ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2022-11-17 18:10:40 +01:00
parent f80772ed42
commit 45115c6700
75 changed files with 5165 additions and 436 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAt9Qh2dKZHZnFFaOuC3lHzf0G2Msxl4obACGEpo0a7MYcMId9
AnrvFTbpAyla0H7u4TubESGvFY//A69RZy2c5yL2u3UapwielhxbEyxaA7gVOd6s
XoBPnxA36GBFSaUQ+hM0gMv1yUFH5DWCDxTN39ooJk8dhoxrZIPoyhg7v1BxKGtO
0aKijOHh70SPW4zogGK+Y/OxpMs39OQup05Nw/Al1/+jCBtrQtL8imjYHBYD+Fcj
IdRW/J1a+YB4g0mryu9WPvTd8hkcvEAUv2vwK7A90d1R/7Y9UXmgAYl3HCfkq3c0
/PcBN7VfKmQyspmxJuphc/M9KRV8YrBtxdfZlOL62mbyuHX+RP0p2Oqh6Va4AzVy
FKV8dFA0diFbL7xbMRcz34QwitdHt2JNf3LUZGWWmOcfuJeFom4x9gScaWAMa4ho
z9cVonC1MsG2tT6SRunU0Eotn7sCgcV8PmP1xkQPtslxmHuvO1geaZIfMuVlVUGW
wnk4sSFZXsB4qzDqgncPrxU+0vhzmXVwOFCDPJxwM7n8UFbLMWxmQ96/Nd2HEm1c
pqF87Xu7hkEtuKH7trtYdRS75zw4wqyjXZK+gK4Vb2w3Id8j7czxtHWF+Yf38ko1
WTzgD8cGlQ5Fsl0nJHhp2MTyIWOR+Mgl9by0e12oiHzO8yzWApDoxt3xH+0CAwEA
AQKCAgAPBrMBqBpF9iTLAQcf/vjkmJMvs2RJW8ubNiIurwgNZKA3Q0vvoPbcCBIB
5SZ8NnP2SzYAr30tSQjyVylTQsI5jn0Wk5rrHmRAJu824QA2n5x0j4QNcXWQrfWz
8/KV830ww9Md2A4uNjzXJZyM+QlfC+kOQJdMQTwiCjpEErkHiV7GjAb0UdPxqiEa
usLxG9KBdBDWALx7mPTo+qHpoRfwNTgSsN21svAQlUh5U9qeaRpH+W9wu3ekzIP8
MwkmyiXVv7yQBtoBiRX1OVO41eza1VwoRGwId/AJMeTnW0I2NfiWH3dgWhxqXlP6
FhiiyrdVVAFFRhOwwQXa10sRyfQJ+Q/Fb7/HeU3ANJzBa84R77Kk5C6Hut/Dwjd7
lw7uLB1eRYpEFcr7JJysjFXEmVwhYBYf5KBAVFKD1HFwV5uDUtwG70lp3ls+coJC
cPncaE4gOk7Yl2jOHqckeEThZ0LKP13I2wa4Mn2NNZUu4d0Q6n2BBHwZAmd4QHzP
97St7QZh2c7SvGZzdyGJYiOL6d+Ta7/LU6Dh0I0UbGhsNC9CBA3fqhImvU+tqK0f
I0umo3PRrcrkQ2NSISiy/888bgo380ku12rOTaICxX+sD6O2sm1VaeeHr/nJ5pbK
rVizaSwTRWS13CX2gmXz2YzxcAi1M069fAb9MAU9833UgOW0gQKCAQEA3CYTKdzT
txZYtVNCHObDZo11D6LrdYeSslVmjagfSm4GGl9xDFVgVmW+CudA8ey4zzwLqySW
6Q2sRBqknJr/D8DTon0WezKocIUXUwy9zEQmDhq54ylkeZVno2GXMv/m6Qz59gE8
Xb0HvXvKt6dOaDp+d8IOSoYahRk3o0jHoRH9Ca/9XEqGgCZcJI94csn+KsjfXymT
UYWdzei6vey6WgWrN1JdAnvXxI98SZukmQM+LiPkBkMxJ4kzOm9kMcqaVjNQJIIy
6Ukx56MNcuZ2ijG4TAvfaZBG8Wm/arn/1Wl5Uo4es70z//s6mQcthDOMOf5eIS2w
s2EtNYAdDE/94QKCAQEA1cPipN7hA6l80mCZW36QwVqmSfbst10sEjkyuRex0p+W
8eiRcjbHUKxlY7aspgyTQL3bI/wKqwkJ2uTEw5824EN6r0hUZN2JwjiRaNHBcC1S
AujUNDLxWoCX/Kte4Z+LDNP9ijNGsqyWwfIqS98gAZFR5ANeeYK4oy1BOrBohab4
lku9nGp8FjFnAKU0BL4zJoVNBeTgaSdT/XPOM1eDt+LnbcUNSmZNFbUCD+efMEc4
Gq2cXnDNL+7fLgvSIbLD6XBhfEpU93bWfUBuv7sRuicl6RcY1uu482YzP7LY6PdT
0SGUp/A5f3mUlaKhLdcJbAS7yam1Nnwldl8nXu2rjQKCAQBEjNqUw31tWlj/BVDl
3PllWpDj8JAvBaspOqx3Wa18qKvf1G5IL+GSpZW6oW24p0SYyxK7FOak5SwJ/N3b
IexgRGPiCd9RN2H5v4eWxbXoACR1ad8OHBp8PYiK+F1zdPm7Ad5nutTIP49EcmKa
M0+X5vbwZY27qOxjG4oWnxgCUK6hMJrM/SvKhadVfxM7cyhgvDHJ2RFVZizQLDLR
5v/T/kXlMRFjL5rtStyhswRa3QakqWpchNmufOtlu7/QPU03oDzJUX125OLURRJv
/9FTkM3ZaC0GGvXsQEhpfEdsda5ghX6L61Ng1yLU+cYzjzWP7WP0It0Nzimcqirh
ZZshAoIBAA/pKp9272ykWuQVyJRk0UVzB9mNhYUIbFVW6I2aU+QHeOa8lsbXiPJa
QpmvaR5a5UL2Xq9I/UpJu/ANAxBEc4Mxwpn1WkK/spdAOqKAqlM9LFOHHPRdrlU8
KRPndYJ5q5Hi3YZB1stJyVbaPYe0Ld+v/1ZnYcrNjgynO6mwo7b+/JXDQXO5AU9t
kescYMjRl2EQnvEHXiS1hqzgx8JOi0FOpEcpWZnmD2rENEkWxmSDiIuDzJXC86LT
tszomFVlxutDMB5eMgDRWZmtCBFBTUp7y3iT/YdRuEx1mO7u0vJUJmr0guoVGVKB
rCuPFUwiK1Nc7tVNym0pxGgRIQ8RxakCggEBAJa+qKh7dyN+w6Txke8sGB+tyATX
JQgrfE9UEgrAL0e/0XS6UCD0AGH7rlmxEJH6OXJm3Lq/C2pe7+UMZXKPyfHG192v
BBA690lkxsqGVynq66ORidxK5xyX5k/YCWCoQT6BlvdX9UiSX45Pr4zgpGkWUBZ8
Ak+8E+AQ8KawwzAOHAlCwOlwXoRejpvzX15+WNlJIHzWN3LUzU7WfLUpSRrhPEfL
YvOD4OHRyAjCPkJA2FjKDvO4ohAiTfIHWV4BdWD4MieOQda+0Yf8o3nikAVbuf3D
zfOeHc3UbA6EKbsDV2jxjdgytycsJWUXjqgLVkInt4AYyoqh41QUdm9sBUM=
-----END RSA PRIVATE KEY-----

1
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC31CHZ0pkdmcUVo64LeUfN/QbYyzGXihsAIYSmjRrsxhwwh30Ceu8VNukDKVrQfu7hO5sRIa8Vj/8Dr1FnLZznIva7dRqnCJ6WHFsTLFoDuBU53qxegE+fEDfoYEVJpRD6EzSAy/XJQUfkNYIPFM3f2igmTx2GjGtkg+jKGDu/UHEoa07RoqKM4eHvRI9bjOiAYr5j87Gkyzf05C6nTk3D8CXX/6MIG2tC0vyKaNgcFgP4VyMh1Fb8nVr5gHiDSavK71Y+9N3yGRy8QBS/a/ArsD3R3VH/tj1ReaABiXccJ+SrdzT89wE3tV8qZDKymbEm6mFz8z0pFXxisG3F19mU4vraZvK4df5E/SnY6qHpVrgDNXIUpXx0UDR2IVsvvFsxFzPfhDCK10e3Yk1/ctRkZZaY5x+4l4WibjH2BJxpYAxriGjP1xWicLUywba1PpJG6dTQSi2fuwKBxXw+Y/XGRA+2yXGYe687WB5pkh8y5WVVQZbCeTixIVlewHirMOqCdw+vFT7S+HOZdXA4UIM8nHAzufxQVssxbGZD3r813YcSbVymoXzte7uGQS24ofu2u1h1FLvnPDjCrKNdkr6ArhVvbDch3yPtzPG0dYX5h/fySjVZPOAPxwaVDkWyXSckeGnYxPIhY5H4yCX1vLR7XaiIfM7zLNYCkOjG3fEf7Q== root@d.mx-dehydrated

51
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAs+Uv/Jbak2qHe4WSblP3AvgDjvjqILHQb+G7O3UV0ePRuApk
5Ju2JHsUQV3lvK1QpR+AGsqqiSofUGw03FISzQKH3tH4UsYYKa7SxFS7v4pZyeDD
q8Ye9M1IF8bvOnyQORNzgFUjN7w30+RGOFuQNTCbdcuLa/UVmS6buvDvQiT1OH1n
CNOoeckpnUlVXB4QQDT4xw0iYjln8NX2dDtabRBX+KP9CL86tbu2I6/At0R+cTh9
gSM25w0XEeM8uTljXP4Bq9P/wrjkG2fxoawLVm/7NIn42WMRy2NaosunOFAxj9me
iYoqN+7xQrHpSLyr4XP53alIKOBD+N92LSQ8MvgeaY+ci/u7A+P5b6iz6E1+l2Ds
EIpbjw6GRjLWtYJU75DX2cJwjuBzLGHtY88uK/A7IxWnULblB4UNntsjL+FSf/oA
ecu7+/DbjAlSfrXbQMgbwsY7cHmt8tSifz8FQcgJb9bkc7CNxL48MXcxqqN5pRFg
bq8LZq9K1lfWZzA8G6lC+Jb1xP6ndd/MkzuW5ucDYAM7FI+/7i9WNy/Uc/jp0Zvp
YXSNfYbjTItmL/bkHJtpDRW2ZTVbutsjkSZeody5Kp+s28aTWdnbmWVAn0cP2z9V
mMh8nsUXg0/+V/6WldwhNv48l22joTdmrIEEtYOL3mUD5N6A/fy52TkhEAcCAwEA
AQKCAgBb4D5805K4XVzqchKSNGHga0ht+aShpA7fRTs5p5fIRYEzbGOQ+hGxWgbD
R7Bwh1e7rXXguQcV3KR3j3wD1gryF0vLOhOIOtHWYAoW6Wul7IPk/d0RWrMutbUP
J7PAfCOwcsW3kkPVUFR27IwMdn8VG0kahSUkstwgCtTQSgL4FiYDftBjiq3t3RZa
1Tw6OsRz9lnkV0nrPoReVPh07mdFcmZrf11Y3UmfzUm9uiJDt0CYlJBMpu6AXIge
w56cvrmHoda6qiBik8k0UgbvWg3ETJbQg3LLm7RX2ttMb5Rsx1A4tp0og58CSA+B
z5lkY6+pCnFfivhmn/s3HPGfJnVzepNRuRAbK1os3G044EJ1RA00SLm/LPLMwG+z
FNnX8ylkOOKppYqQeFxZ2CR8NmJH97mmW6FDV5P7WUlsvWI2A3dIe3yFX7WW2Xid
oMrW/Q4HEvFT+oeBEPEUiRLyQrtNa3/VHyiDqF+v45Sm5S7VHddQOhyf8L75G0ol
dVwqjfZJcK7NsonFgSklt9v7enXapI5i0ASsQE3ElWMvGv7uln2CXiKe1RPioKO7
lMbDRF7RnG3AQSRnbShIRDagP0V21CXVZ2JYzNJ6rmFnEqOoLgUdUhkRbgCb+4hJ
LfX9cX9R4lj84y7HcJOPJOUgDAcjGZlIeNixX888rqPftdrA+QKCAQEA6awS4Ghh
qXzorBfdqxfrZ2A2iUMUTuaUUC0XYkI35dSZXr8QKmRjWqT+jUydBqtbLlXCG3XX
G1+Z5MEzfVACQ4BoPP0EBIMgMIidABVc8C2RR1VMce2ng19GmW47/sW1ObC/ghVb
Bxmoj4/t5W30kxjXdb5JXal68j+dFl7uUyKjgtvQWjrcuOaKCT6PoXXxG6NOpPoi
tOyGM90qGKqWIElHPpprSWvZOAwGD/Z7jnYl4ODKDQvmk4Yt58pdCSr1sZrevna+
rIgIEhiQF+ffTyK7XgXAuGQPhYrMviAo3376oAB6HcyYr/CPwQ3bu6p09B0eE3FI
mhvk7kBhnBN2NQKCAQEAxRWpF9XZ2UuuPTYg+Vqwes7PLc/Dc+j6QohM/7PV29Hl
fJAJli4BqdqNdmmRSo+SAIwNaJvPpU0RUL/Fxa7ePmWVyTKJgG+zban8uT+FGGNl
QpcwICkytpw3ZJf66i0lU7JM7Mkjvs4nIAmQMzl8noc6bxcU+mHqEa/XpI/4e+14
++Ixu+OWwZd5tVzon2s9oAv6dzrNDvcCqaEEmXBL3Ylh1pjYcvW2K6+hxQy3+JgD
0CysrqOfPZ6IRgs9Yn2zZDlWQ715T0hdf669253qdTZwieUs2kYVQUaxtBnUuJzq
UHlARm59wWa9PAiLvilgu0U4Rn0nqczvxXdUpaOEywKCAQB7KNSyLpH68Pj5a4LM
IMlULSPRaOeVRna5Y2rFwT0RB+LmSzHMBilPp1L7Snwg/cQLQewS6SM9LEBCj4oB
7F+lEFLggkLR1gLrUbXeS2Q2uu2teUnXank2BsuBJta8S5xfEcd+Wp8luOJc+HFc
0X1s4lT9nBOzKBbDA8BaACMA8mrYF99TD18ynV/3y1+MrEsuU/6peaU9UsTRJSqA
4bhKwBSq7FzLz+onXj77vuAUkDUat6AHDFS1QK2FU+WBZYEl4Qixvoh1CyWl1Ahu
cSoD3bx/q+yNwz9jFWsgcnbYhWa3WkkC18lKQjKigBlmaktGNuqZOMYZY8ZfxNMt
nhxZAoIBAQC4MVBBiIn7fbGwX6Bdq5Z4kEQs6pofAES0XbKo4CglM3wo+G0dQI4p
cqr3Wh6B8sBfZoU5mTVtpiNitnheEtp+sm5VBbhgowSsn0wkzerUKkD/BVHjHN3a
sRFMIIZOyjayjFc8jZeswfrrBEUSus1vU68XGBlxEIW0VgVSNYPkPsLtli8pDMFe
2PTUvapjI9UKeWdyezAepliEtIoZ5UviFn2sFFlmx6GkHpcwFHz0Bw65Rqd06FLx
QfLWk7ahEB3Ss4ud770qjdVkeanTUTlIpsJy/g73SLygrzNxwRqAF5cd8tRRfv5k
/GIrc0k3RnCzVTQNHPcuyOvmP2qLC9IVAoIBAQDoC9nZ2nioMfS4lsJ2IUMLyknz
Ji8ME5g4a64yDfaFjK9DLASAqjrflCtavgj5dAGMZmltNS1EN89lIPNNj1IrHVM0
FHqUry9WkRQ0PxFvyJkhJ5w0sfiepocWWE0JhTDweDFKm/I7x0ZNBWOKzA3Myljv
PxSsh97Gkvcv69m6GDI8vfOc7kSGephchz94jH9IcmfG2EJjEfW1AynVVGtyniv/
Dyq0EtDZqyiIFoCJzEXu+qm4sJk5RbKkMHRGDEN8BOwSFS0lPx3Tges0ORD03+EB
Iop6GLArJCkxay6XznpLC1SK/9Nf/3lSLpHwQ7lscKOux2OQh2l0p8kW1+gh
-----END RSA PRIVATE KEY-----

1
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz5S/8ltqTaod7hZJuU/cC+AOO+OogsdBv4bs7dRXR49G4CmTkm7YkexRBXeW8rVClH4AayqqJKh9QbDTcUhLNAofe0fhSxhgprtLEVLu/ilnJ4MOrxh70zUgXxu86fJA5E3OAVSM3vDfT5EY4W5A1MJt1y4tr9RWZLpu68O9CJPU4fWcI06h5ySmdSVVcHhBANPjHDSJiOWfw1fZ0O1ptEFf4o/0Ivzq1u7Yjr8C3RH5xOH2BIzbnDRcR4zy5OWNc/gGr0//CuOQbZ/GhrAtWb/s0ifjZYxHLY1qiy6c4UDGP2Z6Jiio37vFCselIvKvhc/ndqUgo4EP433YtJDwy+B5pj5yL+7sD4/lvqLPoTX6XYOwQiluPDoZGMta1glTvkNfZwnCO4HMsYe1jzy4r8DsjFadQtuUHhQ2e2yMv4VJ/+gB5y7v78NuMCVJ+tdtAyBvCxjtwea3y1KJ/PwVByAlv1uRzsI3EvjwxdzGqo3mlEWBurwtmr0rWV9ZnMDwbqUL4lvXE/qd138yTO5bm5wNgAzsUj7/uL1Y3L9Rz+OnRm+lhdI19huNMi2Yv9uQcm2kNFbZlNVu62yORJl6h3Lkqn6zbxpNZ2duZZUCfRw/bP1WYyHyexReDT/5X/paV3CE2/jyXbaOhN2asgQS1g4veZQPk3oD9/LnZOSEQBw== root@d.mx-opendkim

154
roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,154 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=true
check_apache=true
check_php_fpm=false
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args="--login-path=local"
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

175
roles/common/files/d.mx/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,175 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
#dns_dkim_zone_master_server=""
dns_dkim_zone_master_server="b.ns.oopen.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
#key_secret=""
key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
#key_name=
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

44
roles/common/files/d.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

138
roles/common/files/d.mx/usr/local/src/sympa/conf/install_sympa.conf Normal file
View File

@ -0,0 +1,138 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------
# - Configuration for sympa install script
# ----------------------------------------
# - PREFIX
# -
# - Sympa Installation directory
# -
# - Defaults to: "/usr/local/sympa"
# -
#PREFIX="/usr/local/sympa"
# - SYMPA_USER
# -
# - User under which Sympa services are running
# -
# - Defaults to: "sympa"
# -
#SYMPA_USER="sympa"
# - SYMPA_MAIN_CONF_DIR
# -
# - Sympas main configuration directory
# -
# - Defaults to: "/etc/sympa"
# -
#SYMPA_MAIN_CONF_DIR="/etc/sympa"
# - SYMPA_LIST_DATA_DIR
# -
# - Data directory for sympa lists
# -
# - defaults to: "/data/sympa/list_data"
# -
#SYMPA_LIST_DATA_DIR=/data/sympa/list_data
# - SYMPA_DOMAIN
# -
# - Note: if sympa will be configured to support multidomains
# - this (SYMPA_DOMAIN) should not contain list definitions
# -
# -
SYMPA_DOMAIN="sympa.oopen.de"
# - START_AT_BOOTTIME
# -
# - Defaults to: "yes"
# -
#START_AT_BOOTTIME="yes"
# - SYMPA_LISTMASTER
# -
# -
# - Defaults to "postmaster@$SYMPA_DOMAIN"
# -
#SYMPA_LISTMASTER="postmaster@$SYMPA_DOMAIN"
# - SYMPA_DB_TYPE
# -
# - Database type of sympas database
# -
# - If database is SQLite, then this parameter is not in use.
# -
# - Possible values are 'mysql' (MySQL) or 'Pg' (PostgeSQL), 'Sybase', 'Oracle'
# -
# - Defaults to: SYMPA_DB_TYPE="mysql"
# -
#SYMPA_DB_TYPE="mysql"
# - SYMPA_DB_HOST
# -
# - Defaults to: SYMPA_DB_HOST="127.0.0.1"
# -
#SYMPA_DB_HOST="127.0.0.1"
# - SYMPA_DB_PORT
# -
# - Defaults to:
# - 3306 - if SYMPA_DB_TYPE=mysql
# - 5432 - if SYMPA_DB_TYPE=Pg
# - 2638 - if SYMPA_DB_TYPE=Sybase
# - 1575 - if SYMPA_DB_TYPE=Oracle
# -
# -
#SYMPA_DB_PORT="3306"
# - SYMPA_DB_NAME
# -
# - Defaults to: SYMPA_DB_NAME="sympa"
# -
#SYMPA_DB_NAME="sympa"
# - SYMPA_DB_USER
# -
# - Defaults to: SYMPA_DB_USER="sympa"
# -
#SYMPA_DB_USER="sympa"
# - SYMPA_DB_PASSWD
# -
# - Password for Sympa's database.
# -
SYMPA_DB_PASSWD="nw7FMhzRJPjcTHvm"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
MYSQL_CREDENTIALS="--login-path=local"
# - VSERVER_GUEST
# -
# - Is this a Linux Vserver guest system?
# -
# - Possible values: yes/no
# -
# - Defaults to 'VSERVER_GUEST=no'
# -
#VSERVER_GUEST=no

22
roles/common/files/e.mx/etc/postfix/postfwd.bl-hosts
View File

@ -1,22 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# hosts blocked by postfwd
#
# This file is called with '=~'. This means perl regexp is possible
#
#
# To increase performance use ^ and/or $ in regular expressions
#
# Example:
#
# # block all hosts of domain 'oopen.de'
# \.oopen\.de$
#
# # block host a.mx.oopen.de
# ^a\.mx\.oopen\.de$
#
# ---
# give hostnames to blocke here

16
roles/common/files/e.mx/etc/postfix/postfwd.bl-nets
View File

@ -1,16 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# Networks blocked by postfwd
#
# Example:
#
# # web0.warenform.de
# #83.223.86.76
# #2a01:30:0:505:286:96ff:fe4a:6ee
# #2a01:30:0:13:286:96ff:fe4a:6eee
#
# ---
# give networks to block here

38
roles/common/files/e.mx/etc/postfix/postfwd.bl-sender
View File

@ -1,38 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# Sender addresses blocked by postfwd
#
# This file is called with '=~'. This means perl regexp is possible
#
#
# To increase performance use ^ and/or $ in regular expressions
#
# @acieu\.co\.uk$
# ^error@mailfrom.com$
#
# instedt of
#
# @acieu.co.uk
# error@mailfrom.com
#
#
# Example:
#
# # # annoying spammer domains
# # block all senders of maildomaindomain 'oopen.de'
# @acieu\.co\.uk$
#
# # annoying spammer addresses
# # block sender address
# error@mailfrom.com
# sqek@eike\.se$
#
# ---
# annoying spammer domains
@acieu\.co\.uk$
# annoying spammer addresses
^error@mailfrom\.com$
^sqek@eike\.se$

13
roles/common/files/e.mx/etc/postfix/postfwd.bl-user
View File

@ -1,13 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# SASL Users blocked by postfwd
#
# Example:
#
# # give SASL usernames to block here
# ckubu@oopen.de
#
# ---
# give SASL usernames to block here

172
roles/common/files/e.mx/etc/postfix/postfwd.cf
View File

@ -1,172 +0,0 @@
#======= Definitions ============
# Match messages with an associated SASL username
&&SASL_AUTH {
sasl_username!~^$
}
# Trusted networks
&&TRUSTED_NETS {
client_address==file:/etc/postfix/postfwd.wl-nets
}
# Trusted hostnames
# client_name~=.warenform.de$
&&TRUSTED_HOSTS {
client_name=~file:/etc/postfix/postfwd.wl-hosts
}
# Trusted users
&&TRUSTED_USERS {
sasl_username==file:/etc/postfix/postfwd.wl-user
}
# Trusted senders
&&TRUSTED_SENDERS {
sender=~file:/etc/postfix/postfwd.wl-sender
}
# Blacklist networks
&&BLOCK_NETS {
client_address==file:/etc/postfix/postfwd.bl-nets
}
# Blacklist hostnames
&&BLOCK_HOSTS {
client_name=~file:/etc/postfix/postfwd.bl-hosts
}
# Blacklist users
&&BLOCK_USERS {
sasl_username==file:/etc/postfix/postfwd.bl-user
}
# Blacklist sender adresses
&&BLOCK_SENDER {
# =~
# using '=~' allows also matching entries for domains (i.e. @acieu.co.uk)
sender=~file:/etc/postfix/postfwd.bl-sender
}
# Inbound emails only
&&INCOMING {
client_address!=127.0.0.1
}
#======= Rule Sets ============
# ---
#
# Processing of the Rule Sets
#
# The parser checks the elements of a policy delegation request against the postfwd set
# of rules and, if necessary, triggers the configured action (action=). Similar to a
# classic firewall, a rule is considered true if every element of the set of rules (or
# one from every element list) applies to the comparison. I.e. the following rule:
#
# client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT
#
# triggers a REJECT if the
#
# Client address is equal (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
#
#
# Note:
# If an element occurs more than once, an element list is formed:
#
# The following rule set is equivalent to the above:
#
# client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT
#
#
# triggers a REJECT if (as above) the
#
# Client address (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
#
# ---
# Whitelists
# Whitelist trusted networks
id=WHL_NETS
&&TRUSTED_NETS
action=DUNNO
# Whitelist trusted hostnames
id=WHL_HOSTS
&&TRUSTED_HOSTS
action=DUNNO
# Whitelist sasl users
id=WHL_USERS
&&TRUSTED_USERS
action=DUNNO
# Whitelist senders
id=WHL_SENDERS
&&INCOMING
&&TRUSTED_SENDERS
action=DUNNO
# Blacklists
# Block networks
id=BL_NETS
&&BLOCK_NETS
action=REJECT Network Address $$client_address blocked by Mailserver admins. Error: BL_NETS
# Block hostname
id=BL_HOSTS
&&BLOCK_HOSTS
action=REJECT $$client_name blocked by Mailserver admins. Error: BL_HOSTS
# Block users
id=BL_USERS
&&BLOCK_USERS
action=REJECT User is blocked by Mailserver admins. Error: BL_USERS
# Blacklist sender
#
# Claim successful delivery and silently discard the message.
#
id=BL_SENDER
&&BLOCK_SENDER
#action=DISCARD
action=REJECT Sender address is blocked by Mailserver admins. Error: BL_SENDER
# Rate Limits
# Throttle unknown clients to 5 recipients per 5 minutes:
id=RATE_UNKNOWN_CLIENT_ADDR
sasl_username =~ /^$/
client_name==unknown
action=rate(client_address/5/300/450 4.7.1 only 5 recipients per 5 minutes allowed)
# Block clients (ip-addresses) sending more than 50 messages per minute exceeded. Error:RATE_CLIENT)
id=RATE_CLIENT_ADDR
&&INCOMING
action=rate($$client_address/50/60/421 421 4.7.0 Too many connections from $$client_address)
# Block messages with more than 50 recipients
id=BLOCK_MSG_RCPT
&&INCOMING
&&SASL_AUTH
recipient_count=50
action=REJECT Too many recipients, please reduce to less than 50 or consider using a mailing list. Error: BLOCK_MSG_RCPT
# Block users sending more than 50 messages/hour
id=RATE_MSG
&&INCOMING
&&SASL_AUTH
action=rate($$sasl_username/50/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG)
# Block users sending more than 250 recipients total/hour
id=RATE_RCPT
&&INCOMING
&&SASL_AUTH
action=rcpt($$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT)

49
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAxe0sdGCZS444N0pvLolycgXiipmRbptw/DMNlUGa1yYGDq1Qf0lQ
1zuDeSOjTk+W78bPHOQy1f+CeHsBj+XRkmInqUZ5K0UgVFEuiAsJGH8l63phyd9bkRHzg0
QQOFZ7JqcNEpW0NiPSKWMLGg9/yA2XoQ4GgiruA9PyyKa2YdP7vll+5Dhm/E5Jvzwbtkkm
wM1EWjF5/1LRrFMq4nJAJhCval2Q7DWIHMDqmWj7ZDGT95gHYsf4CmlldO6FOPc8Qa6Lg/
IEVgLP8ji78TntSQ3B9mRMV5fNYyWJVH3ymqwR7FjTRO/YVCJ5x/WE38T9QBAvjMhV8ais
M9y5NXUMlKNUxbSU2GPvyB7F0/+ioWzourcIY+1O7mRKmiFsqOjfllS/XxYYJm0qFSBOiq
wTOVbTna99wN2vl3jQEBo1upqjnL94jVA4qU5w0ypBAFkFlpyuWEbmicNXlAqIovxQ6dIU
U1iKp/kVQoJDhoBIzCEQvLYkKLgl8cH7pH3Kvcw/EvFAsskGNLlkR5t7jORh05ryCRwV31
wUl/wfj4HrEmVcCAgokv+mUlk/ug+TmwXShpM9dgO/e2MmjLDe0bSZ+jgYT0axn6kCwiDO
5acSRwKEJk0jIrkKf04xy3nYwJtxb8RE9mb6j1oPULb0syKM9iTnSsrGRxoGwXQu6ugrLL
8AAAdApTZfwqU2X8IAAAAHc3NoLXJzYQAAAgEAxe0sdGCZS444N0pvLolycgXiipmRbptw
/DMNlUGa1yYGDq1Qf0lQ1zuDeSOjTk+W78bPHOQy1f+CeHsBj+XRkmInqUZ5K0UgVFEuiA
sJGH8l63phyd9bkRHzg0QQOFZ7JqcNEpW0NiPSKWMLGg9/yA2XoQ4GgiruA9PyyKa2YdP7
vll+5Dhm/E5JvzwbtkkmwM1EWjF5/1LRrFMq4nJAJhCval2Q7DWIHMDqmWj7ZDGT95gHYs
f4CmlldO6FOPc8Qa6Lg/IEVgLP8ji78TntSQ3B9mRMV5fNYyWJVH3ymqwR7FjTRO/YVCJ5
x/WE38T9QBAvjMhV8aisM9y5NXUMlKNUxbSU2GPvyB7F0/+ioWzourcIY+1O7mRKmiFsqO
jfllS/XxYYJm0qFSBOiqwTOVbTna99wN2vl3jQEBo1upqjnL94jVA4qU5w0ypBAFkFlpyu
WEbmicNXlAqIovxQ6dIUU1iKp/kVQoJDhoBIzCEQvLYkKLgl8cH7pH3Kvcw/EvFAsskGNL
lkR5t7jORh05ryCRwV31wUl/wfj4HrEmVcCAgokv+mUlk/ug+TmwXShpM9dgO/e2MmjLDe
0bSZ+jgYT0axn6kCwiDO5acSRwKEJk0jIrkKf04xy3nYwJtxb8RE9mb6j1oPULb0syKM9i
TnSsrGRxoGwXQu6ugrLL8AAAADAQABAAACAChfUIoMijhXMjBVBoi/kJChkqwi1v9wxYMs
BsFDOIpaPzIPODQ+iDbe9Npo4o6+vVL7gpOqGJR+IebhcFgh0LXDP8PPlDe3Sfjo9kzZs2
lDxkBaHkhHPy5AMyO7ZnOXcFdaC9iWoMPKWrwGb+VI9A+idiNr8PfsOdCeEw/KsbkSvG7/
Ylq7BobAkVposF5mXXlGZYLgRLpH8mzsKfs2ws8A6EcR/tWvtavnzfKs71poon4GjLshfv
7gsMlBPft4stnS+LJZU3kX6cLGv89cuYIFRGM14jybwlFO/sw1RJ84Kg/DrpSJN98xiRW4
hvn9/IpswsY8twssFLQfecflsELlfkzVNE1YR1d2rHdBEHKSa0piNvaUgPuIP9oggDkE/m
pF4Oz/aW71fHLWQVxf3qlCnYfshf86XqJTZvJ8N7edF4XZ+UiOWPl5c8vXBJDFLrydenWF
9z4IExHZafmYygnbLdEP4cFq8fPsb7zbhNr8aLOLfIyLj30brvIE9/gc7VnME0PdK3n2FO
u4GDTYSE0UNpjctw5Fg4+89Yv1xD/onLIA43scw3l3NhCtLI5QHnsO8cckga6/wcdfOG2f
V8kMzICZt3IFnR4EgDlavLMx+FthyYKDE4JYOKM2Qy6xGRg9p6kFyb7SQEFy91JgCN5tpJ
V5ezfJF7bgTW8tuQpBAAABABSvsV4UpatmjpicZChtXMQHuDob/ZUcVwJ3emORxD5vfKd8
zuySbJxlJBIIUVT2ako8AmUYQBjIU+vPI18CHdhDhL4rDmeletC6Sl1KB089dc2qavIvtC
N0E5+iozCXHGirr79t3UTVGBMGr5UYG9y5nfa7WWY38UqVc63TK2EVT0wrNxgS9hUtZWbk
LsEiIAUEp/8N5wKKv4+uVfzSfg0sEy/JGNU0KNcxFUZNolSEeieQUdmopALD04f/YOdhO5
mV5oS3lDUC8cnbefQmoK/kszfgOb/qMC76RqLa7IUm91IZbKfA78x81gjSsuiqfPXsE9El
GxqXrnggbHarFG4AAAEBAOwpW++DbYcI3AJn44o3sH6bGVVsNbAualMxFz0XYwdnoD7UUG
aOhlRFWZXqOQEbvt1LOp4SYyT50puwdvg0as6+78FnlwVXVaHKjP0Igh2e8Ls5YYpp8jas
FDcZa0F5JiAFPamxY+ypvaD/Fmc3ha7JBGOGkV67qktOO+Dtd2NSKB6EIt8ShKbjZA6U2i
UAQCp2AC+f3CDL+3vN/Gj4oBI2ysYl3QVG/nuBT8Lxdf+JabEYwPBMlOqYVfjYQj0FL6Ht
/+MCeVyaeww+a0/i+W5RqqBn1ptOw1YlamsOvLG2Z0FL6s2/uTE9+dYfQXto6j6vkAGrIr
yugIYwC0abzxsAAAEBANaNkiXeqKssyYZ14OEfzXyD7M3l2vvfGRvCS0XgqEodvVGbB/A4
AAWtkuPvOPqSzaOIfdbIcN1dvccJuxU/SPanL33aX7PLROuq7ApIbhzFI5QblvoivUAMST
ND9QjAu8hHiO9K6qRU3evEpJVvN2iOznTuU/A91n5ChJLeQAjqpMhgB45ZlWKmPE+y0kw6
aCZq7qmqqCRr5nzY1YYFy2UilbOUyeO5wCDa6bN8FXYvKTBWOmTvsoILPjTjiaZbfITmfd
f2n4mNITViGU6kirtZSzjRRqqQRj0Vz9f5Qn2TBZ/uCkTDQEBtr/rdAHL9eBaSXYXWVIpl
RsBCSs/Sny0AAAAHcm9vdEBteAECAwQ=
-----END OPENSSH PRIVATE KEY-----

1
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF7Sx0YJlLjjg3Sm8uiXJyBeKKmZFum3D8Mw2VQZrXJgYOrVB/SVDXO4N5I6NOT5bvxs8c5DLV/4J4ewGP5dGSYiepRnkrRSBUUS6ICwkYfyXremHJ31uREfODRBA4Vnsmpw0SlbQ2I9IpYwsaD3/IDZehDgaCKu4D0/LIprZh0/u+WX7kOGb8Tkm/PBu2SSbAzURaMXn/UtGsUyrickAmEK9qXZDsNYgcwOqZaPtkMZP3mAdix/gKaWV07oU49zxBrouD8gRWAs/yOLvxOe1JDcH2ZExXl81jJYlUffKarBHsWNNE79hUInnH9YTfxP1AEC+MyFXxqKwz3Lk1dQyUo1TFtJTYY+/IHsXT/6KhbOi6twhj7U7uZEqaIWyo6N+WVL9fFhgmbSoVIE6KrBM5VtOdr33A3a+XeNAQGjW6mqOcv3iNUDipTnDTKkEAWQWWnK5YRuaJw1eUCoii/FDp0hRTWIqn+RVCgkOGgEjMIRC8tiQouCXxwfukfcq9zD8S8UCyyQY0uWRHm3uM5GHTmvIJHBXfXBSX/B+PgesSZVwICCiS/6ZSWT+6D5ObBdKGkz12A797YyaMsN7RtJn6OBhPRrGfqQLCIM7lpxJHAoQmTSMiuQp/TjHLedjAm3FvxET2ZvqPWg9QtvSzIoz2JOdKysZHGgbBdC7q6Cssvw== root@ga-st-mail-dehydrated

49
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAr9qw2oQHkAUfTXEJBxuVR2zDRpTsxyT24eVd+KIJaALVtFVTu8Z3
rNwJN0P3jNLRWxTBuDEbYtTN1J9Bic01fR9m6jdNk5lKeTJw1Q3BzXxuC+4aix9ircJ4in
geNSCiHiVHYaSsXRRajPGe/F5+RAEjuRbt95UHB/kU25qGIpBK9Vq0m0Ad8HKrV0vpTb3s
hVJSQ/VydDC82pwXj0IfW6HPdwnzmt8hU2/dIK3weUI56S+9euzKUh+jqvw1YeTXJzM76G
I2X/YLDEx7jgFMlChnlHYNivPYBY5Aatq90t6LiqQ0MT0kVx7jQwUnhyRB8vAz+qznftKm
VTmjxL90IvwUTzvS1nHNmlIPMnSO8NaDHf0k2iueD2lCSe7l1d2U0LMRss4sGZcfhqtDzQ
DIyhXWFwHLhj55WMQxoVXCSRJRLruwyUKqVn86H6L9lRJ4kEPBJJJ6cXeTBWJGtDT9N/Ja
SGcjM8tdwxSeilHIW0xn85B3MCphV/t72RRAaqua2VjrmN9N6nuYD+3iobAVf4ruOzXtTr
U0tjdEBT0xJbIZNwi22Snq0KPly8aN2deXEQ8Q7IJHQB7WNT4jI13l/GWocFwtr7NWXwaD
eJCtoiB9RraK+EBvoO3IYymvpGQyqhXeMtBGc3kdCI2AslrdpjXd4TGxIwbWae+Xa2JkZa
kAAAdAgUVtA4FFbQMAAAAHc3NoLXJzYQAAAgEAr9qw2oQHkAUfTXEJBxuVR2zDRpTsxyT2
4eVd+KIJaALVtFVTu8Z3rNwJN0P3jNLRWxTBuDEbYtTN1J9Bic01fR9m6jdNk5lKeTJw1Q
3BzXxuC+4aix9ircJ4ingeNSCiHiVHYaSsXRRajPGe/F5+RAEjuRbt95UHB/kU25qGIpBK
9Vq0m0Ad8HKrV0vpTb3shVJSQ/VydDC82pwXj0IfW6HPdwnzmt8hU2/dIK3weUI56S+9eu
zKUh+jqvw1YeTXJzM76GI2X/YLDEx7jgFMlChnlHYNivPYBY5Aatq90t6LiqQ0MT0kVx7j
QwUnhyRB8vAz+qznftKmVTmjxL90IvwUTzvS1nHNmlIPMnSO8NaDHf0k2iueD2lCSe7l1d
2U0LMRss4sGZcfhqtDzQDIyhXWFwHLhj55WMQxoVXCSRJRLruwyUKqVn86H6L9lRJ4kEPB
JJJ6cXeTBWJGtDT9N/JaSGcjM8tdwxSeilHIW0xn85B3MCphV/t72RRAaqua2VjrmN9N6n
uYD+3iobAVf4ruOzXtTrU0tjdEBT0xJbIZNwi22Snq0KPly8aN2deXEQ8Q7IJHQB7WNT4j
I13l/GWocFwtr7NWXwaDeJCtoiB9RraK+EBvoO3IYymvpGQyqhXeMtBGc3kdCI2Aslrdpj
Xd4TGxIwbWae+Xa2JkZakAAAADAQABAAACABJKDFqtoJu57KeBOg8jL0NebHDKzFVp4sNb
t4pET/YhVViMB0lgOtIfkFXPG8/pnRx77Cnb8Z01xLJ4XbiXPxjkSy/Q0KCpMLWqKVH/PE
jCyC81dE1D1l97+k1scLfVzQaVmfbtyX9kvoYqGv7kVP19oNl/KQC23yRVI3Yze//cQe+C
n4YGBRcc1fUeUAVl21OCXEv1GxI6f2m9EjY0Ck7dZVZcEpno2u5yk+zyKjByUtONw4clWW
VxJPSDhonH4xiQm4pvrHgOfteonLEIMY63JQ6ruHzbH3x0bv6uAVANFTY2HbeBRGZLMBeo
UZQckT9S/BT2Jp1qCyKR/BZaUxmkLOAfJl2rW5IfOOOtKEE/q0DVRidfDf2A2ihmsfbCqR
hbhOmf7IbqC4XTGm6W9U3pNyu8Oz4QxRyhwlTWTa3hqvF/xJo6C82yy3p4HYRTX5VfZNbN
iQ7CM/UY0ee69br80MPPdxLetmGX9VvR6g1lsRK8/447DiOD9TZtAXMAiCOf3FUyhwRmRP
qUdGOXHjXsBAjDMWA0OwwdiGFI7dk5zdyQNTpRsM38cctGeBixPs9SOrTKr10zSaf9NzX4
srsXnoAdm2LHQIa0Awfd1TJydFjC6KIGgtZgXy4UDpPE6RzlDnkY8DO/pLLhXMAgtts+G/
ZiaRBKY65VYOHKqVoBAAABAHsbFe8LTyYnDhzgKrlLbeGDySEHTeBbVpKbIUhDjkqoyHvc
HzEt7b2idhJtjXsEIcMUO+0ut1A2toY/JHkHOKnyXPpqv1NxXR/4ru6rAXrOGB/LQCUtcl
5Q4StZvvOtcKbt8b0kvvvBMmkFGEtJr5ybDy6K5CFyyROGlUTpXPfjZjuv6YuzqCsLYXXM
o4cWK1ZUQ7Yf1YovZr3zk6VMzd4gHHQzyTVP5iNflSB3k+AQZClLy771bw2caPFgdpu87a
kAvhtW+anGLkFxSCZFRMkv9rXl8tB2ZPKWqQb8jEzAfH0CC7sDkddLE2l45RapGMUtsJ1V
fF8pGpFiHX7FABoAAAEBAN9JT4Tc29Wc5lDVZEqz8IYT+/eRVBAlALmt7jTVwclY+KSZ5g
i+QONIWj+Js+1Z84bzOzcQ6pZIFAZ57+5qkFeUpfVJB+UL7bLqNF2GeBAvtZ+GgguBK5uN
H+uXrnyeEWn8ppcHebA5vi/GxzCebZ29VnUbh/nHn0WmMvOBAFYqtjGNxo1diYyp8vS0k+
pmhZA5xtgGKzGGwrlAJrWLPzAieFPkNJsDMcY03RkU9u0XI3SkrtlmRqaykSzJpIAtDuT/
D7gyjrNBH6a8qv57LxaUyeWEBOtlC7C4mtTrWcu/+zS8dkh7Y4ZaNR83Zx24DRzAfbuA/R
04eb6Jd55ATr0AAAEBAMmeXjYdwqh2gbizFgyP8ZgTxXUWp5B0YQ7XUOC8CuQqAL8/HlE3
gVHLwrUIKAwTUADfqvzyG86IgJOw1byU3DWY9b5dKfrWm1RhcvLWMgIjRHH3sqnVWxIBam
RkfDkRZ/B8236SoAxe5k7yqZ3wQ6BNJstY1Nya+iJG1h6mLPasEzqZH+JOd0Uc9Fsr8uYR
CmvojolkAaa2We44y9oCXTTHCBfpFUZf0gySmG7ZEXA6MqwTCcbFCP599YmRQ2BmdO0SQF
YHIhpmc3xBjKMiNqhNBii2PUejVp7OVqHQBCeWq/GH9yTj00JeX9KoL7DdoyCoCWHG4eB0
JVW9wg49J10AAAAHcm9vdEBteAECAwQ=
-----END OPENSSH PRIVATE KEY-----

1
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCv2rDahAeQBR9NcQkHG5VHbMNGlOzHJPbh5V34ogloAtW0VVO7xnes3Ak3Q/eM0tFbFMG4MRti1M3Un0GJzTV9H2bqN02TmUp5MnDVDcHNfG4L7hqLH2KtwniKeB41IKIeJUdhpKxdFFqM8Z78Xn5EASO5Fu33lQcH+RTbmoYikEr1WrSbQB3wcqtXS+lNveyFUlJD9XJ0MLzanBePQh9boc93CfOa3yFTb90grfB5QjnpL7167MpSH6Oq/DVh5NcnMzvoYjZf9gsMTHuOAUyUKGeUdg2K89gFjkBq2r3S3ouKpDQxPSRXHuNDBSeHJEHy8DP6rOd+0qZVOaPEv3Qi/BRPO9LWcc2aUg8ydI7w1oMd/STaK54PaUJJ7uXV3ZTQsxGyziwZlx+Gq0PNAMjKFdYXAcuGPnlYxDGhVcJJElEuu7DJQqpWfzofov2VEniQQ8Ekknpxd5MFYka0NP038lpIZyMzy13DFJ6KUchbTGfzkHcwKmFX+3vZFEBqq5rZWOuY303qe5gP7eKhsBV/iu47Ne1OtTS2N0QFPTElshk3CLbZKerQo+XLxo3Z15cRDxDsgkdAHtY1PiMjXeX8ZahwXC2vs1ZfBoN4kK2iIH1Gtor4QG+g7chjKa+kZDKqFd4y0EZzeR0IjYCyWt2mNd3hMbEjBtZp75drYmRlqQ== root@ga-st-mail-opendkim

135
roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf Normal file
View File

@ -0,0 +1,135 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings for script check_cert_for_dovecot.sh
#-----------------------------
#---------------------------------------
# - service_domain
# -
# - The main domain for which the certificate was issued
# -
# - Example:
# - service_domain="a.mx.oopen.de"
# - service_domain="mail.cadus.org"
# - service_domain="mx.warenform.de"
# -
#service_domain=""
service_domain="mx.gemeinschaft-altenschlirf.de"
# - service_name
# -
# - Name of service.
# -
# - Note: this var will also be used to determin systemd service file
# - or sysVinit script.
# -
# - Example:
# - service_name="Mumble"
# - service_name="Prosody"
# -
# - Defaults to:
# - service_name="Dovecot"
# -
#service_name=""
# - check_string_ps
# -
# - String wich (clearly) identifies the service at the process list (ps)
# -
# - Example:
# - check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
# - check_string_ps=""
# -
# - Defaults to:
# - check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
# -
#check_string_ps=""
# - service_user
# -
# - User under which the service is running.
# -
# - Example:
# - service_user="mumble-server"
# - service_user="prosody"
# -
# - Defaults to:
# - service_user="prosody"
# -
#service_user=""
# - service_group
# -
# - Group under which the service is running.
# -
# - Example:
# - service_group="mumble-server"
# - service_group="prosody"
# -
# - Defaults to:
# - service_group="prosody"
# -
#service_group=""
# - cert_installed
# -
# - Locataion of certificate read by service
# -
# - Example:
# - cert_installed="/var/lib/mumble-server/fullchain.pem"
# - cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.crt
# -
#cert_installed=""
# - key_installed
# -
# - Location of the key read by service
# -
# - Example:
# - key_installed="/var/lib/mumble-server/privkey.pem"
# - key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.key
# -
#key_installed=""
# - cert_newest
# -
# - Location of the newest certificate.
# -
# - Example:
# - cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
# - cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
# -
#cert_newest=""
# - key_newest
# -
# - Location of the newest Key
# -
# - Example:
# - key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
# - key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/privkey.pem
# -
#key_newest=""

178
roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,178 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="7.4"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

176
roles/common/files/ga-st-mail/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,176 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
#dns_dkim_zone_master_server=""
dns_dkim_zone_master_server="b.ns.oopen.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
#key_secret=""
key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
#key_name=
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

86
roles/common/files/ga-st-mail/root/bin/postfix/conf/postfix_add_mailboxes.conf Normal file
View File

@ -0,0 +1,86 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'postfix_add_mailboxes.sh'.
# ---
# ----------------------------------------------------
# - dovecot_enc_method
# -
# - The (dovecot) password scheme which should be used to generate the hashed
# - passwords of EXISTING users.
# -
# - Possible values are:
# -
# - See output of 'doveadm pw -l'
# -
# - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT"
# -
#dovecot_enc_method="SHA512-CRYPT"
# - in_file
# -
# - The file from wich the script reads the e-mail-address/password
# - kombination(s). Each line in this file must only contain
# - <emal-address> <password>
# -
# - Defaults to: in_file="${conf_dir}/mailboxes_new.lst"
# -
#in_file="${conf_dir}/mailboxes_new.lst"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '--defaults-file=/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '--defaults-file=/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - quota
# -
# - The quota setting for the new mailboxes.
# -
# - Defaults to: quota="536870912"
# -
#quota="536870912"
quota="2147483648"
# - log_file
# -
# - Where to write logging informations?
# -
# - Defaults to: log_file="${script_dir}/log/postfix_add_mailboxes.log"
# -
#log_file="${script_dir}/log/postfix_add_mailboxes.log"

92
roles/common/files/ga-st-mail/root/bin/postfix/conf/sent_userinfo_postfix.conf Normal file
View File

@ -0,0 +1,92 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'sent_userinfo_postfix.sh'.
# ---
# ----------------------------------------------------
# - message_body_file
# -
# - Full path to file containing the user info. This file must contain
# - the message body WITHOUT e-mail headers. If file is placed in the
# - 'files' directory use '${file_dir}/<file-name>'
# -
# - Defaults to '${file_dir}/sent_userinfo_postfix.message'
# -
#message_body_file="${file_dir}/sent_userinfo_postfix.email"
# - email_from
# -
# - From Address of user info
# -
# - Example: 'oo@oopen.de'
# -
email_from="it@gemeinschaft-altenschlirf.de"
# - email_from_org
# -
# - Example: email_from_org="O.OPEN"
# -
email_from_org="Gemeinschaft Altenschlirf"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - mail_user
# -
# - The owner of the mailbox directories and within the e-mails itself.
# -
# - defaults to mail_user="vmail"
# -
#mail_user="vmail"
# - mail_group
# -
# - The group of the mailbox directories
# -
# - defaults to mail_group="vmail"
# -
#mail_group="vmail"
# - mail_basedir - No more needed!
# -
# - The root directory where all mailbox-domains are located.
# -
# - Defaults to '/var/vmail'.
# -
#mail_basedir=/var/vmail

44
roles/common/files/ga-st-mail/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

51
roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEApbqZLq1PmnCUbadrPRoIgvqwDapbqfEn4bbpVdGv/M+p6G43
KUFq31avjDYzO1YIZ5TAMDI8+7XHBRsgpiaEktdUXJxbT5qp0jY9P0yPM8mDmVL2
QnMzwUnqrPyMWsMmM/dXt0ZT1m6b+9TY/vxB1GQKWZJHU5KWB3bkiWFrSmANpdhp
c5o3dndrvyBSJKl4b5dW090VDC2SamHRMGAL5VtiQfOBCFjX+MrXBnLuq2pFwkT/
aOtgW0c2twHzIEn2uOTy6HT4uVaag4kx0giAZZflTri6k4EAgWHgDUTwpTC27nlV
13DK5hMKw13gtHaak3YGhdk898WLKwM03um3DSbBoBgkMk7QyqbAIKCm99WoLMsu
vAqGbaNdxGuFmLDVcdE9ymkZWg5vfCqp1CVxyb15y3oKn14lES+QacV5gJxb2dHb
h67UZFac3ruZ+b8+NUS5xR8i5Z9lROmviGHYi5T5doQvu6bMG/pwT/cjZ+k+FkGT
bR6eGLLADbmCjvv4CWh6TCdU6oC/yKeunqyvt+9jNU/+om4lN/qh28FuxW11X59w
89mmyRsjZKGmRqUCF7cdFMVmGRxfBN+WdJZfTUKNQpw71d4wNWjJ2FU7/Q7kmMai
2N+KB1lxBczMkrQkVrqeE366d6U+tRkYW9ofJGYuXakLq/Sq6lpgOhxfQ/kCAwEA
AQKCAgEAndJG0eaFaeNP1eSbAQLrnB+yzDCxPfLDMfWH2wvmdfAkM43Rxd3gMnNQ
lUuAGj9hnZJQOxV8cY+3ySr+OntvwI6CbfcQFYyJr/+q776umHiMc9RHYxxl6unD
K50M49n3ZYFj7MpySD/pFzaotpnu7p2eJZJhjjqH2O/lztYQ4DD8jjS6pzXzH0O2
Pbo/v14LrOkH7JYa1xAG4HvqRBETAwW1WmzTMem5MdmoTyHgGykG6WvfdkC/7+yv
NDQNHXCSHZ0ZnTjXK1hHqH9cDFHAQ/8UhZTxSEqO+qcEQF6odAciDZNKpfFppxP3
KfkaZYCUz1yT9Z7cqm9aiklxbd5PTBPV+nmzUd/FLw2j94D5+egvZcVrRBx63vVg
0Gzt/LPvejhBfZoHyRxepcvNWRtxVkvUuzc/b8cP1HpmruSGri+c8TI1qRWID5Fj
EcQ4lYRt+v98J21FDhKNLSN7QUfrB0CqFQfLcfrkrM2919SY+JEdj6zxEED/nx20
N5jmqvGZjllXJ/7N838sw5bCX8LsA0NXd86LuEjxRhiiqwdtKFz4pNSAdO8R724G
hTowNOVFlwunT8rTWipq0YXkrC1c1PUMhqcwyEsYzOx003MJDJ8biZaTh9yf7zOz
CQDcf2AzWJAevK5tnfbDHnmDv2rfSlQxkNikC3gJlRPsAYsJNSECggEBANrpvBH/
pasjPm5MAb+7YfY7razcO5gStKTavpJRDv92x87gZ+OLRRY+fqunCG9YCUMvbh+H
RAryK6Nui6+SOPH/KYMRRFunxUOBjxxDmYjdNLf+rWMbRzntbdWORRBZ70KGfWjO
eEtNe/++qyKGQKIDLYs3Wm0nmk8phWK2ZqPsz+3eQrLtERNZ5MesA+R8Oi7yffoc
/VId47RsRBfPpfNBZ8XK7yzHqO5rq4xfpaBIGm0pih91NBBo/RcPTcuDNQiNLoja
rIXOR+mV0Qwv/hKaOGeHf4uH8ypkn3QaZIYGyBAiZf45itku9kRnxKYl+sXkJPnr
9Q3aRmJ0gByOpw0CggEBAMHORDC++s3M14c0vdC+lXpyKEkzCKoLlfJMGV/kzF2V
X+v0AehIPxIiAEzMg/2HhRwwQ5f7StM4jybu+VVrSvQ5fbOxiAj/ucF1sA2N4C32
v6r/iIwolZhkbElx5SZwj5dMWcwvwyFiY32oLa0w9wgAt1Te5wx1x42rCWnL4zN6
NtE2BFw8yUkrPOm5QI8ztCl8tJZO03uhJXz/3fXuxDWbVkeTB1wgRz/l/ML8WvwR
yyReQlKkmneANR1axMPRFXREEqY/HA45STPA+GmSq9bW56j+diXDmWxlRNFiZbeT
WkuExcGATt9FOJS9e7OID1XEVLc1jXSjYjmhAA451Z0CggEAKehI6qEoE+UBVJgU
VaIHlN3D162pculRz6VYiiYeWuVgRshK2xKUPTflg/LL+JS/4S65RCve6MGHfRfy
gb/aSulwBvlNPsaVSuEIhn6ia8L9DqQgiTJ1pi8/sXw02HZ/CRs58tBj0vaYYFMd
69QLl3hIRbhpBTBpp/Ho6QbGC2eQPpcn6ZzcgfnZhCf37suhT894MmNOU2QJbUa0
mmJUAIdq2ECLHOVz/4B5LLw6tr5W4MLtACyttN6EZN+3ItiRVHvChsxl7o+Y0Kyv
gkfFucXwOlGEJy/1aw4sQEu1JrsxnXUYVVyqqf0Fg/7hdHUc1rlgIr/6/5Xjl4F5
7P2aGQKCAQBF/m3IQSEpdIKelSC8pCguKc586U6Gw1prQKqlZGeeoNUczWpm7rjA
nsEG+5Hr3aboUFIJMLuMX0/sGsC35eETJTRN0p8zyM/Ym91yd7vwPb5pTpKNNBcb
C6HEQLsmz948IVoJEXLiurr95eBhPV7qZ//OShad/GeOtafXqsgqjkf/9QdMHLQB
lfkQ3FQBpAW8OgqqgluEueVlKK+MI6h/R9O4U9SDpDC3ViOcdDGT+gUo5FYFrOcQ
o6ALMv3/TqL186PcoMxMIspaQ6Yz0sH2/HR8JzKaXvMpH8Xj7SqZS0GAJrqZMPLL
Vh+iMHDdnRUUv6xs4o1tA5j1AT2Y5bBNAoIBACM3gjrDabLWR3lIZY0o7rQPCp9x
WCF39r1GyhEeX4W5NrLFichSrFV8NJ2bMW9vmUvh7Z0CoJaiPssi2KWxuWdn+30s
+gi096f4VX/HHbXlTh90uZaqYP5zoPTs4MIR0gnMsKaIanRjla8n9FxkjRxfsvKc
GFKpaY5zCRT/Qms6gLENbrB0SDnfV3xdI/cQhCCgfHA9mqwVfvEsZRdw7AWvqHQH
prppgzt/8FMrEaQhMHbMXVskk9SbUz+AOT4/Z0gnpkjwrrBoJLRcYkU28CQLCLJs
oAWKnlt5BMYjl/v8tmnc8C6+OoS+LfXzD5tKmJUN5O7wFl1TOMsUGBxqqX8=
-----END RSA PRIVATE KEY-----

1
roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClupkurU+acJRtp2s9GgiC+rANqlup8SfhtulV0a/8z6nobjcpQWrfVq+MNjM7VghnlMAwMjz7tccFGyCmJoSS11RcnFtPmqnSNj0/TI8zyYOZUvZCczPBSeqs/IxawyYz91e3RlPWbpv71Nj+/EHUZApZkkdTkpYHduSJYWtKYA2l2Glzmjd2d2u/IFIkqXhvl1bT3RUMLZJqYdEwYAvlW2JB84EIWNf4ytcGcu6rakXCRP9o62BbRza3AfMgSfa45PLodPi5VpqDiTHSCIBll+VOuLqTgQCBYeANRPClMLbueVXXcMrmEwrDXeC0dpqTdgaF2Tz3xYsrAzTe6bcNJsGgGCQyTtDKpsAgoKb31agsyy68CoZto13Ea4WYsNVx0T3KaRlaDm98KqnUJXHJvXnLegqfXiURL5BpxXmAnFvZ0duHrtRkVpzeu5n5vz41RLnFHyLln2VE6a+IYdiLlPl2hC+7pswb+nBP9yNn6T4WQZNtHp4YssANuYKO+/gJaHpMJ1TqgL/Ip66erK+372M1T/6ibiU3+qHbwW7FbXVfn3Dz2abJGyNkoaZGpQIXtx0UxWYZHF8E35Z0ll9NQo1CnDvV3jA1aMnYVTv9DuSYxqLY34oHWXEFzMyStCRWup4Tfrp3pT61GRhb2h8kZi5dqQur9KrqWmA6HF9D+Q== root@lists.mx

155
roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,155 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=true
check_apache=true
check_php_fpm=false
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args="--login-path=local"
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

173
roles/common/files/lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,173 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
dns_dkim_zone_master_server="dns0.warenform.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
#key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

44
roles/common/files/lists.mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

141
roles/common/files/lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf Normal file
View File

@ -0,0 +1,141 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------
# - Configuration for sympa install script
# ----------------------------------------
# - PREFIX
# -
# - Sympa Installation directory
# -
# - Defaults to: "/usr/local/sympa"
# -
#PREFIX="/usr/local/sympa"
# - SYMPA_USER
# -
# - User under which Sympa services are running
# -
# - Defaults to: "sympa"
# -
#SYMPA_USER="sympa"
# - SYMPA_MAIN_CONF_DIR
# -
# - Sympas main configuration directory
# -
# - Defaults to: "/etc/sympa"
# -
#SYMPA_MAIN_CONF_DIR="/etc/sympa"
# - SYMPA_LIST_DATA_ROOT_DIR
# -
# - Root Path containing Sympa's list data directories
# -
# - Note:
# - the real list data directory becomes: ${SYMPA_LIST_DATA_ROOT_DIR}/sympa-$SYMPA_VERSION/list_data
# -
# - Defaults to: "/data"
# -
#SYMPA_LIST_DATA_ROOT_DIR="/data"
# - SYMPA_DOMAIN
# -
# - Note: if sympa will be configured to support multidomains
# - this (SYMPA_DOMAIN) should not contain list definitions
# -
# -
SYMPA_DOMAIN="lists.mx.warenform.de"
# - START_AT_BOOTTIME
# -
# - Defaults to: "yes"
# -
#START_AT_BOOTTIME="yes"
# - SYMPA_LISTMASTER
# -
# -
# - Defaults to "postmaster@$SYMPA_DOMAIN"
# -
#SYMPA_LISTMASTER="postmaster@$SYMPA_DOMAIN"
# - SYMPA_DB_TYPE
# -
# - Database type of sympas database
# -
# - If database is SQLite, then this parameter is not in use.
# -
# - Possible values are 'mysql' (MySQL) or 'Pg' (PostgeSQL), 'Sybase', 'Oracle'
# -
# - Defaults to: SYMPA_DB_TYPE="mysql"
# -
#SYMPA_DB_TYPE="mysql"
# - SYMPA_DB_HOST
# -
# - Defaults to: SYMPA_DB_HOST="127.0.0.1"
# -
#SYMPA_DB_HOST="127.0.0.1"
# - SYMPA_DB_PORT
# -
# - Defaults to:
# - 3306 - if SYMPA_DB_TYPE=mysql
# - 5432 - if SYMPA_DB_TYPE=Pg
# - 2638 - if SYMPA_DB_TYPE=Sybase
# - 1575 - if SYMPA_DB_TYPE=Oracle
# -
# -
#SYMPA_DB_PORT="3306"
# - SYMPA_DB_NAME
# -
# - Defaults to: SYMPA_DB_NAME="sympa"
# -
#SYMPA_DB_NAME="sympa"
# - SYMPA_DB_USER
# -
# - Defaults to: SYMPA_DB_USER="sympa"
# -
#SYMPA_DB_USER="sympa"
# - SYMPA_DB_PASSWD
# -
# - Password for Sympa's database.
# -
SYMPA_DB_PASSWD="RkFt9rfhpngswF3g"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
MYSQL_CREDENTIALS="--login-path=local"
# - VSERVER_GUEST
# -
# - Is this a Linux Vserver guest system?
# -
# - Possible values: yes/no
# -
# - Defaults to 'VSERVER_GUEST=no'
# -
#VSERVER_GUEST=no

0
roles/common/files/e.mx/etc/postfix/postfwd.wl-hosts → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-hosts
View File

3
roles/common/files/e.mx/etc/postfix/postfwd.wl-nets → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-nets
View File

@ -13,3 +13,6 @@
# ---
# give truested networrk adresses here
# d.mx.oopen.de (listen server)
95.217.204.227
2a01:4f9:4a:47e5::227

0
roles/common/files/e.mx/etc/postfix/postfwd.wl-sender → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-sender
View File

2
roles/common/files/e.mx/etc/postfix/postfwd.wl-user → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-user
View File

@ -12,4 +12,4 @@
# ---
# give trusted sasl usernames here
#spenden@cadus\.org

9
roles/common/files/mailserver/etc/postfix/body_check.pcre Normal file
View File

@ -0,0 +1,9 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# - Body Checks
# ---
/See the attached file for details/ REJECT Sobig Virus found. - Body-Spamschutzregel TEXT-1001
/.*https?:\/\/click2eat.shop\/Installer\/updatedwebmails/ REJECT Maype fishing E-Mail credentials - Body-Spamschutzregel TEXT-1002

37
roles/common/files/mailserver/etc/postfix/header_checks.pcre Normal file
View File

@ -0,0 +1,37 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# - Replace headers
# - Replace recieved from IPv4
#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4
# - Replace recieved from IPv6
#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6
# ---
# - Ignore Headers
# ---
#/^\s*User-Agent/ IGNORE
#/^\s*X-Enigmail/ IGNORE
#/^\s*X-Mailer/ IGNORE
#/^\s*X-Originating-IP/ IGNORE
# ---
# - Reject / Discard headers
# ---
/^To:.*<>/ REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
/^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
/^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004

22
roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
View File

@ -22,3 +22,25 @@
illuminatus\.lionheart\.lovejoy$
dancortez\.500$
geplosser\.pl$
zukunftbeitragen\.quest$
gulpagerts\.com$
flodesyta\.shop$
einfach-mail-express\.eu$
feowatley\.shop$
kssalon\.com$
zeitarbeitsgruppe\.com$
jobinscenter\.mom$
bilingates\.gsm\.pl$
^mail\.finsky-palace\.radio\.am$
^mail\.newslinkes\.radio\.fm$
thecaffeinatedquilter\.com$
^mail\.hossted\.app$
rea\.realflightshop\.com$
tetontimberlinetrading\.com$
walelaber\.shop$
couetsart\.xyz$
technedigitale\.com$
dia-two-2\.de$
surlumice\.store$
hecnvoipl\.xyz$
viastarco\.xyz$

52
roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
View File

@ -18,3 +18,55 @@
85.254.72.106
103.136.40.0/23
185.53.170.115
# zukunftbeitragen.quest
86.107.103.211
# RU (u.a. mail.geplosser.pl)
62.152.59.0/24
# GB mx.bilingates.gsm.pl
95.168.184.156
# RU (u.a. mx.jobinscenter.mom)
31.28.27.0/24
# RU (u.a. mx.novatechs.gen.tr)
93.189.44.0/22
# RU (u.a. vh126.timeweb.ru)
92.53.96.0/24
# RU (u.a. mail.newslinkes.radio.am)
45.130.151.0/24
# US - OLink Cloud LLC US Cloud ( u.a. pritionch.store)
104.160.19.0/24
# TR (u.a. dosvufpro.store
185.219.135.0/24
# RZ ( u.a. mx.jobinscenter.mom)
31.28.27.0/24
# RU (mx.novatechs.gen.tr)
93.189.44.0/22
# mx.bilingates.gsm.pl
95.168.184.156
# mail.finsky-palace.radio.am
89.163.230.186
# mail.newslinkes.radio.fm
62.3.58.20
# SC ( u.a. undialogy.store)
149.3.170.0/24
# tetontimberlinetrading.com
155.94.219.66
185.43.108.101
# US (u.a.walelaber.shop)
216.250.247.0/24
# IN (u.a. couetsart.xyz)
103.174.86.0/23
# DE ( u.a. smtp15.dia-two-2.de
193.168.252.0/23
# US ( u.a. surlumice.store )
# 192.161.160.0/19
192.161.173.22
# RU
194.87.236.0/22
# SC (u.a. werkzeughandeldirekt.net)
146.19.253.0/24
# Piscataway NJ (u.a. werkzeughandeldirekt.net)
209.182.224.0/22
# LV (u.a. eur-versand.com )
217.199.96.0/19
# viastarco.xyz (eur-versand.com)
163.123.180.214

19
roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
View File

@ -40,6 +40,23 @@
@geplosser\.pl$
@alfasells\.de$
@news-des-tages\.de$
@handel2022\.com$
@zukunftbeitragen\.quest$
@ip-51-83-242\.eu$
@notreesnolife\.com$
@ilsang\.biz$
vorteilsemail\.de$
@inbox\.ru$
@poeloker\.com$
@jobinscenter\.mom$
@novatechs\.gen\.tr$
@bilingates\.gsm\.pl$
@newslinkes\.radio\.fm$
@finsky-palace\.radio\.am$
@deutsche-ecommerce\.net$
@cpsarg\.com$
@markenhandelonline\.com$
firmen-infos\.com$
@inx1and1\..+$
@ppe-healthcare-europe\.\S+$
@ -56,3 +73,5 @@
# annoying spammer addresses
^error@mailfrom\.com$
^sqek@eike\.se$
^info@webmeinung\.de$
^info@handel-versand\.com$

51
roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAquVzjpidmKqq1AhSB1TvzA9fpXWBLmhbGyiaxr7Rq987+CZd
+aDKCBI11CCHlKmWu7/SXIGFFrHENvKip+KqsfHSKp6R5cgklnc+ok+UXZuBMegK
jX9/XmD48xF2/m+p8NOGWfVxiOiXrFPvvcRX9AD/qB318uUyjvcknUJ03NeAdB72
1u7yFIcOMLOBiVUQgguTPkB+QPMSnF5uOLqrmocLsKfHsSg4RRVN01BEKORw6f12
JImep/yaFvVu3XmSctl7q7QtAIAobats7VUJgRxHSf31phc1pQBXWJdz3lVehfCr
HBYM09FbskIBMmOlBz4mU2cU64jnYsqQNgs8fH9Ix0VCkhKM1EichoSNDqc1TTKo
yNHnfTkreuOWPxa+b8/FBqd/d4I8QLev7h3AzNJtq1ssINRgMmkSsJPEKq1qKriZ
+ZE19TXcb6RvNeOvYokr6dtwdTYE3bIZiaffJz1CeRzsr6YJ9ItzHGubKllsIS2n
yrYXP2X6ubCAyAi6n+hubN/scUqKPPby6B0hTSzguYSBLtHtsHtS7LWtbPkfDEv7
pS9mleMMB/PiYLOh2tmGNeTn3B2OglTFYWqe1miyeB/FNsIgC1+zbMSReufWTxDk
cmVGjg3kIuuv0DlnVmZZjvmAhXbGyi/xHuXkl1YOdCYVFdzxnqN991LGboECAwEA
AQKCAgBDSDboqzlQw9ChzezNqikGw/66G7sSVE+aL7BQEwxliGwJ1MEm6KDh8Jl0
vKHka6hGnszpUqzdNHu1zm0vf9QIXtaJpQh32QZenu/v4zjcab7BsUOGVe4FcFRT
Dks0/S2A/SZmAHYEmt4sIJfAtK6UCFifDbypNodjNfYaW/G6iLWwAgjYshZo8osp
rWKQeQcYzAnadnW+iHSJT7xBZWzuV8DIeiXqn5UXzb1oNq+/EcFKvllnJS9rn83i
wBo35Ac+ZFWGUldtXQeNtfIatmIZjNKcVPoDvBuIrMu2u1oI7L9cKFaVpjDCrChX
1Bi4h/aPFW7tYyYfXTUL9gg03tOe44GyO4/3LMrijHV6chYKtzPdv9Kq7TKfWi63
dyyi4W/3c7A8cWizyQwroJjN7aiFTokKXlj6TbgcbTByt5tsk2ItwMH1TwD55tpu
Uqf2vSA4PvPLw3EtGaRlBqD5OvgktH4SR/IsuCd5GRVRGUslU6T0OOzlWHMZBB16
2d/pBrHNW3toL2jeAXxDmGPZVgK5+CLqC88bKO0lO3d8HbnSW5WBDiP5wIuNA8R2
MRBsOwCd+PK/hqxCXWjsCNFmXLgSSJRP4aX0TvFbs06IV371f5I7LiBj5yL68oEz
dhUc+AVTFrGPTAHR/mXhevVYpNXeUUhUrkVr6spS80FfgO7tgQKCAQEA2anb3vAB
WsjuK++K29N3msqapt6SO+rA927ySpXEkM5AEf8+71b1RoEtJK9qrZ5Iy6JYrZgb
XZIycDllq7UURWej3dAPJeT4Wyy4tv+zX90GoJE2QMShnNf4jjkVtfiZ7v2qFly/
nn5ieGXNRGF1I1m1AMK93GdlXY/HDuPLf+OEedzKeEdlQC2/WyOE6sqZwE5BBAOn
2jvr2WmxTDxoFCV4UpZ7qPcQWVasH6Csaj4lXfMLjSMKnHwOCQmrO4qlDxChKcdw
4vQyKDU+XQxQ4puxbD123ZtD/3BqcoTA8EgnpsZlTcqLZeXlQxWZP2UVKii99xC3
u4tCP37BnGu/qQKCAQEAyP7ssmZ2AEXCwe51FdbPupOlE1D7eUIpfKGMzjiOOhus
qLjIClac7NqFhwMlu5hL9VkxyKGbjYVzbZQ39Jk8Ua20Z+XvF7uoLx3py5Rxxq8+
DW7rfaaaM/qa73hlOL9xniuozplqihzuXFRi826BSwEFbWUEit1MZfl+S7QYWVjD
eR41YIKvHDe629mwXn1bJum4biTCCoXVS3xgDPjEY60xwLZNk1IoYTuoznTO3Nt+
dhIywx+19v0gzBsggPfn7En9AEqqqFPOiM8WHaFU+earsFMQfUMrhcThatr7JzTc
R2WK96P6lGbl6LjMzp3MRnYSqvpYS13FciRed7lfGQKCAQARFMJbaWxBypjeO8si
2yJ8tD+Ursy9BPwlrsA22C/3ySfAAc7Xi3RuFv8K7PUrMMu3p0LcRJ6JJkrtAaQX
6Hrxw2NZqdU2fRR8WzMXsVNLR5YYjay7QnMIUu5/gr1QbXTvC1sIrDihYHurxRlp
r1g48PZCXAX4QOj0ga72XSwAGkOwKIJ/E+M/ORfWOCBbKJEORVXW0c6fUqp8gk3W
lLr6McKSgJqttM3EpQeW583//GaES+lxJvnTM+0KCoc0gfnYB88N70fNl6pD+4Gs
XaYPUnaG7v/f/ipE5naEDCTz9kWeUd1rUGTGF1d5fz1qey1BBLd7pwU0I4aMYw8g
jlgZAoIBAQCgr/03Wua3rQ3Y0PTWMtf7x5HPcYy6EoTsWJMjQt+h4QIWGTQD396x
FLpvh7qg0U7YpShBx8F+UNRJJJffeqpYelCiR5bwGFyK3pVM5i5Xsz4eqzClUY4y
RAWdsVjrF1KUKz9XfBtKs3p0YhqBlzTSa8yU+o+5HNa5J88qYp6cv3P23om50ICC
RKOko9J2mC1JXMzPcZ+Xngs5wANiG3eWYJ5H/Pbj8mjJ41I/S+8dbnUZm87tY+qr
vQ59XqqLsKW/qB8WHpt02xthEH4TzikLaLiVzLKAEjU3SoEUVmE3pPD+O1XwSS5J
ekIP3b4O6OSo6DhgbKguCJeTezPy70XxAoIBAH8+SK4eaw7EUWAkxY4VDuP+VEOh
VI80/lmPaPRzaYHodpKMVX27mYqU03n8VqE8Tu1DI0DAKcDAB28hPTdbbJ21oSGr
9sJa3lSuOC/TVv/Q3nVUCTO+EaJ/qTjJQDukDWW4pQCfMJANRszlyQ+tJ46/4ofI
MqTiWbKZj32xUw/dY+XH2ZRYOQvndT8kpxBTUuGPPJliZ1YaO+9hhUGBlhrcrU7y
Uq7xVrG3MBn0I6ibwRGy+zo82ZZIrblMT+Fz3jQVjQzyIKiQvph+8QivFWThR+ej
K2S7h4A/UD69jkIy5nDVGEmL8cMS2Wgn3RAwyS5c7aUaVS+F93zzw2cyx1E=
-----END RSA PRIVATE KEY-----

1
roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCq5XOOmJ2YqqrUCFIHVO/MD1+ldYEuaFsbKJrGvtGr3zv4Jl35oMoIEjXUIIeUqZa7v9JcgYUWscQ28qKn4qqx8dIqnpHlyCSWdz6iT5Rdm4Ex6AqNf39eYPjzEXb+b6nw04ZZ9XGI6JesU++9xFf0AP+oHfXy5TKO9ySdQnTc14B0HvbW7vIUhw4ws4GJVRCCC5M+QH5A8xKcXm44uquahwuwp8exKDhFFU3TUEQo5HDp/XYkiZ6n/JoW9W7deZJy2XurtC0AgChtq2ztVQmBHEdJ/fWmFzWlAFdYl3PeVV6F8KscFgzT0VuyQgEyY6UHPiZTZxTriOdiypA2Czx8f0jHRUKSEozUSJyGhI0OpzVNMqjI0ed9OSt645Y/Fr5vz8UGp393gjxAt6/uHcDM0m2rWywg1GAyaRKwk8QqrWoquJn5kTX1NdxvpG81469iiSvp23B1NgTdshmJp98nPUJ5HOyvpgn0i3Mca5sqWWwhLafKthc/Zfq5sIDICLqf6G5s3+xxSoo89vLoHSFNLOC5hIEu0e2we1Lsta1s+R8MS/ulL2aV4wwH8+Jgs6Ha2YY15OfcHY6CVMVhap7WaLJ4H8U2wiALX7NsxJF659ZPEORyZUaODeQi66/QOWdWZlmO+YCFdsbKL/Ee5eSXVg50JhUV3PGeo333UsZugQ== root@mx

134
roles/common/files/mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf Normal file
View File

@ -0,0 +1,134 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings for script check_cert_for_dovecot.sh
#-----------------------------
#---------------------------------------
# - service_domain
# -
# - The main domain for which the certificate was issued
# -
# - Example:
# - service_domain="a.mx.oopen.de"
# - service_domain="mail.cadus.org"
# - service_domain="mx.warenform.de"
# -
#service_domain=""
service_domain="mx.warenform.de"
# - service_name
# -
# - Name of service.
# -
# - Note: this var will also be used to determin systemd service file
# - or sysVinit script.
# -
# - Example:
# - service_name="Mumble"
# - service_name="Prosody"
# -
# - Defaults to:
# - service_name="Dovecot"
# -
#service_name=""
# - check_string_ps
# -
# - String wich (clearly) identifies the service at the process list (ps)
# -
# - Example:
# - check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
# - check_string_ps=""
# -
# - Defaults to:
# - check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
# -
#check_string_ps=""
# - service_user
# -
# - User under which the service is running.
# -
# - Example:
# - service_user="mumble-server"
# - service_user="prosody"
# -
# - Defaults to:
# - service_user="prosody"
# -
#service_user=""
# - service_group
# -
# - Group under which the service is running.
# -
# - Example:
# - service_group="mumble-server"
# - service_group="prosody"
# -
# - Defaults to:
# - service_group="prosody"
# -
#service_group=""
# - cert_installed
# -
# - Locataion of certificate read by service
# -
# - Example:
# - cert_installed="/var/lib/mumble-server/fullchain.pem"
# - cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.crt
# -
#cert_installed=""
# - key_installed
# -
# - Location of the key read by service
# -
# - Example:
# - key_installed="/var/lib/mumble-server/privkey.pem"
# - key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.key
# -
#key_installed=""
# - cert_newest
# -
# - Location of the newest certificate.
# -
# - Example:
# - cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
# - cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
# -
#cert_newest=""
# - key_newest
# -
# - Location of the newest Key
# -
# - Example:
# - key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
# - key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/privkey.pem
# -
#key_newest=""

154
roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,154 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=false
check_apache=true
check_php_fpm=true
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="7.4"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

174
roles/common/files/mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,174 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
dns_dkim_zone_master_server="dns0.warenform.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
#key_secret=""
key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
#key_name=
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

86
roles/common/files/mx.warenform/root/bin/postfix/conf/postfix_add_mailboxes.conf Normal file
View File

@ -0,0 +1,86 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'postfix_add_mailboxes.sh'.
# ---
# ----------------------------------------------------
# - dovecot_enc_method
# -
# - The (dovecot) password scheme which should be used to generate the hashed
# - passwords of EXISTING users.
# -
# - Possible values are:
# -
# - See output of 'doveadm pw -l'
# -
# - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT"
# -
#dovecot_enc_method="SHA512-CRYPT"
# - in_file
# -
# - The file from wich the script reads the e-mail-address/password
# - kombination(s). Each line in this file must only contain
# - <emal-address> <password>
# -
# - Defaults to: in_file="${conf_dir}/mailboxes_new.lst"
# -
#in_file="${conf_dir}/mailboxes_new.lst"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '--defaults-file=/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '--defaults-file=/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - quota
# -
# - The quota setting for the new mailboxes.
# -
# - Defaults to: quota="536870912"
# -
#quota="536870912"
quota=2147483648
# - log_file
# -
# - Where to write logging informations?
# -
# - Defaults to: log_file="${script_dir}/log/postfix_add_mailboxes.log"
# -
#log_file="${script_dir}/log/postfix_add_mailboxes.log"

92
roles/common/files/mx.warenform/root/bin/postfix/conf/sent_userinfo_postfix.conf Normal file
View File

@ -0,0 +1,92 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'sent_userinfo_postfix.sh'.
# ---
# ----------------------------------------------------
# - message_body_file
# -
# - Full path to file containing the user info. This file must contain
# - the message body WITHOUT e-mail headers. If file is placed in the
# - 'files' directory use '${file_dir}/<file-name>'
# -
# - Defaults to '${file_dir}/sent_userinfo_postfix.message'
# -
#message_body_file="${file_dir}/sent_userinfo_postfix.email"
# - email_from
# -
# - From Address of user info
# -
# - Example: 'oo@oopen.de'
# -
email_from="admin@warenform.net"
# - email_from_org
# -
# - Example: email_from_org="O.OPEN"
# -
email_from_org="WARENFORM"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - mail_user
# -
# - The owner of the mailbox directories and within the e-mails itself.
# -
# - defaults to mail_user="vmail"
# -
#mail_user="vmail"
# - mail_group
# -
# - The group of the mailbox directories
# -
# - defaults to mail_group="vmail"
# -
#mail_group="vmail"
# - mail_basedir - No more needed!
# -
# - The root directory where all mailbox-domains are located.
# -
# - Defaults to '/var/vmail'.
# -
#mail_basedir=/var/vmail

44
roles/common/files/mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

8
roles/common/handlers/main.yml
View File

@ -20,6 +20,14 @@
name: ssh
state: restarted
- name: Reload nfs
service:
name: nfs-kernel-server
state: reloaded
enabled: yes
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Restart postfix
service:
name: postfix

18
roles/common/tasks/copy_files.yml
View File

@ -19,6 +19,24 @@
- copy-files
- copy-plain-files
- name: (copy_files.yml) Copy plain files Postfix (/etc/postfix)
copy:
src: '{{ item.src_path }}'
dest: '{{ item.dest_path }}'
owner: root
group: root
mode: '0644'
loop: "{{ copy_plain_files_postfix }}"
loop_control:
label: 'dest: {{ item.name }}'
when:
- inventory_hostname in groups['mail_server']
- copy_plain_files_postfix is defined
- copy_plain_files_postfix|length > 0
tags:
- copy-files
- copy-plain-files
- name: (copy_files.yml) Copy plain files Postfix Firewall (postfwd)
copy:
src: '{{ item.src_path }}'

9
roles/common/tasks/main.yml
View File

@ -131,6 +131,15 @@
tags: git
# tags supported inside nfs.yml:
#
# nfs-server
# nfs-client
- import_tasks: nfs.yml
tags:
- nfs
# tags supported inside copy_files.yml:
#
# copy-files

96
roles/common/tasks/nfs.yml Normal file
View File

@ -0,0 +1,96 @@
---
# ---
# NFS Server
# ---
- name: (nfs.yml) Ensure NFS utilities (server) are installed.
apt:
name:
- nfs-common
- nfs-kernel-server
state: present
when:
- ansible_os_family == "Debian"
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
- name: (nfs.yml) Ensure directories to export exist
file:
path: '{{ item.src.split(":")[1] }}'
owner: root
group: root
mode: '0755'
state: directory
with_items: "{{ nfs_exports }}"
loop_control:
label: '{{ item.path }}'
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
- name: (nfs.yml) Copy exports file.
template:
src: etc/exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
notify: Reload nfs
tags:
- nfs-server
- name: Enable service rpc-statd and ensure it is not masked
systemd:
name: rpc-statd
enabled: yes
masked: no
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Make sure service rpc-statd is running
systemd:
state: started
name: rpc-statd
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
# ---
# NFS clients
# ---
- name: (nfs.yml) Ensure NFS utilities (clients) are installed.
apt:
pkg: nfs-common
state: present
when:
- ansible_os_family == "Debian"
- "groups['nfs_client']|string is search(inventory_hostname)"
tags:
- nfs-client
- name: (nfs.yml) NFS Mount exports from nfs server
mount:
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: nfs
opts: "{{ item.mount_opts }}"
dump: "{{ item.dump | default(omit) }}"
passno: "{{ item.passno | default(omit) }}"
state: mounted
loop: "{{ nfs_exports }}"
loop_control:
label: '{{ item.src }}'
when:
- "groups['nfs_client']|string is search(inventory_hostname)"
tags:
- nfs-client

10
roles/common/tasks/samba-config-server.yml
View File

@ -4,6 +4,16 @@
# Samba Server
# ---
- name: (samba-install.yml) Ensure samba packages server are installed.
package:
pkg: '{{ apt_install_server_samba }}'
state: present
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
- name: (samba-config-server.yml) Ensure samba share directories exists
file:
path: "{{ item.path }}"

31
roles/common/templates/etc/exports.j2 Normal file
View File

@ -0,0 +1,31 @@
# {{ ansible_managed }}
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
{% set count = namespace(nfs_exports=100) %}
{% for export in nfs_exports %}
{% set export_str= namespace(nfs_exports = export.src.split(":")[1]) %}
{% set count.nfs_exports = count.nfs_exports + 10 %}
{% for network in export.export_networks %}
{% if export.use_fsid_option is defined and export.use_fsid_option is sameas true %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
{% else %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }})
{% endif %}
{% endfor %}
{{ export_str.nfs_exports }}
{% endfor %}

6
roles/common/templates/usr/local/src/mailsystem/conf/install_amavis.conf.j2
View File

@ -7,7 +7,11 @@
_HOSTNAME={{ hostname }}
_IPV4='{{ ipv4_address | default(omit) }}'
_IPV6='{{ ipv6_address | default(omit) }}'
{% if ipv6_address is defined and ipv6_address %}
_IPV6="{{ ipv6_address }}"
{% else %}
_IPV6=disabled
{% endif %}
_QUARANTINE_DIR=/var/QUARANTINE
_QUARANTINE_ADMIN=postmaster\@$mydomain

12
roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
View File

@ -11,10 +11,20 @@
_HOSTNAME={{ hostname }}
_IPV4='{{ ipv4_address | default(omit) }}'
_IPV6='{{ ipv6_address | default(omit) }}'
{% if ipv6_address is defined and ipv6_address %}
_IPV6="{{ ipv6_address }}"
{% else %}
_IPV6=disabled
{% endif %}
_ADMIN_EMAIL="{{ admin_email }}"
_SASL_AUTH_ENABLED="{{ sasl_auth_enable | default('no') }}"
_SASL_USER='{{ sasl_user | default(omit) }}'
_SASL_PASS='{{ sasl_pass | default(omit) }}'
{% if is_sympa_list_server is defined and is_sympa_list_server is sameas true %}
_RELAY_HOST=true
_SYMPA_LIST_SERVER=true
{% else %}
_RELAY_HOST="{{ is_relay_host | default('false') }}"
_SYMPA_LIST_SERVER=false
{% endif %}

8
roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
View File

@ -42,7 +42,11 @@ IPV6="{{ ipv6_address | default(omit) }}"
# -
# - Defaults to 'admin@<domain>.<tld>'
# -
{% if (admin_email is defined) and admin_email %}
POSTFIX_DB_HOST_PGSQL="{{ postfix_db_host }}"
{% else %}
#WEBMASTER_EMAIL=""
{% endif %}
# - Base Directory of Roundcube Website
# -
@ -290,7 +294,11 @@ POSTFIX_DB_PASSWD='{{ postfix_db_pass | default(omit) }}'
# -
# - Defaults to 'false'
# -
{% if roundcube_acl_plugin is defined and roundcube_acl_plugin is sameas true %}
INCLUDE_ACL_PLUGIN="true"
{% else %}
#INCLUDE_ACL_PLUGIN="false"
{% endif %}
# ===

4
roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf.j2
View File

@ -265,7 +265,11 @@ POSTFIX_DB_PASSWD='{{ postfix_db_pass | default(omit) }}'
# -
# - Defaults to 'false'
# -
{% if roundcube2_acl_plugin is defined and roundcube2_acl_plugin is sameas true %}
INCLUDE_ACL_PLUGIN="true"
{% else %}
#INCLUDE_ACL_PLUGIN="false"
{% endif %}
# ===

2
roles/common/templates/var/www/.ssh/config.j2
View File

@ -1,5 +1,5 @@
# {{ ansible_managed }}
Host wf.oopen.de 80.152.216.128 gw-d11.oopen.de d11.warenform.de
Host wf.oopen.de 79.140.184.145 gw-d11.oopen.de d11.warenform.de
user webadmin
Protocol 2
Port 9998