ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2024-04-25 18:55:48 +02:00
parent ec43134104
commit 65f6725f19
31 changed files with 478 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
host_vars/file-ah.kanzlei-kiel.netz.yml
View File

@ -275,49 +275,20 @@ samba_groups:
group_id: 122
- name: gubitz-partner
group_id: 123
- name: sysadm
group_id: 1050
- name: install
group_id: 1070
samba_user:
- name: buero
groups:
- verwaltung
- intern
password: 'buero2011'
- name: axel
groups:
- intern
- verwaltung
- hoffmann-elberling
password: 'ah-kiel.2018'
- name: bjoern
groups:
- intern
- verwaltung
- hoffmann-elberling
password: 'bjoern2011'
- name: gubitz
groups:
- intern
- verwaltung
- gubitz-partner
password: '20gubitz12'
- name: schaar
groups:
- intern
- verwaltung
- gubitz-partner
password: '20schaar12'
- name: molkentin
groups:
- intern
- verwaltung
- gubitz-partner
password: 20molkentin12
- name: buerooben
groups:
- intern
- verwaltung
- hoffmann-elberling
password: 'buero2013'
- name: back
groups: []
password: !vault |
@ -327,34 +298,34 @@ samba_user:
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: bjoern
groups:
- intern
- verwaltung
- hoffmann-elberling
password: 'bjoern2011'
- name: buchholz
groups:
- buero
- intern
- verwaltung
- buero
- intern
- verwaltung
password: '20-buch_holz-20'
- name: schmidt
- name: buero
groups:
- verwaltung
- intern
password: 'buero2011'
- name: buerooben
groups:
- intern
- verwaltung
- gubitz-partner
password: '20-schmidt_21%'
- name: kiel-nb1
groups:
- buero
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: '20-note%book1-20'
- name: kiel-nb2
groups:
- buero
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: '20-note%book2-20'
password: 'buero2013'
- name: chris
groups:
- buero
@ -370,6 +341,118 @@ samba_user:
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: gubitz
groups:
- intern
- verwaltung
- gubitz-partner
password: '20gubitz12'
- name: heckert
groups:
- intern
- gubitz-partner
password: '0-heckert.22%'
- name: hh-jaenicke
groups: []
password: '20-th.jaenicke_%20'
- name: hh-kanzlei
groups: []
password: '20-HH_18-Kanzlei'
- name: hh-lucke
groups: []
password: 'Ole20Steffen_17'
- name: hh-kell
groups: []
password: '20-an.kell-%24'
- name: hh-neumann
groups: []
password: '20.neu-mann_%24'
- name: hh-pueschel
groups: []
password: '20-HH_caro.pueschel-%21'
- name: kiel-nb1
groups:
- buero
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: '20-note%book1-20'
- name: kiel-nb2
groups:
- buero
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: '20-note%book2-20'
- name: molkentin
groups:
- intern
- verwaltung
- gubitz-partner
password: 20molkentin12
- name: schaar
groups:
- intern
- verwaltung
- gubitz-partner
password: '20schaar12'
- name: schmidt
groups:
- intern
- verwaltung
- gubitz-partner
password: '20-schmidt_21%'
- name: simone.schnoenmehl
groups:
- intern
- gubitz-partner
password: '20-simone-schnoenmehl-22%'
# password: 9xFXkdPR_2
- name: sysadm
groups:
- buero
- install
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35323634653231353634343232326436393435386366396364373766306135636536323165656362
3138366263316231333038343930313134333565373566640a363932616535343538376333313335
64326566643163366533356464326339653236636562363336633738656631626433306661323835
3337663865333636660a626131366161636433613561613235333831653733383365623564313431
6439
# password: Iar-zrq4wG.2
- name: winadm
groups:
- sysadm
- install
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31326630303038396164656266623339353031336434376531383133643266656133363165316532
6364343131656235313432356230646337373362343938660a393031323561326438653935393632
34373464313666343433626635656261323933353631393632626166643738386333636639303334
3661613165626230640a306236363161356239306232633565336131303066383464626164636133
3038
base_home: /home
# remove_samba_users:
@ -434,6 +517,15 @@ samba_shares:
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Install
path: /data/samba/shares/install
group_valid_users: install
group_write_list: install
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
# ---
# - This share will be written by Windows Server 2016 configured at
# - "Windows Zubehör" -> "Windows Server-Sicherung"
@ -441,8 +533,8 @@ samba_shares:
- name: WinServer2016-Backup
comment: WinServer2016-Backup on Fileserver
path: /data/samba/shares/WinServer2016-Backup
group_valid_users: {}
group_write_list: {}
group_valid_users: sysadm
group_write_list: sysadm
file_create_mask: !!str 664
dir_create_mask: !!str 2775
guest_ok: !!str yes

8
host_vars/ga-st-mail.ga.netz.yml
View File

@ -183,13 +183,13 @@ copy_plain_files:
dest_path: /root/bin/postfix/conf/whitelist_mb_sigs.conf
copy_plain_files_postfwd_host_specific: []
copy_plain_files_postfwd_host_specific:
# Postfix Firewall postfwd
#
#- name: postfwd.wl-user
# src_path: ga-st-mail/etc/postfix/postfwd.wl-user
# dest_path: /etc/postfix/postfwd.wl-user
- name: postfwd.wl-user
src_path: ga-st-mail/etc/postfix/postfwd.cf
dest_path: /etc/postfix/postfwd.cf
#copy_template_files: []

9
host_vars/gw-ak.oopen.de.yml
View File

@ -268,15 +268,6 @@ bind9_gateway_listen_on_v6:
bind9_gateway_listen_on:
- any
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================

10
host_vars/o17.oopen.de.yml
View File

@ -154,11 +154,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -192,6 +187,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Clean up Samba Trash Dirs"
minute: '02'
hour: '23'

5
host_vars/o20.oopen.de.yml
View File

@ -141,6 +141,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Optimize mysql tables"
minute: '51'
hour: '04'

10
host_vars/o21.oopen.de.yml
View File

@ -237,11 +237,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -280,6 +275,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Optimize mysql tables"
minute: '53'
hour: '04'

10
host_vars/o22.oopen.de.yml
View File

@ -234,11 +234,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -249,6 +244,11 @@ cron_user_special_time_entries:
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check if Check if all autostart LX-Container are running."
special_time: reboot
job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh"

15
host_vars/o23.oopen.de.yml
View File

@ -235,11 +235,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -278,11 +273,21 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'
job: /root/bin/admin-stuff/check-disc-usage.sh -c 85
- name: "Restart Jitsi Meet Service"
minute: '51'
hour: '6'
job: /usr/bin/lxc-stop -n meet ; sleep 5 ; /usr/bin/lxc-start -n meet
# ---

10
host_vars/o24.oopen.de.yml
View File

@ -237,11 +237,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -280,6 +275,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/o25.oopen.de.yml
View File

@ -345,11 +345,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -378,6 +373,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
minute: '*/5'
hour: '*'

10
host_vars/o27.oopen.de.yml
View File

@ -237,11 +237,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -280,6 +275,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/o28.oopen.de.yml
View File

@ -344,11 +344,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -377,6 +372,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Backup internet hosts and then print out hdd-usage for all backuped hosts"
minute: '06'
hour: '00'

10
host_vars/o29.oopen.de.yml
View File

@ -233,11 +233,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -271,6 +266,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

15
host_vars/o30.oopen.de.yml
View File

@ -223,11 +223,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -266,11 +261,21 @@ cron_user_entries:
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'
job: /root/bin/admin-stuff/check-disc-usage.sh -c 85
- name: "Restart Jitsi Meet Service"
minute: '51'
hour: '6'
job: /usr/bin/lxc-stop -n meet ; sleep 5 ; /usr/bin/lxc-start -n meet
# ---
# vars used by roles/common/tasks/users.yml

10
host_vars/o31.oopen.de.yml
View File

@ -236,11 +236,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -279,6 +274,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/o32.oopen.de.yml
View File

@ -234,11 +234,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -277,6 +272,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Optimize mysql tables"
minute: '53'
hour: '04'

10
host_vars/o34.oopen.de.yml
View File

@ -232,11 +232,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -275,6 +270,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Optimize mysql tables"
minute: '53'
hour: '04'

10
host_vars/o35.oopen.de.yml
View File

@ -237,11 +237,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -275,6 +270,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/o36.oopen.de.yml
View File

@ -230,11 +230,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -268,6 +263,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/o38.oopen.de.yml
View File

@ -232,11 +232,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -270,6 +265,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/o39.oopen.de.yml
View File

@ -232,11 +232,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -270,6 +265,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
# ---

10
host_vars/server18.warenform.de.yml
View File

@ -234,11 +234,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -272,6 +267,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/server22.warenform.de.yml
View File

@ -221,11 +221,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -259,6 +254,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/server23.warenform.de.yml
View File

@ -221,11 +221,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -259,6 +254,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/server24.warenform.de.yml
View File

@ -228,11 +228,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -266,6 +261,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/server25.warenform.de.yml
View File

@ -229,11 +229,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -267,6 +262,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/server26.warenform.de.yml
View File

@ -244,11 +244,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -282,6 +277,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

10
host_vars/server27.warenform.de.yml
View File

@ -251,11 +251,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -289,6 +284,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'

7
host_vars/server28.warenform.de.yml
View File

@ -273,6 +273,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'
@ -281,7 +286,7 @@ cron_user_entries:
- name: "Check if cert(s) for Prosody service are up-zp-date"
minute: '13'
hour: '05'
job: /root/bin/monitoring/check_cert_for_service.sh
job: /root/bin/monitoring/check_cert_for_prosody.sh
- name: "Check if cert for coTURN service is up-to-date"
minute: '39'

6
host_vars/zapata.opp.netz.yml
View File

@ -435,6 +435,12 @@ samba_user:
- beratung
password: '20_martin_18'
- name: marvin
groups:
- buero
- beratung
password: 'm4rv!n*6urg_24'
- name: miriam
groups:
- buero

177
roles/common/files/ga-st-mail/etc/postfix/postfwd.cf Normal file
View File

@ -0,0 +1,177 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#======= Definitions ============
# Match messages with an associated SASL username
&&SASL_AUTH {
sasl_username!~^$
}
# Trusted networks
&&TRUSTED_NETS {
client_address==file:/etc/postfix/postfwd.wl-nets
}
# Trusted hostnames
# client_name~=.warenform.de$
&&TRUSTED_HOSTS {
client_name=~file:/etc/postfix/postfwd.wl-hosts
}
# Trusted users
&&TRUSTED_USERS {
sasl_username==file:/etc/postfix/postfwd.wl-user
}
# Trusted senders
&&TRUSTED_SENDERS {
sender=~file:/etc/postfix/postfwd.wl-sender
}
# Blacklist networks
&&BLOCK_NETS {
client_address==file:/etc/postfix/postfwd.bl-nets
}
# Blacklist hostnames
&&BLOCK_HOSTS {
client_name=~file:/etc/postfix/postfwd.bl-hosts
}
# Blacklist users
&&BLOCK_USERS {
sasl_username==file:/etc/postfix/postfwd.bl-user
}
# Blacklist sender adresses
&&BLOCK_SENDER {
# =~
# using '=~' allows also matching entries for domains (i.e. @acieu.co.uk)
sender=~file:/etc/postfix/postfwd.bl-sender
}
# Inbound emails only
&&INCOMING {
client_address!=127.0.0.1
}
#======= Rule Sets ============
# ---
#
# Processing of the Rule Sets
#
# The parser checks the elements of a policy delegation request against the postfwd set
# of rules and, if necessary, triggers the configured action (action=). Similar to a
# classic firewall, a rule is considered true if every element of the set of rules (or
# one from every element list) applies to the comparison. I.e. the following rule:
#
# client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT
#
# triggers a REJECT if the
#
# Client address is equal (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
#
#
# Note:
# If an element occurs more than once, an element list is formed:
#
# The following rule set is equivalent to the above:
#
# client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT
#
#
# triggers a REJECT if (as above) the
#
# Client address (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown'
#
# ---
# Whitelists
# Whitelist trusted networks
id=WHL_NETS
&&TRUSTED_NETS
action=DUNNO
# Whitelist trusted hostnames
id=WHL_HOSTS
&&TRUSTED_HOSTS
action=DUNNO
# Whitelist sasl users
id=WHL_USERS
&&TRUSTED_USERS
action=DUNNO
# Whitelist senders
id=WHL_SENDERS
&&INCOMING
&&TRUSTED_SENDERS
action=DUNNO
# Blacklists
# Block networks
id=BL_NETS
&&BLOCK_NETS
action=REJECT Network Address $$client_address blocked by Mailserver admins. Error: BL_NETS
# Block hostname
id=BL_HOSTS
&&BLOCK_HOSTS
action=REJECT $$client_name blocked by Mailserver admins. Error: BL_HOSTS
# Block users
id=BL_USERS
&&BLOCK_USERS
action=REJECT User is blocked by Mailserver admins. Error: BL_USERS
# Blacklist sender
#
# Claim successful delivery and silently discard the message.
#
id=BL_SENDER
&&BLOCK_SENDER
#action=DISCARD
action=REJECT Sender address is blocked by Mailserver admins. Error: BL_SENDER
# Rate Limits
# Throttle unknown clients to 5 recipients per 5 minutes:
id=RATE_UNKNOWN_CLIENT_ADDR
sasl_username =~ /^$/
client_name==unknown
action=rate(client_address/5/300/450 4.7.1 only 5 recipients per 5 minutes allowed)
# Changed from default 'more than 50 messages per minute' (/50/60/421 421)
#
# Block clients (ip-addresses) sending more than 150 messages per minute exceeded. Error:RATE_CLIENT)
id=RATE_CLIENT_ADDR
&&INCOMING
action=rate($$client_address/150/60/421 421 4.7.0 Too many connections from $$client_address)
# Block messages with more than 50 recipients
id=BLOCK_MSG_RCPT
&&INCOMING
&&SASL_AUTH
recipient_count=50
action=REJECT Too many recipients, please reduce to less than 50 or consider using a mailing list. Error: BLOCK_MSG_RCPT
# Changed from default '50 messages/hour' (/50/3600/450)
#
# Block users sending more than 200 messages/hour
id=RATE_MSG
&&INCOMING
&&SASL_AUTH
action=rate($$sasl_username/200/3600/450 4.7.1 Number messages per hour exceeded. Error:RATE_MSG)
# Block users sending more than 250 recipients total/hour
id=RATE_RCPT
&&INCOMING
&&SASL_AUTH
action=rcpt($$sasl_username/250/3600/450 4.7.1 Number recipients per hour exceeded. Error:RATE_RCPT)