ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2024-04-04 20:11:31 +02:00
parent 571ee1e6ee
commit 33e9a313ee
45 changed files with 6069 additions and 495 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
files/homedirs/chris/_vimrc
View File

@ -175,4 +175,7 @@ set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\
set laststatus=2 set laststatus=2
highlight StatusLine cterm=none ctermfg=white ctermbg=blue highlight StatusLine cterm=none ctermfg=white ctermbg=blue
"Remove all trailing whitespace by pressing F5
nnoremap <F5> :let _s=@/<Bar>:%s/\s\+$//e<Bar>:let @/=_s<Bar><CR>
colorscheme PaperColor colorscheme PaperColor

3
files/homedirs/root/_vimrc
View File

@ -175,4 +175,7 @@ set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\
set laststatus=2 set laststatus=2
highlight StatusLine cterm=none ctermfg=white ctermbg=blue highlight StatusLine cterm=none ctermfg=white ctermbg=blue
"Remove all trailing whitespace by pressing F5
nnoremap <F5> :let _s=@/<Bar>:%s/\s\+$//e<Bar>:let @/=_s<Bar><CR>
colorscheme PaperColor colorscheme PaperColor

4
group_vars/all/main.yml
View File

@ -2610,6 +2610,10 @@ copy_plain_files_postfix:
src_path: mailserver/etc/postfix/body_check.pcre src_path: mailserver/etc/postfix/body_check.pcre
dest_path: /etc/postfix/body_check.pcre dest_path: /etc/postfix/body_check.pcre
- name: smtpd_milter_map
src_path: mailserver/etc/postfix/smtpd_milter_map
dest_path: /etc/postfix/smtpd_milter_map
copy_plain_files_postfwd: copy_plain_files_postfwd:

2
group_vars/oopen_office_ga.yml
View File

@ -59,8 +59,6 @@ default_user:
- name: wadmin - name: wadmin
password: $6$7oimWvvy$EHjynqU3KxaHie.9njz9rmVyh/dYpZOREl9gLo7fLrQXCAM9LqvrRvijCiAhfgnA6pz5VQe5oubkJQB0HF2pf/ password: $6$7oimWvvy$EHjynqU3KxaHie.9njz9rmVyh/dYpZOREl9gLo7fLrQXCAM9LqvrRvijCiAhfgnA6pz5VQe5oubkJQB0HF2pf/
user_id: 1001
group_id: 1001
shell: /bin/bash shell: /bin/bash
ssh_keys: ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSwqi8XhpwFWjtxC99MyGbt6E41C92Tv3ZVZPZ5eFNuyGY+RzTAF3PYymBWOPcM6cPQYihNLzjWEGOJccA2qac4Vu0sPQKu2njuiydN7vfHUZ9lvQuita7/uuwCRYDbHyVF5mSeqEKC5bOMIyanMpYghkH975Uzm2LSGtgT8u3/wEfizt3WpthCcAfVO8kU7wiMoikJcW249kBUGJxIqKrs8zJZC+6/OmnRmkgc9JlNvBTdGi9zhCSLJ7pEbuOjFMmjFTHpDRYHR6XhYsfImAPM4N3GOfRn9Cx/jTEV9sO7IoFRXwMgE1obuEntCzWAfUQJC/8HGS7sGUVHUfE3loz wadmin@ga13wks03' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSwqi8XhpwFWjtxC99MyGbt6E41C92Tv3ZVZPZ5eFNuyGY+RzTAF3PYymBWOPcM6cPQYihNLzjWEGOJccA2qac4Vu0sPQKu2njuiydN7vfHUZ9lvQuita7/uuwCRYDbHyVF5mSeqEKC5bOMIyanMpYghkH975Uzm2LSGtgT8u3/wEfizt3WpthCcAfVO8kU7wiMoikJcW249kBUGJxIqKrs8zJZC+6/OmnRmkgc9JlNvBTdGi9zhCSLJ7pEbuOjFMmjFTHpDRYHR6XhYsfImAPM4N3GOfRn9Cx/jTEV9sO7IoFRXwMgE1obuEntCzWAfUQJC/8HGS7sGUVHUfE3loz wadmin@ga13wks03'

291
host_vars/172.16.162.89.yml
View File

@ -1,291 +0,0 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
- device: eno1
headline: eno1 - Uplink DSL via Fritz!Box
auto: true
family: inet
method: static
address: 172.16.162.2
netmask: 24
gateway: 172.16.162.254
nameservers:
- 127.0.0.1
search: blkr.netz
- device: eno2
headline: eno2 - LAN
auto: true
family: inet
method: static
address: 192.168.162.253
netmask: 24
#- device: eno2:ns
# headline: eno2:ns - Alias on eno2 (Nameserver)
# auto: true
# family: inet
# method: static
# address: 192.168.162.1
# netmask: 32
- device: eno3
headline: eno3 - WLAN
auto: true
family: inet
method: static
address: 192.168.163.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors"
minute: '17'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if SSH service is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if OpenVPN service is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_vpn.sh
- name: "Check if nameservice (bind) is running?"
minute: '*/10'
hour: '*'
job: /root/bin/monitoring/check_dns.sh
- name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
minute: '0-59/2'
hour: '*'
job: /root/bin/monitoring/check_forwarding.sh
- name: "Copy gateway configuration"
minute: '09'
hour: '3'
job: /root/bin/manage-gw-config/copy_gateway-config.sh BLKR
#cron_user_special_time_entries: []
cron_user_special_time_entries:
- name: "Check if Postfix Service is running at boot time"
special_time: reboot
job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
insertafter: PATH
- name: "Restart Systemd's resolved at boottime."
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_hostkeyalgorithms:
- ssh-ed25519
- ssh-ed25519-cert-v01@openssh.com
- rsa-sha2-256
- rsa-sha2-512
- ecdsa-sha2-nistp256
- rsa-sha2-256-cert-v01@openssh.com
- rsa-sha2-512-cert-v01@openssh.com
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '// Nameserver Kanzlei EBS'
- 192.168.182.1
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- internaldns
bind9_transfer_source: !!str "192.168.162.1"
bind9_notify_source: !!str "192.168.162.1"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

70
host_vars/a.mx.oopen.de.yml
View File

@ -29,6 +29,76 @@ install_compiler_pkgs: true
install_postgresql_pkgs: true install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 185.12.64.2
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---

75
host_vars/c.mx.oopen.de.yml
View File

@ -26,7 +26,77 @@
install_compiler_pkgs: true install_compiler_pkgs: true
install_postgresql_pkgs: true install_postgresql_pkgs: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
@ -53,7 +123,6 @@ root_ssh_keypair:
pub_key_dest: /root/.ssh/id_rsa.pub pub_key_dest: /root/.ssh/id_rsa.pub
# --- # ---
# vars used by roles/common/tasks/users-systemfiles.yml # vars used by roles/common/tasks/users-systemfiles.yml
# --- # ---
@ -135,8 +204,6 @@ copy_plain_files_postfwd_host_specific: []
# --- # ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml # vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# --- # ---

132
host_vars/cl-01.oopen.de.yml
View File

@ -26,10 +26,142 @@ sshd_permit_root_login: !!str "prohibit-password"
# --- # ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 213.133.100.100
- 213.133.98.98
- 2a01:4f8:0:1::add:9999
- 2a01:4f8:0:1::add:9898
- 213.133.100.100
- 2a01:4f8:0:1::add:1010
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: cryptpad
user_id: 2010
group_id: 2010
group: cryptpad
home: /var/www/cryptpad
password: $y$j9T$TUSURhYNq5B1eWlxis.xy.$YfCpyp24dmaZwiIEMaJvX7u3P.MEdAyz8YXMusM4lu7
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# --- # ---
# vars used by roles/common/tasks/users-systemfiles.yml # vars used by roles/common/tasks/users-systemfiles.yml

119
host_vars/cl-02.oopen.de.yml
View File

@ -26,10 +26,129 @@ sshd_permit_root_login: !!str "prohibit-password"
# --- # ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 213.133.99.99
- 2a01:4f8:0:1::add:9898
- 213.133.100.100
- 2a01:4f8:0:1::add:9999
- 213.133.98.98
- 2a01:4f8:0:1::add:1010
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# --- # ---
# vars used by roles/common/tasks/users-systemfiles.yml # vars used by roles/common/tasks/users-systemfiles.yml

118
host_vars/cloud.akweb.de.yml
View File

@ -26,10 +26,128 @@ sshd_permit_root_login: !!str "prohibit-password"
# --- # ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4f8:0:1::add:9898
- 213.133.100.100
- 2a01:4f8:0:1::add:9999
- 185.12.64.2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# --- # ---
# vars used by roles/common/tasks/users-systemfiles.yml # vars used by roles/common/tasks/users-systemfiles.yml

71
host_vars/ga-st-mail.ga.netz.yml
View File

@ -29,6 +29,77 @@ install_compiler_pkgs: true
install_postgresql_pkgs: true install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- ga.netz
- ga.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 192.168.11.1
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---

159
host_vars/ga-st-services.ga.netz.yml Normal file
View File

@ -0,0 +1,159 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
install_compiler_pkgs: true
install_postgresql_pkgs: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.11.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- ga.netz
- ga.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 192.168.10.1
- 192.168.10.3
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
# Postfix Firewall postfwd
#
#- name: postfwd.wl-user
# src_path: ga-st-mail/etc/postfix/postfwd.wl-user
# dest_path: /etc/postfix/postfwd.wl-user
#copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---

5
host_vars/gw-ebs.oopen.de.yml
View File

@ -18,7 +18,6 @@ network_interface_required_packages:
- ifmetric - ifmetric
- ifupdown - ifupdown
- ifenslave - ifenslave
- resolvconf
network_interfaces: network_interfaces:
@ -30,10 +29,6 @@ network_interfaces:
address: 172.16.182.1 address: 172.16.182.1
netmask: 24 netmask: 24
gateway: 172.16.182.254 gateway: 172.16.182.254
nameservers:
- 127.0.0.1
- 192.168.182.1
search: ebs.netz kanzlei-kiel.netz elster.netz
- device: eno2 - device: eno2

70
host_vars/mail.cadus.org.yml
View File

@ -29,6 +29,76 @@ install_compiler_pkgs: true
install_postgresql_pkgs: false install_postgresql_pkgs: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 185.12.64.2
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---

70
host_vars/mail.faire-mobilitaet.de.yml
View File

@ -29,6 +29,76 @@ install_compiler_pkgs: true
install_postgresql_pkgs: true install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 185.12.64.1
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---

201
host_vars/meet.akweb.de.yml Normal file
View File

@ -0,0 +1,201 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4f8:0:1::add:9898
- 213.133.100.100
- 2a01:4f8:0:1::add:9999
- 185.12.64.2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
git_other_repositories:
- name: jitsi
repo: https://git.oopen.de/install/jitsi
dest: /usr/local/src/jitsi
- name: etherpad-lite
repo: https://git.oopen.de/install/etherpad-lite
dest: /usr/local/src/etherpad-lite
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

74
host_vars/mx.warenform.de.yml
View File

@ -29,6 +29,76 @@ install_compiler_pkgs: true
install_postgresql_pkgs: true install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 83.223.66.51
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
@ -163,7 +233,7 @@ Das WARENFORM-Team\n
--\n --\n
WARENFORM | Phone: +49 30 / 61 65 17 52 -0\n WARENFORM | Phone: +49 30 / 61 65 17 52 -0\n
Dresdner Str. 11 | Fax: +49 30 / 61 65 17 52 -66\n Schierker Str. 24 | Fax: +49 30 / 61 65 17 52 -66\n
D-10999 Berlin | http://www.warenform.net\n D-10999 Berlin | http://www.warenform.net\n
" "
@ -177,7 +247,7 @@ salutation: "Das WARENFORM-Team\n
WARENFORM | Phone: +49 30 / 61 65 17 52 -0\n WARENFORM | Phone: +49 30 / 61 65 17 52 -0\n
Dresdner Str. 11 | Fax: +49 30 / 61 65 17 52 -66\n Schierker Str. 24 | Fax: +49 30 / 61 65 17 52 -66\n
D-10999 Berlin | http://www.warenform.net\n" D-10999 Berlin | http://www.warenform.net\n"

225
host_vars/nd-live.warenform.de.yml Normal file
View File

@ -0,0 +1,225 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
- subversion
- subversion-tools
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 212.42.230.1
- 83.223.66.51
- 83.223.90.90
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- warenform.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
create_sftp_group: false
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.warenform.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.warenform.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.warenform-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.warenform-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.warenform.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: axel
password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz'
- name: sysadm
user_id: 1050
group_id: 1050
password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- axel
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

75
host_vars/nd.warenform.de.yml
View File

@ -27,10 +27,83 @@
apt_install_extra_pkgs: true apt_install_extra_pkgs: true
apt_extra_pkgs: apt_extra_pkgs:
- wkhtmltopdf - wkhtmltopdf
- pdftk
- subversion - subversion
- subversion-tools - subversion-tools
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 212.42.230.1
- 83.223.66.51
- 83.223.90.90
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- warenform.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
@ -91,8 +164,6 @@ default_user:
ssh_keys: ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
- name: back - name: back
user_id: 1060 user_id: 1060

1
host_vars/o17.oopen.de.yml
View File

@ -17,7 +17,6 @@ network_interface_required_packages:
- ifmetric - ifmetric
- ifupdown - ifupdown
- ifenslave - ifenslave
- resolvconf
network_interfaces: network_interfaces:

1
host_vars/o18.oopen.de.yml
View File

@ -18,7 +18,6 @@ network_interface_required_packages:
- ifmetric - ifmetric
- ifupdown - ifupdown
- ifenslave - ifenslave
- resolvconf
network_interfaces: network_interfaces:

266
host_vars/o20.oopen.de.yml Normal file
View File

@ -0,0 +1,266 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 213.133.99.99
- 2a01:4f8:0:1::add:9898
- 213.133.100.100
- 2a01:4f8:0:1::add:9999
- 213.133.98.98
- 2a01:4f8:0:1::add:1010
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check connectifity - reboot if needed"
minute: '*/10'
hour: '*'
job: /root/bin/admin-stuff/check-connectivity.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
minute: '*/17'
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Optimize mysql tables"
minute: '51'
hour: '04'
job: /root/bin/mysql/optimize_mysql_tables.sh
- name: "Flush query cache for mysql tables"
minute: '27'
hour: '04'
job: /root/bin/mysql/flush_query_cache.sh
- name: "Flush Host cache"
minute: '17'
hour: '05'
job: /root/bin/mysql/flush_host_cache.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '31'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '43'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'
job: /root/bin/admin-stuff/check-disc-usage.sh -c 85
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

1
host_vars/o22.oopen.de.yml
View File

@ -17,7 +17,6 @@ network_interface_required_packages:
- ifmetric - ifmetric
- ifupdown - ifupdown
- ifenslave - ifenslave
- resolvconf
network_interfaces: network_interfaces:

14
host_vars/o30.oopen.de.yml
View File

@ -55,18 +55,6 @@ network_interfaces:
server: server:
hwaddr: hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 195.201.179.131
- 95.217.204.204
search:
# optional additional subnets/ips subnets: [] # optional additional subnets/ips subnets: []
# subnets: # subnets:
# - '192.168.123.0/24' # - '192.168.123.0/24'
@ -226,7 +214,7 @@ resolved_fallback_nameserver:
cron_env_entries: cron_env_entries:
- name: PATH - name: PATH
job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin job: /root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL - name: SHELL
job: /bin/bash job: /bin/bash

82
host_vars/oolm-shop-dev.oopen.de.yml
View File

@ -21,11 +21,89 @@
#sshd_password_authentication: !!str "yes" #sshd_password_authentication: !!str "yes"
sshd_pasword_auth_ip:
- 34.107.7.34
# --- # ---
# vars used by apt.yml # vars used by apt.yml
# --- # ---
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 212.42.230.1
- 83.223.66.51
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
@ -61,8 +139,8 @@ default_user:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
- name: shop - name: shop
user_id: 1061 user_id: 1064
group_id: 1061 group_id: 1064
password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71 password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71
shell: /bin/bash shell: /bin/bash
ssh_keys: ssh_keys:

4
host_vars/oolm-shop.oopen.de.yml
View File

@ -33,6 +33,10 @@ sshd_pasword_auth_ip:
# vars used by apt.yml # vars used by apt.yml
# --- # ---
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml

1
host_vars/server16.warenform.de.yml
View File

@ -17,7 +17,6 @@ network_interface_required_packages:
- ifmetric - ifmetric
- ifupdown - ifupdown
- ifenslave - ifenslave
- resolvconf
network_interfaces: network_interfaces:

14
host_vars/server20.warenform.de.yml
View File

@ -17,7 +17,6 @@ network_interface_required_packages:
- ifmetric - ifmetric
- ifupdown - ifupdown
- ifenslave - ifenslave
- resolvconf
network_interfaces: network_interfaces:
@ -56,19 +55,6 @@ network_interfaces:
server: server:
hwaddr: hwaddr:
# optional dns settings nameservers - needs package resolvconf installed
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 83.223.66.51
- 212.42.230.1
- 83.223.90.90
search: warenform.de
# optional additional subnets/ips subnets: [] # optional additional subnets/ips subnets: []
# subnets: # subnets:
# - '192.168.123.0/24' # - '192.168.123.0/24'

7
host_vars/server22.warenform.de.yml
View File

@ -55,13 +55,6 @@ network_interfaces:
server: server:
hwaddr: hwaddr:
# optional dns settings nameservers - needs package resolvconf installed
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
# optional additional subnets/ips subnets: [] # optional additional subnets/ips subnets: []
# subnets: # subnets:
# - '192.168.123.0/24' # - '192.168.123.0/24'

13
host_vars/server23.warenform.de.yml
View File

@ -55,19 +55,6 @@ network_interfaces:
server: server:
hwaddr: hwaddr:
# optional dns settings nameservers - needs package resolvconf installed
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 83.223.66.51
# - 83.223.90.90
# - 212.42.230.1
#search: warenform.de
# optional additional subnets/ips subnets: [] # optional additional subnets/ips subnets: []
# subnets: # subnets:
# - '192.168.123.0/24' # - '192.168.123.0/24'

194
host_vars/web-04.oopen.de.yml Normal file
View File

@ -0,0 +1,194 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 213.133.99.99
- 2a01:4f8:0:1::add:9898
- 213.133.100.100
- 2a01:4f8:0:1::add:9999
- 213.133.98.98
- 2a01:4f8:0:1::add:1010
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

197
host_vars/web.cadus.org.yml Normal file
View File

@ -0,0 +1,197 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 185.12.64.1
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
#copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---

1
host_vars/web0.warenform.de.yml
View File

@ -27,6 +27,7 @@
apt_install_extra_pkgs: true apt_install_extra_pkgs: true
apt_extra_pkgs: apt_extra_pkgs:
- wkhtmltopdf - wkhtmltopdf
- pdftk
- subversion - subversion
- subversion-tools - subversion-tools

197
host_vars/wiki.cadus.org.yml Normal file
View File

@ -0,0 +1,197 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 185.12.64.1
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
#copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---

113
hosts
View File

@ -20,6 +20,8 @@ lxc-host-kb.anw-kb.netz
o33.oopen.de o33.oopen.de
o25.oopen.de o25.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
dc-opp.oopen.de
discourse.oopen.de
[dns_sinma] [dns_sinma]
@ -127,12 +129,9 @@ o13-board.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
o13-mail.oopen.de o13-mail.oopen.de
o13-mumble.oopen.de o13-mumble.oopen.de
o13-mumble-neu.oopen.de
o13-pad.oopen.de o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de o13-cryptpad.oopen.de
o13-web.oopen.de o13-web.oopen.de
o13-web-neu.oopen.de
o17.oopen.de o17.oopen.de
test.mx.oopen.de test.mx.oopen.de
@ -146,7 +145,6 @@ o21.oopen.de
o22.oopen.de o22.oopen.de
oolm-db.oopen.de oolm-db.oopen.de
oolm-db-dev.oopen.de
oolm-shop.oopen.de oolm-shop.oopen.de
oolm-shop-dev.oopen.de oolm-shop-dev.oopen.de
oolm-web.oopen.de oolm-web.oopen.de
@ -172,7 +170,6 @@ cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
o26.oopen.de
# Backup Faire Mobilitaet # Backup Faire Mobilitaet
o28.oopen.de o28.oopen.de
@ -217,7 +214,7 @@ b.mx.oopen.de
matomo-01.oopen.de matomo-01.oopen.de
web-01.oopen.de web-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-test.oopen.de web-04.oopen.de
cl-test.oopen.de cl-test.oopen.de
# OPP - dc-01.oopen.de # OPP - dc-01.oopen.de
@ -232,7 +229,6 @@ web-06.oopen.de
web-07.oopen.de web-07.oopen.de
web-08.oopen.de web-08.oopen.de
web-09.oopen.de web-09.oopen.de
web-10.oopen.de
lxc-host-kb.anw-kb.netz lxc-host-kb.anw-kb.netz
@ -302,12 +298,9 @@ o13-board.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
o13-mail.oopen.de o13-mail.oopen.de
o13-mumble.oopen.de o13-mumble.oopen.de
o13-mumble-neu.oopen.de
o13-pad.oopen.de o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de o13-cryptpad.oopen.de
o13-web.oopen.de o13-web.oopen.de
o13-web-neu.oopen.de
o17.oopen.de o17.oopen.de
test.mx.oopen.de test.mx.oopen.de
@ -324,7 +317,6 @@ o21.oopen.de
# - o22.oopen.de # - o22.oopen.de
o22.oopen.de o22.oopen.de
oolm-db.oopen.de oolm-db.oopen.de
oolm-db-dev.oopen.de
oolm-shop.oopen.de oolm-shop.oopen.de
oolm-shop-dev.oopen.de oolm-shop-dev.oopen.de
oolm-web.oopen.de oolm-web.oopen.de
@ -352,7 +344,6 @@ cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
o26.oopen.de
# Backup Faire Mobilitaet # Backup Faire Mobilitaet
o28.oopen.de o28.oopen.de
@ -399,7 +390,7 @@ b.mx.oopen.de
matomo-01.oopen.de matomo-01.oopen.de
web-01.oopen.de web-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-test.oopen.de web-04.oopen.de
cl-test.oopen.de cl-test.oopen.de
# OPP - dc-01.oopen.de # OPP - dc-01.oopen.de
@ -414,7 +405,6 @@ web-06.oopen.de
web-07.oopen.de web-07.oopen.de
web-08.oopen.de web-08.oopen.de
web-09.oopen.de web-09.oopen.de
web-10.oopen.de
lxc-host-kb.anw-kb.netz lxc-host-kb.anw-kb.netz
@ -502,6 +492,7 @@ ga-nh-gw.oopen.de
ga-st-lxc1.ga.netz ga-st-lxc1.ga.netz
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-st-services.ga.netz
ga-al-ws1.ga.netz ga-al-ws1.ga.netz
ga-st-kvm1.ga.netz ga-st-kvm1.ga.netz
ga-al-kvm2.ga.netz ga-al-kvm2.ga.netz
@ -537,9 +528,7 @@ c.mx.oopen.de
# o13.oopen.de # o13.oopen.de
o13-mail.oopen.de o13-mail.oopen.de
o13-mumble.oopen.de o13-mumble.oopen.de
o13-mumble-neu.oopen.de
o13-web.oopen.de o13-web.oopen.de
o13-web-neu.oopen.de
# o17.oopen.de # o17.oopen.de
test.mariadb.oopen.de test.mariadb.oopen.de
@ -595,7 +584,7 @@ a.mx.oopen.de
matomo-01.oopen.de matomo-01.oopen.de
web-01.oopen.de web-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-test.oopen.de web-04.oopen.de
b.mx.oopen.de b.mx.oopen.de
cl-test.oopen.de cl-test.oopen.de
@ -608,7 +597,6 @@ web-06.oopen.de
web-07.oopen.de web-07.oopen.de
web-08.oopen.de web-08.oopen.de
web-09.oopen.de web-09.oopen.de
web-10.oopen.de
# o39.oopen.de # o39.oopen.de
@ -623,6 +611,7 @@ at-10-neu.ak.netz
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-ws1.ga.netz ga-al-ws1.ga.netz
ga-st-services.ga.netz
# --- # ---
# Warenform server # Warenform server
@ -716,7 +705,6 @@ stolpersteine.oopen.de
o13-board.oopen.de o13-board.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
o13-pad.oopen.de o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de o13-cryptpad.oopen.de
# o17.oopen.de # o17.oopen.de
@ -730,59 +718,6 @@ mm.oopen.de
mm-irights.oopen.de mm-irights.oopen.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
o26.oopen.de
# o30.oopen.de - AK Server Nextcloud/Jitsi Meet
meet.akweb.de
# o31.oopen.de
wiki.cadus.org
# etventure
o32.oopen.de
# BigBlueButton - O.OPEN
o33.oopen.de
# o35.oopen.de
cl-02.oopen.de
# o36.oopen.de
cl-test.oopen.de
# ---
# Büro Netzwerke
# ---
file-ah.kanzlei-kiel.netz
[ftp_server]
# ---
# - O.OPEN Server
# ---
# o12.oopen.de
initiativenserver.oopen.de
# o13.oopen.de
o13-web.oopen.de
o13-web-neu.oopen.de
# o31.oopen.de
web.cadus.org
wiki.cadus.org
# o20.oopen.de (srv-cityslang.cityslang.com)
o20.oopen.de
# o22.oopen.de
oolm-web.oopen.de
# Hetzner Cloud CX31 - AK
o26.oopen.de
# etventure # etventure
o32.oopen.de o32.oopen.de
@ -797,7 +732,7 @@ web-02.oopen.de
# o36 - b.mx, web-01, web-03,-- # o36 - b.mx, web-01, web-03,--
web-01.oopen.de web-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-test.oopen.de web-04.oopen.de
# o39 - web-05 # o39 - web-05
web-05.oopen.de web-05.oopen.de
@ -805,9 +740,9 @@ web-06.oopen.de
web-07.oopen.de web-07.oopen.de
web-08.oopen.de web-08.oopen.de
web-09.oopen.de web-09.oopen.de
web-10.oopen.de
# GA - Gemeinschaft Altensclirf
ga-st-services.ga.netz
# --- # ---
# Warenform server # Warenform server
@ -899,7 +834,6 @@ a.mx.oopen.de
# o36 - b.mx, web-01, web-03,-- # o36 - b.mx, web-01, web-03,--
web-01.oopen.de web-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-test.oopen.de
# --- # ---
# O.OPEN office network # O.OPEN office network
@ -938,7 +872,6 @@ o13-board.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
o13-mail.oopen.de o13-mail.oopen.de
o13-web.oopen.de o13-web.oopen.de
o13-web-neu.oopen.de
# o17.oopen.de # o17.oopen.de
test.mx.oopen.de test.mx.oopen.de
@ -951,7 +884,6 @@ o20.oopen.de
o21.oopen.de o21.oopen.de
# o22.oopen.de # o22.oopen.de
oolm-db-dev.oopen.de
oolm-db.oopen.de oolm-db.oopen.de
oolm-web.oopen.de oolm-web.oopen.de
@ -964,7 +896,6 @@ cl-irights.oopen.de
mm-irights.oopen.de mm-irights.oopen.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
o26.oopen.de
# o27.oopen.de # o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
@ -999,7 +930,7 @@ d.mx.oopen.de
matomo-01.oopen.de matomo-01.oopen.de
web-01.oopen.de web-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-test.oopen.de web-04.oopen.de
cl-test.oopen.de cl-test.oopen.de
# o38 - dc-opp cl-opp # o38 - dc-opp cl-opp
@ -1011,7 +942,6 @@ web-06.oopen.de
web-07.oopen.de web-07.oopen.de
web-08.oopen.de web-08.oopen.de
web-09.oopen.de web-09.oopen.de
web-10.oopen.de
# --- # ---
@ -1353,12 +1283,9 @@ o13-board.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
o13-mail.oopen.de o13-mail.oopen.de
o13-mumble.oopen.de o13-mumble.oopen.de
o13-mumble-neu.oopen.de
o13-pad.oopen.de o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de o13-cryptpad.oopen.de
o13-web.oopen.de o13-web.oopen.de
o13-web-neu.oopen.de
# - o17.oopen.de # - o17.oopen.de
test.mx.oopen.de test.mx.oopen.de
@ -1374,7 +1301,6 @@ o21.oopen.de
# - o22.oopen.de # - o22.oopen.de
oolm-db.oopen.de oolm-db.oopen.de
oolm-db-dev.oopen.de
oolm-shop.oopen.de oolm-shop.oopen.de
oolm-shop-dev.oopen.de oolm-shop-dev.oopen.de
oolm-web.oopen.de oolm-web.oopen.de
@ -1396,7 +1322,6 @@ cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
o26.oopen.de
# o29.oopen.de # o29.oopen.de
backup.oopen.de backup.oopen.de
@ -1430,7 +1355,7 @@ b.mx.oopen.de
matomo-01.oopen.de matomo-01.oopen.de
web-01.oopen.de web-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-test.oopen.de web-04.oopen.de
cl-test.oopen.de cl-test.oopen.de
# o38 - dc-opp cl-opp # o38 - dc-opp cl-opp
@ -1443,7 +1368,6 @@ web-06.oopen.de
web-07.oopen.de web-07.oopen.de
web-08.oopen.de web-08.oopen.de
web-09.oopen.de web-09.oopen.de
web-10.oopen.de
# --- # ---
# O.OPEN office network # O.OPEN office network
@ -1462,6 +1386,7 @@ file-ipa.local.netz
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-st-services.ga.netz
# --- # ---
# Warenform Server # Warenform Server
@ -1536,12 +1461,9 @@ o13-board.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
o13-mail.oopen.de o13-mail.oopen.de
o13-mumble.oopen.de o13-mumble.oopen.de
o13-mumble-neu.oopen.de
o13-pad.oopen.de o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de o13-cryptpad.oopen.de
o13-web.oopen.de o13-web.oopen.de
o13-web-neu.oopen.de
# - o17.oopen.de # - o17.oopen.de
o17.oopen.de o17.oopen.de
@ -1563,7 +1485,6 @@ o21.oopen.de
# - o22.oopen.de # - o22.oopen.de
o22.oopen.de o22.oopen.de
oolm-db.oopen.de oolm-db.oopen.de
oolm-db-dev.oopen.de
oolm-shop.oopen.de oolm-shop.oopen.de
oolm-shop-dev.oopen.de oolm-shop-dev.oopen.de
oolm-web.oopen.de oolm-web.oopen.de
@ -1591,7 +1512,6 @@ cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
o26.oopen.de
# Backup Faire Mobilitaet # Backup Faire Mobilitaet
o28.oopen.de o28.oopen.de
@ -1631,8 +1551,8 @@ o36.oopen.de
b.mx.oopen.de b.mx.oopen.de
matomo-01.oopen.de matomo-01.oopen.de
web-03.oopen.de web-03.oopen.de
web-04.oopen.de
web-01.oopen.de web-01.oopen.de
web-test.oopen.de
cl-test.oopen.de cl-test.oopen.de
# o38 - dc-01.oopen.de # o38 - dc-01.oopen.de
@ -1647,7 +1567,6 @@ web-06.oopen.de
web-07.oopen.de web-07.oopen.de
web-08.oopen.de web-08.oopen.de
web-09.oopen.de web-09.oopen.de
web-10.oopen.de
lxc-host-kb.anw-kb.netz lxc-host-kb.anw-kb.netz
@ -1781,6 +1700,7 @@ devel-ruby.wf.netz
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-lxc1.ga.netz ga-st-lxc1.ga.netz
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-st-services.ga.netz
ga-st-kvm1.ga.netz ga-st-kvm1.ga.netz
ga-al-kvm2.ga.netz ga-al-kvm2.ga.netz
ga-al-kvm3.ga.netz ga-al-kvm3.ga.netz
@ -1795,9 +1715,6 @@ o13-board.oopen.de
o13-staging-board.oopen.de o13-staging-board.oopen.de
o13-mail.oopen.de o13-mail.oopen.de
o13-mumble.oopen.de o13-mumble.oopen.de
o13-mumble-neu.oopen.de
o13-pad.oopen.de o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de o13-cryptpad.oopen.de
o13-web.oopen.de o13-web.oopen.de
o13-web-neu.oopen.de

2917
main.yml Normal file
View File

File diff suppressed because it is too large Load Diff

123
roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@ -6,18 +6,97 @@
#----------------------------- #-----------------------------
#--------------------------------------- #---------------------------------------
#LOGGING=true
LOGGING=false # ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check # - What to check
# - # -
check_load=true check_load=true
check_mysql=false check_mysql=false
check_mariadb=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true check_apache=true
check_nginx=false
check_php_fpm=true check_php_fpm=true
check_redis=false
check_website=false check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql # - Additional Settings for check_mysql
# - # -
# - MySQL / MariaDB credentials # - MySQL / MariaDB credentials
@ -39,11 +118,47 @@ check_website=false
# - $ mysql --login-path=local ... # - $ mysql --login-path=local ...
# - # -
# - Example # - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local" # - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) # - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# - # -
mysql_credential_args="--login-path=local" # - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm # - Additional Settings for check_php_fpm
@ -62,7 +177,7 @@ curl_check_host=127.0.0.1
# - Example: # - Example:
# - php_versions="5.4 5.6 7.0 7.1" # - php_versions="5.4 5.6 7.0 7.1"
# - # -
php_versions="8.1" php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also # - set the value given in your ping.path setting here. Give ping_path also

91
roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@ -16,10 +16,38 @@
# --- # ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check # - What to check
# - # -
check_load=true check_load=true
check_mysql=true check_mysql=false
check_mariadb=true
# - PostgreSQL # - PostgreSQL
# - # -
@ -33,6 +61,26 @@ check_php_fpm=true
check_redis=false check_redis=false
check_website=false check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must # - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited # - be ommited
# - # -
@ -70,11 +118,48 @@ check_website=false
# - $ mysql --login-path=local ... # - $ mysql --login-path=local ...
# - # -
# - Example # - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local" # - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) # - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# - # -
mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" # - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - Additional Settings for check_php_fpm # - Additional Settings for check_php_fpm
@ -93,7 +178,7 @@ curl_check_host=127.0.0.1
# - Example: # - Example:
# - php_versions="5.4 5.6 7.0 7.1" # - php_versions="5.4 5.6 7.0 7.1"
# - # -
php_versions="8.1" php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also # - set the value given in your ping.path setting here. Give ping_path also

112
roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@ -16,15 +16,87 @@
# --- # ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check # - What to check
# - # -
check_load=true check_load=true
check_mysql=true check_mysql=false
check_mariadb=true
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true check_apache=true
check_nginx=false
check_php_fpm=false check_php_fpm=false
check_redis=false
check_website=false check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql # - Additional Settings for check_mysql
# - # -
# - MySQL / MariaDB credentials # - MySQL / MariaDB credentials
@ -46,11 +118,47 @@ check_website=false
# - $ mysql --login-path=local ... # - $ mysql --login-path=local ...
# - # -
# - Example # - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local" # - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) # - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# - # -
mysql_credential_args="--login-path=local" # - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm # - Additional Settings for check_php_fpm

88
roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
View File

@ -16,10 +16,38 @@
# --- # ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check # - What to check
# - # -
check_load=true check_load=true
check_mysql=false check_mysql=false
check_mariadb=false
# - PostgreSQL # - PostgreSQL
# - # -
@ -33,6 +61,26 @@ check_php_fpm=true
check_redis=false check_redis=false
check_website=false check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must # - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited # - be ommited
# - # -
@ -70,11 +118,47 @@ check_website=false
# - $ mysql --login-path=local ... # - $ mysql --login-path=local ...
# - # -
# - Example # - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local" # - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) # - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# - # -
mysql_credential_args="" # - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm # - Additional Settings for check_php_fpm
@ -93,7 +177,7 @@ curl_check_host=127.0.0.1
# - Example: # - Example:
# - php_versions="5.4 5.6 7.0 7.1" # - php_versions="5.4 5.6 7.0 7.1"
# - # -
php_versions="8.1" php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also # - set the value given in your ping.path setting here. Give ping_path also

91
roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
View File

@ -16,10 +16,38 @@
# --- # ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check # - What to check
# - # -
check_load=true check_load=true
check_mysql=true check_mysql=false
check_mariadb=true
# - PostgreSQL # - PostgreSQL
# - # -
@ -33,6 +61,26 @@ check_php_fpm=true
check_redis=false check_redis=false
check_website=false check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must # - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited # - be ommited
# - # -
@ -70,11 +118,48 @@ check_website=false
# - $ mysql --login-path=local ... # - $ mysql --login-path=local ...
# - # -
# - Example # - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local" # - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) # - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# - # -
mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" # - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - Additional Settings for check_php_fpm # - Additional Settings for check_php_fpm
@ -93,7 +178,7 @@ curl_check_host=127.0.0.1
# - Example: # - Example:
# - php_versions="5.4 5.6 7.0 7.1" # - php_versions="5.4 5.6 7.0 7.1"
# - # -
php_versions="8.1" php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also # - set the value given in your ping.path setting here. Give ping_path also

90
roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf
View File

@ -16,16 +16,44 @@
# --- # ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check # - What to check
# - # -
check_load=true check_load=true
check_mysql=false check_mysql=false
check_mariadb=false
# - PostgreSQL # - PostgreSQL
# - # -
# - NOT useful, if more than one PostgreSQL instances are running! # - NOT useful, if more than one PostgreSQL instances are running!
# - # -
check_postgresql=false check_postgresql=true
check_apache=true check_apache=true
check_nginx=false check_nginx=false
@ -33,6 +61,26 @@ check_php_fpm=true
check_redis=false check_redis=false
check_website=false check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must # - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited # - be ommited
# - # -
@ -70,11 +118,47 @@ check_website=false
# - $ mysql --login-path=local ... # - $ mysql --login-path=local ...
# - # -
# - Example # - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local" # - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) # - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# - # -
mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm # - Additional Settings for check_php_fpm
@ -93,7 +177,7 @@ curl_check_host=127.0.0.1
# - Example: # - Example:
# - php_versions="5.4 5.6 7.0 7.1" # - php_versions="5.4 5.6 7.0 7.1"
# - # -
php_versions="8.1" php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also # - set the value given in your ping.path setting here. Give ping_path also

23
roles/common/files/mailserver/etc/postfix/smtpd_milter_map Normal file
View File

@ -0,0 +1,23 @@
# Disable Milters for local clients.
#127.0.0.0/8 DISABLE
#192.168.0.0/16 DISABLE
#172.16.0.0/12 DISABLE
#::/64 DISABLE
# Disable Milters for b.mx.oopen.de
162.55.82.73 DISABLE
2a01:4f8:271:1266::73 DISABLE
# Disable Milters for d.mx.oopen.de
95.217.204.227 DISABLE
2a01:4f9:4a:47e5::227 DISABLE
# Disable Milters for lists.mx.warenform.de
83.223.86.78 DISABLE
2a01:30:0:13:223:35ff:fef5:84b6 DISABLE
# Disable Milters for lists36.net
192.68.11.82 DISABLE
2001:678:a40:3000::82 DISABLE

112
roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
View File

@ -16,15 +16,87 @@
# --- # ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check # - What to check
# - # -
check_load=true check_load=true
check_mysql=false check_mysql=false
check_mariadb=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true check_apache=true
check_nginx=false
check_php_fpm=true check_php_fpm=true
check_redis=false
check_website=false check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql # - Additional Settings for check_mysql
# - # -
# - MySQL / MariaDB credentials # - MySQL / MariaDB credentials
@ -46,11 +118,47 @@ check_website=false
# - $ mysql --login-path=local ... # - $ mysql --login-path=local ...
# - # -
# - Example # - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local" # - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) # - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" # - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# - # -
mysql_credential_args="" # - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm # - Additional Settings for check_php_fpm
@ -69,7 +177,7 @@ curl_check_host=127.0.0.1
# - Example: # - Example:
# - php_versions="5.4 5.6 7.0 7.1" # - php_versions="5.4 5.6 7.0 7.1"
# - # -
php_versions="8.1" php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also # - set the value given in your ping.path setting here. Give ping_path also

12
roles/common/templates/usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
View File

@ -223,11 +223,17 @@ POSTFIX_DB_TYPE="mysql"
# - # -
# - Note: # - Note:
# - Dont't use 'localhost' if your MySQL socket is NOT # - Dont't use 'localhost' if your MySQL socket is NOT
# - located at '/var/run/mysqld/mysqld.sock' # - located at '/run/mysqld/mysqld.sock'
# - # -
# - Defaults to 'unix:/tmp/mysql.sock' # - Defaults to:
# - 'unix:/tmp/mysql.sock'if this socket exists at intsall time
# - 'unix:/run/mysqld/mysqld.sock' othwerwise
# - # -
{% if (postfix_db_host is defined) and postfix_db_host and "MySQL" == postfix_db_type %}
POSTFIX_DB_HOST_MYSQL="{{ postfix_db_host }}"
{% else %}
#POSTFIX_DB_HOST_MYSQL="" #POSTFIX_DB_HOST_MYSQL=""
{% endif %}
# - Host/Socket of Postfix Database (PostgeSQL) # - Host/Socket of Postfix Database (PostgeSQL)
# - # -
@ -236,7 +242,7 @@ POSTFIX_DB_TYPE="mysql"
# - # -
# - Defaults to '/run/postgresql' # - Defaults to '/run/postgresql'
# - # -
{% if (postfix_db_host is defined) and postfix_db_host %} {% if (postfix_db_host is defined) and postfix_db_host and "PostgreSQL" == postfix_db_type %}
POSTFIX_DB_HOST_PGSQL="{{ postfix_db_host }}" POSTFIX_DB_HOST_PGSQL="{{ postfix_db_host }}"
{% else %} {% else %}
#POSTFIX_DB_HOST_PGSQL="" #POSTFIX_DB_HOST_PGSQL=""