From 4a3e23adac41d0416e93bfc25057dedc0bd119fc Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 3 Aug 2023 14:29:11 +0200 Subject: [PATCH] update.. --- .../mailserver/etc/postfix/postfwd.bl-hosts | 2 + .../mailserver/etc/postfix/postfwd.bl-nets | 15 ++++++++ .../mailserver/etc/postfix/postfwd.bl-sender | 6 +++ roles/common/tasks/samba-user.yml | 37 +++++++++++++++++-- roles/common/templates/etc/ssh/sshd_config.j2 | 6 +++ 5 files changed, 63 insertions(+), 3 deletions(-) diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts index befe33d..414f74f 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts @@ -77,3 +77,5 @@ beheshtfoundation\.com$ tohochina\.com$ mailer-service\.de$ hunshachang\.com$ +likelark\.com$ +mlmlh\.xyz$ diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets index 44c315a..078da38 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets @@ -150,3 +150,18 @@ 46.148.32.0/20 # US 45.15.128.0/22 +# US +103.114.163.0/24 +# US +192.154.224.0/21 +# US +139.28.234.0/23 +# US +213.59.118.0/23 +# US cityboxing.com +103.114.160.0/24 +104.237.192.0/19 +# CZ +176.102.65.0/24 +46.36.39.0/24 + diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender index b0f482e..035f11b 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender @@ -103,3 +103,9 @@ v-markt-direkt\.com$ mailer-service\.de$ swissad\.biz$ @math-salamanders\.com$ +mazdas247\.com$ +johnnybugs\.com$ +livingoncookies\.com$ +joshua24\.com$ +cityboxing\.com$ +clotheswithoutlimits\.com$ diff --git a/roles/common/tasks/samba-user.yml b/roles/common/tasks/samba-user.yml index 31545c1..69cf86a 100644 --- a/roles/common/tasks/samba-user.yml +++ b/roles/common/tasks/samba-user.yml @@ -48,7 +48,7 @@ - samba-user - system-user -- name: (samba_user.yml) Ensure samba users exists with given group membership +- name: (samba_user.yml) Ensure samba users exists in system with given group membership user: name: '{{ item.name }}' state: present @@ -66,8 +66,6 @@ - samba-user - system-user - - - name: (samba-user.yml) Check if samba user exists shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' register: samba_user_present @@ -92,3 +90,36 @@ - samba-server - samba-user + + +# Only on fileservers: +# zapata.opp.netz + +- name: (samba_user.yml) Check if folder '/data/backup' exists using file module + stat: + path: /data/backup + register: data_backup_dir + when: + - inventory_hostname == 'zapata.opp.netz' + tags: + - samba-server + - samba-user + - system-user + +- name: (samba_user.yml) Ensure folder /data/backup/ exists for all (samba) users on host zapata + file: + path: '/data/backup/{{ item.name }}' + state: directory + owner: '{{ item.name }}' + group: '{{ item.name }}' + mode: "2770" + loop: "{{ samba_user }}" + loop_control: + label: '{{ item.name }}' + when: + - inventory_hostname == 'zapata.opp.netz' + - data_backup_dir.stat.isdir is defined and data_backup_dir.stat.isdir + tags: + - samba-server + - samba-user + - system-user diff --git a/roles/common/templates/etc/ssh/sshd_config.j2 b/roles/common/templates/etc/ssh/sshd_config.j2 index 96bc005..3bc120d 100644 --- a/roles/common/templates/etc/ssh/sshd_config.j2 +++ b/roles/common/templates/etc/ssh/sshd_config.j2 @@ -147,9 +147,15 @@ PasswordAuthentication {{ sshd_password_authentication }} # The default is “no”. PermitEmptyPasswords no +{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 11) %} +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +KbdInteractiveAuthentication no +{% else %} # Specifies whether challenge-response authentication is allowed (e.g. via PAM). # The default is “yes”. ChallengeResponseAuthentication no +{% endif %} # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes