ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2025-01-21 16:53:58 +01:00
parent c9cee6deae
commit 5fe32c6473
25 changed files with 717 additions and 573 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
host_vars/backup.oopen.de.yml
View File

@ -262,8 +262,10 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtIXFS9OrKBvBl+fKtYN/lOOKpPuuc02H8HV+++LeBU root@backup'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZkez42c+5KVt/ZOhwslO321ibzV02oMImImRGNBIRD root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT+QOy+R6O4ojAeB7y/CRMmfbB19rFstvEW7saHpHMX root@c.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXaxrm1MdUsiGviWJX/LaaaTaHga7+GKXYZPjUr5aBV root@chamaesiphon'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPrJu40Up1x9VCTTac6+ANjJ2NFXfDb5v3dP4pVgm+c root@cl-01'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7JBJ0qQJsTlADj/zMoxGlzPCGlnh0ngDS5+tkyVqgf root@cl-02'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORi7e7u0KhCkCB8iCmPud0hzCwnJVhxpPmy8vFFkFgY root@cl-dissens'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3VloFw13vVt8UAV5h0860Wq/vFJEm5EazOqM+cVe17 root@cl-flr'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRaUsGqBvZBDzyh1kuldC/jdbtuoXFgBZ7PbgSqytSn root@cl-fm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvmOpsiL+eiJ3qZVDJiUCFVZge0OQJ1hpZgw7pJ8sq5 root@cl-irights'
@ -307,6 +309,7 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEM1SI7Lwk0G8UycysL7ZPdXm1DRGgPnr01B0ewRGEKi root@o24'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJKfPInE9VjXVe+6DQ+4/H1nQJwXljYEK6gwfmTDgGy root@o26'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIES9ftVcNMv6pW2HDM12fIbOOEvq1fcd74kbO4LHfhGH root@o28'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtACieGFf34NDepB9GqJjVqji6bf6xrO1LevXgm3aN+ root@o29'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE70FVVu2bsdH2qJITFVSDEPraiI4uSCuzEkYlbl6pRW root@o30'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0+aRoMxzmiQCAIMajNhbTZEumtZ9yCG2Nb4ucqK8lo root@o31'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJvhepf3kho9zJz1QO52aLbr4/Rim/FLdENg1GNKCPx root@o32'

4
host_vars/file-blkr.blkr.netz.yml
View File

@ -339,6 +339,10 @@ samba_user:
groups:
- buero
password: '4/zCNXnVF7+i'
- name: refa
groups:
- buero
password: 'Mehringdamm40'
- name: ref1
groups:
- buero

14
host_vars/file-dissens.dissens.netz.yml
View File

@ -311,6 +311,7 @@ samba_user:
groups:
- projekte
- team
- verwaltung
password: '20/3l3n0r-fa3llg3em/24?'
- name: johanna.hess
@ -355,6 +356,13 @@ samba_user:
- projekte
password: '20-0l4f_stuve_24?"'
- name: ralph.klesch
groups:
- projekte
- team
- verwaltung
password: '20/r4lph-kl3sch.24-'
- name: rositsa.mahdi
groups:
- projekte
@ -368,6 +376,12 @@ samba_user:
- verwaltung
password: '20.s4r4h_kl3mm-24!'
- name: sebastian.scheele
groups:
- projekte
- team
password: '20/s3-bast1an+sch33l3_24-'
- name: simon.krugmann
groups:
- projekte

2
host_vars/file-km.anw-km.netz.yml
View File

@ -413,6 +413,7 @@ samba_user:
- name: irina
groups:
- advoware
- alle
- aulmann
- howe
@ -423,6 +424,7 @@ samba_user:
- name: jessica
groups:
- advoware
- alle
- aulmann
- howe

13
host_vars/ga-st-gw.ga.netz.yml
View File

@ -200,8 +200,10 @@ network_interfaces:
downdelay: 200
updelay: 200
post-up:
# VLAN 121 - for Ubiquiti UniFi Accesspoints)
# VLAN 121 - for Ubiquiti UniFi Accesspoints
- /sbin/ip link add link bond1 name bond1.121 type vlan id 121
# VLAN 121 - for Ubiquiti UniFi Accesspoints Guests
- /sbin/ip link add link bond1 name bond1.131 type vlan id 131
# Route ???
- /sbin/ip route add 10.11.16.0/24 via 192.168.11.6
@ -215,6 +217,15 @@ network_interfaces:
netmask: 20
- device: bond1.131
headline: bond1.131 - VLAN 131 on interface bond1 for Ubiquiti UniFi Accesspoints Guest Net
auto: true
family: inet
method: static
address: 10.131.15.254
netmask: 20
- device: bond1:ns
headline: bond1:ns - Alias IP on bond1 device for Nameservice
auto: true

551
host_vars/ga-st-gw.oopen.de.yml
View File

@ -1,551 +0,0 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eth2
headline: eth2 - Uplink static line (radio) to Altenschlirf
auto: true
family: inet
method: static
address: 172.16.111.254
netmask: 24
up:
# - For management Antennas
- /sbin/ip link add link eth2 name eth2.111 type vlan id 111
post-up:
# - Static routes to Altenschlirf (Router Ip-Address Altenschlirf: 172.16.111.253)
# -
# - Telefon Altenshlirf
- /sbin/ip route add 172.16.210.0/24 via 172.16.111.253
# User Network Altenshlirf
- /sbin/ip route add 192.168.10.0/24 via 172.16.111.253
# Management Network Altenschlirf
- /sbin/ip route add 10.10.10.0/24 via 172.16.111.253
# WLan Router (Accesspoints) Altenshlirf
- /sbin/ip route add 10.122.1.0/24 via 172.16.111.253
# # WLan Networks Altenshlirf
- /sbin/ip route add 10.123.0.0/16 via 172.16.111.253
# DSL via Fritzbox Altenschlirf
- /sbin/ip route add 172.16.10.0/24 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf (Unifi routet Network)
- /sbin/ip route add 10.221.0.0/20 via 172.16.111.253
# VPN home Network Altenschlirf
#
- /sbin/ip route add 10.0.10.0/24 via 172.16.111.253
# private networks 'ckubu'
#
# connections from private ckubu networks ist routed through VPN Altenschlirf (gw-ckubu),
# so we route them back to that gateway..
- /sbin/ip route add 192.168.63.0/24 via 172.16.111.253
- /sbin/ip route add 192.168.64.0/24 via 172.16.111.253
- device: eth2.111
headline: eth2.111 - network 10.10.111.0 (management antennas)
auto: true
family: inet
method: static
address: 10.10.111.254
netmask: 24
- device: eth8
headline: eth8 - holds VLAN 211 device for Network Telefons Stockhausen
auto: false
family: inet
method: manual
up:
- /sbin/ip link add link eth8 name eth8.211 type vlan id 211
- device: eth8.211
headline: eth8.211 - Network Telefons Stockhausen
auto: true
family: inet
method: static
# Note:
# !! 172.16.211.254 is reserved for LANCom Router (DSL line teleefon).
# This LANCom Router IS NOT pngable !!
address: 172.16.211.1
netmask: 24
pre-up:
- /sbin/ifconfig eth8 up
- device: eth9
headline: eth9 - Uplink DSL surf2 via (static) line to Fritz!Box 7490 (formaly Zyxel 6501)
auto: true
family: inet
method: static
address: 172.16.11.1
netmask: 24
gateway: 172.16.11.254
- device: eth10
headline: eth10 - Uplink DSL surf3 via (static) line to Fritz!Box 7490
auto: true
family: inet
method: static
address: 172.16.13.1
netmask: 24
gateway: 172.16.13.254
- device: eth11
headline: eth11 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver)
auto: true
family: inet
method: static
address: 172.16.12.1
netmask: 24
gateway: 172.16.12.254
# ----------
# Note: Install the 'ifenslave' package, necessary to enable bonding:
#
# apt-get install ifenslave
# ----------
- device: bond0
headline: bond0 - LAG (Link Aggregation) on devices eth0 and eth4
auto: true
family: inet
method: static
address: 10.1.9.254
netmask: 24
bond:
slaves: eth0 eth4
# Mode 4 (802.3ad)
#
# also possible here:
# - Mode 5: balance-tlb
# - Mode 6: balance-alb
mode: 4
miimon: 100
lacp-rate: 1
ad-select: count
downdelay: 200
updelay: 200
post-up:
# VLAN 11 for management network Stockhausen/Schloss 10.10.11.0/24
- /sbin/ip link add link bond0 name bond0.11 type vlan id 11
# VLAN 78 for network Georgshaus 192.168.78.0/24
- /sbin/ip link add link bond0 name bond0.78 type vlan id 78
- device: bond0.11
headline: bond0.11 - VLAN 11 on interface bond0 (Management Network Stockhausen)
auto: true
family: inet
method: static
address: 10.10.11.254
netmask: 24
- device: bond0.78
headline: bond0.78 - VLAN 78 on interface bond0 (Georgshaus ?)
auto: true
family: inet
method: static
address: 192.168.78.254
netmask: 24
# ----------
# Note: Install the 'ifenslave' package, necessary to enable bonding:
#
# apt-get install ifenslave
# ----------
- device: bond1
headline: bond1 - LAG (Link Aggregation) on devices eth1 and eth5 - Main Network Stockhausen
auto: true
family: inet
method: static
address: 192.168.11.254
netmask: 24
nameservers:
- 192.168.11.1
- 192.168.10.3
search: ga.netz ga.intra
bond:
slaves: eth1 eth5
# Mode 4 (802.3ad)
#
# also possible here:
# - Mode 5: balance-tlb
# - Mode 6: balance-alb
mode: 4
miimon: 100
lacp-rate: 1
ad-select: count
downdelay: 200
updelay: 200
post-up:
# VLAN 121 - for Ubiquiti UniFi Accesspoints)
- /sbin/ip link add link bond1 name bond1.121 type vlan id 121
# Route ???
- /sbin/ip route add 10.11.16.0/24 via 192.168.11.6
- device: bond1.121
headline: bond1.121 - VLAN 121 on interface bond1 for Ubiquiti UniFi Accesspoints
auto: true
family: inet
method: static
address: 10.121.15.254
netmask: 20
- device: bond1:ns
headline: bond1:ns - Alias IP on bond1 device for Nameservice
auto: true
family: inet
method: static
address: 192.168.11.1
netmask: 32
- device: bond1:1
headline: bond1:1 - Alias IP on bond1 device for (depricated) Management Network
auto: true
family: inet
method: static
address: 10.10.9.254
netmask: 24
- device: bond1:ap
headline: bond1:ap - Alias IP on bond1 device for Network Accesspoints
auto: true
family: inet
method: static
address: 10.112.1.254
netmask: 24
post-up:
# - Wireless Networks routed through appropriate Accesspoints
# -
- /sbin/ip route add 10.113.1.0/24 via 10.112.1.1
- /sbin/ip route add 10.113.2.0/24 via 10.112.1.2
- /sbin/ip route add 10.113.3.0/24 via 10.112.1.3
- /sbin/ip route add 10.113.4.0/24 via 10.112.1.4
- /sbin/ip route add 10.113.5.0/24 via 10.112.1.5
- /sbin/ip route add 10.113.6.0/24 via 10.112.1.6
- /sbin/ip route add 10.113.7.0/24 via 10.112.1.7
- /sbin/ip route add 10.113.8.0/24 via 10.112.1.8
- /sbin/ip route add 10.113.9.0/24 via 10.112.1.9
- /sbin/ip route add 10.113.10.0/24 via 10.112.1.10
- /sbin/ip route add 10.113.11.0/24 via 10.112.1.11
- /sbin/ip route add 10.113.12.0/24 via 10.112.1.12
- /sbin/ip route add 10.113.13.0/24 via 10.112.1.13
- /sbin/ip route add 10.113.14.0/24 via 10.112.1.14
- /sbin/ip route add 10.113.15.0/24 via 10.112.1.15
- device: bond1:ipmi
headline: bond1:ipmi - Alias IP on bond1 for IPMI Addresses Servr Stockhausen
auto: true
family: inet
method: static
address: 10.11.11.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- ga.netz
- ga.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 192.168.10.1
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: maadmin
password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- wadmin
- maadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3
- '# Nameserver Gateway Altenschlirf'
- 192.168.10.1
- '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1
- '# Nameserver Gateway Novalishaus'
- 192.168.81.1
- 10.2.11.2
- '# Nameserver wolle'
- 10.113.12.3
- '# Postfix Mailserver'
- 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- internaldns
bind9_transfer_source: !!str "192.168.11.1"
bind9_notify_source: !!str "192.168.11.1"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

141
host_vars/mm-migration.oopen.de.yml Normal file
View File

@ -0,0 +1,141 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 195.201.179.131
- 95.217.204.204
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---