    repo: https://git.oopen.de/install/mysql
+    dest: /usr/local/src/mysql
+    
+
+# ---
+# group [postgresql_server]
+# ---
+git_postgresql_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: postgres
+    repo: https://git.oopen.de/script/postgres
+    dest: /root/bin/postgres
+
+
+# ---
+# group [nextcloud_server]
+# ---
+git_nextcloud_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: nextcloud
+    repo: https://git.oopen.de/script/nextcloud
+    dest: /root/bin/nextcloud
+
+  # install repositories (destination: /usr/local/src/)
+  - name: nextcloud
+    repo: https://git.oopen.de/install/nextcloud
+    dest: /usr/local/src/nextcloud
+
+
+# ---
+# group [dns_server]
+# ---
+git_dns_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: bind
+    repo: https://git.oopen.de/script/bind
+    dest: /root/bin/bind
+
+
+# ---
+# group [backup_server]
+# ---
+git_backup_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: backup-rcopy
+    repo: https://git.oopen.de/backup/backup-rcopy
+    dest: /root/crontab/backup-rcopy
+
+
+# ---
+# group [samba_server]
+# ---
+git_samba_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: samba
+    repo: https://git.oopen.de/script/samba
+    dest: /root/bin/samba
+
+
+# ---
+# group  [mail_server]
+# ---
+git_mailserver_repositories:
+
+  # script repositories (destination /root/bin/)
+  - name: apache2
+    repo: https://git.oopen.de/script/apache2
+    dest: /root/bin/apache2
+
+  - name: postfix
+    repo: https://git.oopen.de/script/postfix
+    dest: /root/bin/postfix
+
+  - name: monitoring
+    repo: https://git.oopen.de/script/monitoring
+    dest: /root/bin/monitoring
+
+  # install repositories (destination: /usr/local/src/)
+  - name: apache2
+    repo: https://git.oopen.de/install/apache2
+    dest: /usr/local/src/apache2
+
+  - name: php
+    repo: https://git.oopen.de/install/php
+    dest: /usr/local/src/php
+
+  - name: mailsystem
+    repo: https://git.oopen.de/install/mailsystem
+    dest: /usr/local/src/mailsystem
+
+  # let's encrypt
+  - name: dehydrated-cron
+    repo: https://git.codecoop.org/so36intern/dehydrated-cron.git
+    dest: /usr/local/src/dehydrated-cron
+
+  # firewall
+  - name: ipt-server
+    repo: https://git.oopen.de/firewall/ipt-server
+    dest: /usr/local/src/ipt-server
+
+
+# ---
+# group [sympa_list_servers]
+# ---
+git_sympa_repositories:
+
+  # install repositories (destination: /usr/local/src/)
+  - name: sympa
+    repo: https://git.oopen.de/install/sympa
+    dest: /usr/local/src/sympa
+
+
+# ---
+# Use this for host specific repositories defined in  files git-<hostname>.yaml
+#
+# Leave empty here
+# ---
+git_other_repositories: []

roles/common/vars/sudoers-debian.yml

@@ -0,0 +1,87 @@
+# vars file for sudoers
+---
+
+# ---
+# /etc/sudoers
+# ---
+
+sudoers_defaults:
+  - env_reset
+  - mail_badpass
+  - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
+
+sudoers_host_aliases: []
+
+sudoers_user_aliases: []
+
+sudoers_cmnd_aliases: []
+
+sudoers_runas_aliases: []
+
+sudoers_user_privileges:
+  - name: root
+    entry: 'ALL=(ALL:ALL) ALL'
+
+sudoers_group_privileges: []
+
+sudoers_remove_user:
+  - back
+  - www-data
+
+
+# ---
+# /etc/sudoers.d/50-user
+# ---
+
+sudoers_file_defaults: []
+
+sudoers_file_host_aliases: []
+
+sudoers_file_user_aliases: []
+
+sudoers_file_cmnd_aliases: []
+
+sudoers_file_runas_aliases: []
+
+sudoers_file_user_back_privileges:
+  - 'ALL=(root) NOPASSWD: /usr/bin/rsync'
+  - 'ALL=(root) NOPASSWD: /usr/bin/find'
+  - 'ALL=(root) NOPASSWD: /usr/bin/realpath'
+
+sudoers_file_user_back_postgres_privileges:
+  - 'ALL=(postgres) NOPASSWD: /usr/bin/psql'
+  - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dump'
+  - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dumpall'
+
+sudoers_file_user_back_disk_privileges:
+  - 'ALL=(root) NOPASSWD: /usr/bin/which'
+  - 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*'
+  - 'ALL=(root) NOPASSWD: /sbin/fdisk'
+  - 'ALL=(root) NOPASSWD: /sbin/sgdisk'
+  - 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*'
+  - 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*'
+  - 'ALL=(root) NOPASSWD: /sbin/parted'
+  - 'ALL=(root) NOPASSWD: /sbin/gdisk'
+
+sudoers_file_user_webadmin_disk_privileges:
+  - 'ALL=(root) NOPASSWD: /usr/bin/mailq'
+  - 'ALL=(root) NOPASSWD: /usr/bin/tail'
+  - 'ALL=(root) NOPASSWD: /usr/bin/view'
+
+sudoers_file_dns_server_privileges:
+  - name: manage-bind
+    entry: 'ALL=(root) NOPASSWD: /usr/local/bin/bind_*'
+  - name: manage-bind
+    entry: 'ALL=(root) NOPASSWD: /root/bin/bind/bind_*'
+  - name: chris
+    entry: 'ALL=(root) NOPASSWD: /root/bin/bind/*'
+
+sudoers_file_postfixadmin_privileges:
+  - name: www-data
+    entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh'
+  - name: www-data
+    entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-domain-postdeletion.sh'
+
+sudoers_file_user_privileges: []
+
+sudoers_file_group_privileges: []

roles/network_interfaces/README.md

@@ -0,0 +1,94 @@
+based on:
+
+https://github.com/dresden-weekly/ansible-network-interfaces  (https://galaxy.ansible.com/dresden-weekly/network-interfaces/)
+
+
+Example Playbook
+----------------
+
+```yml
+- hosts: all
+  become: true
+  become_user: root
+
+  roles:
+  - role: dresden-weekly.network-interfaces
+
+    network_interfaces:
+    - device: eth0
+      description: just a description for humans to understand
+      auto: true
+      family: inet
+      method: static
+      address: 192.168.1.11
+      network: 192.168.1.0
+      netmask: 193.168.1.255
+      gateway: 192.168.1.1
+      mtu: 9000
+      metric: 1
+      nameservers:
+      - 8.8.8.8
+      - 8.8.4.4
+      subnets:
+      - 192.168.1.12/32
+
+    - device: eth1
+      description: simple dhcp client interface
+      auto: true
+      family: inet
+      method: dhcp
+      
+    - device: wlan0
+      description: sample wlan interface using wpa_supplicant (note: does not install wpasupplicant)
+      auto: true
+      family: inet
+      method: dhcp
+      additional_options:
+        wpa-driver: nl80211
+        wpa-ssid: my-wifi
+        wpa-psk: password123
+
+    - device: eth0.123
+      description: sample vlan interface using eth0 and tagged for VLAN 123.
+      method: static
+      address: 1.2.3.4
+      netmask: 24
+      broadcast: 1.2.3.255
+      vlan:
+        raw-device: eth0
+      up:
+      - route add default gw 1.2.3.254
+
+    - device: eth2
+      description: First bonding device
+      auto: true
+      family: inet
+      method: manual
+      bond:
+        master: bond0
+
+    - device: eth3
+      description: Second bonding device
+      auto: true
+      family: inet
+      method: manual
+      bond:
+        master: bond0
+
+    - device: bond0
+      description: This bonding device only has one interface
+      allow:
+      - hotplug
+      family: inet
+      method: static
+      bond:
+        mode: 802.3ad
+        xmit-hash-policy: layer3+4
+        miimon: 100
+        slaves: eth2 eth3
+      address: 192.160.50.1
+      netmask: 255.255.255.0
+      dns_search: "localdomain"
+      up:
+      - ip route add 172.16.0.0/24 via 192.168.50.254 dev bond0
+```

roles/network_interfaces/defaults/main.yml

@@ -0,0 +1,13 @@
+---
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: False
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: True
+
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown2

roles/network_interfaces/tasks/interfaces.yml

@@ -0,0 +1,59 @@
+---
+
+- name: (interfaces.yml) Check if file /etc/network/interfaces.ORIG exists
+  stat:
+    path: /etc/network/interfaces.ORIG
+  register: stat_result
+  tags:
+    - network-interfaces
+
+- name: (interfaces.yml) Backup existing file '/etc/network/interfaces'
+  command: cp -a /etc/network/interfaces /etc/network/interfaces.ORIG
+  when: stat_result.stat.exists == False
+  tags:
+    - network-interfaces
+
+- name: (interfaces.yml) Ensure interfaces file is latest
+  template:
+    src: "{{ inventory_hostname }}/interfaces.j2"
+    dest: /etc/network/interfaces
+  with_items: network_interfaces
+  tags:
+    - network-interfaces
+
+- name: (interfaces.yml) Ensure imported device files at interfaces.d are latest
+  template:
+    src: "{{ inventory_hostname }}/device.j2"
+    dest: "{{ network_interface_path }}/device-{{ item.0 }}"
+  with_items: 
+    - "{{network_interfaces | default([]) | groupby('device') }}"
+  register: network_configuration_result
+  tags:
+    - network-interfaces
+
+# ---
+# Remove device files not configured here
+# ---
+
+- name: (interfaces.yml) list existing files
+  find:
+    path: "{{ network_interface_path }}"
+    file_type: file
+  register: files_matched
+  tags:
+    - network-interfaces
+
+- name: (interfaces.yml) configured files
+  set_fact:
+    network_configured_files: >
+      [{% for item in network_configuration_result.results | default([]) -%}
+        u"{{ item.dest | default(item.path) }}"
+        {{ '' if loop.last else ',' }}
+      {%- endfor %}]
+
+- name: (interfaces.yml) remove configurations
+  file:
+    dest: "{{ item.path }}"
+    state: absent
+  when: item.path not in network_configured_files
+  with_items: "{{ files_matched.files | default([]) }}"

roles/network_interfaces/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- import_tasks: packages.yml
+  when: network_interfaces is defined and network_manage_devices|bool
+  tags:
+     - networking
+     - network_interfaces
+
+- import_tasks: interfaces.yml
+  when: network_interfaces is defined and network_manage_devices|bool
+  tags:
+    - networking
+    - network_interfaces
+

roles/network_interfaces/tasks/packages.yml

@@ -0,0 +1,8 @@
+---
+
+- name: (packages.yml) Ensure basic networking tools are installed
+  apt:
+    pkg: "{{ network_interface_required_packages }}"
+    state: present
+    update_cache: yes
+    cache_valid_time: 86400

roles/network_interfaces/templates/etc/network/interfaces.d/device.j2

@@ -0,0 +1,95 @@
+# {{ ansible_managed }}
+
+{# {% for config in  network_interfaces %} #}
+{% for config in item.1 %}
+
+{%   if config.headline is defined %}
+#-----------------------------
+# {{ config.headline }}
+#-----------------------------
+
+{%    endif %}
+{# {%   if config.auto is defined and config.auto is sameas true %} #}
+{%   if config.auto | default(loop.first) %}
+auto {{ config.device }}
+{%    endif %}
+{%   for stanza in config.allow | default([]) %}
+allow-{{ stanza }}
+{%   endfor -%}
+
+iface {{ config.device }} {{ config.family | default('inet', true) }} {{ config.method | default('static', true) }}
+{%   set iface_keys = ['description', 'address', 'netmask', 'network', 'broadcast', 'gateway'] %}
+{%   for key in iface_keys %}
+{%     if key in config %}
+   {{ key }} {{ config[key] }}
+{%     endif %}
+{%   endfor -%}
+
+{# nameservers #}
+{%-  if (config.nameservers is defined) and (0 < config.nameservers | length) %}
+
+   # nameserver settings
+   dns-nameservers {{ config.nameservers | join(' ') }}
+{%   endif %}
+{%  if config.dns_search is defined %}
+   dns-search {{ config.dns_search }}
+{%   endif -%}
+
+{# subnets #}
+{%-  if (config.subnets is defined) and (0 < config.subnets | length) %}
+
+   # additional subnets
+{%     for subnet in config.subnets %}
+   up /sbin/ip addr add {{ subnet }} dev {{ config.device }}
+   down /sbin/ip addr del {{ subnet }} dev {{ config.device }}
+{%     endfor %}
+{%   endif -%}
+
+{# bridge settings #}
+{%- if config['bridge'] is defined %}
+
+   # bridge settings
+{%   for key in config.bridge %}
+   bridge_{{ key }} {{ config.bridge[key] }}
+{%   endfor %}
+{% endif -%}
+
+{# bond parameters #}
+{%   set bond_keys = ['mode', 'miimon', 'downdelay', 'updelay', 'master', 'slaves', 'lacp-rate'] %}
+{%-  if (config.bond is defined) and (bond_keys | intersect(config.bond.keys())) -%}
+
+   # bond parameters
+{%     for key in bond_keys %}
+{%       if key in config.bond -%}
+   bond-{{ key }} {{ config.bond[key] }}
+{%       endif %}
+{%     endfor %}
+{%   endif -%}
+
+{# vlan #}
+{%   set vlan_keys = ['raw-device'] %}
+{%-  if (config.vlan is defined) and (vlan_keys | intersect(config.vlan.keys())) -%}
+
+   # vlan
+{%     for key in vlan_keys %}
+{%       if key in config.vlan -%}
+   vlan-{{ key }} {{ config.vlan[key] }}
+{%       endif %}
+{%     endfor %}
+{%   endif -%}
+
+{# hook scripts #}
+{%   set hook_keys = ['pre-up', 'up', 'post-up', 'pre-down', 'down', 'post-down'] %}
+{%-  if hook_keys | intersect(config.keys()) %}
+
+   # hook scripts
+{%     for key in hook_keys %}
+{%       if key in config %}
+{%         for value in config[key] %}
+   {{ key }} {{ value }}
+{%         endfor %}
+{%       endif %}
+{%     endfor %}
+{%   endif %}
+
+{% endfor %}

roles/network_interfaces/templates/etc/network/interfaces.j2

@@ -0,0 +1,24 @@
+# {{ ansible_managed }}
+
+#-----------------------------
+# lo: loopback
+#-----------------------------
+
+auto lo
+iface lo inet loopback
+{% if network_interfaces_additional_loopback_ip_v4|d() %}
+{% for ip in network_interfaces_additional_loopback_ip_v4 %}
+  up /sbin/ip addr add {{ ip }} dev lo
+  down /sbin/ip addr del {{ ip }} dev lo
+{% endfor %}
+{% endif -%}
+
+iface lo inet6 loopback
+{% if network_interfaces_additional_loopback_ip_v6|d() %}
+{% for ip in network_interfaces_additional_loopback_ip_v6 %}
+  up /sbin/ip addr add {{ ip }} dev lo
+  down /sbin/ip addr del {{ ip }} dev lo
+{% endfor %}
+{% endif %}
+
+source /etc/network/interfaces.d/*

scripts/first-run.retry

@@ -0,0 +1 @@
+o25.oopen.de

scripts/first-run.yml

@@ -0,0 +1,11 @@
+---
+
+- hosts: o25.oopen.de
+
+  tasks:
+
+  - name: Ensure aptitude is present
+    raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
+
+  - name: Ensure python2 is present (This is necessary for ansible to work properly)
+    raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)

scripts/reset_root_passwd.yml

@@ -0,0 +1,11 @@
+---
+- hosts: all
+  gather_facts: no
+
+  tasks:
+  - name: Update Root user's Password
+    user: 
+      name: root
+      update_password: always 
+      password: "{{ root_user.password }}"
+    when: root_user is defined and root_user|length > 0

scripts/reset_user_passwd.yml

@@ -0,0 +1,34 @@
+---
+- hosts: all
+  gather_facts: no
+
+  vars_prompt:
+
+    - name: _user_name
+      prompt: "Give username here"
+      private: no
+
+    - name: _user_pass
+      prompt: "Give user password here"
+      private: yes
+      encrypt: "sha512_crypt"
+      confirm: yes
+      salt_size: 8
+
+  tasks:
+
+  - name: Check if {{ _user_name }} exists.
+    shell: egrep "^{{ _user_name }}:" /etc/passwd || echo "user_not_exists"
+    register: user_exists
+    changed_when: false
+
+  - debug:
+      msg: User does not exists !
+    when: user_exists.stdout == 'user_not_exists'
+
+  - name: Update User Password
+    user: 
+      name: "{{ _user_name }}"
+      update_password: always 
+      password: "{{  _user_pass }}"
+    when: user_exists.stdout != 'user_not_exists'

scripts/set-permission-user-back.yml

@@ -0,0 +1,17 @@
+---
+
+- hosts: all
+  gather_facts: no
+
+  tasks:
+  - name: Check if directory /home/back exists
+    stat:
+      path: /home/back
+    register: home_back
+
+  - name: Set correct group recursivly for directory /home/back
+    file: 
+      group: back
+      path: /home/back
+      recurse: yes
+    when: home_back.stat.exists