ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2022-01-17 01:14:20 +01:00
parent 08ae4e6bff
commit 540064740c
8 changed files with 770 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
group_vars/all/vars_network-setup.yml.sample
View File

@ -36,20 +36,24 @@ network_interfaces:
family: <inet|inet6>
mode: <manual|statis|dhcp|bootp|tunnel|ppp|wvdialipv4ll|none|loopback)
hwaddress ether: ac:1f:6b:d1:20:f2
description: Bridge Interface IPv4 for LXC
address: <ipv4/ipv6-address>
# options used by static method
#
hwaddress ether:
# dotted quad or number of bits
#
# the entry will be: address/netmask
address: <ipv4/ipv6-address>
netmask: <netmask>
gateway: <gateway-address>
metric:
pointopoint:
media:
mtu:
scope:
# additional user by dhcp method
# options used by dhcp method
#
hostname:
leasehours:
@ -57,12 +61,16 @@ network_interfaces:
vendor:
client:
# additional used by bootp method
# options used by bootp method
#
bootfile:
server:
hwaddr:
# options used by ppp and wvdial method
#
provider:
# optional dns settings nameservers - needs package resolvconf installed
#
# nameservers:
@ -70,10 +78,8 @@ network_interfaces:
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 195.201.179.131
- 95.217.204.204
search: oopen.de
nameservers: {}
search: {}
# optional additional subnets/ips subnets: []
# subnets:

366
host_vars/ga-al-gw.oopen.de.yml Normal file
View File

@ -0,0 +1,366 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
- device: eth1
headline: eth1 - Uplink DSL Altenschlirf via (static) line to Fritz!Box 7590
auto: true
family: inet
method: static
address: 172.16.10.1
netmask: 24
gateway: 172.16.10.254
nameservers:
- 192.168.10.1
- 192.168.10.3
search: ga.netz
- device: eth2
headline: eth2 - LAN main network Altenschlirf
auto: true
family: inet
method: static
address: 192.168.10.254
netmask: 24
post-up:
# - VLAN 221 (Ubiquiti UniFi Accesspoints)
- vconfig add eth2 221
- device: eth2:ns
headline: eth2:ns - Alias on eth2 (Nameserver)
auto: true
family: inet
method: static
address: 192.168.10.1
netmask: 32
- device: eth2:ap
headline: eth2:ap - Alias on eth2 (Network Accesspoints)
auto: true
family: inet
method: static
address: 10.122.1.254
netmask: 24
post-up:
# - Wireless Networks routed through appropriate Accesspoints
# -
- /sbin/ip route add 10.123.1.0/24 via 10.122.1.1
- /sbin/ip route add 10.123.2.0/24 via 10.122.1.2
- /sbin/ip route add 10.123.3.0/24 via 10.122.1.3
- /sbin/ip route add 10.123.4.0/24 via 10.122.1.4
- /sbin/ip route add 10.123.5.0/24 via 10.122.1.5
- /sbin/ip route add 10.123.6.0/24 via 10.122.1.6
- /sbin/ip route add 10.123.7.0/24 via 10.122.1.7
- /sbin/ip route add 10.123.8.0/24 via 10.122.1.8
- /sbin/ip route add 10.123.9.0/24 via 10.122.1.9
- /sbin/ip route add 10.123.10.0/24 via 10.122.1.10
- /sbin/ip route add 10.123.11.0/24 via 10.122.1.11
- /sbin/ip route add 10.123.12.0/24 via 10.122.1.12
- /sbin/ip route add 10.123.13.0/24 via 10.122.1.13
- /sbin/ip route add 10.123.14.0/24 via 10.122.1.14
- /sbin/ip route add 10.123.15.0/24 via 10.122.1.15
- device: eth2.221
# use only once per device (for the first device entry)
headline: eth2 - VLAN 221 (Ubiquiti UniFi Accesspoints)
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
#hwaddress: 0c:c4:7a:7d:51:46
description:
address: 10.221.15.254
netmask: 20
gateway:
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers: []
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# method:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: [] # pre-up script lines
up: []
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: eth3
headline: eth3 - LAN - Uplink static line (radio) to Stockausen
auto: true
family: inet
method: static
address: 172.16.111.253
netmask: 24
post-up:
- /sbin/ip route add 172.16.211.0/24 via 172.16.111.254
# User Networks Stockhausen
- /sbin/ip route add 192.168.11.0/24 via 172.16.111.254
- /sbin/ip route add 192.168.78.0/24 via 172.16.111.254
# User Network Novalishaus
- /sbin/ip route add 192.168.81.0/24 via 172.16.111.254
# Management Network Stockhausen
- /sbin/ip route add 10.10.11.0/24 via 172.16.111.254
# Depreated Management Network Stokhausen
- /sbin/ip route add 10.10.9.0/24 via 172.16.111.254
# IPMI Stockhausen
- /sbin/ip route add 10.11.11.0/24 via 172.16.111.254
# WLan Router Stockhausen
- /sbin/ip route add 10.112.1.0/24 via 172.16.111.254
# WLan Netz
- /sbin/ip route add 10.113.0.0/16 via 172.16.111.254
# Unifi WLan Netz Stockhausen
- /sbin/ip route add 10.121.0.0/20 via 172.16.111.254
# Richtfunkantennen Stockhausen (2) / Schlechtenwegen / Kirschbaumhaus
- /sbin/ip route add 10.10.111.0/24 via 172.16.111.254
# VPN Netz Stockhausen - Novalishaus (Schlechtenwegen)
- /sbin/ip route add 10.2.81.0/24 via 172.16.111.254
# - FritzBoxen Stockhausen
- /sbin/ip route add 172.16.11.0/24 via 172.16.111.254
- /sbin/ip route add 172.16.12.0/24 via 172.16.111.254
- /sbin/ip route add 172.16.13.0/24 via 172.16.111.254
- device: eth4
headline: eth4 - Management Network Altenschlirf
auto: true
family: inet
method: static
address: 10.10.10.254
netmask: 24
- device: eth5
headline: eth5 - Network Telefons Altenschlirf
auto: true
family: inet
method: static
address: 172.16.210.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

220
host_vars/ga-nh-gw.oopen.de.yml Normal file
View File

@ -0,0 +1,220 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
- device: eno1
headline: eno1 - holds uplink WiDSL Antenna (ppp line widsl)
auto: true
family: inet
method: static
address: 10.12.136.254
netmask: 24
- device: dsl-widsl
headline: dsl-widsl - ppp line widsl
auto: true
family: inet
method: ppp
provider: dsl-widsl
pre-up:
- /sbin/ifconfig eno1 up
- device: eno2
headline: eno2 - uplink Telekom (static line via digitbox)
auto: true
family: inet
method: static
address: 172.16.81.1
netmask: 24
gateway: 172.16.81.254
nameservers:
- 192.168.81.1
- 192.168.11.1
search: ga.netz
- device: eno5
headline: eno5 - LAN
auto: true
family: inet
method: static
address: 192.168.81.254
netmask: 24
- device: eno5:ns
headline: eno5:ns - Alias on eno5 (Nameserver)
auto: true
family: inet
method: static
address: 192.168.81.1
netmask: 32
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

291
host_vars/ga-st-kvm5.ga.netz.yaml
View File

@ -1,291 +0,0 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
- device: eno2
headline: eno2
auto: true
family: inet
method: manual
pre-up:
- ifconfig $IFACE up
- vconfig add eno2 11
post-down:
- ifconfig $IFACE down
- device: eno2.11
# use only once per device (for the first device entry)
headline: eno2.11
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
hwaddress: 3c:ec:ef:77:d3:5e
description:
address: 10.10.11.6
netmask: 24
gateway: 10.10.11.254
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 192.168.11.1
- 192.168.10.3
search: ga.netz
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# method:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: [] # pre-up script lines
up: []
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device eno1
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: manual
hwaddress: 3c:ec:ef:77:d3:5f
description:
address:
netmask:
gateway:
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge:
ports: eno1 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# method:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: [] # pre-up script lines
up: []
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
# ---
# vars used by roles/common/tasks/symlink_files.yml
# ---
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user: {}

152
host_vars/ga-st-kvm5.ga.netz.yml Normal file
View File

@ -0,0 +1,152 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
- device: eno2
headline: eno2
auto: true
family: inet
method: manual
pre-up:
- ifconfig $IFACE up
- vconfig add eno2 11
post-down:
- ifconfig $IFACE down
- device: eno2.11
# use only once per device (for the first device entry)
headline: eno2.11
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 10.10.11.6
netmask: 24
gateway: 10.10.11.254
nameservers:
- 192.168.11.1
- 192.168.10.3
search: ga.netz
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device eno1
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: manual
bridge:
ports: eno1 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
# ---
# vars used by roles/common/tasks/symlink_files.yml
# ---
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user: {}

16
hosts
View File

@ -51,8 +51,8 @@ k1371.dyndns.org
ga-st-gw-ersatz.ga.netz
ga-st-gw.oopen.de
ga-al-gw.ga.netz
ga-nh-gw.ga.netz
ga-al-gw.oopen.de
ga-nh-gw.oopen.de
ga-st-lxc1.ga.netz
ga-st-mail.ga.netz
ga-st-kvm1.ga.netz
@ -228,8 +228,8 @@ k1371.dyndns.org
ga-st-gw-ersatz.ga.netz
ga-st-gw.oopen.de
ga-al-gw.ga.netz
ga-nh-gw.ga.netz
ga-al-gw.oopen.de
ga-nh-gw.oopen.de
# ---
# - Warenform Server
@ -1481,8 +1481,8 @@ k1371.dyndns.org
ga-st-gw-ersatz.ga.netz
ga-st-gw.oopen.de
ga-al-gw.ga.netz
ga-nh-gw.ga.netz
ga-al-gw.oopen.de
ga-nh-gw.oopen.de
# - readonly gateways
gw-123.oopen.de
@ -1526,8 +1526,8 @@ k1371.dyndns.org
ga-st-gw-ersatz.ga.netz
ga-st-gw.oopen.de
ga-al-gw.ga.netz
ga-nh-gw.ga.netz
ga-al-gw.oopen.de
ga-nh-gw.oopen.de
gw-replacement3.local.netz

2
roles/network_interfaces/tasks/interfaces.yml
View File

@ -15,7 +15,7 @@
- name: (interfaces.yml) Ensure interfaces file is latest
template:
src: "etc/network//interfaces.j2"
src: "etc/network/interfaces.j2"
dest: /etc/network/interfaces
with_items: network_interfaces
tags:

17
roles/network_interfaces/templates/etc/network/interfaces.d/device.j2
View File

@ -31,14 +31,7 @@ iface {{ config.device }} {{ config.family | default('inet', true) }} {{ config.
address {{ config.address }}
{% endif -%}
{% endif -%}
{% set iface_keys = ['gateway', 'metric', 'pointopoint', 'mtu', 'scope'] %}
{% for key in iface_keys %}
{% if key in config and config[key] %}
{{ key }} {{ config[key] }}
{% endif %}
{% endfor -%}
{% elif config.method == "manual" %}
{% set iface_keys = ['hwaddress', 'mtu'] %}
{% set iface_keys = ['gateway', 'metric', 'pointopoint', 'media', 'mtu', 'scope'] %}
{% for key in iface_keys %}
{% if key in config and config[key] %}
{{ key }} {{ config[key] }}
@ -51,6 +44,14 @@ iface {{ config.device }} {{ config.family | default('inet', true) }} {{ config.
{{ key }} {{ config[key] }}
{% endif %}
{% endfor -%}
{% elif config.method == "ppp" %}
{% if (config.provider is defined and config.provider) %}
provider {{ config.provider }}
{% endif %}
{% elif config.method == "wvdial" %}
{% if (config.provider is defined and config.provider) %}
provider {{ config.provider }}
{% endif %}
{% elif config.method == "bootp" %}
{% set iface_keys = ['hwaddr', 'bootfile', 'server'] %}
{% for key in iface_keys %}