diff --git a/ansible-dependencies-trixie-sudo.yml b/ansible-dependencies-trixie-sudo.yml new file mode 100644 index 0000000..f392ec3 --- /dev/null +++ b/ansible-dependencies-trixie-sudo.yml @@ -0,0 +1,8 @@ +--- + +- hosts: initial_setup + gather_facts: false + + roles: + - ansible_dependencies-trixie + - ansible_user_debian diff --git a/ansible-dependencies-trixie.yml b/ansible-dependencies-trixie.yml new file mode 100644 index 0000000..76a1637 --- /dev/null +++ b/ansible-dependencies-trixie.yml @@ -0,0 +1,15 @@ +--- + +- hosts: initial_setup + remote_user: root + become: false + gather_facts: false + + vars_prompt: + + - name: ansible_ssh_pass + prompt: "Give root's password here" + + roles: + - ansible_dependencies-trixie + - ansible_user_debian diff --git a/files/homedirs/axel/_profile b/files/homedirs/axel/_profile index edc7a33..b885ffc 100644 --- a/files/homedirs/axel/_profile +++ b/files/homedirs/axel/_profile @@ -25,6 +25,8 @@ fi # to become the last directory the midnight commander was in # as the current directory when leaving the midnight commander # -#. /usr/lib/mc/bin/mc.sh -. /usr/share/mc/bin/mc.sh - +if [ -f "/usr/share/mc/bin/mc.sh" ]; then + source /usr/share/mc/bin/mc.sh +elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then + source /usr/lib/mc/bin/mc.sh +fi diff --git a/files/homedirs/back/_profile b/files/homedirs/back/_profile index edc7a33..c232aca 100644 --- a/files/homedirs/back/_profile +++ b/files/homedirs/back/_profile @@ -17,14 +17,17 @@ if [ -n "$BASH_VERSION" ]; then fi # set PATH so it includes user's private bin if it exists -if [ -d "$HOME/bin" ] ; then - PATH="$HOME/bin:$PATH" +if [ -d "$HOME/.local/bin" ] ; then + PATH="$HOME/.local/bin:$PATH" fi # this is for the midnight-commander # to become the last directory the midnight commander was in # as the current directory when leaving the midnight commander # -#. /usr/lib/mc/bin/mc.sh -. /usr/share/mc/bin/mc.sh +if [ -f "/usr/share/mc/bin/mc.sh" ]; then + source /usr/share/mc/bin/mc.sh +elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then + source /usr/lib/mc/bin/mc.sh +fi diff --git a/files/homedirs/chris/_profile b/files/homedirs/chris/_profile index 71115e9..9169811 100644 --- a/files/homedirs/chris/_profile +++ b/files/homedirs/chris/_profile @@ -21,6 +21,11 @@ if [ -d "$HOME/bin" ] ; then PATH="$HOME/bin:$PATH" fi +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/.local/bin" ] ; then + PATH="$HOME/.local/bin:$PATH" +fi + # this is for the midnight-commander # to become the last directory the midnight commander was in # as the current directory when leaving the midnight commander diff --git a/files/homedirs/root/_profile b/files/homedirs/root/_profile index d9530af..0664b2f 100644 --- a/files/homedirs/root/_profile +++ b/files/homedirs/root/_profile @@ -35,4 +35,6 @@ elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then source /usr/lib/mc/bin/mc.sh fi -mesg n +if command -v mesg >/dev/null 2>&1; then + mesg n +fi diff --git a/files/homedirs/sysadm/_profile b/files/homedirs/sysadm/_profile index 1a97c71..615ee29 100644 --- a/files/homedirs/sysadm/_profile +++ b/files/homedirs/sysadm/_profile @@ -1,24 +1,37 @@ # ~/.profile: executed by Bourne-compatible login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. -if [ "$BASH" ]; then - if [ -f ~/.bashrc ]; then - . ~/.bashrc - fi +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi fi # set PATH so it includes user's private bin if it exists if [ -d "$HOME/bin" ] ; then - PATH="$HOME/bin:$PATH" + PATH="$HOME/bin:$PATH" fi -if [ -d "$HOME/bin/admin-stuff" ] ; then - PATH="$HOME/bin/admin-stuff:$PATH" + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/.local/bin" ] ; then + PATH="$HOME/.local/bin:$PATH" fi # this is for the midnight-commander # to become the last directory the midnight commander was in # as the current directory when leaving the midnight commander # -# . /usr/lib/mc/bin/mc.sh -. /usr/share/mc/bin/mc.sh - -mesg n +if [ -f "/usr/share/mc/bin/mc.sh" ]; then + source /usr/share/mc/bin/mc.sh +elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then + source /usr/lib/mc/bin/mc.sh +fi diff --git a/files/homedirs/webadmin/_profile b/files/homedirs/webadmin/_profile index edc7a33..b885ffc 100644 --- a/files/homedirs/webadmin/_profile +++ b/files/homedirs/webadmin/_profile @@ -25,6 +25,8 @@ fi # to become the last directory the midnight commander was in # as the current directory when leaving the midnight commander # -#. /usr/lib/mc/bin/mc.sh -. /usr/share/mc/bin/mc.sh - +if [ -f "/usr/share/mc/bin/mc.sh" ]; then + source /usr/share/mc/bin/mc.sh +elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then + source /usr/lib/mc/bin/mc.sh +fi diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 2647cb1..077137d 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -20,6 +20,22 @@ apt_ansible_dependencies: - vim - vlan +# software-properties-common no longer available +apt_ansible_dependencies_trixie: + - apt-transport-https + - ca-certificates + - dbus + - lsb-release + - mc + - net-tools + - openssl + - python-apt-common + - python3 + - python3-apt + - sudo + - vim + - vlan + # --- # vars used by roles/ansible_user @@ -636,6 +652,129 @@ apt_initial_install_bookworm: - btrfs-progs - fdisk +# mime-support no longer exists +# rcconf no longer exists +apt_initial_install_trixie: + - acl + - aptitude + - apt-utils + - arj + - arp-scan + - attr + - bash + - bash-completion + - bc + - bridge-utils + - btrfs-progs + - bzip2 + - coreutils + - cron + - cryptsetup + - curl + - dbus + - debian-keyring + - dnsutils + - dselect + - ethtool + - fdisk + - figlet + - file + - freeipmi-tools + - ftp + - gawk + - gdisk + - gettext + - gettext-base + - gettext-doc + - git + - groff + - groff + - haveged + - hdparm + - htop + - iperf + - ipmitool + - iproute2 + - iptables + - iptraf + - iputils-ping + - less + - libio-compress-perl + - libmail-imapclient-perl + - libpcre2-8-0 + - libpcre2-16-0 + - libpcre2-32-0 + - libperl-dev + - libreadline-dev + - librecode3 + - librecode-dev + - libterm-readkey-perl + - libterm-readline-gnu-perl + - libterm-readline-perl-perl + - libtimedate-perl + - libtime-duration-perl + - libwww-perl + - links + - locate + - logrotate + - lsb-release + - lshw + - lsof + - lua5.4 + - lynx + - man + - mawk + - mc + - moreutils + - mtr + - needrestart + - net-tools + - ntpsec-ntpdate + - openssh-server + - parted + - patch + - patchutils + - perl + - perl-doc + - perl-modules + - psmisc + - quota + - quotatool + - rblcheck + - rdate + - re2c + - recode + - recode-doc + - rsync + - rsyslog + - rush + - screen + - sharutils + - shellcheck + - sipcalc + - smartmontools + - socat + - ssl-cert + - ssl-cert-check + - sudo + - tcpdump + - tmux + - unhide + - universal-ctags + - unzip + - util-linux + - vim + - vim-common + - vim-doc + - vlan + - w3m + - wget + - whois + - wipe + - wipe + - zip + - zsh + apt_initial_install_xenial: - apt-transport-https diff --git a/host_vars/file-ah-neu.kanzlei-kiel.netz.yml b/host_vars/file-ah-neu.kanzlei-kiel.netz.yml new file mode 100644 index 0000000..f3618d6 --- /dev/null +++ b/host_vars/file-ah-neu.kanzlei-kiel.netz.yml @@ -0,0 +1,616 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + + +network_interfaces: + + - device: br0 + # use only once per device (for the first device entry) + headline: br0 - bridge over device eno1np0 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + hwaddress: 7c:c2:55:c0:26:74 + description: + address: 192.168.100.20 + netmask: 24 + gateway: 192.168.100.254 + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + #nameservers: + # - 192.168.100.1 + #search: kanzlei-kiel.netz + + # optional bridge parameters bridge: {} + # bridge: + # ports: + # stp: + # fd: + # maxwait: + # waitport: + bridge: + ports: eno1np0 # for mor devices support a blank separated list + stp: !!str off + fd: 5 + hello: 2 + maxage: 12 + + # inline hook scripts + pre-up: + - !!str "ip link set dev eno1np0 up" # pre-up script lines + up: [] #up script lines + post-up: [] # post-up script lines (alias for up) + pre-down: [] # pre-down script lines (alias for down) + down: [] # down script lines + post-down: [] # post-down script lines + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 192.168.100.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - kanzlei-kiel.netz + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/users +# --- + +default_user: + + - name: chris + password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + # password: 9xFXkdPR_2 + - name: sysadm + user_id: 1050 + group_id: 1050 + group: sysadm + password: $y$j9T$sHxqz7NyYdn38ZegSbewO.$PPHR0n.XeMcS3AQ9KybllBT.2hxpYlQ7AiVhxHgUOX8 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + # password: Iar-zrq4wG.2 + - name: winadm + user_id: 1055 + group_id: 1055 + group: winadm + append: true + groups: + - sysadm + home: /home/winadm + password: $y$j9T$FIN.5hpIbyFh/zx8a3xVZ.$jn9b12BUW57PEXGp3288t/dVBB7glyTgj/58QyYOG7D + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' + + - name: borg + user_id: 1065 + group_id: 1065 + group: borg + home: /home/borg + password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF7MKFmJ2kJrNs5DhlPqfizZgz3wNpzFAITo63p/VBOe root@file-ah' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItQLQ7lhBY2USF4Jcp4teF+1NydI73VeHYbQW8q4Mcw root@gw-ah' + + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +#cron_user_special_time_entries: +# +# - name: "Restart DNS Cache service 'systemd-resolved'" +# special_time: reboot +# job: "sleep 10 ; /bin/systemctl restart systemd-resolved" +# insertafter: PATH + + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + + +# --- +# vars used by roles/common/tasks/nfs.yml +# --- + +nfs_server: 192.168.100.20 + + +# --- +# vars used by roles/common/tasks/samba-config-server.yml +# vars used by roles/common/tasks/samba-user.yml +# --- + +samba_server_ip: 192.168.100.20 +samba_server_cidr_prefix: 24 + +samba_workgroup: AH-NEU + +samba_netbios_name: FILE-AH-NEU + +samba_groups: + - name: verwaltung + group_id: 120 + - name: intern + group_id: 121 + - name: hoffmann-elberling + group_id: 122 + - name: gubitz-partner + group_id: 123 + - name: sysadm + group_id: 1050 + - name: install + group_id: 1070 + +samba_user: + + - name: chris + groups: + - buero + - intern + - verwaltung + - gubitz-partner + - hoffmann-elberling + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + - name: test + groups: + - buero + - intern + - verwaltung + - gubitz-partner + - hoffmann-elberling + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + - name: buero + groups: + - verwaltung + - intern + password: 'buero2011' + + - name: axel + groups: + - intern + - verwaltung + - hoffmann-elberling + password: 'ah-kiel.2018' + + - name: bjoern + groups: + - intern + - verwaltung + - hoffmann-elberling + password: 'bjoern2011' + + - name: gubitz + groups: + - intern + - verwaltung + - gubitz-partner + password: '20gubitz12' + + - name: schaar + groups: + - intern + - verwaltung + - gubitz-partner + password: '20schaar12' + + - name: molkentin + groups: + - intern + - verwaltung + - gubitz-partner + password: 20molkentin12 + + - name: buerooben + groups: + - intern + - verwaltung + - hoffmann-elberling + password: 'buero2013' + + - name: buchholz + groups: + - buero + - intern + - verwaltung + password: '20-buch_holz-20' + + - name: kiel-nb1 + groups: + - buero + - intern + - verwaltung + - gubitz-partner + - hoffmann-elberling + password: '20-note%book1-20' + + - name: kiel-nb2 + groups: + - buero + - intern + - verwaltung + - gubitz-partner + - hoffmann-elberling + password: '20-note%book2-20' + + - name: schmidt + groups: + - intern + - verwaltung + - gubitz-partner + password: '20-schmidt_21%' + + - name: simone.schnoenmehl + groups: + - intern + - gubitz-partner + password: '20-simone-schnoenmehl-22%' + + - name: heckert + groups: + - intern + - gubitz-partner + password: '0-heckert.22%' + + - name: hh-lucke + groups: [] + password: 'Ole20Steffen_17' + + - name: hh-kanzlei + groups: [] + password: '20-HH_18-Kanzlei' + + - name: hh-jaenicke + groups: [] + password: '20-th.jaenicke_%20' + + - name: hh-pueschel + groups: [] + password: '20-HH_caro.pueschel-%21' + + - name: hh-kell + groups: [] + password: '20-an.kell-%24' + + - name: hh-neumann + groups: [] + password: '20.neu-mann_%24' + + # password: Iar-zrq4wG.2 + - name: winadm + groups: + - sysadm + - install + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31326630303038396164656266623339353031336434376531383133643266656133363165316532 + 6364343131656235313432356230646337373362343938660a393031323561326438653935393632 + 34373464313666343433626635656261323933353631393632626166643738386333636639303334 + 3661613165626230640a306236363161356239306232633565336131303066383464626164636133 + 3038 + + - name: hh-stork + groups: [] + password: '20-ni-na.stork_%24' + + - name: back + groups: [] + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + # password: 9xFXkdPR_2 + - name: sysadm + groups: + - buero + - install + - intern + - verwaltung + - gubitz-partner + - hoffmann-elberling + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35323634653231353634343232326436393435386366396364373766306135636536323165656362 + 3138366263316231333038343930313134333565373566640a363932616535343538376333313335 + 64326566643163366533356464326339653236636562363336633738656631626433306661323835 + 3337663865333636660a626131366161636433613561613235333831653733383365623564313431 + 6439 + +base_home: /home + +# remove_samba_users: +# - name: name1 +# - name: name2 +# +remove_samba_users: [] + +samba_shares: + + - name: Buero + path: /data/samba/shares/Buero + group_valid_users: intern + group_write_list: intern + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: Verwaltung + path: /data/samba/shares/Verwaltung + group_valid_users: verwaltung + group_write_list: verwaltung + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: Scans_schnell + path: /data/samba/shares/Scans_schnell + group_valid_users: intern + group_write_list: intern + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: Hoffmann-Elberling + path: /data/samba/shares/Hoffmann-Elberling + group_valid_users: hoffmann-elberling + group_write_list: hoffmann-elberling + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: Gubitz-Partner + path: /data/samba/shares/Gubitz-Partner + group_valid_users: gubitz-partner + group_write_list: gubitz-partner + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: Gubitz-Backup + path: /data/samba/non-backup-shares/Gubitz-Backup + group_valid_users: gubitz + group_write_list: gubitz + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: Install + path: /data/samba/shares/install + group_valid_users: install + group_write_list: install + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + + # --- + # - This share will be written by Windows Server 2016 configured at + # - "Windows Zubehör" -> "Windows Server-Sicherung" + # --- + - name: WinServer2016-Backup + comment: WinServer2016-Backup on Fileserver + path: /data/samba/shares/WinServer2016-Backup + group_valid_users: sysadm + group_write_list: sysadm + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + guest_ok: !!str yes + vfs_object_recycle: false + + # --- + # - This share will be written by windows schedulescript 'backup-advoware.bat' + # --- + - name: Advoware-Backup + comment: Advoware-Backup (only read) on Fileserver + path: /data/samba/shares/Advoware-Backup + group_valid_users: back + group_write_list: back + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + guest_ok: !!str yes + vfs_object_recycle: false + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/file-ah.kanzlei-kiel.netz.yml b/host_vars/file-ah.kanzlei-kiel.netz.yml index 24453a6..66aee3a 100644 --- a/host_vars/file-ah.kanzlei-kiel.netz.yml +++ b/host_vars/file-ah.kanzlei-kiel.netz.yml @@ -181,6 +181,7 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + # password: 9xFXkdPR_2 - name: sysadm user_id: 1050 group_id: 1050 @@ -191,12 +192,16 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - name: localadmin - user_id: 1051 - group_id: 1051 - group: localadmin - home: /home/localadmin - password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/ + # password: Iar-zrq4wG.2 + - name: winadm + user_id: 1055 + group_id: 1055 + group: winadm + append: true + groups: + - sysadm + home: /home/winadm + password: $y$j9T$FIN.5hpIbyFh/zx8a3xVZ.$jn9b12BUW57PEXGp3288t/dVBB7glyTgj/58QyYOG7D shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' @@ -214,7 +219,6 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' - - name: borg user_id: 1065 group_id: 1065 @@ -309,50 +313,6 @@ samba_groups: samba_user: - - name: axel - groups: - - intern - - verwaltung - - hoffmann-elberling - password: 'ah-kiel.2018' - - - name: back - groups: [] - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63643330373231636537366333326630333265303265653933613835656262323863363038653234 - 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 - 61313164643061306433643738643563303036646334376536626531383965303036386162393832 - 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 - 3631 - - - name: bjoern - groups: - - intern - - verwaltung - - hoffmann-elberling - password: 'bjoern2011' - - - name: buchholz - groups: - - buero - - intern - - verwaltung - password: '20-buch_holz-20' - - - name: buero - groups: - - verwaltung - - intern - password: 'buero2011' - - - name: buerooben - groups: - - intern - - verwaltung - - hoffmann-elberling - password: 'buero2013' - - name: chris groups: - buero @@ -368,6 +328,41 @@ samba_user: 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 3631 + - name: test + groups: + - buero + - intern + - verwaltung + - gubitz-partner + - hoffmann-elberling + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + - name: buero + groups: + - verwaltung + - intern + password: 'buero2011' + + - name: axel + groups: + - intern + - verwaltung + - hoffmann-elberling + password: 'ah-kiel.2018' + + - name: bjoern + groups: + - intern + - verwaltung + - hoffmann-elberling + password: 'bjoern2011' + - name: gubitz groups: - intern @@ -375,39 +370,33 @@ samba_user: - gubitz-partner password: '20gubitz12' - - name: heckert + - name: schaar groups: - intern + - verwaltung - gubitz-partner - password: '0-heckert.22%' + password: '20schaar12' - - name: hh-jaenicke - groups: [] - password: '20-th.jaenicke_%20' + - name: molkentin + groups: + - intern + - verwaltung + - gubitz-partner + password: 20molkentin12 - - name: hh-kanzlei - groups: [] - password: '20-HH_18-Kanzlei' + - name: buerooben + groups: + - intern + - verwaltung + - hoffmann-elberling + password: 'buero2013' - - name: hh-lucke - groups: [] - password: 'Ole20Steffen_17' - - - name: hh-kell - groups: [] - password: '20-an.kell-%24' - - - name: hh-neumann - groups: [] - password: '20.neu-mann_%24' - - - name: hh-pueschel - groups: [] - password: '20-HH_caro.pueschel-%21' - - - name: hh-stork - groups: [] - password: '20-ni-na.stork_%24' + - name: buchholz + groups: + - buero + - intern + - verwaltung + password: '20-buch_holz-20' - name: kiel-nb1 groups: @@ -427,20 +416,6 @@ samba_user: - hoffmann-elberling password: '20-note%book2-20' - - name: molkentin - groups: - - intern - - verwaltung - - gubitz-partner - password: 20molkentin12 - - - name: schaar - groups: - - intern - - verwaltung - - gubitz-partner - password: '20schaar12' - - name: schmidt groups: - intern @@ -454,6 +429,63 @@ samba_user: - gubitz-partner password: '20-simone-schnoenmehl-22%' + - name: heckert + groups: + - intern + - gubitz-partner + password: '0-heckert.22%' + + - name: hh-lucke + groups: [] + password: 'Ole20Steffen_17' + + - name: hh-kanzlei + groups: [] + password: '20-HH_18-Kanzlei' + + - name: hh-jaenicke + groups: [] + password: '20-th.jaenicke_%20' + + - name: hh-pueschel + groups: [] + password: '20-HH_caro.pueschel-%21' + + - name: hh-kell + groups: [] + password: '20-an.kell-%24' + + - name: hh-neumann + groups: [] + password: '20.neu-mann_%24' + + # password: Iar-zrq4wG.2 + - name: winadm + groups: + - sysadm + - install + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31326630303038396164656266623339353031336434376531383133643266656133363165316532 + 6364343131656235313432356230646337373362343938660a393031323561326438653935393632 + 34373464313666343433626635656261323933353631393632626166643738386333636639303334 + 3661613165626230640a306236363161356239306232633565336131303066383464626164636133 + 3038 + + - name: hh-stork + groups: [] + password: '20-ni-na.stork_%24' + + - name: back + groups: [] + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + # password: 9xFXkdPR_2 - name: sysadm groups: @@ -471,19 +503,6 @@ samba_user: 3337663865333636660a626131366161636433613561613235333831653733383365623564313431 6439 - # password: Iar-zrq4wG.2 - - name: winadm - groups: - - sysadm - - install - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31326630303038396164656266623339353031336434376531383133643266656133363165316532 - 6364343131656235313432356230646337373362343938660a393031323561326438653935393632 - 34373464313666343433626635656261323933353631393632626166643738386333636639303334 - 3661613165626230640a306236363161356239306232633565336131303066383464626164636133 - 3038 - base_home: /home # remove_samba_users: diff --git a/hosts b/hosts index dd8d312..0fda92d 100644 --- a/hosts +++ b/hosts @@ -60,6 +60,7 @@ gw-kb.oopen.de bbb-server.b3-bornim.netz file-ah.kanzlei-kiel.netz +file-ah-neu.kanzlei-kiel.netz file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz @@ -539,6 +540,7 @@ gw-elster.oopen.de # - Kanzlei Kiel gw-ah.oopen.de file-ah.kanzlei-kiel.netz +file-ah-neu.kanzlei-kiel.netz # Kanzlei Kreuzbergstraße gw-kb.oopen.de @@ -1346,6 +1348,7 @@ o17.oopen.de at-10-neu.ak.netz bbb-server.b3-bornim.netz file-ah.kanzlei-kiel.netz +file-ah-neu.kanzlei-kiel.netz file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz @@ -1362,6 +1365,7 @@ zapata.opp.netz file-blkr.blkr.netz file-dissens.dissens.netz file-ah.kanzlei-kiel.netz +file-ah-neu.kanzlei-kiel.netz file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz @@ -1469,6 +1473,7 @@ lxc-host-kb.anw-kb.netz bbb-server.b3-bornim.netz file-ah.kanzlei-kiel.netz +file-ah-neu.kanzlei-kiel.netz file-km.anw-km.netz file-kb.anw-kb.netz file-blkr.blkr.netz @@ -1623,6 +1628,7 @@ test-nd.oopen.de at-10-neu.ak.netz bbb-server.b3-bornim.netz file-ah.kanzlei-kiel.netz +file-ah-neu.kanzlei-kiel.netz file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz @@ -1856,6 +1862,7 @@ lxc-host-kb.anw-kb.netz at-10-neu.ak.netz bbb-server.b3-bornim.netz file-ah.kanzlei-kiel.netz +file-ah-neu.kanzlei-kiel.netz file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz diff --git a/roles/ansible_dependencies-trixie/tasks/main.yml b/roles/ansible_dependencies-trixie/tasks/main.yml new file mode 100644 index 0000000..0ef6a17 --- /dev/null +++ b/roles/ansible_dependencies-trixie/tasks/main.yml @@ -0,0 +1,47 @@ +--- + +- name: re-synchronize the package index files from their sources + raw: apt-get update + +- name: Ensure aptitude is present + raw: test -e /usr/bin/aptitude || apt-get install aptitude -y + +- name: Ensure python3 is present (This is necessary for ansible to work properly) + raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3) + +- name: Ensure python-is-python3 is present (This is necessary for ansible to work properly) + raw: test -e /usr/bin/python3 && (apt -y update && apt install -y python-is-python3) + +- name: Ensure python-apt-common is present (This is necessary for ansible to work properly) + raw: test -e /usr/bin/python && (apt -y update && apt install -y python-apt-common) + +- name: Ensure python-apt is present (This is necessary for ansible to work properly) + raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt) + +- name: dpkg --configure -a + command: > + dpkg --configure -a + args: + warn: false + changed_when: _dpkg_configure.stdout_lines | length + register: _dpkg_configure + when: apt_dpkg_configure|bool + tags: + - ansible-dependencies + +- name: apt upgrade + apt: + upgrade: "{{ apt_upgrade_type }}" + update_cache: true + dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" + when: apt_upgrade|bool + tags: + - ansible-dependencies + +- name: apt install ansible dependencies + apt: + name: "{{ apt_ansible_dependencies_trixie }}" + state: "{{ apt_install_state }}" + tags: + - ansible-dependencies + diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 81f3a52..7a5f673 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -105,6 +105,18 @@ - apt-initial-install +- name: (apt.yml) Initial install debian packages (trixie) + apt: + name: "{{ apt_initial_install_trixie }}" + state: "{{ apt_install_state }}" + when: + - apt_initial_install_trixie is defined and apt_initial_install_trixie|length > 0 + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "13" + tags: + - apt-initial-install + + - name: (apt.yml) Initial install ubuntu packages (bionic) apt: name: "{{ apt_initial_install_bionic }}" @@ -164,14 +176,14 @@ - apt-microcode -- name: (apt.yml) Install CPU microcode (debian buster/bullseye/bookworm) +- name: (apt.yml) Install CPU microcode (debian buster/bullseye/bookworm/trixie) apt: name: "{{ microcode_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11" or ansible_facts['distribution_major_version'] == "12" + - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11" or ansible_facts['distribution_major_version'] == "12" or ansible_facts['distribution_major_version'] == "13" - ansible_facts['processor']|string is search("Intel") tags: - apt-initial-install