update..

host_vars/a.mx.oopen.de.yml

@@ -196,6 +196,8 @@ roundcube_db_user: roundcube
 #roundcube_db_host: localhost
 roundcube_db_pass: '3Dsz3j5R'
 
+roundcube_acl_plugin: true
+
 roundcube_product_name: O.OPEN - Webmailer
 roundcube_support_url: https://www.oopen.de
 roundcube_skin_logo: "images/oopen-logo.png"
@@ -210,6 +212,8 @@ roundcube_2_db_user: roundcube
 #roundcube_2_db_host: localhost
 roundcube_2_db_pass: '3Dsz3j5R'
 
+roundcube2_acl_plugin: true
+
 roundcube_2_product_name: O.OPEN - Webmailer
 roundcube_2_support_url: https://www.oopen.de
 roundcube_2_skin_logo: "images/oopen-logo.png"
@@ -221,7 +225,7 @@ template_files_mailsystem_script:
     src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
     dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
 
-  - name: mailsystem_install_postfixadmin.conf
+  - name: mailsystem__postfix_advanced.conf
     src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
     dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
 

host_vars/b.mx.oopen.de.yml

@@ -144,6 +144,6 @@ template_files_mailsystem_script:
     src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
     dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
 
-  - name: install_postfix_advanced.conf
+  - name: mailsystem_install_postfix_advanced.conf
     src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
     dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf

host_vars/c.mx.oopen.de.yml

@@ -155,7 +155,7 @@ db_in_use: !!str "true"
 postfix_db_type: MySQL
 postfix_db_name: postfix
 postfix_db_user: postfix
-postfix_db_host: 127.0.0.1
+#postfix_db_host:
 postfix_db_pass: AeB4kohyie5rahJ7
 
 # install_amavis.conf
@@ -201,9 +201,11 @@ autoreply_hostname: autoreply.initiativenserver.de
 roundcube_db_type: mysql
 roundcube_db_name: roundcubemail
 roundcube_db_user: roundcube
-roundcube_db_host: localhost
+#roundcube_db_host: 
 roundcube_db_pass: 're6Xe8Fereejai3D'
 
+roundcube_acl_plugin: false
+
 roundcube_product_name: Webmailer Initiativenserver
 roundcube_support_url: "https://www.aktionsbuendnis-brandenburg.de/"
 roundcube_skin_logo: "images/oopen-logo.png"
@@ -215,7 +217,7 @@ template_files_mailsystem_script:
     src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
     dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
 
-  - name: mailsystem_install_postfixadmin.conf
+  - name: mailsystem_install_postfix_advanced.conf
     src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
     dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
 

host_vars/d.mx.oopen.de.yml

@@ -0,0 +1,137 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_compiler_pkgs: true
+
+apt_install_postgresql_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: id-rsa-dehydrated
+    priv_key_src: d.mx/root/.ssh/d.mx-id_rsa-dehydrated
+    priv_key_dest: /root/.ssh/id_rsa-dehydrated
+    pub_key_src: d.mx/root/.ssh/d.mx-id_rsa-dehydrated.pub
+    pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
+  - name: id-rsa-opendkim
+    priv_key_src: d.mx/root/.ssh/d.mx-id_rsa-opendkim
+    priv_key_dest: /root/.ssh/id_rsa-opendkim
+    pub_key_src: d.mx/root/.ssh/d.mx-id_rsa-opendkim.pub
+    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/copy_files.yml
+# ---
+
+copy_plain_files:
+
+  - name: monitoring_check_webservice_load.conf
+    src_path: d.mx/root/bin/monitoring/conf/check_webservice_load.conf
+    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
+
+  - name: postfix_create_opendkim_key.conf
+    src_path: d.mx/root/bin/postfix/conf/create_opendkim_key.conf
+    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
+
+  - name: postfix_whitelist_mb_sigs.conf
+    src_path: d.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf
+    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
+
+  - name: install_sympa.conf
+    src_path: lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
+    dest_path: /usr/local/src/sympa/conf/install_sympa.conf
+
+
+copy_template_files: []
+#
+#  - name: mailsystem_install_amavis.conf
+#    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+#    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
+
+
+
+# ---
+# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
+# ---
+
+hostname: d.mx.oopen.de
+ipv4_address: 95.217.204.227
+ipv6_address: 2a01:4f9:4a:47e5::227
+
+admin_email: argus@oopen.de
+is_relay_host: false
+is_sympa_list_server: true
+
+# install_amavis.conf
+#
+mp_receipt_number: 106015125438
+si_authorisation_signature: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
+
+
+template_files_mailsystem_script:
+
+  - name: mailsystem_install_postfix_advanced.conf
+    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
+
+  - name: mailsystem_install_amavis.conf
+    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf

host_vars/e.mx.oopen.de.yml

@@ -189,6 +189,10 @@ roundcube_skin_logo: "images/oopen-logo.png"
 
 template_files_mailsystem_script:
 
+  - name: mailsystem_install_postfix_advanced.conf
+    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
+
   - name: mailsystem_install_amavis.conf
     src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
     dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf

host_vars/file-fhxb.fhxb.netz

@@ -154,14 +154,51 @@ sudo_users:
 # ---
 
 
+# ---
+# vars used by roles/common/tasks/nfs.yml
+# ---
+
+nfs_server: 192.168.192.10
+
+# Set 'fs_encrypted' to true if filesystem lives on an encrypted
+# partition.
+#
+# NOTE !!
+#    Take car to increase 'fsid' in case of more than one export
+#
+nfs_exports:
+   - src: 192.168.192.10:/data/home
+     path: /data/home
+     mount_opts: users,rsize=8192,wsize=8192,hard,intr
+     export_opt: rw,root_squash,sync,subtree_check
+     export_networks:
+       - 192.168.192.0/24
+       - 10.0.192.0/24
+       - 10.1.192.0/24
+       - 192.168.63.0/24
+     use_fsid_option: true
+
+   - src: 192.168.192.10:/data/samba/shares
+     path: /data/samba/shares
+     mount_opts: users,rsize=8192,wsize=8192,hard,intr
+     export_opt: rw,root_squash,sync,subtree_check
+     export_networks:
+       - 192.168.192.0/24
+       - 10.0.192.0/24
+       - 10.1.192.0/24
+       - 192.168.63.0/24
+     use_fsid_option: true
+
+
+
 # ---
 # vars used by roles/common/tasks/samba-config-server.yml
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 
-samba_workgroup: OPP
+samba_workgroup: FHXB
 
-samba_netbios_name: ZAPATA
+samba_netbios_name: FILE-FHXB
 
 samba_server_min_protocol: !!str NT1
 
@@ -217,28 +254,29 @@ samba_user:
   - name: chris
     groups:
 
-      - FHXB-Bildarchiv
+      - fhxb-bildarchiv
 
-      - FHXB-Sammlungen
+      - fhxb-sammlungen
 
-      - Archiv
-      - Ausstellungen
-      - Forschung
-      - Gedenken-im-Stadtraum
-      - Projekte
-      - Publikationen
-      - Stolpersteine
-      - Veranstaltungen
+      - archiv
+      - ausstellungen
+      - forschung
+      - gedenken-im-stadtraum
+      - projekte
+      - publikationen
+      - stolpersteine
+      - veranstaltungen
+      - vze
 
-      - Buero
-      - Intern
-      - Museum-Organisation
-      - Presse-Orga-Oeffentlichkeit
-      - Team
-      - Technik
-      - Vermietung
-      - Vermittlung
-      - Leitung
+      - buero
+      - intern
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - team
+      - technik
+      - vermietung
+      - vermittlung
+      - leitung
 
     password: !vault |
           $ANSIBLE_VAULT;1.1;AES256
@@ -250,32 +288,318 @@ samba_user:
 
   - name: sysadm
     groups:
-
-      - FHXB-Bildarchiv
-
-      - FHXB-Sammlungen
-
-      - Archiv
-      - Ausstellungen
-      - Forschung
-      - Gedenken-im-Stadtraum
-      - Projekte
-      - Publikationen
-      - Stolpersteine
-      - Veranstaltungen
-
-      - Buero
-      - Intern
-      - Museum-Organisation
-      - Presse-Orga-Oeffentlichkeit
-      - Team
-      - Technik
-      - Vermietung
-      - Vermittlung
-      - Leitung
-      
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - intern
+      - leitung
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - vze
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
     password: '5hE-7n.JRQ9Y'
 
+    # Archiv01
+  - name : a.rchiv01
+    groups:
+      - archiv
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: '45pS2X-rim.e'
+
+    # Archiv02
+  - name : a.rchiv02
+    groups:
+      - archiv
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: '7gqKY/7-nh3Q'
+
+    # Astrid Schiemann
+  - name : a.schiemann
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - intern
+      - leitung
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'G.u3r.tJ6Qkh'
+
+    # Babara Schaller
+  - name : b.schaller
+    groups:
+      - archiv
+      - buero
+      - publikationen
+      - team
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'ufPmZ.L/63yJ'
+
+    # Ellen Thieleman
+  - name : e.thieleman
+    groups:
+      - ausstellungen
+      - buero
+      - projekte
+      - team
+    password: 'MFS79-tzWA/c'
+
+    # Erika Hausotter
+  - name : e.hausotter
+    groups:
+      - archiv
+      - team
+    password: 'A/pY4-9VvUdo'
+
+    # Florian Helm
+  - name : f.helm
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - intern
+      - leitung
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - vze
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'z2FE..fUh4fx'
+
+    # Frauke Erdmann
+  - name : f.erdmann
+    groups:
+      - archiv
+      - buero
+      - publikationen
+      - team
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'P/yV5N9rxA-Y'
+
+    # Gerhard Grosche
+  - name : g.grosche
+    groups:
+      - archiv
+      - publikationen
+      - team
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: '6/H-EgRqP9-T'
+
+    # Heike Müller
+  - name : h.mueller
+    groups:
+      - buero
+      - team
+    password: 'VT7/n5hHy-Av'
+
+    # Jana König
+  - name : j.koenig
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - intern
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'fE6.2K/HpnuS'
+
+    # Jorinde Splettstößer
+  - name : j.splettstoesser
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - intern
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - vze
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: '2/octHEm/g5H'
+
+    # Natalie Bayer
+  - name : n.bayer
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - intern
+      - leitung
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - vze
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'AI/.44Jt6rhY'
+
+    # Norbert Schropp
+  - name : n.schropp
+    groups:
+      - archiv
+      - ausstellungen
+      - publikationen
+      - team
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'rK/puJ2.7sb4'
+
+    # Praktikum 01
+  - name : p.raktikum01
+    groups:
+      - ausstellungen
+      - buero
+      - presse-orga-oeffentlichkeit
+      - team
+      - veranstaltungen
+      - vermietung
+    password: '2IN.R5HIq-ig'
+
+    # Praktikum 02
+  - name : p.raktikum02
+    groups:
+      - ausstellungen
+      - buero
+      - presse-orga-oeffentlichkeit
+      - team
+      - veranstaltungen
+      - vermietung
+    password: 'NnRYo5-d6i/n'
+
+    # Volo 01
+  - name : v.olo01
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+    password: 'A/pY4-9VvUdo'
+
+    # Volo 02
+  - name : v.olo02
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - vze
+    password: 'sp29q-Yn-6PY'
+
+    # Volo 03
+  - name : v.olo03
+    groups:
+      - archiv
+      - ausstellungen
+      - buero
+      - forschung
+      - gedenken-im-stadtraum
+      - museum-organisation
+      - presse-orga-oeffentlichkeit
+      - projekte
+      - publikationen
+      - stolpersteine
+      - team
+      - technik
+      - veranstaltungen
+      - vermietung
+      - vermittlung
+      - vze
+      - fhxb-bildarchiv
+      - fhxb-sammlungen
+    password: 'n7I.fSsR-9vv'
+
+
 base_home: /home
 
 # remove_samba_users:
@@ -288,26 +612,6 @@ remove_samba_users:
 
 samba_shares:
 
-  - name: FHXB-Bildarchiv
-    comment: Bildarchiv auf Fileserver
-    path: /data/samba/FHXB-Bildarchiv/Bildarchiv
-    group_valid_users: fhxb-bildarchiv
-    group_write_list: fhxb-bildarchiv
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
-  - name: FHXB-Sammlungen
-    comment: FHXB-Sammlungen auf Fileserver
-    path: /data/samba/Darchim2/Bildarchiv
-    group_valid_users: fhxb-sammlungen
-    group_write_list: fhxb-sammlungen
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
   - name: Archiv
     comment: Archiv auf Fileserver
     path: /data/samba/FHXB-Server/Archiv
@@ -328,6 +632,16 @@ samba_shares:
     vfs_object_recycle: true
     recycle_path: '@Recycle'
 
+  - name: Buero
+    comment: Buero auf Fileserver
+    path: /data/samba/FHXB-Server/Buero
+    group_valid_users: buero
+    group_write_list: buero
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
   - name: Forschung
     comment: Forschung auf Fileserver
     path: /data/samba/FHXB-Server/Forschung
@@ -348,67 +662,6 @@ samba_shares:
     vfs_object_recycle: true
     recycle_path: '@Recycle'
 
-  - name: Projekte
-    comment: Projekte auf Fileserver
-    path: /data/samba/FHXB-Server/Projekte
-    group_valid_users: projekte
-    group_write_list: projekte
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
-  - name: Publikationen
-    comment: Publikationen auf Fileserver
-    path: /data/samba/FHXB-Server/Publikationen
-    group_valid_users: publikationen
-    group_write_list: publikationen
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
-  - name: Stolpersteine
-    comment: Stolpersteine auf Fileserver
-    path: /data/samba/FHXB-Server/Stolpersteine
-    group_valid_users: stolpersteine
-    group_write_list: stolpersteine
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
-  - name: Veranstaltungen
-    comment: Veranstaltungen auf Fileserver
-    path: /data/samba/FHXB-Server/Veranstaltungen
-    group_valid_users: Veranstaltungen
-    group_write_list: Veranstaltungen
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
-  - name: VZE
-    comment: VZE auf Fileserver
-    path: /data/samba/FHXB-Server/VZE
-    group_valid_users: vze
-    group_write_list: vze
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
-
-  - name: Buero
-    comment: Buero auf Fileserver
-    path: /data/samba/FHXB-Server/Buero
-    group_valid_users: buero
-    group_write_list: buero
-    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
-    recycle_path: '@Recycle'
-
   - name: Intern
     comment: Intern auf Fileserver
     path: /data/samba/FHXB-Server/Intern
@@ -449,6 +702,36 @@ samba_shares:
     vfs_object_recycle: true
     recycle_path: '@Recycle'
 
+  - name: Projekte
+    comment: Projekte auf Fileserver
+    path: /data/samba/FHXB-Server/Projekte
+    group_valid_users: projekte
+    group_write_list: projekte
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: Publikationen
+    comment: Publikationen auf Fileserver
+    path: /data/samba/FHXB-Server/Publikationen
+    group_valid_users: publikationen
+    group_write_list: publikationen
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: Stolpersteine
+    comment: Stolpersteine auf Fileserver
+    path: /data/samba/FHXB-Server/Stolpersteine
+    group_valid_users: stolpersteine
+    group_write_list: stolpersteine
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
   - name: Team
     comment: Team auf Fileserver
     path: /data/samba/FHXB-Server/Team
@@ -469,6 +752,26 @@ samba_shares:
     vfs_object_recycle: true
     recycle_path: '@Recycle'
 
+  - name: VZE
+    comment: VZE auf Fileserver
+    path: /data/samba/FHXB-Server/VZE
+    group_valid_users: vze
+    group_write_list: vze
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: Veranstaltungen
+    comment: Veranstaltungen auf Fileserver
+    path: /data/samba/FHXB-Server/Veranstaltungen
+    group_valid_users: veranstaltungen
+    group_write_list: veranstaltungen
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
   - name: Vermietung
     comment: Vermietung auf Fileserver
     path: /data/samba/FHXB-Server/Vermietung
@@ -489,6 +792,26 @@ samba_shares:
     vfs_object_recycle: true
     recycle_path: '@Recycle'
 
+  - name: FHXB-Bildarchiv
+    comment: Bildarchiv auf Fileserver
+    path: /data/samba/FHXB-Bildarchiv/Bildarchiv
+    group_valid_users: fhxb-bildarchiv
+    group_write_list: fhxb-bildarchiv
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: FHXB-Sammlungen
+    comment: FHXB-Sammlungen auf Fileserver
+    path: /data/samba/Darchim2/Bildarchiv
+    group_valid_users: fhxb-sammlungen
+    group_write_list: fhxb-sammlungen
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
 
 
 # ==============================

host_vars/ga-st-mail.ga.netz.yml

@@ -0,0 +1,227 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_compiler_pkgs: true
+
+apt_install_postgresql_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: id-rsa-dehydrated
+    priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated
+    priv_key_dest: /root/.ssh/id_rsa-dehydrated
+    pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub
+    pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
+  - name: id-rsa-opendkim
+    priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim
+    priv_key_dest: /root/.ssh/id_rsa-opendkim
+    pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub
+    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/copy_files.yml
+# ---
+
+copy_plain_files:
+
+  # /root/bin/monitoring
+  #
+  - name: monitoring_check_cert_for_dovecot.conf
+    src_path: ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf
+    dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
+
+  - name: monitoring_check_webservice_load.conf
+    src_path: ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
+    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
+
+  # /root/bin/postfix
+  #
+  - name: postfix_create_opendkim_key.conf
+    src_path: ga-st-mail/root/bin/postfix/conf/create_opendkim_key.conf
+    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
+
+  - name: postfix_postfix_add_mailboxes.conf
+    src_path: ga-st-mail/root/bin/postfix/conf/postfix_add_mailboxes.conf
+    dest_path: /root/bin/postfix/conf/postfix_add_mailboxes.conf
+
+  - name: postfix_sent_userinfo_postfix.conf
+    src_path: ga-st-mail/root/bin/postfix/conf/sent_userinfo_postfix.conf
+    dest_path: /root/bin/postfix/conf/sent_userinfo_postfix.conf
+
+  - name: postfix_whitelist_mb_sigs.conf
+    src_path: ga-st-mail/root/bin/postfix/conf/whitelist_mb_sigs.conf
+    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
+
+
+copy_plain_files_postfwd_host_specific: []
+
+  # Postfix Firewall postfwd
+  #
+  #- name: postfwd.wl-user
+  #  src_path: ga-st-mail/etc/postfix/postfwd.wl-user
+  #  dest_path: /etc/postfix/postfwd.wl-user
+
+
+#copy_template_files: []
+#
+#  - name: mailsystem_install_amavis.conf
+#    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+#    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
+
+
+
+# ---
+# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
+# ---
+
+hostname: mx.gemeinschaft-altenschlirf.de
+ipv4_address: 192.168.11.2
+#ipv6_address: 
+
+admin_email: it@gemeinschaft-altenschlirf.org
+is_relay_host: !!str "false"
+
+db_in_use: !!str "true"
+# postfix_db_type
+#
+# possible values are 'PostgreSQL' and 'MySQL'
+postfix_db_type: PostgreSQL
+postfix_db_name: postfix
+postfix_db_user: postfix
+#postfix_db_host:
+postfix_db_pass: R_wuKauoTE7+AJg9
+
+# install_amavis.conf
+#
+mp_receipt_number: 106015125438
+si_authorisation_signature: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
+
+# install_postfixadmin.conf
+# 
+website_name_postfixadmin: adm.gemeinschaft-altenschlirf.de
+
+email_welcome_message: "\n
+Hallo,\n
+
+Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n
+
+IT Team Gemeinschaft Altenschlirf\n
+
+--\n
+Gemeinschaft Altenschlirf  |   Phone:  +49 6647 / 9606 0\n
+Müser Straße 1             |   Fax:    +49 6647 / 9606 179\n
+D-36358 Herbstein          |   E-Mail: it@gemeinschaft-altenschlirf.de\n
+"
+
+# install_update_dovecot.conf
+#
+dovecot_from_address: "Administrator E-Mail <postmaster@gemeinschaft-altenschlirf.de>"
+dovecot_reply_to: "postmaster@gemeinschaft-altenschlirf.de"
+webmailer_address: "https://webmail.gemeinschaft-altenschlirf.de"
+salutation: "IT Team Gemeinschaft Altenschlirf\n
+
+--\n
+Gemeinschaft Altenschlirf  |   Phone:  +49 6647 / 9606 0\n
+Müser Straße 1             |   Fax:    +49 6647 / 9606 179\n
+D-36358 Herbstein          |   E-Mail: it@gemeinschaft-altenschlirf.de\n
+"
+
+# install_upgrade_roundcube-webmail.conf
+#
+# Webmailer
+webmail_site_name: webmail.gemeinschaft-altenschlirf.de
+autoreply_hostname: autoreply.gemeinschaft-altenschlirf.de
+# possible values: 'pgsql' or 'mysql'
+roundcube_db_type: pgsql
+roundcube_db_name: roundcubemail
+roundcube_db_user: roundcube
+#roundcube_db_host:
+roundcube_db_pass: 'K3TbMmTfnCXdj4vz'
+
+#roundcube_acl_plugin: true
+
+roundcube_product_name: Gemeinschaft Altenschlirf - Webmailer
+roundcube_support_url: https://www.gemeinschaft-altenschlirf.de
+roundcube_skin_logo: "images/oopen-logo.png"
+
+
+template_files_mailsystem_script:
+
+  - name: mailsystem_install_postfix_advanced.conf
+    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
+
+  - name: mailsystem_install_amavis.conf
+    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
+
+  - name: mailsystem_install_postfixadmin.conf
+    src_path: usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_postfixadmin.conf
+
+  - name: mailsystem_install_update_dovecot.conf
+    src_path: usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_update_dovecot.conf
+
+  - name: mailsystem_install_upgrade_roundcube-webmail.conf
+    src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf

host_vars/gw-fhxb.oopen.de.yml

@@ -0,0 +1,278 @@
+---
+# ---
+# vars used by roles/network_interfaces
+# ---
+
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: True
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: False
+
+network_interface_path: /etc/network/interfaces.d
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown
+  - ifenslave
+  - resolvconf
+
+network_interfaces:
+
+  - device: eno1
+    headline: eno1 - Uplink DSL via Fritz!Box
+    auto: true
+    family: inet
+    method: static
+    address: 192.168.178.254
+    netmask: 24
+    gateway: 192.168.178.1
+    nameservers:
+      - 127.0.0.1
+      - 192.168.192.1
+    search: fhxb.netz
+
+
+  - device: eno2
+    headline: eno2 -  LAN 
+    auto: true
+    family: inet
+    method: static
+    address: 192.168.192.254
+    netmask: 24
+
+
+  - device: eno2:ns
+    headline: eno2:ns - Alias on eno5 (Nameserver)
+    auto: true
+    family: inet
+    method: static
+    address: 192.168.192.1
+    netmask: 32
+
+
+  - device: eno3
+    headline: eno3 -  LAN 
+    auto: true
+    family: inet
+    method: static
+    address: 192.168.193.254
+    netmask: 24
+
+
+  - device: eno4
+    headline: eno4 -  OLD LAN 
+    auto: true
+    family: inet
+    method: static
+    address: 192.168.178.254
+    netmask: 24
+
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+cron_user_entries:
+
+  - name: "Check if Postfix Mailservice is up and running?"
+    minute: '*/15'
+    hour: '*'
+    job: /root/bin/monitoring/check_postfix.sh
+
+  - name: "Check if SSH service is up and running?"
+    minute: '*/15'
+    hour: '*'
+    job: /root/bin/monitoring/check_ssh.sh
+
+  - name: "Check if OpenVPN service is up and running?"
+    minute: '*/30'
+    hour: '*'
+    job: /root/bin/monitoring/check_vpn.sh
+
+  - name: "Check if nameservice (bind) is running?"
+    minute: '*/10'
+    hour: '*'
+    job: /root/bin/monitoring/check_dns.sh
+
+  - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
+    minute: '0-59/2'
+    hour: '*'
+    job: /root/bin/monitoring/check_forwarding.sh
+
+  - name: "Copy gateway configuration"
+    minute: '09'
+    hour: '3'
+    job: /root/bin/manage-gw-config/copy_gateway-config.sh FHXB
+
+
+#cron_user_special_time_entries: []
+cron_user_special_time_entries:
+
+  - name: "Check if Postfix Service is running at boot time"
+    special_time: reboot
+    job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
+    insertafter: PATH
+
+  - name: "Restart Systemd's resolved at boottime."
+    special_time: reboot
+    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
+    insertafter: PATH
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+insert_ssh_keypair_backup_server: false
+ssh_keypair_backup_server:
+  - name: backup
+    backup_user: back
+    priv_key_src: root/.ssh/id_rsa.backup.oopen.de
+    priv_key_dest: /root/.ssh/id_rsa
+    pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
+    pub_key_dest: /root/.ssh/id_rsa.pub
+
+insert_keypair_backup_client: true
+ssh_keypair_backup_client:
+  - name: backup
+    priv_key_src: root/.ssh/id_ed25519.oopen-server
+    priv_key_dest: /root/.ssh/id_ed25519
+    pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
+    pub_key_dest: /root/.ssh/id_ed25519.pub
+    target: backup.oopen.de
+
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: sysadm
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+
+sudo_users:
+  - chris
+  - sysadm
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+apt_install_bind9_packages: true
+
+bind9_gateway_acl:
+  - local-net:
+    name: local-net
+    entries:
+      - 127.0.0.0/8
+      - 172.16.0.0/12
+      - 192.168.0.0/16
+      - 10.0.0.0/8
+      - fc00::/7
+      - fe80::/10
+      - ::1/128
+
+bind9_gateway_listen_on_v6:
+   - none
+
+bind9_gateway_listen_on:
+  - any
+
+#bind9_gateway_allow_transfer: {}
+bind9_gateway_allow_transfer:
+   - none
+
+#bind9_gateway_allow_query: {}
+bind9_gateway_allow_query:
+  - local-net
+
+#bind9_gateway_allow_query_cache: {}
+bind9_gateway_allow_query_cache:
+  - local-net
+
+bind9_gateway_recursion:  !!str "yes"
+#bind9_gateway_allow_recursion: {}
+bind9_gateway_allow_recursion:
+  - local-net
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+git_firewall_repository:
+  name: ipt-gateway
+  repo: https://git.oopen.de/firewall/ipt-gateway
+  dest: /usr/local/src/ipt-gateway
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

host_vars/lists.mx.warenform.de.yml

@@ -0,0 +1,132 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_compiler_pkgs: true
+
+apt_install_postgresql_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: id-rsa-opendkim
+    priv_key_src: lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim
+    priv_key_dest: /root/.ssh/id_rsa-opendkim
+    pub_key_src: lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim.pub
+    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/copy_files.yml
+# ---
+
+copy_plain_files:
+
+  - name: monitoring_check_webservice_load.conf
+    src_path: lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
+    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
+
+  - name: postfix_create_opendkim_key.conf
+    src_path: lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
+    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
+
+  - name: postfix_whitelist_mb_sigs.conf
+    src_path: lists.mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
+    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
+
+  - name: install_sympa.conf
+    src_path: lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
+    dest_path: /usr/local/src/sympa/conf/install_sympa.conf
+
+
+copy_template_files: []
+#
+#  - name: mailsystem_install_amavis.conf
+#    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+#    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
+
+
+
+# ---
+# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
+# ---
+
+hostname: lists.mx.warenform.de
+ipv4_address: 83.223.86.78
+ipv6_address: 2a01:30:0:13:223:35ff:fef5:84b6
+
+admin_email: argus@oopen.de
+is_relay_host: false
+is_sympa_list_server: true
+
+# install_amavis.conf
+#
+mp_receipt_number: 106015125438
+si_authorisation_signature: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b
+
+
+template_files_mailsystem_script:
+
+  - name: mailsystem_install_postfix_advanced.conf
+    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
+
+  - name: mailsystem_install_amavis.conf
+    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf

host_vars/mail.cadus.org.yml

@@ -112,7 +112,23 @@ copy_plain_files:
     dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
 
 
-copy_plain_files_postfwd_host_specific: []
+copy_plain_files_postfwd_host_specific:
+
+  - name: postfwd.wl-hosts
+    src_path: mail.cadus/etc/postfix/postfwd.wl-hosts
+    dest_path: /etc/postfix/postfwd.wl-hosts
+
+  - name: postfwd.wl-nets
+    src_path: mail.cadus/etc/postfix/postfwd.wl-nets
+    dest_path: /etc/postfix/postfwd.wl-nets
+
+  - name: postfwd.wl-sender
+    src_path: mail.cadus/etc/postfix/postfwd.wl-sender
+    dest_path: /etc/postfix/postfwd.wl-sender
+
+  - name: postfwd.wl-user
+    src_path: mail.cadus/etc/postfix/postfwd.wl-user
+    dest_path: /etc/postfix/postfwd.wl-user
 
   # Postfix Firewall postfwd
   #
@@ -147,7 +163,7 @@ db_in_use: !!str "true"
 postfix_db_type: MySQL
 postfix_db_name: postfix
 postfix_db_user: postfix
-postfix_db_host: "127.0.0.1"
+#postfix_db_host:
 postfix_db_pass: T3CJnFMJNX9wmhNs
 
 # install_amavis.conf
@@ -196,9 +212,11 @@ autoreply_hostname: autoreply.cadus.org
 roundcube_db_type: mysql
 roundcube_db_name: roundcubemail
 roundcube_db_user: roundcube
-roundcube_db_host: localhost
+#roundcube_db_host:
 roundcube_db_pass: 'j3vqsK7Ldm7MxNjH'
 
+roundcube_acl_plugin: false
+
 roundcube_product_name: O.OPEN - Webmailer
 roundcube_support_url: https://www.cadus.org
 roundcube_skin_logo: "images/cadu_logo_webmail.png"

host_vars/mail.faire-mobilitaet.de.yml

@@ -195,8 +195,10 @@ roundcube_db_user: roundcube
 #roundcube_db_host:
 roundcube_db_pass: 'gqnzTrfsjnRv4PWW'
 
+#roundcube_acl_plugin: false
+
 roundcube_product_name: O.OPEN - Webmailer
-roundcube_support_url: https://www.cadus.org
+roundcube_support_url: https://www.faire-mobilitaet.de/
 roundcube_skin_logo: "images/oopen-logo.png"
 
 

host_vars/mx.warenform.de.yml

@@ -0,0 +1,227 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+apt_install_compiler_pkgs: true
+
+apt_install_postgresql_pkgs: true
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: id-rsa-opendkim
+    priv_key_src: mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim
+    priv_key_dest: /root/.ssh/id_rsa-opendkim
+    pub_key_src: mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim.pub
+    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/copy_files.yml
+# ---
+
+copy_plain_files:
+
+  # /root/bin/monitoring
+  #
+  - name: monitoring_check_cert_for_dovecot.conf
+    src_path: mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf
+    dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
+
+  - name: monitoring_check_webservice_load.conf
+    src_path: mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
+    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
+
+  # /root/bin/postfix
+  #
+  - name: postfix_create_opendkim_key.conf
+    src_path: mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
+    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
+
+  - name: postfix_postfix_add_mailboxes.conf
+    src_path: mx.warenform/root/bin/postfix/conf/postfix_add_mailboxes.conf
+    dest_path: /root/bin/postfix/conf/postfix_add_mailboxes.conf
+
+  - name: postfix_sent_userinfo_postfix.conf
+    src_path: mx.warenform/root/bin/postfix/conf/sent_userinfo_postfix.conf
+    dest_path: /root/bin/postfix/conf/sent_userinfo_postfix.conf
+
+  - name: postfix_whitelist_mb_sigs.conf
+    src_path: mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
+    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
+
+
+copy_plain_files_postfwd_host_specific: []
+
+  # Postfix Firewall postfwd
+  #
+  #- name: postfwd.wl-user
+  #  src_path: mx.warenform/etc/postfix/postfwd.wl-user
+  #  dest_path: /etc/postfix/postfwd.wl-user
+
+
+#copy_template_files: []
+#
+#  - name: mailsystem_install_amavis.conf
+#    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+#    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
+
+
+
+# ---
+# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
+# ---
+
+hostname: mx.warenform.de
+ipv4_address: 83.223.86.76
+ipv6_address: 2a01:30:0:13:231:32ff:fe8b:7763
+
+admin_email: admin@warenform.net
+is_relay_host: !!str "false"
+
+db_in_use: !!str "true"
+# postfix_db_type
+#
+# possible values are 'PostgreSQL' and 'MySQL'
+postfix_db_type: PostgreSQL
+postfix_db_name: postfix
+postfix_db_user: postfix
+#postfix_db_host: /run/postgresql
+postfix_db_pass: CbX8vg347Vvm
+
+# install_amavis.conf
+#
+mp_receipt_number: 106015125438
+si_authorisation_signature: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b
+
+# install_postfixadmin.conf
+# 
+website_name_postfixadmin: adm.warenform.de
+
+email_welcome_message: "\n
+Hallo,\n
+
+Ihre neue E-Mail Adresse ist eingerichtet.\n
+
+Das WARENFORM-Team\n
+
+--\n
+WARENFORM         |   Phone:  +49 30 / 61 65 17 52 -0\n
+Dresdner Str. 11  |   Fax:    +49 30 / 61 65 17 52 -66\n
+D-10999 Berlin    |   http://www.warenform.net\n
+"
+
+
+# install_update_dovecot.conf
+#
+dovecot_from_address: "warenform gbr <hilfe@kunden.warenform.net>"
+dovecot_reply_to: "hilfe@kunden.warenform.net"
+webmailer_address: "https://webmail.warenform.de"
+salutation: "Das WARENFORM-Team\n
+
+
+WARENFORM         |   Phone:  +49 30 / 61 65 17 52 -0\n
+Dresdner Str. 11  |   Fax:    +49 30 / 61 65 17 52 -66\n
+D-10999 Berlin    |   http://www.warenform.net\n"
+
+
+# install_upgrade_roundcube-webmail.conf
+#
+# Webmailer
+webmail_site_name: webmail.warenform.de
+autoreply_hostname: autoreply.warenform.de
+# possible values: 'pgsql' or 'mysql'
+roundcube_db_type: pgsql
+roundcube_db_name: roundcubemail
+roundcube_db_user: roundcube
+#roundcube_db_host: localhost
+roundcube_db_pass: 'Hoo5heis'
+
+#roundcube_acl_plugin: false
+
+roundcube_product_name: O.OPEN - Webmailer
+roundcube_support_url: https://www.warenform.net
+roundcube_skin_logo: "images/wf-webmail-logo.png"
+
+
+template_files_mailsystem_script:
+
+  - name: mailsystem_install_amavis.conf
+    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
+
+  - name: mailsystem_install_postfix_advanced.conf
+    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
+
+  - name: mailsystem_install_postfixadmin.conf
+    src_path: usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_postfixadmin.conf
+
+  - name: mailsystem_install_update_dovecot.conf
+    src_path: usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_update_dovecot.conf
+
+  - name: mailsystem_install_upgrade_roundcube-webmail.conf
+    src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf
+
+  - name: mailsystem_install_upgrade_roundcube-webmail2.conf
+    src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf.j2
+    dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf

host_vars/o25.oopen.de.yml

@@ -17,26 +17,156 @@ network_interface_required_packages:
   - bridge-utils
   - ifmetric
   - ifupdown
+  - ifenslave
   - resolvconf
 
 
 network_interfaces:
 
-  - device: br0
+  # Many device configurations are possible (as many as needed)
+  #
+  - device: enp41s0
     # use only once per device (for the first device entry)
-    headline: br0 - bridge over device enp8s0
+    headline: enp41s0 - primary device
 
-    # auto & allow are only used for the first device entry
+    # auto & allow are only used for the first entry of that devicei-name)
+    #
     allow: [] # array of allow-[stanzas] eg. allow-hotplug
     auto: true
 
     family: inet
+    
+    # The statisc Mode
+    #    Options
+    #       address        <dotted quad address[/netmask]>
+    #       gateway        <dotted quad address>
+    #       pointopoint    <Address of other end point (dotted quad). Note the spelling of "point-to">
+    #       hwaddress      <mac-address>
+    #       mtu            <size>
+    #       scope          <Address validity scope. Possible values: global, link, host>
+    #
+    # The manual Method
+    #    Options
+    #       hwaddress      <mac-address>
+    #       mtu            <size>
+    #
+    # The dhcp Method
+    #    Options
+    #       hwaddress      <mac-address>
+    #       hostname       <Hostname to be requested (pump, dhcpcd, udhcpc)>
+    #       metric         <metric>
+    #       leasehours     <Preferred lease time in hours (pump)>
+    #       leasetime      <Preferred lease time in seconds (dhcpcd)>
+    #       vendor         <Vendor class identifier (dhcpcd)>
+    #       client         <Client identifier (dhcpcd), or "no" (dhclient)>
+    #    
+    # The bootp Method  
+    #    Options
+    #       bootfile:      <file: Tell the server to use 'file' as the bootfile.>
+    #       server:        <address: Use the IP address 'address' to communicate with the server.>
+    #       hwaddr         <mac-address: Use addr as the hardware address instead of whatever it really is.>
+    #    
     method: static
-    hwaddress: 00:d8:61:0e:b9:1c
+    
+    hwaddress: 
     description:
-    address: 144.76.24.11
-    netmask: 27
-    gateway: 144.76.24.1
+    address: 65.109.28.179
+    # dotted quad or number of bits
+    #
+    # the entry will be: address/netmask
+    netmask: 26
+    gateway: 65.109.28.129
+    metric: 
+    pointopoint: 
+    mtu: 
+    scope: 
+
+    # additional user by dhcp method
+    #
+    hostname:
+    leasehours:
+    leasetime:
+    vendor:
+    client:
+
+    # additional used by bootp method
+    #
+    bootfile:
+    server:
+    hwaddr:
+
+    # optional dns settings nameservers: []
+    #
+    #    nameservers:
+    #      - 194.150.168.168  # dns.as250.net
+    #      - 91.239.100.100   # anycast.censurfridns.dk
+    #    search: warenform.de
+    #
+    nameservers:
+      - 185.12.64.1
+      - 2a01:4ff:ff00::add:2
+    search:
+
+    # optional additional subnets/ips subnets: []
+    # subnets: 
+    #   - '192.168.123.0/24'
+    #   - '192.168.124.11/32'
+
+    # optional bridge parameters bridge: {}
+    # bridge:
+    #   ports:
+    #   stp:
+    #   fd:
+    #   maxwait:
+    #   waitport:
+    bridge: {}
+
+    #  optional bonding parameters bond: {}
+    #  bond:
+    #    master
+    #    primary
+    #    slave
+    #    mode:
+    #    miimon:
+    #    lacp-rate:
+    #    ad-select-rate:
+    #    master:
+    #    slaves:
+    bond: {}
+
+    # optional vlan settings | vlan: {}
+    # vlan: {}
+    #   raw-device: 'eth0'
+    vlan: {}
+
+    # inline hook scripts
+    #
+    # example:
+    #
+    # up:
+    #   - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0"
+    #
+    pre-up: [] # pre-up script lines
+    up:
+      - !!str "route add -net 65.109.28.128 netmask 255.255.255.192 gw 65.109.28.129 dev enp41s0"
+    post-up: [] # post-up script lines (alias for up)
+    pre-down: [] # pre-down script lines (alias for down)
+    down: [] # down script lines
+    post-down: [] # post-down script lines
+
+  - device: enp41s0
+    # use only once per device (for the first device entry)
+    headline:
+
+    # auto & allow are only used for the first device entry
+    allow: [] # array of allow-[stanzas] eg. allow-hotplug
+    auto: 
+
+    family: inet6
+    method: static
+    address: 2a01:4f9:5a:1a07::2
+    netmask: 64
+    gateway: fe80::1
     metric:
     pointopoint:
     mtu:
@@ -64,8 +194,6 @@ network_interfaces:
     #    search: warenform.de
     #
     nameservers:
-      - 195.201.179.131
-      - 95.217.204.204
     search:
 
     # optional additional subnets/ips subnets: []
@@ -80,24 +208,15 @@ network_interfaces:
     #   fd:
     #   maxwait:
     #   waitport:
-    bridge:
-      ports: enp8s0 # for mor devices support a blank separated list
-      stp: !!str off
-      fd: 5
-      hello: 2
-      maxage: 12
+    bridge: {}
 
     #  optional bonding parameters bond: {}
     #  bond:
-    #    master
-    #    primary
-    #    slave
-    #    method:
+    #    mode:
     #    miimon:
-    #    lacp-rate:
-    #    ad-select-rate:
     #    master:
     #    slaves:
+    #    lacp-rate:
     bond: {}
 
     # optional vlan settings | vlan: {}
@@ -106,18 +225,119 @@ network_interfaces:
     vlan: {}
 
     # inline hook scripts
-    pre-up: [] # pre-up script lines
+    pre-up: []# pre-up script lines
     up: [] # up script lines
     post-up: [] # post-up script lines (alias for up)
     pre-down: [] # pre-down script lines (alias for down)
     down: [] # down script lines
     post-down: [] # post-down script lines
 
+# ---
+# vars used by roles/ansible_dependencies
+# ---
 
 
-  - device: br0
-    family: inet6
-    method: static
-    address: 2a01:4f8:191:b::2
-    netmask: 64
-    gateway: fe80::1
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+#apt_manage_sources_list: false
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: sysadm
+
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+
+sudo_users:
+  - chris
+  - sysadm
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+git_firewall_repository:
+  name: ipt-server
+  repo: https://git.oopen.de/firewall/ipt-server
+  dest: /usr/local/src/ipt-server
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $y$j9T$myZ6f5/klmH0HDN2mb9tv/$s/bBrr6PEXdEgtn9CZYzBNZsA4.r6gWYYeZ4LAYotp9
+

host_vars/o25.oopen.de.yml.BAK

@@ -0,0 +1,123 @@
+---
+
+# ---
+# vars used by roles/network_interfaces
+# ---
+
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: True
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: False
+
+network_interface_path: /etc/network/interfaces.d
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown
+  - resolvconf
+
+
+network_interfaces:
+
+  - device: br0
+    # use only once per device (for the first device entry)
+    headline: br0 - bridge over device enp8s0
+
+    # auto & allow are only used for the first device entry
+    allow: [] # array of allow-[stanzas] eg. allow-hotplug
+    auto: true
+
+    family: inet
+    method: static
+    hwaddress: 00:d8:61:0e:b9:1c
+    description:
+    address: 144.76.24.11
+    netmask: 27
+    gateway: 144.76.24.1
+    metric:
+    pointopoint:
+    mtu:
+    scope:
+
+    # additional user by dhcp method
+    #
+    hostname:
+    leasehours:
+    leasetime:
+    vendor:
+    client:
+
+    # additional used by bootp method
+    #
+    bootfile:
+    server:
+    hwaddr:
+
+    # optional dns settings nameservers: []
+    #
+    #    nameservers:
+    #      - 194.150.168.168  # dns.as250.net
+    #      - 91.239.100.100   # anycast.censurfridns.dk
+    #    search: warenform.de
+    #
+    nameservers:
+      - 195.201.179.131
+      - 95.217.204.204
+    search:
+
+    # optional additional subnets/ips subnets: []
+    # subnets: 
+    #   - '192.168.123.0/24'
+    #   - '192.168.124.11/32'
+
+    # optional bridge parameters bridge: {}
+    # bridge:
+    #   ports:
+    #   stp:
+    #   fd:
+    #   maxwait:
+    #   waitport:
+    bridge:
+      ports: enp8s0 # for mor devices support a blank separated list
+      stp: !!str off
+      fd: 5
+      hello: 2
+      maxage: 12
+
+    #  optional bonding parameters bond: {}
+    #  bond:
+    #    master
+    #    primary
+    #    slave
+    #    method:
+    #    miimon:
+    #    lacp-rate:
+    #    ad-select-rate:
+    #    master:
+    #    slaves:
+    bond: {}
+
+    # optional vlan settings | vlan: {}
+    # vlan: {}
+    #   raw-device: 'eth0'
+    vlan: {}
+
+    # inline hook scripts
+    pre-up: [] # pre-up script lines
+    up: [] # up script lines
+    post-up: [] # post-up script lines (alias for up)
+    pre-down: [] # pre-down script lines (alias for down)
+    down: [] # down script lines
+    post-down: [] # post-down script lines
+
+
+
+  - device: br0
+    family: inet6
+    method: static
+    address: 2a01:4f8:191:b::2
+    netmask: 64
+    gateway: fe80::1

host_vars/oolm-shop-dev.oopen.de.yml

@@ -19,7 +19,7 @@
 # vars used by roles/common/tasks/sshd.yml
 # ---
 
-sshd_password_authentication: !!str "yes"
+#sshd_password_authentication: !!str "yes"
 
 
 # ---
@@ -31,6 +31,80 @@ sshd_password_authentication: !!str "yes"
 # vars used by roles/common/tasks/users.yml
 # ---
 
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: ilker
+    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
+
+  - name: ilker-sudo
+    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
+
+  - name: shop
+    password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7Vfsl2u55IYnkPMxRI+CK+33wUKR+XR6B160J6xOGe6LnHTsqgAGrjR5nhy7ieQZo4tGFORkikRrwz+H9mQulCsvtCrhh+Gjdkut4SzQbZsE0yLaNKflT3etR6dwKnX5HrqTtkZZ6D/Bi6392xrEy94590nNWZm5M6Vi0DIztt2jqUEiHrcJomPu1RDhl0OLxG/+/gyo9Td3p8olcW6Xk4q8w4GVHZ3sTB+jsMHEMbG6KqkA+eR/agNlxqngPO0Pz3yd5ciOmF+E6Yf47WwlHctBs6Zs/8s1jFFjLqe9k0F6rzY2S7hLaoREXgf+SNRcaN4Y97yRPzeMspvJebwx shop@oolm-shop.oopen.de'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAybUzbWpMfAKzlapkec/IdznX8WGLES2AAsb94W5iO1VvFQfUseML5J91UB+LMl18jFFolk6tPqHL/F18sfFQ6dKtTh+JL87Bve8MrP/VWli+jdlSvX7k84eHxPYLpJQIfab/Th1DSXbF7E9xT9Z0iGxylaRja3FNYNT2Q0+clwUMcYX1mm47xVsM4JGsTDTTNV1CgxLphlajFbLgRlicCam6Vxr68k1sLRsu+iuie1AmUaR3Zvm9VH7/nbSpSxe0NN2FtMfxBTk54/rpr3MLhxgJDGjHILfOaGCL+vR3pK4isAvlnShpPphP6f9F/LFjitLAQ9Onpe/+MRxhCjvAi/uihM8xOmON1FRF1WW1NlPz2avod9BFHc7onct/+LalqiTtRkIiGAzLvar279J82abpsVjdYIHmcjz/z4RReEKLjvKCAy4Sdl8Msz60G0f7tXYowYQVpdYp68Cvc4x4d2LElKP0uAHe5wzfUL1haBbjiar8yECgvna20dof9rgzPRHffv9CeTxHxiBLAidb9jZer80StSKhCTbPBqyaTjzWLqegXY9UH92z82yVaW4jVu/43/OUlywd1AjLTcQKE+oI+3515bzXkGGNIDOdJ9AxLSNMpbHAAQ+E8UxplSiLSNYpxWpbnhlnKF+NpMoA+IUVQXJNa8Y291cwx/bNJTk= thomashauck@Thomas-Haucks-iMac-3.locali'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzEcbz4Jne4lZup1qB8nk8SnUv8xWvpgE6tYiLqsyve7+BGCtA01tM3CWcafRwffw3I/Tmw1PG2T+gEGKSIscKoBGNbpFeA3dSnG/d811VWPyN4j6DcKHDW5njdt+XdUkPTA2Xm2mcNayBovMP5ld2VgEqsYPFpNkcIx4Qsh4URRoVwM0a1CGW5eBWa5gwYypfiK9m/DyiA6gX0fCJKS64GKUilYyrwSSatlt8tkOw3Kb8A39AViYL243zFzrPSNvBRnkp81pOt3khNxB3V07CGUERPTvh4B/mKb3g5yBynLjzvbJkGboR+zzTYGiWPNlwgNOhzIP3h/YnMb3JKJzx shop@oolm-shop'
+
+  - name: sven
+    password: $6$tUJZYAXg$DnHWYkGxXlkFTcyWKO3BvP34OekepDb8x19op8C/AzXxTtXrkE2CCeXhtkVu.89dWybdJPI23TVNpsd3dIyPA1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcm/+4FQ8yFKM05jut+Tsrd6ZHVvUpbKO1ezbpRagvh8s7LTclxRwBEktQD/lJgC7X2H1d4QF71MRcEjfmmH51r1MI5s+mV2KbowUh39io0e0qQrPKlX23872miyjIBMtESHTzWGWJo4VnOBWOoWzUu+sVpDPZ1bVw9EN3Iboq3q7i4pZLj85ASb8pZBJvCWqtOgDZ5qnbvmpPeewgfAOmSvQh1qdDW63pcbupwY/peneUUOCkIE91oCCW5ZKH4El+OGXDm4jKY5Z6Dh9nVcHsJ3Burp/2rPJr27TyhqeezewbyO5Y/XTm1/nx3iNnIudy7fF/N/DlHvb3RJLI+P/3 sven@oolm-shop-dev'
+
+  - name: sysadm
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+sudo_users:
+  - chris
+  - sysadm
+  - ilker
+  - ilker-sudo
+
 
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml

host_vars/oolm-shop.oopen.de.yml

@@ -19,7 +19,7 @@
 # vars used by roles/common/tasks/sshd.yml
 # ---
 
-sshd_password_authentication: !!str "yes"
+#sshd_password_authentication: !!str "yes"
 
 
 # ---
@@ -31,6 +31,72 @@ sshd_password_authentication: !!str "yes"
 # vars used by roles/common/tasks/users.yml
 # ---
 
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: ilker
+    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
+
+  - name: ilker-sudo
+    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
+
+  - name: shop
+    password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7Vfsl2u55IYnkPMxRI+CK+33wUKR+XR6B160J6xOGe6LnHTsqgAGrjR5nhy7ieQZo4tGFORkikRrwz+H9mQulCsvtCrhh+Gjdkut4SzQbZsE0yLaNKflT3etR6dwKnX5HrqTtkZZ6D/Bi6392xrEy94590nNWZm5M6Vi0DIztt2jqUEiHrcJomPu1RDhl0OLxG/+/gyo9Td3p8olcW6Xk4q8w4GVHZ3sTB+jsMHEMbG6KqkA+eR/agNlxqngPO0Pz3yd5ciOmF+E6Yf47WwlHctBs6Zs/8s1jFFjLqe9k0F6rzY2S7hLaoREXgf+SNRcaN4Y97yRPzeMspvJebwx shop@oolm-shop.oopen.de'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAybUzbWpMfAKzlapkec/IdznX8WGLES2AAsb94W5iO1VvFQfUseML5J91UB+LMl18jFFolk6tPqHL/F18sfFQ6dKtTh+JL87Bve8MrP/VWli+jdlSvX7k84eHxPYLpJQIfab/Th1DSXbF7E9xT9Z0iGxylaRja3FNYNT2Q0+clwUMcYX1mm47xVsM4JGsTDTTNV1CgxLphlajFbLgRlicCam6Vxr68k1sLRsu+iuie1AmUaR3Zvm9VH7/nbSpSxe0NN2FtMfxBTk54/rpr3MLhxgJDGjHILfOaGCL+vR3pK4isAvlnShpPphP6f9F/LFjitLAQ9Onpe/+MRxhCjvAi/uihM8xOmON1FRF1WW1NlPz2avod9BFHc7onct/+LalqiTtRkIiGAzLvar279J82abpsVjdYIHmcjz/z4RReEKLjvKCAy4Sdl8Msz60G0f7tXYowYQVpdYp68Cvc4x4d2LElKP0uAHe5wzfUL1haBbjiar8yECgvna20dof9rgzPRHffv9CeTxHxiBLAidb9jZer80StSKhCTbPBqyaTjzWLqegXY9UH92z82yVaW4jVu/43/OUlywd1AjLTcQKE+oI+3515bzXkGGNIDOdJ9AxLSNMpbHAAQ+E8UxplSiLSNYpxWpbnhlnKF+NpMoA+IUVQXJNa8Y291cwx/bNJTk= thomashauck@Thomas-Haucks-iMac-3.locali'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzEcbz4Jne4lZup1qB8nk8SnUv8xWvpgE6tYiLqsyve7+BGCtA01tM3CWcafRwffw3I/Tmw1PG2T+gEGKSIscKoBGNbpFeA3dSnG/d811VWPyN4j6DcKHDW5njdt+XdUkPTA2Xm2mcNayBovMP5ld2VgEqsYPFpNkcIx4Qsh4URRoVwM0a1CGW5eBWa5gwYypfiK9m/DyiA6gX0fCJKS64GKUilYyrwSSatlt8tkOw3Kb8A39AViYL243zFzrPSNvBRnkp81pOt3khNxB3V07CGUERPTvh4B/mKb3g5yBynLjzvbJkGboR+zzTYGiWPNlwgNOhzIP3h/YnMb3JKJzx shop@oolm-shop'
+
+  - name: sysadm
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+sudo_users:
+  - chris
+  - sysadm
+  - ilker
+  - ilker-sudo
+
 
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml