From 41f3af3e4ff12a0d856c9964025e8dfb7109d9f6 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Thu, 22 Jan 2026 11:27:38 +0100
Subject: [PATCH] update..

---
 host_vars/file-km.anw-km.netz.yml |   8 +
 host_vars/gw-opp-neu.opp.netz.yml | 236 ++++++++++++++++++++++++++++++
 2 files changed, 244 insertions(+)
 create mode 100644 host_vars/gw-opp-neu.opp.netz.yml

diff --git a/host_vars/file-km.anw-km.netz.yml b/host_vars/file-km.anw-km.netz.yml
index 14424c2..795c674 100644
--- a/host_vars/file-km.anw-km.netz.yml
+++ b/host_vars/file-km.anw-km.netz.yml
@@ -293,6 +293,7 @@ samba_user:
 
   - name: berenice
     groups:
+      - advoware
       - kanzlei
       - a-jur
       - alle
@@ -311,6 +312,7 @@ samba_user:
 
   - name: buero
     groups:
+      - advoware
       - kanzlei
       - a-jur
       - alle
@@ -318,6 +320,7 @@ samba_user:
 
   - name: buero2
     groups:
+      - advoware
       - kanzlei
       - a-jur
       - alle
@@ -325,6 +328,7 @@ samba_user:
 
   - name: buero3
     groups:
+      - advoware
       - kanzlei
       - a-jur
       - alle
@@ -332,6 +336,7 @@ samba_user:
 
   - name: buero4
     groups:
+      - advoware
       - kanzlei
       - a-jur
       - alle
@@ -339,6 +344,7 @@ samba_user:
 
   - name: buero7
     groups:
+      - advoware
       - kanzlei
       - a-jur
       - alle
@@ -487,6 +493,7 @@ samba_user:
 
   - name: rm-buero1
     groups:
+      - advoware
       - alle
       - a-jur
       - kanzlei
@@ -494,6 +501,7 @@ samba_user:
 
   - name: rm-buero2
     groups:
+      - advoware
       - alle
       - a-jur
       - kanzlei
diff --git a/host_vars/gw-opp-neu.opp.netz.yml b/host_vars/gw-opp-neu.opp.netz.yml
new file mode 100644
index 0000000..2ad366f
--- /dev/null
+++ b/host_vars/gw-opp-neu.opp.netz.yml
@@ -0,0 +1,236 @@
+---
+
+# ---
+# vars used by roles/network_interfaces
+# ---
+
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: True
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: False
+
+network_interface_path: /etc/network/interfaces.d
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown
+  - ifenslave
+
+network_interfaces:
+
+  - device: eno1
+    headline: eno1 - Uplink DSL via Fritz!Box
+    auto: true
+    family: inet
+    method: static
+    address: 172.16.62.2
+    netmask: 24
+    gateway: 172.16.62.254
+    #nameservers:
+    #  - 127.0.0.1
+    #  - 192.168.62.1
+    #search: ebs.netz kanzlei-kiel.netz elster.netz
+
+
+  - device: eno2
+    headline: eno2 -  LAN 
+    auto: true
+    family: inet
+    method: static
+    address: 192.168.62.253
+    netmask: 24
+
+
+  - device: eno3:ns
+    headline: eno2:ns - Alias on eno2 (Nameserver)
+    auto: true
+    family: inet
+    method: static
+    address: 192.168.62.1
+    netmask: 32
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - ecdsa-sha2-nistp256
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/systemd-resolved.yml
+# ---
+
+systemd_resolved: true
+
+# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
+#   Primäre DNS-Adresse: 38.132.106.139
+#   Sekundäre DNS-Adresse: 194.187.251.67
+#
+# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
+#   primäre DNS-Adresse
+#      IPv4: 1.1.1.1
+#      IPv6: 2606:4700:4700::1111
+#   sekundäre DNS-Adresse
+#      IPv4: 1.0.0.1
+#      IPv6: 2606:4700:4700::1001
+#
+# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
+#   primäre DNS-Adresse
+#      IPv4: 8.8.8.8
+#      IPv6: 2001:4860:4860::8888
+#   sekundäre DNS-Adresse
+#      IPv4: 8.8.4.4
+#      IPv6: 2001:4860:4860::8844
+#
+# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
+#   primäre DNS-Adresse
+#      IPv4: 9.9.9.9
+#      IPv6: 2620:fe::fe
+#   sekundäre DNS-Adresse
+#      IPv4: 149.112.112.112
+#      IPv6: 2620:fe::9
+#
+# OpenNIC - https://www.opennic.org/
+#      IPv4: 195.10.195.195 - ns31.de
+#      IPv4: 94.16.114.254  - ns28.de
+#      IPv4: 51.254.162.59  - ns9.de
+#      IPv4: 194.36.144.87  - ns29.de
+#      IPv6: 2a00:f826:8:2::195 - ns31.de
+#
+# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
+#    IPv4: 5.1.66.255
+#    IPv6: 2001:678:e68:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    IPv4: 185.150.99.255
+#    IPv6: 2001:678:ed0:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
+resolved_nameserver:
+  - 127.0.0.1
+
+# search domains
+#
+# If there are more than one search domains, then specify them here in the order in which
+# the resolver should also search them
+#
+#resolved_domains: []
+resolved_domains:
+  - ~.
+  - opp.netz
+
+resolved_dnssec: false
+
+# dns.as250.net: 194.150.168.168
+#
+resolved_fallback_nameserver:
+   - 194.150.168.168
+
+
+# ---
+# vars used by roles/common/tasks/cron.yml
+# ---
+
+cron_user_special_time_entries:
+
+  - name: "Restart NTP service 'ntpsec'"
+    special_time: reboot
+    job: "sleep 15 ; /bin/systemctl restart ntpsec"
+    insertafter: PATH
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+insert_ssh_keypair_backup_server: false
+ssh_keypair_backup_server:
+  - name: backup
+    backup_user: back
+    priv_key_src: root/.ssh/id_rsa.backup.oopen.de
+    priv_key_dest: /root/.ssh/id_rsa
+    pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
+    pub_key_dest: /root/.ssh/id_rsa.pub
+
+insert_keypair_backup_client: true
+ssh_keypair_backup_client:
+  - name: backup
+    priv_key_src: root/.ssh/id_ed25519.oopen-server
+    priv_key_dest: /root/.ssh/id_ed25519
+    pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
+    pub_key_dest: /root/.ssh/id_ed25519.pub
+    target: backup.oopen.de
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+install_bind_packages: true
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+git_firewall_repository:
+  name: ipt-gateway
+  repo: https://git.oopen.de/firewall/ipt-gateway
+  dest: /usr/local/src/ipt-gateway
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+