ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2025-08-04 18:39:16 +02:00
parent a81cf75e13
commit 67ea094453
3 changed files with 531 additions and 708 deletions
Download Patch File Download Diff File Expand all files Collapse all files

708
host_vars/:q
View File

@ -1,708 +0,0 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp97s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.122.10
netmask: 24
gateway: 192.168.122.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge:
ports: enp97s0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# inline hook scripts
pre-up:
- !!str "ip link set dev enp97s0 up" # pre-up script lines
up: [] #up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.122.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- anw-km.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 172.16.122.254
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_back_mount_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/mount'
- 'ALL=(root) NOPASSWD: /usr/bin/umount'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.122.10
samba_server_cidr_prefix: 24
samba_workgroup: WORKGROUP
samba_netbios_name: FILE-KM
samba_server_min_protocol: !!str NT1
samba_groups:
- name: kanzlei
group_id: 1100
- name: a-jur
group_id: 1110
- name: intern
group_id: 1120
- name: aulmann
group_id: 1130
- name: howe
group_id: 1140
- name: stahmann
group_id: 1150
- name: traine
group_id: 1160
- name: public
group_id: 1170
- name: alle
group_id: 1180
samba_user:
- name: advoware
groups:
- advoware
password: '9WNRbc49m3'
- name: a-jur
groups:
- a-jur
- alle
- intern
- kanzlei
password: 'a-jur'
- name: andrea
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
password: 'fXc3bmK9gj'
- name: andreas
groups:
- a-jur
- advoware
- alle
- kanzlei
password: 'YKQRa.M9-6rL'
- name: aphex2
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'J3KMRprK9H'
- name: berenice
groups:
- kanzlei
- a-jur
- alle
password: 'berenice'
- name: beuster
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
- alle
password: 'zlm17Kx'
- name: buero
groups:
- kanzlei
- a-jur
- alle
password: 'buero'
- name: buero2
groups:
- kanzlei
- a-jur
- alle
password: 'buero2'
- name: buero3
groups:
- kanzlei
- a-jur
- alle
password: 'buero3'
- name: buero4
groups:
- kanzlei
- a-jur
- alle
password: 'buero4'
- name: buero7
groups:
- kanzlei
- a-jur
- alle
password: 'buero7'
- name: chris
groups:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- public
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30383265366434633965346530666535363761396165393434643665393137353765653739636364
6330623334353763613065343336306434376335646666380a363030363335656261656236636562
63663763616630383264303039336562626537366634303636356237323630666635356130383165
3837613337343533650a663061366230353531316535656433643162353063383534323833323138
3430
- name: christina
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'qvR7zX4Lhs'
- name: federico
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'zHfj9g3NcC'
# - name: gerhard
# groups:
# - advoware
# - alle
# - aulmann
# - howe
# - stahmann
# - traine
# - public
# password: 'bHdhzWnTj9'
- name: ho-st1
groups:
- alle
- howe
- stahmann
password: '44-Ro-440'
# - name: howe-staff-1
# groups:
# - advoware
# - alle
# - aulmann
# - howe
# password: ''
- name: irina
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'W9NKv39pXW'
- name: jessica
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'bV3pjPtjkR'
# - name: laura
# groups:
# - alle
# - aulmann
# - howe
# - stahmann
# - traine
# password: '99-Hamburg-990'
- name: lenovo3
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'fndvLmrt7W'
- name: lenovo4
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'tpCMmTKj7H'
- name: lenovo5
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'L5Hannover51'
- name: lenovo6
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
password: '66koeln66'
- name: rm-buero1
groups:
- alle
- a-jur
- kanzlei
password: ''
- name: rm-buero2
groups:
- alle
- a-jur
- kanzlei
password: ''
- name: rolf
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: '4xNVNFXgP4'
- name: sysadm
groups:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- public
password: 'Ax_GSHh5'
- name: thomas
groups:
- advoware
- alle
- traine
password: '55-tho-mas-550'
- name: Tresen
groups:
- a-jur
- advoware
- alle
- kanzlei
- howe
- stahmann
- traine
- public
password: 'maltzwo2'
- name: winadm
groups:
- a-jur
- advoware
- alle
- intern
- kanzlei
- public
password: 'Ax_GSHh5'
base_home: /data/home
remove_samba_users:
- name: howe-staff-1
- name: gerhard
- name: laura
#remove_samba_users: []
#remove_samba_users:
# - name: evren
samba_shares:
- name: a-jur
comment: a-jur Dokumente
path: /data/samba/a-jur
group_valid_users: a-jur
group_write_list: a-jur
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: kanzlei
comment: Kanzlei auf Fileserver
path: /data/samba/kanzlei
group_valid_users: kanzlei
group_write_list: kanzlei
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: install
comment: Install auf Fileserver
path: /data/samba/no-backup-shares/install
group_valid_users: intern
group_write_list: intern
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: false
- name: aulmann
comment: Aulmann auf Fileserver
path: /data/samba/Aulmann
group_valid_users: aulmann
group_write_list: aulmann
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: howe
comment: Howe auf Fileserver
path: /data/samba/Howe
group_valid_users: howe
group_write_list: howe
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: stahmann
comment: Stahmann auf Fileserver
path: /data/samba/Stahmann
group_valid_users: stahmann
group_write_list: stahmann
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: traine
comment: Traine auf Fileserver
path: /data/samba/Traine
group_valid_users: traine
group_write_list: traine
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: public
comment: Public auf Fileserver
path: /data/samba/public
group_valid_users: public
group_write_list: public
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: Advoware-Schriftverkehr
comment: Advoware Dokumente
path: /data/samba/Advoware-Schriftverkehr
group_valid_users: advoware
group_write_list: advoware
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: Advoware-Backup
comment: Advoware Dokumente
path: /data/samba/Advoware-Backup
group_valid_users: intern
group_write_list: intern
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: false
- name: alle
comment: Alle auf Fileserver
path: /data/samba/Alle
group_valid_users: alle
group_write_list: alle
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
# - name: web
# comment: Web auf Fileserver
# path: /data/samba/Web
# group_valid_users: web
# group_write_list: web
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

462
host_vars/file-fm.fm.netz.yml Normal file
View File

@ -0,0 +1,462 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1np0
# use only once per device (for the first device entry)
headline: eno1 - LAN
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.222.10
netmask: 24
gateway: 192.168.222.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 192.168.222.1
#search: blkr.netz
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.222.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.132.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.222.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- fm.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users
# ---
default_user:
- name: chris
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$UHsnOrOT5qXnAwrPCzB7A1$jnqz4CHvLEaIke3RxnresjAOS6NfcTxyDH/fbKnXTC/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
home: /home/localadmin
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
#extra_user:
#
# - name: borg
# user_id: 1065
# group_id: 1065
# group: borg
# home: /home/borg
# password: $y$j9T$SZty9T8ZWbnyHR2S85xaG.$GhxHOKG9fKErT9s5TAehXXyZJSkNaIcXY18Rg1iMyhC
# shell: /bin/bash
# ssh_keys:
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrNhcgNtZykTgzcwX/L1cL8qpSyQQy75M01UpjdSmA root@file-dissens'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens'
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Daily Backup "
minute: "03"
hour: "00"
job: /root/crontab/backup-rborg2/rborg2.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_aliases:
- name: MAIN_USER
entry: 'malte.taeubrich, ulla.wittenzellner, sarah.klemm, bernard.koennecke, elenor.faellgren, mario.freidank '
sudoers_file_cmnd_aliases:
- name: REBOOT
entry: '/sbin/reboot'
- name: MANAGE_SERVICE
entry: '/usr/bin/systemctl'
sudoers_file_user_privileges:
- name: MAIN_USER
entry: ALL = REBOOT
- name: MAIN_USER
entry: ALL = MANAGE_SERVICE
# - name: julius
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: josephine
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: sebastian
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: julius-e
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/ntp.yml
# ---
local_ntp_service: true
ntp_server: gw-fm.fm.netz
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.222.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.222.10:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.222.0/24
- 10.0.222.0/24
- 10.1.222.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.222.10
samba_server_cidr_prefix: 24
samba_workgroup: FM
samba_netbios_name: FILE-FM
samba_server_min_protocol: !!str NT1
samba_groups:
- name: buero
group_id: 1100
- name: projekte
group_id: 1200
- name: verwaltung
group_id: 1300
samba_user:
- name: sysadm
groups:
- buero
- projekte
- verwaltung
password: 'k6-C5.X-/YGm'
- name: chris
groups:
- buero
- projekte
- verwaltung
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: anja
groups:
- buero
- projekte
- verwaltung
password: '20-4nj4.m4y3r_25?'
- name: barbara
groups:
- buero
- projekte
- verwaltung
password: '20.b4rb4r4-25?'
- name: linda
groups:
- buero
- projekte
- verwaltung
password: '20-l1nda_hu3p3r.25%'
base_home: /data/home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
#remove_samba_users:
# - name: elenor.faellgrem
# - name: maiken.schiele
samba_shares:
- name: Buero
comment: Buero auf Fileserver
path: /data/samba/shares/Buero
group_valid_users: buero
group_write_list: buero
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Projekte
comment: Projekte auf Fileserver
path: /data/samba/shares/Projekte
group_valid_users: projekte
group_write_list: projekte
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Verwaltung
comment: Verwaltung auf Fileserver
path: /data/samba/shares/Verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

69
host_vars/gw-fm.oopen.de.yml
View File

@ -38,6 +38,9 @@ network_interfaces:
method: static
address: 192.168.222.254
netmask: 24
post-up:
# VLAN 13 Guest Net
- /sbin/ip link add link eno2 name eno2.13 type vlan id 13
- device: eno2:ns
@ -48,6 +51,24 @@ network_interfaces:
address: 192.168.222.1
netmask: 32
- device: eno2.13
headline: eno2.13 - Guest Network
auto: true
family: inet
method: static
address: 192.168.223.254
netmask: 24
- device: eno2.13:ns
headline: eno2.13:ns - alias on eno2.13 (Guest Network)
auto: true
family: inet
method: static
address: 192.168.223.1
netmask: 32
# ---
# vars used by roles/ansible_dependencies
# ---
@ -157,8 +178,56 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if SSH service is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if OpenVPN service is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_vpn.sh
- name: "Check if nameservice (bind) is running?"
minute: '*/10'
hour: '*'
job: /root/bin/monitoring/check_dns.sh
- name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
minute: '0-59/2'
hour: '*'
job: /root/bin/monitoring/check_forwarding.sh
# - name: "Speedtest"
# minute: '17'
# hour: '*0-8'
# job: /root/bin/admin-stuff/speedtest.sh
- name: "Copy gateway configuration"
minute: '09'
hour: '3'
job: /root/bin/manage-gw-config/copy_gateway-config.sh FM
cron_user_special_time_entries:
- name: "Check if Postfix Service is running at boot time"
special_time: reboot
job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
insertafter: PATH
- name: "Restart Systemd's resolved at boottime."
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"