diff --git a/group_vars/all/vars_network-setup.yml.sample b/group_vars/all/vars_network-setup.yml.sample index c87afca..8f4742e 100644 --- a/group_vars/all/vars_network-setup.yml.sample +++ b/group_vars/all/vars_network-setup.yml.sample @@ -36,20 +36,24 @@ network_interfaces: family: mode: + + # options used by static method + # + hwaddress ether: # dotted quad or number of bits # # the entry will be: address/netmask + address: netmask: gateway: metric: pointopoint: + media: mtu: scope: - # additional user by dhcp method + # options used by dhcp method # hostname: leasehours: @@ -57,12 +61,16 @@ network_interfaces: vendor: client: - # additional used by bootp method + # options used by bootp method # bootfile: server: hwaddr: + # options used by ppp and wvdial method + # + provider: + # optional dns settings nameservers - needs package resolvconf installed # # nameservers: @@ -70,10 +78,8 @@ network_interfaces: # - 91.239.100.100 # anycast.censurfridns.dk # search: warenform.de # - nameservers: - - 195.201.179.131 - - 95.217.204.204 - search: oopen.de + nameservers: {} + search: {} # optional additional subnets/ips subnets: [] # subnets: diff --git a/host_vars/ga-al-gw.oopen.de.yml b/host_vars/ga-al-gw.oopen.de.yml new file mode 100644 index 0000000..2a47cb6 --- /dev/null +++ b/host_vars/ga-al-gw.oopen.de.yml @@ -0,0 +1,366 @@ +--- +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + - resolvconf + +network_interfaces: + + - device: eth1 + headline: eth1 - Uplink DSL Altenschlirf via (static) line to Fritz!Box 7590 + auto: true + family: inet + method: static + address: 172.16.10.1 + netmask: 24 + gateway: 172.16.10.254 + nameservers: + - 192.168.10.1 + - 192.168.10.3 + search: ga.netz + + + - device: eth2 + headline: eth2 - LAN main network Altenschlirf + auto: true + family: inet + method: static + address: 192.168.10.254 + netmask: 24 + post-up: + # - VLAN 221 (Ubiquiti UniFi Accesspoints) + - vconfig add eth2 221 + + - device: eth2:ns + headline: eth2:ns - Alias on eth2 (Nameserver) + auto: true + family: inet + method: static + address: 192.168.10.1 + netmask: 32 + + - device: eth2:ap + headline: eth2:ap - Alias on eth2 (Network Accesspoints) + auto: true + family: inet + method: static + address: 10.122.1.254 + netmask: 24 + post-up: + # - Wireless Networks routed through appropriate Accesspoints + # - + - /sbin/ip route add 10.123.1.0/24 via 10.122.1.1 + - /sbin/ip route add 10.123.2.0/24 via 10.122.1.2 + - /sbin/ip route add 10.123.3.0/24 via 10.122.1.3 + - /sbin/ip route add 10.123.4.0/24 via 10.122.1.4 + - /sbin/ip route add 10.123.5.0/24 via 10.122.1.5 + - /sbin/ip route add 10.123.6.0/24 via 10.122.1.6 + - /sbin/ip route add 10.123.7.0/24 via 10.122.1.7 + - /sbin/ip route add 10.123.8.0/24 via 10.122.1.8 + - /sbin/ip route add 10.123.9.0/24 via 10.122.1.9 + - /sbin/ip route add 10.123.10.0/24 via 10.122.1.10 + - /sbin/ip route add 10.123.11.0/24 via 10.122.1.11 + - /sbin/ip route add 10.123.12.0/24 via 10.122.1.12 + - /sbin/ip route add 10.123.13.0/24 via 10.122.1.13 + - /sbin/ip route add 10.123.14.0/24 via 10.122.1.14 + - /sbin/ip route add 10.123.15.0/24 via 10.122.1.15 + + - device: eth2.221 + # use only once per device (for the first device entry) + headline: eth2 - VLAN 221 (Ubiquiti UniFi Accesspoints) + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + #hwaddress: 0c:c4:7a:7d:51:46 + description: + address: 10.221.15.254 + netmask: 20 + gateway: + metric: + pointopoint: + mtu: + scope: + + # additional user by dhcp method + # + hostname: + leasehours: + leasetime: + vendor: + client: + + # additional used by bootp method + # + bootfile: + server: + hwaddr: + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + nameservers: [] + + # optional additional subnets/ips subnets: [] + # subnets: + # - '192.168.123.0/24' + # - '192.168.124.11/32' + + # optional bridge parameters bridge: {} + # bridge: + # ports: + # stp: + # fd: + # maxwait: + # waitport: + bridge: {} + + # optional bonding parameters bond: {} + # bond: + # master + # primary + # slave + # method: + # miimon: + # lacp-rate: + # ad-select-rate: + # master: + # slaves: + bond: {} + + # optional vlan settings | vlan: {} + # vlan: {} + # raw-device: 'eth0' + vlan: {} + + # inline hook scripts + pre-up: [] # pre-up script lines + up: [] + post-up: [] # post-up script lines (alias for up) + pre-down: [] # pre-down script lines (alias for down) + down: [] # down script lines + post-down: [] # post-down script lines + + + - device: eth3 + headline: eth3 - LAN - Uplink static line (radio) to Stockausen + auto: true + family: inet + method: static + address: 172.16.111.253 + netmask: 24 + post-up: + - /sbin/ip route add 172.16.211.0/24 via 172.16.111.254 + # User Networks Stockhausen + - /sbin/ip route add 192.168.11.0/24 via 172.16.111.254 + - /sbin/ip route add 192.168.78.0/24 via 172.16.111.254 + # User Network Novalishaus + - /sbin/ip route add 192.168.81.0/24 via 172.16.111.254 + # Management Network Stockhausen + - /sbin/ip route add 10.10.11.0/24 via 172.16.111.254 + # Depreated Management Network Stokhausen + - /sbin/ip route add 10.10.9.0/24 via 172.16.111.254 + # IPMI Stockhausen + - /sbin/ip route add 10.11.11.0/24 via 172.16.111.254 + # WLan Router Stockhausen + - /sbin/ip route add 10.112.1.0/24 via 172.16.111.254 + # WLan Netz + - /sbin/ip route add 10.113.0.0/16 via 172.16.111.254 + # Unifi WLan Netz Stockhausen + - /sbin/ip route add 10.121.0.0/20 via 172.16.111.254 + # Richtfunkantennen Stockhausen (2) / Schlechtenwegen / Kirschbaumhaus + - /sbin/ip route add 10.10.111.0/24 via 172.16.111.254 + # VPN Netz Stockhausen - Novalishaus (Schlechtenwegen) + - /sbin/ip route add 10.2.81.0/24 via 172.16.111.254 + # - FritzBoxen Stockhausen + - /sbin/ip route add 172.16.11.0/24 via 172.16.111.254 + - /sbin/ip route add 172.16.12.0/24 via 172.16.111.254 + - /sbin/ip route add 172.16.13.0/24 via 172.16.111.254 + + + - device: eth4 + headline: eth4 - Management Network Altenschlirf + auto: true + family: inet + method: static + address: 10.10.10.254 + netmask: 24 + + + - device: eth5 + headline: eth5 - Network Telefons Altenschlirf + auto: true + family: inet + method: static + address: 172.16.210.254 + netmask: 24 + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +insert_ssh_keypair_backup_server: false +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.oopen.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_keypair_backup_client: true +ssh_keypair_backup_client: + - name: backup + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.oopen.de + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: wadmin + password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' + + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' + + - name: localadmin + user_id: 1051 + group_id: 1051 + password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-gateway + repo: https://git.oopen.de/firewall/ipt-gateway + dest: /usr/local/src/ipt-gateway + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/host_vars/ga-nh-gw.oopen.de.yml b/host_vars/ga-nh-gw.oopen.de.yml new file mode 100644 index 0000000..f44fa97 --- /dev/null +++ b/host_vars/ga-nh-gw.oopen.de.yml @@ -0,0 +1,220 @@ +--- +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + - resolvconf + +network_interfaces: + + - device: eno1 + headline: eno1 - holds uplink WiDSL Antenna (ppp line widsl) + auto: true + family: inet + method: static + address: 10.12.136.254 + netmask: 24 + + + - device: dsl-widsl + headline: dsl-widsl - ppp line widsl + auto: true + family: inet + method: ppp + provider: dsl-widsl + pre-up: + - /sbin/ifconfig eno1 up + + + - device: eno2 + headline: eno2 - uplink Telekom (static line via digitbox) + auto: true + family: inet + method: static + address: 172.16.81.1 + netmask: 24 + gateway: 172.16.81.254 + nameservers: + - 192.168.81.1 + - 192.168.11.1 + search: ga.netz + + + - device: eno5 + headline: eno5 - LAN + auto: true + family: inet + method: static + address: 192.168.81.254 + netmask: 24 + + + - device: eno5:ns + headline: eno5:ns - Alias on eno5 (Nameserver) + auto: true + family: inet + method: static + address: 192.168.81.1 + netmask: 32 + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +insert_ssh_keypair_backup_server: false +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.oopen.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_keypair_backup_client: true +ssh_keypair_backup_client: + - name: backup + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.oopen.de + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: wadmin + password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' + + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' + + - name: localadmin + user_id: 1051 + group_id: 1051 + password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-gateway + repo: https://git.oopen.de/firewall/ipt-gateway + dest: /usr/local/src/ipt-gateway + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/host_vars/ga-st-kvm5.ga.netz.yaml b/host_vars/ga-st-kvm5.ga.netz.yaml deleted file mode 100644 index e01850d..0000000 --- a/host_vars/ga-st-kvm5.ga.netz.yaml +++ /dev/null @@ -1,291 +0,0 @@ ---- - -# --- -# vars used by roles/network_interfaces -# --- - - -# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted -network_manage_devices: True - -# Should the interfaces be reloaded after config change? -network_interface_reload: False - -network_interface_path: /etc/network/interfaces.d -network_interface_required_packages: - - vlan - - bridge-utils - - ifmetric - - ifupdown - - ifenslave - - resolvconf - - -network_interfaces: - - - device: eno2 - headline: eno2 - auto: true - family: inet - method: manual - pre-up: - - ifconfig $IFACE up - - vconfig add eno2 11 - post-down: - - ifconfig $IFACE down - - - - device: eno2.11 - # use only once per device (for the first device entry) - headline: eno2.11 - - # auto & allow are only used for the first device entry - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: true - - family: inet - method: static - hwaddress: 3c:ec:ef:77:d3:5e - description: - address: 10.10.11.6 - netmask: 24 - gateway: 10.10.11.254 - metric: - pointopoint: - mtu: - scope: - - # additional user by dhcp method - # - hostname: - leasehours: - leasetime: - vendor: - client: - - # additional used by bootp method - # - bootfile: - server: - hwaddr: - - # optional dns settings nameservers: [] - # - # nameservers: - # - 194.150.168.168 # dns.as250.net - # - 91.239.100.100 # anycast.censurfridns.dk - # search: warenform.de - # - nameservers: - - 192.168.11.1 - - 192.168.10.3 - search: ga.netz - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: {} - - # optional bonding parameters bond: {} - # bond: - # master - # primary - # slave - # method: - # miimon: - # lacp-rate: - # ad-select-rate: - # master: - # slaves: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - pre-up: [] # pre-up script lines - up: [] - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - - - device: br0 - # use only once per device (for the first device entry) - headline: br0 - bridge over device eno1 - - # auto & allow are only used for the first device entry - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: true - - family: inet - method: manual - hwaddress: 3c:ec:ef:77:d3:5f - description: - address: - netmask: - gateway: - metric: - pointopoint: - mtu: - scope: - - # additional user by dhcp method - # - hostname: - leasehours: - leasetime: - vendor: - client: - - # additional used by bootp method - # - bootfile: - server: - hwaddr: - - # optional dns settings nameservers: [] - # - # nameservers: - # - 194.150.168.168 # dns.as250.net - # - 91.239.100.100 # anycast.censurfridns.dk - # search: warenform.de - # - nameservers: - search: - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: - ports: eno1 # for mor devices support a blank separated list - stp: !!str off - fd: 5 - hello: 2 - maxage: 12 - - # optional bonding parameters bond: {} - # bond: - # master - # primary - # slave - # method: - # miimon: - # lacp-rate: - # ad-select-rate: - # master: - # slaves: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - pre-up: [] # pre-up script lines - up: [] - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - -# --- -# vars used by apt.yml -# --- - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - -sshd_permit_root_login: !!str "prohibit-password" - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -# --- -# vars used by roles/common/tasks/copy_files.yml -# --- - - -# --- -# vars used by roles/common/tasks/symlink_files.yml -# --- - - -# --- -# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml -# --- - - - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: {} diff --git a/host_vars/ga-st-kvm5.ga.netz.yml b/host_vars/ga-st-kvm5.ga.netz.yml new file mode 100644 index 0000000..e03779e --- /dev/null +++ b/host_vars/ga-st-kvm5.ga.netz.yml @@ -0,0 +1,152 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + - resolvconf + + +network_interfaces: + + - device: eno2 + headline: eno2 + auto: true + family: inet + method: manual + pre-up: + - ifconfig $IFACE up + - vconfig add eno2 11 + post-down: + - ifconfig $IFACE down + + + - device: eno2.11 + # use only once per device (for the first device entry) + headline: eno2.11 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + description: + address: 10.10.11.6 + netmask: 24 + gateway: 10.10.11.254 + nameservers: + - 192.168.11.1 + - 192.168.10.3 + search: ga.netz + + - device: br0 + # use only once per device (for the first device entry) + headline: br0 - bridge over device eno1 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: manual + bridge: + ports: eno1 # for mor devices support a blank separated list + stp: !!str off + fd: 5 + hello: 2 + maxage: 12 + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +# --- +# vars used by roles/common/tasks/copy_files.yml +# --- + + +# --- +# vars used by roles/common/tasks/symlink_files.yml +# --- + + +# --- +# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml +# --- + + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: {} diff --git a/hosts b/hosts index 95c31ed..c9b3e95 100644 --- a/hosts +++ b/hosts @@ -51,8 +51,8 @@ k1371.dyndns.org ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de -ga-al-gw.ga.netz -ga-nh-gw.ga.netz +ga-al-gw.oopen.de +ga-nh-gw.oopen.de ga-st-lxc1.ga.netz ga-st-mail.ga.netz ga-st-kvm1.ga.netz @@ -228,8 +228,8 @@ k1371.dyndns.org ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de -ga-al-gw.ga.netz -ga-nh-gw.ga.netz +ga-al-gw.oopen.de +ga-nh-gw.oopen.de # --- # - Warenform Server @@ -1481,8 +1481,8 @@ k1371.dyndns.org ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de -ga-al-gw.ga.netz -ga-nh-gw.ga.netz +ga-al-gw.oopen.de +ga-nh-gw.oopen.de # - readonly gateways gw-123.oopen.de @@ -1526,8 +1526,8 @@ k1371.dyndns.org ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de -ga-al-gw.ga.netz -ga-nh-gw.ga.netz +ga-al-gw.oopen.de +ga-nh-gw.oopen.de gw-replacement3.local.netz diff --git a/roles/network_interfaces/tasks/interfaces.yml b/roles/network_interfaces/tasks/interfaces.yml index 1ad0377..cea3039 100644 --- a/roles/network_interfaces/tasks/interfaces.yml +++ b/roles/network_interfaces/tasks/interfaces.yml @@ -15,7 +15,7 @@ - name: (interfaces.yml) Ensure interfaces file is latest template: - src: "etc/network//interfaces.j2" + src: "etc/network/interfaces.j2" dest: /etc/network/interfaces with_items: network_interfaces tags: diff --git a/roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 b/roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 index d2a4f6b..b142c95 100644 --- a/roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 +++ b/roles/network_interfaces/templates/etc/network/interfaces.d/device.j2 @@ -31,14 +31,7 @@ iface {{ config.device }} {{ config.family | default('inet', true) }} {{ config. address {{ config.address }} {% endif -%} {% endif -%} -{% set iface_keys = ['gateway', 'metric', 'pointopoint', 'mtu', 'scope'] %} -{% for key in iface_keys %} -{% if key in config and config[key] %} - {{ key }} {{ config[key] }} -{% endif %} -{% endfor -%} -{% elif config.method == "manual" %} -{% set iface_keys = ['hwaddress', 'mtu'] %} +{% set iface_keys = ['gateway', 'metric', 'pointopoint', 'media', 'mtu', 'scope'] %} {% for key in iface_keys %} {% if key in config and config[key] %} {{ key }} {{ config[key] }} @@ -51,6 +44,14 @@ iface {{ config.device }} {{ config.family | default('inet', true) }} {{ config. {{ key }} {{ config[key] }} {% endif %} {% endfor -%} +{% elif config.method == "ppp" %} +{% if (config.provider is defined and config.provider) %} + provider {{ config.provider }} +{% endif %} +{% elif config.method == "wvdial" %} +{% if (config.provider is defined and config.provider) %} + provider {{ config.provider }} +{% endif %} {% elif config.method == "bootp" %} {% set iface_keys = ['hwaddr', 'bootfile', 'server'] %} {% for key in iface_keys %}