ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update ..

Browse Source
This commit is contained in:
Christoph 2025-02-01 00:05:57 +01:00
parent 1d7ebc52cd
commit 6e60b3718e
5 changed files with 318 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
host_vars/backup.oopen.de.yml
View File

@ -279,6 +279,7 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDNzUe1NSR+r3RTQ11QMUudiyrAWVwWzsgAlxvxx43wN root@dc-opp'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMHxvK5kzKgypVi8ZvshveSpyo0eSXiBCnAC5Pcjdgv root@discourse'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDy5WM1qsLE2SRwWG1Y38WJcMYUpL8MuQiraqiXfHzaH root@e.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvOkCWNKUJ5o9e+0NhY4IFZv8LA7tkkkEFjr8nqFKhe root@formbricks-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPbony+4g4iFS32Cv/Bkmet4FsCAsrGTffwWm2eM16x root@git.warenform'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqqmBWh3qmnx41NiLCn1LhVG0mn4++IUvRNC0OMh6h6 root@gitoea'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens'

151
host_vars/cl-irights-neu.oopen.de.yml Normal file
View File

@ -0,0 +1,151 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

147
host_vars/mm-irights-neu.oopen.de.yml Normal file
View File

@ -0,0 +1,147 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

24
host_vars/o24.oopen.de.yml
View File

@ -24,7 +24,7 @@ network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp7s0
headline: br0 - bridge over device enp193s0f0np0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -32,11 +32,11 @@ network_interfaces:
family: inet
method: static
hwaddress: 7c:10:c9:9e:bd:51
hwaddress: 9c:6b:00:4e:fc:15
description:
address: 168.119.70.7
address: 157.90.140.173
netmask: 26
gateway: 168.119.70.1
gateway: 157.90.140.129
metric:
pointopoint:
mtu:
@ -81,7 +81,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: enp7s0 # for mor devices support a blank separated list
ports: enp193s0f0np0 # for mor devices support a blank separated list
stp: !!str off
fd: 1
hello: 2
@ -108,7 +108,7 @@ network_interfaces:
# inline hook scripts
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 168.119.70.0 netmask 255.255.255.192 gw 168.119.70.1 dev br0" # up script lines
- !!str "route add -net 157.90.140.128 netmask 255.255.255.192 gw 157.90.140.129 dev br0" # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
@ -119,7 +119,7 @@ network_interfaces:
- device: br0
family: inet6
method: static
address: 2a01:4f8:242:1822::2
address: 2a01:4f8:2220:37c3::2
netmask: 64
gateway: fe80::1
@ -200,9 +200,9 @@ systemd_resolved: true
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 2a01:4ff:ff00::add:1
# search domains
#
@ -265,10 +265,10 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check connectifity - reboot if needed"
minute: '*/10'
hour: '*'
job: /root/bin/admin-stuff/check-connectivity.sh
# - name: "Check connectifity - reboot if needed"
# minute: '*/10'
# hour: '*'
# job: /root/bin/admin-stuff/check-connectivity.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'

7
hosts
View File

@ -168,6 +168,7 @@ mm-migration.oopen.de
o24.oopen.de
cl-irights.oopen.de
cl-irights-neu.oopen.de
mm-irights.oopen.de
mm-irights-migration.oopen.de
@ -373,6 +374,7 @@ mm-migration.oopen.de
# - o24.oopen.de
o24.oopen.de
cl-irights.oopen.de
cl-irights-neu.oopen.de
mm-irights.oopen.de
mm-irights-migration.oopen.de
@ -672,6 +674,7 @@ cl-01.oopen.de
# o24.oopen.de
cl-irights.oopen.de
cl-irights-neu.oopen.de
# o27.oopen.de
cl-fm.oopen.de
@ -1061,6 +1064,7 @@ mm-migration.oopen.de
# o24.oopen.de
cl-irights.oopen.de
cl-irights-neu.oopen.de
mm-irights.oopen.de
mm-irights-migration.oopen.de
@ -1173,6 +1177,7 @@ cl-01.oopen.de
# o24.oopen.de
cl-irights.oopen.de
cl-irights-neu.oopen.de
# o27.oopen.de
cl-fm.oopen.de
@ -1538,6 +1543,7 @@ mm-migration.oopen.de
# - o24.oopen.de
cl-irights.oopen.de
cl-irights-neu.oopen.de
mm-irights.oopen.de
mm-irights-migration.oopen.de
@ -1740,6 +1746,7 @@ mm-migration.oopen.de
# - o24.oopen.de
o24.oopen.de
cl-irights.oopen.de
cl-irights-neu.oopen.de
mm-irights.oopen.de
mm-irights-migration.oopen.de