update..

2023-08-03 14:29:11 +02:00 · 2023-08-03 14:29:11 +02:00 · 4a3e23adac
commit 4a3e23adac
parent b551e937e9
5 changed files with 63 additions and 3 deletions
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
@ -77,3 +77,5 @@ beheshtfoundation\.com$
 tohochina\.com$
 mailer-service\.de$
 hunshachang\.com$
+likelark\.com$
+mlmlh\.xyz$
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
@ -150,3 +150,18 @@
 46.148.32.0/20
 # US
 45.15.128.0/22
+#  US
+103.114.163.0/24
+# US 
+192.154.224.0/21
+# US
+139.28.234.0/23
+# US
+213.59.118.0/23
+# US cityboxing.com
+103.114.160.0/24
+104.237.192.0/19
+# CZ 
+176.102.65.0/24
+46.36.39.0/24
+
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
@ -103,3 +103,9 @@ v-markt-direkt\.com$
 mailer-service\.de$
 swissad\.biz$
@math-salamanders\.com$
+mazdas247\.com$
+johnnybugs\.com$
+livingoncookies\.com$
+joshua24\.com$
+cityboxing\.com$
+clotheswithoutlimits\.com$
--- a/roles/common/tasks/samba-user.yml
+++ b/roles/common/tasks/samba-user.yml
@ -48,7 +48,7 @@
    - samba-user
    - system-user

- name: (samba_user.yml) Ensure samba users exists with given group membership
+- name: (samba_user.yml) Ensure samba users exists in system with given group membership
  user:
    name: '{{ item.name }}'
    state: present
@ -66,8 +66,6 @@
    - samba-user
    - system-user

-
-
 - name: (samba-user.yml) Check if samba user exists
  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
  register: samba_user_present
@ -92,3 +90,36 @@
    - samba-server
    - samba-user

+
+
+# Only on fileservers:
+#    zapata.opp.netz
+
+- name: (samba_user.yml) Check if folder '/data/backup'  exists using file module
+  stat:
+    path: /data/backup
+  register: data_backup_dir
+  when: 
+    - inventory_hostname == 'zapata.opp.netz'
+  tags:
+    - samba-server
+    - samba-user
+    - system-user
+
+- name: (samba_user.yml) Ensure folder /data/backup/<user-name> exists for all (samba) users on host zapata
+  file:
+    path: '/data/backup/{{ item.name }}'
+    state: directory
+    owner: '{{ item.name }}'
+    group: '{{ item.name }}'
+    mode: "2770"
+  loop: "{{ samba_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: 
+    - inventory_hostname == 'zapata.opp.netz'
+    - data_backup_dir.stat.isdir is defined and data_backup_dir.stat.isdir
+  tags:
+    - samba-server
+    - samba-user
+    - system-user
--- a/roles/common/templates/etc/ssh/sshd_config.j2
+++ b/roles/common/templates/etc/ssh/sshd_config.j2
@ -147,9 +147,15 @@ PasswordAuthentication {{ sshd_password_authentication }}
 # The default is “no”.
 PermitEmptyPasswords no

+{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 11) %}
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+{% else %}
 # Specifies whether challenge-response authentication is allowed (e.g. via PAM).
 # The default is “yes”.
 ChallengeResponseAuthentication no
+{% endif %}

 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts yes