update..

2022-11-17 18:10:40 +01:00 · 2022-11-17 18:10:40 +01:00 · 45115c6700
commit 45115c6700
parent f80772ed42
75 changed files with 5165 additions and 436 deletions
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -987,7 +987,6 @@ default_user:
    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
@ -1334,11 +1333,27 @@ git_lxc_guest_repositories:
 git_gateway_repositories:
  # install repositories (destination: /usr/local/src/)
  # mailsystem
  - name: mailsystem
    repo: https://git.oopen.de/install/mailsystem
    dest: /usr/local/src/mailsystem
  # firewall
  - name: ipt-gateway
    repo: https://git.oopen.de/firewall/ipt-gateway
    dest: /usr/local/src/ipt-gateway
  # script repositories (destination /root/bin/)
  # Monitoring
  - name: monitoring
    repo: https://git.oopen.de/script/monitoring
    dest: /root/bin/monitoring
  - name: manage-gw-config
    repo: https://git.oopen.de/script/manage-gw-config
    dest: /root/bin/manage-gw-config
 # ---
 # group [apache2_webserver]
@ -1544,6 +1559,33 @@ git_jitsi_meet_repositories:
 git_other_repositories: []
 # ==========
 # vars used by roles/common/tasks/nfs.yml
 # ==========
 nfs_server: {}
 # Set 'fs_encrypted' to true if filesystem lives on an encrypted
 # partition.
 #
 # NOTE !!
 #    Take car to increase 'fsid' in case of more than one export
 #
 #nfs_exports:
 #   - src: 192.168.112.10:/data/home
 #     path: /data/home
 #     mount_opts: users,rsize=8192,wsize=8192,hard,intr
 #     export_opt: rw,root_squash,sync,subtree_check
 #     export_networks:
 #       - 192.168.112.0/24
 #       - 10.0.112.0/24
 #       - 10.1.112.0/24
 #       - 192.168.63.0/24
 #     use_fsid_option: true
 #
 nfs_exports: []
 # ---
 # vars used by roles/common/tasks/copy_files.yml
 # ---
@ -1552,6 +1594,17 @@ copy_plain_files: []
 copy_plain_files_postfwd_host_specific: []
 copy_plain_files_postfix:
  - name: header_checks.pcre
    src_path: mailserver/etc/postfix/header_checks.pcre
    dest_path: /etc/postfix/header_checks.pcre
  - name: body_check.pcre
    src_path: mailserver/etc/postfix/body_check.pcre
    dest_path: /etc/postfix/body_check.pcre
 copy_plain_files_postfwd:
  # Postfix Firewall postfwd
--- a/host_vars/a.mx.oopen.de.yml
+++ b/host_vars/a.mx.oopen.de.yml
@ -196,6 +196,8 @@ roundcube_db_user: roundcube
 #roundcube_db_host: localhost
 roundcube_db_pass: '3Dsz3j5R'
 roundcube_acl_plugin: true
 roundcube_product_name: O.OPEN - Webmailer
 roundcube_support_url: https://www.oopen.de
 roundcube_skin_logo: "images/oopen-logo.png"
@ -210,6 +212,8 @@ roundcube_2_db_user: roundcube
 #roundcube_2_db_host: localhost
 roundcube_2_db_pass: '3Dsz3j5R'
 roundcube2_acl_plugin: true
 roundcube_2_product_name: O.OPEN - Webmailer
 roundcube_2_support_url: https://www.oopen.de
 roundcube_2_skin_logo: "images/oopen-logo.png"
@ -221,7 +225,7 @@ template_files_mailsystem_script:
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
-  - name: mailsystem_install_postfixadmin.conf
+  - name: mailsystem__postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
--- a/host_vars/b.mx.oopen.de.yml
+++ b/host_vars/b.mx.oopen.de.yml
@ -144,6 +144,6 @@ template_files_mailsystem_script:
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
-  - name: install_postfix_advanced.conf
+  - name: mailsystem_install_postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
--- a/host_vars/c.mx.oopen.de.yml
+++ b/host_vars/c.mx.oopen.de.yml
@ -155,7 +155,7 @@ db_in_use: !!str "true"
 postfix_db_type: MySQL
 postfix_db_name: postfix
 postfix_db_user: postfix
-postfix_db_host: 127.0.0.1
+#postfix_db_host:
 postfix_db_pass: AeB4kohyie5rahJ7
 # install_amavis.conf
@ -201,9 +201,11 @@ autoreply_hostname: autoreply.initiativenserver.de
 roundcube_db_type: mysql
 roundcube_db_name: roundcubemail
 roundcube_db_user: roundcube
-roundcube_db_host: localhost
+#roundcube_db_host: 
 roundcube_db_pass: 're6Xe8Fereejai3D'
 roundcube_acl_plugin: false
 roundcube_product_name: Webmailer Initiativenserver
 roundcube_support_url: "https://www.aktionsbuendnis-brandenburg.de/"
 roundcube_skin_logo: "images/oopen-logo.png"
@ -215,7 +217,7 @@ template_files_mailsystem_script:
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
-  - name: mailsystem_install_postfixadmin.conf
+  - name: mailsystem_install_postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
--- a/host_vars/d.mx.oopen.de.yml
+++ b/host_vars/d.mx.oopen.de.yml
@ -0,0 +1,137 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 apt_install_compiler_pkgs: true
 apt_install_postgresql_pkgs: true
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 insert_root_ssh_keypair: true
 root_ssh_keypair:
  - name: id-rsa-dehydrated
    priv_key_src: d.mx/root/.ssh/d.mx-id_rsa-dehydrated
    priv_key_dest: /root/.ssh/id_rsa-dehydrated
    pub_key_src: d.mx/root/.ssh/d.mx-id_rsa-dehydrated.pub
    pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
  - name: id-rsa-opendkim
    priv_key_src: d.mx/root/.ssh/d.mx-id_rsa-opendkim
    priv_key_dest: /root/.ssh/id_rsa-opendkim
    pub_key_src: d.mx/root/.ssh/d.mx-id_rsa-opendkim.pub
    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/copy_files.yml
 # ---
 copy_plain_files:
  - name: monitoring_check_webservice_load.conf
    src_path: d.mx/root/bin/monitoring/conf/check_webservice_load.conf
    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
  - name: postfix_create_opendkim_key.conf
    src_path: d.mx/root/bin/postfix/conf/create_opendkim_key.conf
    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
  - name: postfix_whitelist_mb_sigs.conf
    src_path: d.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf
    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
  - name: install_sympa.conf
    src_path: lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
    dest_path: /usr/local/src/sympa/conf/install_sympa.conf
 copy_template_files: []
 #
 #  - name: mailsystem_install_amavis.conf
 #    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
 #    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
 # ---
 # vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
 # ---
 hostname: d.mx.oopen.de
 ipv4_address: 95.217.204.227
 ipv6_address: 2a01:4f9:4a:47e5::227
 admin_email: argus@oopen.de
 is_relay_host: false
 is_sympa_list_server: true
 # install_amavis.conf
 #
 mp_receipt_number: 106015125438
 si_authorisation_signature: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
 template_files_mailsystem_script:
  - name: mailsystem_install_postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
  - name: mailsystem_install_amavis.conf
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
--- a/host_vars/e.mx.oopen.de.yml
+++ b/host_vars/e.mx.oopen.de.yml
@ -189,6 +189,10 @@ roundcube_skin_logo: "images/oopen-logo.png"
 template_files_mailsystem_script:
  - name: mailsystem_install_postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
  - name: mailsystem_install_amavis.conf
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
--- a/host_vars/file-fhxb.fhxb.netz
+++ b/host_vars/file-fhxb.fhxb.netz
@ -154,14 +154,51 @@ sudo_users:
 # ---
 # ---
 # vars used by roles/common/tasks/nfs.yml
 # ---
 nfs_server: 192.168.192.10
 # Set 'fs_encrypted' to true if filesystem lives on an encrypted
 # partition.
 #
 # NOTE !!
 #    Take car to increase 'fsid' in case of more than one export
 #
 nfs_exports:
   - src: 192.168.192.10:/data/home
     path: /data/home
     mount_opts: users,rsize=8192,wsize=8192,hard,intr
     export_opt: rw,root_squash,sync,subtree_check
     export_networks:
       - 192.168.192.0/24
       - 10.0.192.0/24
       - 10.1.192.0/24
       - 192.168.63.0/24
     use_fsid_option: true
   - src: 192.168.192.10:/data/samba/shares
     path: /data/samba/shares
     mount_opts: users,rsize=8192,wsize=8192,hard,intr
     export_opt: rw,root_squash,sync,subtree_check
     export_networks:
       - 192.168.192.0/24
       - 10.0.192.0/24
       - 10.1.192.0/24
       - 192.168.63.0/24
     use_fsid_option: true
 # ---
 # vars used by roles/common/tasks/samba-config-server.yml
 # vars used by roles/common/tasks/samba-user.yml
 # ---
-samba_workgroup: OPP
+samba_workgroup: FHXB
-samba_netbios_name: ZAPATA
+samba_netbios_name: FILE-FHXB
 samba_server_min_protocol: !!str NT1
@ -217,28 +254,29 @@ samba_user:
  - name: chris
    groups:
-      - FHXB-Bildarchiv
+      - fhxb-bildarchiv
-      - FHXB-Sammlungen
+      - fhxb-sammlungen
-      - Archiv
+      - archiv
-      - Ausstellungen
+      - ausstellungen
-      - Forschung
+      - forschung
-      - Gedenken-im-Stadtraum
+      - gedenken-im-stadtraum
-      - Projekte
+      - projekte
-      - Publikationen
+      - publikationen
-      - Stolpersteine
+      - stolpersteine
-      - Veranstaltungen
+      - veranstaltungen
      - vze
-      - Buero
+      - buero
-      - Intern
+      - intern
-      - Museum-Organisation
+      - museum-organisation
-      - Presse-Orga-Oeffentlichkeit
+      - presse-orga-oeffentlichkeit
-      - Team
+      - team
-      - Technik
+      - technik
-      - Vermietung
+      - vermietung
-      - Vermittlung
+      - vermittlung
-      - Leitung
+      - leitung
    password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
@ -250,32 +288,318 @@ samba_user:
  - name: sysadm
    groups:
-
+      - archiv
-      - FHXB-Bildarchiv
+      - ausstellungen
-
+      - buero
-      - FHXB-Sammlungen
+      - forschung
-
+      - gedenken-im-stadtraum
-      - Archiv
+      - intern
-      - Ausstellungen
+      - leitung
-      - Forschung
+      - museum-organisation
-      - Gedenken-im-Stadtraum
+      - presse-orga-oeffentlichkeit
-      - Projekte
+      - projekte
-      - Publikationen
+      - publikationen
-      - Stolpersteine
+      - stolpersteine
-      - Veranstaltungen
+      - team
-
+      - technik
-      - Buero
+      - veranstaltungen
-      - Intern
+      - vermietung
-      - Museum-Organisation
+      - vermittlung
-      - Presse-Orga-Oeffentlichkeit
+      - vze
-      - Team
+      - fhxb-bildarchiv
-      - Technik
+      - fhxb-sammlungen
      - Vermietung
      - Vermittlung
      - Leitung
    password: '5hE-7n.JRQ9Y'
    # Archiv01
  - name : a.rchiv01
    groups:
      - archiv
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: '45pS2X-rim.e'
    # Archiv02
  - name : a.rchiv02
    groups:
      - archiv
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: '7gqKY/7-nh3Q'
    # Astrid Schiemann
  - name : a.schiemann
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - intern
      - leitung
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'G.u3r.tJ6Qkh'
    # Babara Schaller
  - name : b.schaller
    groups:
      - archiv
      - buero
      - publikationen
      - team
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'ufPmZ.L/63yJ'
    # Ellen Thieleman
  - name : e.thieleman
    groups:
      - ausstellungen
      - buero
      - projekte
      - team
    password: 'MFS79-tzWA/c'
    # Erika Hausotter
  - name : e.hausotter
    groups:
      - archiv
      - team
    password: 'A/pY4-9VvUdo'
    # Florian Helm
  - name : f.helm
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - intern
      - leitung
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
      - vze
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'z2FE..fUh4fx'
    # Frauke Erdmann
  - name : f.erdmann
    groups:
      - archiv
      - buero
      - publikationen
      - team
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'P/yV5N9rxA-Y'
    # Gerhard Grosche
  - name : g.grosche
    groups:
      - archiv
      - publikationen
      - team
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: '6/H-EgRqP9-T'
    # Heike Müller
  - name : h.mueller
    groups:
      - buero
      - team
    password: 'VT7/n5hHy-Av'
    # Jana König
  - name : j.koenig
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - intern
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'fE6.2K/HpnuS'
    # Jorinde Splettstößer
  - name : j.splettstoesser
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - intern
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
      - vze
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: '2/octHEm/g5H'
    # Natalie Bayer
  - name : n.bayer
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - intern
      - leitung
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
      - vze
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'AI/.44Jt6rhY'
    # Norbert Schropp
  - name : n.schropp
    groups:
      - archiv
      - ausstellungen
      - publikationen
      - team
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'rK/puJ2.7sb4'
    # Praktikum 01
  - name : p.raktikum01
    groups:
      - ausstellungen
      - buero
      - presse-orga-oeffentlichkeit
      - team
      - veranstaltungen
      - vermietung
    password: '2IN.R5HIq-ig'
    # Praktikum 02
  - name : p.raktikum02
    groups:
      - ausstellungen
      - buero
      - presse-orga-oeffentlichkeit
      - team
      - veranstaltungen
      - vermietung
    password: 'NnRYo5-d6i/n'
    # Volo 01
  - name : v.olo01
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
    password: 'A/pY4-9VvUdo'
    # Volo 02
  - name : v.olo02
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
      - vze
    password: 'sp29q-Yn-6PY'
    # Volo 03
  - name : v.olo03
    groups:
      - archiv
      - ausstellungen
      - buero
      - forschung
      - gedenken-im-stadtraum
      - museum-organisation
      - presse-orga-oeffentlichkeit
      - projekte
      - publikationen
      - stolpersteine
      - team
      - technik
      - veranstaltungen
      - vermietung
      - vermittlung
      - vze
      - fhxb-bildarchiv
      - fhxb-sammlungen
    password: 'n7I.fSsR-9vv'
 base_home: /home
 # remove_samba_users:
@ -288,26 +612,6 @@ remove_samba_users:
 samba_shares:
  - name: FHXB-Bildarchiv
    comment: Bildarchiv auf Fileserver
    path: /data/samba/FHXB-Bildarchiv/Bildarchiv
    group_valid_users: fhxb-bildarchiv
    group_write_list: fhxb-bildarchiv
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: FHXB-Sammlungen
    comment: FHXB-Sammlungen auf Fileserver
    path: /data/samba/Darchim2/Bildarchiv
    group_valid_users: fhxb-sammlungen
    group_write_list: fhxb-sammlungen
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Archiv
    comment: Archiv auf Fileserver
    path: /data/samba/FHXB-Server/Archiv
@ -328,6 +632,16 @@ samba_shares:
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Buero
    comment: Buero auf Fileserver
    path: /data/samba/FHXB-Server/Buero
    group_valid_users: buero
    group_write_list: buero
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Forschung
    comment: Forschung auf Fileserver
    path: /data/samba/FHXB-Server/Forschung
@ -348,67 +662,6 @@ samba_shares:
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Projekte
    comment: Projekte auf Fileserver
    path: /data/samba/FHXB-Server/Projekte
    group_valid_users: projekte
    group_write_list: projekte
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Publikationen
    comment: Publikationen auf Fileserver
    path: /data/samba/FHXB-Server/Publikationen
    group_valid_users: publikationen
    group_write_list: publikationen
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Stolpersteine
    comment: Stolpersteine auf Fileserver
    path: /data/samba/FHXB-Server/Stolpersteine
    group_valid_users: stolpersteine
    group_write_list: stolpersteine
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Veranstaltungen
    comment: Veranstaltungen auf Fileserver
    path: /data/samba/FHXB-Server/Veranstaltungen
    group_valid_users: Veranstaltungen
    group_write_list: Veranstaltungen
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: VZE
    comment: VZE auf Fileserver
    path: /data/samba/FHXB-Server/VZE
    group_valid_users: vze
    group_write_list: vze
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Buero
    comment: Buero auf Fileserver
    path: /data/samba/FHXB-Server/Buero
    group_valid_users: buero
    group_write_list: buero
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Intern
    comment: Intern auf Fileserver
    path: /data/samba/FHXB-Server/Intern
@ -449,6 +702,36 @@ samba_shares:
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Projekte
    comment: Projekte auf Fileserver
    path: /data/samba/FHXB-Server/Projekte
    group_valid_users: projekte
    group_write_list: projekte
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Publikationen
    comment: Publikationen auf Fileserver
    path: /data/samba/FHXB-Server/Publikationen
    group_valid_users: publikationen
    group_write_list: publikationen
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Stolpersteine
    comment: Stolpersteine auf Fileserver
    path: /data/samba/FHXB-Server/Stolpersteine
    group_valid_users: stolpersteine
    group_write_list: stolpersteine
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Team
    comment: Team auf Fileserver
    path: /data/samba/FHXB-Server/Team
@ -469,6 +752,26 @@ samba_shares:
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: VZE
    comment: VZE auf Fileserver
    path: /data/samba/FHXB-Server/VZE
    group_valid_users: vze
    group_write_list: vze
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Veranstaltungen
    comment: Veranstaltungen auf Fileserver
    path: /data/samba/FHXB-Server/Veranstaltungen
    group_valid_users: veranstaltungen
    group_write_list: veranstaltungen
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: Vermietung
    comment: Vermietung auf Fileserver
    path: /data/samba/FHXB-Server/Vermietung
@ -489,6 +792,26 @@ samba_shares:
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: FHXB-Bildarchiv
    comment: Bildarchiv auf Fileserver
    path: /data/samba/FHXB-Bildarchiv/Bildarchiv
    group_valid_users: fhxb-bildarchiv
    group_write_list: fhxb-bildarchiv
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
  - name: FHXB-Sammlungen
    comment: FHXB-Sammlungen auf Fileserver
    path: /data/samba/Darchim2/Bildarchiv
    group_valid_users: fhxb-sammlungen
    group_write_list: fhxb-sammlungen
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
 # ==============================
--- a/host_vars/ga-st-mail.ga.netz.yml
+++ b/host_vars/ga-st-mail.ga.netz.yml
@ -0,0 +1,227 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 apt_install_compiler_pkgs: true
 apt_install_postgresql_pkgs: true
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 insert_root_ssh_keypair: true
 root_ssh_keypair:
  - name: id-rsa-dehydrated
    priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated
    priv_key_dest: /root/.ssh/id_rsa-dehydrated
    pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub
    pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
  - name: id-rsa-opendkim
    priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim
    priv_key_dest: /root/.ssh/id_rsa-opendkim
    pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub
    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/copy_files.yml
 # ---
 copy_plain_files:
  # /root/bin/monitoring
  #
  - name: monitoring_check_cert_for_dovecot.conf
    src_path: ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf
    dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
  - name: monitoring_check_webservice_load.conf
    src_path: ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
  # /root/bin/postfix
  #
  - name: postfix_create_opendkim_key.conf
    src_path: ga-st-mail/root/bin/postfix/conf/create_opendkim_key.conf
    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
  - name: postfix_postfix_add_mailboxes.conf
    src_path: ga-st-mail/root/bin/postfix/conf/postfix_add_mailboxes.conf
    dest_path: /root/bin/postfix/conf/postfix_add_mailboxes.conf
  - name: postfix_sent_userinfo_postfix.conf
    src_path: ga-st-mail/root/bin/postfix/conf/sent_userinfo_postfix.conf
    dest_path: /root/bin/postfix/conf/sent_userinfo_postfix.conf
  - name: postfix_whitelist_mb_sigs.conf
    src_path: ga-st-mail/root/bin/postfix/conf/whitelist_mb_sigs.conf
    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
 copy_plain_files_postfwd_host_specific: []
  # Postfix Firewall postfwd
  #
  #- name: postfwd.wl-user
  #  src_path: ga-st-mail/etc/postfix/postfwd.wl-user
  #  dest_path: /etc/postfix/postfwd.wl-user
 #copy_template_files: []
 #
 #  - name: mailsystem_install_amavis.conf
 #    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
 #    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
 # ---
 # vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
 # ---
 hostname: mx.gemeinschaft-altenschlirf.de
 ipv4_address: 192.168.11.2
 #ipv6_address: 
 admin_email: it@gemeinschaft-altenschlirf.org
 is_relay_host: !!str "false"
 db_in_use: !!str "true"
 # postfix_db_type
 #
 # possible values are 'PostgreSQL' and 'MySQL'
 postfix_db_type: PostgreSQL
 postfix_db_name: postfix
 postfix_db_user: postfix
 #postfix_db_host:
 postfix_db_pass: R_wuKauoTE7+AJg9
 # install_amavis.conf
 #
 mp_receipt_number: 106015125438
 si_authorisation_signature: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89
 # install_postfixadmin.conf
 # 
 website_name_postfixadmin: adm.gemeinschaft-altenschlirf.de
 email_welcome_message: "\n
 Hallo,\n
 Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n
 IT Team Gemeinschaft Altenschlirf\n
 --\n
 Gemeinschaft Altenschlirf  |   Phone:  +49 6647 / 9606 0\n
 Müser Straße 1             |   Fax:    +49 6647 / 9606 179\n
 D-36358 Herbstein          |   E-Mail: it@gemeinschaft-altenschlirf.de\n
 "
 # install_update_dovecot.conf
 #
 dovecot_from_address: "Administrator E-Mail <postmaster@gemeinschaft-altenschlirf.de>"
 dovecot_reply_to: "postmaster@gemeinschaft-altenschlirf.de"
 webmailer_address: "https://webmail.gemeinschaft-altenschlirf.de"
 salutation: "IT Team Gemeinschaft Altenschlirf\n
 --\n
 Gemeinschaft Altenschlirf  |   Phone:  +49 6647 / 9606 0\n
 Müser Straße 1             |   Fax:    +49 6647 / 9606 179\n
 D-36358 Herbstein          |   E-Mail: it@gemeinschaft-altenschlirf.de\n
 "
 # install_upgrade_roundcube-webmail.conf
 #
 # Webmailer
 webmail_site_name: webmail.gemeinschaft-altenschlirf.de
 autoreply_hostname: autoreply.gemeinschaft-altenschlirf.de
 # possible values: 'pgsql' or 'mysql'
 roundcube_db_type: pgsql
 roundcube_db_name: roundcubemail
 roundcube_db_user: roundcube
 #roundcube_db_host:
 roundcube_db_pass: 'K3TbMmTfnCXdj4vz'
 #roundcube_acl_plugin: true
 roundcube_product_name: Gemeinschaft Altenschlirf - Webmailer
 roundcube_support_url: https://www.gemeinschaft-altenschlirf.de
 roundcube_skin_logo: "images/oopen-logo.png"
 template_files_mailsystem_script:
  - name: mailsystem_install_postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
  - name: mailsystem_install_amavis.conf
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
  - name: mailsystem_install_postfixadmin.conf
    src_path: usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfixadmin.conf
  - name: mailsystem_install_update_dovecot.conf
    src_path: usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_update_dovecot.conf
  - name: mailsystem_install_upgrade_roundcube-webmail.conf
    src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf
--- a/host_vars/gw-fhxb.oopen.de.yml
+++ b/host_vars/gw-fhxb.oopen.de.yml
@ -0,0 +1,278 @@
 ---
 # ---
 # vars used by roles/network_interfaces
 # ---
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True
 # Should the interfaces be reloaded after config change?
 network_interface_reload: False
 network_interface_path: /etc/network/interfaces.d
 network_interface_required_packages:
  - vlan
  - bridge-utils
  - ifmetric
  - ifupdown
  - ifenslave
  - resolvconf
 network_interfaces:
  - device: eno1
    headline: eno1 - Uplink DSL via Fritz!Box
    auto: true
    family: inet
    method: static
    address: 192.168.178.254
    netmask: 24
    gateway: 192.168.178.1
    nameservers:
      - 127.0.0.1
      - 192.168.192.1
    search: fhxb.netz
  - device: eno2
    headline: eno2 -  LAN 
    auto: true
    family: inet
    method: static
    address: 192.168.192.254
    netmask: 24
  - device: eno2:ns
    headline: eno2:ns - Alias on eno5 (Nameserver)
    auto: true
    family: inet
    method: static
    address: 192.168.192.1
    netmask: 32
  - device: eno3
    headline: eno3 -  LAN 
    auto: true
    family: inet
    method: static
    address: 192.168.193.254
    netmask: 24
  - device: eno4
    headline: eno4 -  OLD LAN 
    auto: true
    family: inet
    method: static
    address: 192.168.178.254
    netmask: 24
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 cron_user_entries:
  - name: "Check if Postfix Mailservice is up and running?"
    minute: '*/15'
    hour: '*'
    job: /root/bin/monitoring/check_postfix.sh
  - name: "Check if SSH service is up and running?"
    minute: '*/15'
    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh
  - name: "Check if OpenVPN service is up and running?"
    minute: '*/30'
    hour: '*'
    job: /root/bin/monitoring/check_vpn.sh
  - name: "Check if nameservice (bind) is running?"
    minute: '*/10'
    hour: '*'
    job: /root/bin/monitoring/check_dns.sh
  - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
    minute: '0-59/2'
    hour: '*'
    job: /root/bin/monitoring/check_forwarding.sh
  - name: "Copy gateway configuration"
    minute: '09'
    hour: '3'
    job: /root/bin/manage-gw-config/copy_gateway-config.sh FHXB
 #cron_user_special_time_entries: []
 cron_user_special_time_entries:
  - name: "Check if Postfix Service is running at boot time"
    special_time: reboot
    job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
    insertafter: PATH
  - name: "Restart Systemd's resolved at boottime."
    special_time: reboot
    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
    insertafter: PATH
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 insert_ssh_keypair_backup_server: false
 ssh_keypair_backup_server:
  - name: backup
    backup_user: back
    priv_key_src: root/.ssh/id_rsa.backup.oopen.de
    priv_key_dest: /root/.ssh/id_rsa
    pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
    pub_key_dest: /root/.ssh/id_rsa.pub
 insert_keypair_backup_client: true
 ssh_keypair_backup_client:
  - name: backup
    priv_key_src: root/.ssh/id_ed25519.oopen-server
    priv_key_dest: /root/.ssh/id_ed25519
    pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
    pub_key_dest: /root/.ssh/id_ed25519.pub
    target: backup.oopen.de
 default_user:
  - name: chris
    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: sysadm
    user_id: 1050
    group_id: 1050
    group: sysadm
    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: back
    user_id: 1060
    group_id: 1060
    group: back
    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
 sudo_users:
  - chris
  - sysadm
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 apt_install_bind9_packages: true
 bind9_gateway_acl:
  - local-net:
    name: local-net
    entries:
      - 127.0.0.0/8
      - 172.16.0.0/12
      - 192.168.0.0/16
      - 10.0.0.0/8
      - fc00::/7
      - fe80::/10
      - ::1/128
 bind9_gateway_listen_on_v6:
   - none
 bind9_gateway_listen_on:
  - any
 #bind9_gateway_allow_transfer: {}
 bind9_gateway_allow_transfer:
   - none
 #bind9_gateway_allow_query: {}
 bind9_gateway_allow_query:
  - local-net
 #bind9_gateway_allow_query_cache: {}
 bind9_gateway_allow_query_cache:
  - local-net
 bind9_gateway_recursion:  !!str "yes"
 #bind9_gateway_allow_recursion: {}
 bind9_gateway_allow_recursion:
  - local-net
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 git_firewall_repository:
  name: ipt-gateway
  repo: https://git.oopen.de/firewall/ipt-gateway
  dest: /usr/local/src/ipt-gateway
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
 root_user:
  name: root
  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/lists.mx.warenform.de.yml
+++ b/host_vars/lists.mx.warenform.de.yml
@ -0,0 +1,132 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 apt_install_compiler_pkgs: true
 apt_install_postgresql_pkgs: true
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 insert_root_ssh_keypair: true
 root_ssh_keypair:
  - name: id-rsa-opendkim
    priv_key_src: lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim
    priv_key_dest: /root/.ssh/id_rsa-opendkim
    pub_key_src: lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim.pub
    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/copy_files.yml
 # ---
 copy_plain_files:
  - name: monitoring_check_webservice_load.conf
    src_path: lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
  - name: postfix_create_opendkim_key.conf
    src_path: lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
  - name: postfix_whitelist_mb_sigs.conf
    src_path: lists.mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
  - name: install_sympa.conf
    src_path: lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
    dest_path: /usr/local/src/sympa/conf/install_sympa.conf
 copy_template_files: []
 #
 #  - name: mailsystem_install_amavis.conf
 #    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
 #    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
 # ---
 # vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
 # ---
 hostname: lists.mx.warenform.de
 ipv4_address: 83.223.86.78
 ipv6_address: 2a01:30:0:13:223:35ff:fef5:84b6
 admin_email: argus@oopen.de
 is_relay_host: false
 is_sympa_list_server: true
 # install_amavis.conf
 #
 mp_receipt_number: 106015125438
 si_authorisation_signature: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b
 template_files_mailsystem_script:
  - name: mailsystem_install_postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
  - name: mailsystem_install_amavis.conf
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
--- a/host_vars/mail.cadus.org.yml
+++ b/host_vars/mail.cadus.org.yml
@ -112,7 +112,23 @@ copy_plain_files:
    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
-copy_plain_files_postfwd_host_specific: []
+copy_plain_files_postfwd_host_specific:
  - name: postfwd.wl-hosts
    src_path: mail.cadus/etc/postfix/postfwd.wl-hosts
    dest_path: /etc/postfix/postfwd.wl-hosts
  - name: postfwd.wl-nets
    src_path: mail.cadus/etc/postfix/postfwd.wl-nets
    dest_path: /etc/postfix/postfwd.wl-nets
  - name: postfwd.wl-sender
    src_path: mail.cadus/etc/postfix/postfwd.wl-sender
    dest_path: /etc/postfix/postfwd.wl-sender
  - name: postfwd.wl-user
    src_path: mail.cadus/etc/postfix/postfwd.wl-user
    dest_path: /etc/postfix/postfwd.wl-user
  # Postfix Firewall postfwd
  #
@ -147,7 +163,7 @@ db_in_use: !!str "true"
 postfix_db_type: MySQL
 postfix_db_name: postfix
 postfix_db_user: postfix
-postfix_db_host: "127.0.0.1"
+#postfix_db_host:
 postfix_db_pass: T3CJnFMJNX9wmhNs
 # install_amavis.conf
@ -196,9 +212,11 @@ autoreply_hostname: autoreply.cadus.org
 roundcube_db_type: mysql
 roundcube_db_name: roundcubemail
 roundcube_db_user: roundcube
-roundcube_db_host: localhost
+#roundcube_db_host:
 roundcube_db_pass: 'j3vqsK7Ldm7MxNjH'
 roundcube_acl_plugin: false
 roundcube_product_name: O.OPEN - Webmailer
 roundcube_support_url: https://www.cadus.org
 roundcube_skin_logo: "images/cadu_logo_webmail.png"
--- a/host_vars/mail.faire-mobilitaet.de.yml
+++ b/host_vars/mail.faire-mobilitaet.de.yml
@ -195,8 +195,10 @@ roundcube_db_user: roundcube
 #roundcube_db_host:
 roundcube_db_pass: 'gqnzTrfsjnRv4PWW'
 #roundcube_acl_plugin: false
 roundcube_product_name: O.OPEN - Webmailer
-roundcube_support_url: https://www.cadus.org
+roundcube_support_url: https://www.faire-mobilitaet.de/
 roundcube_skin_logo: "images/oopen-logo.png"
--- a/host_vars/mx.warenform.de.yml
+++ b/host_vars/mx.warenform.de.yml
@ -0,0 +1,227 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 apt_install_compiler_pkgs: true
 apt_install_postgresql_pkgs: true
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 insert_root_ssh_keypair: true
 root_ssh_keypair:
  - name: id-rsa-opendkim
    priv_key_src: mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim
    priv_key_dest: /root/.ssh/id_rsa-opendkim
    pub_key_src: mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim.pub
    pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/copy_files.yml
 # ---
 copy_plain_files:
  # /root/bin/monitoring
  #
  - name: monitoring_check_cert_for_dovecot.conf
    src_path: mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf
    dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
  - name: monitoring_check_webservice_load.conf
    src_path: mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
    dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
  # /root/bin/postfix
  #
  - name: postfix_create_opendkim_key.conf
    src_path: mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
    dest_path: /root/bin/postfix/conf/create_opendkim_key.conf
  - name: postfix_postfix_add_mailboxes.conf
    src_path: mx.warenform/root/bin/postfix/conf/postfix_add_mailboxes.conf
    dest_path: /root/bin/postfix/conf/postfix_add_mailboxes.conf
  - name: postfix_sent_userinfo_postfix.conf
    src_path: mx.warenform/root/bin/postfix/conf/sent_userinfo_postfix.conf
    dest_path: /root/bin/postfix/conf/sent_userinfo_postfix.conf
  - name: postfix_whitelist_mb_sigs.conf
    src_path: mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
    dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
 copy_plain_files_postfwd_host_specific: []
  # Postfix Firewall postfwd
  #
  #- name: postfwd.wl-user
  #  src_path: mx.warenform/etc/postfix/postfwd.wl-user
  #  dest_path: /etc/postfix/postfwd.wl-user
 #copy_template_files: []
 #
 #  - name: mailsystem_install_amavis.conf
 #    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
 #    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
 # ---
 # vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
 # ---
 hostname: mx.warenform.de
 ipv4_address: 83.223.86.76
 ipv6_address: 2a01:30:0:13:231:32ff:fe8b:7763
 admin_email: admin@warenform.net
 is_relay_host: !!str "false"
 db_in_use: !!str "true"
 # postfix_db_type
 #
 # possible values are 'PostgreSQL' and 'MySQL'
 postfix_db_type: PostgreSQL
 postfix_db_name: postfix
 postfix_db_user: postfix
 #postfix_db_host: /run/postgresql
 postfix_db_pass: CbX8vg347Vvm
 # install_amavis.conf
 #
 mp_receipt_number: 106015125438
 si_authorisation_signature: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b
 # install_postfixadmin.conf
 # 
 website_name_postfixadmin: adm.warenform.de
 email_welcome_message: "\n
 Hallo,\n
 Ihre neue E-Mail Adresse ist eingerichtet.\n
 Das WARENFORM-Team\n
 --\n
 WARENFORM         |   Phone:  +49 30 / 61 65 17 52 -0\n
 Dresdner Str. 11  |   Fax:    +49 30 / 61 65 17 52 -66\n
 D-10999 Berlin    |   http://www.warenform.net\n
 "
 # install_update_dovecot.conf
 #
 dovecot_from_address: "warenform gbr <hilfe@kunden.warenform.net>"
 dovecot_reply_to: "hilfe@kunden.warenform.net"
 webmailer_address: "https://webmail.warenform.de"
 salutation: "Das WARENFORM-Team\n
 WARENFORM         |   Phone:  +49 30 / 61 65 17 52 -0\n
 Dresdner Str. 11  |   Fax:    +49 30 / 61 65 17 52 -66\n
 D-10999 Berlin    |   http://www.warenform.net\n"
 # install_upgrade_roundcube-webmail.conf
 #
 # Webmailer
 webmail_site_name: webmail.warenform.de
 autoreply_hostname: autoreply.warenform.de
 # possible values: 'pgsql' or 'mysql'
 roundcube_db_type: pgsql
 roundcube_db_name: roundcubemail
 roundcube_db_user: roundcube
 #roundcube_db_host: localhost
 roundcube_db_pass: 'Hoo5heis'
 #roundcube_acl_plugin: false
 roundcube_product_name: O.OPEN - Webmailer
 roundcube_support_url: https://www.warenform.net
 roundcube_skin_logo: "images/wf-webmail-logo.png"
 template_files_mailsystem_script:
  - name: mailsystem_install_amavis.conf
    src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
  - name: mailsystem_install_postfix_advanced.conf
    src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
  - name: mailsystem_install_postfixadmin.conf
    src_path: usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_postfixadmin.conf
  - name: mailsystem_install_update_dovecot.conf
    src_path: usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_update_dovecot.conf
  - name: mailsystem_install_upgrade_roundcube-webmail.conf
    src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf
  - name: mailsystem_install_upgrade_roundcube-webmail2.conf
    src_path: usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf.j2
    dest_path: /usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf
--- a/host_vars/o25.oopen.de.yml
+++ b/host_vars/o25.oopen.de.yml
@ -17,26 +17,156 @@ network_interface_required_packages:
  - bridge-utils
  - ifmetric
  - ifupdown
  - ifenslave
  - resolvconf
 network_interfaces:
-  - device: br0
+  # Many device configurations are possible (as many as needed)
  #
  - device: enp41s0
    # use only once per device (for the first device entry)
-    headline: br0 - bridge over device enp8s0
+    headline: enp41s0 - primary device
-    # auto & allow are only used for the first device entry
+    # auto & allow are only used for the first entry of that devicei-name)
    #
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
    auto: true
    family: inet
    # The statisc Mode
    #    Options
    #       address        <dotted quad address[/netmask]>
    #       gateway        <dotted quad address>
    #       pointopoint    <Address of other end point (dotted quad). Note the spelling of "point-to">
    #       hwaddress      <mac-address>
    #       mtu            <size>
    #       scope          <Address validity scope. Possible values: global, link, host>
    #
    # The manual Method
    #    Options
    #       hwaddress      <mac-address>
    #       mtu            <size>
    #
    # The dhcp Method
    #    Options
    #       hwaddress      <mac-address>
    #       hostname       <Hostname to be requested (pump, dhcpcd, udhcpc)>
    #       metric         <metric>
    #       leasehours     <Preferred lease time in hours (pump)>
    #       leasetime      <Preferred lease time in seconds (dhcpcd)>
    #       vendor         <Vendor class identifier (dhcpcd)>
    #       client         <Client identifier (dhcpcd), or "no" (dhclient)>
    #    
    # The bootp Method  
    #    Options
    #       bootfile:      <file: Tell the server to use 'file' as the bootfile.>
    #       server:        <address: Use the IP address 'address' to communicate with the server.>
    #       hwaddr         <mac-address: Use addr as the hardware address instead of whatever it really is.>
    #    
    method: static
-    hwaddress: 00:d8:61:0e:b9:1c
+    
    hwaddress: 
    description:
-    address: 144.76.24.11
+    address: 65.109.28.179
-    netmask: 27
+    # dotted quad or number of bits
-    gateway: 144.76.24.1
+    #
    # the entry will be: address/netmask
    netmask: 26
    gateway: 65.109.28.129
    metric: 
    pointopoint: 
    mtu: 
    scope: 
    # additional user by dhcp method
    #
    hostname:
    leasehours:
    leasetime:
    vendor:
    client:
    # additional used by bootp method
    #
    bootfile:
    server:
    hwaddr:
    # optional dns settings nameservers: []
    #
    #    nameservers:
    #      - 194.150.168.168  # dns.as250.net
    #      - 91.239.100.100   # anycast.censurfridns.dk
    #    search: warenform.de
    #
    nameservers:
      - 185.12.64.1
      - 2a01:4ff:ff00::add:2
    search:
    # optional additional subnets/ips subnets: []
    # subnets: 
    #   - '192.168.123.0/24'
    #   - '192.168.124.11/32'
    # optional bridge parameters bridge: {}
    # bridge:
    #   ports:
    #   stp:
    #   fd:
    #   maxwait:
    #   waitport:
    bridge: {}
    #  optional bonding parameters bond: {}
    #  bond:
    #    master
    #    primary
    #    slave
    #    mode:
    #    miimon:
    #    lacp-rate:
    #    ad-select-rate:
    #    master:
    #    slaves:
    bond: {}
    # optional vlan settings | vlan: {}
    # vlan: {}
    #   raw-device: 'eth0'
    vlan: {}
    # inline hook scripts
    #
    # example:
    #
    # up:
    #   - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0"
    #
    pre-up: [] # pre-up script lines
    up:
      - !!str "route add -net 65.109.28.128 netmask 255.255.255.192 gw 65.109.28.129 dev enp41s0"
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines
  - device: enp41s0
    # use only once per device (for the first device entry)
    headline:
    # auto & allow are only used for the first device entry
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
    auto: 
    family: inet6
    method: static
    address: 2a01:4f9:5a:1a07::2
    netmask: 64
    gateway: fe80::1
    metric:
    pointopoint:
    mtu:
@ -64,8 +194,6 @@ network_interfaces:
    #    search: warenform.de
    #
    nameservers:
      - 195.201.179.131
      - 95.217.204.204
    search:
    # optional additional subnets/ips subnets: []
@ -80,24 +208,15 @@ network_interfaces:
    #   fd:
    #   maxwait:
    #   waitport:
-    bridge:
+    bridge: {}
      ports: enp8s0 # for mor devices support a blank separated list
      stp: !!str off
      fd: 5
      hello: 2
      maxage: 12
    #  optional bonding parameters bond: {}
    #  bond:
-    #    master
+    #    mode:
    #    primary
    #    slave
    #    method:
    #    miimon:
    #    lacp-rate:
    #    ad-select-rate:
    #    master:
    #    slaves:
    #    lacp-rate:
    bond: {}
    # optional vlan settings | vlan: {}
@ -106,18 +225,119 @@ network_interfaces:
    vlan: {}
    # inline hook scripts
-    pre-up: [] # pre-up script lines
+    pre-up: []# pre-up script lines
    up: [] # up script lines
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines
 # ---
 # vars used by roles/ansible_dependencies
 # ---
-  - device: br0
+# ---
-    family: inet6
+# vars used by roles/ansible_user
-    method: static
+# ---
-    address: 2a01:4f8:191:b::2
+
-    netmask: 64
+
-    gateway: fe80::1
+# ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 #apt_manage_sources_list: false
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 default_user:
  - name: chris
    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: sysadm
    user_id: 1050
    group_id: 1050
    group: sysadm
    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: back
    user_id: 1060
    group_id: 1060
    group: back
    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 sudo_users:
  - chris
  - sysadm
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 git_firewall_repository:
  name: ipt-server
  repo: https://git.oopen.de/firewall/ipt-server
  dest: /usr/local/src/ipt-server
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
 root_user:
  name: root
  password: $y$j9T$myZ6f5/klmH0HDN2mb9tv/$s/bBrr6PEXdEgtn9CZYzBNZsA4.r6gWYYeZ4LAYotp9
--- a/host_vars/o25.oopen.de.yml.BAK
+++ b/host_vars/o25.oopen.de.yml.BAK
@ -0,0 +1,123 @@
 ---
 # ---
 # vars used by roles/network_interfaces
 # ---
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True
 # Should the interfaces be reloaded after config change?
 network_interface_reload: False
 network_interface_path: /etc/network/interfaces.d
 network_interface_required_packages:
  - vlan
  - bridge-utils
  - ifmetric
  - ifupdown
  - resolvconf
 network_interfaces:
  - device: br0
    # use only once per device (for the first device entry)
    headline: br0 - bridge over device enp8s0
    # auto & allow are only used for the first device entry
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
    auto: true
    family: inet
    method: static
    hwaddress: 00:d8:61:0e:b9:1c
    description:
    address: 144.76.24.11
    netmask: 27
    gateway: 144.76.24.1
    metric:
    pointopoint:
    mtu:
    scope:
    # additional user by dhcp method
    #
    hostname:
    leasehours:
    leasetime:
    vendor:
    client:
    # additional used by bootp method
    #
    bootfile:
    server:
    hwaddr:
    # optional dns settings nameservers: []
    #
    #    nameservers:
    #      - 194.150.168.168  # dns.as250.net
    #      - 91.239.100.100   # anycast.censurfridns.dk
    #    search: warenform.de
    #
    nameservers:
      - 195.201.179.131
      - 95.217.204.204
    search:
    # optional additional subnets/ips subnets: []
    # subnets: 
    #   - '192.168.123.0/24'
    #   - '192.168.124.11/32'
    # optional bridge parameters bridge: {}
    # bridge:
    #   ports:
    #   stp:
    #   fd:
    #   maxwait:
    #   waitport:
    bridge:
      ports: enp8s0 # for mor devices support a blank separated list
      stp: !!str off
      fd: 5
      hello: 2
      maxage: 12
    #  optional bonding parameters bond: {}
    #  bond:
    #    master
    #    primary
    #    slave
    #    method:
    #    miimon:
    #    lacp-rate:
    #    ad-select-rate:
    #    master:
    #    slaves:
    bond: {}
    # optional vlan settings | vlan: {}
    # vlan: {}
    #   raw-device: 'eth0'
    vlan: {}
    # inline hook scripts
    pre-up: [] # pre-up script lines
    up: [] # up script lines
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines
  - device: br0
    family: inet6
    method: static
    address: 2a01:4f8:191:b::2
    netmask: 64
    gateway: fe80::1
--- a/host_vars/oolm-shop-dev.oopen.de.yml
+++ b/host_vars/oolm-shop-dev.oopen.de.yml
@ -19,7 +19,7 @@
 # vars used by roles/common/tasks/sshd.yml
 # ---
-sshd_password_authentication: !!str "yes"
+#sshd_password_authentication: !!str "yes"
 # ---
@ -31,6 +31,80 @@ sshd_password_authentication: !!str "yes"
 # vars used by roles/common/tasks/users.yml
 # ---
 default_user:
  - name: chris
    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: ilker
    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
  - name: ilker-sudo
    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
  - name: shop
    password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7Vfsl2u55IYnkPMxRI+CK+33wUKR+XR6B160J6xOGe6LnHTsqgAGrjR5nhy7ieQZo4tGFORkikRrwz+H9mQulCsvtCrhh+Gjdkut4SzQbZsE0yLaNKflT3etR6dwKnX5HrqTtkZZ6D/Bi6392xrEy94590nNWZm5M6Vi0DIztt2jqUEiHrcJomPu1RDhl0OLxG/+/gyo9Td3p8olcW6Xk4q8w4GVHZ3sTB+jsMHEMbG6KqkA+eR/agNlxqngPO0Pz3yd5ciOmF+E6Yf47WwlHctBs6Zs/8s1jFFjLqe9k0F6rzY2S7hLaoREXgf+SNRcaN4Y97yRPzeMspvJebwx shop@oolm-shop.oopen.de'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAybUzbWpMfAKzlapkec/IdznX8WGLES2AAsb94W5iO1VvFQfUseML5J91UB+LMl18jFFolk6tPqHL/F18sfFQ6dKtTh+JL87Bve8MrP/VWli+jdlSvX7k84eHxPYLpJQIfab/Th1DSXbF7E9xT9Z0iGxylaRja3FNYNT2Q0+clwUMcYX1mm47xVsM4JGsTDTTNV1CgxLphlajFbLgRlicCam6Vxr68k1sLRsu+iuie1AmUaR3Zvm9VH7/nbSpSxe0NN2FtMfxBTk54/rpr3MLhxgJDGjHILfOaGCL+vR3pK4isAvlnShpPphP6f9F/LFjitLAQ9Onpe/+MRxhCjvAi/uihM8xOmON1FRF1WW1NlPz2avod9BFHc7onct/+LalqiTtRkIiGAzLvar279J82abpsVjdYIHmcjz/z4RReEKLjvKCAy4Sdl8Msz60G0f7tXYowYQVpdYp68Cvc4x4d2LElKP0uAHe5wzfUL1haBbjiar8yECgvna20dof9rgzPRHffv9CeTxHxiBLAidb9jZer80StSKhCTbPBqyaTjzWLqegXY9UH92z82yVaW4jVu/43/OUlywd1AjLTcQKE+oI+3515bzXkGGNIDOdJ9AxLSNMpbHAAQ+E8UxplSiLSNYpxWpbnhlnKF+NpMoA+IUVQXJNa8Y291cwx/bNJTk= thomashauck@Thomas-Haucks-iMac-3.locali'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzEcbz4Jne4lZup1qB8nk8SnUv8xWvpgE6tYiLqsyve7+BGCtA01tM3CWcafRwffw3I/Tmw1PG2T+gEGKSIscKoBGNbpFeA3dSnG/d811VWPyN4j6DcKHDW5njdt+XdUkPTA2Xm2mcNayBovMP5ld2VgEqsYPFpNkcIx4Qsh4URRoVwM0a1CGW5eBWa5gwYypfiK9m/DyiA6gX0fCJKS64GKUilYyrwSSatlt8tkOw3Kb8A39AViYL243zFzrPSNvBRnkp81pOt3khNxB3V07CGUERPTvh4B/mKb3g5yBynLjzvbJkGboR+zzTYGiWPNlwgNOhzIP3h/YnMb3JKJzx shop@oolm-shop'
  - name: sven
    password: $6$tUJZYAXg$DnHWYkGxXlkFTcyWKO3BvP34OekepDb8x19op8C/AzXxTtXrkE2CCeXhtkVu.89dWybdJPI23TVNpsd3dIyPA1
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcm/+4FQ8yFKM05jut+Tsrd6ZHVvUpbKO1ezbpRagvh8s7LTclxRwBEktQD/lJgC7X2H1d4QF71MRcEjfmmH51r1MI5s+mV2KbowUh39io0e0qQrPKlX23872miyjIBMtESHTzWGWJo4VnOBWOoWzUu+sVpDPZ1bVw9EN3Iboq3q7i4pZLj85ASb8pZBJvCWqtOgDZ5qnbvmpPeewgfAOmSvQh1qdDW63pcbupwY/peneUUOCkIE91oCCW5ZKH4El+OGXDm4jKY5Z6Dh9nVcHsJ3Burp/2rPJr27TyhqeezewbyO5Y/XTm1/nx3iNnIudy7fF/N/DlHvb3RJLI+P/3 sven@oolm-shop-dev'
  - name: sysadm
    user_id: 1050
    group_id: 1050
    group: sysadm
    password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: back
    user_id: 1060
    group_id: 1060
    group: back
    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 sudo_users:
  - chris
  - sysadm
  - ilker
  - ilker-sudo
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/oolm-shop.oopen.de.yml
+++ b/host_vars/oolm-shop.oopen.de.yml
@ -19,7 +19,7 @@
 # vars used by roles/common/tasks/sshd.yml
 # ---
-sshd_password_authentication: !!str "yes"
+#sshd_password_authentication: !!str "yes"
 # ---
@ -31,6 +31,72 @@ sshd_password_authentication: !!str "yes"
 # vars used by roles/common/tasks/users.yml
 # ---
 default_user:
  - name: chris
    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: ilker
    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
  - name: ilker-sudo
    password: $6$KdZA19BkoB5hmlSq$0EnTYvavJh/xYsCc1Movk7Rt3fF0Kpiw/i.YQalZmL5kmChurAcJRgLNoceTtH7gFKY67SkeiE6Diy5L74CF71
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3oRUYDERuHw8QXRT6P5FjA+9OlK82/s71Ns3moLRG2PXkPlUHMJLDsImttlBpzrfxCHMzF/gAyzwCG8EFQA0fLQolShVYBVuJQ8sHS3xedbni2PbiUzgc5P9le/LwBjxOt2EFXGcNgHfFejY69esPsNmhbwQ7jxIledclIri0sG9G3rnx3NQdGcU6Ypi4WhuJ2B1y5DUO3Ym/fuqw0OpYrI12UZYYjpLL1V3c8PDshaBbnArW68+a6Fq4vRpEkHKKUcePYUHbB5APyjkkEzeINfJbrrv/WVb5dGaxSRH61LsjnlOrRDi2qITewfkLz3CMmxQM0fRAT3UV9q0FibzJ ilker@oolm-shop'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmXj9h/gCTSODkPH1ooBgq6hOZFjxczLPw9Bv5gt+z6v41zxpYKBDyvMy7jblwK3//EA469QRqKEBq0Hhx1aocrVe8TWZGDqzc2nrzh2YSewvKjbx6Dv+pdoWcTzF6Rho2Klvu79p5lcV+2I/u82wLDNVBZliGuRJJ8yVVQ8RkSdvz/O15d9qfI7F0yzzjhYy+t/W6tDxEt2N65n7SC14i/q/DqdGCLp7eBAHkC2mTruLbzCIdMteFg7q0GuTdlII0BF5LPbHlVK8nm8iOOH61pI/gygXF0Z9WlL7e/hfE8qTGAucAsy0KoOodlEQD1LLV1Rubmy7zKZBk4qvXzh7 ilkeregilmez@Ilkers-MBP-2.fritz.box'
  - name: shop
    password: $6$.7q7LwrI$LS0W95y5MHgaQZ4v5OvYukQn3pxmbeQvm9lNrPVSN7R.GVwGGIqdfnX2xOvGTgJcenUT3aJoa8HloOes1wUM71
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtV1K8uTgEA/KylUelsOAcSxRWIGoioIeymZAIm+9mqRlxEjk/PH393medpqayD1QDx0kcd8cyg8j1JyOxhhQbEo4z7KMTn9HfvncfuHYPuYqMXPto4kLTUXa0QhKgnYXKwBQ2qH3MlU5KC0poPXLIu6cbMaJPH+0WtP7hxJWMCmCV/ycuXL2Wr+S0vIZVUqnnyR911fMoElJJkJ5pxxLy8rGogMbl9y0RUS1ZBDXvjVR9F+g9KmZ5yWATOB4nGk9wl5zrtxqP1PTu5DHLLyx4tnhO3VqReMkPTKZb+JpEYc8IccuVLyk3Vdr7pob7J+QeqoN266QJNxTwK+QCfnpf ilkeregilmez@ulli.speedport.ip'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf7Vfsl2u55IYnkPMxRI+CK+33wUKR+XR6B160J6xOGe6LnHTsqgAGrjR5nhy7ieQZo4tGFORkikRrwz+H9mQulCsvtCrhh+Gjdkut4SzQbZsE0yLaNKflT3etR6dwKnX5HrqTtkZZ6D/Bi6392xrEy94590nNWZm5M6Vi0DIztt2jqUEiHrcJomPu1RDhl0OLxG/+/gyo9Td3p8olcW6Xk4q8w4GVHZ3sTB+jsMHEMbG6KqkA+eR/agNlxqngPO0Pz3yd5ciOmF+E6Yf47WwlHctBs6Zs/8s1jFFjLqe9k0F6rzY2S7hLaoREXgf+SNRcaN4Y97yRPzeMspvJebwx shop@oolm-shop.oopen.de'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAybUzbWpMfAKzlapkec/IdznX8WGLES2AAsb94W5iO1VvFQfUseML5J91UB+LMl18jFFolk6tPqHL/F18sfFQ6dKtTh+JL87Bve8MrP/VWli+jdlSvX7k84eHxPYLpJQIfab/Th1DSXbF7E9xT9Z0iGxylaRja3FNYNT2Q0+clwUMcYX1mm47xVsM4JGsTDTTNV1CgxLphlajFbLgRlicCam6Vxr68k1sLRsu+iuie1AmUaR3Zvm9VH7/nbSpSxe0NN2FtMfxBTk54/rpr3MLhxgJDGjHILfOaGCL+vR3pK4isAvlnShpPphP6f9F/LFjitLAQ9Onpe/+MRxhCjvAi/uihM8xOmON1FRF1WW1NlPz2avod9BFHc7onct/+LalqiTtRkIiGAzLvar279J82abpsVjdYIHmcjz/z4RReEKLjvKCAy4Sdl8Msz60G0f7tXYowYQVpdYp68Cvc4x4d2LElKP0uAHe5wzfUL1haBbjiar8yECgvna20dof9rgzPRHffv9CeTxHxiBLAidb9jZer80StSKhCTbPBqyaTjzWLqegXY9UH92z82yVaW4jVu/43/OUlywd1AjLTcQKE+oI+3515bzXkGGNIDOdJ9AxLSNMpbHAAQ+E8UxplSiLSNYpxWpbnhlnKF+NpMoA+IUVQXJNa8Y291cwx/bNJTk= thomashauck@Thomas-Haucks-iMac-3.locali'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzEcbz4Jne4lZup1qB8nk8SnUv8xWvpgE6tYiLqsyve7+BGCtA01tM3CWcafRwffw3I/Tmw1PG2T+gEGKSIscKoBGNbpFeA3dSnG/d811VWPyN4j6DcKHDW5njdt+XdUkPTA2Xm2mcNayBovMP5ld2VgEqsYPFpNkcIx4Qsh4URRoVwM0a1CGW5eBWa5gwYypfiK9m/DyiA6gX0fCJKS64GKUilYyrwSSatlt8tkOw3Kb8A39AViYL243zFzrPSNvBRnkp81pOt3khNxB3V07CGUERPTvh4B/mKb3g5yBynLjzvbJkGboR+zzTYGiWPNlwgNOhzIP3h/YnMb3JKJzx shop@oolm-shop'
  - name: sysadm
    user_id: 1050
    group_id: 1050
    group: sysadm
    password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: back
    user_id: 1060
    group_id: 1060
    group: back
    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 sudo_users:
  - chris
  - sysadm
  - ilker
  - ilker-sudo
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/43
+++ b/43
@ -27,8 +27,9 @@ devel-root.wf.netz
 gw-123.oopen.de
 gw-ah.oopen.de
 gw-ak.oopen.de
 gw-ebs.oopen.de
 gw-akb.akb.netz
 gw-ebs.oopen.de
 gw-fhxb.oopen.de
 gw-ckubu.local.netz
 gw-b3.oopen.de
 gw-blkr.oopen.de
@ -43,12 +44,14 @@ gw-kb.oopen.de
 bbb-server.b3-bornim.netz
 file-ah.kanzlei-kiel.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
 file-blkr.blkr.netz
 zapata.opp.netz
 gw-replacement.local.netz
 gw-replacement2.local.netz
 gw-replacement3.local.netz
 k1371.dyndns.org
@ -149,6 +152,9 @@ o24.oopen.de
 cl-irights.oopen.de
 mm-irights.oopen.de
 # IL - PAD
 o25.oopen.de
 # - o27.oopen.de
 o27.oopen.de
 cl-fm.oopen.de
@ -202,6 +208,7 @@ lxc-host-kb.anw-kb.netz
 [initial_setup]
 gw-123.oopen.de
 gw-fhxb.oopen.de
 gw-ah.oopen.de
 gw-ak.oopen.de
 gw-ebs.oopen.de
@ -221,6 +228,7 @@ gw-kb.oopen.de
 bbb-server.b3-bornim.netz
 file-ah.kanzlei-kiel.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
 file-blkr.blkr.netz
 zapata.opp.netz
@ -229,6 +237,7 @@ gw-ckubu.local.netz
 gw-replacement.local.netz
 gw-replacement2.local.netz
 gw-replacement3.local.netz
 k1371.dyndns.org
@ -346,6 +355,9 @@ o24.oopen.de
 cl-irights.oopen.de
 mm-irights.oopen.de
 # IL - PAD
 o25.oopen.de
 # - o27.oopen.de
 o27.oopen.de
 cl-fm.oopen.de
@ -415,6 +427,9 @@ gw-ak.oopen.de
 gw-ah.oopen.de
 file-ah.kanzlei-kiel.netz
 # - FHXB Museum Friedrichshain Kreuzberg
 file-fhxb.fhxb.netz
 # - Kanzlei Berenice
 file-km.anw-km.netz
@ -446,7 +461,6 @@ anita.wf.netz
 devel-cloud.wf.netz
 devel-db.wf.netz
 devel-git.wf.netz
 devel-php.wf.netz
 devel-repos.wf.netz
 devel-php.wf.netz
 devel-todo.wf.netz
@ -674,6 +688,8 @@ cl-test.oopen.de
 file-ah.kanzlei-kiel.netz
 file-fhxb.fhxb.netz
 [ftp_server]
@ -1091,18 +1107,27 @@ o17.oopen.de
 # ---
 # Warenform
 # ---
-anita.wf.netz
+#anita.wf.netz
 # ---
 # Büro Netzwerke
 # ---
 bbb-server.b3-bornim.netz
 file-ah.kanzlei-kiel.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
 file-blkr.blkr.netz
 zapata.opp.netz
 [nfs_server]
 file-fhxb.fhxb.netz
 [nfs_client]
 [mumble_server]
 #test.mx.oopen.de
@ -1303,6 +1328,7 @@ cl-test.oopen.de
 bbb-server.b3-bornim.netz
 file-ah.kanzlei-kiel.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
 file-blkr.blkr.netz
 zapata.opp.netz
@ -1434,6 +1460,9 @@ o24.oopen.de
 cl-irights.oopen.de
 mm-irights.oopen.de
 # IL - PAD
 o25.oopen.de
 # - o27.oopen.de
 o27.oopen.de
 cl-fm.oopen.de
@ -1502,14 +1531,16 @@ bbb.b3-bornim.netz
 [gateway_server_ro]
 gw-123.oopen.de
 gw-blkr.oopen.de
 gw-flr.oopen.de
 gw-replacement2.local.netz
 gw-replacement3.local.netz
 [gateway_server_rw]
 gw-fhxb.oopen.de
 gw-123.oopen.de
 gw-ah.oopen.de
 gw-ak.oopen.de
 gw-b3.oopen.de
@ -1518,6 +1549,7 @@ gw-ebs.oopen.de
 gw-ak.oopen.de
 gw-akb.oopen.de
 gw-ckubu.local.netz
 gw-flr.oopen.de
 gw-replacement.local.netz
 gw-irights.irights.netz
 gw-km.oopen.de
@ -1545,6 +1577,7 @@ gateway_server_rw
 [warenform_server]
 # server16
--- a/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated
+++ b/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated
@ -0,0 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIJKAIBAAKCAgEAt9Qh2dKZHZnFFaOuC3lHzf0G2Msxl4obACGEpo0a7MYcMId9
 AnrvFTbpAyla0H7u4TubESGvFY//A69RZy2c5yL2u3UapwielhxbEyxaA7gVOd6s
 XoBPnxA36GBFSaUQ+hM0gMv1yUFH5DWCDxTN39ooJk8dhoxrZIPoyhg7v1BxKGtO
 0aKijOHh70SPW4zogGK+Y/OxpMs39OQup05Nw/Al1/+jCBtrQtL8imjYHBYD+Fcj
 IdRW/J1a+YB4g0mryu9WPvTd8hkcvEAUv2vwK7A90d1R/7Y9UXmgAYl3HCfkq3c0
 /PcBN7VfKmQyspmxJuphc/M9KRV8YrBtxdfZlOL62mbyuHX+RP0p2Oqh6Va4AzVy
 FKV8dFA0diFbL7xbMRcz34QwitdHt2JNf3LUZGWWmOcfuJeFom4x9gScaWAMa4ho
 z9cVonC1MsG2tT6SRunU0Eotn7sCgcV8PmP1xkQPtslxmHuvO1geaZIfMuVlVUGW
 wnk4sSFZXsB4qzDqgncPrxU+0vhzmXVwOFCDPJxwM7n8UFbLMWxmQ96/Nd2HEm1c
 pqF87Xu7hkEtuKH7trtYdRS75zw4wqyjXZK+gK4Vb2w3Id8j7czxtHWF+Yf38ko1
 WTzgD8cGlQ5Fsl0nJHhp2MTyIWOR+Mgl9by0e12oiHzO8yzWApDoxt3xH+0CAwEA
 AQKCAgAPBrMBqBpF9iTLAQcf/vjkmJMvs2RJW8ubNiIurwgNZKA3Q0vvoPbcCBIB
 5SZ8NnP2SzYAr30tSQjyVylTQsI5jn0Wk5rrHmRAJu824QA2n5x0j4QNcXWQrfWz
 8/KV830ww9Md2A4uNjzXJZyM+QlfC+kOQJdMQTwiCjpEErkHiV7GjAb0UdPxqiEa
 usLxG9KBdBDWALx7mPTo+qHpoRfwNTgSsN21svAQlUh5U9qeaRpH+W9wu3ekzIP8
 MwkmyiXVv7yQBtoBiRX1OVO41eza1VwoRGwId/AJMeTnW0I2NfiWH3dgWhxqXlP6
 FhiiyrdVVAFFRhOwwQXa10sRyfQJ+Q/Fb7/HeU3ANJzBa84R77Kk5C6Hut/Dwjd7
 lw7uLB1eRYpEFcr7JJysjFXEmVwhYBYf5KBAVFKD1HFwV5uDUtwG70lp3ls+coJC
 cPncaE4gOk7Yl2jOHqckeEThZ0LKP13I2wa4Mn2NNZUu4d0Q6n2BBHwZAmd4QHzP
 97St7QZh2c7SvGZzdyGJYiOL6d+Ta7/LU6Dh0I0UbGhsNC9CBA3fqhImvU+tqK0f
 I0umo3PRrcrkQ2NSISiy/888bgo380ku12rOTaICxX+sD6O2sm1VaeeHr/nJ5pbK
 rVizaSwTRWS13CX2gmXz2YzxcAi1M069fAb9MAU9833UgOW0gQKCAQEA3CYTKdzT
 txZYtVNCHObDZo11D6LrdYeSslVmjagfSm4GGl9xDFVgVmW+CudA8ey4zzwLqySW
 6Q2sRBqknJr/D8DTon0WezKocIUXUwy9zEQmDhq54ylkeZVno2GXMv/m6Qz59gE8
 Xb0HvXvKt6dOaDp+d8IOSoYahRk3o0jHoRH9Ca/9XEqGgCZcJI94csn+KsjfXymT
 UYWdzei6vey6WgWrN1JdAnvXxI98SZukmQM+LiPkBkMxJ4kzOm9kMcqaVjNQJIIy
 6Ukx56MNcuZ2ijG4TAvfaZBG8Wm/arn/1Wl5Uo4es70z//s6mQcthDOMOf5eIS2w
 s2EtNYAdDE/94QKCAQEA1cPipN7hA6l80mCZW36QwVqmSfbst10sEjkyuRex0p+W
 8eiRcjbHUKxlY7aspgyTQL3bI/wKqwkJ2uTEw5824EN6r0hUZN2JwjiRaNHBcC1S
 AujUNDLxWoCX/Kte4Z+LDNP9ijNGsqyWwfIqS98gAZFR5ANeeYK4oy1BOrBohab4
 lku9nGp8FjFnAKU0BL4zJoVNBeTgaSdT/XPOM1eDt+LnbcUNSmZNFbUCD+efMEc4
 Gq2cXnDNL+7fLgvSIbLD6XBhfEpU93bWfUBuv7sRuicl6RcY1uu482YzP7LY6PdT
 0SGUp/A5f3mUlaKhLdcJbAS7yam1Nnwldl8nXu2rjQKCAQBEjNqUw31tWlj/BVDl
 3PllWpDj8JAvBaspOqx3Wa18qKvf1G5IL+GSpZW6oW24p0SYyxK7FOak5SwJ/N3b
 IexgRGPiCd9RN2H5v4eWxbXoACR1ad8OHBp8PYiK+F1zdPm7Ad5nutTIP49EcmKa
 M0+X5vbwZY27qOxjG4oWnxgCUK6hMJrM/SvKhadVfxM7cyhgvDHJ2RFVZizQLDLR
 5v/T/kXlMRFjL5rtStyhswRa3QakqWpchNmufOtlu7/QPU03oDzJUX125OLURRJv
 /9FTkM3ZaC0GGvXsQEhpfEdsda5ghX6L61Ng1yLU+cYzjzWP7WP0It0Nzimcqirh
 ZZshAoIBAA/pKp9272ykWuQVyJRk0UVzB9mNhYUIbFVW6I2aU+QHeOa8lsbXiPJa
 QpmvaR5a5UL2Xq9I/UpJu/ANAxBEc4Mxwpn1WkK/spdAOqKAqlM9LFOHHPRdrlU8
 KRPndYJ5q5Hi3YZB1stJyVbaPYe0Ld+v/1ZnYcrNjgynO6mwo7b+/JXDQXO5AU9t
 kescYMjRl2EQnvEHXiS1hqzgx8JOi0FOpEcpWZnmD2rENEkWxmSDiIuDzJXC86LT
 tszomFVlxutDMB5eMgDRWZmtCBFBTUp7y3iT/YdRuEx1mO7u0vJUJmr0guoVGVKB
 rCuPFUwiK1Nc7tVNym0pxGgRIQ8RxakCggEBAJa+qKh7dyN+w6Txke8sGB+tyATX
 JQgrfE9UEgrAL0e/0XS6UCD0AGH7rlmxEJH6OXJm3Lq/C2pe7+UMZXKPyfHG192v
 BBA690lkxsqGVynq66ORidxK5xyX5k/YCWCoQT6BlvdX9UiSX45Pr4zgpGkWUBZ8
 Ak+8E+AQ8KawwzAOHAlCwOlwXoRejpvzX15+WNlJIHzWN3LUzU7WfLUpSRrhPEfL
 YvOD4OHRyAjCPkJA2FjKDvO4ohAiTfIHWV4BdWD4MieOQda+0Yf8o3nikAVbuf3D
 zfOeHc3UbA6EKbsDV2jxjdgytycsJWUXjqgLVkInt4AYyoqh41QUdm9sBUM=
 -----END RSA PRIVATE KEY-----
--- a/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated.pub
+++ b/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-dehydrated.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC31CHZ0pkdmcUVo64LeUfN/QbYyzGXihsAIYSmjRrsxhwwh30Ceu8VNukDKVrQfu7hO5sRIa8Vj/8Dr1FnLZznIva7dRqnCJ6WHFsTLFoDuBU53qxegE+fEDfoYEVJpRD6EzSAy/XJQUfkNYIPFM3f2igmTx2GjGtkg+jKGDu/UHEoa07RoqKM4eHvRI9bjOiAYr5j87Gkyzf05C6nTk3D8CXX/6MIG2tC0vyKaNgcFgP4VyMh1Fb8nVr5gHiDSavK71Y+9N3yGRy8QBS/a/ArsD3R3VH/tj1ReaABiXccJ+SrdzT89wE3tV8qZDKymbEm6mFz8z0pFXxisG3F19mU4vraZvK4df5E/SnY6qHpVrgDNXIUpXx0UDR2IVsvvFsxFzPfhDCK10e3Yk1/ctRkZZaY5x+4l4WibjH2BJxpYAxriGjP1xWicLUywba1PpJG6dTQSi2fuwKBxXw+Y/XGRA+2yXGYe687WB5pkh8y5WVVQZbCeTixIVlewHirMOqCdw+vFT7S+HOZdXA4UIM8nHAzufxQVssxbGZD3r813YcSbVymoXzte7uGQS24ofu2u1h1FLvnPDjCrKNdkr6ArhVvbDch3yPtzPG0dYX5h/fySjVZPOAPxwaVDkWyXSckeGnYxPIhY5H4yCX1vLR7XaiIfM7zLNYCkOjG3fEf7Q== root@d.mx-dehydrated
--- a/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim
+++ b/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim
@ -0,0 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIJKQIBAAKCAgEAs+Uv/Jbak2qHe4WSblP3AvgDjvjqILHQb+G7O3UV0ePRuApk
 5Ju2JHsUQV3lvK1QpR+AGsqqiSofUGw03FISzQKH3tH4UsYYKa7SxFS7v4pZyeDD
 q8Ye9M1IF8bvOnyQORNzgFUjN7w30+RGOFuQNTCbdcuLa/UVmS6buvDvQiT1OH1n
 CNOoeckpnUlVXB4QQDT4xw0iYjln8NX2dDtabRBX+KP9CL86tbu2I6/At0R+cTh9
 gSM25w0XEeM8uTljXP4Bq9P/wrjkG2fxoawLVm/7NIn42WMRy2NaosunOFAxj9me
 iYoqN+7xQrHpSLyr4XP53alIKOBD+N92LSQ8MvgeaY+ci/u7A+P5b6iz6E1+l2Ds
 EIpbjw6GRjLWtYJU75DX2cJwjuBzLGHtY88uK/A7IxWnULblB4UNntsjL+FSf/oA
 ecu7+/DbjAlSfrXbQMgbwsY7cHmt8tSifz8FQcgJb9bkc7CNxL48MXcxqqN5pRFg
 bq8LZq9K1lfWZzA8G6lC+Jb1xP6ndd/MkzuW5ucDYAM7FI+/7i9WNy/Uc/jp0Zvp
 YXSNfYbjTItmL/bkHJtpDRW2ZTVbutsjkSZeody5Kp+s28aTWdnbmWVAn0cP2z9V
 mMh8nsUXg0/+V/6WldwhNv48l22joTdmrIEEtYOL3mUD5N6A/fy52TkhEAcCAwEA
 AQKCAgBb4D5805K4XVzqchKSNGHga0ht+aShpA7fRTs5p5fIRYEzbGOQ+hGxWgbD
 R7Bwh1e7rXXguQcV3KR3j3wD1gryF0vLOhOIOtHWYAoW6Wul7IPk/d0RWrMutbUP
 J7PAfCOwcsW3kkPVUFR27IwMdn8VG0kahSUkstwgCtTQSgL4FiYDftBjiq3t3RZa
 1Tw6OsRz9lnkV0nrPoReVPh07mdFcmZrf11Y3UmfzUm9uiJDt0CYlJBMpu6AXIge
 w56cvrmHoda6qiBik8k0UgbvWg3ETJbQg3LLm7RX2ttMb5Rsx1A4tp0og58CSA+B
 z5lkY6+pCnFfivhmn/s3HPGfJnVzepNRuRAbK1os3G044EJ1RA00SLm/LPLMwG+z
 FNnX8ylkOOKppYqQeFxZ2CR8NmJH97mmW6FDV5P7WUlsvWI2A3dIe3yFX7WW2Xid
 oMrW/Q4HEvFT+oeBEPEUiRLyQrtNa3/VHyiDqF+v45Sm5S7VHddQOhyf8L75G0ol
 dVwqjfZJcK7NsonFgSklt9v7enXapI5i0ASsQE3ElWMvGv7uln2CXiKe1RPioKO7
 lMbDRF7RnG3AQSRnbShIRDagP0V21CXVZ2JYzNJ6rmFnEqOoLgUdUhkRbgCb+4hJ
 LfX9cX9R4lj84y7HcJOPJOUgDAcjGZlIeNixX888rqPftdrA+QKCAQEA6awS4Ghh
 qXzorBfdqxfrZ2A2iUMUTuaUUC0XYkI35dSZXr8QKmRjWqT+jUydBqtbLlXCG3XX
 G1+Z5MEzfVACQ4BoPP0EBIMgMIidABVc8C2RR1VMce2ng19GmW47/sW1ObC/ghVb
 Bxmoj4/t5W30kxjXdb5JXal68j+dFl7uUyKjgtvQWjrcuOaKCT6PoXXxG6NOpPoi
 tOyGM90qGKqWIElHPpprSWvZOAwGD/Z7jnYl4ODKDQvmk4Yt58pdCSr1sZrevna+
 rIgIEhiQF+ffTyK7XgXAuGQPhYrMviAo3376oAB6HcyYr/CPwQ3bu6p09B0eE3FI
 mhvk7kBhnBN2NQKCAQEAxRWpF9XZ2UuuPTYg+Vqwes7PLc/Dc+j6QohM/7PV29Hl
 fJAJli4BqdqNdmmRSo+SAIwNaJvPpU0RUL/Fxa7ePmWVyTKJgG+zban8uT+FGGNl
 QpcwICkytpw3ZJf66i0lU7JM7Mkjvs4nIAmQMzl8noc6bxcU+mHqEa/XpI/4e+14
 ++Ixu+OWwZd5tVzon2s9oAv6dzrNDvcCqaEEmXBL3Ylh1pjYcvW2K6+hxQy3+JgD
 0CysrqOfPZ6IRgs9Yn2zZDlWQ715T0hdf669253qdTZwieUs2kYVQUaxtBnUuJzq
 UHlARm59wWa9PAiLvilgu0U4Rn0nqczvxXdUpaOEywKCAQB7KNSyLpH68Pj5a4LM
 IMlULSPRaOeVRna5Y2rFwT0RB+LmSzHMBilPp1L7Snwg/cQLQewS6SM9LEBCj4oB
 7F+lEFLggkLR1gLrUbXeS2Q2uu2teUnXank2BsuBJta8S5xfEcd+Wp8luOJc+HFc
 0X1s4lT9nBOzKBbDA8BaACMA8mrYF99TD18ynV/3y1+MrEsuU/6peaU9UsTRJSqA
 4bhKwBSq7FzLz+onXj77vuAUkDUat6AHDFS1QK2FU+WBZYEl4Qixvoh1CyWl1Ahu
 cSoD3bx/q+yNwz9jFWsgcnbYhWa3WkkC18lKQjKigBlmaktGNuqZOMYZY8ZfxNMt
 nhxZAoIBAQC4MVBBiIn7fbGwX6Bdq5Z4kEQs6pofAES0XbKo4CglM3wo+G0dQI4p
 cqr3Wh6B8sBfZoU5mTVtpiNitnheEtp+sm5VBbhgowSsn0wkzerUKkD/BVHjHN3a
 sRFMIIZOyjayjFc8jZeswfrrBEUSus1vU68XGBlxEIW0VgVSNYPkPsLtli8pDMFe
 2PTUvapjI9UKeWdyezAepliEtIoZ5UviFn2sFFlmx6GkHpcwFHz0Bw65Rqd06FLx
 QfLWk7ahEB3Ss4ud770qjdVkeanTUTlIpsJy/g73SLygrzNxwRqAF5cd8tRRfv5k
 /GIrc0k3RnCzVTQNHPcuyOvmP2qLC9IVAoIBAQDoC9nZ2nioMfS4lsJ2IUMLyknz
 Ji8ME5g4a64yDfaFjK9DLASAqjrflCtavgj5dAGMZmltNS1EN89lIPNNj1IrHVM0
 FHqUry9WkRQ0PxFvyJkhJ5w0sfiepocWWE0JhTDweDFKm/I7x0ZNBWOKzA3Myljv
 PxSsh97Gkvcv69m6GDI8vfOc7kSGephchz94jH9IcmfG2EJjEfW1AynVVGtyniv/
 Dyq0EtDZqyiIFoCJzEXu+qm4sJk5RbKkMHRGDEN8BOwSFS0lPx3Tges0ORD03+EB
 Iop6GLArJCkxay6XznpLC1SK/9Nf/3lSLpHwQ7lscKOux2OQh2l0p8kW1+gh
 -----END RSA PRIVATE KEY-----
--- a/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim.pub
+++ b/roles/common/files/d.mx/root/.ssh/d.mx-id_rsa-opendkim.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz5S/8ltqTaod7hZJuU/cC+AOO+OogsdBv4bs7dRXR49G4CmTkm7YkexRBXeW8rVClH4AayqqJKh9QbDTcUhLNAofe0fhSxhgprtLEVLu/ilnJ4MOrxh70zUgXxu86fJA5E3OAVSM3vDfT5EY4W5A1MJt1y4tr9RWZLpu68O9CJPU4fWcI06h5ySmdSVVcHhBANPjHDSJiOWfw1fZ0O1ptEFf4o/0Ivzq1u7Yjr8C3RH5xOH2BIzbnDRcR4zy5OWNc/gGr0//CuOQbZ/GhrAtWb/s0ifjZYxHLY1qiy6c4UDGP2Z6Jiio37vFCselIvKvhc/ndqUgo4EP433YtJDwy+B5pj5yL+7sD4/lvqLPoTX6XYOwQiluPDoZGMta1glTvkNfZwnCO4HMsYe1jzy4r8DsjFadQtuUHhQ2e2yMv4VJ/+gB5y7v78NuMCVJ+tdtAyBvCxjtwea3y1KJ/PwVByAlv1uRzsI3EvjwxdzGqo3mlEWBurwtmr0rWV9ZnMDwbqUL4lvXE/qd138yTO5bm5wNgAzsUj7/uL1Y3L9Rz+OnRm+lhdI19huNMi2Yv9uQcm2kNFbZlNVu62yORJl6h3Lkqn6zbxpNZ2duZZUCfRw/bP1WYyHyexReDT/5X/paV3CE2/jyXbaOhN2asgQS1g4veZQPk3oD9/LnZOSEQBw== root@d.mx-opendkim
--- a/roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf
@ -0,0 +1,154 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 #---------------------------------------
 #-----------------------------
 # Settings
 #-----------------------------
 #---------------------------------------
 # ---
 # - LOGGING
 # -
 # - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
 # - the output will be verbos. If running as cronjob, output will only be written, if warnings or 
 # - errors occurs.
 # ---
 # - What to check
 # -
 check_load=true
 check_mysql=true
 check_apache=true
 check_php_fpm=false
 check_website=false
 # - Additional Settings for check_mysql
 # -
 # - MySQL / MariaDB credentials
 # -
 # - Giving password on command line is insecure an sind mysql 5.5
 # - you will get a warning doing so.
 # - 
 # - Reading username/password fro file ist also possible, using MySQL/MariaDB
 # - commandline parameter '--defaults-file'.
 # - 
 # - Since Mysql Version 5.6, you can read username/password from
 # - encrypted file.
 # -
 # -    Create (encrypted) option file:
 # -    $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock  --user=root --password
 # -    $ Password:
 # -
 # -    Use of option file:
 # -    $ mysql --login-path=local ...
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 mysql_credential_args="--login-path=local"
 # - Additional Settings for check_php_fpm
 # -
 # - On Linux Vserver System set
 # -    curl_check_host=localhost
 # -
 # - On LX-Container set
 # -    curl_check_host=127.0.0.1
 # -
 curl_check_host=127.0.0.1
 # - Which PHP versions should be supported by this script. If more than one,
 # - give a blank separated list
 # -
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
 php_versions=""
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
 # - the concerning php_version in form
 # -    <php-version>:<ping-path>
 # -
 # - Multiple settings are possible, give a blank separated list.
 # -
 # - Example:
 # -
 # -    ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
 # -
 ping_path=""
 # - Additional Settings for check_website - checking (expected) website response
 # -
 # - example:
 # -    is_working_url="https://www.outoflineshop.de/"
 # -    check_string='ool-account-links'
 # -    include_cleanup_function=true
 # -    extra_alert_address="ilker@so36.net"
 # -    cleanup_function='
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
 # -    /usr/local/bin/redis-cli flushall > /dev/null 2>&1
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
 # -    else
 # -       error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
 # -     fi
 # -    /etc/init.d/redis_6379 restart
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I restarted the redis service"
 # -       echo -e "\t[ Ok ]:    I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
 # -    else
 # -       error "Restarting the redis server failed!"
 # -       echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
 # -    fi
 # -    '
 # -
 is_working_url=''
 check_string=''
 include_cleanup_function=true
 # - An extra e-mail address, which will be informed, if the given check URL
 # - does not response as expected (check_string) AFTER script checking, restarting
 # - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
 # -
 extra_alert_address=''
 # - php_version_of_working_url
 # -
 # - If given website (is_working_url) does not response as expected, this PHP FPM
 # - engines will be restarted.
 # -
 # - Type "None" if site does not support php
 # -
 # - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
 # - will be restarted
 # -
 php_version_of_working_url=''
 # - Notice:
 # - If single qoutes "'" not needed inside cleanup function, then use single quotes
 # - to enclose variable "cleanup_function". Then you don't have do masquerade any 
 # - sign inside.
 # -
 # - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
 # -
 cleanup_function='
 '
 # - E-Mail settings for sending script messages
 # -
 from_address="root@`hostname -f`"
 content_type='Content-Type: text/plain;\n charset="utf-8"'
 to_addresses="root"
--- a/roles/common/files/d.mx/root/bin/postfix/conf/create_opendkim_key.conf
+++ b/roles/common/files/d.mx/root/bin/postfix/conf/create_opendkim_key.conf
@ -0,0 +1,175 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---------------------------------------------------------
 # - Parameter Settings for script 'create_opendkim_key.sh'.
 # ---------------------------------------------------------
 # ----------
 # DNS Server
 # ----------
 # - dns_dkim_zone_master_server
 # - 
 # - The DNS Server who is serving the update zone and is used 
 # - for the dynamic updates (nsupdate) 
 # - 
 #dns_dkim_zone_master_server=""
 dns_dkim_zone_master_server="b.ns.oopen.de"
 # - update_dns
 # -
 # - Possible Values are 'true' or 'false'
 # -
 #update_dns=""
 # - update_zone
 # -
 # - Zone containing the DKIM TXT record.
 # -
 # - Defaults to '_domainkey.<dkim_domaini>'
 # -
 # - Note:
 # -    do NOT change/set this option unless you know what you do.
 # -
 #update_zone=""
 # - TTL
 # -
 # - TTL for the DKIM TXT Record.
 # -
 # - Defaults to "" if update_dns=false
 # - Defaults to "43200" if update_dns=true
 #
 #TTL=""
 # ----------
 # TSIG Key
 # ----------
 # - key_secret
 # -
 # - Sectret Key used by 'nsupdate' to create/update the
 # - DKIM TXT record.
 # -
 # - Example:
 # -    key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
 # -
 #key_secret=""
 key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
 # - key_algo
 # -
 # - The key algorithm used for key creation. Available choices are: hmac-md5, 
 # - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The 
 # - default is hmac-sha256. Options are case-insensitive.
 # -
 # - Example:
 # -    key_algo="hmac-md5"
 # -
 # - Defaults to 'hmac-sha256'
 # -
 #key_algo="hmac-sha256"
 # - key_name
 # -
 # - Name of the Key
 # -
 # - Defaults to "$update_zone"
 # -
 #key_name=
 key_name="update-dkim"
 # ----------
 # Access Credentials DNS Server
 # ----------
 # - dns_ssh_user
 # -
 # - Defaults to 'manage-bind'
 # -
 #dns_ssh_user="manage-bind"
 # - dns_ssh_port
 # -
 # - Defaults to '22'
 # -
 #dns_ssh_port=22
 # - dns_ssh_key
 # -
 # - Defaults to '/root/.ssh/id_rsa-opendkim'
 # -
 #dns_ssh_key="/root/.ssh/id_rsa-opendkim"
 # ----------
 # Scripts envoked at DNS Server
 # ----------
 # - set_new_serial_script
 # -
 # - Script increases the serial for a given domain or a given 
 # - hostname's concerning domain.
 # -
 # - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
 # -
 #set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
 # - create_dkim_delegation_script
 # -
 # - Script adds DKIM subdomain delegation for a given domain
 # -
 # - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
 # -
 #create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
 # - add_dkim_zone_master_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as master zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
 # -
 #add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
 # - add_dkim_zone_slave_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as slave zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
 # -
 #add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
 # ----------
 # OpenDKIM Installation
 # ----------
 # - opendkim_dir
 # -
 # - OpenDKIM's etc-directory
 # -
 # - Defaults to opendkim_dir="/etc/opendkim"
 # -
 #opendkim_dir="/etc/opendkim"
 # - key_base_dir
 # -
 # - Defaults to "${opendkim_dir}/keys"
 # -
 #key_base_dir=${opendkim_dir}/keys
 # - signing_table_file
 # -
 # - Defaults to "${opendkim_dir}/signing.table"
 # -
 #signing_table_file="${opendkim_dir}/signing.table"
 # - key_table_file
 # -
 # - Defaults to "${opendkim_dir}/key.table"
 # -
 #key_table_file="${opendkim_dir}/key.table"
--- a/roles/common/files/d.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf
+++ b/roles/common/files/d.mx/root/bin/postfix/conf/whitelist_mb_sigs.conf
@ -0,0 +1,44 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ======================================================
 # ---
 # Parameter Settings for Script 'whitelist_mb_sigs.conf'
 # ---
 # ======================================================
 # QUARANTINE_BASE_DIR
 #
 # Base directory where amavis stores quarantined e-mails, mostly in
 #
 #    virus e-mails:   $QUARANTINE_BASE_DIR/virus
 #    spam emails:     $QUARANTINE_BASE_DIR/spam
 #    ..
 #
 #    Defaults to:
 #       QUARANTINE_BASE_DIR="/var/QUARANTINE"
 #
 #QUARANTINE_BASE_DIR="/var/QUARANTINE"
 # CLAMAV_VIRUS_WHITE_LIST
 #
 # Full path to clamav's (personal) white list file
 #
 # Defaults to:
 #    CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 #
 #CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 # WHITE_LIST_STRINGS
 #
 # A blank separated list of strings to whitelist.
 #
 # Example:
 #    WHITE_LIST_STRINGS="google.com tinyurl.com"
 #
 # Defaults to:
 #    WHITE_LIST_STRINGS="google.com"
 #
 #WHITE_LIST_STRINGS="google.com"
 WHITE_LIST_STRINGS="google.com tinyurl.com"
--- a/roles/common/files/d.mx/usr/local/src/sympa/conf/install_sympa.conf
+++ b/roles/common/files/d.mx/usr/local/src/sympa/conf/install_sympa.conf
@ -0,0 +1,138 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---------------------------------------
 # - Configuration for sympa install script
 # ----------------------------------------
 # - PREFIX
 # -
 # - Sympa Installation directory
 # -
 # - Defaults to: "/usr/local/sympa"
 # -
 #PREFIX="/usr/local/sympa"
 # - SYMPA_USER
 # -
 # - User under which Sympa services are running
 # -
 # - Defaults to: "sympa"
 # -
 #SYMPA_USER="sympa"
 # - SYMPA_MAIN_CONF_DIR
 # -
 # - Sympas main configuration directory
 # -
 # - Defaults to: "/etc/sympa"
 # -
 #SYMPA_MAIN_CONF_DIR="/etc/sympa"
 # - SYMPA_LIST_DATA_DIR
 # -
 # - Data directory for sympa lists
 # -
 # - defaults to: "/data/sympa/list_data"
 # -
 #SYMPA_LIST_DATA_DIR=/data/sympa/list_data
 # - SYMPA_DOMAIN
 # -
 # - Note: if sympa will be configured to support multidomains
 # -       this (SYMPA_DOMAIN) should not contain list definitions
 # -
 # -
 SYMPA_DOMAIN="sympa.oopen.de"
 # - START_AT_BOOTTIME
 # -
 # - Defaults to: "yes"
 # -
 #START_AT_BOOTTIME="yes"
 # - SYMPA_LISTMASTER
 # -
 # -
 # - Defaults to "postmaster@$SYMPA_DOMAIN"
 # -
 #SYMPA_LISTMASTER="postmaster@$SYMPA_DOMAIN"
 # - SYMPA_DB_TYPE
 # -
 # - Database type of sympas database
 # -
 # - If database is SQLite, then this parameter is not in use.
 # -
 # - Possible values are 'mysql' (MySQL) or 'Pg' (PostgeSQL), 'Sybase', 'Oracle'
 # -
 # - Defaults to: SYMPA_DB_TYPE="mysql"
 # -
 #SYMPA_DB_TYPE="mysql"
 # - SYMPA_DB_HOST
 # -
 # - Defaults to: SYMPA_DB_HOST="127.0.0.1"
 # -
 #SYMPA_DB_HOST="127.0.0.1"
 # - SYMPA_DB_PORT
 # -
 # - Defaults to:
 # -    3306  -  if SYMPA_DB_TYPE=mysql
 # -    5432  -  if SYMPA_DB_TYPE=Pg
 # -    2638  -  if SYMPA_DB_TYPE=Sybase
 # -    1575  -  if SYMPA_DB_TYPE=Oracle
 # -
 # - 
 #SYMPA_DB_PORT="3306"
 # - SYMPA_DB_NAME
 # -
 # - Defaults to: SYMPA_DB_NAME="sympa"
 # -
 #SYMPA_DB_NAME="sympa"
 # - SYMPA_DB_USER
 # -
 # - Defaults to: SYMPA_DB_USER="sympa"
 # -
 #SYMPA_DB_USER="sympa"
 # - SYMPA_DB_PASSWD
 # -
 # - Password for Sympa's database.
 # - 
 SYMPA_DB_PASSWD="nw7FMhzRJPjcTHvm"
 # - mysql_credential_args (root access to MySQL Database)
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 # - Defaults to:
 # -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '/usr/local/mysql/sys-maint.cnf' otherwise
 # -
 MYSQL_CREDENTIALS="--login-path=local"
 # - VSERVER_GUEST
 # -
 # - Is this a Linux Vserver guest system?
 # -
 # - Possible values: yes/no
 # -
 # - Defaults to 'VSERVER_GUEST=no'
 # -
 #VSERVER_GUEST=no
--- a/roles/common/files/e.mx/etc/postfix/postfwd.bl-hosts
+++ b/roles/common/files/e.mx/etc/postfix/postfwd.bl-hosts
@ -1,22 +0,0 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---
 # hosts blocked by postfwd
 #
 #    This file is called with '=~'. This means perl regexp is possible
 #
 #
 # To increase performance use ^ and/or $ in regular expressions
 #
 # Example:
 #
 #  # block all hosts of domain 'oopen.de'
 #  \.oopen\.de$
 #
 #  # block host a.mx.oopen.de
 #  ^a\.mx\.oopen\.de$
 #
 # ---
 # give hostnames to blocke here
--- a/roles/common/files/e.mx/etc/postfix/postfwd.bl-nets
+++ b/roles/common/files/e.mx/etc/postfix/postfwd.bl-nets
@ -1,16 +0,0 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---
 # Networks blocked by postfwd
 #
 # Example:
 #
 #   # web0.warenform.de
 #   #83.223.86.76
 #   #2a01:30:0:505:286:96ff:fe4a:6ee
 #   #2a01:30:0:13:286:96ff:fe4a:6eee
 #
 # ---
 # give networks to block here
--- a/roles/common/files/e.mx/etc/postfix/postfwd.bl-sender
+++ b/roles/common/files/e.mx/etc/postfix/postfwd.bl-sender
@ -1,38 +0,0 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---
 # Sender addresses blocked by postfwd
 #
 #    This file is called with '=~'. This means perl regexp is possible
 #
 #
 # To increase performance use ^ and/or $ in regular expressions
 #
 #  @acieu\.co\.uk$
 #  ^error@mailfrom.com$
 #
 # instedt of 
 #
 #  @acieu.co.uk
 #  error@mailfrom.com
 #
 #
 # Example:
 #
 #  #  # annoying spammer domains
 #  # block all senders of maildomaindomain 'oopen.de'
 #  @acieu\.co\.uk$
 #
 #  # annoying spammer addresses
 #  # block sender address 
 #  error@mailfrom.com
 #  sqek@eike\.se$
 #
 # ---
 # annoying spammer domains
@acieu\.co\.uk$
 # annoying spammer addresses
 ^error@mailfrom\.com$
 ^sqek@eike\.se$
--- a/roles/common/files/e.mx/etc/postfix/postfwd.bl-user
+++ b/roles/common/files/e.mx/etc/postfix/postfwd.bl-user
@ -1,13 +0,0 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---
 # SASL Users blocked by postfwd
 #
 # Example:
 #
 #   # give SASL usernames to block here
 #   ckubu@oopen.de
 #
 # ---
 # give SASL usernames to block here
--- a/roles/common/files/e.mx/etc/postfix/postfwd.cf
+++ b/roles/common/files/e.mx/etc/postfix/postfwd.cf
@ -1,172 +0,0 @@
 #======= Definitions ============
 # Match messages with an associated SASL username
 &&SASL_AUTH {
    sasl_username!~^$
 }
 # Trusted networks
 &&TRUSTED_NETS {
   client_address==file:/etc/postfix/postfwd.wl-nets
 }
 # Trusted hostnames
 #   client_name~=.warenform.de$
 &&TRUSTED_HOSTS {
   client_name=~file:/etc/postfix/postfwd.wl-hosts
 }
 # Trusted users
 &&TRUSTED_USERS {
    sasl_username==file:/etc/postfix/postfwd.wl-user
 }
 # Trusted senders
 &&TRUSTED_SENDERS {
   sender=~file:/etc/postfix/postfwd.wl-sender
 }
 # Blacklist networks
 &&BLOCK_NETS {
   client_address==file:/etc/postfix/postfwd.bl-nets
 }
 # Blacklist hostnames
 &&BLOCK_HOSTS {
   client_name=~file:/etc/postfix/postfwd.bl-hosts
 }
 # Blacklist users
 &&BLOCK_USERS {
   sasl_username==file:/etc/postfix/postfwd.bl-user
 }
 # Blacklist sender adresses
 &&BLOCK_SENDER {
   # =~
   # using '=~' allows also matching entries for domains (i.e. @acieu.co.uk)
   sender=~file:/etc/postfix/postfwd.bl-sender
 }
 # Inbound emails only
 &&INCOMING {
    client_address!=127.0.0.1
 }
 #======= Rule Sets ============
 # ---
 #
 # Processing of the Rule Sets
 #
 # The parser checks the elements of a policy delegation request against the postfwd set
 # of rules and, if necessary, triggers the configured action (action=). Similar to a
 # classic firewall, a rule is considered true if every element of the set of rules (or
 # one from every element list) applies to the comparison. I.e. the following rule:
 #
 #    client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT
 #
 # triggers a REJECT if the
 #
 #    Client address is equal (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
 #
 #
 # Note:
 #    If an element occurs more than once, an element list is formed:
 #
 # The following rule set is equivalent to the above:
 #
 #    client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT
 #
 #
 # triggers a REJECT if (as above) the
 #
 #    Client address (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
 #
 # ---
 # Whitelists
 # Whitelist trusted networks
 id=WHL_NETS
   &&TRUSTED_NETS
   action=DUNNO
 # Whitelist trusted hostnames
 id=WHL_HOSTS
   &&TRUSTED_HOSTS
   action=DUNNO
 # Whitelist sasl users
 id=WHL_USERS
 	&&TRUSTED_USERS
 	action=DUNNO
 # Whitelist senders
 id=WHL_SENDERS
   &&INCOMING
   &&TRUSTED_SENDERS
   action=DUNNO
 # Blacklists
 # Block networks
 id=BL_NETS
   &&BLOCK_NETS
   action=REJECT Network Address $$client_address blocked by Mailserver admins. Error: BL_NETS
 # Block hostname
 id=BL_HOSTS
   &&BLOCK_HOSTS
   action=REJECT $$client_name blocked by Mailserver admins. Error: BL_HOSTS
 # Block users
 id=BL_USERS
   &&BLOCK_USERS
   action=REJECT User is blocked by Mailserver admins. Error: BL_USERS
 # Blacklist sender
 #
 #    Claim successful delivery and silently discard the message.
 #
 id=BL_SENDER
   &&BLOCK_SENDER
   #action=DISCARD
   action=REJECT Sender address is blocked by Mailserver admins. Error: BL_SENDER
 # Rate Limits
 # Throttle unknown clients to 5 recipients per 5 minutes:
 id=RATE_UNKNOWN_CLIENT_ADDR
   sasl_username =~ /^$/
 	client_name==unknown
 	action=rate(client_address/5/300/450 4.7.1 only 5 recipients per 5 minutes allowed)
 # Block clients (ip-addresses) sending more than 50 messages per minute exceeded. Error:RATE_CLIENT)
 id=RATE_CLIENT_ADDR
    &&INCOMING
    action=rate($$client_address/50/60/421 421 4.7.0 Too many connections from $$client_address)
 # Block messages with more than 50 recipients
 id=BLOCK_MSG_RCPT
    &&INCOMING
    &&SASL_AUTH
 	 recipient_count=50
    action=REJECT Too many recipients, please reduce to less than 50 or consider using a mailing list. Error: BLOCK_MSG_RCPT
 # Block users sending more than 50 messages/hour
 id=RATE_MSG
    &&INCOMING
    &&SASL_AUTH
    action=rate($$sasl_username/50/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG)
 # Block users sending more than 250 recipients total/hour
 id=RATE_RCPT
    &&INCOMING
    &&SASL_AUTH
    action=rcpt($$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT)
--- a/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated
+++ b/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated
@ -0,0 +1,49 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
 NhAAAAAwEAAQAAAgEAxe0sdGCZS444N0pvLolycgXiipmRbptw/DMNlUGa1yYGDq1Qf0lQ
 1zuDeSOjTk+W78bPHOQy1f+CeHsBj+XRkmInqUZ5K0UgVFEuiAsJGH8l63phyd9bkRHzg0
 QQOFZ7JqcNEpW0NiPSKWMLGg9/yA2XoQ4GgiruA9PyyKa2YdP7vll+5Dhm/E5Jvzwbtkkm
 wM1EWjF5/1LRrFMq4nJAJhCval2Q7DWIHMDqmWj7ZDGT95gHYsf4CmlldO6FOPc8Qa6Lg/
 IEVgLP8ji78TntSQ3B9mRMV5fNYyWJVH3ymqwR7FjTRO/YVCJ5x/WE38T9QBAvjMhV8ais
 M9y5NXUMlKNUxbSU2GPvyB7F0/+ioWzourcIY+1O7mRKmiFsqOjfllS/XxYYJm0qFSBOiq
 wTOVbTna99wN2vl3jQEBo1upqjnL94jVA4qU5w0ypBAFkFlpyuWEbmicNXlAqIovxQ6dIU
 U1iKp/kVQoJDhoBIzCEQvLYkKLgl8cH7pH3Kvcw/EvFAsskGNLlkR5t7jORh05ryCRwV31
 wUl/wfj4HrEmVcCAgokv+mUlk/ug+TmwXShpM9dgO/e2MmjLDe0bSZ+jgYT0axn6kCwiDO
 5acSRwKEJk0jIrkKf04xy3nYwJtxb8RE9mb6j1oPULb0syKM9iTnSsrGRxoGwXQu6ugrLL
 8AAAdApTZfwqU2X8IAAAAHc3NoLXJzYQAAAgEAxe0sdGCZS444N0pvLolycgXiipmRbptw
 /DMNlUGa1yYGDq1Qf0lQ1zuDeSOjTk+W78bPHOQy1f+CeHsBj+XRkmInqUZ5K0UgVFEuiA
 sJGH8l63phyd9bkRHzg0QQOFZ7JqcNEpW0NiPSKWMLGg9/yA2XoQ4GgiruA9PyyKa2YdP7
 vll+5Dhm/E5JvzwbtkkmwM1EWjF5/1LRrFMq4nJAJhCval2Q7DWIHMDqmWj7ZDGT95gHYs
 f4CmlldO6FOPc8Qa6Lg/IEVgLP8ji78TntSQ3B9mRMV5fNYyWJVH3ymqwR7FjTRO/YVCJ5
 x/WE38T9QBAvjMhV8aisM9y5NXUMlKNUxbSU2GPvyB7F0/+ioWzourcIY+1O7mRKmiFsqO
 jfllS/XxYYJm0qFSBOiqwTOVbTna99wN2vl3jQEBo1upqjnL94jVA4qU5w0ypBAFkFlpyu
 WEbmicNXlAqIovxQ6dIUU1iKp/kVQoJDhoBIzCEQvLYkKLgl8cH7pH3Kvcw/EvFAsskGNL
 lkR5t7jORh05ryCRwV31wUl/wfj4HrEmVcCAgokv+mUlk/ug+TmwXShpM9dgO/e2MmjLDe
 0bSZ+jgYT0axn6kCwiDO5acSRwKEJk0jIrkKf04xy3nYwJtxb8RE9mb6j1oPULb0syKM9i
 TnSsrGRxoGwXQu6ugrLL8AAAADAQABAAACAChfUIoMijhXMjBVBoi/kJChkqwi1v9wxYMs
 BsFDOIpaPzIPODQ+iDbe9Npo4o6+vVL7gpOqGJR+IebhcFgh0LXDP8PPlDe3Sfjo9kzZs2
 lDxkBaHkhHPy5AMyO7ZnOXcFdaC9iWoMPKWrwGb+VI9A+idiNr8PfsOdCeEw/KsbkSvG7/
 Ylq7BobAkVposF5mXXlGZYLgRLpH8mzsKfs2ws8A6EcR/tWvtavnzfKs71poon4GjLshfv
 7gsMlBPft4stnS+LJZU3kX6cLGv89cuYIFRGM14jybwlFO/sw1RJ84Kg/DrpSJN98xiRW4
 hvn9/IpswsY8twssFLQfecflsELlfkzVNE1YR1d2rHdBEHKSa0piNvaUgPuIP9oggDkE/m
 pF4Oz/aW71fHLWQVxf3qlCnYfshf86XqJTZvJ8N7edF4XZ+UiOWPl5c8vXBJDFLrydenWF
 9z4IExHZafmYygnbLdEP4cFq8fPsb7zbhNr8aLOLfIyLj30brvIE9/gc7VnME0PdK3n2FO
 u4GDTYSE0UNpjctw5Fg4+89Yv1xD/onLIA43scw3l3NhCtLI5QHnsO8cckga6/wcdfOG2f
 V8kMzICZt3IFnR4EgDlavLMx+FthyYKDE4JYOKM2Qy6xGRg9p6kFyb7SQEFy91JgCN5tpJ
 V5ezfJF7bgTW8tuQpBAAABABSvsV4UpatmjpicZChtXMQHuDob/ZUcVwJ3emORxD5vfKd8
 zuySbJxlJBIIUVT2ako8AmUYQBjIU+vPI18CHdhDhL4rDmeletC6Sl1KB089dc2qavIvtC
 N0E5+iozCXHGirr79t3UTVGBMGr5UYG9y5nfa7WWY38UqVc63TK2EVT0wrNxgS9hUtZWbk
 LsEiIAUEp/8N5wKKv4+uVfzSfg0sEy/JGNU0KNcxFUZNolSEeieQUdmopALD04f/YOdhO5
 mV5oS3lDUC8cnbefQmoK/kszfgOb/qMC76RqLa7IUm91IZbKfA78x81gjSsuiqfPXsE9El
 GxqXrnggbHarFG4AAAEBAOwpW++DbYcI3AJn44o3sH6bGVVsNbAualMxFz0XYwdnoD7UUG
 aOhlRFWZXqOQEbvt1LOp4SYyT50puwdvg0as6+78FnlwVXVaHKjP0Igh2e8Ls5YYpp8jas
 FDcZa0F5JiAFPamxY+ypvaD/Fmc3ha7JBGOGkV67qktOO+Dtd2NSKB6EIt8ShKbjZA6U2i
 UAQCp2AC+f3CDL+3vN/Gj4oBI2ysYl3QVG/nuBT8Lxdf+JabEYwPBMlOqYVfjYQj0FL6Ht
 /+MCeVyaeww+a0/i+W5RqqBn1ptOw1YlamsOvLG2Z0FL6s2/uTE9+dYfQXto6j6vkAGrIr
 yugIYwC0abzxsAAAEBANaNkiXeqKssyYZ14OEfzXyD7M3l2vvfGRvCS0XgqEodvVGbB/A4
 AAWtkuPvOPqSzaOIfdbIcN1dvccJuxU/SPanL33aX7PLROuq7ApIbhzFI5QblvoivUAMST
 ND9QjAu8hHiO9K6qRU3evEpJVvN2iOznTuU/A91n5ChJLeQAjqpMhgB45ZlWKmPE+y0kw6
 aCZq7qmqqCRr5nzY1YYFy2UilbOUyeO5wCDa6bN8FXYvKTBWOmTvsoILPjTjiaZbfITmfd
 f2n4mNITViGU6kirtZSzjRRqqQRj0Vz9f5Qn2TBZ/uCkTDQEBtr/rdAHL9eBaSXYXWVIpl
 RsBCSs/Sny0AAAAHcm9vdEBteAECAwQ=
 -----END OPENSSH PRIVATE KEY-----
--- a/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub
+++ b/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF7Sx0YJlLjjg3Sm8uiXJyBeKKmZFum3D8Mw2VQZrXJgYOrVB/SVDXO4N5I6NOT5bvxs8c5DLV/4J4ewGP5dGSYiepRnkrRSBUUS6ICwkYfyXremHJ31uREfODRBA4Vnsmpw0SlbQ2I9IpYwsaD3/IDZehDgaCKu4D0/LIprZh0/u+WX7kOGb8Tkm/PBu2SSbAzURaMXn/UtGsUyrickAmEK9qXZDsNYgcwOqZaPtkMZP3mAdix/gKaWV07oU49zxBrouD8gRWAs/yOLvxOe1JDcH2ZExXl81jJYlUffKarBHsWNNE79hUInnH9YTfxP1AEC+MyFXxqKwz3Lk1dQyUo1TFtJTYY+/IHsXT/6KhbOi6twhj7U7uZEqaIWyo6N+WVL9fFhgmbSoVIE6KrBM5VtOdr33A3a+XeNAQGjW6mqOcv3iNUDipTnDTKkEAWQWWnK5YRuaJw1eUCoii/FDp0hRTWIqn+RVCgkOGgEjMIRC8tiQouCXxwfukfcq9zD8S8UCyyQY0uWRHm3uM5GHTmvIJHBXfXBSX/B+PgesSZVwICCiS/6ZSWT+6D5ObBdKGkz12A797YyaMsN7RtJn6OBhPRrGfqQLCIM7lpxJHAoQmTSMiuQp/TjHLedjAm3FvxET2ZvqPWg9QtvSzIoz2JOdKysZHGgbBdC7q6Cssvw== root@ga-st-mail-dehydrated
--- a/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim
+++ b/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim
@ -0,0 +1,49 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
 NhAAAAAwEAAQAAAgEAr9qw2oQHkAUfTXEJBxuVR2zDRpTsxyT24eVd+KIJaALVtFVTu8Z3
 rNwJN0P3jNLRWxTBuDEbYtTN1J9Bic01fR9m6jdNk5lKeTJw1Q3BzXxuC+4aix9ircJ4in
 geNSCiHiVHYaSsXRRajPGe/F5+RAEjuRbt95UHB/kU25qGIpBK9Vq0m0Ad8HKrV0vpTb3s
 hVJSQ/VydDC82pwXj0IfW6HPdwnzmt8hU2/dIK3weUI56S+9euzKUh+jqvw1YeTXJzM76G
 I2X/YLDEx7jgFMlChnlHYNivPYBY5Aatq90t6LiqQ0MT0kVx7jQwUnhyRB8vAz+qznftKm
 VTmjxL90IvwUTzvS1nHNmlIPMnSO8NaDHf0k2iueD2lCSe7l1d2U0LMRss4sGZcfhqtDzQ
 DIyhXWFwHLhj55WMQxoVXCSRJRLruwyUKqVn86H6L9lRJ4kEPBJJJ6cXeTBWJGtDT9N/Ja
 SGcjM8tdwxSeilHIW0xn85B3MCphV/t72RRAaqua2VjrmN9N6nuYD+3iobAVf4ruOzXtTr
 U0tjdEBT0xJbIZNwi22Snq0KPly8aN2deXEQ8Q7IJHQB7WNT4jI13l/GWocFwtr7NWXwaD
 eJCtoiB9RraK+EBvoO3IYymvpGQyqhXeMtBGc3kdCI2AslrdpjXd4TGxIwbWae+Xa2JkZa
 kAAAdAgUVtA4FFbQMAAAAHc3NoLXJzYQAAAgEAr9qw2oQHkAUfTXEJBxuVR2zDRpTsxyT2
 4eVd+KIJaALVtFVTu8Z3rNwJN0P3jNLRWxTBuDEbYtTN1J9Bic01fR9m6jdNk5lKeTJw1Q
 3BzXxuC+4aix9ircJ4ingeNSCiHiVHYaSsXRRajPGe/F5+RAEjuRbt95UHB/kU25qGIpBK
 9Vq0m0Ad8HKrV0vpTb3shVJSQ/VydDC82pwXj0IfW6HPdwnzmt8hU2/dIK3weUI56S+9eu
 zKUh+jqvw1YeTXJzM76GI2X/YLDEx7jgFMlChnlHYNivPYBY5Aatq90t6LiqQ0MT0kVx7j
 QwUnhyRB8vAz+qznftKmVTmjxL90IvwUTzvS1nHNmlIPMnSO8NaDHf0k2iueD2lCSe7l1d
 2U0LMRss4sGZcfhqtDzQDIyhXWFwHLhj55WMQxoVXCSRJRLruwyUKqVn86H6L9lRJ4kEPB
 JJJ6cXeTBWJGtDT9N/JaSGcjM8tdwxSeilHIW0xn85B3MCphV/t72RRAaqua2VjrmN9N6n
 uYD+3iobAVf4ruOzXtTrU0tjdEBT0xJbIZNwi22Snq0KPly8aN2deXEQ8Q7IJHQB7WNT4j
 I13l/GWocFwtr7NWXwaDeJCtoiB9RraK+EBvoO3IYymvpGQyqhXeMtBGc3kdCI2Aslrdpj
 Xd4TGxIwbWae+Xa2JkZakAAAADAQABAAACABJKDFqtoJu57KeBOg8jL0NebHDKzFVp4sNb
 t4pET/YhVViMB0lgOtIfkFXPG8/pnRx77Cnb8Z01xLJ4XbiXPxjkSy/Q0KCpMLWqKVH/PE
 jCyC81dE1D1l97+k1scLfVzQaVmfbtyX9kvoYqGv7kVP19oNl/KQC23yRVI3Yze//cQe+C
 n4YGBRcc1fUeUAVl21OCXEv1GxI6f2m9EjY0Ck7dZVZcEpno2u5yk+zyKjByUtONw4clWW
 VxJPSDhonH4xiQm4pvrHgOfteonLEIMY63JQ6ruHzbH3x0bv6uAVANFTY2HbeBRGZLMBeo
 UZQckT9S/BT2Jp1qCyKR/BZaUxmkLOAfJl2rW5IfOOOtKEE/q0DVRidfDf2A2ihmsfbCqR
 hbhOmf7IbqC4XTGm6W9U3pNyu8Oz4QxRyhwlTWTa3hqvF/xJo6C82yy3p4HYRTX5VfZNbN
 iQ7CM/UY0ee69br80MPPdxLetmGX9VvR6g1lsRK8/447DiOD9TZtAXMAiCOf3FUyhwRmRP
 qUdGOXHjXsBAjDMWA0OwwdiGFI7dk5zdyQNTpRsM38cctGeBixPs9SOrTKr10zSaf9NzX4
 srsXnoAdm2LHQIa0Awfd1TJydFjC6KIGgtZgXy4UDpPE6RzlDnkY8DO/pLLhXMAgtts+G/
 ZiaRBKY65VYOHKqVoBAAABAHsbFe8LTyYnDhzgKrlLbeGDySEHTeBbVpKbIUhDjkqoyHvc
 HzEt7b2idhJtjXsEIcMUO+0ut1A2toY/JHkHOKnyXPpqv1NxXR/4ru6rAXrOGB/LQCUtcl
 5Q4StZvvOtcKbt8b0kvvvBMmkFGEtJr5ybDy6K5CFyyROGlUTpXPfjZjuv6YuzqCsLYXXM
 o4cWK1ZUQ7Yf1YovZr3zk6VMzd4gHHQzyTVP5iNflSB3k+AQZClLy771bw2caPFgdpu87a
 kAvhtW+anGLkFxSCZFRMkv9rXl8tB2ZPKWqQb8jEzAfH0CC7sDkddLE2l45RapGMUtsJ1V
 fF8pGpFiHX7FABoAAAEBAN9JT4Tc29Wc5lDVZEqz8IYT+/eRVBAlALmt7jTVwclY+KSZ5g
 i+QONIWj+Js+1Z84bzOzcQ6pZIFAZ57+5qkFeUpfVJB+UL7bLqNF2GeBAvtZ+GgguBK5uN
 H+uXrnyeEWn8ppcHebA5vi/GxzCebZ29VnUbh/nHn0WmMvOBAFYqtjGNxo1diYyp8vS0k+
 pmhZA5xtgGKzGGwrlAJrWLPzAieFPkNJsDMcY03RkU9u0XI3SkrtlmRqaykSzJpIAtDuT/
 D7gyjrNBH6a8qv57LxaUyeWEBOtlC7C4mtTrWcu/+zS8dkh7Y4ZaNR83Zx24DRzAfbuA/R
 04eb6Jd55ATr0AAAEBAMmeXjYdwqh2gbizFgyP8ZgTxXUWp5B0YQ7XUOC8CuQqAL8/HlE3
 gVHLwrUIKAwTUADfqvzyG86IgJOw1byU3DWY9b5dKfrWm1RhcvLWMgIjRHH3sqnVWxIBam
 RkfDkRZ/B8236SoAxe5k7yqZ3wQ6BNJstY1Nya+iJG1h6mLPasEzqZH+JOd0Uc9Fsr8uYR
 CmvojolkAaa2We44y9oCXTTHCBfpFUZf0gySmG7ZEXA6MqwTCcbFCP599YmRQ2BmdO0SQF
 YHIhpmc3xBjKMiNqhNBii2PUejVp7OVqHQBCeWq/GH9yTj00JeX9KoL7DdoyCoCWHG4eB0
 JVW9wg49J10AAAAHcm9vdEBteAECAwQ=
 -----END OPENSSH PRIVATE KEY-----
--- a/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub
+++ b/roles/common/files/ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCv2rDahAeQBR9NcQkHG5VHbMNGlOzHJPbh5V34ogloAtW0VVO7xnes3Ak3Q/eM0tFbFMG4MRti1M3Un0GJzTV9H2bqN02TmUp5MnDVDcHNfG4L7hqLH2KtwniKeB41IKIeJUdhpKxdFFqM8Z78Xn5EASO5Fu33lQcH+RTbmoYikEr1WrSbQB3wcqtXS+lNveyFUlJD9XJ0MLzanBePQh9boc93CfOa3yFTb90grfB5QjnpL7167MpSH6Oq/DVh5NcnMzvoYjZf9gsMTHuOAUyUKGeUdg2K89gFjkBq2r3S3ouKpDQxPSRXHuNDBSeHJEHy8DP6rOd+0qZVOaPEv3Qi/BRPO9LWcc2aUg8ydI7w1oMd/STaK54PaUJJ7uXV3ZTQsxGyziwZlx+Gq0PNAMjKFdYXAcuGPnlYxDGhVcJJElEuu7DJQqpWfzofov2VEniQQ8Ekknpxd5MFYka0NP038lpIZyMzy13DFJ6KUchbTGfzkHcwKmFX+3vZFEBqq5rZWOuY303qe5gP7eKhsBV/iu47Ne1OtTS2N0QFPTElshk3CLbZKerQo+XLxo3Z15cRDxDsgkdAHtY1PiMjXeX8ZahwXC2vs1ZfBoN4kK2iIH1Gtor4QG+g7chjKa+kZDKqFd4y0EZzeR0IjYCyWt2mNd3hMbEjBtZp75drYmRlqQ== root@ga-st-mail-opendkim
--- a/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf
+++ b/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf
@ -0,0 +1,135 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 #---------------------------------------
 #-----------------------------
 # Settings for script check_cert_for_dovecot.sh
 #-----------------------------
 #---------------------------------------
 # - service_domain
 # -
 # - The main domain for which the certificate was issued
 # -
 # - Example:
 # -    service_domain="a.mx.oopen.de"
 # -    service_domain="mail.cadus.org"
 # -    service_domain="mx.warenform.de"
 # -
 #service_domain=""
 service_domain="mx.gemeinschaft-altenschlirf.de"
 # - service_name
 # -
 # - Name of service.
 # -
 # - Note: this var will also be used to determin systemd service file
 # - or sysVinit script.
 # -
 # - Example: 
 # -    service_name="Mumble"
 # -    service_name="Prosody"
 # -
 # - Defaults to:
 # -    service_name="Dovecot"
 # -
 #service_name=""
 # - check_string_ps
 # -
 # - String wich (clearly) identifies the service at the process list (ps)
 # -
 # - Example:
 # -    check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
 # -    check_string_ps=""
 # -
 # - Defaults to:
 # -    check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
 # -
 #check_string_ps=""
 # - service_user
 # -
 # - User under which the service is running.
 # -
 # - Example:
 # -    service_user="mumble-server"
 # -    service_user="prosody"
 # -
 # - Defaults to:
 # -    service_user="prosody"
 # -
 #service_user=""
 # - service_group
 # -
 # - Group under which the service is running.
 # -
 # - Example:
 # -    service_group="mumble-server"
 # -    service_group="prosody"
 # -
 # - Defaults to:
 # -    service_group="prosody"
 # -
 #service_group=""
 # - cert_installed
 # -
 # - Locataion of certificate read by service
 # -
 # - Example:
 # -    cert_installed="/var/lib/mumble-server/fullchain.pem"
 # -    cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
 # -
 # - Defaults to:
 # -    /etc/dovecot/ssl/mailserver.crt
 # -
 #cert_installed=""
 # - key_installed
 # -
 # - Location of the key read by service
 # -
 # - Example:
 # -    key_installed="/var/lib/mumble-server/privkey.pem"
 # -    key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
 # -
 # - Defaults to:
 # -    /etc/dovecot/ssl/mailserver.key
 # -
 #key_installed=""
 # - cert_newest
 # -
 # - Location of the newest certificate.
 # -
 # - Example:
 # -    cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
 # -    cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
 # -
 # - Defaults to: 
 # -    /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
 # -
 #cert_newest=""
 # - key_newest
 # -
 # - Location of the newest Key
 # -
 # - Example:
 # -    key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
 # -    key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
 # -
 # - Defaults to:
 # -    /var/lib/dehydrated/certs/${service_domain}/privkey.pem
 # -
 #key_newest=""
--- a/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
@ -0,0 +1,178 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 #---------------------------------------
 #-----------------------------
 # Settings
 #-----------------------------
 #---------------------------------------
 # ---
 # - LOGGING
 # -
 # - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
 # - the output will be verbos. If running as cronjob, output will only be written, if warnings or 
 # - errors occurs.
 # ---
 # - What to check
 # -
 check_load=true
 check_mysql=false
 # - PostgreSQL
 # -
 # - NOT useful, if more than one PostgreSQL instances are running!
 # -
 check_postgresql=true
 check_apache=true
 check_nginx=false
 check_php_fpm=true
 check_redis=false
 check_website=false
 # - If service is not listen on 127.0.0.1/loclhost, curl check must
 # - be ommited
 # -
 # - Defaults to: ommit_curl_check_nginx=false
 # -
 #ommit_curl_check_nginx=false
 # - Is this a vserver guest machine?
 # -
 # - Not VSerber guest host does not support systemd!
 # -
 # - defaults to: vserver_guest=false
 # -
 #vserver_guest=false
 # - Additional Settings for check_mysql
 # -
 # - MySQL / MariaDB credentials
 # -
 # - Giving password on command line is insecure an sind mysql 5.5
 # - you will get a warning doing so.
 # - 
 # - Reading username/password fro file ist also possible, using MySQL/MariaDB
 # - commandline parameter '--defaults-file'.
 # - 
 # - Since Mysql Version 5.6, you can read username/password from
 # - encrypted file.
 # -
 # -    Create (encrypted) option file:
 # -    $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock  --user=root --password
 # -    $ Password:
 # -
 # -    Use of option file:
 # -    $ mysql --login-path=local ...
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 mysql_credential_args=""
 # - Additional Settings for check_php_fpm
 # -
 # - On Linux Vserver System set
 # -    curl_check_host=localhost
 # -
 # - On LX-Container set
 # -    curl_check_host=127.0.0.1
 # -
 curl_check_host=127.0.0.1
 # - Which PHP versions should be supported by this script. If more than one,
 # - give a blank separated list
 # -
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
 php_versions="7.4"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
 # - the concerning php_version in form
 # -    <php-version>:<ping-path>
 # -
 # - Multiple settings are possible, give a blank separated list.
 # -
 # - Example:
 # -
 # -    ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
 # -
 ping_path=""
 # - Additional Settings for check_website - checking (expected) website response
 # -
 # - example:
 # -    is_working_url="https://www.outoflineshop.de/"
 # -    check_string='ool-account-links'
 # -    include_cleanup_function=true
 # -    extra_alert_address="ilker@so36.net"
 # -    cleanup_function='
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
 # -    /usr/local/bin/redis-cli flushall > /dev/null 2>&1
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
 # -    else
 # -       error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
 # -     fi
 # -    /etc/init.d/redis_6379 restart
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I restarted the redis service"
 # -       echo -e "\t[ Ok ]:    I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
 # -    else
 # -       error "Restarting the redis server failed!"
 # -       echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
 # -    fi
 # -    '
 # -
 is_working_url=''
 check_string=''
 include_cleanup_function=true
 # - An extra e-mail address, which will be informed, if the given check URL
 # - does not response as expected (check_string) AFTER script checking, restarting
 # - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
 # -
 extra_alert_address=''
 # - php_version_of_working_url
 # -
 # - If given website (is_working_url) does not response as expected, this PHP FPM
 # - engines will be restarted.
 # -
 # - Type "None" if site does not support php
 # -
 # - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
 # - will be restarted
 # -
 php_version_of_working_url=''
 # - Notice:
 # - If single qoutes "'" not needed inside cleanup function, then use single quotes
 # - to enclose variable "cleanup_function". Then you don't have do masquerade any 
 # - sign inside.
 # -
 # - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
 # -
 cleanup_function='
 '
 # - E-Mail settings for sending script messages
 # -
 from_address="root@`hostname -f`"
 content_type='Content-Type: text/plain;\n charset="utf-8"'
 to_addresses="root"
--- a/roles/common/files/ga-st-mail/root/bin/postfix/conf/create_opendkim_key.conf
+++ b/roles/common/files/ga-st-mail/root/bin/postfix/conf/create_opendkim_key.conf
@ -0,0 +1,176 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---------------------------------------------------------
 # - Parameter Settings for script 'create_opendkim_key.sh'.
 # ---------------------------------------------------------
 # ----------
 # DNS Server
 # ----------
 # - dns_dkim_zone_master_server
 # - 
 # - The DNS Server who is serving the update zone and is used 
 # - for the dynamic updates (nsupdate) 
 # - 
 #dns_dkim_zone_master_server=""
 dns_dkim_zone_master_server="b.ns.oopen.de"
 # - update_dns
 # -
 # - Possible Values are 'true' or 'false'
 # -
 #update_dns=""
 # - update_zone
 # -
 # - Zone containing the DKIM TXT record.
 # -
 # - Defaults to '_domainkey.<dkim_domaini>'
 # -
 # - Note:
 # -    do NOT change/set this option unless you know what you do.
 # -
 #update_zone=""
 # - TTL
 # -
 # - TTL for the DKIM TXT Record.
 # -
 # - Defaults to "" if update_dns=false
 # - Defaults to "43200" if update_dns=true
 #
 #TTL=""
 # ----------
 # TSIG Key
 # ----------
 # - key_secret
 # -
 # - Sectret Key used by 'nsupdate' to create/update the
 # - DKIM TXT record.
 # -
 # - Example:
 # -    key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
 # -
 #key_secret=""
 key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
 # - key_algo
 # -
 # - The key algorithm used for key creation. Available choices are: hmac-md5, 
 # - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The 
 # - default is hmac-sha256. Options are case-insensitive.
 # -
 # - Example:
 # -    key_algo="hmac-md5"
 # -
 # - Defaults to 'hmac-sha256'
 # -
 #key_algo="hmac-sha256"
 key_algo="hmac-sha256"
 # - key_name
 # -
 # - Name of the Key
 # -
 # - Defaults to "$update_zone"
 # -
 #key_name=
 key_name="update-dkim"
 # ----------
 # Access Credentials DNS Server
 # ----------
 # - dns_ssh_user
 # -
 # - Defaults to 'manage-bind'
 # -
 #dns_ssh_user="manage-bind"
 # - dns_ssh_port
 # -
 # - Defaults to '22'
 # -
 #dns_ssh_port=22
 # - dns_ssh_key
 # -
 # - Defaults to '/root/.ssh/id_rsa-opendkim'
 # -
 #dns_ssh_key="/root/.ssh/id_rsa-opendkim"
 # ----------
 # Scripts envoked at DNS Server
 # ----------
 # - set_new_serial_script
 # -
 # - Script increases the serial for a given domain or a given 
 # - hostname's concerning domain.
 # -
 # - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
 # -
 #set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
 # - create_dkim_delegation_script
 # -
 # - Script adds DKIM subdomain delegation for a given domain
 # -
 # - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
 # -
 #create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
 # - add_dkim_zone_master_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as master zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
 # -
 #add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
 # - add_dkim_zone_slave_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as slave zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
 # -
 #add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
 # ----------
 # OpenDKIM Installation
 # ----------
 # - opendkim_dir
 # -
 # - OpenDKIM's etc-directory
 # -
 # - Defaults to opendkim_dir="/etc/opendkim"
 # -
 #opendkim_dir="/etc/opendkim"
 # - key_base_dir
 # -
 # - Defaults to "${opendkim_dir}/keys"
 # -
 #key_base_dir=${opendkim_dir}/keys
 # - signing_table_file
 # -
 # - Defaults to "${opendkim_dir}/signing.table"
 # -
 #signing_table_file="${opendkim_dir}/signing.table"
 # - key_table_file
 # -
 # - Defaults to "${opendkim_dir}/key.table"
 # -
 #key_table_file="${opendkim_dir}/key.table"
--- a/roles/common/files/ga-st-mail/root/bin/postfix/conf/postfix_add_mailboxes.conf
+++ b/roles/common/files/ga-st-mail/root/bin/postfix/conf/postfix_add_mailboxes.conf
@ -0,0 +1,86 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ----------------------------------------------------
 # ---
 # - Parameter Settings for script 'postfix_add_mailboxes.sh'.
 # ---
 # ----------------------------------------------------
 # - dovecot_enc_method
 # -
 # - The (dovecot) password  scheme  which  should  be  used  to  generate  the  hashed  
 # - passwords of EXISTING users.
 # -
 # - Possible values are: 
 # -
 # -    See output of 'doveadm pw -l'
 # -
 # - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT"
 # -
 #dovecot_enc_method="SHA512-CRYPT"
 # - in_file
 # -
 # - The file from wich the script reads the e-mail-address/password
 # - kombination(s). Each line in this file must only contain
 # -    <emal-address> <password>
 # -
 # - Defaults to: in_file="${conf_dir}/mailboxes_new.lst"
 # -
 #in_file="${conf_dir}/mailboxes_new.lst"
 # - db_type
 # -
 # - Type of Postfix Database
 # -
 # - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
 # - 
 # - Defaults to: db_type="pgsql"
 # -
 #db_type="pgsql"
 # - db_name
 # -
 # - Database name for the postfix database
 # - 
 # - Defaults to: db_name="postfix"
 # -
 #db_name="postfix"
 # - db_name
 # -
 # - Database name for the postfix database
 # - 
 # - Defaults to: db_name="postfix"
 # -
 #db_name="postfix"
 # - mysql_credential_args (root access to MySQL Database)
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 # - Defaults to:
 # -    '--defaults-file=/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '--defaults-file=/usr/local/mysql/sys-maint.cnf' otherwise
 # -
 #mysql_credential_args=""
 # - quota
 # -
 # - The quota setting for the new mailboxes.
 # -
 # - Defaults to: quota="536870912"
 # -
 #quota="536870912"
 quota="2147483648"
 # - log_file
 # -
 # - Where to write logging informations?
 # -
 # - Defaults to: log_file="${script_dir}/log/postfix_add_mailboxes.log"
 # -
 #log_file="${script_dir}/log/postfix_add_mailboxes.log"
--- a/roles/common/files/ga-st-mail/root/bin/postfix/conf/sent_userinfo_postfix.conf
+++ b/roles/common/files/ga-st-mail/root/bin/postfix/conf/sent_userinfo_postfix.conf
@ -0,0 +1,92 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ----------------------------------------------------
 # ---
 # - Parameter Settings for script 'sent_userinfo_postfix.sh'.
 # ---
 # ----------------------------------------------------
 # - message_body_file
 # -
 # - Full path to file containing the user info. This file must contain 
 # - the message body WITHOUT e-mail headers. If file is placed in the
 # - 'files' directory use '${file_dir}/<file-name>'
 # -
 # - Defaults to '${file_dir}/sent_userinfo_postfix.message'
 # -
 #message_body_file="${file_dir}/sent_userinfo_postfix.email"
 # - email_from
 # -
 # - From Address of user info
 # -
 # - Example: 'oo@oopen.de'
 # -
 email_from="it@gemeinschaft-altenschlirf.de"
 # - email_from_org
 # -
 # - Example: email_from_org="O.OPEN"
 # -
 email_from_org="Gemeinschaft Altenschlirf"
 # - db_type
 # -
 # - Type of Postfix Database
 # -
 # - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
 # - 
 # - Defaults to: db_type="pgsql"
 # -
 #db_type="pgsql"
 # - db_name
 # -
 # - Database name for the postfix database
 # - 
 # - Defaults to: db_name="postfix"
 # -
 #db_name="postfix"
 # - mysql_credential_args (root access to MySQL Database)
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 # - Defaults to:
 # -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '/usr/local/mysql/sys-maint.cnf' otherwise
 # -
 #mysql_credential_args=""
 # - mail_user
 # -
 # - The owner of the mailbox directories and within the e-mails itself.
 # -
 # - defaults to mail_user="vmail"
 # -
 #mail_user="vmail"
 # - mail_group
 # -
 # - The group of the mailbox directories
 # -
 # - defaults to mail_group="vmail"
 # -
 #mail_group="vmail"
 # - mail_basedir - No more needed!
 # -
 # - The root directory where all mailbox-domains are located.
 # -
 # - Defaults to '/var/vmail'.
 # -
 #mail_basedir=/var/vmail
--- a/roles/common/files/ga-st-mail/root/bin/postfix/conf/whitelist_mb_sigs.conf
+++ b/roles/common/files/ga-st-mail/root/bin/postfix/conf/whitelist_mb_sigs.conf
@ -0,0 +1,44 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ======================================================
 # ---
 # Parameter Settings for Script 'whitelist_mb_sigs.conf'
 # ---
 # ======================================================
 # QUARANTINE_BASE_DIR
 #
 # Base directory where amavis stores quarantined e-mails, mostly in
 #
 #    virus e-mails:   $QUARANTINE_BASE_DIR/virus
 #    spam emails:     $QUARANTINE_BASE_DIR/spam
 #    ..
 #
 #    Defaults to:
 #       QUARANTINE_BASE_DIR="/var/QUARANTINE"
 #
 #QUARANTINE_BASE_DIR="/var/QUARANTINE"
 # CLAMAV_VIRUS_WHITE_LIST
 #
 # Full path to clamav's (personal) white list file
 #
 # Defaults to:
 #    CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 #
 #CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 # WHITE_LIST_STRINGS
 #
 # A blank separated list of strings to whitelist.
 #
 # Example:
 #    WHITE_LIST_STRINGS="google.com tinyurl.com"
 #
 # Defaults to:
 #    WHITE_LIST_STRINGS="google.com"
 #
 #WHITE_LIST_STRINGS="google.com"
 WHITE_LIST_STRINGS="google.com tinyurl.com"
--- a/roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim
+++ b/roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim
@ -0,0 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIJKAIBAAKCAgEApbqZLq1PmnCUbadrPRoIgvqwDapbqfEn4bbpVdGv/M+p6G43
 KUFq31avjDYzO1YIZ5TAMDI8+7XHBRsgpiaEktdUXJxbT5qp0jY9P0yPM8mDmVL2
 QnMzwUnqrPyMWsMmM/dXt0ZT1m6b+9TY/vxB1GQKWZJHU5KWB3bkiWFrSmANpdhp
 c5o3dndrvyBSJKl4b5dW090VDC2SamHRMGAL5VtiQfOBCFjX+MrXBnLuq2pFwkT/
 aOtgW0c2twHzIEn2uOTy6HT4uVaag4kx0giAZZflTri6k4EAgWHgDUTwpTC27nlV
 13DK5hMKw13gtHaak3YGhdk898WLKwM03um3DSbBoBgkMk7QyqbAIKCm99WoLMsu
 vAqGbaNdxGuFmLDVcdE9ymkZWg5vfCqp1CVxyb15y3oKn14lES+QacV5gJxb2dHb
 h67UZFac3ruZ+b8+NUS5xR8i5Z9lROmviGHYi5T5doQvu6bMG/pwT/cjZ+k+FkGT
 bR6eGLLADbmCjvv4CWh6TCdU6oC/yKeunqyvt+9jNU/+om4lN/qh28FuxW11X59w
 89mmyRsjZKGmRqUCF7cdFMVmGRxfBN+WdJZfTUKNQpw71d4wNWjJ2FU7/Q7kmMai
 2N+KB1lxBczMkrQkVrqeE366d6U+tRkYW9ofJGYuXakLq/Sq6lpgOhxfQ/kCAwEA
 AQKCAgEAndJG0eaFaeNP1eSbAQLrnB+yzDCxPfLDMfWH2wvmdfAkM43Rxd3gMnNQ
 lUuAGj9hnZJQOxV8cY+3ySr+OntvwI6CbfcQFYyJr/+q776umHiMc9RHYxxl6unD
 K50M49n3ZYFj7MpySD/pFzaotpnu7p2eJZJhjjqH2O/lztYQ4DD8jjS6pzXzH0O2
 Pbo/v14LrOkH7JYa1xAG4HvqRBETAwW1WmzTMem5MdmoTyHgGykG6WvfdkC/7+yv
 NDQNHXCSHZ0ZnTjXK1hHqH9cDFHAQ/8UhZTxSEqO+qcEQF6odAciDZNKpfFppxP3
 KfkaZYCUz1yT9Z7cqm9aiklxbd5PTBPV+nmzUd/FLw2j94D5+egvZcVrRBx63vVg
 0Gzt/LPvejhBfZoHyRxepcvNWRtxVkvUuzc/b8cP1HpmruSGri+c8TI1qRWID5Fj
 EcQ4lYRt+v98J21FDhKNLSN7QUfrB0CqFQfLcfrkrM2919SY+JEdj6zxEED/nx20
 N5jmqvGZjllXJ/7N838sw5bCX8LsA0NXd86LuEjxRhiiqwdtKFz4pNSAdO8R724G
 hTowNOVFlwunT8rTWipq0YXkrC1c1PUMhqcwyEsYzOx003MJDJ8biZaTh9yf7zOz
 CQDcf2AzWJAevK5tnfbDHnmDv2rfSlQxkNikC3gJlRPsAYsJNSECggEBANrpvBH/
 pasjPm5MAb+7YfY7razcO5gStKTavpJRDv92x87gZ+OLRRY+fqunCG9YCUMvbh+H
 RAryK6Nui6+SOPH/KYMRRFunxUOBjxxDmYjdNLf+rWMbRzntbdWORRBZ70KGfWjO
 eEtNe/++qyKGQKIDLYs3Wm0nmk8phWK2ZqPsz+3eQrLtERNZ5MesA+R8Oi7yffoc
 /VId47RsRBfPpfNBZ8XK7yzHqO5rq4xfpaBIGm0pih91NBBo/RcPTcuDNQiNLoja
 rIXOR+mV0Qwv/hKaOGeHf4uH8ypkn3QaZIYGyBAiZf45itku9kRnxKYl+sXkJPnr
 9Q3aRmJ0gByOpw0CggEBAMHORDC++s3M14c0vdC+lXpyKEkzCKoLlfJMGV/kzF2V
 X+v0AehIPxIiAEzMg/2HhRwwQ5f7StM4jybu+VVrSvQ5fbOxiAj/ucF1sA2N4C32
 v6r/iIwolZhkbElx5SZwj5dMWcwvwyFiY32oLa0w9wgAt1Te5wx1x42rCWnL4zN6
 NtE2BFw8yUkrPOm5QI8ztCl8tJZO03uhJXz/3fXuxDWbVkeTB1wgRz/l/ML8WvwR
 yyReQlKkmneANR1axMPRFXREEqY/HA45STPA+GmSq9bW56j+diXDmWxlRNFiZbeT
 WkuExcGATt9FOJS9e7OID1XEVLc1jXSjYjmhAA451Z0CggEAKehI6qEoE+UBVJgU
 VaIHlN3D162pculRz6VYiiYeWuVgRshK2xKUPTflg/LL+JS/4S65RCve6MGHfRfy
 gb/aSulwBvlNPsaVSuEIhn6ia8L9DqQgiTJ1pi8/sXw02HZ/CRs58tBj0vaYYFMd
 69QLl3hIRbhpBTBpp/Ho6QbGC2eQPpcn6ZzcgfnZhCf37suhT894MmNOU2QJbUa0
 mmJUAIdq2ECLHOVz/4B5LLw6tr5W4MLtACyttN6EZN+3ItiRVHvChsxl7o+Y0Kyv
 gkfFucXwOlGEJy/1aw4sQEu1JrsxnXUYVVyqqf0Fg/7hdHUc1rlgIr/6/5Xjl4F5
 7P2aGQKCAQBF/m3IQSEpdIKelSC8pCguKc586U6Gw1prQKqlZGeeoNUczWpm7rjA
 nsEG+5Hr3aboUFIJMLuMX0/sGsC35eETJTRN0p8zyM/Ym91yd7vwPb5pTpKNNBcb
 C6HEQLsmz948IVoJEXLiurr95eBhPV7qZ//OShad/GeOtafXqsgqjkf/9QdMHLQB
 lfkQ3FQBpAW8OgqqgluEueVlKK+MI6h/R9O4U9SDpDC3ViOcdDGT+gUo5FYFrOcQ
 o6ALMv3/TqL186PcoMxMIspaQ6Yz0sH2/HR8JzKaXvMpH8Xj7SqZS0GAJrqZMPLL
 Vh+iMHDdnRUUv6xs4o1tA5j1AT2Y5bBNAoIBACM3gjrDabLWR3lIZY0o7rQPCp9x
 WCF39r1GyhEeX4W5NrLFichSrFV8NJ2bMW9vmUvh7Z0CoJaiPssi2KWxuWdn+30s
 +gi096f4VX/HHbXlTh90uZaqYP5zoPTs4MIR0gnMsKaIanRjla8n9FxkjRxfsvKc
 GFKpaY5zCRT/Qms6gLENbrB0SDnfV3xdI/cQhCCgfHA9mqwVfvEsZRdw7AWvqHQH
 prppgzt/8FMrEaQhMHbMXVskk9SbUz+AOT4/Z0gnpkjwrrBoJLRcYkU28CQLCLJs
 oAWKnlt5BMYjl/v8tmnc8C6+OoS+LfXzD5tKmJUN5O7wFl1TOMsUGBxqqX8=
 -----END RSA PRIVATE KEY-----
--- a/roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim.pub
+++ b/roles/common/files/lists.mx.warenform/root/.ssh/lists.mx.warenform-id_rsa-opendkim.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClupkurU+acJRtp2s9GgiC+rANqlup8SfhtulV0a/8z6nobjcpQWrfVq+MNjM7VghnlMAwMjz7tccFGyCmJoSS11RcnFtPmqnSNj0/TI8zyYOZUvZCczPBSeqs/IxawyYz91e3RlPWbpv71Nj+/EHUZApZkkdTkpYHduSJYWtKYA2l2Glzmjd2d2u/IFIkqXhvl1bT3RUMLZJqYdEwYAvlW2JB84EIWNf4ytcGcu6rakXCRP9o62BbRza3AfMgSfa45PLodPi5VpqDiTHSCIBll+VOuLqTgQCBYeANRPClMLbueVXXcMrmEwrDXeC0dpqTdgaF2Tz3xYsrAzTe6bcNJsGgGCQyTtDKpsAgoKb31agsyy68CoZto13Ea4WYsNVx0T3KaRlaDm98KqnUJXHJvXnLegqfXiURL5BpxXmAnFvZ0duHrtRkVpzeu5n5vz41RLnFHyLln2VE6a+IYdiLlPl2hC+7pswb+nBP9yNn6T4WQZNtHp4YssANuYKO+/gJaHpMJ1TqgL/Ip66erK+372M1T/6ibiU3+qHbwW7FbXVfn3Dz2abJGyNkoaZGpQIXtx0UxWYZHF8E35Z0ll9NQo1CnDvV3jA1aMnYVTv9DuSYxqLY34oHWXEFzMyStCRWup4Tfrp3pT61GRhb2h8kZi5dqQur9KrqWmA6HF9D+Q== root@lists.mx
--- a/roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
@ -0,0 +1,155 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 #---------------------------------------
 #-----------------------------
 # Settings
 #-----------------------------
 #---------------------------------------
 # ---
 # - LOGGING
 # -
 # - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
 # - the output will be verbos. If running as cronjob, output will only be written, if warnings or 
 # - errors occurs.
 # ---
 # - What to check
 # -
 check_load=true
 check_mysql=true
 check_apache=true
 check_php_fpm=false
 check_website=false
 # - Additional Settings for check_mysql
 # -
 # - MySQL / MariaDB credentials
 # -
 # - Giving password on command line is insecure an sind mysql 5.5
 # - you will get a warning doing so.
 # - 
 # - Reading username/password fro file ist also possible, using MySQL/MariaDB
 # - commandline parameter '--defaults-file'.
 # - 
 # - Since Mysql Version 5.6, you can read username/password from
 # - encrypted file.
 # -
 # -    Create (encrypted) option file:
 # -    $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock  --user=root --password
 # -    $ Password:
 # -
 # -    Use of option file:
 # -    $ mysql --login-path=local ...
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 mysql_credential_args="--login-path=local"
 # - Additional Settings for check_php_fpm
 # -
 # - On Linux Vserver System set
 # -    curl_check_host=localhost
 # -
 # - On LX-Container set
 # -    curl_check_host=127.0.0.1
 # -
 curl_check_host=127.0.0.1
 # - Which PHP versions should be supported by this script. If more than one,
 # - give a blank separated list
 # -
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
 php_versions=""
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
 # - the concerning php_version in form
 # -    <php-version>:<ping-path>
 # -
 # - Multiple settings are possible, give a blank separated list.
 # -
 # - Example:
 # -
 # -    ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
 # -
 ping_path=""
 # - Additional Settings for check_website - checking (expected) website response
 # -
 # - example:
 # -    is_working_url="https://www.outoflineshop.de/"
 # -    check_string='ool-account-links'
 # -    include_cleanup_function=true
 # -    extra_alert_address="ilker@so36.net"
 # -    cleanup_function='
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
 # -    /usr/local/bin/redis-cli flushall > /dev/null 2>&1
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
 # -    else
 # -       error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
 # -     fi
 # -    /etc/init.d/redis_6379 restart
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I restarted the redis service"
 # -       echo -e "\t[ Ok ]:    I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
 # -    else
 # -       error "Restarting the redis server failed!"
 # -       echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
 # -    fi
 # -    '
 # -
 is_working_url=''
 check_string=''
 include_cleanup_function=true
 # - An extra e-mail address, which will be informed, if the given check URL
 # - does not response as expected (check_string) AFTER script checking, restarting
 # - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
 # -
 extra_alert_address=''
 # - php_version_of_working_url
 # -
 # - If given website (is_working_url) does not response as expected, this PHP FPM
 # - engines will be restarted.
 # -
 # - Type "None" if site does not support php
 # -
 # - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
 # - will be restarted
 # -
 php_version_of_working_url=''
 # - Notice:
 # - If single qoutes "'" not needed inside cleanup function, then use single quotes
 # - to enclose variable "cleanup_function". Then you don't have do masquerade any 
 # - sign inside.
 # -
 # - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
 # -
 cleanup_function='
 '
 # - E-Mail settings for sending script messages
 # -
 from_address="root@`hostname -f`"
 content_type='Content-Type: text/plain;\n charset="utf-8"'
 to_addresses="root"
--- a/roles/common/files/lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
+++ b/roles/common/files/lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
@ -0,0 +1,173 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---------------------------------------------------------
 # - Parameter Settings for script 'create_opendkim_key.sh'.
 # ---------------------------------------------------------
 # ----------
 # DNS Server
 # ----------
 # - dns_dkim_zone_master_server
 # - 
 # - The DNS Server who is serving the update zone and is used 
 # - for the dynamic updates (nsupdate) 
 # - 
 dns_dkim_zone_master_server="dns0.warenform.de"
 # - update_dns
 # -
 # - Possible Values are 'true' or 'false'
 # -
 #update_dns=""
 # - update_zone
 # -
 # - Zone containing the DKIM TXT record.
 # -
 # - Defaults to '_domainkey.<dkim_domaini>'
 # -
 # - Note:
 # -    do NOT change/set this option unless you know what you do.
 # -
 #update_zone=""
 # - TTL
 # -
 # - TTL for the DKIM TXT Record.
 # -
 # - Defaults to "" if update_dns=false
 # - Defaults to "43200" if update_dns=true
 #
 #TTL=""
 # ----------
 # TSIG Key
 # ----------
 # - key_secret
 # -
 # - Sectret Key used by 'nsupdate' to create/update the
 # - DKIM TXT record.
 # -
 # - Example:
 # -    key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
 # -
 key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
 #key_secret="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
 # - key_algo
 # -
 # - The key algorithm used for key creation. Available choices are: hmac-md5, 
 # - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The 
 # - default is hmac-sha256. Options are case-insensitive.
 # -
 # - Example:
   # -    key_algo="hmac-md5"
 # -
 # - Defaults to 'hmac-sha256'
 # -
 #key_algo="hmac-sha256"
 # - key_name
 # -
 # - Name of the Key
 # -
 # - Defaults to "$update_zone"
 # -
 key_name="update-dkim"
 # ----------
 # Access Credentials DNS Server
 # ----------
 # - dns_ssh_user
 # -
 # - Defaults to 'manage-bind'
 # -
 #dns_ssh_user="manage-bind"
 # - dns_ssh_port
 # -
 # - Defaults to '22'
 # -
 #dns_ssh_port=22
 # - dns_ssh_key
 # -
 # - Defaults to '/root/.ssh/id_rsa-opendkim'
 # -
 #dns_ssh_key="/root/.ssh/id_rsa-opendkim"
 # ----------
 # Scripts envoked at DNS Server
 # ----------
 # - set_new_serial_script
 # -
 # - Script increases the serial for a given domain or a given 
 # - hostname's concerning domain.
 # -
 # - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
 # -
 #set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
 # - create_dkim_delegation_script
 # -
 # - Script adds DKIM subdomain delegation for a given domain
 # -
 # - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
 # -
 #create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
 # - add_dkim_zone_master_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as master zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
 # -
 #add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
 # - add_dkim_zone_slave_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as slave zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
 # -
 #add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
 # ----------
 # OpenDKIM Installation
 # ----------
 # - opendkim_dir
 # -
 # - OpenDKIM's etc-directory
 # -
 # - Defaults to opendkim_dir="/etc/opendkim"
 # -
 #opendkim_dir="/etc/opendkim"
 # - key_base_dir
 # -
 # - Defaults to "${opendkim_dir}/keys"
 # -
 #key_base_dir=${opendkim_dir}/keys
 # - signing_table_file
 # -
 # - Defaults to "${opendkim_dir}/signing.table"
 # -
 #signing_table_file="${opendkim_dir}/signing.table"
 # - key_table_file
 # -
 # - Defaults to "${opendkim_dir}/key.table"
 # -
 #key_table_file="${opendkim_dir}/key.table"
--- a/roles/common/files/lists.mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
+++ b/roles/common/files/lists.mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
@ -0,0 +1,44 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ======================================================
 # ---
 # Parameter Settings for Script 'whitelist_mb_sigs.conf'
 # ---
 # ======================================================
 # QUARANTINE_BASE_DIR
 #
 # Base directory where amavis stores quarantined e-mails, mostly in
 #
 #    virus e-mails:   $QUARANTINE_BASE_DIR/virus
 #    spam emails:     $QUARANTINE_BASE_DIR/spam
 #    ..
 #
 #    Defaults to:
 #       QUARANTINE_BASE_DIR="/var/QUARANTINE"
 #
 #QUARANTINE_BASE_DIR="/var/QUARANTINE"
 # CLAMAV_VIRUS_WHITE_LIST
 #
 # Full path to clamav's (personal) white list file
 #
 # Defaults to:
 #    CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 #
 #CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 # WHITE_LIST_STRINGS
 #
 # A blank separated list of strings to whitelist.
 #
 # Example:
 #    WHITE_LIST_STRINGS="google.com tinyurl.com"
 #
 # Defaults to:
 #    WHITE_LIST_STRINGS="google.com"
 #
 #WHITE_LIST_STRINGS="google.com"
 WHITE_LIST_STRINGS="google.com tinyurl.com"
--- a/roles/common/files/lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
+++ b/roles/common/files/lists.mx.warenform/usr/local/src/sympa/conf/install_sympa.conf
@ -0,0 +1,141 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---------------------------------------
 # - Configuration for sympa install script
 # ----------------------------------------
 # - PREFIX
 # -
 # - Sympa Installation directory
 # -
 # - Defaults to: "/usr/local/sympa"
 # -
 #PREFIX="/usr/local/sympa"
 # - SYMPA_USER
 # -
 # - User under which Sympa services are running
 # -
 # - Defaults to: "sympa"
 # -
 #SYMPA_USER="sympa"
 # - SYMPA_MAIN_CONF_DIR
 # -
 # - Sympas main configuration directory
 # -
 # - Defaults to: "/etc/sympa"
 # -
 #SYMPA_MAIN_CONF_DIR="/etc/sympa"
 # - SYMPA_LIST_DATA_ROOT_DIR
 # -
 # - Root Path containing Sympa's list data directories
 # -
 # - Note:
 # - the real list data directory becomes: ${SYMPA_LIST_DATA_ROOT_DIR}/sympa-$SYMPA_VERSION/list_data
 # -
 # - Defaults to: "/data"
 # -
 #SYMPA_LIST_DATA_ROOT_DIR="/data"
 # - SYMPA_DOMAIN
 # -
 # - Note: if sympa will be configured to support multidomains
 # -       this (SYMPA_DOMAIN) should not contain list definitions
 # -
 # -
 SYMPA_DOMAIN="lists.mx.warenform.de"
 # - START_AT_BOOTTIME
 # -
 # - Defaults to: "yes"
 # -
 #START_AT_BOOTTIME="yes"
 # - SYMPA_LISTMASTER
 # -
 # -
 # - Defaults to "postmaster@$SYMPA_DOMAIN"
 # -
 #SYMPA_LISTMASTER="postmaster@$SYMPA_DOMAIN"
 # - SYMPA_DB_TYPE
 # -
 # - Database type of sympas database
 # -
 # - If database is SQLite, then this parameter is not in use.
 # -
 # - Possible values are 'mysql' (MySQL) or 'Pg' (PostgeSQL), 'Sybase', 'Oracle'
 # -
 # - Defaults to: SYMPA_DB_TYPE="mysql"
 # -
 #SYMPA_DB_TYPE="mysql"
 # - SYMPA_DB_HOST
 # -
 # - Defaults to: SYMPA_DB_HOST="127.0.0.1"
 # -
 #SYMPA_DB_HOST="127.0.0.1"
 # - SYMPA_DB_PORT
 # -
 # - Defaults to:
 # -    3306  -  if SYMPA_DB_TYPE=mysql
 # -    5432  -  if SYMPA_DB_TYPE=Pg
 # -    2638  -  if SYMPA_DB_TYPE=Sybase
 # -    1575  -  if SYMPA_DB_TYPE=Oracle
 # -
 # - 
 #SYMPA_DB_PORT="3306"
 # - SYMPA_DB_NAME
 # -
 # - Defaults to: SYMPA_DB_NAME="sympa"
 # -
 #SYMPA_DB_NAME="sympa"
 # - SYMPA_DB_USER
 # -
 # - Defaults to: SYMPA_DB_USER="sympa"
 # -
 #SYMPA_DB_USER="sympa"
 # - SYMPA_DB_PASSWD
 # -
 # - Password for Sympa's database.
 # - 
 SYMPA_DB_PASSWD="RkFt9rfhpngswF3g"
 # - mysql_credential_args (root access to MySQL Database)
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 # - Defaults to:
 # -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '/usr/local/mysql/sys-maint.cnf' otherwise
 # -
 MYSQL_CREDENTIALS="--login-path=local"
 # - VSERVER_GUEST
 # -
 # - Is this a Linux Vserver guest system?
 # -
 # - Possible values: yes/no
 # -
 # - Defaults to 'VSERVER_GUEST=no'
 # -
 #VSERVER_GUEST=no
--- a/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-hosts
+++ b/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-hosts
--- a/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-nets
+++ b/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-nets
@ -13,3 +13,6 @@
 # ---
 # give truested networrk adresses here
 # d.mx.oopen.de (listen server)
 95.217.204.227
 2a01:4f9:4a:47e5::227
--- a/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-sender
+++ b/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-sender
--- a/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-user
+++ b/roles/common/files/mail.cadus/etc/postfix/postfwd.wl-user
@ -12,4 +12,4 @@
 # ---
 # give trusted sasl usernames here
-
+#spenden@cadus\.org
--- a/roles/common/files/mailserver/etc/postfix/body_check.pcre
+++ b/roles/common/files/mailserver/etc/postfix/body_check.pcre
@ -0,0 +1,9 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---
 # - Body Checks
 # ---
 /See the attached file for details/       REJECT Sobig Virus found. - Body-Spamschutzregel TEXT-1001
 /.*https?:\/\/click2eat.shop\/Installer\/updatedwebmails/   REJECT Maype fishing E-Mail credentials - Body-Spamschutzregel TEXT-1002
--- a/roles/common/files/mailserver/etc/postfix/header_checks.pcre
+++ b/roles/common/files/mailserver/etc/postfix/header_checks.pcre
@ -0,0 +1,37 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---
 # - Replace headers
 # - Replace recieved from IPv4
 #/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4
 # - Replace recieved from IPv6
 #/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6
 # ---
 # - Ignore Headers
 # ---
 #/^\s*User-Agent/        IGNORE
 #/^\s*X-Enigmail/        IGNORE
 #/^\s*X-Mailer/          IGNORE
 #/^\s*X-Originating-IP/  IGNORE
 # ---
 # - Reject / Discard headers
 # ---
 /^To:.*<>/                    REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
 /\(envelope-from <>\)/        REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
 /^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
 /^From:.*<>/                  REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
 /^Date: .* 19[0-9][0-9]/      REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
 /^Date: .* 200[0-9]/          REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
 /^Date: .* 201[0-9]/          REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
 /^Date: .* 2020/              REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
@ -22,3 +22,25 @@
 illuminatus\.lionheart\.lovejoy$
 dancortez\.500$
 geplosser\.pl$
 zukunftbeitragen\.quest$
 gulpagerts\.com$
 flodesyta\.shop$
 einfach-mail-express\.eu$
 feowatley\.shop$
 kssalon\.com$
 zeitarbeitsgruppe\.com$
 jobinscenter\.mom$
 bilingates\.gsm\.pl$
 ^mail\.finsky-palace\.radio\.am$
 ^mail\.newslinkes\.radio\.fm$
 thecaffeinatedquilter\.com$
 ^mail\.hossted\.app$
 rea\.realflightshop\.com$
 tetontimberlinetrading\.com$
 walelaber\.shop$
 couetsart\.xyz$
 technedigitale\.com$
 dia-two-2\.de$
 surlumice\.store$
 hecnvoipl\.xyz$
 viastarco\.xyz$
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
@ -18,3 +18,55 @@
 85.254.72.106
 103.136.40.0/23
 185.53.170.115
 # zukunftbeitragen.quest
 86.107.103.211
 # RU (u.a. mail.geplosser.pl)
 62.152.59.0/24
 # GB mx.bilingates.gsm.pl
 95.168.184.156
 # RU (u.a. mx.jobinscenter.mom)
 31.28.27.0/24
 # RU (u.a. mx.novatechs.gen.tr)
 93.189.44.0/22
 # RU (u.a. vh126.timeweb.ru)
 92.53.96.0/24
 # RU (u.a. mail.newslinkes.radio.am)
 45.130.151.0/24
 # US - OLink Cloud LLC US Cloud ( u.a. pritionch.store)
 104.160.19.0/24
 # TR (u.a. dosvufpro.store
 185.219.135.0/24
 # RZ ( u.a. mx.jobinscenter.mom)
 31.28.27.0/24
 # RU (mx.novatechs.gen.tr)
 93.189.44.0/22
 # mx.bilingates.gsm.pl
 95.168.184.156
 # mail.finsky-palace.radio.am
 89.163.230.186
 # mail.newslinkes.radio.fm
 62.3.58.20
 # SC ( u.a. undialogy.store)
 149.3.170.0/24
 # tetontimberlinetrading.com
 155.94.219.66
 185.43.108.101
 # US (u.a.walelaber.shop)
 216.250.247.0/24
 # IN (u.a. couetsart.xyz)
 103.174.86.0/23
 # DE ( u.a. smtp15.dia-two-2.de
 193.168.252.0/23
 # US ( u.a. surlumice.store )
 # 192.161.160.0/19
 192.161.173.22
 # RU
 194.87.236.0/22
 # SC (u.a. werkzeughandeldirekt.net)
 146.19.253.0/24
 # Piscataway NJ (u.a. werkzeughandeldirekt.net)
 209.182.224.0/22
 # LV (u.a. eur-versand.com )
 217.199.96.0/19
 # viastarco.xyz (eur-versand.com)
 163.123.180.214
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
@ -40,6 +40,23 @@
@geplosser\.pl$
@alfasells\.de$
@news-des-tages\.de$
@handel2022\.com$
@zukunftbeitragen\.quest$
@ip-51-83-242\.eu$
@notreesnolife\.com$
@ilsang\.biz$
 vorteilsemail\.de$
@inbox\.ru$
@poeloker\.com$
@jobinscenter\.mom$
@novatechs\.gen\.tr$
@bilingates\.gsm\.pl$
@newslinkes\.radio\.fm$
@finsky-palace\.radio\.am$
@deutsche-ecommerce\.net$
@cpsarg\.com$
@markenhandelonline\.com$
 firmen-infos\.com$
@inx1and1\..+$
@ppe-healthcare-europe\.\S+$
@ -56,3 +73,5 @@
 # annoying spammer addresses
 ^error@mailfrom\.com$
 ^sqek@eike\.se$
 ^info@webmeinung\.de$
 ^info@handel-versand\.com$
--- a/roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim
+++ b/roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim
@ -0,0 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIJKAIBAAKCAgEAquVzjpidmKqq1AhSB1TvzA9fpXWBLmhbGyiaxr7Rq987+CZd
 +aDKCBI11CCHlKmWu7/SXIGFFrHENvKip+KqsfHSKp6R5cgklnc+ok+UXZuBMegK
 jX9/XmD48xF2/m+p8NOGWfVxiOiXrFPvvcRX9AD/qB318uUyjvcknUJ03NeAdB72
 1u7yFIcOMLOBiVUQgguTPkB+QPMSnF5uOLqrmocLsKfHsSg4RRVN01BEKORw6f12
 JImep/yaFvVu3XmSctl7q7QtAIAobats7VUJgRxHSf31phc1pQBXWJdz3lVehfCr
 HBYM09FbskIBMmOlBz4mU2cU64jnYsqQNgs8fH9Ix0VCkhKM1EichoSNDqc1TTKo
 yNHnfTkreuOWPxa+b8/FBqd/d4I8QLev7h3AzNJtq1ssINRgMmkSsJPEKq1qKriZ
 +ZE19TXcb6RvNeOvYokr6dtwdTYE3bIZiaffJz1CeRzsr6YJ9ItzHGubKllsIS2n
 yrYXP2X6ubCAyAi6n+hubN/scUqKPPby6B0hTSzguYSBLtHtsHtS7LWtbPkfDEv7
 pS9mleMMB/PiYLOh2tmGNeTn3B2OglTFYWqe1miyeB/FNsIgC1+zbMSReufWTxDk
 cmVGjg3kIuuv0DlnVmZZjvmAhXbGyi/xHuXkl1YOdCYVFdzxnqN991LGboECAwEA
 AQKCAgBDSDboqzlQw9ChzezNqikGw/66G7sSVE+aL7BQEwxliGwJ1MEm6KDh8Jl0
 vKHka6hGnszpUqzdNHu1zm0vf9QIXtaJpQh32QZenu/v4zjcab7BsUOGVe4FcFRT
 Dks0/S2A/SZmAHYEmt4sIJfAtK6UCFifDbypNodjNfYaW/G6iLWwAgjYshZo8osp
 rWKQeQcYzAnadnW+iHSJT7xBZWzuV8DIeiXqn5UXzb1oNq+/EcFKvllnJS9rn83i
 wBo35Ac+ZFWGUldtXQeNtfIatmIZjNKcVPoDvBuIrMu2u1oI7L9cKFaVpjDCrChX
 1Bi4h/aPFW7tYyYfXTUL9gg03tOe44GyO4/3LMrijHV6chYKtzPdv9Kq7TKfWi63
 dyyi4W/3c7A8cWizyQwroJjN7aiFTokKXlj6TbgcbTByt5tsk2ItwMH1TwD55tpu
 Uqf2vSA4PvPLw3EtGaRlBqD5OvgktH4SR/IsuCd5GRVRGUslU6T0OOzlWHMZBB16
 2d/pBrHNW3toL2jeAXxDmGPZVgK5+CLqC88bKO0lO3d8HbnSW5WBDiP5wIuNA8R2
 MRBsOwCd+PK/hqxCXWjsCNFmXLgSSJRP4aX0TvFbs06IV371f5I7LiBj5yL68oEz
 dhUc+AVTFrGPTAHR/mXhevVYpNXeUUhUrkVr6spS80FfgO7tgQKCAQEA2anb3vAB
 WsjuK++K29N3msqapt6SO+rA927ySpXEkM5AEf8+71b1RoEtJK9qrZ5Iy6JYrZgb
 XZIycDllq7UURWej3dAPJeT4Wyy4tv+zX90GoJE2QMShnNf4jjkVtfiZ7v2qFly/
 nn5ieGXNRGF1I1m1AMK93GdlXY/HDuPLf+OEedzKeEdlQC2/WyOE6sqZwE5BBAOn
 2jvr2WmxTDxoFCV4UpZ7qPcQWVasH6Csaj4lXfMLjSMKnHwOCQmrO4qlDxChKcdw
 4vQyKDU+XQxQ4puxbD123ZtD/3BqcoTA8EgnpsZlTcqLZeXlQxWZP2UVKii99xC3
 u4tCP37BnGu/qQKCAQEAyP7ssmZ2AEXCwe51FdbPupOlE1D7eUIpfKGMzjiOOhus
 qLjIClac7NqFhwMlu5hL9VkxyKGbjYVzbZQ39Jk8Ua20Z+XvF7uoLx3py5Rxxq8+
 DW7rfaaaM/qa73hlOL9xniuozplqihzuXFRi826BSwEFbWUEit1MZfl+S7QYWVjD
 eR41YIKvHDe629mwXn1bJum4biTCCoXVS3xgDPjEY60xwLZNk1IoYTuoznTO3Nt+
 dhIywx+19v0gzBsggPfn7En9AEqqqFPOiM8WHaFU+earsFMQfUMrhcThatr7JzTc
 R2WK96P6lGbl6LjMzp3MRnYSqvpYS13FciRed7lfGQKCAQARFMJbaWxBypjeO8si
 2yJ8tD+Ursy9BPwlrsA22C/3ySfAAc7Xi3RuFv8K7PUrMMu3p0LcRJ6JJkrtAaQX
 6Hrxw2NZqdU2fRR8WzMXsVNLR5YYjay7QnMIUu5/gr1QbXTvC1sIrDihYHurxRlp
 r1g48PZCXAX4QOj0ga72XSwAGkOwKIJ/E+M/ORfWOCBbKJEORVXW0c6fUqp8gk3W
 lLr6McKSgJqttM3EpQeW583//GaES+lxJvnTM+0KCoc0gfnYB88N70fNl6pD+4Gs
 XaYPUnaG7v/f/ipE5naEDCTz9kWeUd1rUGTGF1d5fz1qey1BBLd7pwU0I4aMYw8g
 jlgZAoIBAQCgr/03Wua3rQ3Y0PTWMtf7x5HPcYy6EoTsWJMjQt+h4QIWGTQD396x
 FLpvh7qg0U7YpShBx8F+UNRJJJffeqpYelCiR5bwGFyK3pVM5i5Xsz4eqzClUY4y
 RAWdsVjrF1KUKz9XfBtKs3p0YhqBlzTSa8yU+o+5HNa5J88qYp6cv3P23om50ICC
 RKOko9J2mC1JXMzPcZ+Xngs5wANiG3eWYJ5H/Pbj8mjJ41I/S+8dbnUZm87tY+qr
 vQ59XqqLsKW/qB8WHpt02xthEH4TzikLaLiVzLKAEjU3SoEUVmE3pPD+O1XwSS5J
 ekIP3b4O6OSo6DhgbKguCJeTezPy70XxAoIBAH8+SK4eaw7EUWAkxY4VDuP+VEOh
 VI80/lmPaPRzaYHodpKMVX27mYqU03n8VqE8Tu1DI0DAKcDAB28hPTdbbJ21oSGr
 9sJa3lSuOC/TVv/Q3nVUCTO+EaJ/qTjJQDukDWW4pQCfMJANRszlyQ+tJ46/4ofI
 MqTiWbKZj32xUw/dY+XH2ZRYOQvndT8kpxBTUuGPPJliZ1YaO+9hhUGBlhrcrU7y
 Uq7xVrG3MBn0I6ibwRGy+zo82ZZIrblMT+Fz3jQVjQzyIKiQvph+8QivFWThR+ej
 K2S7h4A/UD69jkIy5nDVGEmL8cMS2Wgn3RAwyS5c7aUaVS+F93zzw2cyx1E=
 -----END RSA PRIVATE KEY-----
--- a/roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim.pub
+++ b/roles/common/files/mx.warenform/root/.ssh/mx.warenform-id_rsa-opendkim.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCq5XOOmJ2YqqrUCFIHVO/MD1+ldYEuaFsbKJrGvtGr3zv4Jl35oMoIEjXUIIeUqZa7v9JcgYUWscQ28qKn4qqx8dIqnpHlyCSWdz6iT5Rdm4Ex6AqNf39eYPjzEXb+b6nw04ZZ9XGI6JesU++9xFf0AP+oHfXy5TKO9ySdQnTc14B0HvbW7vIUhw4ws4GJVRCCC5M+QH5A8xKcXm44uquahwuwp8exKDhFFU3TUEQo5HDp/XYkiZ6n/JoW9W7deZJy2XurtC0AgChtq2ztVQmBHEdJ/fWmFzWlAFdYl3PeVV6F8KscFgzT0VuyQgEyY6UHPiZTZxTriOdiypA2Czx8f0jHRUKSEozUSJyGhI0OpzVNMqjI0ed9OSt645Y/Fr5vz8UGp393gjxAt6/uHcDM0m2rWywg1GAyaRKwk8QqrWoquJn5kTX1NdxvpG81469iiSvp23B1NgTdshmJp98nPUJ5HOyvpgn0i3Mca5sqWWwhLafKthc/Zfq5sIDICLqf6G5s3+xxSoo89vLoHSFNLOC5hIEu0e2we1Lsta1s+R8MS/ulL2aV4wwH8+Jgs6Ha2YY15OfcHY6CVMVhap7WaLJ4H8U2wiALX7NsxJF659ZPEORyZUaODeQi66/QOWdWZlmO+YCFdsbKL/Ee5eSXVg50JhUV3PGeo333UsZugQ== root@mx
--- a/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf
+++ b/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf
@ -0,0 +1,134 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 #---------------------------------------
 #-----------------------------
 # Settings for script check_cert_for_dovecot.sh
 #-----------------------------
 #---------------------------------------
 # - service_domain
 # -
 # - The main domain for which the certificate was issued
 # -
 # - Example:
 # -    service_domain="a.mx.oopen.de"
 # -    service_domain="mail.cadus.org"
 # -    service_domain="mx.warenform.de"
 # -
 #service_domain=""
 service_domain="mx.warenform.de"
 # - service_name
 # -
 # - Name of service.
 # -
 # - Note: this var will also be used to determin systemd service file
 # - or sysVinit script.
 # -
 # - Example: 
 # -    service_name="Mumble"
 # -    service_name="Prosody"
 # -
 # - Defaults to:
 # -    service_name="Dovecot"
 # -
 #service_name=""
 # - check_string_ps
 # -
 # - String wich (clearly) identifies the service at the process list (ps)
 # -
 # - Example:
 # -    check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
 # -    check_string_ps=""
 # -
 # - Defaults to:
 # -    check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
 # -
 #check_string_ps=""
 # - service_user
 # -
 # - User under which the service is running.
 # -
 # - Example:
 # -    service_user="mumble-server"
 # -    service_user="prosody"
 # -
 # - Defaults to:
 # -    service_user="prosody"
 # -
 #service_user=""
 # - service_group
 # -
 # - Group under which the service is running.
 # -
 # - Example:
 # -    service_group="mumble-server"
 # -    service_group="prosody"
 # -
 # - Defaults to:
 # -    service_group="prosody"
 # -
 #service_group=""
 # - cert_installed
 # -
 # - Locataion of certificate read by service
 # -
 # - Example:
 # -    cert_installed="/var/lib/mumble-server/fullchain.pem"
 # -    cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
 # -
 # - Defaults to:
 # -    /etc/dovecot/ssl/mailserver.crt
 # -
 #cert_installed=""
 # - key_installed
 # -
 # - Location of the key read by service
 # -
 # - Example:
 # -    key_installed="/var/lib/mumble-server/privkey.pem"
 # -    key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
 # -
 # - Defaults to:
 # -    /etc/dovecot/ssl/mailserver.key
 # -
 #key_installed=""
 # - cert_newest
 # -
 # - Location of the newest certificate.
 # -
 # - Example:
 # -    cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
 # -    cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
 # -
 # - Defaults to: 
 # -    /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
 # -
 #cert_newest=""
 # - key_newest
 # -
 # - Location of the newest Key
 # -
 # - Example:
 # -    key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
 # -    key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
 # -
 # - Defaults to:
 # -    /var/lib/dehydrated/certs/${service_domain}/privkey.pem
 # -
 #key_newest=""
--- a/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
@ -0,0 +1,154 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 #---------------------------------------
 #-----------------------------
 # Settings
 #-----------------------------
 #---------------------------------------
 # ---
 # - LOGGING
 # -
 # - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
 # - the output will be verbos. If running as cronjob, output will only be written, if warnings or 
 # - errors occurs.
 # ---
 # - What to check
 # -
 check_load=true
 check_mysql=false
 check_apache=true
 check_php_fpm=true
 check_website=false
 # - Additional Settings for check_mysql
 # -
 # - MySQL / MariaDB credentials
 # -
 # - Giving password on command line is insecure an sind mysql 5.5
 # - you will get a warning doing so.
 # - 
 # - Reading username/password fro file ist also possible, using MySQL/MariaDB
 # - commandline parameter '--defaults-file'.
 # - 
 # - Since Mysql Version 5.6, you can read username/password from
 # - encrypted file.
 # -
 # -    Create (encrypted) option file:
 # -    $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock  --user=root --password
 # -    $ Password:
 # -
 # -    Use of option file:
 # -    $ mysql --login-path=local ...
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 mysql_credential_args=""
 # - Additional Settings for check_php_fpm
 # -
 # - On Linux Vserver System set
 # -    curl_check_host=localhost
 # -
 # - On LX-Container set
 # -    curl_check_host=127.0.0.1
 # -
 curl_check_host=127.0.0.1
 # - Which PHP versions should be supported by this script. If more than one,
 # - give a blank separated list
 # -
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
 php_versions="7.4"
 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
 # - the concerning php_version in form
 # -    <php-version>:<ping-path>
 # -
 # - Multiple settings are possible, give a blank separated list.
 # -
 # - Example:
 # -
 # -    ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
 # -
 ping_path=""
 # - Additional Settings for check_website - checking (expected) website response
 # -
 # - example:
 # -    is_working_url="https://www.outoflineshop.de/"
 # -    check_string='ool-account-links'
 # -    include_cleanup_function=true
 # -    extra_alert_address="ilker@so36.net"
 # -    cleanup_function='
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
 # -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
 # -    /usr/local/bin/redis-cli flushall > /dev/null 2>&1
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
 # -    else
 # -       error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
 # -     fi
 # -    /etc/init.d/redis_6379 restart
 # -    if [[ "$?" = "0" ]]; then
 # -       ok "I restarted the redis service"
 # -       echo -e "\t[ Ok ]:    I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
 # -    else
 # -       error "Restarting the redis server failed!"
 # -       echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
 # -    fi
 # -    '
 # -
 is_working_url=''
 check_string=''
 include_cleanup_function=true
 # - An extra e-mail address, which will be informed, if the given check URL
 # - does not response as expected (check_string) AFTER script checking, restarting
 # - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
 # -
 extra_alert_address=''
 # - php_version_of_working_url
 # -
 # - If given website (is_working_url) does not response as expected, this PHP FPM
 # - engines will be restarted.
 # -
 # - Type "None" if site does not support php
 # -
 # - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
 # - will be restarted
 # -
 php_version_of_working_url=''
 # - Notice:
 # - If single qoutes "'" not needed inside cleanup function, then use single quotes
 # - to enclose variable "cleanup_function". Then you don't have do masquerade any 
 # - sign inside.
 # -
 # - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
 # -
 cleanup_function='
 '
 # - E-Mail settings for sending script messages
 # -
 from_address="root@`hostname -f`"
 content_type='Content-Type: text/plain;\n charset="utf-8"'
 to_addresses="root"
--- a/roles/common/files/mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
+++ b/roles/common/files/mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
@ -0,0 +1,174 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ---------------------------------------------------------
 # - Parameter Settings for script 'create_opendkim_key.sh'.
 # ---------------------------------------------------------
 # ----------
 # DNS Server
 # ----------
 # - dns_dkim_zone_master_server
 # - 
 # - The DNS Server who is serving the update zone and is used 
 # - for the dynamic updates (nsupdate) 
 # - 
 dns_dkim_zone_master_server="dns0.warenform.de"
 # - update_dns
 # -
 # - Possible Values are 'true' or 'false'
 # -
 #update_dns=""
 # - update_zone
 # -
 # - Zone containing the DKIM TXT record.
 # -
 # - Defaults to '_domainkey.<dkim_domaini>'
 # -
 # - Note:
 # -    do NOT change/set this option unless you know what you do.
 # -
 #update_zone=""
 # - TTL
 # -
 # - TTL for the DKIM TXT Record.
 # -
 # - Defaults to "" if update_dns=false
 # - Defaults to "43200" if update_dns=true
 #
 #TTL=""
 # ----------
 # TSIG Key
 # ----------
 # - key_secret
 # -
 # - Sectret Key used by 'nsupdate' to create/update the
 # - DKIM TXT record.
 # -
 # - Example:
 # -    key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
 # -
 #key_secret=""
 key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
 # - key_algo
 # -
 # - The key algorithm used for key creation. Available choices are: hmac-md5, 
 # - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The 
 # - default is hmac-sha256. Options are case-insensitive.
 # -
 # - Example:
 # -    key_algo="hmac-md5"
 # -
 # - Defaults to 'hmac-sha256'
 # -
 #key_algo="hmac-sha256"
 # - key_name
 # -
 # - Name of the Key
 # -
 # - Defaults to "$update_zone"
 # -
 #key_name=
 key_name="update-dkim"
 # ----------
 # Access Credentials DNS Server
 # ----------
 # - dns_ssh_user
 # -
 # - Defaults to 'manage-bind'
 # -
 #dns_ssh_user="manage-bind"
 # - dns_ssh_port
 # -
 # - Defaults to '22'
 # -
 #dns_ssh_port=22
 # - dns_ssh_key
 # -
 # - Defaults to '/root/.ssh/id_rsa-opendkim'
 # -
 #dns_ssh_key="/root/.ssh/id_rsa-opendkim"
 # ----------
 # Scripts envoked at DNS Server
 # ----------
 # - set_new_serial_script
 # -
 # - Script increases the serial for a given domain or a given 
 # - hostname's concerning domain.
 # -
 # - Defaults to '/root/bin/bind/bind_set_new_serial.sh'
 # -
 #set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh"
 # - create_dkim_delegation_script
 # -
 # - Script adds DKIM subdomain delegation for a given domain
 # -
 # - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh'
 # -
 #create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh"
 # - add_dkim_zone_master_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as master zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh'
 # -
 #add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh"
 # - add_dkim_zone_slave_script
 # -
 # - Script adds zone _domainkey.<dkim domain> as slave zone
 # -
 # - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh'
 # -
 #add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh"
 # ----------
 # OpenDKIM Installation
 # ----------
 # - opendkim_dir
 # -
 # - OpenDKIM's etc-directory
 # -
 # - Defaults to opendkim_dir="/etc/opendkim"
 # -
 #opendkim_dir="/etc/opendkim"
 # - key_base_dir
 # -
 # - Defaults to "${opendkim_dir}/keys"
 # -
 #key_base_dir=${opendkim_dir}/keys
 # - signing_table_file
 # -
 # - Defaults to "${opendkim_dir}/signing.table"
 # -
 #signing_table_file="${opendkim_dir}/signing.table"
 # - key_table_file
 # -
 # - Defaults to "${opendkim_dir}/key.table"
 # -
 #key_table_file="${opendkim_dir}/key.table"
--- a/roles/common/files/mx.warenform/root/bin/postfix/conf/postfix_add_mailboxes.conf
+++ b/roles/common/files/mx.warenform/root/bin/postfix/conf/postfix_add_mailboxes.conf
@ -0,0 +1,86 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ----------------------------------------------------
 # ---
 # - Parameter Settings for script 'postfix_add_mailboxes.sh'.
 # ---
 # ----------------------------------------------------
 # - dovecot_enc_method
 # -
 # - The (dovecot) password  scheme  which  should  be  used  to  generate  the  hashed  
 # - passwords of EXISTING users.
 # -
 # - Possible values are: 
 # -
 # -    See output of 'doveadm pw -l'
 # -
 # - DEFAULTS to: dovecot_enc_method="SHA512-CRYPT"
 # -
 #dovecot_enc_method="SHA512-CRYPT"
 # - in_file
 # -
 # - The file from wich the script reads the e-mail-address/password
 # - kombination(s). Each line in this file must only contain
 # -    <emal-address> <password>
 # -
 # - Defaults to: in_file="${conf_dir}/mailboxes_new.lst"
 # -
 #in_file="${conf_dir}/mailboxes_new.lst"
 # - db_type
 # -
 # - Type of Postfix Database
 # -
 # - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
 # - 
 # - Defaults to: db_type="pgsql"
 # -
 #db_type="pgsql"
 # - db_name
 # -
 # - Database name for the postfix database
 # - 
 # - Defaults to: db_name="postfix"
 # -
 #db_name="postfix"
 # - db_name
 # -
 # - Database name for the postfix database
 # - 
 # - Defaults to: db_name="postfix"
 # -
 #db_name="postfix"
 # - mysql_credential_args (root access to MySQL Database)
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 # - Defaults to:
 # -    '--defaults-file=/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '--defaults-file=/usr/local/mysql/sys-maint.cnf' otherwise
 # -
 #mysql_credential_args=""
 # - quota
 # -
 # - The quota setting for the new mailboxes.
 # -
 # - Defaults to: quota="536870912"
 # -
 #quota="536870912"
 quota=2147483648
 # - log_file
 # -
 # - Where to write logging informations?
 # -
 # - Defaults to: log_file="${script_dir}/log/postfix_add_mailboxes.log"
 # -
 #log_file="${script_dir}/log/postfix_add_mailboxes.log"
--- a/roles/common/files/mx.warenform/root/bin/postfix/conf/sent_userinfo_postfix.conf
+++ b/roles/common/files/mx.warenform/root/bin/postfix/conf/sent_userinfo_postfix.conf
@ -0,0 +1,92 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ----------------------------------------------------
 # ---
 # - Parameter Settings for script 'sent_userinfo_postfix.sh'.
 # ---
 # ----------------------------------------------------
 # - message_body_file
 # -
 # - Full path to file containing the user info. This file must contain 
 # - the message body WITHOUT e-mail headers. If file is placed in the
 # - 'files' directory use '${file_dir}/<file-name>'
 # -
 # - Defaults to '${file_dir}/sent_userinfo_postfix.message'
 # -
 #message_body_file="${file_dir}/sent_userinfo_postfix.email"
 # - email_from
 # -
 # - From Address of user info
 # -
 # - Example: 'oo@oopen.de'
 # -
 email_from="admin@warenform.net"
 # - email_from_org
 # -
 # - Example: email_from_org="O.OPEN"
 # -
 email_from_org="WARENFORM"
 # - db_type
 # -
 # - Type of Postfix Database
 # -
 # - Possible values are 'pgsql' (PostgeSQL) or 'mysql' (MySQL)
 # - 
 # - Defaults to: db_type="pgsql"
 # -
 #db_type="pgsql"
 # - db_name
 # -
 # - Database name for the postfix database
 # - 
 # - Defaults to: db_name="postfix"
 # -
 #db_name="postfix"
 # - mysql_credential_args (root access to MySQL Database)
 # -
 # - Example
 # -    mysql_credential_args="--login-path=local"
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
 # - Defaults to:
 # -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '/usr/local/mysql/sys-maint.cnf' otherwise
 # -
 #mysql_credential_args=""
 # - mail_user
 # -
 # - The owner of the mailbox directories and within the e-mails itself.
 # -
 # - defaults to mail_user="vmail"
 # -
 #mail_user="vmail"
 # - mail_group
 # -
 # - The group of the mailbox directories
 # -
 # - defaults to mail_group="vmail"
 # -
 #mail_group="vmail"
 # - mail_basedir - No more needed!
 # -
 # - The root directory where all mailbox-domains are located.
 # -
 # - Defaults to '/var/vmail'.
 # -
 #mail_basedir=/var/vmail
--- a/roles/common/files/mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
+++ b/roles/common/files/mx.warenform/root/bin/postfix/conf/whitelist_mb_sigs.conf
@ -0,0 +1,44 @@
 # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
 # ======================================================
 # ---
 # Parameter Settings for Script 'whitelist_mb_sigs.conf'
 # ---
 # ======================================================
 # QUARANTINE_BASE_DIR
 #
 # Base directory where amavis stores quarantined e-mails, mostly in
 #
 #    virus e-mails:   $QUARANTINE_BASE_DIR/virus
 #    spam emails:     $QUARANTINE_BASE_DIR/spam
 #    ..
 #
 #    Defaults to:
 #       QUARANTINE_BASE_DIR="/var/QUARANTINE"
 #
 #QUARANTINE_BASE_DIR="/var/QUARANTINE"
 # CLAMAV_VIRUS_WHITE_LIST
 #
 # Full path to clamav's (personal) white list file
 #
 # Defaults to:
 #    CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 #
 #CLAMAV_VIRUS_WHITE_LIST="/var/lib/clamav/my_whitelist.ign2"
 # WHITE_LIST_STRINGS
 #
 # A blank separated list of strings to whitelist.
 #
 # Example:
 #    WHITE_LIST_STRINGS="google.com tinyurl.com"
 #
 # Defaults to:
 #    WHITE_LIST_STRINGS="google.com"
 #
 #WHITE_LIST_STRINGS="google.com"
 WHITE_LIST_STRINGS="google.com tinyurl.com"
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -20,6 +20,14 @@
    name: ssh
    state: restarted
 - name: Reload nfs
  service:
    name: nfs-kernel-server
    state: reloaded
    enabled: yes
  when:
    - "groups['nfs_server']|string is search(inventory_hostname)"
 - name: Restart postfix
  service:
    name: postfix
--- a/roles/common/tasks/copy_files.yml
+++ b/roles/common/tasks/copy_files.yml
@ -19,6 +19,24 @@
    - copy-files
    - copy-plain-files
 - name: (copy_files.yml) Copy plain files Postfix (/etc/postfix)
  copy:
    src: '{{ item.src_path }}'
    dest: '{{ item.dest_path }}'
    owner: root
    group: root
    mode: '0644'
  loop: "{{ copy_plain_files_postfix }}"
  loop_control:
    label: 'dest: {{ item.name }}'
  when: 
    - inventory_hostname in groups['mail_server']
    - copy_plain_files_postfix is defined
    - copy_plain_files_postfix|length > 0
  tags:
    - copy-files
    - copy-plain-files
 - name: (copy_files.yml) Copy plain files Postfix Firewall (postfwd)
  copy:
    src: '{{ item.src_path }}'
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -131,6 +131,15 @@
  tags: git
 # tags supported inside nfs.yml:
 #
 #    nfs-server
 #    nfs-client
 - import_tasks: nfs.yml
  tags:
    - nfs
 # tags supported inside copy_files.yml:
 #
 #   copy-files
--- a/roles/common/tasks/nfs.yml
+++ b/roles/common/tasks/nfs.yml
@ -0,0 +1,96 @@
 ---
 # ---
 # NFS Server
 # ---
 - name: (nfs.yml) Ensure NFS utilities (server) are installed.
  apt:
    name:
      - nfs-common
      - nfs-kernel-server
    state: present
  when:
    - ansible_os_family == "Debian"
    - "groups['nfs_server']|string is search(inventory_hostname)"
  tags:
    - nfs-server
 - name: (nfs.yml) Ensure directories to export exist
  file:
    path: '{{ item.src.split(":")[1] }}'
    owner: root
    group: root
    mode: '0755'
    state: directory
  with_items: "{{ nfs_exports }}"
  loop_control:
    label: '{{ item.path }}'
  when:
    - "groups['nfs_server']|string is search(inventory_hostname)"
  tags:
    - nfs-server
 - name: (nfs.yml) Copy exports file.
  template:
    src: etc/exports.j2
    dest: /etc/exports
    owner: root
    group: root
    mode: 0644
  when:
    - "groups['nfs_server']|string is search(inventory_hostname)"
  notify: Reload nfs
  tags:
    - nfs-server
 - name: Enable service rpc-statd and ensure it is not masked
  systemd:
    name: rpc-statd
    enabled: yes
    masked: no
  when:
    - "groups['nfs_server']|string is search(inventory_hostname)"
 - name: Make sure service rpc-statd is running
  systemd:
    state: started
    name: rpc-statd
  when:
    - "groups['nfs_server']|string is search(inventory_hostname)"
  tags:
    - nfs-server
 # ---
 # NFS clients
 # ---
 - name: (nfs.yml) Ensure NFS utilities (clients) are installed.
  apt:
    pkg: nfs-common
    state: present
  when: 
    - ansible_os_family == "Debian"
    - "groups['nfs_client']|string is search(inventory_hostname)"
  tags:
    - nfs-client
 - name: (nfs.yml) NFS Mount exports from nfs server
  mount:
    path: "{{ item.path }}"
    src: "{{ item.src }}"
    fstype: nfs
    opts: "{{ item.mount_opts }}"
    dump: "{{ item.dump | default(omit) }}"
    passno: "{{ item.passno | default(omit) }}"
    state: mounted
  loop: "{{ nfs_exports }}"
  loop_control:
    label: '{{ item.src }}'
  when:
    - "groups['nfs_client']|string is search(inventory_hostname)"
  tags:
    - nfs-client
--- a/roles/common/tasks/samba-config-server.yml
+++ b/roles/common/tasks/samba-config-server.yml
@ -4,6 +4,16 @@
 # Samba Server
 # ---
 - name: (samba-install.yml) Ensure samba packages server are installed.
  package:
    pkg: '{{ apt_install_server_samba }}'
    state: present
  when:
    - "groups['samba_server']|string is search(inventory_hostname)"
  tags:
    - samba-server
 - name: (samba-config-server.yml) Ensure samba share directories exists
  file:
    path: "{{ item.path }}"
--- a/roles/common/templates/etc/exports.j2
+++ b/roles/common/templates/etc/exports.j2
@ -0,0 +1,31 @@
 # {{ ansible_managed }}
 # /etc/exports: the access control list for filesystems which may be exported
 #   to NFS clients.  See exports(5).
 #
 # Example for NFSv2 and NFSv3:
 # /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
 #
 # Example for NFSv4:
 # /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
 # /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
 #
 {% set count = namespace(nfs_exports=100) %}
 {% for export in nfs_exports %}
 {% set export_str= namespace(nfs_exports = export.src.split(":")[1]) %}
 {%    set count.nfs_exports = count.nfs_exports + 10 %}
 {%    for network in export.export_networks %}
 {%       if export.use_fsid_option is defined and export.use_fsid_option is sameas true %}
 {%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
 #{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
 {%       else %}
 {%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~")" %}
 #{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }})
 {%       endif %}
 {%    endfor %}
 {{ export_str.nfs_exports }}
 {% endfor %}
--- a/roles/common/templates/usr/local/src/mailsystem/conf/install_amavis.conf.j2
+++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_amavis.conf.j2
@ -7,7 +7,11 @@
 _HOSTNAME={{ hostname }}
 _IPV4='{{ ipv4_address | default(omit) }}'
-_IPV6='{{ ipv6_address | default(omit) }}'
+{% if ipv6_address is defined and ipv6_address %}
 _IPV6="{{ ipv6_address }}"
 {% else %}
 _IPV6=disabled
 {% endif %}
 _QUARANTINE_DIR=/var/QUARANTINE
 _QUARANTINE_ADMIN=postmaster\@$mydomain
--- a/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
+++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
@ -11,10 +11,20 @@
 _HOSTNAME={{ hostname }}
 _IPV4='{{ ipv4_address | default(omit) }}'
-_IPV6='{{ ipv6_address | default(omit) }}'
+{% if ipv6_address is defined and ipv6_address %}
 _IPV6="{{ ipv6_address }}"
 {% else %}
 _IPV6=disabled
 {% endif %}
 _ADMIN_EMAIL="{{ admin_email }}" 
 _SASL_AUTH_ENABLED="{{ sasl_auth_enable | default('no') }}"
 _SASL_USER='{{ sasl_user | default(omit) }}'
 _SASL_PASS='{{ sasl_pass | default(omit) }}'
 {% if is_sympa_list_server is defined and is_sympa_list_server is sameas true %}
 _RELAY_HOST=true
 _SYMPA_LIST_SERVER=true
 {% else %}
 _RELAY_HOST="{{ is_relay_host | default('false') }}"
 _SYMPA_LIST_SERVER=false
 {% endif %}
--- a/roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
+++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail.conf.j2
@ -42,7 +42,11 @@ IPV6="{{ ipv6_address | default(omit) }}"
 # -
 # - Defaults to 'admin@<domain>.<tld>'
 # -
 {% if (admin_email is defined) and admin_email %}
 POSTFIX_DB_HOST_PGSQL="{{ postfix_db_host }}"
 {% else %}
 #WEBMASTER_EMAIL=""
 {% endif %}
 # - Base Directory of Roundcube Website 
 # -
@ -290,7 +294,11 @@ POSTFIX_DB_PASSWD='{{ postfix_db_pass | default(omit) }}'
 # -
 # - Defaults to 'false'
 # -
 {% if roundcube_acl_plugin is defined and roundcube_acl_plugin is sameas true %}
 INCLUDE_ACL_PLUGIN="true"
 {% else %}
 #INCLUDE_ACL_PLUGIN="false"
 {% endif %}
 # ===
--- a/roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf.j2
+++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_upgrade_roundcube-webmail2.conf.j2
@ -265,7 +265,11 @@ POSTFIX_DB_PASSWD='{{ postfix_db_pass | default(omit) }}'
 # -
 # - Defaults to 'false'
 # -
 {% if roundcube2_acl_plugin is defined and roundcube2_acl_plugin is sameas true %}
 INCLUDE_ACL_PLUGIN="true"
 {% else %}
 #INCLUDE_ACL_PLUGIN="false"
 {% endif %}
 # ===
--- a/roles/common/templates/var/www/.ssh/config.j2
+++ b/roles/common/templates/var/www/.ssh/config.j2
@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-Host wf.oopen.de 80.152.216.128 gw-d11.oopen.de d11.warenform.de
+Host wf.oopen.de 79.140.184.145 gw-d11.oopen.de d11.warenform.de
   user webadmin
   Protocol 2
   Port 9998
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC31CHZ0pkdmcUVo64LeUfN/QbYyzGXihsAIYSmjRrsxhwwh30Ceu8VNukDKVrQfu7hO5sRIa8Vj/8Dr1FnLZznIva7dRqnCJ6WHFsTLFoDuBU53qxegE+fEDfoYEVJpRD6EzSAy/XJQUfkNYIPFM3f2igmTx2GjGtkg+jKGDu/UHEoa07RoqKM4eHvRI9bjOiAYr5j87Gkyzf05C6nTk3D8CXX/6MIG2tC0vyKaNgcFgP4VyMh1Fb8nVr5gHiDSavK71Y+9N3yGRy8QBS/a/ArsD3R3VH/tj1ReaABiXccJ+SrdzT89wE3tV8qZDKymbEm6mFz8z0pFXxisG3F19mU4vraZvK4df5E/SnY6qHpVrgDNXIUpXx0UDR2IVsvvFsxFzPfhDCK10e3Yk1/ctRkZZaY5x+4l4WibjH2BJxpYAxriGjP1xWicLUywba1PpJG6dTQSi2fuwKBxXw+Y/XGRA+2yXGYe687WB5pkh8y5WVVQZbCeTixIVlewHirMOqCdw+vFT7S+HOZdXA4UIM8nHAzufxQVssxbGZD3r813YcSbVymoXzte7uGQS24ofu2u1h1FLvnPDjCrKNdkr6ArhVvbDch3yPtzPG0dYX5h/fySjVZPOAPxwaVDkWyXSckeGnYxPIhY5H4yCX1vLR7XaiIfM7zLNYCkOjG3fEf7Q== root@d.mx-dehydrated
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz5S/8ltqTaod7hZJuU/cC+AOO+OogsdBv4bs7dRXR49G4CmTkm7YkexRBXeW8rVClH4AayqqJKh9QbDTcUhLNAofe0fhSxhgprtLEVLu/ilnJ4MOrxh70zUgXxu86fJA5E3OAVSM3vDfT5EY4W5A1MJt1y4tr9RWZLpu68O9CJPU4fWcI06h5ySmdSVVcHhBANPjHDSJiOWfw1fZ0O1ptEFf4o/0Ivzq1u7Yjr8C3RH5xOH2BIzbnDRcR4zy5OWNc/gGr0//CuOQbZ/GhrAtWb/s0ifjZYxHLY1qiy6c4UDGP2Z6Jiio37vFCselIvKvhc/ndqUgo4EP433YtJDwy+B5pj5yL+7sD4/lvqLPoTX6XYOwQiluPDoZGMta1glTvkNfZwnCO4HMsYe1jzy4r8DsjFadQtuUHhQ2e2yMv4VJ/+gB5y7v78NuMCVJ+tdtAyBvCxjtwea3y1KJ/PwVByAlv1uRzsI3EvjwxdzGqo3mlEWBurwtmr0rWV9ZnMDwbqUL4lvXE/qd138yTO5bm5wNgAzsUj7/uL1Y3L9Rz+OnRm+lhdI19huNMi2Yv9uQcm2kNFbZlNVu62yORJl6h3Lkqn6zbxpNZ2duZZUCfRw/bP1WYyHyexReDT/5X/paV3CE2/jyXbaOhN2asgQS1g4veZQPk3oD9/LnZOSEQBw== root@d.mx-opendkim
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF7Sx0YJlLjjg3Sm8uiXJyBeKKmZFum3D8Mw2VQZrXJgYOrVB/SVDXO4N5I6NOT5bvxs8c5DLV/4J4ewGP5dGSYiepRnkrRSBUUS6ICwkYfyXremHJ31uREfODRBA4Vnsmpw0SlbQ2I9IpYwsaD3/IDZehDgaCKu4D0/LIprZh0/u+WX7kOGb8Tkm/PBu2SSbAzURaMXn/UtGsUyrickAmEK9qXZDsNYgcwOqZaPtkMZP3mAdix/gKaWV07oU49zxBrouD8gRWAs/yOLvxOe1JDcH2ZExXl81jJYlUffKarBHsWNNE79hUInnH9YTfxP1AEC+MyFXxqKwz3Lk1dQyUo1TFtJTYY+/IHsXT/6KhbOi6twhj7U7uZEqaIWyo6N+WVL9fFhgmbSoVIE6KrBM5VtOdr33A3a+XeNAQGjW6mqOcv3iNUDipTnDTKkEAWQWWnK5YRuaJw1eUCoii/FDp0hRTWIqn+RVCgkOGgEjMIRC8tiQouCXxwfukfcq9zD8S8UCyyQY0uWRHm3uM5GHTmvIJHBXfXBSX/B+PgesSZVwICCiS/6ZSWT+6D5ObBdKGkz12A797YyaMsN7RtJn6OBhPRrGfqQLCIM7lpxJHAoQmTSMiuQp/TjHLedjAm3FvxET2ZvqPWg9QtvSzIoz2JOdKysZHGgbBdC7q6Cssvw== root@ga-st-mail-dehydrated
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCv2rDahAeQBR9NcQkHG5VHbMNGlOzHJPbh5V34ogloAtW0VVO7xnes3Ak3Q/eM0tFbFMG4MRti1M3Un0GJzTV9H2bqN02TmUp5MnDVDcHNfG4L7hqLH2KtwniKeB41IKIeJUdhpKxdFFqM8Z78Xn5EASO5Fu33lQcH+RTbmoYikEr1WrSbQB3wcqtXS+lNveyFUlJD9XJ0MLzanBePQh9boc93CfOa3yFTb90grfB5QjnpL7167MpSH6Oq/DVh5NcnMzvoYjZf9gsMTHuOAUyUKGeUdg2K89gFjkBq2r3S3ouKpDQxPSRXHuNDBSeHJEHy8DP6rOd+0qZVOaPEv3Qi/BRPO9LWcc2aUg8ydI7w1oMd/STaK54PaUJJ7uXV3ZTQsxGyziwZlx+Gq0PNAMjKFdYXAcuGPnlYxDGhVcJJElEuu7DJQqpWfzofov2VEniQQ8Ekknpxd5MFYka0NP038lpIZyMzy13DFJ6KUchbTGfzkHcwKmFX+3vZFEBqq5rZWOuY303qe5gP7eKhsBV/iu47Ne1OtTS2N0QFPTElshk3CLbZKerQo+XLxo3Z15cRDxDsgkdAHtY1PiMjXeX8ZahwXC2vs1ZfBoN4kK2iIH1Gtor4QG+g7chjKa+kZDKqFd4y0EZzeR0IjYCyWt2mNd3hMbEjBtZp75drYmRlqQ== root@ga-st-mail-opendkim
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQClupkurU+acJRtp2s9GgiC+rANqlup8SfhtulV0a/8z6nobjcpQWrfVq+MNjM7VghnlMAwMjz7tccFGyCmJoSS11RcnFtPmqnSNj0/TI8zyYOZUvZCczPBSeqs/IxawyYz91e3RlPWbpv71Nj+/EHUZApZkkdTkpYHduSJYWtKYA2l2Glzmjd2d2u/IFIkqXhvl1bT3RUMLZJqYdEwYAvlW2JB84EIWNf4ytcGcu6rakXCRP9o62BbRza3AfMgSfa45PLodPi5VpqDiTHSCIBll+VOuLqTgQCBYeANRPClMLbueVXXcMrmEwrDXeC0dpqTdgaF2Tz3xYsrAzTe6bcNJsGgGCQyTtDKpsAgoKb31agsyy68CoZto13Ea4WYsNVx0T3KaRlaDm98KqnUJXHJvXnLegqfXiURL5BpxXmAnFvZ0duHrtRkVpzeu5n5vz41RLnFHyLln2VE6a+IYdiLlPl2hC+7pswb+nBP9yNn6T4WQZNtHp4YssANuYKO+/gJaHpMJ1TqgL/Ip66erK+372M1T/6ibiU3+qHbwW7FbXVfn3Dz2abJGyNkoaZGpQIXtx0UxWYZHF8E35Z0ll9NQo1CnDvV3jA1aMnYVTv9DuSYxqLY34oHWXEFzMyStCRWup4Tfrp3pT61GRhb2h8kZi5dqQur9KrqWmA6HF9D+Q== root@lists.mx
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCq5XOOmJ2YqqrUCFIHVO/MD1+ldYEuaFsbKJrGvtGr3zv4Jl35oMoIEjXUIIeUqZa7v9JcgYUWscQ28qKn4qqx8dIqnpHlyCSWdz6iT5Rdm4Ex6AqNf39eYPjzEXb+b6nw04ZZ9XGI6JesU++9xFf0AP+oHfXy5TKO9ySdQnTc14B0HvbW7vIUhw4ws4GJVRCCC5M+QH5A8xKcXm44uquahwuwp8exKDhFFU3TUEQo5HDp/XYkiZ6n/JoW9W7deZJy2XurtC0AgChtq2ztVQmBHEdJ/fWmFzWlAFdYl3PeVV6F8KscFgzT0VuyQgEyY6UHPiZTZxTriOdiypA2Czx8f0jHRUKSEozUSJyGhI0OpzVNMqjI0ed9OSt645Y/Fr5vz8UGp393gjxAt6/uHcDM0m2rWywg1GAyaRKwk8QqrWoquJn5kTX1NdxvpG81469iiSvp23B1NgTdshmJp98nPUJ5HOyvpgn0i3Mca5sqWWwhLafKthc/Zfq5sIDICLqf6G5s3+xxSoo89vLoHSFNLOC5hIEu0e2we1Lsta1s+R8MS/ulL2aV4wwH8+Jgs6Ha2YY15OfcHY6CVMVhap7WaLJ4H8U2wiALX7NsxJF659ZPEORyZUaODeQi66/QOWdWZlmO+YCFdsbKL/Ee5eSXVg50JhUV3PGeo333UsZugQ== root@mx