diff --git a/host_vars/172.16.162.89.yml b/host_vars/172.16.162.89.yml new file mode 100644 index 0000000..0bbc7f5 --- /dev/null +++ b/host_vars/172.16.162.89.yml @@ -0,0 +1,291 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + - resolvconf + +network_interfaces: + + - device: eno1 + headline: eno1 - Uplink DSL via Fritz!Box + auto: true + family: inet + method: static + address: 172.16.162.2 + netmask: 24 + gateway: 172.16.162.254 + nameservers: + - 127.0.0.1 + search: blkr.netz + + + - device: eno2 + headline: eno2 - LAN + auto: true + family: inet + method: static + address: 192.168.162.253 + netmask: 24 + + + #- device: eno2:ns + # headline: eno2:ns - Alias on eno2 (Nameserver) + # auto: true + # family: inet + # method: static + # address: 192.168.162.1 + # netmask: 32 + + + - device: eno3 + headline: eno3 - WLAN + auto: true + family: inet + method: static + address: 192.168.163.254 + netmask: 24 + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + +cron_user_entries: + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors" + minute: '17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/30' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/10' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/2' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh BLKR + + +#cron_user_special_time_entries: [] +cron_user_special_time_entries: + + - name: "Check if Postfix Service is running at boot time" + special_time: reboot + job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" + insertafter: PATH + + - name: "Restart Systemd's resolved at boottime." + special_time: reboot + job: "sleep 10 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_hostkeyalgorithms: + - ssh-ed25519 + - ssh-ed25519-cert-v01@openssh.com + - rsa-sha2-256 + - rsa-sha2-512 + - ecdsa-sha2-nistp256 + - rsa-sha2-256-cert-v01@openssh.com + - rsa-sha2-512-cert-v01@openssh.com + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +insert_ssh_keypair_backup_server: false +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.oopen.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_keypair_backup_client: true +ssh_keypair_backup_client: + - name: backup + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.oopen.de + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + +sudo_users: + - chris + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +apt_install_bind9_packages: true + +bind9_gateway_acl: + - local-net: + name: local-net + entries: + - 127.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 10.0.0.0/8 + - fc00::/7 + - fe80::/10 + - ::1/128 + - internaldns: + name: internaldns + entries: + - '// Nameserver Kanzlei EBS' + - 192.168.182.1 + +bind9_gateway_listen_on_v6: + - none + +bind9_gateway_listen_on: + - any + +#bind9_gateway_allow_transfer: {} +bind9_gateway_allow_transfer: + - internaldns + +bind9_transfer_source: !!str "192.168.162.1" +bind9_notify_source: !!str "192.168.162.1" + +#bind9_gateway_allow_query: {} +bind9_gateway_allow_query: + - local-net + +#bind9_gateway_allow_query_cache: {} +bind9_gateway_allow_query_cache: + - local-net + +bind9_gateway_recursion: !!str "yes" +#bind9_gateway_allow_recursion: {} +bind9_gateway_allow_recursion: + - local-net + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-gateway + repo: https://git.oopen.de/firewall/ipt-gateway + dest: /usr/local/src/ipt-gateway + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/host_vars/file-blkr.blkr.netz.yml b/host_vars/file-blkr.blkr.netz.yml index 20847b1..cb81496 100644 --- a/host_vars/file-blkr.blkr.netz.yml +++ b/host_vars/file-blkr.blkr.netz.yml @@ -222,6 +222,10 @@ samba_user: - buero - verwaltung password: 'fx9j/3X-thPr' + - name: leonie + groups: + - buero + password: '6.4aVX7rQ-9H' - name: philip groups: - buero diff --git a/host_vars/gw-blkr.oopen.de.yml b/host_vars/gw-blkr.oopen.de.yml new file mode 100644 index 0000000..b974ce6 --- /dev/null +++ b/host_vars/gw-blkr.oopen.de.yml @@ -0,0 +1,292 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + - resolvconf + +network_interfaces: + + - device: eno1 + headline: eno1 - Uplink DSL via Fritz!Box + auto: true + family: inet + method: static + address: 172.16.162.1 + netmask: 24 + gateway: 172.16.162.254 + nameservers: + - 127.0.0.1 + - 192.168.162.1 + search: blkr.netz + + + - device: eno2 + headline: eno2 - LAN + auto: true + family: inet + method: static + address: 192.168.162.254 + netmask: 24 + + + - device: eno2:ns + headline: eno2:ns - Alias on eno2 (Nameserver) + auto: true + family: inet + method: static + address: 192.168.162.1 + netmask: 32 + + + - device: eno3 + headline: eno3 - WLAN + auto: true + family: inet + method: static + address: 192.168.163.254 + netmask: 24 + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + +cron_user_entries: + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors" + minute: '17' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if SSH service is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if OpenVPN service is up and running?" + minute: '*/30' + hour: '*' + job: /root/bin/monitoring/check_vpn.sh + + - name: "Check if nameservice (bind) is running?" + minute: '*/10' + hour: '*' + job: /root/bin/monitoring/check_dns.sh + + - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" + minute: '0-59/2' + hour: '*' + job: /root/bin/monitoring/check_forwarding.sh + + - name: "Copy gateway configuration" + minute: '09' + hour: '3' + job: /root/bin/manage-gw-config/copy_gateway-config.sh BLKR + + +#cron_user_special_time_entries: [] +cron_user_special_time_entries: + + - name: "Check if Postfix Service is running at boot time" + special_time: reboot + job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" + insertafter: PATH + + - name: "Restart Systemd's resolved at boottime." + special_time: reboot + job: "sleep 10 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_hostkeyalgorithms: + - ssh-ed25519 + - ssh-ed25519-cert-v01@openssh.com + - rsa-sha2-256 + - rsa-sha2-512 + - ecdsa-sha2-nistp256 + - rsa-sha2-256-cert-v01@openssh.com + - rsa-sha2-512-cert-v01@openssh.com + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +insert_ssh_keypair_backup_server: false +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.oopen.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_keypair_backup_client: true +ssh_keypair_backup_client: + - name: backup + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.oopen.de + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + +sudo_users: + - chris + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +apt_install_bind9_packages: true + +bind9_gateway_acl: + - local-net: + name: local-net + entries: + - 127.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 10.0.0.0/8 + - fc00::/7 + - fe80::/10 + - ::1/128 + - internaldns: + name: internaldns + entries: + - '// Nameserver Kanzlei EBS' + - 192.168.182.1 + +bind9_gateway_listen_on_v6: + - none + +bind9_gateway_listen_on: + - any + +#bind9_gateway_allow_transfer: {} +bind9_gateway_allow_transfer: + - internaldns + +bind9_transfer_source: !!str "192.168.162.1" +bind9_notify_source: !!str "192.168.162.1" + +#bind9_gateway_allow_query: {} +bind9_gateway_allow_query: + - local-net + +#bind9_gateway_allow_query_cache: {} +bind9_gateway_allow_query_cache: + - local-net + +bind9_gateway_recursion: !!str "yes" +#bind9_gateway_allow_recursion: {} +bind9_gateway_allow_recursion: + - local-net + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-gateway + repo: https://git.oopen.de/firewall/ipt-gateway + dest: /usr/local/src/ipt-gateway + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/host_vars/server18.warenform.de.yml b/host_vars/server18.warenform.de.yml index 6e69ed9..dd6a295 100644 --- a/host_vars/server18.warenform.de.yml +++ b/host_vars/server18.warenform.de.yml @@ -147,6 +147,60 @@ apt_extra_pkgs: - subversion-tools +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 5 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + - name: "Check if postfix mailservice is running. Restart service if needed." + special_time: reboot + job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" + insertafter: PATH + + - name: "Check if Check if all autostart LX-Container are running." + special_time: reboot + job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check connectifity - reboot if needed" + minute: '*/10' + hour: '*' + job: /root/bin/admin-stuff/check-connectivity.sh + + - name: "Check if networking is enabled / active." + minute: '*/15' + hour: '*' + job: if ! $(systemctl is-enabled networking > /dev/null 2>&1) ; then systemctl enable networking ; fi + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/server22.warenform.de.yml b/host_vars/server22.warenform.de.yml index 24765a7..ca181e9 100644 --- a/host_vars/server22.warenform.de.yml +++ b/host_vars/server22.warenform.de.yml @@ -146,6 +146,60 @@ apt_extra_pkgs: - subversion-tools +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 5 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + - name: "Check if postfix mailservice is running. Restart service if needed." + special_time: reboot + job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" + insertafter: PATH + + - name: "Check if Check if all autostart LX-Container are running." + special_time: reboot + job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check connectifity - reboot if needed" + minute: '*/10' + hour: '*' + job: /root/bin/admin-stuff/check-connectivity.sh + + - name: "Check if networking is enabled / active." + minute: '*/15' + hour: '*' + job: if ! $(systemctl is-enabled networking > /dev/null 2>&1) ; then systemctl enable networking ; fi + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/server24.warenform.de.yml b/host_vars/server24.warenform.de.yml index f4a5658..4c4a10d 100644 --- a/host_vars/server24.warenform.de.yml +++ b/host_vars/server24.warenform.de.yml @@ -142,6 +142,61 @@ apt_extra_pkgs: - subversion-tools +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 5 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + - name: "Check if postfix mailservice is running. Restart service if needed." + special_time: reboot + job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" + insertafter: PATH + + - name: "Check if Check if all autostart LX-Container are running." + special_time: reboot + job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check connectifity - reboot if needed" + minute: '*/10' + hour: '*' + job: /root/bin/admin-stuff/check-connectivity.sh + + - name: "Check if networking is enabled / active." + minute: '*/15' + hour: '*' + job: if ! $(systemctl is-enabled networking > /dev/null 2>&1) ; then systemctl enable networking ; fi + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/server25.warenform.de.yml b/host_vars/server25.warenform.de.yml index 0f20ff3..57865aa 100644 --- a/host_vars/server25.warenform.de.yml +++ b/host_vars/server25.warenform.de.yml @@ -148,6 +148,60 @@ apt_extra_pkgs: - subversion-tools +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 5 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + - name: "Check if postfix mailservice is running. Restart service if needed." + special_time: reboot + job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" + insertafter: PATH + + - name: "Check if Check if all autostart LX-Container are running." + special_time: reboot + job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check connectifity - reboot if needed" + minute: '*/10' + hour: '*' + job: /root/bin/admin-stuff/check-connectivity.sh + + - name: "Check if networking is enabled / active." + minute: '*/15' + hour: '*' + job: if ! $(systemctl is-enabled networking > /dev/null 2>&1) ; then systemctl enable networking ; fi + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/hosts b/hosts index 075133e..8020368 100644 --- a/hosts +++ b/hosts @@ -31,6 +31,7 @@ gw-fhxb.oopen.de gw-ckubu.local.netz gw-b3.oopen.de gw-blkr.oopen.de +172.16.162.89 gw-d11.oopen.de gw-flr.oopen.de 172.16.102.22 @@ -393,6 +394,7 @@ file-km.anw-km.netz # - Kanzlei BLKR gw-blkr.oopen.de +172.16.162.89 file-blkr.blkr.netz # - Kanzlei EBS Leipzig @@ -1452,8 +1454,6 @@ bbb.b3-bornim.netz [gateway_server_ro] -gw-blkr.oopen.de -gw-replacement2.local.netz [gateway_server_rw] @@ -1467,12 +1467,15 @@ gw-b3.oopen.de gw-d11.oopen.de gw-ebs.oopen.de gw-elster.oopen.de +gw-blkr.oopen.de +172.16.162.89 gw-ak.oopen.de gw-akb.oopen.de gw-ckubu.local.netz gw-flr.oopen.de 172.16.102.22 gw-replacement.local.netz +gw-replacement2.local.netz gw-replacement3.local.netz gw-irights.irights.netz gw-km.oopen.de diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts index d672655..f54a8b1 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts @@ -68,3 +68,5 @@ comicartcollective\.com$ fesg56wesg\.xyz$ convinceandconvert\.com$ thelargest\.homes$ +eamyobai\.cfd$ +countryfields\.ca$ diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets index 39aada9..e99d703 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets @@ -84,8 +84,6 @@ 172.93.96.0/20 # US (u.a. premiumofen.com) 108.171.192.0/19 -# US () -54.240.0.0/18 # VE ( u.a. cne.gob.ve) 201.130.82.0/23 # mx1.privateemail.com mx2.privateemail.com @@ -130,3 +128,6 @@ # US ( u.a. notstrom-generatoren.com) 68.69.187.0/24 104.156.156.0/22 +# US (u.a direktversender.net) +103.83.37.0/24 +103.114.162.0/24 diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender index 667ffab..979122b 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender @@ -91,3 +91,4 @@ firmen-infos\.com$ ^sqek@eike\.se$ ^info@webmeinung\.de$ ^info@handel-versand\.com$ +^order@direktversender\.net§ diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.wl-sender b/roles/common/files/mailserver/etc/postfix/postfwd.wl-sender index d5c5acd..c64a9ff 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.wl-sender +++ b/roles/common/files/mailserver/etc/postfix/postfwd.wl-sender @@ -19,4 +19,4 @@ # --- # give trusted sender addresses here - +^noreply@login\.ubuntu\.com$