ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2024-02-04 17:27:13 +01:00
parent 762e38586e
commit 67f771e2bf
7 changed files with 442 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

397
host_vars/file-blkr-neu.blkr.netz.yml Normal file
View File

@ -0,0 +1,397 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1
# use only once per device (for the first device entry)
headline: eno1 - LAN
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.162.20
netmask: 24
gateway: 192.168.162.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 192.168.162.1
#search: blkr.netz
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_macs:
- hmac-sha1
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512-etm@openssh.com
- umac-128-etm@openssh.com
sshd_hostkeyalgorithms:
- ecdsa-sha2-nistp256-cert-v01@openssh.com
- ecdsa-sha2-nistp384-cert-v01@openssh.com
- ecdsa-sha2-nistp521-cert-v01@openssh.com
- ssh-ed25519-cert-v01@openssh.com
- rsa-sha2-512-cert-v01@openssh.com
- rsa-sha2-256-cert-v01@openssh.com
- ssh-rsa-cert-v01@openssh.com
- ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp521
- ssh-ed25519
- rsa-sha2-512
- rsa-sha2-256
- ssh-rsa
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.162.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- blkr.netz
resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.162.20
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.162.20:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.162.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.162.20
samba_server_cidr_prefix: 24
samba_workgroup: BLKR
samba_netbios_name: FILE-BLKR
samba_server_min_protocol: !!str NT1
samba_groups:
- name: buero
group_id: 1100
- name: verwaltung
group_id: 1110
samba_user:
- name: anya
groups:
- buero
- verwaltung
password: 'Mq9R.WhKtP4v'
- name: chris
groups:
- buero
- verwaltung
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: josephine
groups:
- buero
- verwaltung
password: 'H7jnJ/m9W-bf'
- name: julius
groups:
- buero
- verwaltung
password: 'fx9j/3X-thPr'
- name: julius-e
groups:
- buero
password: '2/kcx3jju-tr'
- name: leonie
groups:
- buero
password: '6.4aVX7rQ-9H'
- name: philip
groups:
- buero
- verwaltung
password: 'fN%749Psv_NR'
- name: buero1
groups:
- buero
password: 'Mfr!7tK+d49C'
- name: buero2
groups:
- buero
password: 'gW-wg3Pttf4/'
- name: buero3
groups:
- buero
password: 'Qc-WyMhJ/3-2'
- name: referendariat
groups:
- buero
password: '4/zCNXnVF7+i'
- name: ref1
groups:
- buero
password: '???'
- name: sebastian
groups:
- buero
password: 'bhNC.P5eTy-2'
base_home: /home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
samba_shares:
- name: buero
comment: Buero auf Fileserver
path: /data/samba/shares/buero
group_valid_users: buero
group_write_list: buero
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Verwaltung
comment: verwaltung auf Fileserver
path: /data/samba/shares/verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

2
host_vars/file-ebs.ebs.netz.yml
View File

@ -165,7 +165,7 @@ resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
- 172.16.182.254
# ---

20
hosts
View File

@ -56,6 +56,7 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
gw-replacement.local.netz
@ -129,7 +130,6 @@ o13-mumble-neu.oopen.de
o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de
o13-schleuder.oopen.de
o13-web.oopen.de
o13-web-neu.oopen.de
@ -305,7 +305,6 @@ o13-mumble-neu.oopen.de
o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de
o13-schleuder.oopen.de
o13-web.oopen.de
o13-web-neu.oopen.de
@ -465,6 +464,7 @@ file-km.anw-km.netz
# - Kanzlei BLKR
gw-blkr.oopen.de
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
# - Kanzlei EBS Leipzig
gw-ebs.oopen.de
@ -827,7 +827,6 @@ c.mx.oopen.de
# o13.oopen.de
o13-mail.oopen.de
o13-schleuder.oopen.de
# o17.oopen.de
test.mx.oopen.de
@ -1221,12 +1220,15 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
[nfs_server]
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
file-ebs.ebs.netz
file-fhxb.fhxb.netz
@ -1234,6 +1236,12 @@ file-fhxb.fhxb.netz
[nfs_client]
[x2go_server]
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
[mumble_server]
#test.mx.oopen.de
@ -1307,6 +1315,7 @@ bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
# - GA - Gemeinschaft Altensclirf
@ -1353,7 +1362,6 @@ o13-mumble-neu.oopen.de
o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de
o13-schleuder.oopen.de
o13-web.oopen.de
o13-web-neu.oopen.de
@ -1453,6 +1461,7 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
file-ipa.local.netz
@ -1537,7 +1546,6 @@ o13-mumble-neu.oopen.de
o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de
o13-schleuder.oopen.de
o13-web.oopen.de
o13-web-neu.oopen.de
@ -1660,6 +1668,7 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
@ -1796,6 +1805,5 @@ o13-mumble-neu.oopen.de
o13-pad.oopen.de
o13-pad-neu.oopen.de
o13-cryptpad.oopen.de
o13-schleuder.oopen.de
o13-web.oopen.de
o13-web-neu.oopen.de

5
roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
View File

@ -86,11 +86,6 @@
108.171.192.0/19
# VE ( u.a. cne.gob.ve)
201.130.82.0/23
# mx1.privateemail.com mx2.privateemail.com
198.54.122.250
198.54.122.240
# US (u.a. direktpaket.com>)
198.54.112.0/20
# classic-british-motorcycles.com
172.67.189.127
104.21.33.94

9
roles/common/tasks/main.yml
View File

@ -180,6 +180,15 @@
- nfs
# tags supported inside x2go-server.yml:
#
# x2go-server
- import_tasks: x2go-server.yml
when: inventory_hostname in groups['x2go_server']
tags:
- x2go
# tags supported inside copy_files.yml:
#
# copy-files

21
roles/common/tasks/x2go-server.yml Normal file
View File

@ -0,0 +1,21 @@
---
# ---
# NFS Server
# ---
- name: (x2g-server.yml) Ensure X2Go server packages are installed.
apt:
name:
- x2goserver
- x2goserver-xsession
- x2gobroker-daemon
state: present
when:
- ansible_os_family == "Debian"
- "groups['x2go_server']|string is search(inventory_hostname)"
tags:
- x2g--server

0
zzz.yml
View File