ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2023-08-03 14:29:11 +02:00
parent b551e937e9
commit 4a3e23adac
5 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
View File

@ -77,3 +77,5 @@ beheshtfoundation\.com$
tohochina\.com$ tohochina\.com$
mailer-service\.de$ mailer-service\.de$
hunshachang\.com$ hunshachang\.com$
likelark\.com$
mlmlh\.xyz$

15
roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
View File

@ -150,3 +150,18 @@
46.148.32.0/20 46.148.32.0/20
# US # US
45.15.128.0/22 45.15.128.0/22
# US
103.114.163.0/24
# US
192.154.224.0/21
# US
139.28.234.0/23
# US
213.59.118.0/23
# US cityboxing.com
103.114.160.0/24
104.237.192.0/19
# CZ
176.102.65.0/24
46.36.39.0/24

6
roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
View File

@ -103,3 +103,9 @@ v-markt-direkt\.com$
mailer-service\.de$ mailer-service\.de$
swissad\.biz$ swissad\.biz$
@math-salamanders\.com$ @math-salamanders\.com$
mazdas247\.com$
johnnybugs\.com$
livingoncookies\.com$
joshua24\.com$
cityboxing\.com$
clotheswithoutlimits\.com$

37
roles/common/tasks/samba-user.yml
View File

@ -48,7 +48,7 @@
- samba-user - samba-user
- system-user - system-user
- name: (samba_user.yml) Ensure samba users exists with given group membership - name: (samba_user.yml) Ensure samba users exists in system with given group membership
user: user:
name: '{{ item.name }}' name: '{{ item.name }}'
state: present state: present
@ -66,8 +66,6 @@
- samba-user - samba-user
- system-user - system-user
- name: (samba-user.yml) Check if samba user exists - name: (samba-user.yml) Check if samba user exists
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_user_present register: samba_user_present
@ -92,3 +90,36 @@
- samba-server - samba-server
- samba-user - samba-user
# Only on fileservers:
# zapata.opp.netz
- name: (samba_user.yml) Check if folder '/data/backup' exists using file module
stat:
path: /data/backup
register: data_backup_dir
when:
- inventory_hostname == 'zapata.opp.netz'
tags:
- samba-server
- samba-user
- system-user
- name: (samba_user.yml) Ensure folder /data/backup/<user-name> exists for all (samba) users on host zapata
file:
path: '/data/backup/{{ item.name }}'
state: directory
owner: '{{ item.name }}'
group: '{{ item.name }}'
mode: "2770"
loop: "{{ samba_user }}"
loop_control:
label: '{{ item.name }}'
when:
- inventory_hostname == 'zapata.opp.netz'
- data_backup_dir.stat.isdir is defined and data_backup_dir.stat.isdir
tags:
- samba-server
- samba-user
- system-user

6
roles/common/templates/etc/ssh/sshd_config.j2
View File

@ -147,9 +147,15 @@ PasswordAuthentication {{ sshd_password_authentication }}
# The default is “no”. # The default is “no”.
PermitEmptyPasswords no PermitEmptyPasswords no
{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 11) %}
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
{% else %}
# Specifies whether challenge-response authentication is allowed (e.g. via PAM). # Specifies whether challenge-response authentication is allowed (e.g. via PAM).
# The default is “yes”. # The default is “yes”.
ChallengeResponseAuthentication no ChallengeResponseAuthentication no
{% endif %}
# Don't read the user's ~/.rhosts and ~/.shosts files # Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes IgnoreRhosts yes