diff --git a/host_vars/file-blkr.blkr.netz.yml b/host_vars/file-blkr.blkr.netz.yml index 2d2e68b..dc96c86 100644 --- a/host_vars/file-blkr.blkr.netz.yml +++ b/host_vars/file-blkr.blkr.netz.yml @@ -287,6 +287,7 @@ samba_user: - buero - verwaltung password: 'Mq9R.WhKtP4v' + - name: chris groups: - buero @@ -298,77 +299,99 @@ samba_user: 61313164643061306433643738643563303036646334376536626531383965303036386162393832 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 3631 + - name: josephine groups: - buero - verwaltung password: 'H7jnJ/m9W-bf' + - name: julius groups: - buero - verwaltung password: 'fx9j/3X-thPr' + - name: julius-e groups: - buero - verwaltung password: '2/kcx3jju-tr' + - name: leonie groups: - buero - verwaltung password: '6.4aVX7rQ-9H' + - name: philip groups: - buero - verwaltung password: 'fN%749Psv_NR' + - name: buero1 groups: - buero password: 'Mfr!7tK+d49C' + - name: buero2 groups: - buero password: 'gW-wg3Pttf4/' + - name: buero3 groups: - buero password: 'Qc-WyMhJ/3-2' + - name: referendariat groups: - buero password: '4/zCNXnVF7+i' + - name: refa groups: - buero password: 'Mehringdamm40' + + - name: refi + groups: + - buero + password: '3.43-vhs7VoT' + - name: ref1 groups: - buero password: '???' + - name: sebastian groups: - buero - verwaltung password: 'bhNC.P5eTy-2' + - name: buero-05 groups: - buero password: '5/SXbV-M3vmQ' + - name: buero-06 groups: - buero password: 'N-ba2R+i/2eM' + - name: lap-01 groups: - buero password: 'X_2yYs2AIo.E' - - name: clara + - name: notfall groups: - buero - password: '52uT-/vP.ZpX' + - verwaltung + password: 'q.Y-q/3r9j.E' + # - name: lap-02 # groups: diff --git a/host_vars/o12.oopen.de.yml b/host_vars/o12.oopen.de.yml index edec3b5..62b97d2 100644 --- a/host_vars/o12.oopen.de.yml +++ b/host_vars/o12.oopen.de.yml @@ -240,11 +240,6 @@ cron_user_special_time_entries: job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" insertafter: PATH - - name: "Check if Check if all autostart LX-Container are running." - special_time: reboot - job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" - insertafter: PATH - cron_user_entries: @@ -273,8 +268,8 @@ cron_user_entries: hour: '*' job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1 - - name: "Check if all autostart LX-Container are running.?" - minute: '*/10' + - name: "Check if all autostart LX-Container are running." + minute: '*/9' hour: '*' job: /root/bin/LXC/boot-autostart-lx-container.sh diff --git a/host_vars/o25.oopen.de.yml b/host_vars/o25.oopen.de.yml index 7ce008f..a346ac9 100644 --- a/host_vars/o25.oopen.de.yml +++ b/host_vars/o25.oopen.de.yml @@ -395,6 +395,11 @@ cron_user_entries: hour: '6' job: /root/bin/admin-stuff/check-disc-usage.sh -c 85 + - name: "Check if Check if all autostart LX-Container are running." + minute: '*/9' + hour: '*' + job: /root/bin/LXC/boot-autostart-lx-container.sh + # --- # vars used by roles/common/tasks/users.yml diff --git a/host_vars/server22.warenform.de.yml b/host_vars/server22.warenform.de.yml index c645fcd..2d2c7ec 100644 --- a/host_vars/server22.warenform.de.yml +++ b/host_vars/server22.warenform.de.yml @@ -231,11 +231,6 @@ cron_user_special_time_entries: job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" insertafter: PATH - - name: "Check if Check if all autostart LX-Container are running." - special_time: reboot - job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" - insertafter: PATH - cron_user_entries: @@ -264,6 +259,11 @@ cron_user_entries: hour: '6' job: /root/bin/admin-stuff/check-disc-usage.sh -c 85 + - name: "Check if all autostart LX-Container are running." + minute: '*/9' + hour: '*' + job: /root/bin/LXC/boot-autostart-lx-container.sh + # --- # vars used by roles/common/tasks/users.yml diff --git a/host_vars/server25.warenform.de.yml b/host_vars/server25.warenform.de.yml index 91241ca..dbe1755 100644 --- a/host_vars/server25.warenform.de.yml +++ b/host_vars/server25.warenform.de.yml @@ -239,11 +239,6 @@ cron_user_special_time_entries: job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" insertafter: PATH - - name: "Check if Check if all autostart LX-Container are running." - special_time: reboot - job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" - insertafter: PATH - cron_user_entries: @@ -272,6 +267,11 @@ cron_user_entries: hour: '6' job: /root/bin/admin-stuff/check-disc-usage.sh -c 85 + - name: "Check if all autostart LX-Container are running." + minute: '*/9' + hour: '*' + job: /root/bin/LXC/boot-autostart-lx-container.sh + # --- # vars used by roles/common/tasks/users.yml diff --git a/host_vars/zapata-alt.opp.netz.yml b/host_vars/zapata-alt.opp.netz.yml new file mode 100644 index 0000000..554a269 --- /dev/null +++ b/host_vars/zapata-alt.opp.netz.yml @@ -0,0 +1,488 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + + +network_interfaces: + + - device: eno1 + # use only once per device (for the first device entry) + headline: eno1 - The primary network interface + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + description: + address: 192.168.62.21 + netmask: 24 + gateway: 192.168.62.254 + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + #nameservers: + # - 192.168.62.1 + #search: opp.netz + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 192.168.62.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - opp.netz + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 172.16.62.254 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 10 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +extra_user: + + - name: caracola + user_id: 1075 + group_id: 1075 + group: carola + # hS-a-6UC5.spCgNS + password: $y$j9T$TKCuCPZsnS.g3M8sPPFvo0$lxoGMooCH.Jyo5tXYEVAXNAlDV73Cj2haNFnrhjmAo6 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnap6I+g8xQvSZReP3CjwQ+O7okDhgCkrHaUCveOH8I marcus@caracola' + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + + +# --- +# vars used by roles/common/tasks/samba-config-server.yml +# vars used by roles/common/tasks/samba-user.yml +# --- + +samba_server_ip: 192.168.62.21 +samba_server_cidr_prefix: 24 + +samba_workgroup: OPP-ALT + +samba_netbios_name: ZAPATA-ALT + +samba_server_min_protocol: !!str NT1 + +samba_allow_insecure_wide_links: !!str yes + +samba_groups: + - name: buero + group_id: 1100 + - name: beratung + group_id: 1110 + - name: verwaltung + group_id: 1120 + + +samba_user: + + - name: alba + groups: + - buero + - beratung + password: '4l#3a=behandlg' + + - name: almut + groups: + - buero + - beratung + - verwaltung + password: 'Tax!ko11ekt!v' + + - name: anika + groups: + - buero + - beratung + password: '4n1k4*adb_23' + + - name: anne + groups: + - buero + - beratung + password: 'antilottka110' + + - name: birgit + groups: + - buero + - beratung + password: '6/shd9c2.cHE' + # passwort unbekannt + + - name: chris + groups: + - buero + - verwaltung + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + - name: carlotta + groups: + - buero + - beratung + password: '20_car-lotta.25%' + + - name: cristina + groups: + - buero + - beratung + password: '20_cristina_18!' + + - name: dori + groups: + - buero + - beratung + password: 'K4lt3r_hUnD' + + - name: drucker + groups: + - buero + password: '20-printer-18' + + - name: hanna + groups: + - buero + - beratung + password: '6UR9+#anna-25' + + - name: hannes + groups: + - buero + - beratung + password: 'U24Pdm-2' + + - name: joschka + groups: + - buero + - beratung + password: '20_joschka_15' + + - name: judith + groups: + - buero + - beratung + - verwaltung + password: '20judith14' + + - name: julian + groups: + - buero + - beratung + password: 'Jul14n_2018' + + - name: juliana + groups: + - buero + - beratung + password: '24-Jul!ana#OPP' + + - name: lavinia + groups: + - buero + - beratung + password: '20!lavinia*20' + + - name: luise + groups: + - buero + - beratung + password: '24_s.l.h._adb' + + - name: magdalena + groups: + - buero + - beratung + password: 'magdalena_23' + + - name: marcus + groups: + - buero + - beratung + - verwaltung + password: '' + + - name: maria + groups: + - buero + - beratung + password: 'm4ri4+adb22' + + - name: martin + groups: + - buero + - beratung + password: '20_martin_18' + + - name: opp + groups: + - buero + - beratung + - verwaltung + password: 'DaWirdIhnenGeholfen!' + + - name: opp7 + groups: + - buero + - beratung + - verwaltung + password: '20_opp6_19!' + + - name: paul + groups: + - buero + - beratung + password: '#polsfuss*adb24' + + - name: praktikum + groups: + - buero + password: 'praktikant*in_00p' + + - name: robin + groups: + - buero + - beratung + password: 'Schattenber!cht#53' + + - name: samantha + groups: + - buero + - beratung + password: 'art_12*lvbbg+adb' + + - name: simon + groups: + - buero + - beratung + - verwaltung + password: '20_simon_18!' + + - name: ute + groups: + - buero + - beratung + password: '23_ut3*obs' + +base_home: /home + +# remove_samba_users: +# - name: name1 +# - name: name2 +# +# remove_samba_users: [] +remove_samba_users: + - name: unknown + +samba_shares: + + - name: buero + comment: Büro auf Fileserver + path: /data/samba/OPP/buero + group_valid_users: buero + group_write_list: buero + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + wide_links: !!str yes + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: beratung + comment: Beratung auf Fileserver + path: /data/samba/OPP/beratung + group_valid_users: beratung + group_write_list: beratung + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: verwaltung + comment: Verwaltung auf Fileserver + path: /data/samba/OPP/verwaltung + group_valid_users: verwaltung + group_write_list: verwaltung + file_create_mask: !!str 0660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: backup + comment: Sicherungen User + path: /data/backup + browseable: !!str yes + read_only: !!str yes + writeable: !!str no + guest_ok: !!str no + file_create_mask: !!str 0664 + dir_create_mask: !!str 0755 + vfs_object_recycle: false + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/zapata.opp.netz.yml b/host_vars/zapata.opp.netz.yml index 4c22ac5..d9d8b07 100644 --- a/host_vars/zapata.opp.netz.yml +++ b/host_vars/zapata.opp.netz.yml @@ -22,9 +22,9 @@ network_interface_required_packages: network_interfaces: - - device: eno1 + - device: eno1np0 # use only once per device (for the first device entry) - headline: eno1 - The primary network interface + headline: eno1np0 - The primary network interface # auto & allow are only used for the first device entry allow: [] # array of allow-[stanzas] eg. allow-hotplug @@ -44,9 +44,9 @@ network_interfaces: # - 91.239.100.100 # anycast.censurfridns.dk # search: warenform.de # - nameservers: - - 192.168.62.1 - search: opp.netz + #nameservers: + # - 192.168.62.1 + #search: opp.netz # --- @@ -357,7 +357,7 @@ samba_user: - buero - beratung - verwaltung - password: '' + password: '1Gdg1btsnL,dgdB' - name: maria groups: @@ -413,7 +413,8 @@ samba_user: - buero - beratung - verwaltung - password: '20_simon_18!' + password: 'X:0ff3n_' + #password: '20_simon_18!' - name: ute groups: @@ -485,4 +486,4 @@ samba_shares: root_user: name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + password: $y$j9T$6yvHoRpNYxAEmLlG4q4g70$YTGOD5GytpbVMx7Z.vOyLQGJ6NkYOerc29N84Rk.Q0C diff --git a/hosts b/hosts index c3f8879..2a158e9 100644 --- a/hosts +++ b/hosts @@ -80,6 +80,8 @@ file-kb.anw-kb.netz file-blkr.blkr.netz file-dissens.dissens.netz zapata.opp.netz +zapata-neu.opp.netz +zapata-alt.opp.netz gw-replacement.local.netz gw-replacement2.local.netz @@ -579,6 +581,8 @@ gw-mbr.oopen.de gw-opp.oopen.de gw-opp-neu.opp.netz zapata.opp.netz +zapata-neu.opp.netz +zapata-alt.opp.netz # Sprachenatelier gw-spr.oopen.de @@ -1398,6 +1402,8 @@ file-kb.anw-kb.netz file-blkr.blkr.netz file-dissens.dissens.netz zapata.opp.netz +zapata-neu.opp.netz +zapata-alt.opp.netz @@ -1525,6 +1531,8 @@ file-km.anw-km.netz file-kb.anw-kb.netz file-blkr.blkr.netz zapata.opp.netz +zapata-neu.opp.netz +zapata-alt.opp.netz # - GA - Gemeinschaft Altensclirf ga-st-lxc1.ga.netz @@ -1686,6 +1694,8 @@ file-kb.anw-kb.netz file-blkr.blkr.netz file-dissens.dissens.netz zapata.opp.netz +zapata-neu.opp.netz +zapata-alt.opp.netz # - GA - Gemeinschaft Altensclirf @@ -1925,6 +1935,8 @@ file-kb.anw-kb.netz file-blkr.blkr.netz file-dissens.dissens.netz zapata.opp.netz +zapata-neu.opp.netz +zapata-alt.opp.netz [gateway_server_ro]