ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2022-07-20 00:54:30 +02:00
parent 9137c0a021
commit 34d8bccc43
8 changed files with 219 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
group_vars/all/main.yml
View File

@ -112,6 +112,7 @@ copy_plain_files_sysctl:
src_path: etc/sysctl.d/10-ddos.conf
dest_path: /etc/sysctl.d/10-ddos.conf
copy_additional_plain_files_sysctl: []
# ---
@ -1053,7 +1054,7 @@ sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2"
sshd_pubkey_authentication: !!str "yes"
sshd_password_authentication: !!str "yes"
sshd_password_authentication: !!str "no"
sshd_use_pam: !!str "yes"
@ -1093,6 +1094,7 @@ sshd_hostkeyalgorithms:
# - chacha20-poly1305@openssh.com
# - aes256-gcm@openssh.com
# - aes256-ctr
#sshd_ciphers: {}
sshd_ciphers:
- chacha20-poly1305@openssh.com

122
hosts
View File

@ -18,7 +18,6 @@ dns1.warenform.de
[extra_hosts]
backup.oopen.de
backup-neu.oopen.de
gitea.so36.net
backup.so36.net
@ -150,15 +149,17 @@ o24.oopen.de
cl-irights.oopen.de
mm-irights.oopen.de
# - o25.oopen.de
o25.oopen.de
# - o27.oopen.de
o27.oopen.de
cl-fm.oopen.de
cl-fm-neu.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK
o26.oopen.de
# Backup Server
# Backup Faire Mobilitaet
o28.oopen.de
# Backup Server
@ -196,9 +197,6 @@ web-03.oopen.de
web-test.oopen.de
cl-test.oopen.de
# Backup Faire Mobilitaet
o37.oopen.de
lxc-host-kb.anw-kb.netz
@ -349,26 +347,26 @@ o24.oopen.de
cl-irights.oopen.de
mm-irights.oopen.de
# - o25.oopen.de
o25.oopen.de
# - o27.oopen.de
o27.oopen.de
cl-fm.oopen.de
cl-fm-neu.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK
o26.oopen.de
# - o28.oopen.de
# Backup Faire Mobilitaet
o28.oopen.de
# - o29.oopen.de
o29.oopen.de
backup.oopen.de
git.oopen.de
munin.oopen.de
nscache.oopen.de
# - o29.oopen.de
o29.oopen.de
backup-neu.oopen.de
git-neu.oopen.de
# AK - Server Nextcloud/Jitsi Meet
o30.oopen.de
meet.akweb.de
@ -402,9 +400,6 @@ web-03.oopen.de
web-test.oopen.de
cl-test.oopen.de
# Backup Faire Mobilitaet
o37.oopen.de
lxc-host-kb.anw-kb.netz
# ---
@ -487,10 +482,9 @@ o13-web.oopen.de
test.mariadb.oopen.de
test.mx.oopen.de
# o28.oopen.de
munin.oopen.de
# o29.oopen.de
backup.oopen.de
munin.oopen.de
# o20.oopen.de (srv-cityslang.cityslang.com)
o20.oopen.de
@ -510,9 +504,17 @@ cl-01.oopen.de
# o24.oopen.de
cl-irights.oopen.de
# o25.oopen.de
# o27.oopen.de
cl-fm.oopen.de
cl-fm-neu.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# Backup Faire Mobilitaet
o28.oopen.de
# o29.oopen.de
backup.oopen.de
# o30.oopen.de - AK server Jitsi Meet/Nextcloud
cloud.akweb.de
@ -532,9 +534,6 @@ web-test.oopen.de
b.mx.oopen.de
cl-test.oopen.de
# Backup Faire Mobilitaet
o37.oopen.de
# ---
# O.OPEN office network
# ---
@ -744,8 +743,9 @@ test.mx.oopen.de
# o21.oopen.de
mail.cadus.org
# o25.oopen.de
# o27.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# o35.oopen.de
e.mx.oopen.de
@ -788,8 +788,9 @@ lists.mx.warenform.de
o13-board.oopen.de
o13-mail.oopen.de
# o25.oopen.de
# o27.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# o35.oopen.de
e.mx.oopen.de
@ -863,12 +864,19 @@ moodle.oopen.de
cl-irights.oopen.de
mm-irights.oopen.de
# o25.oopen.de
cl-fm.oopen.de
# Hetzner Cloud CX31 - AK
o26.oopen.de
# o27.oopen.de
cl-fm.oopen.de
cl-fm-neu.oopen.de
# Backup Faire Mobilitaet
o28.oopen.de
# o29.oopen.de
backup.oopen.de
# o30.oopen.de - AK server Jitsi Meet/Nextcloud
cloud.akweb.de
@ -888,9 +896,6 @@ web-03.oopen.de
web-test.oopen.de
cl-test.oopen.de
# Backup Faire Mobilitaet
o37.oopen.de
# ---
# Warenform
@ -947,9 +952,15 @@ cl-01.oopen.de
# o24.oopen.de
cl-irights.oopen.de
# o25.oopen.de
# o27.oopen.de
cl-fm.oopen.de
# o28.oopen.de
o28.oopen.de
# o29.oopen.de
backup.oopen.de
# o30.oopen.de - AK server Jitsi Meet/Nextcloud
cloud.akweb.de
@ -997,7 +1008,7 @@ o13-mail.oopen.de
# o17.oopen.de
test.mx.oopen.de
# o28.oopen.de
# o29.oopen.de
nscache.oopen.de
# o21.oopen.de
@ -1005,8 +1016,9 @@ mail.cadus.org
o22.oopen.de
# o25.oopen.de
# o27.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# o35.oopen.de
d.mx.oopen.de
@ -1069,7 +1081,7 @@ backup-neu.oopen.de
devel-root.wf.netz
# Backup Faire Mobilitaet
o37.oopen.de
o28.oopen.de
# ---
# Warenform
@ -1155,8 +1167,7 @@ o21.oopen.de
o22.oopen.de
o23.oopen.de
o24.oopen.de
o25.oopen.de
o28.oopen.de
o27.oopen.de
o29.oopen.de
o30.oopen.de
o32.oopen.de
@ -1248,23 +1259,20 @@ moodle.oopen.de
cl-irights.oopen.de
mm-irights.oopen.de
# - o25.oopen.de
# - o27.oopen.de
cl-fm.oopen.de
cl-fm-neu.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK
o26.oopen.de
# o28.oopen.de
# o29.oopen.de
backup.oopen.de
git.oopen.de
nscache.oopen.de
munin.oopen.de
nc-gw.oopen.de
# o29.oopen.de
backup-neu.oopen.de
git-neu.oopen.de
nscache.oopen.de
# o30.oopen.de - AK Server Nextcloud/Jitsi Meet
meet.akweb.de
@ -1433,26 +1441,25 @@ o24.oopen.de
cl-irights.oopen.de
mm-irights.oopen.de
# - o25.oopen.de
o25.oopen.de
# - o27.oopen.de
o27.oopen.de
cl-fm.oopen.de
cl-fm-neu.oopen.de
mail.faire-mobilitaet.de
mail-neu.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK
o26.oopen.de
# - o28.oopen.de
# Backup Faire Mobilitaet
o28.oopen.de
# - o29.oopen.de
o29.oopen.de
backup.oopen.de
git.oopen.de
nscache.oopen.de
munin.oopen.de
nc-gw.oopen.de
# - o29.oopen.de
o29.oopen.de
backup-neu.oopen.de
git-neu.oopen.de
# AK - Server Nextcloud/Jitsi Meet
o30.oopen.de
@ -1486,9 +1493,6 @@ web-01.oopen.de
web-test.oopen.de
cl-test.oopen.de
# Backup Faire Mobilitaet
o37.oopen.de
lxc-host-kb.anw-kb.netz

4
roles/common/files/etc/sysctl.d/30-enable-ipv6.conf Normal file
View File

@ -0,0 +1,4 @@
# Enable packet forwarding for IPv6
#
net.ipv6.conf.all.forwarding = 1

8
roles/common/files/etc/sysctl.d/60-elasticsearch.conf Normal file
View File

@ -0,0 +1,8 @@
# Needed by ElasticSearch Installation on virtual guest
# systems (LX-Containers)
#
# The error message there was:
# max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
#
vm.max_map_count = 524288

5
roles/common/handlers/main.yml
View File

@ -54,6 +54,11 @@
name: systemd-journald
state: restarted
- name: Restart redis-server
service:
name: redis-server
state: restarted
- name: Restart tor service
service:
name: tor

17
roles/common/tasks/basic.yml
View File

@ -126,6 +126,23 @@
tags:
- systctl-config
- name: (basic.yml) Additional Kernel Parameters (files /etc/sysctl.d/*.conf)
copy:
src: '{{ item.src_path }}'
dest: '{{ item.dest_path }}'
owner: root
group: root
mode: '0644'
loop: "{{ copy_additional_plain_files_sysctl }}"
loop_control:
label: 'dest: {{ item.name }}'
when:
- inventory_hostname not in groups['lxc_guest']
- copy_additional_plain_files_sysctl is defined
- copy_additional_plain_files_sysctl|length > 0
tags:
- systctl-config
# ----------
# unattended upgrades

8
roles/common/tasks/main.yml
View File

@ -188,6 +188,14 @@
tags:
- samba-server
- import_tasks: redis-server.yml
when: inventory_hostname in groups['nextcloud_server'] or
inventory_hostname in groups['apache2_webserver'] or
inventory_hostname in groups['nginx_webserver']
tags:
- redis-server
# tags supportetd inside caching-nameserver.yml
#
# apt-caching-nameserver

111
roles/common/tasks/redis-server.yml Normal file
View File

@ -0,0 +1,111 @@
---
- name: (redis-server.yml) update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
tags:
- redis-server
- name: (redis-server.yml) dpkg --configure
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- redis-server
- name: (redis-server.yml) upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- redis-server
- name: (redis-server.yml) Install redis-server packages
apt:
name: redis-server
state: present
tags:
- redis-server
- name: (redis-server.yml) Determine available users
getent:
database: passwd
tags:
- redis-server
- name: (redis-server.yml) Determine available groups
getent:
database: group
tags:
- redis-server
- name: (redis-server.yml) Add user 'www-data' to group 'redis'
user:
name: www-data
groups: redis
append: yes
when:
- "'www-data' in my_users"
- "'redis' in my_groups"
vars:
my_users: "{{ getent_passwd.keys()|list }}"
my_groups: "{{ getent_group.keys()|list }}"
tags:
- redis-server
- name: (redis-server.yml) Add user 'webadmin' to group 'redis'
user:
name: webadmin
groups: redis
append: yes
when:
- "'webadmin' in my_users"
- "'redis' in my_groups"
vars:
my_users: "{{ getent_passwd.keys()|list }}"
my_groups: "{{ getent_group.keys()|list }}"
tags:
- redis-server
- name: (redis-server.yml) Check if file '/etc/redis/redis.conf.ORIG' exists
stat:
path: /etc/redis/redis.conf.ORIG
register: redis_conf_exists
tags:
- redis-server
- name: (redis-server.yml) Backup existing file /etc/redis/redis.conf.
command: cp -a /etc/redis/redis.conf /etc/redis/redis.conf.ORIG
when:
- redis_conf_exists.stat.exists == False
tags:
- samba-server
- name: (redis-server.yml) adjust configuration '/etc/redis/redis.conf'
lineinfile:
dest: /etc/redis/redis.conf
regexp: "{{ item.regexp }}"
insertafter: "{{ item.insertafter }}"
line: "{{ item.key }} {{ item.val }}"
state: present
loop:
- { regexp: '^bind\s+', key: 'bind', val: '127.0.0.1 ::1', insertafter: '^#\s*bind\s+' }
- { regexp: '^port\s+', key: 'port', val: '6379', insertafter: '^#\s*port\s+' }
- { regexp: '^unixsocket\s+', key: 'unixsocket', val: '/run/redis/redis-server.sock', insertafter: '^#\s*unixsocketperm' }
- { regexp: '^unixsocketperm', key: 'unixsocketperm', val: '770', insertafter: '^unixsocket\s+' }
- { regexp: '^logfile', key: 'logfile', val: '/var/log/redis/redis-server.log', insertafter: '^#\s+logfile\s+' }
notify: "Restart redis-server"
tags:
- redis-server