ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2022-11-17 18:10:40 +01:00
parent f80772ed42
commit 45115c6700
75 changed files with 5165 additions and 436 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
group_vars/all/main.yml
View File

@ -987,7 +987,6 @@ default_user:
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash shell: /bin/bash
ssh_keys: ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
@ -1334,11 +1333,27 @@ git_lxc_guest_repositories:
git_gateway_repositories: git_gateway_repositories:
# install repositories (destination: /usr/local/src/)
# mailsystem
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# firewall # firewall
- name: ipt-gateway - name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway dest: /usr/local/src/ipt-gateway
# script repositories (destination /root/bin/)
# Monitoring
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
- name: manage-gw-config
repo: https://git.oopen.de/script/manage-gw-config
dest: /root/bin/manage-gw-config
# --- # ---
# group [apache2_webserver] # group [apache2_webserver]
@ -1544,6 +1559,33 @@ git_jitsi_meet_repositories:
git_other_repositories: [] git_other_repositories: []
# ==========
# vars used by roles/common/tasks/nfs.yml
# ==========
nfs_server: {}
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
#nfs_exports:
# - src: 192.168.112.10:/data/home
# path: /data/home
# mount_opts: users,rsize=8192,wsize=8192,hard,intr
# export_opt: rw,root_squash,sync,subtree_check
# export_networks:
# - 192.168.112.0/24
# - 10.0.112.0/24
# - 10.1.112.0/24
# - 192.168.63.0/24
# use_fsid_option: true
#
nfs_exports: []
# --- # ---
# vars used by roles/common/tasks/copy_files.yml # vars used by roles/common/tasks/copy_files.yml
# --- # ---
@ -1552,6 +1594,17 @@ copy_plain_files: []
copy_plain_files_postfwd_host_specific: [] copy_plain_files_postfwd_host_specific: []
copy_plain_files_postfix:
- name: header_checks.pcre
src_path: mailserver/etc/postfix/header_checks.pcre
dest_path: /etc/postfix/header_checks.pcre
- name: body_check.pcre
src_path: mailserver/etc/postfix/body_check.pcre
dest_path: /etc/postfix/body_check.pcre
copy_plain_files_postfwd: copy_plain_files_postfwd:
# Postfix Firewall postfwd # Postfix Firewall postfwd

6
host_vars/a.mx.oopen.de.yml
View File

@ -196,6 +196,8 @@ roundcube_db_user: roundcube
#roundcube_db_host: localhost #roundcube_db_host: localhost
roundcube_db_pass: '3Dsz3j5R' roundcube_db_pass: '3Dsz3j5R'
roundcube_acl_plugin: true
roundcube_product_name: O.OPEN - Webmailer roundcube_product_name: O.OPEN - Webmailer
roundcube_support_url: https://www.oopen.de roundcube_support_url: https://www.oopen.de
roundcube_skin_logo: "images/oopen-logo.png" roundcube_skin_logo: "images/oopen-logo.png"
@ -210,6 +212,8 @@ roundcube_2_db_user: roundcube
#roundcube_2_db_host: localhost #roundcube_2_db_host: localhost
roundcube_2_db_pass: '3Dsz3j5R' roundcube_2_db_pass: '3Dsz3j5R'
roundcube2_acl_plugin: true
roundcube_2_product_name: O.OPEN - Webmailer roundcube_2_product_name: O.OPEN - Webmailer
roundcube_2_support_url: https://www.oopen.de roundcube_2_support_url: https://www.oopen.de
roundcube_2_skin_logo: "images/oopen-logo.png" roundcube_2_skin_logo: "images/oopen-logo.png"
@ -221,7 +225,7 @@ template_files_mailsystem_script:
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2 src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
- name: mailsystem_install_postfixadmin.conf - name: mailsystem__postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf

2
host_vars/b.mx.oopen.de.yml
View File

@ -144,6 +144,6 @@ template_files_mailsystem_script:
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2 src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
- name: install_postfix_advanced.conf - name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf

8
host_vars/c.mx.oopen.de.yml
View File

@ -155,7 +155,7 @@ db_in_use: !!str "true"
postfix_db_type: MySQL postfix_db_type: MySQL
postfix_db_name: postfix postfix_db_name: postfix
postfix_db_user: postfix postfix_db_user: postfix
postfix_db_host: 127.0.0.1 #postfix_db_host:
postfix_db_pass: AeB4kohyie5rahJ7 postfix_db_pass: AeB4kohyie5rahJ7
# install_amavis.conf # install_amavis.conf
@ -201,9 +201,11 @@ autoreply_hostname: autoreply.initiativenserver.de
roundcube_db_type: mysql roundcube_db_type: mysql
roundcube_db_name: roundcubemail roundcube_db_name: roundcubemail
roundcube_db_user: roundcube roundcube_db_user: roundcube
roundcube_db_host: localhost #roundcube_db_host:
roundcube_db_pass: 're6Xe8Fereejai3D' roundcube_db_pass: 're6Xe8Fereejai3D'
roundcube_acl_plugin: false
roundcube_product_name: Webmailer Initiativenserver roundcube_product_name: Webmailer Initiativenserver
roundcube_support_url: "https://www.aktionsbuendnis-brandenburg.de/" roundcube_support_url: "https://www.aktionsbuendnis-brandenburg.de/"
roundcube_skin_logo: "images/oopen-logo.png" roundcube_skin_logo: "images/oopen-logo.png"
@ -215,7 +217,7 @@ template_files_mailsystem_script:
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2 src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
- name: mailsystem_install_postfixadmin.conf - name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf

137
host_vars/d.mx.oopen.de.yml Normal file
View File

@ -0,0 +1,137 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_compiler_pkgs: true
apt_install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: id-rsa-dehydrated
priv_key_src: d.mx/root/.ssh/d.mx-id_rsa-dehydrated
priv_key_dest: /root/.ssh/id_rsa-dehydrated
pub_key_src: d.mx/root/.ssh/d.mx-id_rsa-dehydrated.pub
pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
- name: id-rsa-opendkim
priv_key_src: d.mx/root/.ssh/d.mx-id_rsa-opendkim
priv_key_dest: /root/.ssh/id_rsa-opendkim
pub_key_src: d.mx/root/.ssh/d.mx-id_rsa-opendkim.pub
pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
copy_plain_files:
- name: monitoring_check_webservice_load.conf
src_path: d.mx/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
- name: postfix_create_opendkim_key.conf
src_path: d.mx/root/bin/postfix/conf/create_opendkim_key.conf
dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
- name: postfix_whitelist_mb_sigs.conf
src_path: d.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf
dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
- name: install_sympa.conf
src_path: lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
dest_path: /usr/local/src/sympa/conf/install_sympa.conf
copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---
hostname: d.mx.oopen.de
ipv4_address: 95.217.204.227
ipv6_address: 2a01:4f9:4a:47e5::227
admin_email: argus@oopen.de
is_relay_host: false
is_sympa_list_server: true
# install_amavis.conf
#
mp_receipt_number: 106015125438
si_authorisation_signature: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
template_files_mailsystem_script:
- name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
- name: mailsystem_install_amavis.conf
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf

4
host_vars/e.mx.oopen.de.yml
View File

@ -189,6 +189,10 @@ roundcube_skin_logo: "images/oopen-logo.png"
template_files_mailsystem_script: template_files_mailsystem_script:
- name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
- name: mailsystem_install_amavis.conf - name: mailsystem_install_amavis.conf
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2 src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf

575
host_vars/file-fhxb.fhxb.netz
View File

@ -154,14 +154,51 @@ sudo_users:
# --- # ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.192.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.192.10:/data/home
path: /data/home
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.192.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
- src: 192.168.192.10:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.192.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
# --- # ---
# vars used by roles/common/tasks/samba-config-server.yml # vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml # vars used by roles/common/tasks/samba-user.yml
# --- # ---
samba_workgroup: OPP samba_workgroup: FHXB
samba_netbios_name: ZAPATA samba_netbios_name: FILE-FHXB
samba_server_min_protocol: !!str NT1 samba_server_min_protocol: !!str NT1
@ -217,28 +254,29 @@ samba_user:
- name: chris - name: chris
groups: groups:
- FHXB-Bildarchiv - fhxb-bildarchiv
- FHXB-Sammlungen - fhxb-sammlungen
- Archiv - archiv
- Ausstellungen - ausstellungen
- Forschung - forschung
- Gedenken-im-Stadtraum - gedenken-im-stadtraum
- Projekte - projekte
- Publikationen - publikationen
- Stolpersteine - stolpersteine
- Veranstaltungen - veranstaltungen
- vze
- Buero - buero
- Intern - intern
- Museum-Organisation - museum-organisation
- Presse-Orga-Oeffentlichkeit - presse-orga-oeffentlichkeit
- Team - team
- Technik - technik
- Vermietung - vermietung
- Vermittlung - vermittlung
- Leitung - leitung
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
@ -250,32 +288,318 @@ samba_user:
- name: sysadm - name: sysadm
groups: groups:
- archiv
- FHXB-Bildarchiv - ausstellungen
- buero
- FHXB-Sammlungen - forschung
- gedenken-im-stadtraum
- Archiv - intern
- Ausstellungen - leitung
- Forschung - museum-organisation
- Gedenken-im-Stadtraum - presse-orga-oeffentlichkeit
- Projekte - projekte
- Publikationen - publikationen
- Stolpersteine - stolpersteine
- Veranstaltungen - team
- technik
- Buero - veranstaltungen
- Intern - vermietung
- Museum-Organisation - vermittlung
- Presse-Orga-Oeffentlichkeit - vze
- Team - fhxb-bildarchiv
- Technik - fhxb-sammlungen
- Vermietung
- Vermittlung
- Leitung
password: '5hE-7n.JRQ9Y' password: '5hE-7n.JRQ9Y'
# Archiv01
- name : a.rchiv01
groups:
- archiv
- fhxb-bildarchiv
- fhxb-sammlungen
password: '45pS2X-rim.e'
# Archiv02
- name : a.rchiv02
groups:
- archiv
- fhxb-bildarchiv
- fhxb-sammlungen
password: '7gqKY/7-nh3Q'
# Astrid Schiemann
- name : a.schiemann
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- intern
- leitung
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'G.u3r.tJ6Qkh'
# Babara Schaller
- name : b.schaller
groups:
- archiv
- buero
- publikationen
- team
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'ufPmZ.L/63yJ'
# Ellen Thieleman
- name : e.thieleman
groups:
- ausstellungen
- buero
- projekte
- team
password: 'MFS79-tzWA/c'
# Erika Hausotter
- name : e.hausotter
groups:
- archiv
- team
password: 'A/pY4-9VvUdo'
# Florian Helm
- name : f.helm
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- intern
- leitung
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
- vze
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'z2FE..fUh4fx'
# Frauke Erdmann
- name : f.erdmann
groups:
- archiv
- buero
- publikationen
- team
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'P/yV5N9rxA-Y'
# Gerhard Grosche
- name : g.grosche
groups:
- archiv
- publikationen
- team
- fhxb-bildarchiv
- fhxb-sammlungen
password: '6/H-EgRqP9-T'
# Heike Müller
- name : h.mueller
groups:
- buero
- team
password: 'VT7/n5hHy-Av'
# Jana König
- name : j.koenig
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- intern
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'fE6.2K/HpnuS'
# Jorinde Splettstößer
- name : j.splettstoesser
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- intern
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
- vze
- fhxb-bildarchiv
- fhxb-sammlungen
password: '2/octHEm/g5H'
# Natalie Bayer
- name : n.bayer
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- intern
- leitung
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
- vze
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'AI/.44Jt6rhY'
# Norbert Schropp
- name : n.schropp
groups:
- archiv
- ausstellungen
- publikationen
- team
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'rK/puJ2.7sb4'
# Praktikum 01
- name : p.raktikum01
groups:
- ausstellungen
- buero
- presse-orga-oeffentlichkeit
- team
- veranstaltungen
- vermietung
password: '2IN.R5HIq-ig'
# Praktikum 02
- name : p.raktikum02
groups:
- ausstellungen
- buero
- presse-orga-oeffentlichkeit
- team
- veranstaltungen
- vermietung
password: 'NnRYo5-d6i/n'
# Volo 01
- name : v.olo01
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
password: 'A/pY4-9VvUdo'
# Volo 02
- name : v.olo02
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
- vze
password: 'sp29q-Yn-6PY'
# Volo 03
- name : v.olo03
groups:
- archiv
- ausstellungen
- buero
- forschung
- gedenken-im-stadtraum
- museum-organisation
- presse-orga-oeffentlichkeit
- projekte
- publikationen
- stolpersteine
- team
- technik
- veranstaltungen
- vermietung
- vermittlung
- vze
- fhxb-bildarchiv
- fhxb-sammlungen
password: 'n7I.fSsR-9vv'
base_home: /home base_home: /home
# remove_samba_users: # remove_samba_users:
@ -288,26 +612,6 @@ remove_samba_users:
samba_shares: samba_shares:
- name: FHXB-Bildarchiv
comment: Bildarchiv auf Fileserver
path: /data/samba/FHXB-Bildarchiv/Bildarchiv
group_valid_users: fhxb-bildarchiv
group_write_list: fhxb-bildarchiv
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: FHXB-Sammlungen
comment: FHXB-Sammlungen auf Fileserver
path: /data/samba/Darchim2/Bildarchiv
group_valid_users: fhxb-sammlungen
group_write_list: fhxb-sammlungen
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Archiv - name: Archiv
comment: Archiv auf Fileserver comment: Archiv auf Fileserver
path: /data/samba/FHXB-Server/Archiv path: /data/samba/FHXB-Server/Archiv
@ -328,6 +632,16 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle' recycle_path: '@Recycle'
- name: Buero
comment: Buero auf Fileserver
path: /data/samba/FHXB-Server/Buero
group_valid_users: buero
group_write_list: buero
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Forschung - name: Forschung
comment: Forschung auf Fileserver comment: Forschung auf Fileserver
path: /data/samba/FHXB-Server/Forschung path: /data/samba/FHXB-Server/Forschung
@ -348,67 +662,6 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle' recycle_path: '@Recycle'
- name: Projekte
comment: Projekte auf Fileserver
path: /data/samba/FHXB-Server/Projekte
group_valid_users: projekte
group_write_list: projekte
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Publikationen
comment: Publikationen auf Fileserver
path: /data/samba/FHXB-Server/Publikationen
group_valid_users: publikationen
group_write_list: publikationen
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Stolpersteine
comment: Stolpersteine auf Fileserver
path: /data/samba/FHXB-Server/Stolpersteine
group_valid_users: stolpersteine
group_write_list: stolpersteine
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Veranstaltungen
comment: Veranstaltungen auf Fileserver
path: /data/samba/FHXB-Server/Veranstaltungen
group_valid_users: Veranstaltungen
group_write_list: Veranstaltungen
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: VZE
comment: VZE auf Fileserver
path: /data/samba/FHXB-Server/VZE
group_valid_users: vze
group_write_list: vze
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Buero
comment: Buero auf Fileserver
path: /data/samba/FHXB-Server/Buero
group_valid_users: buero
group_write_list: buero
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Intern - name: Intern
comment: Intern auf Fileserver comment: Intern auf Fileserver
path: /data/samba/FHXB-Server/Intern path: /data/samba/FHXB-Server/Intern
@ -449,6 +702,36 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle' recycle_path: '@Recycle'
- name: Projekte
comment: Projekte auf Fileserver
path: /data/samba/FHXB-Server/Projekte
group_valid_users: projekte
group_write_list: projekte
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Publikationen
comment: Publikationen auf Fileserver
path: /data/samba/FHXB-Server/Publikationen
group_valid_users: publikationen
group_write_list: publikationen
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Stolpersteine
comment: Stolpersteine auf Fileserver
path: /data/samba/FHXB-Server/Stolpersteine
group_valid_users: stolpersteine
group_write_list: stolpersteine
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Team - name: Team
comment: Team auf Fileserver comment: Team auf Fileserver
path: /data/samba/FHXB-Server/Team path: /data/samba/FHXB-Server/Team
@ -469,6 +752,26 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle' recycle_path: '@Recycle'
- name: VZE
comment: VZE auf Fileserver
path: /data/samba/FHXB-Server/VZE
group_valid_users: vze
group_write_list: vze
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Veranstaltungen
comment: Veranstaltungen auf Fileserver
path: /data/samba/FHXB-Server/Veranstaltungen
group_valid_users: veranstaltungen
group_write_list: veranstaltungen
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Vermietung - name: Vermietung
comment: Vermietung auf Fileserver comment: Vermietung auf Fileserver
path: /data/samba/FHXB-Server/Vermietung path: /data/samba/FHXB-Server/Vermietung
@ -489,6 +792,26 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle' recycle_path: '@Recycle'
- name: FHXB-Bildarchiv
comment: Bildarchiv auf Fileserver
path: /data/samba/FHXB-Bildarchiv/Bildarchiv
group_valid_users: fhxb-bildarchiv
group_write_list: fhxb-bildarchiv
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: FHXB-Sammlungen
comment: FHXB-Sammlungen auf Fileserver
path: /data/samba/Darchim2/Bildarchiv
group_valid_users: fhxb-sammlungen
group_write_list: fhxb-sammlungen
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
# ============================== # ==============================

227
host_vars/ga-st-mail.ga.netz.yml Normal file
View File

@ -0,0 +1,227 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_compiler_pkgs: true
apt_install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: id-rsa-dehydrated
priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated
priv_key_dest: /root/.ssh/id_rsa-dehydrated
pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub
pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
- name: id-rsa-opendkim
priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim
priv_key_dest: /root/.ssh/id_rsa-opendkim
pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub
pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
copy_plain_files:
# /root/bin/monitoring
#
- name: monitoring_check_cert_for_dovecot.conf
src_path: ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf
src_path: ga-st-mail/root/bin/postfix/conf/create_opendkim_key.conf
dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
- name: postfix_postfix_add_mailboxes.conf
src_path: ga-st-mail/root/bin/postfix/conf/postfix_add_mailboxes.conf
dest_path: /root/bin/postfix/conf/postfix_add_mailboxes.conf
- name: postfix_sent_userinfo_postfix.conf
src_path: ga-st-mail/root/bin/postfix/conf/sent_userinfo_postfix.conf
dest_path: /root/bin/postfix/conf/sent_userinfo_postfix.conf
- name: postfix_whitelist_mb_sigs.conf
src_path: ga-st-mail/root/bin/postfix/conf/whitelist_mb_sigs.conf
dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
copy_plain_files_postfwd_host_specific: []
# Postfix Firewall postfwd
#
#- name: postfwd.wl-user
# src_path: ga-st-mail/etc/postfix/postfwd.wl-user
# dest_path: /etc/postfix/postfwd.wl-user
#copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---
hostname: mx.gemeinschaft-altenschlirf.de
ipv4_address: 192.168.11.2
#ipv6_address:
admin_email: it@gemeinschaft-altenschlirf.org
is_relay_host: !!str "false"
db_in_use: !!str "true"
# postfix_db_type
#
# possible values are 'PostgreSQL' and 'MySQL'
postfix_db_type: PostgreSQL
postfix_db_name: postfix
postfix_db_user: postfix
#postfix_db_host:
postfix_db_pass: R_wuKauoTE7+AJg9
# install_amavis.conf
#
mp_receipt_number: 106015125438
si_authorisation_signature: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
# install_postfixadmin.conf
#
website_name_postfixadmin: adm.gemeinschaft-altenschlirf.de
email_welcome_message: "\n
Hallo,\n
Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n
IT Team Gemeinschaft Altenschlirf\n
--\n
Gemeinschaft Altenschlirf | Phone: +49 6647 / 9606 0\n
Müser Straße 1 | Fax: +49 6647 / 9606 179\n
D-36358 Herbstein | E-Mail: it@gemeinschaft-altenschlirf.de\n
"
# install_update_dovecot.conf
#
dovecot_from_address: "Administrator E-Mail <postmaster@gemeinschaft-altenschlirf.de>"
dovecot_reply_to: "postmaster@gemeinschaft-altenschlirf.de"
webmailer_address: "https://webmail.gemeinschaft-altenschlirf.de"
salutation: "IT Team Gemeinschaft Altenschlirf\n
--\n
Gemeinschaft Altenschlirf | Phone: +49 6647 / 9606 0\n
Müser Straße 1 | Fax: +49 6647 / 9606 179\n
D-36358 Herbstein | E-Mail: it@gemeinschaft-altenschlirf.de\n
"
# install_upgrade_roundcube-webmail.conf
#
# Webmailer
webmail_site_name: webmail.gemeinschaft-altenschlirf.de
autoreply_hostname: autoreply.gemeinschaft-altenschlirf.de
# possible values: 'pgsql' or 'mysql'
roundcube_db_type: pgsql
roundcube_db_name: roundcubemail
roundcube_db_user: roundcube
#roundcube_db_host:
roundcube_db_pass: 'K3TbMmTfnCXdj4vz'
#roundcube_acl_plugin: true
roundcube_product_name: Gemeinschaft Altenschlirf - Webmailer
roundcube_support_url: https://www.gemeinschaft-altenschlirf.de
roundcube_skin_logo: "images/oopen-logo.png"
template_files_mailsystem_script:
- name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
- name: mailsystem_install_amavis.conf
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
- name: mailsystem_install_postfixadmin.conf
src_path: usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfixadmin.conf
- name: mailsystem_install_update_dovecot.conf
src_path: usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_update_dovecot.conf
- name: mailsystem_install_upgrade_roundcube-webmail.conf
src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf

278
host_vars/gw-fhxb.oopen.de.yml Normal file
View File

@ -0,0 +1,278 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
- device: eno1
headline: eno1 - Uplink DSL via Fritz!Box
auto: true
family: inet
method: static
address: 192.168.178.254
netmask: 24
gateway: 192.168.178.1
nameservers:
- 127.0.0.1
- 192.168.192.1
search: fhxb.netz
- device: eno2
headline: eno2 - LAN
auto: true
family: inet
method: static
address: 192.168.192.254
netmask: 24
- device: eno2:ns
headline: eno2:ns - Alias on eno5 (Nameserver)
auto: true
family: inet
method: static
address: 192.168.192.1
netmask: 32
- device: eno3
headline: eno3 - LAN
auto: true
family: inet
method: static
address: 192.168.193.254
netmask: 24
- device: eno4
headline: eno4 - OLD LAN
auto: true
family: inet
method: static
address: 192.168.178.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if SSH service is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if OpenVPN service is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_vpn.sh
- name: "Check if nameservice (bind) is running?"
minute: '*/10'
hour: '*'
job: /root/bin/monitoring/check_dns.sh
- name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
minute: '0-59/2'
hour: '*'
job: /root/bin/monitoring/check_forwarding.sh
- name: "Copy gateway configuration"
minute: '09'
hour: '3'
job: /root/bin/manage-gw-config/copy_gateway-config.sh FHXB
#cron_user_special_time_entries: []
cron_user_special_time_entries:
- name: "Check if Postfix Service is running at boot time"
special_time: reboot
job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
insertafter: PATH
- name: "Restart Systemd's resolved at boottime."
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
apt_install_bind9_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- none
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

132
host_vars/lists.mx.warenform.de.yml Normal file
View File

@ -0,0 +1,132 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_compiler_pkgs: true
apt_install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: id-rsa-opendkim
priv_key_src: lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim
priv_key_dest: /root/.ssh/id_rsa-opendkim
pub_key_src: lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim.pub
pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
copy_plain_files:
- name: monitoring_check_webservice_load.conf
src_path: lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
- name: postfix_create_opendkim_key.conf
src_path: lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
- name: postfix_whitelist_mb_sigs.conf
src_path: lists.mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
- name: install_sympa.conf
src_path: lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
dest_path: /usr/local/src/sympa/conf/install_sympa.conf
copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---
hostname: lists.mx.warenform.de
ipv4_address: 83.223.86.78
ipv6_address: 2a01:30:0:13:223:35ff:fef5:84b6
admin_email: argus@oopen.de
is_relay_host: false
is_sympa_list_server: true
# install_amavis.conf
#
mp_receipt_number: 106015125438
si_authorisation_signature: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b
template_files_mailsystem_script:
- name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
- name: mailsystem_install_amavis.conf
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf

24
host_vars/mail.cadus.org.yml
View File

@ -112,7 +112,23 @@ copy_plain_files:
dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
copy_plain_files_postfwd_host_specific: [] copy_plain_files_postfwd_host_specific:
- name: postfwd.wl-hosts
src_path: mail.cadus/etc/postfix/postfwd.wl-hosts
dest_path: /etc/postfix/postfwd.wl-hosts
- name: postfwd.wl-nets
src_path: mail.cadus/etc/postfix/postfwd.wl-nets
dest_path: /etc/postfix/postfwd.wl-nets
- name: postfwd.wl-sender
src_path: mail.cadus/etc/postfix/postfwd.wl-sender
dest_path: /etc/postfix/postfwd.wl-sender
- name: postfwd.wl-user
src_path: mail.cadus/etc/postfix/postfwd.wl-user
dest_path: /etc/postfix/postfwd.wl-user
# Postfix Firewall postfwd # Postfix Firewall postfwd
# #
@ -147,7 +163,7 @@ db_in_use: !!str "true"
postfix_db_type: MySQL postfix_db_type: MySQL
postfix_db_name: postfix postfix_db_name: postfix
postfix_db_user: postfix postfix_db_user: postfix
postfix_db_host: "127.0.0.1" #postfix_db_host:
postfix_db_pass: T3CJnFMJNX9wmhNs postfix_db_pass: T3CJnFMJNX9wmhNs
# install_amavis.conf # install_amavis.conf
@ -196,9 +212,11 @@ autoreply_hostname: autoreply.cadus.org
roundcube_db_type: mysql roundcube_db_type: mysql
roundcube_db_name: roundcubemail roundcube_db_name: roundcubemail
roundcube_db_user: roundcube roundcube_db_user: roundcube
roundcube_db_host: localhost #roundcube_db_host:
roundcube_db_pass: 'j3vqsK7Ldm7MxNjH' roundcube_db_pass: 'j3vqsK7Ldm7MxNjH'
roundcube_acl_plugin: false
roundcube_product_name: O.OPEN - Webmailer roundcube_product_name: O.OPEN - Webmailer
roundcube_support_url: https://www.cadus.org roundcube_support_url: https://www.cadus.org
roundcube_skin_logo: "images/cadu_logo_webmail.png" roundcube_skin_logo: "images/cadu_logo_webmail.png"

4
host_vars/mail.faire-mobilitaet.de.yml
View File

@ -195,8 +195,10 @@ roundcube_db_user: roundcube
#roundcube_db_host: #roundcube_db_host:
roundcube_db_pass: 'gqnzTrfsjnRv4PWW' roundcube_db_pass: 'gqnzTrfsjnRv4PWW'
#roundcube_acl_plugin: false
roundcube_product_name: O.OPEN - Webmailer roundcube_product_name: O.OPEN - Webmailer
roundcube_support_url: https://www.cadus.org roundcube_support_url: https://www.faire-mobilitaet.de/
roundcube_skin_logo: "images/oopen-logo.png" roundcube_skin_logo: "images/oopen-logo.png"

227
host_vars/mx.warenform.de.yml Normal file
View File

@ -0,0 +1,227 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_compiler_pkgs: true
apt_install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: id-rsa-opendkim
priv_key_src: mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim
priv_key_dest: /root/.ssh/id_rsa-opendkim
pub_key_src: mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim.pub
pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
copy_plain_files:
# /root/bin/monitoring
#
- name: monitoring_check_cert_for_dovecot.conf
src_path: mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf
src_path: mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
- name: postfix_postfix_add_mailboxes.conf
src_path: mx.warenform/root/bin/postfix/conf/postfix_add_mailboxes.conf
dest_path: /root/bin/postfix/conf/postfix_add_mailboxes.conf
- name: postfix_sent_userinfo_postfix.conf
src_path: mx.warenform/root/bin/postfix/conf/sent_userinfo_postfix.conf
dest_path: /root/bin/postfix/conf/sent_userinfo_postfix.conf
- name: postfix_whitelist_mb_sigs.conf
src_path: mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
copy_plain_files_postfwd_host_specific: []
# Postfix Firewall postfwd
#
#- name: postfwd.wl-user
# src_path: mx.warenform/etc/postfix/postfwd.wl-user
# dest_path: /etc/postfix/postfwd.wl-user
#copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---
hostname: mx.warenform.de
ipv4_address: 83.223.86.76
ipv6_address: 2a01:30:0:13:231:32ff:fe8b:7763
admin_email: admin@warenform.net
is_relay_host: !!str "false"
db_in_use: !!str "true"
# postfix_db_type
#
# possible values are 'PostgreSQL' and 'MySQL'
postfix_db_type: PostgreSQL
postfix_db_name: postfix
postfix_db_user: postfix
#postfix_db_host: /run/postgresql
postfix_db_pass: CbX8vg347Vvm
# install_amavis.conf
#
mp_receipt_number: 106015125438
si_authorisation_signature: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b
# install_postfixadmin.conf
#
website_name_postfixadmin: adm.warenform.de
email_welcome_message: "\n
Hallo,\n
Ihre neue E-Mail Adresse ist eingerichtet.\n
Das WARENFORM-Team\n
--\n
WARENFORM | Phone: +49 30 / 61 65 17 52 -0\n
Dresdner Str. 11 | Fax: +49 30 / 61 65 17 52 -66\n
D-10999 Berlin | http://www.warenform.net\n
"
# install_update_dovecot.conf
#
dovecot_from_address: "warenform gbr <hilfe@kunden.warenform.net>"
dovecot_reply_to: "hilfe@kunden.warenform.net"
webmailer_address: "https://webmail.warenform.de"
salutation: "Das WARENFORM-Team\n
WARENFORM | Phone: +49 30 / 61 65 17 52 -0\n
Dresdner Str. 11 | Fax: +49 30 / 61 65 17 52 -66\n
D-10999 Berlin | http://www.warenform.net\n"
# install_upgrade_roundcube-webmail.conf
#
# Webmailer
webmail_site_name: webmail.warenform.de
autoreply_hostname: autoreply.warenform.de
# possible values: 'pgsql' or 'mysql'
roundcube_db_type: pgsql
roundcube_db_name: roundcubemail
roundcube_db_user: roundcube
#roundcube_db_host: localhost
roundcube_db_pass: 'Hoo5heis'
#roundcube_acl_plugin: false
roundcube_product_name: O.OPEN - Webmailer
roundcube_support_url: https://www.warenform.net
roundcube_skin_logo: "images/wf-webmail-logo.png"
template_files_mailsystem_script:
- name: mailsystem_install_amavis.conf
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
- name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
- name: mailsystem_install_postfixadmin.conf
src_path: usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfixadmin.conf
- name: mailsystem_install_update_dovecot.conf
src_path: usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_update_dovecot.conf
- name: mailsystem_install_upgrade_roundcube-webmail.conf
src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf
- name: mailsystem_install_upgrade_roundcube-webmail2.conf
src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf

264
host_vars/o25.oopen.de.yml
View File

@ -17,26 +17,65 @@ network_interface_required_packages:
- bridge-utils - bridge-utils
- ifmetric - ifmetric
- ifupdown - ifupdown
- ifenslave
- resolvconf - resolvconf
network_interfaces: network_interfaces:
- device: br0 # Many device configurations are possible (as many as needed)
#
- device: enp41s0
# use only once per device (for the first device entry) # use only once per device (for the first device entry)
headline: br0 - bridge over device enp8s0 headline: enp41s0 - primary device
# auto & allow are only used for the first device entry # auto & allow are only used for the first entry of that devicei-name)
#
allow: [] # array of allow-[stanzas] eg. allow-hotplug allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true auto: true
family: inet family: inet
# The statisc Mode
# Options
# address <dotted quad address[/netmask]>
# gateway <dotted quad address>
# pointopoint <Address of other end point (dotted quad). Note the spelling of "point-to">
# hwaddress <mac-address>
# mtu <size>
# scope <Address validity scope. Possible values: global, link, host>
#
# The manual Method
# Options
# hwaddress <mac-address>
# mtu <size>
#
# The dhcp Method
# Options
# hwaddress <mac-address>
# hostname <Hostname to be requested (pump, dhcpcd, udhcpc)>
# metric <metric>
# leasehours <Preferred lease time in hours (pump)>
# leasetime <Preferred lease time in seconds (dhcpcd)>
# vendor <Vendor class identifier (dhcpcd)>
# client <Client identifier (dhcpcd), or "no" (dhclient)>
#
# The bootp Method
# Options
# bootfile: <file: Tell the server to use 'file' as the bootfile.>
# server: <address: Use the IP address 'address' to communicate with the server.>
# hwaddr <mac-address: Use addr as the hardware address instead of whatever it really is.>
#
method: static method: static
hwaddress: 00:d8:61:0e:b9:1c
hwaddress:
description: description:
address: 144.76.24.11 address: 65.109.28.179
netmask: 27 # dotted quad or number of bits
gateway: 144.76.24.1 #
# the entry will be: address/netmask
netmask: 26
gateway: 65.109.28.129
metric: metric:
pointopoint: pointopoint:
mtu: mtu:
@ -64,8 +103,8 @@ network_interfaces:
# search: warenform.de # search: warenform.de
# #
nameservers: nameservers:
- 195.201.179.131 - 185.12.64.1
- 95.217.204.204 - 2a01:4ff:ff00::add:2
search: search:
# optional additional subnets/ips subnets: [] # optional additional subnets/ips subnets: []
@ -80,19 +119,14 @@ network_interfaces:
# fd: # fd:
# maxwait: # maxwait:
# waitport: # waitport:
bridge: bridge: {}
ports: enp8s0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# optional bonding parameters bond: {} # optional bonding parameters bond: {}
# bond: # bond:
# master # master
# primary # primary
# slave # slave
# method: # mode:
# miimon: # miimon:
# lacp-rate: # lacp-rate:
# ad-select-rate: # ad-select-rate:
@ -105,6 +139,91 @@ network_interfaces:
# raw-device: 'eth0' # raw-device: 'eth0'
vlan: {} vlan: {}
# inline hook scripts
#
# example:
#
# up:
# - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0"
#
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 65.109.28.128 netmask 255.255.255.192 gw 65.109.28.129 dev enp41s0"
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: enp41s0
# use only once per device (for the first device entry)
headline:
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto:
family: inet6
method: static
address: 2a01:4f9:5a:1a07::2
netmask: 64
gateway: fe80::1
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# mode:
# miimon:
# master:
# slaves:
# lacp-rate:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts # inline hook scripts
pre-up: []# pre-up script lines pre-up: []# pre-up script lines
up: [] # up script lines up: [] # up script lines
@ -113,11 +232,112 @@ network_interfaces:
down: [] # down script lines down: [] # down script lines
post-down: [] # post-down script lines post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
- device: br0 # ---
family: inet6 # vars used by roles/ansible_user
method: static # ---
address: 2a01:4f8:191:b::2
netmask: 64
gateway: fe80::1 # ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
#apt_manage_sources_list: false
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $y$j9T$myZ6f5/klmH0HDN2mb9tv/$s/bBrr6PEXdEgtn9CZYzBNZsA4.r6gWYYeZ4LAYotp9

123
host_vars/o25.oopen.de.yml.BAK Normal file
View File

@ -0,0 +1,123 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- resolvconf
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp8s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
hwaddress: 00:d8:61:0e:b9:1c
description:
address: 144.76.24.11
netmask: 27
gateway: 144.76.24.1
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 195.201.179.131
- 95.217.204.204
search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge:
ports: enp8s0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# method:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: [] # pre-up script lines
up: [] # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: br0
family: inet6
method: static
address: 2a01:4f8:191:b::2
netmask: 64
gateway: fe80::1

76
host_vars/oolm-shop-dev.oopen.de.yml
View File

@ -19,7 +19,7 @@
# vars used by roles/common/tasks/sshd.yml # vars used by roles/common/tasks/sshd.yml
# --- # ---
sshd_password_authentication: !!str "yes" #sshd_password_authentication: !!str "yes"
# --- # ---
@ -31,6 +31,80 @@ sshd_password_authentication: !!str "yes"
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: ilker
password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
- name: ilker-sudo
password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
- name: shop
password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7Vfsl2u55IYnkPMxRI+CK+33wUKR+XR6B160J6xOGe6LnHTsqgAGrjR5nhy7ieQZo4tGFORkikRrwz+H9mQulCsvtCrhh+Gjdkut4SzQbZsE0yLaNKflT3etR6dwKnX5HrqTtkZZ6D/Bi6392xrEy94590nNWZm5M6Vi0DIztt2jqUEiHrcJomPu1RDhl0OLxG/+/gyo9Td3p8olcW6Xk4q8w4GVHZ3sTB+jsMHEMbG6KqkA+eR/agNlxqngPO0Pz3yd5ciOmF+E6Yf47WwlHctBs6Zs/8s1jFFjLqe9k0F6rzY2S7hLaoREXgf+SNRcaN4Y97yRPzeMspvJebwx shop@oolm-shop.oopen.de'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAybUzbWpMfAKzlapkec/IdznX8WGLES2AAsb94W5iO1VvFQfUseML5J91UB+LMl18jFFolk6tPqHL/F18sfFQ6dKtTh+JL87Bve8MrP/VWli+jdlSvX7k84eHxPYLpJQIfab/Th1DSXbF7E9xT9Z0iGxylaRja3FNYNT2Q0+clwUMcYX1mm47xVsM4JGsTDTTNV1CgxLphlajFbLgRlicCam6Vxr68k1sLRsu+iuie1AmUaR3Zvm9VH7/nbSpSxe0NN2FtMfxBTk54/rpr3MLhxgJDGjHILfOaGCL+vR3pK4isAvlnShpPphP6f9F/LFjitLAQ9Onpe/+MRxhCjvAi/uihM8xOmON1FRF1WW1NlPz2avod9BFHc7onct/+LalqiTtRkIiGAzLvar279J82abpsVjdYIHmcjz/z4RReEKLjvKCAy4Sdl8Msz60G0f7tXYowYQVpdYp68Cvc4x4d2LElKP0uAHe5wzfUL1haBbjiar8yECgvna20dof9rgzPRHffv9CeTxHxiBLAidb9jZer80StSKhCTbPBqyaTjzWLqegXY9UH92z82yVaW4jVu/43/OUlywd1AjLTcQKE+oI+3515bzXkGGNIDOdJ9AxLSNMpbHAAQ+E8UxplSiLSNYpxWpbnhlnKF+NpMoA+IUVQXJNa8Y291cwx/bNJTk= thomashauck@Thomas-Haucks-iMac-3.locali'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzEcbz4Jne4lZup1qB8nk8SnUv8xWvpgE6tYiLqsyve7+BGCtA01tM3CWcafRwffw3I/Tmw1PG2T+gEGKSIscKoBGNbpFeA3dSnG/d811VWPyN4j6DcKHDW5njdt+XdUkPTA2Xm2mcNayBovMP5ld2VgEqsYPFpNkcIx4Qsh4URRoVwM0a1CGW5eBWa5gwYypfiK9m/DyiA6gX0fCJKS64GKUilYyrwSSatlt8tkOw3Kb8A39AViYL243zFzrPSNvBRnkp81pOt3khNxB3V07CGUERPTvh4B/mKb3g5yBynLjzvbJkGboR+zzTYGiWPNlwgNOhzIP3h/YnMb3JKJzx shop@oolm-shop'
- name: sven
password: $6$tUJZYAXg$DnHWYkGxXlkFTcyWKO3BvP34OekepDb8x19op8C/AzXxTtXrkE2CCeXhtkVu.89dWybdJPI23TVNpsd3dIyPA1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcm/+4FQ8yFKM05jut+Tsrd6ZHVvUpbKO1ezbpRagvh8s7LTclxRwBEktQD/lJgC7X2H1d4QF71MRcEjfmmH51r1MI5s+mV2KbowUh39io0e0qQrPKlX23872miyjIBMtESHTzWGWJo4VnOBWOoWzUu+sVpDPZ1bVw9EN3Iboq3q7i4pZLj85ASb8pZBJvCWqtOgDZ5qnbvmpPeewgfAOmSvQh1qdDW63pcbupwY/peneUUOCkIE91oCCW5ZKH4El+OGXDm4jKY5Z6Dh9nVcHsJ3Burp/2rPJr27TyhqeezewbyO5Y/XTm1/nx3iNnIudy7fF/N/DlHvb3RJLI+P/3 sven@oolm-shop-dev'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- ilker
- ilker-sudo
# --- # ---
# vars used by roles/common/tasks/users-systemfiles.yml # vars used by roles/common/tasks/users-systemfiles.yml

68
host_vars/oolm-shop.oopen.de.yml
View File

@ -19,7 +19,7 @@
# vars used by roles/common/tasks/sshd.yml # vars used by roles/common/tasks/sshd.yml
# --- # ---
sshd_password_authentication: !!str "yes" #sshd_password_authentication: !!str "yes"
# --- # ---
@ -31,6 +31,72 @@ sshd_password_authentication: !!str "yes"
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: ilker
password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
- name: ilker-sudo
password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
- name: shop
password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7Vfsl2u55IYnkPMxRI+CK+33wUKR+XR6B160J6xOGe6LnHTsqgAGrjR5nhy7ieQZo4tGFORkikRrwz+H9mQulCsvtCrhh+Gjdkut4SzQbZsE0yLaNKflT3etR6dwKnX5HrqTtkZZ6D/Bi6392xrEy94590nNWZm5M6Vi0DIztt2jqUEiHrcJomPu1RDhl0OLxG/+/gyo9Td3p8olcW6Xk4q8w4GVHZ3sTB+jsMHEMbG6KqkA+eR/agNlxqngPO0Pz3yd5ciOmF+E6Yf47WwlHctBs6Zs/8s1jFFjLqe9k0F6rzY2S7hLaoREXgf+SNRcaN4Y97yRPzeMspvJebwx shop@oolm-shop.oopen.de'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAybUzbWpMfAKzlapkec/IdznX8WGLES2AAsb94W5iO1VvFQfUseML5J91UB+LMl18jFFolk6tPqHL/F18sfFQ6dKtTh+JL87Bve8MrP/VWli+jdlSvX7k84eHxPYLpJQIfab/Th1DSXbF7E9xT9Z0iGxylaRja3FNYNT2Q0+clwUMcYX1mm47xVsM4JGsTDTTNV1CgxLphlajFbLgRlicCam6Vxr68k1sLRsu+iuie1AmUaR3Zvm9VH7/nbSpSxe0NN2FtMfxBTk54/rpr3MLhxgJDGjHILfOaGCL+vR3pK4isAvlnShpPphP6f9F/LFjitLAQ9Onpe/+MRxhCjvAi/uihM8xOmON1FRF1WW1NlPz2avod9BFHc7onct/+LalqiTtRkIiGAzLvar279J82abpsVjdYIHmcjz/z4RReEKLjvKCAy4Sdl8Msz60G0f7tXYowYQVpdYp68Cvc4x4d2LElKP0uAHe5wzfUL1haBbjiar8yECgvna20dof9rgzPRHffv9CeTxHxiBLAidb9jZer80StSKhCTbPBqyaTjzWLqegXY9UH92z82yVaW4jVu/43/OUlywd1AjLTcQKE+oI+3515bzXkGGNIDOdJ9AxLSNMpbHAAQ+E8UxplSiLSNYpxWpbnhlnKF+NpMoA+IUVQXJNa8Y291cwx/bNJTk= thomashauck@Thomas-Haucks-iMac-3.locali'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzEcbz4Jne4lZup1qB8nk8SnUv8xWvpgE6tYiLqsyve7+BGCtA01tM3CWcafRwffw3I/Tmw1PG2T+gEGKSIscKoBGNbpFeA3dSnG/d811VWPyN4j6DcKHDW5njdt+XdUkPTA2Xm2mcNayBovMP5ld2VgEqsYPFpNkcIx4Qsh4URRoVwM0a1CGW5eBWa5gwYypfiK9m/DyiA6gX0fCJKS64GKUilYyrwSSatlt8tkOw3Kb8A39AViYL243zFzrPSNvBRnkp81pOt3khNxB3V07CGUERPTvh4B/mKb3g5yBynLjzvbJkGboR+zzTYGiWPNlwgNOhzIP3h/YnMb3JKJzx shop@oolm-shop'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- ilker
- ilker-sudo
# --- # ---
# vars used by roles/common/tasks/users-systemfiles.yml # vars used by roles/common/tasks/users-systemfiles.yml

43
hosts
View File

@ -27,8 +27,9 @@ devel-root.wf.netz
gw-123.oopen.de gw-123.oopen.de
gw-ah.oopen.de gw-ah.oopen.de
gw-ak.oopen.de gw-ak.oopen.de
gw-ebs.oopen.de
gw-akb.akb.netz gw-akb.akb.netz
gw-ebs.oopen.de
gw-fhxb.oopen.de
gw-ckubu.local.netz gw-ckubu.local.netz
gw-b3.oopen.de gw-b3.oopen.de
gw-blkr.oopen.de gw-blkr.oopen.de
@ -43,12 +44,14 @@ gw-kb.oopen.de
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz file-km.anw-km.netz
file-blkr.blkr.netz file-blkr.blkr.netz
zapata.opp.netz zapata.opp.netz
gw-replacement.local.netz gw-replacement.local.netz
gw-replacement2.local.netz gw-replacement2.local.netz
gw-replacement3.local.netz
k1371.dyndns.org k1371.dyndns.org
@ -149,6 +152,9 @@ o24.oopen.de
cl-irights.oopen.de cl-irights.oopen.de
mm-irights.oopen.de mm-irights.oopen.de
# IL - PAD
o25.oopen.de
# - o27.oopen.de # - o27.oopen.de
o27.oopen.de o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
@ -202,6 +208,7 @@ lxc-host-kb.anw-kb.netz
[initial_setup] [initial_setup]
gw-123.oopen.de gw-123.oopen.de
gw-fhxb.oopen.de
gw-ah.oopen.de gw-ah.oopen.de
gw-ak.oopen.de gw-ak.oopen.de
gw-ebs.oopen.de gw-ebs.oopen.de
@ -221,6 +228,7 @@ gw-kb.oopen.de
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz file-km.anw-km.netz
file-blkr.blkr.netz file-blkr.blkr.netz
zapata.opp.netz zapata.opp.netz
@ -229,6 +237,7 @@ gw-ckubu.local.netz
gw-replacement.local.netz gw-replacement.local.netz
gw-replacement2.local.netz gw-replacement2.local.netz
gw-replacement3.local.netz
k1371.dyndns.org k1371.dyndns.org
@ -346,6 +355,9 @@ o24.oopen.de
cl-irights.oopen.de cl-irights.oopen.de
mm-irights.oopen.de mm-irights.oopen.de
# IL - PAD
o25.oopen.de
# - o27.oopen.de # - o27.oopen.de
o27.oopen.de o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
@ -415,6 +427,9 @@ gw-ak.oopen.de
gw-ah.oopen.de gw-ah.oopen.de
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
# - FHXB Museum Friedrichshain Kreuzberg
file-fhxb.fhxb.netz
# - Kanzlei Berenice # - Kanzlei Berenice
file-km.anw-km.netz file-km.anw-km.netz
@ -446,7 +461,6 @@ anita.wf.netz
devel-cloud.wf.netz devel-cloud.wf.netz
devel-db.wf.netz devel-db.wf.netz
devel-git.wf.netz devel-git.wf.netz
devel-php.wf.netz
devel-repos.wf.netz devel-repos.wf.netz
devel-php.wf.netz devel-php.wf.netz
devel-todo.wf.netz devel-todo.wf.netz
@ -674,6 +688,8 @@ cl-test.oopen.de
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-fhxb.fhxb.netz
[ftp_server] [ftp_server]
@ -1091,18 +1107,27 @@ o17.oopen.de
# --- # ---
# Warenform # Warenform
# --- # ---
anita.wf.netz #anita.wf.netz
# --- # ---
# Büro Netzwerke # Büro Netzwerke
# --- # ---
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz file-km.anw-km.netz
file-blkr.blkr.netz file-blkr.blkr.netz
zapata.opp.netz zapata.opp.netz
[nfs_server]
file-fhxb.fhxb.netz
[nfs_client]
[mumble_server] [mumble_server]
#test.mx.oopen.de #test.mx.oopen.de
@ -1303,6 +1328,7 @@ cl-test.oopen.de
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz file-km.anw-km.netz
file-blkr.blkr.netz file-blkr.blkr.netz
zapata.opp.netz zapata.opp.netz
@ -1434,6 +1460,9 @@ o24.oopen.de
cl-irights.oopen.de cl-irights.oopen.de
mm-irights.oopen.de mm-irights.oopen.de
# IL - PAD
o25.oopen.de
# - o27.oopen.de # - o27.oopen.de
o27.oopen.de o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
@ -1502,14 +1531,16 @@ bbb.b3-bornim.netz
[gateway_server_ro] [gateway_server_ro]
gw-123.oopen.de
gw-blkr.oopen.de gw-blkr.oopen.de
gw-flr.oopen.de
gw-replacement2.local.netz gw-replacement2.local.netz
gw-replacement3.local.netz
[gateway_server_rw] [gateway_server_rw]
gw-fhxb.oopen.de
gw-123.oopen.de
gw-ah.oopen.de gw-ah.oopen.de
gw-ak.oopen.de gw-ak.oopen.de
gw-b3.oopen.de gw-b3.oopen.de
@ -1518,6 +1549,7 @@ gw-ebs.oopen.de
gw-ak.oopen.de gw-ak.oopen.de
gw-akb.oopen.de gw-akb.oopen.de
gw-ckubu.local.netz gw-ckubu.local.netz
gw-flr.oopen.de
gw-replacement.local.netz gw-replacement.local.netz
gw-irights.irights.netz gw-irights.irights.netz
gw-km.oopen.de gw-km.oopen.de
@ -1545,6 +1577,7 @@ gateway_server_rw
[warenform_server] [warenform_server]
# server16 # server16

51
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAt9Qh2dKZHZnFFaOuC3lHzf0G2Msxl4obACGEpo0a7MYcMId9
AnrvFTbpAyla0H7u4TubESGvFY//A69RZy2c5yL2u3UapwielhxbEyxaA7gVOd6s
XoBPnxA36GBFSaUQ+hM0gMv1yUFH5DWCDxTN39ooJk8dhoxrZIPoyhg7v1BxKGtO
0aKijOHh70SPW4zogGK+Y/OxpMs39OQup05Nw/Al1/+jCBtrQtL8imjYHBYD+Fcj
IdRW/J1a+YB4g0mryu9WPvTd8hkcvEAUv2vwK7A90d1R/7Y9UXmgAYl3HCfkq3c0
/PcBN7VfKmQyspmxJuphc/M9KRV8YrBtxdfZlOL62mbyuHX+RP0p2Oqh6Va4AzVy
FKV8dFA0diFbL7xbMRcz34QwitdHt2JNf3LUZGWWmOcfuJeFom4x9gScaWAMa4ho
z9cVonC1MsG2tT6SRunU0Eotn7sCgcV8PmP1xkQPtslxmHuvO1geaZIfMuVlVUGW
wnk4sSFZXsB4qzDqgncPrxU+0vhzmXVwOFCDPJxwM7n8UFbLMWxmQ96/Nd2HEm1c
pqF87Xu7hkEtuKH7trtYdRS75zw4wqyjXZK+gK4Vb2w3Id8j7czxtHWF+Yf38ko1
WTzgD8cGlQ5Fsl0nJHhp2MTyIWOR+Mgl9by0e12oiHzO8yzWApDoxt3xH+0CAwEA
AQKCAgAPBrMBqBpF9iTLAQcf/vjkmJMvs2RJW8ubNiIurwgNZKA3Q0vvoPbcCBIB
5SZ8NnP2SzYAr30tSQjyVylTQsI5jn0Wk5rrHmRAJu824QA2n5x0j4QNcXWQrfWz
8/KV830ww9Md2A4uNjzXJZyM+QlfC+kOQJdMQTwiCjpEErkHiV7GjAb0UdPxqiEa
usLxG9KBdBDWALx7mPTo+qHpoRfwNTgSsN21svAQlUh5U9qeaRpH+W9wu3ekzIP8
MwkmyiXVv7yQBtoBiRX1OVO41eza1VwoRGwId/AJMeTnW0I2NfiWH3dgWhxqXlP6
FhiiyrdVVAFFRhOwwQXa10sRyfQJ+Q/Fb7/HeU3ANJzBa84R77Kk5C6Hut/Dwjd7
lw7uLB1eRYpEFcr7JJysjFXEmVwhYBYf5KBAVFKD1HFwV5uDUtwG70lp3ls+coJC
cPncaE4gOk7Yl2jOHqckeEThZ0LKP13I2wa4Mn2NNZUu4d0Q6n2BBHwZAmd4QHzP
97St7QZh2c7SvGZzdyGJYiOL6d+Ta7/LU6Dh0I0UbGhsNC9CBA3fqhImvU+tqK0f
I0umo3PRrcrkQ2NSISiy/888bgo380ku12rOTaICxX+sD6O2sm1VaeeHr/nJ5pbK
rVizaSwTRWS13CX2gmXz2YzxcAi1M069fAb9MAU9833UgOW0gQKCAQEA3CYTKdzT
txZYtVNCHObDZo11D6LrdYeSslVmjagfSm4GGl9xDFVgVmW+CudA8ey4zzwLqySW
6Q2sRBqknJr/D8DTon0WezKocIUXUwy9zEQmDhq54ylkeZVno2GXMv/m6Qz59gE8
Xb0HvXvKt6dOaDp+d8IOSoYahRk3o0jHoRH9Ca/9XEqGgCZcJI94csn+KsjfXymT
UYWdzei6vey6WgWrN1JdAnvXxI98SZukmQM+LiPkBkMxJ4kzOm9kMcqaVjNQJIIy
6Ukx56MNcuZ2ijG4TAvfaZBG8Wm/arn/1Wl5Uo4es70z//s6mQcthDOMOf5eIS2w
s2EtNYAdDE/94QKCAQEA1cPipN7hA6l80mCZW36QwVqmSfbst10sEjkyuRex0p+W
8eiRcjbHUKxlY7aspgyTQL3bI/wKqwkJ2uTEw5824EN6r0hUZN2JwjiRaNHBcC1S
AujUNDLxWoCX/Kte4Z+LDNP9ijNGsqyWwfIqS98gAZFR5ANeeYK4oy1BOrBohab4
lku9nGp8FjFnAKU0BL4zJoVNBeTgaSdT/XPOM1eDt+LnbcUNSmZNFbUCD+efMEc4
Gq2cXnDNL+7fLgvSIbLD6XBhfEpU93bWfUBuv7sRuicl6RcY1uu482YzP7LY6PdT
0SGUp/A5f3mUlaKhLdcJbAS7yam1Nnwldl8nXu2rjQKCAQBEjNqUw31tWlj/BVDl
3PllWpDj8JAvBaspOqx3Wa18qKvf1G5IL+GSpZW6oW24p0SYyxK7FOak5SwJ/N3b
IexgRGPiCd9RN2H5v4eWxbXoACR1ad8OHBp8PYiK+F1zdPm7Ad5nutTIP49EcmKa
M0+X5vbwZY27qOxjG4oWnxgCUK6hMJrM/SvKhadVfxM7cyhgvDHJ2RFVZizQLDLR
5v/T/kXlMRFjL5rtStyhswRa3QakqWpchNmufOtlu7/QPU03oDzJUX125OLURRJv
/9FTkM3ZaC0GGvXsQEhpfEdsda5ghX6L61Ng1yLU+cYzjzWP7WP0It0Nzimcqirh
ZZshAoIBAA/pKp9272ykWuQVyJRk0UVzB9mNhYUIbFVW6I2aU+QHeOa8lsbXiPJa
QpmvaR5a5UL2Xq9I/UpJu/ANAxBEc4Mxwpn1WkK/spdAOqKAqlM9LFOHHPRdrlU8
KRPndYJ5q5Hi3YZB1stJyVbaPYe0Ld+v/1ZnYcrNjgynO6mwo7b+/JXDQXO5AU9t
kescYMjRl2EQnvEHXiS1hqzgx8JOi0FOpEcpWZnmD2rENEkWxmSDiIuDzJXC86LT
tszomFVlxutDMB5eMgDRWZmtCBFBTUp7y3iT/YdRuEx1mO7u0vJUJmr0guoVGVKB
rCuPFUwiK1Nc7tVNym0pxGgRIQ8RxakCggEBAJa+qKh7dyN+w6Txke8sGB+tyATX
JQgrfE9UEgrAL0e/0XS6UCD0AGH7rlmxEJH6OXJm3Lq/C2pe7+UMZXKPyfHG192v
BBA690lkxsqGVynq66ORidxK5xyX5k/YCWCoQT6BlvdX9UiSX45Pr4zgpGkWUBZ8
Ak+8E+AQ8KawwzAOHAlCwOlwXoRejpvzX15+WNlJIHzWN3LUzU7WfLUpSRrhPEfL
YvOD4OHRyAjCPkJA2FjKDvO4ohAiTfIHWV4BdWD4MieOQda+0Yf8o3nikAVbuf3D
zfOeHc3UbA6EKbsDV2jxjdgytycsJWUXjqgLVkInt4AYyoqh41QUdm9sBUM=
-----END RSA PRIVATE KEY-----

1
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC31CHZ0pkdmcUVo64LeUfN/QbYyzGXihsAIYSmjRrsxhwwh30Ceu8VNukDKVrQfu7hO5sRIa8Vj/8Dr1FnLZznIva7dRqnCJ6WHFsTLFoDuBU53qxegE+fEDfoYEVJpRD6EzSAy/XJQUfkNYIPFM3f2igmTx2GjGtkg+jKGDu/UHEoa07RoqKM4eHvRI9bjOiAYr5j87Gkyzf05C6nTk3D8CXX/6MIG2tC0vyKaNgcFgP4VyMh1Fb8nVr5gHiDSavK71Y+9N3yGRy8QBS/a/ArsD3R3VH/tj1ReaABiXccJ+SrdzT89wE3tV8qZDKymbEm6mFz8z0pFXxisG3F19mU4vraZvK4df5E/SnY6qHpVrgDNXIUpXx0UDR2IVsvvFsxFzPfhDCK10e3Yk1/ctRkZZaY5x+4l4WibjH2BJxpYAxriGjP1xWicLUywba1PpJG6dTQSi2fuwKBxXw+Y/XGRA+2yXGYe687WB5pkh8y5WVVQZbCeTixIVlewHirMOqCdw+vFT7S+HOZdXA4UIM8nHAzufxQVssxbGZD3r813YcSbVymoXzte7uGQS24ofu2u1h1FLvnPDjCrKNdkr6ArhVvbDch3yPtzPG0dYX5h/fySjVZPOAPxwaVDkWyXSckeGnYxPIhY5H4yCX1vLR7XaiIfM7zLNYCkOjG3fEf7Q== root@d.mx-dehydrated

51
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAs+Uv/Jbak2qHe4WSblP3AvgDjvjqILHQb+G7O3UV0ePRuApk
5Ju2JHsUQV3lvK1QpR+AGsqqiSofUGw03FISzQKH3tH4UsYYKa7SxFS7v4pZyeDD
q8Ye9M1IF8bvOnyQORNzgFUjN7w30+RGOFuQNTCbdcuLa/UVmS6buvDvQiT1OH1n
CNOoeckpnUlVXB4QQDT4xw0iYjln8NX2dDtabRBX+KP9CL86tbu2I6/At0R+cTh9
gSM25w0XEeM8uTljXP4Bq9P/wrjkG2fxoawLVm/7NIn42WMRy2NaosunOFAxj9me
iYoqN+7xQrHpSLyr4XP53alIKOBD+N92LSQ8MvgeaY+ci/u7A+P5b6iz6E1+l2Ds
EIpbjw6GRjLWtYJU75DX2cJwjuBzLGHtY88uK/A7IxWnULblB4UNntsjL+FSf/oA
ecu7+/DbjAlSfrXbQMgbwsY7cHmt8tSifz8FQcgJb9bkc7CNxL48MXcxqqN5pRFg
bq8LZq9K1lfWZzA8G6lC+Jb1xP6ndd/MkzuW5ucDYAM7FI+/7i9WNy/Uc/jp0Zvp
YXSNfYbjTItmL/bkHJtpDRW2ZTVbutsjkSZeody5Kp+s28aTWdnbmWVAn0cP2z9V
mMh8nsUXg0/+V/6WldwhNv48l22joTdmrIEEtYOL3mUD5N6A/fy52TkhEAcCAwEA
AQKCAgBb4D5805K4XVzqchKSNGHga0ht+aShpA7fRTs5p5fIRYEzbGOQ+hGxWgbD
R7Bwh1e7rXXguQcV3KR3j3wD1gryF0vLOhOIOtHWYAoW6Wul7IPk/d0RWrMutbUP
J7PAfCOwcsW3kkPVUFR27IwMdn8VG0kahSUkstwgCtTQSgL4FiYDftBjiq3t3RZa
1Tw6OsRz9lnkV0nrPoReVPh07mdFcmZrf11Y3UmfzUm9uiJDt0CYlJBMpu6AXIge
w56cvrmHoda6qiBik8k0UgbvWg3ETJbQg3LLm7RX2ttMb5Rsx1A4tp0og58CSA+B
z5lkY6+pCnFfivhmn/s3HPGfJnVzepNRuRAbK1os3G044EJ1RA00SLm/LPLMwG+z
FNnX8ylkOOKppYqQeFxZ2CR8NmJH97mmW6FDV5P7WUlsvWI2A3dIe3yFX7WW2Xid
oMrW/Q4HEvFT+oeBEPEUiRLyQrtNa3/VHyiDqF+v45Sm5S7VHddQOhyf8L75G0ol
dVwqjfZJcK7NsonFgSklt9v7enXapI5i0ASsQE3ElWMvGv7uln2CXiKe1RPioKO7
lMbDRF7RnG3AQSRnbShIRDagP0V21CXVZ2JYzNJ6rmFnEqOoLgUdUhkRbgCb+4hJ
LfX9cX9R4lj84y7HcJOPJOUgDAcjGZlIeNixX888rqPftdrA+QKCAQEA6awS4Ghh
qXzorBfdqxfrZ2A2iUMUTuaUUC0XYkI35dSZXr8QKmRjWqT+jUydBqtbLlXCG3XX
G1+Z5MEzfVACQ4BoPP0EBIMgMIidABVc8C2RR1VMce2ng19GmW47/sW1ObC/ghVb
Bxmoj4/t5W30kxjXdb5JXal68j+dFl7uUyKjgtvQWjrcuOaKCT6PoXXxG6NOpPoi
tOyGM90qGKqWIElHPpprSWvZOAwGD/Z7jnYl4ODKDQvmk4Yt58pdCSr1sZrevna+
rIgIEhiQF+ffTyK7XgXAuGQPhYrMviAo3376oAB6HcyYr/CPwQ3bu6p09B0eE3FI
mhvk7kBhnBN2NQKCAQEAxRWpF9XZ2UuuPTYg+Vqwes7PLc/Dc+j6QohM/7PV29Hl
fJAJli4BqdqNdmmRSo+SAIwNaJvPpU0RUL/Fxa7ePmWVyTKJgG+zban8uT+FGGNl
QpcwICkytpw3ZJf66i0lU7JM7Mkjvs4nIAmQMzl8noc6bxcU+mHqEa/XpI/4e+14
++Ixu+OWwZd5tVzon2s9oAv6dzrNDvcCqaEEmXBL3Ylh1pjYcvW2K6+hxQy3+JgD
0CysrqOfPZ6IRgs9Yn2zZDlWQ715T0hdf669253qdTZwieUs2kYVQUaxtBnUuJzq
UHlARm59wWa9PAiLvilgu0U4Rn0nqczvxXdUpaOEywKCAQB7KNSyLpH68Pj5a4LM
IMlULSPRaOeVRna5Y2rFwT0RB+LmSzHMBilPp1L7Snwg/cQLQewS6SM9LEBCj4oB
7F+lEFLggkLR1gLrUbXeS2Q2uu2teUnXank2BsuBJta8S5xfEcd+Wp8luOJc+HFc
0X1s4lT9nBOzKBbDA8BaACMA8mrYF99TD18ynV/3y1+MrEsuU/6peaU9UsTRJSqA
4bhKwBSq7FzLz+onXj77vuAUkDUat6AHDFS1QK2FU+WBZYEl4Qixvoh1CyWl1Ahu
cSoD3bx/q+yNwz9jFWsgcnbYhWa3WkkC18lKQjKigBlmaktGNuqZOMYZY8ZfxNMt
nhxZAoIBAQC4MVBBiIn7fbGwX6Bdq5Z4kEQs6pofAES0XbKo4CglM3wo+G0dQI4p
cqr3Wh6B8sBfZoU5mTVtpiNitnheEtp+sm5VBbhgowSsn0wkzerUKkD/BVHjHN3a
sRFMIIZOyjayjFc8jZeswfrrBEUSus1vU68XGBlxEIW0VgVSNYPkPsLtli8pDMFe
2PTUvapjI9UKeWdyezAepliEtIoZ5UviFn2sFFlmx6GkHpcwFHz0Bw65Rqd06FLx
QfLWk7ahEB3Ss4ud770qjdVkeanTUTlIpsJy/g73SLygrzNxwRqAF5cd8tRRfv5k
/GIrc0k3RnCzVTQNHPcuyOvmP2qLC9IVAoIBAQDoC9nZ2nioMfS4lsJ2IUMLyknz
Ji8ME5g4a64yDfaFjK9DLASAqjrflCtavgj5dAGMZmltNS1EN89lIPNNj1IrHVM0
FHqUry9WkRQ0PxFvyJkhJ5w0sfiepocWWE0JhTDweDFKm/I7x0ZNBWOKzA3Myljv
PxSsh97Gkvcv69m6GDI8vfOc7kSGephchz94jH9IcmfG2EJjEfW1AynVVGtyniv/
Dyq0EtDZqyiIFoCJzEXu+qm4sJk5RbKkMHRGDEN8BOwSFS0lPx3Tges0ORD03+EB
Iop6GLArJCkxay6XznpLC1SK/9Nf/3lSLpHwQ7lscKOux2OQh2l0p8kW1+gh
-----END RSA PRIVATE KEY-----

1
roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz5S/8ltqTaod7hZJuU/cC+AOO+OogsdBv4bs7dRXR49G4CmTkm7YkexRBXeW8rVClH4AayqqJKh9QbDTcUhLNAofe0fhSxhgprtLEVLu/ilnJ4MOrxh70zUgXxu86fJA5E3OAVSM3vDfT5EY4W5A1MJt1y4tr9RWZLpu68O9CJPU4fWcI06h5ySmdSVVcHhBANPjHDSJiOWfw1fZ0O1ptEFf4o/0Ivzq1u7Yjr8C3RH5xOH2BIzbnDRcR4zy5OWNc/gGr0//CuOQbZ/GhrAtWb/s0ifjZYxHLY1qiy6c4UDGP2Z6Jiio37vFCselIvKvhc/ndqUgo4EP433YtJDwy+B5pj5yL+7sD4/lvqLPoTX6XYOwQiluPDoZGMta1glTvkNfZwnCO4HMsYe1jzy4r8DsjFadQtuUHhQ2e2yMv4VJ/+gB5y7v78NuMCVJ+tdtAyBvCxjtwea3y1KJ/PwVByAlv1uRzsI3EvjwxdzGqo3mlEWBurwtmr0rWV9ZnMDwbqUL4lvXE/qd138yTO5bm5wNgAzsUj7/uL1Y3L9Rz+OnRm+lhdI19huNMi2Yv9uQcm2kNFbZlNVu62yORJl6h3Lkqn6zbxpNZ2duZZUCfRw/bP1WYyHyexReDT/5X/paV3CE2/jyXbaOhN2asgQS1g4veZQPk3oD9/LnZOSEQBw== root@d.mx-opendkim

154
roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,154 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=true
check_apache=true
check_php_fpm=false
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args="--login-path=local"
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

175
roles/common/files/d.mx/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,175 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
#dns_dkim_zone_master_server=""
dns_dkim_zone_master_server="b.ns.oopen.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
#key_secret=""
key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
#key_name=
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

44
roles/common/files/d.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

138
roles/common/files/d.mx/usr/local/src/sympa/conf/install_sympa.conf Normal file
View File

@ -0,0 +1,138 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------
# - Configuration for sympa install script
# ----------------------------------------
# - PREFIX
# -
# - Sympa Installation directory
# -
# - Defaults to: "/usr/local/sympa"
# -
#PREFIX="/usr/local/sympa"
# - SYMPA_USER
# -
# - User under which Sympa services are running
# -
# - Defaults to: "sympa"
# -
#SYMPA_USER="sympa"
# - SYMPA_MAIN_CONF_DIR
# -
# - Sympas main configuration directory
# -
# - Defaults to: "/etc/sympa"
# -
#SYMPA_MAIN_CONF_DIR="/etc/sympa"
# - SYMPA_LIST_DATA_DIR
# -
# - Data directory for sympa lists
# -
# - defaults to: "/data/sympa/list_data"
# -
#SYMPA_LIST_DATA_DIR=/data/sympa/list_data
# - SYMPA_DOMAIN
# -
# - Note: if sympa will be configured to support multidomains
# - this (SYMPA_DOMAIN) should not contain list definitions
# -
# -
SYMPA_DOMAIN="sympa.oopen.de"
# - START_AT_BOOTTIME
# -
# - Defaults to: "yes"
# -
#START_AT_BOOTTIME="yes"
# - SYMPA_LISTMASTER
# -
# -
# - Defaults to "postmaster@$SYMPA_DOMAIN"
# -
#SYMPA_LISTMASTER="postmaster@$SYMPA_DOMAIN"
# - SYMPA_DB_TYPE
# -
# - Database type of sympas database
# -
# - If database is SQLite, then this parameter is not in use.
# -
# - Possible values are 'mysql' (MySQL) or 'Pg' (PostgeSQL), 'Sybase', 'Oracle'
# -
# - Defaults to: SYMPA_DB_TYPE="mysql"
# -
#SYMPA_DB_TYPE="mysql"
# - SYMPA_DB_HOST
# -
# - Defaults to: SYMPA_DB_HOST="127.0.0.1"
# -
#SYMPA_DB_HOST="127.0.0.1"
# - SYMPA_DB_PORT
# -
# - Defaults to:
# - 3306 - if SYMPA_DB_TYPE=mysql
# - 5432 - if SYMPA_DB_TYPE=Pg
# - 2638 - if SYMPA_DB_TYPE=Sybase
# - 1575 - if SYMPA_DB_TYPE=Oracle
# -
# -
#SYMPA_DB_PORT="3306"
# - SYMPA_DB_NAME
# -
# - Defaults to: SYMPA_DB_NAME="sympa"
# -
#SYMPA_DB_NAME="sympa"
# - SYMPA_DB_USER
# -
# - Defaults to: SYMPA_DB_USER="sympa"
# -
#SYMPA_DB_USER="sympa"
# - SYMPA_DB_PASSWD
# -
# - Password for Sympa's database.
# -
SYMPA_DB_PASSWD="nw7FMhzRJPjcTHvm"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
MYSQL_CREDENTIALS="--login-path=local"
# - VSERVER_GUEST
# -
# - Is this a Linux Vserver guest system?
# -
# - Possible values: yes/no
# -
# - Defaults to 'VSERVER_GUEST=no'
# -
#VSERVER_GUEST=no

22
roles/common/files/e.mx/etc/postfix/postfwd.bl-hosts
View File

@ -1,22 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# hosts blocked by postfwd
#
# This file is called with '=~'. This means perl regexp is possible
#
#
# To increase performance use ^ and/or $ in regular expressions
#
# Example:
#
# # block all hosts of domain 'oopen.de'
# \.oopen\.de$
#
# # block host a.mx.oopen.de
# ^a\.mx\.oopen\.de$
#
# ---
# give hostnames to blocke here

16
roles/common/files/e.mx/etc/postfix/postfwd.bl-nets
View File

@ -1,16 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# Networks blocked by postfwd
#
# Example:
#
# # web0.warenform.de
# #83.223.86.76
# #2a01:30:0:505:286:96ff:fe4a:6ee
# #2a01:30:0:13:286:96ff:fe4a:6eee
#
# ---
# give networks to block here

38
roles/common/files/e.mx/etc/postfix/postfwd.bl-sender
View File

@ -1,38 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# Sender addresses blocked by postfwd
#
# This file is called with '=~'. This means perl regexp is possible
#
#
# To increase performance use ^ and/or $ in regular expressions
#
# @acieu\.co\.uk$
# ^error@mailfrom.com$
#
# instedt of
#
# @acieu.co.uk
# error@mailfrom.com
#
#
# Example:
#
# # # annoying spammer domains
# # block all senders of maildomaindomain 'oopen.de'
# @acieu\.co\.uk$
#
# # annoying spammer addresses
# # block sender address
# error@mailfrom.com
# sqek@eike\.se$
#
# ---
# annoying spammer domains
@acieu\.co\.uk$
# annoying spammer addresses
^error@mailfrom\.com$
^sqek@eike\.se$

13
roles/common/files/e.mx/etc/postfix/postfwd.bl-user
View File

@ -1,13 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# SASL Users blocked by postfwd
#
# Example:
#
# # give SASL usernames to block here
# ckubu@oopen.de
#
# ---
# give SASL usernames to block here

172
roles/common/files/e.mx/etc/postfix/postfwd.cf
View File

@ -1,172 +0,0 @@
#======= Definitions ============
# Match messages with an associated SASL username
&&SASL_AUTH {
sasl_username!~^$
}
# Trusted networks
&&TRUSTED_NETS {
client_address==file:/etc/postfix/postfwd.wl-nets
}
# Trusted hostnames
# client_name~=.warenform.de$
&&TRUSTED_HOSTS {
client_name=~file:/etc/postfix/postfwd.wl-hosts
}
# Trusted users
&&TRUSTED_USERS {
sasl_username==file:/etc/postfix/postfwd.wl-user
}
# Trusted senders
&&TRUSTED_SENDERS {
sender=~file:/etc/postfix/postfwd.wl-sender
}
# Blacklist networks
&&BLOCK_NETS {
client_address==file:/etc/postfix/postfwd.bl-nets
}
# Blacklist hostnames
&&BLOCK_HOSTS {
client_name=~file:/etc/postfix/postfwd.bl-hosts
}
# Blacklist users
&&BLOCK_USERS {
sasl_username==file:/etc/postfix/postfwd.bl-user
}
# Blacklist sender adresses
&&BLOCK_SENDER {
# =~
# using '=~' allows also matching entries for domains (i.e. @acieu.co.uk)
sender=~file:/etc/postfix/postfwd.bl-sender
}
# Inbound emails only
&&INCOMING {
client_address!=127.0.0.1
}
#======= Rule Sets ============
# ---
#
# Processing of the Rule Sets
#
# The parser checks the elements of a policy delegation request against the postfwd set
# of rules and, if necessary, triggers the configured action (action=). Similar to a
# classic firewall, a rule is considered true if every element of the set of rules (or
# one from every element list) applies to the comparison. I.e. the following rule:
#
# client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT
#
# triggers a REJECT if the
#
# Client address is equal (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
#
#
# Note:
# If an element occurs more than once, an element list is formed:
#
# The following rule set is equivalent to the above:
#
# client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT
#
#
# triggers a REJECT if (as above) the
#
# Client address (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
#
# ---
# Whitelists
# Whitelist trusted networks
id=WHL_NETS
&&TRUSTED_NETS
action=DUNNO
# Whitelist trusted hostnames
id=WHL_HOSTS
&&TRUSTED_HOSTS
action=DUNNO
# Whitelist sasl users
id=WHL_USERS
&&TRUSTED_USERS
action=DUNNO
# Whitelist senders
id=WHL_SENDERS
&&INCOMING
&&TRUSTED_SENDERS
action=DUNNO
# Blacklists
# Block networks
id=BL_NETS
&&BLOCK_NETS
action=REJECT Network Address $$client_address blocked by Mailserver admins. Error: BL_NETS
# Block hostname
id=BL_HOSTS
&&BLOCK_HOSTS
action=REJECT $$client_name blocked by Mailserver admins. Error: BL_HOSTS
# Block users
id=BL_USERS
&&BLOCK_USERS
action=REJECT User is blocked by Mailserver admins. Error: BL_USERS
# Blacklist sender
#
# Claim successful delivery and silently discard the message.
#
id=BL_SENDER
&&BLOCK_SENDER
#action=DISCARD
action=REJECT Sender address is blocked by Mailserver admins. Error: BL_SENDER
# Rate Limits
# Throttle unknown clients to 5 recipients per 5 minutes:
id=RATE_UNKNOWN_CLIENT_ADDR
sasl_username =~ /^$/
client_name==unknown
action=rate(client_address/5/300/450 4.7.1 only 5 recipients per 5 minutes allowed)
# Block clients (ip-addresses) sending more than 50 messages per minute exceeded. Error:RATE_CLIENT)
id=RATE_CLIENT_ADDR
&&INCOMING
action=rate($$client_address/50/60/421 421 4.7.0 Too many connections from $$client_address)
# Block messages with more than 50 recipients
id=BLOCK_MSG_RCPT
&&INCOMING
&&SASL_AUTH
recipient_count=50
action=REJECT Too many recipients, please reduce to less than 50 or consider using a mailing list. Error: BLOCK_MSG_RCPT
# Block users sending more than 50 messages/hour
id=RATE_MSG
&&INCOMING
&&SASL_AUTH
action=rate($$sasl_username/50/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG)
# Block users sending more than 250 recipients total/hour
id=RATE_RCPT
&&INCOMING
&&SASL_AUTH
action=rcpt($$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT)

49
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAxe0sdGCZS444N0pvLolycgXiipmRbptw/DMNlUGa1yYGDq1Qf0lQ
1zuDeSOjTk+W78bPHOQy1f+CeHsBj+XRkmInqUZ5K0UgVFEuiAsJGH8l63phyd9bkRHzg0
QQOFZ7JqcNEpW0NiPSKWMLGg9/yA2XoQ4GgiruA9PyyKa2YdP7vll+5Dhm/E5Jvzwbtkkm
wM1EWjF5/1LRrFMq4nJAJhCval2Q7DWIHMDqmWj7ZDGT95gHYsf4CmlldO6FOPc8Qa6Lg/
IEVgLP8ji78TntSQ3B9mRMV5fNYyWJVH3ymqwR7FjTRO/YVCJ5x/WE38T9QBAvjMhV8ais
M9y5NXUMlKNUxbSU2GPvyB7F0/+ioWzourcIY+1O7mRKmiFsqOjfllS/XxYYJm0qFSBOiq
wTOVbTna99wN2vl3jQEBo1upqjnL94jVA4qU5w0ypBAFkFlpyuWEbmicNXlAqIovxQ6dIU
U1iKp/kVQoJDhoBIzCEQvLYkKLgl8cH7pH3Kvcw/EvFAsskGNLlkR5t7jORh05ryCRwV31
wUl/wfj4HrEmVcCAgokv+mUlk/ug+TmwXShpM9dgO/e2MmjLDe0bSZ+jgYT0axn6kCwiDO
5acSRwKEJk0jIrkKf04xy3nYwJtxb8RE9mb6j1oPULb0syKM9iTnSsrGRxoGwXQu6ugrLL
8AAAdApTZfwqU2X8IAAAAHc3NoLXJzYQAAAgEAxe0sdGCZS444N0pvLolycgXiipmRbptw
/DMNlUGa1yYGDq1Qf0lQ1zuDeSOjTk+W78bPHOQy1f+CeHsBj+XRkmInqUZ5K0UgVFEuiA
sJGH8l63phyd9bkRHzg0QQOFZ7JqcNEpW0NiPSKWMLGg9/yA2XoQ4GgiruA9PyyKa2YdP7
vll+5Dhm/E5JvzwbtkkmwM1EWjF5/1LRrFMq4nJAJhCval2Q7DWIHMDqmWj7ZDGT95gHYs
f4CmlldO6FOPc8Qa6Lg/IEVgLP8ji78TntSQ3B9mRMV5fNYyWJVH3ymqwR7FjTRO/YVCJ5
x/WE38T9QBAvjMhV8aisM9y5NXUMlKNUxbSU2GPvyB7F0/+ioWzourcIY+1O7mRKmiFsqO
jfllS/XxYYJm0qFSBOiqwTOVbTna99wN2vl3jQEBo1upqjnL94jVA4qU5w0ypBAFkFlpyu
WEbmicNXlAqIovxQ6dIUU1iKp/kVQoJDhoBIzCEQvLYkKLgl8cH7pH3Kvcw/EvFAsskGNL
lkR5t7jORh05ryCRwV31wUl/wfj4HrEmVcCAgokv+mUlk/ug+TmwXShpM9dgO/e2MmjLDe
0bSZ+jgYT0axn6kCwiDO5acSRwKEJk0jIrkKf04xy3nYwJtxb8RE9mb6j1oPULb0syKM9i
TnSsrGRxoGwXQu6ugrLL8AAAADAQABAAACAChfUIoMijhXMjBVBoi/kJChkqwi1v9wxYMs
BsFDOIpaPzIPODQ+iDbe9Npo4o6+vVL7gpOqGJR+IebhcFgh0LXDP8PPlDe3Sfjo9kzZs2
lDxkBaHkhHPy5AMyO7ZnOXcFdaC9iWoMPKWrwGb+VI9A+idiNr8PfsOdCeEw/KsbkSvG7/
Ylq7BobAkVposF5mXXlGZYLgRLpH8mzsKfs2ws8A6EcR/tWvtavnzfKs71poon4GjLshfv
7gsMlBPft4stnS+LJZU3kX6cLGv89cuYIFRGM14jybwlFO/sw1RJ84Kg/DrpSJN98xiRW4
hvn9/IpswsY8twssFLQfecflsELlfkzVNE1YR1d2rHdBEHKSa0piNvaUgPuIP9oggDkE/m
pF4Oz/aW71fHLWQVxf3qlCnYfshf86XqJTZvJ8N7edF4XZ+UiOWPl5c8vXBJDFLrydenWF
9z4IExHZafmYygnbLdEP4cFq8fPsb7zbhNr8aLOLfIyLj30brvIE9/gc7VnME0PdK3n2FO
u4GDTYSE0UNpjctw5Fg4+89Yv1xD/onLIA43scw3l3NhCtLI5QHnsO8cckga6/wcdfOG2f
V8kMzICZt3IFnR4EgDlavLMx+FthyYKDE4JYOKM2Qy6xGRg9p6kFyb7SQEFy91JgCN5tpJ
V5ezfJF7bgTW8tuQpBAAABABSvsV4UpatmjpicZChtXMQHuDob/ZUcVwJ3emORxD5vfKd8
zuySbJxlJBIIUVT2ako8AmUYQBjIU+vPI18CHdhDhL4rDmeletC6Sl1KB089dc2qavIvtC
N0E5+iozCXHGirr79t3UTVGBMGr5UYG9y5nfa7WWY38UqVc63TK2EVT0wrNxgS9hUtZWbk
LsEiIAUEp/8N5wKKv4+uVfzSfg0sEy/JGNU0KNcxFUZNolSEeieQUdmopALD04f/YOdhO5
mV5oS3lDUC8cnbefQmoK/kszfgOb/qMC76RqLa7IUm91IZbKfA78x81gjSsuiqfPXsE9El
GxqXrnggbHarFG4AAAEBAOwpW++DbYcI3AJn44o3sH6bGVVsNbAualMxFz0XYwdnoD7UUG
aOhlRFWZXqOQEbvt1LOp4SYyT50puwdvg0as6+78FnlwVXVaHKjP0Igh2e8Ls5YYpp8jas
FDcZa0F5JiAFPamxY+ypvaD/Fmc3ha7JBGOGkV67qktOO+Dtd2NSKB6EIt8ShKbjZA6U2i
UAQCp2AC+f3CDL+3vN/Gj4oBI2ysYl3QVG/nuBT8Lxdf+JabEYwPBMlOqYVfjYQj0FL6Ht
/+MCeVyaeww+a0/i+W5RqqBn1ptOw1YlamsOvLG2Z0FL6s2/uTE9+dYfQXto6j6vkAGrIr
yugIYwC0abzxsAAAEBANaNkiXeqKssyYZ14OEfzXyD7M3l2vvfGRvCS0XgqEodvVGbB/A4
AAWtkuPvOPqSzaOIfdbIcN1dvccJuxU/SPanL33aX7PLROuq7ApIbhzFI5QblvoivUAMST
ND9QjAu8hHiO9K6qRU3evEpJVvN2iOznTuU/A91n5ChJLeQAjqpMhgB45ZlWKmPE+y0kw6
aCZq7qmqqCRr5nzY1YYFy2UilbOUyeO5wCDa6bN8FXYvKTBWOmTvsoILPjTjiaZbfITmfd
f2n4mNITViGU6kirtZSzjRRqqQRj0Vz9f5Qn2TBZ/uCkTDQEBtr/rdAHL9eBaSXYXWVIpl
RsBCSs/Sny0AAAAHcm9vdEBteAECAwQ=
-----END OPENSSH PRIVATE KEY-----

1
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF7Sx0YJlLjjg3Sm8uiXJyBeKKmZFum3D8Mw2VQZrXJgYOrVB/SVDXO4N5I6NOT5bvxs8c5DLV/4J4ewGP5dGSYiepRnkrRSBUUS6ICwkYfyXremHJ31uREfODRBA4Vnsmpw0SlbQ2I9IpYwsaD3/IDZehDgaCKu4D0/LIprZh0/u+WX7kOGb8Tkm/PBu2SSbAzURaMXn/UtGsUyrickAmEK9qXZDsNYgcwOqZaPtkMZP3mAdix/gKaWV07oU49zxBrouD8gRWAs/yOLvxOe1JDcH2ZExXl81jJYlUffKarBHsWNNE79hUInnH9YTfxP1AEC+MyFXxqKwz3Lk1dQyUo1TFtJTYY+/IHsXT/6KhbOi6twhj7U7uZEqaIWyo6N+WVL9fFhgmbSoVIE6KrBM5VtOdr33A3a+XeNAQGjW6mqOcv3iNUDipTnDTKkEAWQWWnK5YRuaJw1eUCoii/FDp0hRTWIqn+RVCgkOGgEjMIRC8tiQouCXxwfukfcq9zD8S8UCyyQY0uWRHm3uM5GHTmvIJHBXfXBSX/B+PgesSZVwICCiS/6ZSWT+6D5ObBdKGkz12A797YyaMsN7RtJn6OBhPRrGfqQLCIM7lpxJHAoQmTSMiuQp/TjHLedjAm3FvxET2ZvqPWg9QtvSzIoz2JOdKysZHGgbBdC7q6Cssvw== root@ga-st-mail-dehydrated

49
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAr9qw2oQHkAUfTXEJBxuVR2zDRpTsxyT24eVd+KIJaALVtFVTu8Z3
rNwJN0P3jNLRWxTBuDEbYtTN1J9Bic01fR9m6jdNk5lKeTJw1Q3BzXxuC+4aix9ircJ4in
geNSCiHiVHYaSsXRRajPGe/F5+RAEjuRbt95UHB/kU25qGIpBK9Vq0m0Ad8HKrV0vpTb3s
hVJSQ/VydDC82pwXj0IfW6HPdwnzmt8hU2/dIK3weUI56S+9euzKUh+jqvw1YeTXJzM76G
I2X/YLDEx7jgFMlChnlHYNivPYBY5Aatq90t6LiqQ0MT0kVx7jQwUnhyRB8vAz+qznftKm
VTmjxL90IvwUTzvS1nHNmlIPMnSO8NaDHf0k2iueD2lCSe7l1d2U0LMRss4sGZcfhqtDzQ
DIyhXWFwHLhj55WMQxoVXCSRJRLruwyUKqVn86H6L9lRJ4kEPBJJJ6cXeTBWJGtDT9N/Ja
SGcjM8tdwxSeilHIW0xn85B3MCphV/t72RRAaqua2VjrmN9N6nuYD+3iobAVf4ruOzXtTr
U0tjdEBT0xJbIZNwi22Snq0KPly8aN2deXEQ8Q7IJHQB7WNT4jI13l/GWocFwtr7NWXwaD
eJCtoiB9RraK+EBvoO3IYymvpGQyqhXeMtBGc3kdCI2AslrdpjXd4TGxIwbWae+Xa2JkZa
kAAAdAgUVtA4FFbQMAAAAHc3NoLXJzYQAAAgEAr9qw2oQHkAUfTXEJBxuVR2zDRpTsxyT2
4eVd+KIJaALVtFVTu8Z3rNwJN0P3jNLRWxTBuDEbYtTN1J9Bic01fR9m6jdNk5lKeTJw1Q
3BzXxuC+4aix9ircJ4ingeNSCiHiVHYaSsXRRajPGe/F5+RAEjuRbt95UHB/kU25qGIpBK
9Vq0m0Ad8HKrV0vpTb3shVJSQ/VydDC82pwXj0IfW6HPdwnzmt8hU2/dIK3weUI56S+9eu
zKUh+jqvw1YeTXJzM76GI2X/YLDEx7jgFMlChnlHYNivPYBY5Aatq90t6LiqQ0MT0kVx7j
QwUnhyRB8vAz+qznftKmVTmjxL90IvwUTzvS1nHNmlIPMnSO8NaDHf0k2iueD2lCSe7l1d
2U0LMRss4sGZcfhqtDzQDIyhXWFwHLhj55WMQxoVXCSRJRLruwyUKqVn86H6L9lRJ4kEPB
JJJ6cXeTBWJGtDT9N/JaSGcjM8tdwxSeilHIW0xn85B3MCphV/t72RRAaqua2VjrmN9N6n
uYD+3iobAVf4ruOzXtTrU0tjdEBT0xJbIZNwi22Snq0KPly8aN2deXEQ8Q7IJHQB7WNT4j
I13l/GWocFwtr7NWXwaDeJCtoiB9RraK+EBvoO3IYymvpGQyqhXeMtBGc3kdCI2Aslrdpj
Xd4TGxIwbWae+Xa2JkZakAAAADAQABAAACABJKDFqtoJu57KeBOg8jL0NebHDKzFVp4sNb
t4pET/YhVViMB0lgOtIfkFXPG8/pnRx77Cnb8Z01xLJ4XbiXPxjkSy/Q0KCpMLWqKVH/PE
jCyC81dE1D1l97+k1scLfVzQaVmfbtyX9kvoYqGv7kVP19oNl/KQC23yRVI3Yze//cQe+C
n4YGBRcc1fUeUAVl21OCXEv1GxI6f2m9EjY0Ck7dZVZcEpno2u5yk+zyKjByUtONw4clWW
VxJPSDhonH4xiQm4pvrHgOfteonLEIMY63JQ6ruHzbH3x0bv6uAVANFTY2HbeBRGZLMBeo
UZQckT9S/BT2Jp1qCyKR/BZaUxmkLOAfJl2rW5IfOOOtKEE/q0DVRidfDf2A2ihmsfbCqR
hbhOmf7IbqC4XTGm6W9U3pNyu8Oz4QxRyhwlTWTa3hqvF/xJo6C82yy3p4HYRTX5VfZNbN
iQ7CM/UY0ee69br80MPPdxLetmGX9VvR6g1lsRK8/447DiOD9TZtAXMAiCOf3FUyhwRmRP
qUdGOXHjXsBAjDMWA0OwwdiGFI7dk5zdyQNTpRsM38cctGeBixPs9SOrTKr10zSaf9NzX4
srsXnoAdm2LHQIa0Awfd1TJydFjC6KIGgtZgXy4UDpPE6RzlDnkY8DO/pLLhXMAgtts+G/
ZiaRBKY65VYOHKqVoBAAABAHsbFe8LTyYnDhzgKrlLbeGDySEHTeBbVpKbIUhDjkqoyHvc
HzEt7b2idhJtjXsEIcMUO+0ut1A2toY/JHkHOKnyXPpqv1NxXR/4ru6rAXrOGB/LQCUtcl
5Q4StZvvOtcKbt8b0kvvvBMmkFGEtJr5ybDy6K5CFyyROGlUTpXPfjZjuv6YuzqCsLYXXM
o4cWK1ZUQ7Yf1YovZr3zk6VMzd4gHHQzyTVP5iNflSB3k+AQZClLy771bw2caPFgdpu87a
kAvhtW+anGLkFxSCZFRMkv9rXl8tB2ZPKWqQb8jEzAfH0CC7sDkddLE2l45RapGMUtsJ1V
fF8pGpFiHX7FABoAAAEBAN9JT4Tc29Wc5lDVZEqz8IYT+/eRVBAlALmt7jTVwclY+KSZ5g
i+QONIWj+Js+1Z84bzOzcQ6pZIFAZ57+5qkFeUpfVJB+UL7bLqNF2GeBAvtZ+GgguBK5uN
H+uXrnyeEWn8ppcHebA5vi/GxzCebZ29VnUbh/nHn0WmMvOBAFYqtjGNxo1diYyp8vS0k+
pmhZA5xtgGKzGGwrlAJrWLPzAieFPkNJsDMcY03RkU9u0XI3SkrtlmRqaykSzJpIAtDuT/
D7gyjrNBH6a8qv57LxaUyeWEBOtlC7C4mtTrWcu/+zS8dkh7Y4ZaNR83Zx24DRzAfbuA/R
04eb6Jd55ATr0AAAEBAMmeXjYdwqh2gbizFgyP8ZgTxXUWp5B0YQ7XUOC8CuQqAL8/HlE3
gVHLwrUIKAwTUADfqvzyG86IgJOw1byU3DWY9b5dKfrWm1RhcvLWMgIjRHH3sqnVWxIBam
RkfDkRZ/B8236SoAxe5k7yqZ3wQ6BNJstY1Nya+iJG1h6mLPasEzqZH+JOd0Uc9Fsr8uYR
CmvojolkAaa2We44y9oCXTTHCBfpFUZf0gySmG7ZEXA6MqwTCcbFCP599YmRQ2BmdO0SQF
YHIhpmc3xBjKMiNqhNBii2PUejVp7OVqHQBCeWq/GH9yTj00JeX9KoL7DdoyCoCWHG4eB0
JVW9wg49J10AAAAHcm9vdEBteAECAwQ=
-----END OPENSSH PRIVATE KEY-----

1
roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCv2rDahAeQBR9NcQkHG5VHbMNGlOzHJPbh5V34ogloAtW0VVO7xnes3Ak3Q/eM0tFbFMG4MRti1M3Un0GJzTV9H2bqN02TmUp5MnDVDcHNfG4L7hqLH2KtwniKeB41IKIeJUdhpKxdFFqM8Z78Xn5EASO5Fu33lQcH+RTbmoYikEr1WrSbQB3wcqtXS+lNveyFUlJD9XJ0MLzanBePQh9boc93CfOa3yFTb90grfB5QjnpL7167MpSH6Oq/DVh5NcnMzvoYjZf9gsMTHuOAUyUKGeUdg2K89gFjkBq2r3S3ouKpDQxPSRXHuNDBSeHJEHy8DP6rOd+0qZVOaPEv3Qi/BRPO9LWcc2aUg8ydI7w1oMd/STaK54PaUJJ7uXV3ZTQsxGyziwZlx+Gq0PNAMjKFdYXAcuGPnlYxDGhVcJJElEuu7DJQqpWfzofov2VEniQQ8Ekknpxd5MFYka0NP038lpIZyMzy13DFJ6KUchbTGfzkHcwKmFX+3vZFEBqq5rZWOuY303qe5gP7eKhsBV/iu47Ne1OtTS2N0QFPTElshk3CLbZKerQo+XLxo3Z15cRDxDsgkdAHtY1PiMjXeX8ZahwXC2vs1ZfBoN4kK2iIH1Gtor4QG+g7chjKa+kZDKqFd4y0EZzeR0IjYCyWt2mNd3hMbEjBtZp75drYmRlqQ== root@ga-st-mail-opendkim

135
roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf Normal file
View File

@ -0,0 +1,135 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings for script check_cert_for_dovecot.sh
#-----------------------------
#---------------------------------------
# - service_domain
# -
# - The main domain for which the certificate was issued
# -
# - Example:
# - service_domain="a.mx.oopen.de"
# - service_domain="mail.cadus.org"
# - service_domain="mx.warenform.de"
# -
#service_domain=""
service_domain="mx.gemeinschaft-altenschlirf.de"
# - service_name
# -
# - Name of service.
# -
# - Note: this var will also be used to determin systemd service file
# - or sysVinit script.
# -
# - Example:
# - service_name="Mumble"
# - service_name="Prosody"
# -
# - Defaults to:
# - service_name="Dovecot"
# -
#service_name=""
# - check_string_ps
# -
# - String wich (clearly) identifies the service at the process list (ps)
# -
# - Example:
# - check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
# - check_string_ps=""
# -
# - Defaults to:
# - check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
# -
#check_string_ps=""
# - service_user
# -
# - User under which the service is running.
# -
# - Example:
# - service_user="mumble-server"
# - service_user="prosody"
# -
# - Defaults to:
# - service_user="prosody"
# -
#service_user=""
# - service_group
# -
# - Group under which the service is running.
# -
# - Example:
# - service_group="mumble-server"
# - service_group="prosody"
# -
# - Defaults to:
# - service_group="prosody"
# -
#service_group=""
# - cert_installed
# -
# - Locataion of certificate read by service
# -
# - Example:
# - cert_installed="/var/lib/mumble-server/fullchain.pem"
# - cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.crt
# -
#cert_installed=""
# - key_installed
# -
# - Location of the key read by service
# -
# - Example:
# - key_installed="/var/lib/mumble-server/privkey.pem"
# - key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.key
# -
#key_installed=""
# - cert_newest
# -
# - Location of the newest certificate.
# -
# - Example:
# - cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
# - cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
# -
#cert_newest=""
# - key_newest
# -
# - Location of the newest Key
# -
# - Example:
# - key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
# - key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/privkey.pem
# -
#key_newest=""

178
roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,178 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="7.4"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

176
roles/common/files/ga-st-mail/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,176 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
#dns_dkim_zone_master_server=""
dns_dkim_zone_master_server="b.ns.oopen.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
#key_secret=""
key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
#key_name=
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

86
roles/common/files/ga-st-mail/root/bin/postfix/conf/postfix_add_mailboxes.conf Normal file
View File

@ -0,0 +1,86 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'postfix_add_mailboxes.sh'.
# ---
# ----------------------------------------------------
# - dovecot_enc_method
# -
# - The (dovecot) password scheme which should be used to generate the hashed
# - passwords of EXISTING users.
# -
# - Possible values are:
# -
# - See output of 'doveadm pw -l'
# -
# - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT"
# -
#dovecot_enc_method="SHA512-CRYPT"
# - in_file
# -
# - The file from wich the script reads the e-mail-address/password
# - kombination(s). Each line in this file must only contain
# - <emal-address> <password>
# -
# - Defaults to: in_file="${conf_dir}/mailboxes_new.lst"
# -
#in_file="${conf_dir}/mailboxes_new.lst"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '--defaults-file=/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '--defaults-file=/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - quota
# -
# - The quota setting for the new mailboxes.
# -
# - Defaults to: quota="536870912"
# -
#quota="536870912"
quota="2147483648"
# - log_file
# -
# - Where to write logging informations?
# -
# - Defaults to: log_file="${script_dir}/log/postfix_add_mailboxes.log"
# -
#log_file="${script_dir}/log/postfix_add_mailboxes.log"

92
roles/common/files/ga-st-mail/root/bin/postfix/conf/sent_userinfo_postfix.conf Normal file
View File

@ -0,0 +1,92 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'sent_userinfo_postfix.sh'.
# ---
# ----------------------------------------------------
# - message_body_file
# -
# - Full path to file containing the user info. This file must contain
# - the message body WITHOUT e-mail headers. If file is placed in the
# - 'files' directory use '${file_dir}/<file-name>'
# -
# - Defaults to '${file_dir}/sent_userinfo_postfix.message'
# -
#message_body_file="${file_dir}/sent_userinfo_postfix.email"
# - email_from
# -
# - From Address of user info
# -
# - Example: 'oo@oopen.de'
# -
email_from="it@gemeinschaft-altenschlirf.de"
# - email_from_org
# -
# - Example: email_from_org="O.OPEN"
# -
email_from_org="Gemeinschaft Altenschlirf"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - mail_user
# -
# - The owner of the mailbox directories and within the e-mails itself.
# -
# - defaults to mail_user="vmail"
# -
#mail_user="vmail"
# - mail_group
# -
# - The group of the mailbox directories
# -
# - defaults to mail_group="vmail"
# -
#mail_group="vmail"
# - mail_basedir - No more needed!
# -
# - The root directory where all mailbox-domains are located.
# -
# - Defaults to '/var/vmail'.
# -
#mail_basedir=/var/vmail

44
roles/common/files/ga-st-mail/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

51
roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEApbqZLq1PmnCUbadrPRoIgvqwDapbqfEn4bbpVdGv/M+p6G43
KUFq31avjDYzO1YIZ5TAMDI8+7XHBRsgpiaEktdUXJxbT5qp0jY9P0yPM8mDmVL2
QnMzwUnqrPyMWsMmM/dXt0ZT1m6b+9TY/vxB1GQKWZJHU5KWB3bkiWFrSmANpdhp
c5o3dndrvyBSJKl4b5dW090VDC2SamHRMGAL5VtiQfOBCFjX+MrXBnLuq2pFwkT/
aOtgW0c2twHzIEn2uOTy6HT4uVaag4kx0giAZZflTri6k4EAgWHgDUTwpTC27nlV
13DK5hMKw13gtHaak3YGhdk898WLKwM03um3DSbBoBgkMk7QyqbAIKCm99WoLMsu
vAqGbaNdxGuFmLDVcdE9ymkZWg5vfCqp1CVxyb15y3oKn14lES+QacV5gJxb2dHb
h67UZFac3ruZ+b8+NUS5xR8i5Z9lROmviGHYi5T5doQvu6bMG/pwT/cjZ+k+FkGT
bR6eGLLADbmCjvv4CWh6TCdU6oC/yKeunqyvt+9jNU/+om4lN/qh28FuxW11X59w
89mmyRsjZKGmRqUCF7cdFMVmGRxfBN+WdJZfTUKNQpw71d4wNWjJ2FU7/Q7kmMai
2N+KB1lxBczMkrQkVrqeE366d6U+tRkYW9ofJGYuXakLq/Sq6lpgOhxfQ/kCAwEA
AQKCAgEAndJG0eaFaeNP1eSbAQLrnB+yzDCxPfLDMfWH2wvmdfAkM43Rxd3gMnNQ
lUuAGj9hnZJQOxV8cY+3ySr+OntvwI6CbfcQFYyJr/+q776umHiMc9RHYxxl6unD
K50M49n3ZYFj7MpySD/pFzaotpnu7p2eJZJhjjqH2O/lztYQ4DD8jjS6pzXzH0O2
Pbo/v14LrOkH7JYa1xAG4HvqRBETAwW1WmzTMem5MdmoTyHgGykG6WvfdkC/7+yv
NDQNHXCSHZ0ZnTjXK1hHqH9cDFHAQ/8UhZTxSEqO+qcEQF6odAciDZNKpfFppxP3
KfkaZYCUz1yT9Z7cqm9aiklxbd5PTBPV+nmzUd/FLw2j94D5+egvZcVrRBx63vVg
0Gzt/LPvejhBfZoHyRxepcvNWRtxVkvUuzc/b8cP1HpmruSGri+c8TI1qRWID5Fj
EcQ4lYRt+v98J21FDhKNLSN7QUfrB0CqFQfLcfrkrM2919SY+JEdj6zxEED/nx20
N5jmqvGZjllXJ/7N838sw5bCX8LsA0NXd86LuEjxRhiiqwdtKFz4pNSAdO8R724G
hTowNOVFlwunT8rTWipq0YXkrC1c1PUMhqcwyEsYzOx003MJDJ8biZaTh9yf7zOz
CQDcf2AzWJAevK5tnfbDHnmDv2rfSlQxkNikC3gJlRPsAYsJNSECggEBANrpvBH/
pasjPm5MAb+7YfY7razcO5gStKTavpJRDv92x87gZ+OLRRY+fqunCG9YCUMvbh+H
RAryK6Nui6+SOPH/KYMRRFunxUOBjxxDmYjdNLf+rWMbRzntbdWORRBZ70KGfWjO
eEtNe/++qyKGQKIDLYs3Wm0nmk8phWK2ZqPsz+3eQrLtERNZ5MesA+R8Oi7yffoc
/VId47RsRBfPpfNBZ8XK7yzHqO5rq4xfpaBIGm0pih91NBBo/RcPTcuDNQiNLoja
rIXOR+mV0Qwv/hKaOGeHf4uH8ypkn3QaZIYGyBAiZf45itku9kRnxKYl+sXkJPnr
9Q3aRmJ0gByOpw0CggEBAMHORDC++s3M14c0vdC+lXpyKEkzCKoLlfJMGV/kzF2V
X+v0AehIPxIiAEzMg/2HhRwwQ5f7StM4jybu+VVrSvQ5fbOxiAj/ucF1sA2N4C32
v6r/iIwolZhkbElx5SZwj5dMWcwvwyFiY32oLa0w9wgAt1Te5wx1x42rCWnL4zN6
NtE2BFw8yUkrPOm5QI8ztCl8tJZO03uhJXz/3fXuxDWbVkeTB1wgRz/l/ML8WvwR
yyReQlKkmneANR1axMPRFXREEqY/HA45STPA+GmSq9bW56j+diXDmWxlRNFiZbeT
WkuExcGATt9FOJS9e7OID1XEVLc1jXSjYjmhAA451Z0CggEAKehI6qEoE+UBVJgU
VaIHlN3D162pculRz6VYiiYeWuVgRshK2xKUPTflg/LL+JS/4S65RCve6MGHfRfy
gb/aSulwBvlNPsaVSuEIhn6ia8L9DqQgiTJ1pi8/sXw02HZ/CRs58tBj0vaYYFMd
69QLl3hIRbhpBTBpp/Ho6QbGC2eQPpcn6ZzcgfnZhCf37suhT894MmNOU2QJbUa0
mmJUAIdq2ECLHOVz/4B5LLw6tr5W4MLtACyttN6EZN+3ItiRVHvChsxl7o+Y0Kyv
gkfFucXwOlGEJy/1aw4sQEu1JrsxnXUYVVyqqf0Fg/7hdHUc1rlgIr/6/5Xjl4F5
7P2aGQKCAQBF/m3IQSEpdIKelSC8pCguKc586U6Gw1prQKqlZGeeoNUczWpm7rjA
nsEG+5Hr3aboUFIJMLuMX0/sGsC35eETJTRN0p8zyM/Ym91yd7vwPb5pTpKNNBcb
C6HEQLsmz948IVoJEXLiurr95eBhPV7qZ//OShad/GeOtafXqsgqjkf/9QdMHLQB
lfkQ3FQBpAW8OgqqgluEueVlKK+MI6h/R9O4U9SDpDC3ViOcdDGT+gUo5FYFrOcQ
o6ALMv3/TqL186PcoMxMIspaQ6Yz0sH2/HR8JzKaXvMpH8Xj7SqZS0GAJrqZMPLL
Vh+iMHDdnRUUv6xs4o1tA5j1AT2Y5bBNAoIBACM3gjrDabLWR3lIZY0o7rQPCp9x
WCF39r1GyhEeX4W5NrLFichSrFV8NJ2bMW9vmUvh7Z0CoJaiPssi2KWxuWdn+30s
+gi096f4VX/HHbXlTh90uZaqYP5zoPTs4MIR0gnMsKaIanRjla8n9FxkjRxfsvKc
GFKpaY5zCRT/Qms6gLENbrB0SDnfV3xdI/cQhCCgfHA9mqwVfvEsZRdw7AWvqHQH
prppgzt/8FMrEaQhMHbMXVskk9SbUz+AOT4/Z0gnpkjwrrBoJLRcYkU28CQLCLJs
oAWKnlt5BMYjl/v8tmnc8C6+OoS+LfXzD5tKmJUN5O7wFl1TOMsUGBxqqX8=
-----END RSA PRIVATE KEY-----

1
roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClupkurU+acJRtp2s9GgiC+rANqlup8SfhtulV0a/8z6nobjcpQWrfVq+MNjM7VghnlMAwMjz7tccFGyCmJoSS11RcnFtPmqnSNj0/TI8zyYOZUvZCczPBSeqs/IxawyYz91e3RlPWbpv71Nj+/EHUZApZkkdTkpYHduSJYWtKYA2l2Glzmjd2d2u/IFIkqXhvl1bT3RUMLZJqYdEwYAvlW2JB84EIWNf4ytcGcu6rakXCRP9o62BbRza3AfMgSfa45PLodPi5VpqDiTHSCIBll+VOuLqTgQCBYeANRPClMLbueVXXcMrmEwrDXeC0dpqTdgaF2Tz3xYsrAzTe6bcNJsGgGCQyTtDKpsAgoKb31agsyy68CoZto13Ea4WYsNVx0T3KaRlaDm98KqnUJXHJvXnLegqfXiURL5BpxXmAnFvZ0duHrtRkVpzeu5n5vz41RLnFHyLln2VE6a+IYdiLlPl2hC+7pswb+nBP9yNn6T4WQZNtHp4YssANuYKO+/gJaHpMJ1TqgL/Ip66erK+372M1T/6ibiU3+qHbwW7FbXVfn3Dz2abJGyNkoaZGpQIXtx0UxWYZHF8E35Z0ll9NQo1CnDvV3jA1aMnYVTv9DuSYxqLY34oHWXEFzMyStCRWup4Tfrp3pT61GRhb2h8kZi5dqQur9KrqWmA6HF9D+Q== root@lists.mx

155
roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,155 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=true
check_apache=true
check_php_fpm=false
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args="--login-path=local"
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

173
roles/common/files/lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,173 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
dns_dkim_zone_master_server="dns0.warenform.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
#key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

44
roles/common/files/lists.mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

141
roles/common/files/lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf Normal file
View File

@ -0,0 +1,141 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------
# - Configuration for sympa install script
# ----------------------------------------
# - PREFIX
# -
# - Sympa Installation directory
# -
# - Defaults to: "/usr/local/sympa"
# -
#PREFIX="/usr/local/sympa"
# - SYMPA_USER
# -
# - User under which Sympa services are running
# -
# - Defaults to: "sympa"
# -
#SYMPA_USER="sympa"
# - SYMPA_MAIN_CONF_DIR
# -
# - Sympas main configuration directory
# -
# - Defaults to: "/etc/sympa"
# -
#SYMPA_MAIN_CONF_DIR="/etc/sympa"
# - SYMPA_LIST_DATA_ROOT_DIR
# -
# - Root Path containing Sympa's list data directories
# -
# - Note:
# - the real list data directory becomes: ${SYMPA_LIST_DATA_ROOT_DIR}/sympa-$SYMPA_VERSION/list_data
# -
# - Defaults to: "/data"
# -
#SYMPA_LIST_DATA_ROOT_DIR="/data"
# - SYMPA_DOMAIN
# -
# - Note: if sympa will be configured to support multidomains
# - this (SYMPA_DOMAIN) should not contain list definitions
# -
# -
SYMPA_DOMAIN="lists.mx.warenform.de"
# - START_AT_BOOTTIME
# -
# - Defaults to: "yes"
# -
#START_AT_BOOTTIME="yes"
# - SYMPA_LISTMASTER
# -
# -
# - Defaults to "postmaster@$SYMPA_DOMAIN"
# -
#SYMPA_LISTMASTER="postmaster@$SYMPA_DOMAIN"
# - SYMPA_DB_TYPE
# -
# - Database type of sympas database
# -
# - If database is SQLite, then this parameter is not in use.
# -
# - Possible values are 'mysql' (MySQL) or 'Pg' (PostgeSQL), 'Sybase', 'Oracle'
# -
# - Defaults to: SYMPA_DB_TYPE="mysql"
# -
#SYMPA_DB_TYPE="mysql"
# - SYMPA_DB_HOST
# -
# - Defaults to: SYMPA_DB_HOST="127.0.0.1"
# -
#SYMPA_DB_HOST="127.0.0.1"
# - SYMPA_DB_PORT
# -
# - Defaults to:
# - 3306 - if SYMPA_DB_TYPE=mysql
# - 5432 - if SYMPA_DB_TYPE=Pg
# - 2638 - if SYMPA_DB_TYPE=Sybase
# - 1575 - if SYMPA_DB_TYPE=Oracle
# -
# -
#SYMPA_DB_PORT="3306"
# - SYMPA_DB_NAME
# -
# - Defaults to: SYMPA_DB_NAME="sympa"
# -
#SYMPA_DB_NAME="sympa"
# - SYMPA_DB_USER
# -
# - Defaults to: SYMPA_DB_USER="sympa"
# -
#SYMPA_DB_USER="sympa"
# - SYMPA_DB_PASSWD
# -
# - Password for Sympa's database.
# -
SYMPA_DB_PASSWD="RkFt9rfhpngswF3g"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
MYSQL_CREDENTIALS="--login-path=local"
# - VSERVER_GUEST
# -
# - Is this a Linux Vserver guest system?
# -
# - Possible values: yes/no
# -
# - Defaults to 'VSERVER_GUEST=no'
# -
#VSERVER_GUEST=no

0
roles/common/files/e.mx/etc/postfix/postfwd.wl-hosts → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-hosts
View File

3
roles/common/files/e.mx/etc/postfix/postfwd.wl-nets → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-nets
View File

@ -13,3 +13,6 @@
# --- # ---
# give truested networrk adresses here # give truested networrk adresses here
# d.mx.oopen.de (listen server)
95.217.204.227
2a01:4f9:4a:47e5::227

0
roles/common/files/e.mx/etc/postfix/postfwd.wl-sender → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-sender
View File

2
roles/common/files/e.mx/etc/postfix/postfwd.wl-user → roles/common/files/mail.cadus/etc/postfix/postfwd.wl-user
View File

@ -12,4 +12,4 @@
# --- # ---
# give trusted sasl usernames here # give trusted sasl usernames here
#spenden@cadus\.org

9
roles/common/files/mailserver/etc/postfix/body_check.pcre Normal file
View File

@ -0,0 +1,9 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# - Body Checks
# ---
/See the attached file for details/ REJECT Sobig Virus found. - Body-Spamschutzregel TEXT-1001
/.*https?:\/\/click2eat.shop\/Installer\/updatedwebmails/ REJECT Maype fishing E-Mail credentials - Body-Spamschutzregel TEXT-1002

37
roles/common/files/mailserver/etc/postfix/header_checks.pcre Normal file
View File

@ -0,0 +1,37 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# - Replace headers
# - Replace recieved from IPv4
#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4
# - Replace recieved from IPv6
#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6
# ---
# - Ignore Headers
# ---
#/^\s*User-Agent/ IGNORE
#/^\s*X-Enigmail/ IGNORE
#/^\s*X-Mailer/ IGNORE
#/^\s*X-Originating-IP/ IGNORE
# ---
# - Reject / Discard headers
# ---
/^To:.*<>/ REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
/^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
/^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004

22
roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
View File

@ -22,3 +22,25 @@
illuminatus\.lionheart\.lovejoy$ illuminatus\.lionheart\.lovejoy$
dancortez\.500$ dancortez\.500$
geplosser\.pl$ geplosser\.pl$
zukunftbeitragen\.quest$
gulpagerts\.com$
flodesyta\.shop$
einfach-mail-express\.eu$
feowatley\.shop$
kssalon\.com$
zeitarbeitsgruppe\.com$
jobinscenter\.mom$
bilingates\.gsm\.pl$
^mail\.finsky-palace\.radio\.am$
^mail\.newslinkes\.radio\.fm$
thecaffeinatedquilter\.com$
^mail\.hossted\.app$
rea\.realflightshop\.com$
tetontimberlinetrading\.com$
walelaber\.shop$
couetsart\.xyz$
technedigitale\.com$
dia-two-2\.de$
surlumice\.store$
hecnvoipl\.xyz$
viastarco\.xyz$

52
roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
View File

@ -18,3 +18,55 @@
85.254.72.106 85.254.72.106
103.136.40.0/23 103.136.40.0/23
185.53.170.115 185.53.170.115
# zukunftbeitragen.quest
86.107.103.211
# RU (u.a. mail.geplosser.pl)
62.152.59.0/24
# GB mx.bilingates.gsm.pl
95.168.184.156
# RU (u.a. mx.jobinscenter.mom)
31.28.27.0/24
# RU (u.a. mx.novatechs.gen.tr)
93.189.44.0/22
# RU (u.a. vh126.timeweb.ru)
92.53.96.0/24
# RU (u.a. mail.newslinkes.radio.am)
45.130.151.0/24
# US - OLink Cloud LLC US Cloud ( u.a. pritionch.store)
104.160.19.0/24
# TR (u.a. dosvufpro.store
185.219.135.0/24
# RZ ( u.a. mx.jobinscenter.mom)
31.28.27.0/24
# RU (mx.novatechs.gen.tr)
93.189.44.0/22
# mx.bilingates.gsm.pl
95.168.184.156
# mail.finsky-palace.radio.am
89.163.230.186
# mail.newslinkes.radio.fm
62.3.58.20
# SC ( u.a. undialogy.store)
149.3.170.0/24
# tetontimberlinetrading.com
155.94.219.66
185.43.108.101
# US (u.a.walelaber.shop)
216.250.247.0/24
# IN (u.a. couetsart.xyz)
103.174.86.0/23
# DE ( u.a. smtp15.dia-two-2.de
193.168.252.0/23
# US ( u.a. surlumice.store )
# 192.161.160.0/19
192.161.173.22
# RU
194.87.236.0/22
# SC (u.a. werkzeughandeldirekt.net)
146.19.253.0/24
# Piscataway NJ (u.a. werkzeughandeldirekt.net)
209.182.224.0/22
# LV (u.a. eur-versand.com )
217.199.96.0/19
# viastarco.xyz (eur-versand.com)
163.123.180.214

19
roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
View File

@ -40,6 +40,23 @@
@geplosser\.pl$ @geplosser\.pl$
@alfasells\.de$ @alfasells\.de$
@news-des-tages\.de$ @news-des-tages\.de$
@handel2022\.com$
@zukunftbeitragen\.quest$
@ip-51-83-242\.eu$
@notreesnolife\.com$
@ilsang\.biz$
vorteilsemail\.de$
@inbox\.ru$
@poeloker\.com$
@jobinscenter\.mom$
@novatechs\.gen\.tr$
@bilingates\.gsm\.pl$
@newslinkes\.radio\.fm$
@finsky-palace\.radio\.am$
@deutsche-ecommerce\.net$
@cpsarg\.com$
@markenhandelonline\.com$
firmen-infos\.com$
@inx1and1\..+$ @inx1and1\..+$
@ppe-healthcare-europe\.\S+$ @ppe-healthcare-europe\.\S+$
@ -56,3 +73,5 @@
# annoying spammer addresses # annoying spammer addresses
^error@mailfrom\.com$ ^error@mailfrom\.com$
^sqek@eike\.se$ ^sqek@eike\.se$
^info@webmeinung\.de$
^info@handel-versand\.com$

51
roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAquVzjpidmKqq1AhSB1TvzA9fpXWBLmhbGyiaxr7Rq987+CZd
+aDKCBI11CCHlKmWu7/SXIGFFrHENvKip+KqsfHSKp6R5cgklnc+ok+UXZuBMegK
jX9/XmD48xF2/m+p8NOGWfVxiOiXrFPvvcRX9AD/qB318uUyjvcknUJ03NeAdB72
1u7yFIcOMLOBiVUQgguTPkB+QPMSnF5uOLqrmocLsKfHsSg4RRVN01BEKORw6f12
JImep/yaFvVu3XmSctl7q7QtAIAobats7VUJgRxHSf31phc1pQBXWJdz3lVehfCr
HBYM09FbskIBMmOlBz4mU2cU64jnYsqQNgs8fH9Ix0VCkhKM1EichoSNDqc1TTKo
yNHnfTkreuOWPxa+b8/FBqd/d4I8QLev7h3AzNJtq1ssINRgMmkSsJPEKq1qKriZ
+ZE19TXcb6RvNeOvYokr6dtwdTYE3bIZiaffJz1CeRzsr6YJ9ItzHGubKllsIS2n
yrYXP2X6ubCAyAi6n+hubN/scUqKPPby6B0hTSzguYSBLtHtsHtS7LWtbPkfDEv7
pS9mleMMB/PiYLOh2tmGNeTn3B2OglTFYWqe1miyeB/FNsIgC1+zbMSReufWTxDk
cmVGjg3kIuuv0DlnVmZZjvmAhXbGyi/xHuXkl1YOdCYVFdzxnqN991LGboECAwEA
AQKCAgBDSDboqzlQw9ChzezNqikGw/66G7sSVE+aL7BQEwxliGwJ1MEm6KDh8Jl0
vKHka6hGnszpUqzdNHu1zm0vf9QIXtaJpQh32QZenu/v4zjcab7BsUOGVe4FcFRT
Dks0/S2A/SZmAHYEmt4sIJfAtK6UCFifDbypNodjNfYaW/G6iLWwAgjYshZo8osp
rWKQeQcYzAnadnW+iHSJT7xBZWzuV8DIeiXqn5UXzb1oNq+/EcFKvllnJS9rn83i
wBo35Ac+ZFWGUldtXQeNtfIatmIZjNKcVPoDvBuIrMu2u1oI7L9cKFaVpjDCrChX
1Bi4h/aPFW7tYyYfXTUL9gg03tOe44GyO4/3LMrijHV6chYKtzPdv9Kq7TKfWi63
dyyi4W/3c7A8cWizyQwroJjN7aiFTokKXlj6TbgcbTByt5tsk2ItwMH1TwD55tpu
Uqf2vSA4PvPLw3EtGaRlBqD5OvgktH4SR/IsuCd5GRVRGUslU6T0OOzlWHMZBB16
2d/pBrHNW3toL2jeAXxDmGPZVgK5+CLqC88bKO0lO3d8HbnSW5WBDiP5wIuNA8R2
MRBsOwCd+PK/hqxCXWjsCNFmXLgSSJRP4aX0TvFbs06IV371f5I7LiBj5yL68oEz
dhUc+AVTFrGPTAHR/mXhevVYpNXeUUhUrkVr6spS80FfgO7tgQKCAQEA2anb3vAB
WsjuK++K29N3msqapt6SO+rA927ySpXEkM5AEf8+71b1RoEtJK9qrZ5Iy6JYrZgb
XZIycDllq7UURWej3dAPJeT4Wyy4tv+zX90GoJE2QMShnNf4jjkVtfiZ7v2qFly/
nn5ieGXNRGF1I1m1AMK93GdlXY/HDuPLf+OEedzKeEdlQC2/WyOE6sqZwE5BBAOn
2jvr2WmxTDxoFCV4UpZ7qPcQWVasH6Csaj4lXfMLjSMKnHwOCQmrO4qlDxChKcdw
4vQyKDU+XQxQ4puxbD123ZtD/3BqcoTA8EgnpsZlTcqLZeXlQxWZP2UVKii99xC3
u4tCP37BnGu/qQKCAQEAyP7ssmZ2AEXCwe51FdbPupOlE1D7eUIpfKGMzjiOOhus
qLjIClac7NqFhwMlu5hL9VkxyKGbjYVzbZQ39Jk8Ua20Z+XvF7uoLx3py5Rxxq8+
DW7rfaaaM/qa73hlOL9xniuozplqihzuXFRi826BSwEFbWUEit1MZfl+S7QYWVjD
eR41YIKvHDe629mwXn1bJum4biTCCoXVS3xgDPjEY60xwLZNk1IoYTuoznTO3Nt+
dhIywx+19v0gzBsggPfn7En9AEqqqFPOiM8WHaFU+earsFMQfUMrhcThatr7JzTc
R2WK96P6lGbl6LjMzp3MRnYSqvpYS13FciRed7lfGQKCAQARFMJbaWxBypjeO8si
2yJ8tD+Ursy9BPwlrsA22C/3ySfAAc7Xi3RuFv8K7PUrMMu3p0LcRJ6JJkrtAaQX
6Hrxw2NZqdU2fRR8WzMXsVNLR5YYjay7QnMIUu5/gr1QbXTvC1sIrDihYHurxRlp
r1g48PZCXAX4QOj0ga72XSwAGkOwKIJ/E+M/ORfWOCBbKJEORVXW0c6fUqp8gk3W
lLr6McKSgJqttM3EpQeW583//GaES+lxJvnTM+0KCoc0gfnYB88N70fNl6pD+4Gs
XaYPUnaG7v/f/ipE5naEDCTz9kWeUd1rUGTGF1d5fz1qey1BBLd7pwU0I4aMYw8g
jlgZAoIBAQCgr/03Wua3rQ3Y0PTWMtf7x5HPcYy6EoTsWJMjQt+h4QIWGTQD396x
FLpvh7qg0U7YpShBx8F+UNRJJJffeqpYelCiR5bwGFyK3pVM5i5Xsz4eqzClUY4y
RAWdsVjrF1KUKz9XfBtKs3p0YhqBlzTSa8yU+o+5HNa5J88qYp6cv3P23om50ICC
RKOko9J2mC1JXMzPcZ+Xngs5wANiG3eWYJ5H/Pbj8mjJ41I/S+8dbnUZm87tY+qr
vQ59XqqLsKW/qB8WHpt02xthEH4TzikLaLiVzLKAEjU3SoEUVmE3pPD+O1XwSS5J
ekIP3b4O6OSo6DhgbKguCJeTezPy70XxAoIBAH8+SK4eaw7EUWAkxY4VDuP+VEOh
VI80/lmPaPRzaYHodpKMVX27mYqU03n8VqE8Tu1DI0DAKcDAB28hPTdbbJ21oSGr
9sJa3lSuOC/TVv/Q3nVUCTO+EaJ/qTjJQDukDWW4pQCfMJANRszlyQ+tJ46/4ofI
MqTiWbKZj32xUw/dY+XH2ZRYOQvndT8kpxBTUuGPPJliZ1YaO+9hhUGBlhrcrU7y
Uq7xVrG3MBn0I6ibwRGy+zo82ZZIrblMT+Fz3jQVjQzyIKiQvph+8QivFWThR+ej
K2S7h4A/UD69jkIy5nDVGEmL8cMS2Wgn3RAwyS5c7aUaVS+F93zzw2cyx1E=
-----END RSA PRIVATE KEY-----

1
roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCq5XOOmJ2YqqrUCFIHVO/MD1+ldYEuaFsbKJrGvtGr3zv4Jl35oMoIEjXUIIeUqZa7v9JcgYUWscQ28qKn4qqx8dIqnpHlyCSWdz6iT5Rdm4Ex6AqNf39eYPjzEXb+b6nw04ZZ9XGI6JesU++9xFf0AP+oHfXy5TKO9ySdQnTc14B0HvbW7vIUhw4ws4GJVRCCC5M+QH5A8xKcXm44uquahwuwp8exKDhFFU3TUEQo5HDp/XYkiZ6n/JoW9W7deZJy2XurtC0AgChtq2ztVQmBHEdJ/fWmFzWlAFdYl3PeVV6F8KscFgzT0VuyQgEyY6UHPiZTZxTriOdiypA2Czx8f0jHRUKSEozUSJyGhI0OpzVNMqjI0ed9OSt645Y/Fr5vz8UGp393gjxAt6/uHcDM0m2rWywg1GAyaRKwk8QqrWoquJn5kTX1NdxvpG81469iiSvp23B1NgTdshmJp98nPUJ5HOyvpgn0i3Mca5sqWWwhLafKthc/Zfq5sIDICLqf6G5s3+xxSoo89vLoHSFNLOC5hIEu0e2we1Lsta1s+R8MS/ulL2aV4wwH8+Jgs6Ha2YY15OfcHY6CVMVhap7WaLJ4H8U2wiALX7NsxJF659ZPEORyZUaODeQi66/QOWdWZlmO+YCFdsbKL/Ee5eSXVg50JhUV3PGeo333UsZugQ== root@mx

134
roles/common/files/mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf Normal file
View File

@ -0,0 +1,134 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings for script check_cert_for_dovecot.sh
#-----------------------------
#---------------------------------------
# - service_domain
# -
# - The main domain for which the certificate was issued
# -
# - Example:
# - service_domain="a.mx.oopen.de"
# - service_domain="mail.cadus.org"
# - service_domain="mx.warenform.de"
# -
#service_domain=""
service_domain="mx.warenform.de"
# - service_name
# -
# - Name of service.
# -
# - Note: this var will also be used to determin systemd service file
# - or sysVinit script.
# -
# - Example:
# - service_name="Mumble"
# - service_name="Prosody"
# -
# - Defaults to:
# - service_name="Dovecot"
# -
#service_name=""
# - check_string_ps
# -
# - String wich (clearly) identifies the service at the process list (ps)
# -
# - Example:
# - check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
# - check_string_ps=""
# -
# - Defaults to:
# - check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
# -
#check_string_ps=""
# - service_user
# -
# - User under which the service is running.
# -
# - Example:
# - service_user="mumble-server"
# - service_user="prosody"
# -
# - Defaults to:
# - service_user="prosody"
# -
#service_user=""
# - service_group
# -
# - Group under which the service is running.
# -
# - Example:
# - service_group="mumble-server"
# - service_group="prosody"
# -
# - Defaults to:
# - service_group="prosody"
# -
#service_group=""
# - cert_installed
# -
# - Locataion of certificate read by service
# -
# - Example:
# - cert_installed="/var/lib/mumble-server/fullchain.pem"
# - cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.crt
# -
#cert_installed=""
# - key_installed
# -
# - Location of the key read by service
# -
# - Example:
# - key_installed="/var/lib/mumble-server/privkey.pem"
# - key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
# -
# - Defaults to:
# - /etc/dovecot/ssl/mailserver.key
# -
#key_installed=""
# - cert_newest
# -
# - Location of the newest certificate.
# -
# - Example:
# - cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
# - cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
# -
#cert_newest=""
# - key_newest
# -
# - Location of the newest Key
# -
# - Example:
# - key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
# - key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
# -
# - Defaults to:
# - /var/lib/dehydrated/certs/${service_domain}/privkey.pem
# -
#key_newest=""

154
roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf Normal file
View File

@ -0,0 +1,154 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=false
check_apache=true
check_php_fpm=true
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="7.4"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

174
roles/common/files/mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf Normal file
View File

@ -0,0 +1,174 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---------------------------------------------------------
# - Parameter Settings for script 'create_opendkim_key.sh'.
# ---------------------------------------------------------
# ----------
# DNS Server
# ----------
# - dns_dkim_zone_master_server
# -
# - The DNS Server who is serving the update zone and is used
# - for the dynamic updates (nsupdate)
# -
dns_dkim_zone_master_server="dns0.warenform.de"
# - update_dns
# -
# - Possible Values are 'true' or 'false'
# -
#update_dns=""
# - update_zone
# -
# - Zone containing the DKIM TXT record.
# -
# - Defaults to '_domainkey.<dkim_domaini>'
# -
# - Note:
# - do NOT change/set this option unless you know what you do.
# -
#update_zone=""
# - TTL
# -
# - TTL for the DKIM TXT Record.
# -
# - Defaults to "" if update_dns=false
# - Defaults to "43200" if update_dns=true
#
#TTL=""
# ----------
# TSIG Key
# ----------
# - key_secret
# -
# - Sectret Key used by 'nsupdate' to create/update the
# - DKIM TXT record.
# -
# - Example:
# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
# -
#key_secret=""
key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
# - key_algo
# -
# - The key algorithm used for key creation. Available choices are: hmac-md5,
# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The
# - default is hmac-sha256. Options are case-insensitive.
# -
# - Example:
# - key_algo="hmac-md5"
# -
# - Defaults to 'hmac-sha256'
# -
#key_algo="hmac-sha256"
# - key_name
# -
# - Name of the Key
# -
# - Defaults to "$update_zone"
# -
#key_name=
key_name="update-dkim"
# ----------
# Access Credentials DNS Server
# ----------
# - dns_ssh_user
# -
# - Defaults to 'manage-bind'
# -
#dns_ssh_user="manage-bind"
# - dns_ssh_port
# -
# - Defaults to '22'
# -
#dns_ssh_port=22
# - dns_ssh_key
# -
# - Defaults to '/root/.ssh/id_rsa-opendkim'
# -
#dns_ssh_key="/root/.ssh/id_rsa-opendkim"
# ----------
# Scripts envoked at DNS Server
# ----------
# - set_new_serial_script
# -
# - Script increases the serial for a given domain or a given
# - hostname's concerning domain.
# -
# - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
# -
#set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
# - create_dkim_delegation_script
# -
# - Script adds DKIM subdomain delegation for a given domain
# -
# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
# -
#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
# - add_dkim_zone_master_script
# -
# - Script adds zone _domainkey.<dkim domain> as master zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
# -
#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
# - add_dkim_zone_slave_script
# -
# - Script adds zone _domainkey.<dkim domain> as slave zone
# -
# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
# -
#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
# ----------
# OpenDKIM Installation
# ----------
# - opendkim_dir
# -
# - OpenDKIM's etc-directory
# -
# - Defaults to opendkim_dir="/etc/opendkim"
# -
#opendkim_dir="/etc/opendkim"
# - key_base_dir
# -
# - Defaults to "${opendkim_dir}/keys"
# -
#key_base_dir=${opendkim_dir}/keys
# - signing_table_file
# -
# - Defaults to "${opendkim_dir}/signing.table"
# -
#signing_table_file="${opendkim_dir}/signing.table"
# - key_table_file
# -
# - Defaults to "${opendkim_dir}/key.table"
# -
#key_table_file="${opendkim_dir}/key.table"

86
roles/common/files/mx.warenform/root/bin/postfix/conf/postfix_add_mailboxes.conf Normal file
View File

@ -0,0 +1,86 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'postfix_add_mailboxes.sh'.
# ---
# ----------------------------------------------------
# - dovecot_enc_method
# -
# - The (dovecot) password scheme which should be used to generate the hashed
# - passwords of EXISTING users.
# -
# - Possible values are:
# -
# - See output of 'doveadm pw -l'
# -
# - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT"
# -
#dovecot_enc_method="SHA512-CRYPT"
# - in_file
# -
# - The file from wich the script reads the e-mail-address/password
# - kombination(s). Each line in this file must only contain
# - <emal-address> <password>
# -
# - Defaults to: in_file="${conf_dir}/mailboxes_new.lst"
# -
#in_file="${conf_dir}/mailboxes_new.lst"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '--defaults-file=/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '--defaults-file=/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - quota
# -
# - The quota setting for the new mailboxes.
# -
# - Defaults to: quota="536870912"
# -
#quota="536870912"
quota=2147483648
# - log_file
# -
# - Where to write logging informations?
# -
# - Defaults to: log_file="${script_dir}/log/postfix_add_mailboxes.log"
# -
#log_file="${script_dir}/log/postfix_add_mailboxes.log"

92
roles/common/files/mx.warenform/root/bin/postfix/conf/sent_userinfo_postfix.conf Normal file
View File

@ -0,0 +1,92 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ----------------------------------------------------
# ---
# - Parameter Settings for script 'sent_userinfo_postfix.sh'.
# ---
# ----------------------------------------------------
# - message_body_file
# -
# - Full path to file containing the user info. This file must contain
# - the message body WITHOUT e-mail headers. If file is placed in the
# - 'files' directory use '${file_dir}/<file-name>'
# -
# - Defaults to '${file_dir}/sent_userinfo_postfix.message'
# -
#message_body_file="${file_dir}/sent_userinfo_postfix.email"
# - email_from
# -
# - From Address of user info
# -
# - Example: 'oo@oopen.de'
# -
email_from="admin@warenform.net"
# - email_from_org
# -
# - Example: email_from_org="O.OPEN"
# -
email_from_org="WARENFORM"
# - db_type
# -
# - Type of Postfix Database
# -
# - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
# -
# - Defaults to: db_type="pgsql"
# -
#db_type="pgsql"
# - db_name
# -
# - Database name for the postfix database
# -
# - Defaults to: db_name="postfix"
# -
#db_name="postfix"
# - mysql_credential_args (root access to MySQL Database)
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - Defaults to:
# - '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
# - '/usr/local/mysql/sys-maint.cnf' otherwise
# -
#mysql_credential_args=""
# - mail_user
# -
# - The owner of the mailbox directories and within the e-mails itself.
# -
# - defaults to mail_user="vmail"
# -
#mail_user="vmail"
# - mail_group
# -
# - The group of the mailbox directories
# -
# - defaults to mail_group="vmail"
# -
#mail_group="vmail"
# - mail_basedir - No more needed!
# -
# - The root directory where all mailbox-domains are located.
# -
# - Defaults to '/var/vmail'.
# -
#mail_basedir=/var/vmail

44
roles/common/files/mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf Normal file
View File

@ -0,0 +1,44 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ======================================================
# ---
# Parameter Settings for Script 'whitelist_mb_sigs.conf'
# ---
# ======================================================
# QUARANTINE_BASE_DIR
#
# Base directory where amavis stores quarantined e-mails, mostly in
#
# virus e-mails: $QUARANTINE_BASE_DIR/virus
# spam emails: $QUARANTINE_BASE_DIR/spam
# ..
#
# Defaults to:
# QUARANTINE_BASE_DIR="/var/QUARANTINE"
#
#QUARANTINE_BASE_DIR="/var/QUARANTINE"
# CLAMAV_VIRUS_WHITE_LIST
#
# Full path to clamav's (personal) white list file
#
# Defaults to:
# CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
#
#CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
# WHITE_LIST_STRINGS
#
# A blank separated list of strings to whitelist.
#
# Example:
# WHITE_LIST_STRINGS="google.com tinyurl.com"
#
# Defaults to:
# WHITE_LIST_STRINGS="google.com"
#
#WHITE_LIST_STRINGS="google.com"
WHITE_LIST_STRINGS="google.com tinyurl.com"

8
roles/common/handlers/main.yml
View File

@ -20,6 +20,14 @@
name: ssh name: ssh
state: restarted state: restarted
- name: Reload nfs
service:
name: nfs-kernel-server
state: reloaded
enabled: yes
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Restart postfix - name: Restart postfix
service: service:
name: postfix name: postfix

18
roles/common/tasks/copy_files.yml
View File

@ -19,6 +19,24 @@
- copy-files - copy-files
- copy-plain-files - copy-plain-files
- name: (copy_files.yml) Copy plain files Postfix (/etc/postfix)
copy:
src: '{{ item.src_path }}'
dest: '{{ item.dest_path }}'
owner: root
group: root
mode: '0644'
loop: "{{ copy_plain_files_postfix }}"
loop_control:
label: 'dest: {{ item.name }}'
when:
- inventory_hostname in groups['mail_server']
- copy_plain_files_postfix is defined
- copy_plain_files_postfix|length > 0
tags:
- copy-files
- copy-plain-files
- name: (copy_files.yml) Copy plain files Postfix Firewall (postfwd) - name: (copy_files.yml) Copy plain files Postfix Firewall (postfwd)
copy: copy:
src: '{{ item.src_path }}' src: '{{ item.src_path }}'

9
roles/common/tasks/main.yml
View File

@ -131,6 +131,15 @@
tags: git tags: git
# tags supported inside nfs.yml:
#
# nfs-server
# nfs-client
- import_tasks: nfs.yml
tags:
- nfs
# tags supported inside copy_files.yml: # tags supported inside copy_files.yml:
# #
# copy-files # copy-files

96
roles/common/tasks/nfs.yml Normal file
View File

@ -0,0 +1,96 @@
---
# ---
# NFS Server
# ---
- name: (nfs.yml) Ensure NFS utilities (server) are installed.
apt:
name:
- nfs-common
- nfs-kernel-server
state: present
when:
- ansible_os_family == "Debian"
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
- name: (nfs.yml) Ensure directories to export exist
file:
path: '{{ item.src.split(":")[1] }}'
owner: root
group: root
mode: '0755'
state: directory
with_items: "{{ nfs_exports }}"
loop_control:
label: '{{ item.path }}'
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
- name: (nfs.yml) Copy exports file.
template:
src: etc/exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
notify: Reload nfs
tags:
- nfs-server
- name: Enable service rpc-statd and ensure it is not masked
systemd:
name: rpc-statd
enabled: yes
masked: no
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Make sure service rpc-statd is running
systemd:
state: started
name: rpc-statd
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
# ---
# NFS clients
# ---
- name: (nfs.yml) Ensure NFS utilities (clients) are installed.
apt:
pkg: nfs-common
state: present
when:
- ansible_os_family == "Debian"
- "groups['nfs_client']|string is search(inventory_hostname)"
tags:
- nfs-client
- name: (nfs.yml) NFS Mount exports from nfs server
mount:
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: nfs
opts: "{{ item.mount_opts }}"
dump: "{{ item.dump | default(omit) }}"
passno: "{{ item.passno | default(omit) }}"
state: mounted
loop: "{{ nfs_exports }}"
loop_control:
label: '{{ item.src }}'
when:
- "groups['nfs_client']|string is search(inventory_hostname)"
tags:
- nfs-client

10
roles/common/tasks/samba-config-server.yml
View File

@ -4,6 +4,16 @@
# Samba Server # Samba Server
# --- # ---
- name: (samba-install.yml) Ensure samba packages server are installed.
package:
pkg: '{{ apt_install_server_samba }}'
state: present
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
- name: (samba-config-server.yml) Ensure samba share directories exists - name: (samba-config-server.yml) Ensure samba share directories exists
file: file:
path: "{{ item.path }}" path: "{{ item.path }}"

31
roles/common/templates/etc/exports.j2 Normal file
View File

@ -0,0 +1,31 @@
# {{ ansible_managed }}
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
{% set count = namespace(nfs_exports=100) %}
{% for export in nfs_exports %}
{% set export_str= namespace(nfs_exports = export.src.split(":")[1]) %}
{% set count.nfs_exports = count.nfs_exports + 10 %}
{% for network in export.export_networks %}
{% if export.use_fsid_option is defined and export.use_fsid_option is sameas true %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
{% else %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }})
{% endif %}
{% endfor %}
{{ export_str.nfs_exports }}
{% endfor %}

6
roles/common/templates/usr/local/src/mailsystem/conf/install_amavis.conf.j2
View File

@ -7,7 +7,11 @@
_HOSTNAME={{ hostname }} _HOSTNAME={{ hostname }}
_IPV4='{{ ipv4_address | default(omit) }}' _IPV4='{{ ipv4_address | default(omit) }}'
_IPV6='{{ ipv6_address | default(omit) }}' {% if ipv6_address is defined and ipv6_address %}
_IPV6="{{ ipv6_address }}"
{% else %}
_IPV6=disabled
{% endif %}
_QUARANTINE_DIR=/var/QUARANTINE _QUARANTINE_DIR=/var/QUARANTINE
_QUARANTINE_ADMIN=postmaster\@$mydomain _QUARANTINE_ADMIN=postmaster\@$mydomain

12
roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
View File

@ -11,10 +11,20 @@
_HOSTNAME={{ hostname }} _HOSTNAME={{ hostname }}
_IPV4='{{ ipv4_address | default(omit) }}' _IPV4='{{ ipv4_address | default(omit) }}'
_IPV6='{{ ipv6_address | default(omit) }}' {% if ipv6_address is defined and ipv6_address %}
_IPV6="{{ ipv6_address }}"
{% else %}
_IPV6=disabled
{% endif %}
_ADMIN_EMAIL="{{ admin_email }}" _ADMIN_EMAIL="{{ admin_email }}"
_SASL_AUTH_ENABLED="{{ sasl_auth_enable | default('no') }}" _SASL_AUTH_ENABLED="{{ sasl_auth_enable | default('no') }}"
_SASL_USER='{{ sasl_user | default(omit) }}' _SASL_USER='{{ sasl_user | default(omit) }}'
_SASL_PASS='{{ sasl_pass | default(omit) }}' _SASL_PASS='{{ sasl_pass | default(omit) }}'
{% if is_sympa_list_server is defined and is_sympa_list_server is sameas true %}
_RELAY_HOST=true
_SYMPA_LIST_SERVER=true
{% else %}
_RELAY_HOST="{{ is_relay_host | default('false') }}" _RELAY_HOST="{{ is_relay_host | default('false') }}"
_SYMPA_LIST_SERVER=false
{% endif %}

8
roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
View File

@ -42,7 +42,11 @@ IPV6="{{ ipv6_address | default(omit) }}"
# - # -
# - Defaults to 'admin@<domain>.<tld>' # - Defaults to 'admin@<domain>.<tld>'
# - # -
{% if (admin_email is defined) and admin_email %}
POSTFIX_DB_HOST_PGSQL="{{ postfix_db_host }}"
{% else %}
#WEBMASTER_EMAIL="" #WEBMASTER_EMAIL=""
{% endif %}
# - Base Directory of Roundcube Website # - Base Directory of Roundcube Website
# - # -
@ -290,7 +294,11 @@ POSTFIX_DB_PASSWD='{{ postfix_db_pass | default(omit) }}'
# - # -
# - Defaults to 'false' # - Defaults to 'false'
# - # -
{% if roundcube_acl_plugin is defined and roundcube_acl_plugin is sameas true %}
INCLUDE_ACL_PLUGIN="true" INCLUDE_ACL_PLUGIN="true"
{% else %}
#INCLUDE_ACL_PLUGIN="false"
{% endif %}
# === # ===

4
roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf.j2
View File

@ -265,7 +265,11 @@ POSTFIX_DB_PASSWD='{{ postfix_db_pass | default(omit) }}'
# - # -
# - Defaults to 'false' # - Defaults to 'false'
# - # -
{% if roundcube2_acl_plugin is defined and roundcube2_acl_plugin is sameas true %}
INCLUDE_ACL_PLUGIN="true" INCLUDE_ACL_PLUGIN="true"
{% else %}
#INCLUDE_ACL_PLUGIN="false"
{% endif %}
# === # ===

2
roles/common/templates/var/www/.ssh/config.j2
View File

@ -1,5 +1,5 @@
# {{ ansible_managed }} # {{ ansible_managed }}
Host wf.oopen.de 80.152.216.128 gw-d11.oopen.de d11.warenform.de Host wf.oopen.de 79.140.184.145 gw-d11.oopen.de d11.warenform.de
user webadmin user webadmin
Protocol 2 Protocol 2
Port 9998 Port 9998