ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2026-02-14 14:29:00 +01:00
parent f9652dbbf9
commit 7238579d9c
6 changed files with 117 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
host_vars/file-ah-neu.kanzlei-kiel.netz.yml → host_vars/file-ah-alt.kanzlei-kiel.netz.yml
View File

@@ -24,7 +24,7 @@ network_interfaces:
- device: br0 - device: br0
# use only once per device (for the first device entry) # use only once per device (for the first device entry)
headline: br0 - bridge over device eno1np0 headline: br0 - bridge over device enp33s0
# auto & allow are only used for the first device entry # auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug allow: [] # array of allow-[stanzas] eg. allow-hotplug
@@ -32,9 +32,9 @@ network_interfaces:
family: inet family: inet
method: static method: static
hwaddress: 7c:c2:55:c0:26:74 hwaddress: 0c:c4:7a:ea:dd:56
description: description:
address: 192.168.100.20 address: 192.168.100.10
netmask: 24 netmask: 24
gateway: 192.168.100.254 gateway: 192.168.100.254
@@ -57,22 +57,22 @@ network_interfaces:
# maxwait: # maxwait:
# waitport: # waitport:
bridge: bridge:
ports: eno1np0 # for mor devices support a blank separated list ports: enp33s0 # for mor devices support a blank separated list
stp: !!str off stp: !!str off
fd: 5 fd: 5
hello: 2 hello: 2
maxage: 12 maxage: 12
# inline hook scripts # inline hook scripts
pre-up: pre-up:
- !!str "ip link set dev eno1np0 up" # pre-up script lines - !!str "ip link set dev enp33s0 up" # pre-up script lines
up: [] #up script lines up: [] #up script lines
post-up: [] # post-up script lines (alias for up) post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down) pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines down: [] # down script lines
post-down: [] # post-down script lines post-down: [] # post-down script lines
# --- # ---
# vars used by roles/ansible_dependencies # vars used by roles/ansible_dependencies
# --- # ---
@@ -238,41 +238,6 @@ default_user:
# vars used by roles/common/tasks/cron.yml # vars used by roles/common/tasks/cron.yml
# --- # ---
cron_user_entries:
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
#cron_user_special_time_entries: #cron_user_special_time_entries:
# #
# - name: "Restart DNS Cache service 'systemd-resolved'" # - name: "Restart DNS Cache service 'systemd-resolved'"
@@ -317,7 +282,7 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/nfs.yml # vars used by roles/common/tasks/nfs.yml
# --- # ---
nfs_server: 192.168.100.20 nfs_server: 192.168.100.10
# --- # ---
@@ -325,12 +290,12 @@ nfs_server: 192.168.100.20
# vars used by roles/common/tasks/samba-user.yml # vars used by roles/common/tasks/samba-user.yml
# --- # ---
samba_server_ip: 192.168.100.20 samba_server_ip: 192.168.100.10
samba_server_cidr_prefix: 24 samba_server_cidr_prefix: 24
samba_workgroup: AH-NEU samba_workgroup: AH-ALT
samba_netbios_name: FILE-AH-NEU samba_netbios_name: FILE-AH-Alt
samba_groups: samba_groups:
- name: verwaltung - name: verwaltung
@@ -383,6 +348,7 @@ samba_user:
- verwaltung - verwaltung
- intern - intern
- hoffmann-elberling - hoffmann-elberling
- gubitz-partner
password: 'buero2011' password: 'buero2011'
- name: axel - name: axel
@@ -468,9 +434,17 @@ samba_user:
- name: heckert - name: heckert
groups: groups:
- intern - intern
- verwaltung
- gubitz-partner - gubitz-partner
password: '0-heckert.22%' password: '0-heckert.22%'
- name: weber
groups:
- intern
- verwaltung
- gubitz-partner
password: '20.ni-klas.weber_26!'
- name: hh-lucke - name: hh-lucke
groups: [] groups: []
password: 'Ole20Steffen_17' password: 'Ole20Steffen_17'
@@ -567,7 +541,7 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle' recycle_path: '@Recycle'
- name: Scans_schnell - name: Scans_schnell
path: /data/samba/shares/Scans_schnell path: /data/samba/shares/Scans_schnell
group_valid_users: intern group_valid_users: intern
group_write_list: intern group_write_list: intern

63
host_vars/file-ah.kanzlei-kiel.netz.yml
View File

@@ -24,7 +24,7 @@ network_interfaces:
- device: br0 - device: br0
# use only once per device (for the first device entry) # use only once per device (for the first device entry)
headline: br0 - bridge over device enp33s0 headline: br0 - bridge over device eno1np0
# auto & allow are only used for the first device entry # auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug allow: [] # array of allow-[stanzas] eg. allow-hotplug
@@ -32,9 +32,9 @@ network_interfaces:
family: inet family: inet
method: static method: static
hwaddress: 0c:c4:7a:ea:dd:56 hwaddress: 7c:c2:55:c0:26:74
description: description:
address: 192.168.100.10 address: 192.168.100.20
netmask: 24 netmask: 24
gateway: 192.168.100.254 gateway: 192.168.100.254
@@ -57,22 +57,22 @@ network_interfaces:
# maxwait: # maxwait:
# waitport: # waitport:
bridge: bridge:
ports: enp33s0 # for mor devices support a blank separated list ports: eno1np0 # for mor devices support a blank separated list
stp: !!str off stp: !!str off
fd: 5 fd: 5
hello: 2 hello: 2
maxage: 12 maxage: 12
# inline hook scripts # inline hook scripts
pre-up: pre-up:
- !!str "ip link set dev enp33s0 up" # pre-up script lines - !!str "ip link set dev eno1np0 up" # pre-up script lines
up: [] #up script lines up: [] #up script lines
post-up: [] # post-up script lines (alias for up) post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down) pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines down: [] # down script lines
post-down: [] # post-down script lines post-down: [] # post-down script lines
# --- # ---
# vars used by roles/ansible_dependencies # vars used by roles/ansible_dependencies
# --- # ---
@@ -238,6 +238,41 @@ default_user:
# vars used by roles/common/tasks/cron.yml # vars used by roles/common/tasks/cron.yml
# --- # ---
cron_user_entries:
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
#cron_user_special_time_entries: #cron_user_special_time_entries:
# #
# - name: "Restart DNS Cache service 'systemd-resolved'" # - name: "Restart DNS Cache service 'systemd-resolved'"
@@ -282,7 +317,7 @@ default_user:
# vars used by roles/common/tasks/nfs.yml # vars used by roles/common/tasks/nfs.yml
# --- # ---
nfs_server: 192.168.100.10 nfs_server: 192.168.100.20
# --- # ---
@@ -290,7 +325,7 @@ nfs_server: 192.168.100.10
# vars used by roles/common/tasks/samba-user.yml # vars used by roles/common/tasks/samba-user.yml
# --- # ---
samba_server_ip: 192.168.100.10 samba_server_ip: 192.168.100.20
samba_server_cidr_prefix: 24 samba_server_cidr_prefix: 24
samba_workgroup: AH samba_workgroup: AH
@@ -434,9 +469,17 @@ samba_user:
- name: heckert - name: heckert
groups: groups:
- intern - intern
- verwaltung
- gubitz-partner - gubitz-partner
password: '0-heckert.22%' password: '0-heckert.22%'
- name: weber
groups:
- intern
- verwaltung
- gubitz-partner
password: '20.ni-klas.weber_26!'
- name: hh-lucke - name: hh-lucke
groups: [] groups: []
password: 'Ole20Steffen_17' password: 'Ole20Steffen_17'
@@ -533,7 +576,7 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle' recycle_path: '@Recycle'
- name: Scans_schnell - name: Scans_schnell
path: /data/samba/shares/Scans_schnell path: /data/samba/shares/Scans_schnell
group_valid_users: intern group_valid_users: intern
group_write_list: intern group_write_list: intern

28
host_vars/mail.cadus.org.yml
View File

@@ -242,21 +242,35 @@ si_authorisation_signature: abb4ec6b194639f3d123154f1b971843a3b8751d8c1bcdc7d07e
website_name_postfixadmin: adm.cadus.org website_name_postfixadmin: adm.cadus.org
email_welcome_message: "\n email_welcome_message: "\n
Hallo,\n Hello,
Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n Your email address has been set up.
Cadus e.V. - Redefine Global Solidarity\n Cadus e.V. - Redefine Global Solidarity\n
--\n --\n
Cadus e.V.\n Cadus e.V.\n
Am Sudhaus 2\n Holzmarktstr. 25\n
D-12053 Berlin\n D-10243 Berlin\n
admin@cadus.org\n admin@cadus.org\n
" "
# install_update_dovecot.conf #email_welcome_message: "\n
#Hallo,\n
# #
#Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n
#
#Cadus e.V. - Redefine Global Solidarity\n
#
#--\n
#Cadus e.V.\n
#Am Sudhaus 2\n
#D-12053 Berlin\n
#admin@cadus.org\n
#"
# install_update_dovecot.conf
dovecot_msg_language: en
dovecot_from_address: "Administrator E-Mail <admin@cadus.org>" dovecot_from_address: "Administrator E-Mail <admin@cadus.org>"
dovecot_reply_to: "admin@cadus.org" dovecot_reply_to: "admin@cadus.org"
webmailer_address: "https://webmail.cadus.org" webmailer_address: "https://webmail.cadus.org"
@@ -264,8 +278,8 @@ salutation: "Cadus e.V. - Redefine Global Solidarity\n
--\n --\n
Cadus e.V.\n Cadus e.V.\n
Am Sudhaus 2\n Holzmarktstr. 25\n
D-12053 Berlin\n D-10243 Berlin\n
admin@cadus.org\n admin@cadus.org\n
" "

7
hosts
View File

@@ -71,6 +71,7 @@ gw-kb.oopen.de
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
file-ebs.ebs.netz file-ebs.ebs.netz
file-fm.fm.netz file-fm.fm.netz
file-fhxb.fhxb.netz file-fhxb.fhxb.netz
@@ -566,6 +567,7 @@ gw-elster.oopen.de
gw-ah.oopen.de gw-ah.oopen.de
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
# Kanzlei Kreuzbergstraße # Kanzlei Kreuzbergstraße
gw-kb.oopen.de gw-kb.oopen.de
@@ -1387,6 +1389,7 @@ at-10-neu.ak.netz
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
file-ebs.ebs.netz file-ebs.ebs.netz
file-fm.fm.netz file-fm.fm.netz
file-fhxb.fhxb.netz file-fhxb.fhxb.netz
@@ -1404,6 +1407,7 @@ file-blkr.blkr.netz
file-dissens.dissens.netz file-dissens.dissens.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
file-ebs.ebs.netz file-ebs.ebs.netz
file-fm.fm.netz file-fm.fm.netz
file-fhxb.fhxb.netz file-fhxb.fhxb.netz
@@ -1516,6 +1520,7 @@ lxc-host-kb.anw-kb.netz
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
file-km.anw-km.netz file-km.anw-km.netz
file-kb.anw-kb.netz file-kb.anw-kb.netz
file-blkr.blkr.netz file-blkr.blkr.netz
@@ -1672,6 +1677,7 @@ at-10-neu.ak.netz
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
file-ebs.ebs.netz file-ebs.ebs.netz
file-fm.fm.netz file-fm.fm.netz
file-fhxb.fhxb.netz file-fhxb.fhxb.netz
@@ -1910,6 +1916,7 @@ at-10-neu.ak.netz
bbb-server.b3-bornim.netz bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
file-ebs.ebs.netz file-ebs.ebs.netz
file-fm.fm.netz file-fm.fm.netz
file-fhxb.fhxb.netz file-fhxb.fhxb.netz

20
roles/common/tasks/caching-nameserver.yml
View File

@@ -10,7 +10,7 @@
update_cache: true update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}" cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- apt_update|bool - apt_update|bool
tags: tags:
- apt-caching-nameserver - apt-caching-nameserver
@@ -21,7 +21,7 @@
changed_when: (_dpkg_configure.stdout | default('')) | length > 0 changed_when: (_dpkg_configure.stdout | default('')) | length > 0
failed_when: _dpkg_configure.rc != 0 failed_when: _dpkg_configure.rc != 0
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- apt_update|bool - apt_update|bool
tags: tags:
- apt-caching-nameserver - apt-caching-nameserver
@@ -33,7 +33,7 @@
update_cache: true update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- apt_dpkg_configure|bool - apt_dpkg_configure|bool
tags: tags:
- apt-caching-nameserver - apt-caching-nameserver
@@ -44,7 +44,7 @@
name: "{{ apt_bind_pkgs }}" name: "{{ apt_bind_pkgs }}"
state: present state: present
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- install_bind_packages|bool == true - install_bind_packages|bool == true
tags: tags:
- apt-caching-nameserver - apt-caching-nameserver
@@ -61,7 +61,7 @@
#cache_valid_time: 3600 #cache_valid_time: 3600
when: when:
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- ansible_distribution == "CentOS" - ansible_facts["distribution"] == "CentOS"
tags: tags:
- yum-update - yum-update
@@ -71,7 +71,7 @@
state: "{{ yum_install_state }}" state: "{{ yum_install_state }}"
when: when:
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- ansible_distribution == "CentOS" - ansible_facts["distribution"] == "CentOS"
tags: tags:
- yum-caching-nameserver - yum-caching-nameserver
@@ -87,7 +87,7 @@
group: bind group: bind
mode: '0755' mode: '0755'
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- name: (caching-nameserver.yml) update named.conf.options configuration file (normal server) - name: (caching-nameserver.yml) update named.conf.options configuration file (normal server)
@@ -104,7 +104,7 @@
- apt-caching-nameserver - apt-caching-nameserver
- caching-nameserver - caching-nameserver
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- inventory_hostname not in groups["gateway_server"] - inventory_hostname not in groups["gateway_server"]
# -------------------- # --------------------
@@ -130,7 +130,7 @@
- apt-caching-nameserver - apt-caching-nameserver
- caching-nameserver - caching-nameserver
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- inventory_hostname in groups["gateway_server"] - inventory_hostname in groups["gateway_server"]
# - not file_named_conf_options.stat.exists # - not file_named_conf_options.stat.exists
@@ -150,6 +150,6 @@
tags: tags:
- apt-caching-nameserver - apt-caching-nameserver
when: when:
- ansible_distribution == "Debian" - ansible_facts["distribution"] == "Debian"
- not systemd_resolved - not systemd_resolved

5
roles/common/templates/usr/local/src/mailsystem/conf/install_update_dovecot.conf.j2
View File

@@ -194,6 +194,11 @@ auth_mechanisms="plain login"
# - Settings for quota warning sript # - Settings for quota warning sript
# - # -
{% if dovecot_msg_language is defined and dovecot_msg_language %}
msg_language="{{ dovecot_msg_language }}"
{% else %}
msg_language=
{% endif %}
{% if dovecot_from_address is defined and dovecot_from_address %} {% if dovecot_from_address is defined and dovecot_from_address %}
from_address="{{ dovecot_from_address }}" from_address="{{ dovecot_from_address }}"
{% else %} {% else %}