diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index a970616..fa3ea0d 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -2238,7 +2238,7 @@ resolved_nameserver: resolved_domains: - oopen.de -resolved_dnssec: true +resolved_dnssec: false # dns.as250.net: 194.150.168.168 # diff --git a/host_vars/file-ah-alt.kanzlei-kiel.netz.yml b/host_vars/file-ah-alt.kanzlei-kiel.netz.yml deleted file mode 100644 index 06eb1bb..0000000 --- a/host_vars/file-ah-alt.kanzlei-kiel.netz.yml +++ /dev/null @@ -1,633 +0,0 @@ ---- - -# --- -# vars used by roles/network_interfaces -# --- - - -# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted -network_manage_devices: True - -# Should the interfaces be reloaded after config change? -network_interface_reload: False - -network_interface_path: /etc/network/interfaces.d -network_interface_required_packages: - - vlan - - bridge-utils - - ifmetric - - ifupdown - - ifenslave - - -network_interfaces: - - - device: br0 - # use only once per device (for the first device entry) - headline: br0 - bridge over device enp33s0 - - # auto & allow are only used for the first device entry - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: true - - family: inet - method: static - hwaddress: 0c:c4:7a:ea:dd:56 - description: - address: 192.168.100.11 - netmask: 24 - gateway: 192.168.100.254 - - # optional dns settings nameservers: [] - # - # nameservers: - # - 194.150.168.168 # dns.as250.net - # - 91.239.100.100 # anycast.censurfridns.dk - # search: warenform.de - # - #nameservers: - # - 192.168.100.1 - #search: kanzlei-kiel.netz - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: - ports: enp33s0 # for mor devices support a blank separated list - stp: !!str off - fd: 5 - hello: 2 - maxage: 12 - - # inline hook scripts - pre-up: - - !!str "ip link set dev enp33s0 up" # pre-up script lines - up: [] #up script lines - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - - -# --- -# vars used by roles/common/tasks/systemd-resolved.yml -# --- - -systemd_resolved: true - -# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie -# Primäre DNS-Adresse: 38.132.106.139 -# Sekundäre DNS-Adresse: 194.187.251.67 -# -# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen -# primäre DNS-Adresse -# IPv4: 1.1.1.1 -# IPv6: 2606:4700:4700::1111 -# sekundäre DNS-Adresse -# IPv4: 1.0.0.1 -# IPv6: 2606:4700:4700::1001 -# -# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit -# primäre DNS-Adresse -# IPv4: 8.8.8.8 -# IPv6: 2001:4860:4860::8888 -# sekundäre DNS-Adresse -# IPv4: 8.8.4.4 -# IPv6: 2001:4860:4860::8844 -# -# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug -# primäre DNS-Adresse -# IPv4: 9.9.9.9 -# IPv6: 2620:fe::fe -# sekundäre DNS-Adresse -# IPv4: 149.112.112.112 -# IPv6: 2620:fe::9 -# -# OpenNIC - https://www.opennic.org/ -# IPv4: 195.10.195.195 - ns31.de -# IPv4: 94.16.114.254 - ns28.de -# IPv4: 51.254.162.59 - ns9.de -# IPv4: 194.36.144.87 - ns29.de -# IPv6: 2a00:f826:8:2::195 - ns31.de -# -# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) -# IPv4: 5.1.66.255 -# IPv6: 2001:678:e68:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# IPv4: 185.150.99.255 -# IPv6: 2001:678:ed0:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) -resolved_nameserver: - - 192.168.100.1 - -# search domains -# -# If there are more than one search domains, then specify them here in the order in which -# the resolver should also search them -# -#resolved_domains: [] -resolved_domains: - - ~. - - kanzlei-kiel.netz - -resolved_dnssec: false - -# dns.as250.net: 194.150.168.168 -# -resolved_fallback_nameserver: - - 194.150.168.168 - - -# --- -# vars used by roles/common/tasks/users -# --- - -default_user: - - - name: chris - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - # password: 9xFXkdPR_2 - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$sHxqz7NyYdn38ZegSbewO.$PPHR0n.XeMcS3AQ9KybllBT.2hxpYlQ7AiVhxHgUOX8 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - # password: Iar-zrq4wG.2 - - name: winadm - user_id: 1055 - group_id: 1055 - group: winadm - append: true - groups: - - sysadm - home: /home/winadm - password: $y$j9T$FIN.5hpIbyFh/zx8a3xVZ.$jn9b12BUW57PEXGp3288t/dVBB7glyTgj/58QyYOG7D - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - home: /home/borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF7MKFmJ2kJrNs5DhlPqfizZgz3wNpzFAITo63p/VBOe root@file-ah' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItQLQ7lhBY2USF4Jcp4teF+1NydI73VeHYbQW8q4Mcw root@gw-ah' - - - -# --- -# vars used by roles/common/tasks/cron.yml -# --- - -#cron_user_special_time_entries: -# -# - name: "Restart DNS Cache service 'systemd-resolved'" -# special_time: reboot -# job: "sleep 10 ; /bin/systemctl restart systemd-resolved" -# insertafter: PATH - - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - - -# --- -# vars used by roles/common/tasks/nfs.yml -# --- - -nfs_server: 192.168.100.11 - - -# --- -# vars used by roles/common/tasks/samba-config-server.yml -# vars used by roles/common/tasks/samba-user.yml -# --- - -samba_server_ip: 192.168.100.11 -samba_server_cidr_prefix: 24 - -samba_workgroup: AH-ALT - -samba_netbios_name: FILE-AH-Alt - -samba_groups: - - name: verwaltung - group_id: 120 - - name: intern - group_id: 121 - - name: hoffmann-elberling - group_id: 122 - - name: gubitz-partner - group_id: 123 - - name: sysadm - group_id: 1050 - - name: install - group_id: 1070 - -samba_user: - - - name: chris - groups: - - buero - - intern - - verwaltung - - gubitz-partner - - hoffmann-elberling - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63643330373231636537366333326630333265303265653933613835656262323863363038653234 - 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 - 61313164643061306433643738643563303036646334376536626531383965303036386162393832 - 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 - 3631 - - - name: test - groups: - - buero - - intern - - verwaltung - - gubitz-partner - - hoffmann-elberling - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63643330373231636537366333326630333265303265653933613835656262323863363038653234 - 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 - 61313164643061306433643738643563303036646334376536626531383965303036386162393832 - 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 - 3631 - - - name: buero - groups: - - verwaltung - - intern - - hoffmann-elberling - - gubitz-partner - password: 'buero2011' - - - name: axel - groups: - - intern - - verwaltung - - hoffmann-elberling - password: 'ah-kiel.2018' - - - name: bjoern - groups: - - intern - - verwaltung - - hoffmann-elberling - password: 'bjoern2011' - - - name: gubitz - groups: - - intern - - verwaltung - - gubitz-partner - password: '20gubitz12' - - - name: schaar - groups: - - intern - - verwaltung - - gubitz-partner - password: '20schaar12' - - - name: molkentin - groups: - - intern - - verwaltung - - gubitz-partner - password: 20molkentin12 - - - name: buerooben - groups: - - intern - - verwaltung - - hoffmann-elberling - password: 'buero2013' - - - name: buchholz - groups: - - buero - - intern - - verwaltung - password: '20-buch_holz-20' - - - name: kiel-nb1 - groups: - - buero - - intern - - verwaltung - - gubitz-partner - - hoffmann-elberling - password: '20-note%book1-20' - - - name: kiel-nb2 - groups: - - buero - - intern - - verwaltung - - gubitz-partner - - hoffmann-elberling - password: '20-note%book2-20' - - - name: schmidt - groups: - - intern - - verwaltung - - gubitz-partner - password: '20-schmidt_21%' - - - name: simone.schnoenmehl - groups: - - intern - - gubitz-partner - password: '20-simone-schnoenmehl-22%' - - - name: heckert - groups: - - intern - - verwaltung - - gubitz-partner - password: '0-heckert.22%' - - - name: schultheis - groups: - - intern - - verwaltung - - gubitz-partner - password: '20.loui-sa/schultheis-26!' - - - name: weber - groups: - - intern - - verwaltung - - gubitz-partner - password: '20.ni-klas.weber_26!' - - - name: hh-lucke - groups: [] - password: 'Ole20Steffen_17' - - - name: hh-kanzlei - groups: [] - password: '20-HH_18-Kanzlei' - - - name: hh-jaenicke - groups: [] - password: '20-th.jaenicke_%20' - - - name: hh-pueschel - groups: [] - password: '20-HH_caro.pueschel-%21' - - - name: hh-kell - groups: [] - password: '20-an.kell-%24' - - - name: hh-neumann - groups: [] - password: '20.neu-mann_%24' - - # password: Iar-zrq4wG.2 - - name: winadm - groups: - - sysadm - - install - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31326630303038396164656266623339353031336434376531383133643266656133363165316532 - 6364343131656235313432356230646337373362343938660a393031323561326438653935393632 - 34373464313666343433626635656261323933353631393632626166643738386333636639303334 - 3661613165626230640a306236363161356239306232633565336131303066383464626164636133 - 3038 - - - name: hh-stork - groups: [] - password: '20-ni-na.stork_%24' - - - name: back - groups: [] - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63643330373231636537366333326630333265303265653933613835656262323863363038653234 - 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 - 61313164643061306433643738643563303036646334376536626531383965303036386162393832 - 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 - 3631 - - # password: 9xFXkdPR_2 - - name: sysadm - groups: - - buero - - install - - intern - - verwaltung - - gubitz-partner - - hoffmann-elberling - password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35323634653231353634343232326436393435386366396364373766306135636536323165656362 - 3138366263316231333038343930313134333565373566640a363932616535343538376333313335 - 64326566643163366533356464326339653236636562363336633738656631626433306661323835 - 3337663865333636660a626131366161636433613561613235333831653733383365623564313431 - 6439 - -base_home: /home - -# remove_samba_users: -# - name: name1 -# - name: name2 -# -remove_samba_users: [] - -samba_shares: - - - name: Buero - path: /data/samba/shares/Buero - group_valid_users: intern - group_write_list: intern - file_create_mask: !!str 664 - dir_create_mask: !!str 2775 - vfs_object_recycle: true - recycle_path: '@Recycle' - - - name: Verwaltung - path: /data/samba/shares/Verwaltung - group_valid_users: verwaltung - group_write_list: verwaltung - file_create_mask: !!str 660 - dir_create_mask: !!str 2770 - vfs_object_recycle: true - recycle_path: '@Recycle' - - - name: Scans_schnell - path: /data/samba/shares/Scans_schnell - group_valid_users: intern - group_write_list: intern - file_create_mask: !!str 664 - dir_create_mask: !!str 2775 - vfs_object_recycle: true - recycle_path: '@Recycle' - - - name: Hoffmann-Elberling - path: /data/samba/shares/Hoffmann-Elberling - group_valid_users: hoffmann-elberling - group_write_list: hoffmann-elberling - file_create_mask: !!str 664 - dir_create_mask: !!str 2775 - vfs_object_recycle: true - recycle_path: '@Recycle' - - - name: Gubitz-Partner - path: /data/samba/shares/Gubitz-Partner - group_valid_users: gubitz-partner - group_write_list: gubitz-partner - file_create_mask: !!str 664 - dir_create_mask: !!str 2775 - vfs_object_recycle: true - recycle_path: '@Recycle' - - - name: Gubitz-Backup - path: /data/samba/non-backup-shares/Gubitz-Backup - group_valid_users: gubitz - group_write_list: gubitz - file_create_mask: !!str 660 - dir_create_mask: !!str 2770 - vfs_object_recycle: true - recycle_path: '@Recycle' - - - name: Install - path: /data/samba/shares/install - group_valid_users: install - group_write_list: install - file_create_mask: !!str 660 - dir_create_mask: !!str 2770 - vfs_object_recycle: true - recycle_path: '@Recycle' - - # --- - # - This share will be written by Windows Server 2016 configured at - # - "Windows Zubehör" -> "Windows Server-Sicherung" - # --- - - name: WinServer2016-Backup - comment: WinServer2016-Backup on Fileserver - path: /data/samba/shares/WinServer2016-Backup - group_valid_users: sysadm - group_write_list: sysadm - file_create_mask: !!str 664 - dir_create_mask: !!str 2775 - guest_ok: !!str yes - vfs_object_recycle: false - - # --- - # - This share will be written by windows schedulescript 'backup-advoware.bat' - # --- - - name: Advoware-Backup - comment: Advoware-Backup (only read) on Fileserver - path: /data/samba/shares/Advoware-Backup - group_valid_users: back - group_write_list: back - file_create_mask: !!str 664 - dir_create_mask: !!str 2775 - guest_ok: !!str yes - vfs_object_recycle: false - - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/file-ah.kanzlei-kiel.netz.yml b/host_vars/file-ah.kanzlei-kiel.netz.yml index 4705114..4c5f0c9 100644 --- a/host_vars/file-ah.kanzlei-kiel.netz.yml +++ b/host_vars/file-ah.kanzlei-kiel.netz.yml @@ -351,10 +351,11 @@ samba_user: - name: chris groups: - buero - - intern - - verwaltung - gubitz-partner - hoffmann-elberling + - install + - intern + - verwaltung password: !vault | $ANSIBLE_VAULT;1.1;AES256 63643330373231636537366333326630333265303265653933613835656262323863363038653234 @@ -471,7 +472,7 @@ samba_user: - intern - verwaltung - gubitz-partner - password: '0-heckert.22%' + password: '20-heckert.22%' - name: schultheis groups: @@ -633,9 +634,23 @@ samba_shares: # - This share will be written by Windows Server 2016 configured at # - "Windows Zubehör" -> "Windows Server-Sicherung" # --- - - name: WinServer2016-Backup - comment: WinServer2016-Backup on Fileserver - path: /data/samba/shares/WinServer2016-Backup +# - name: WinServer2016-Backup +# comment: WinServer2016-Backup on Fileserver +# path: /data/samba/shares/WinServer2016-Backup +# group_valid_users: sysadm +# group_write_list: sysadm +# file_create_mask: !!str 664 +# dir_create_mask: !!str 2775 +# guest_ok: !!str yes +# vfs_object_recycle: false + + # --- + # - This share will be written by Windows Server 2016 configured at + # - "Windows Zubehör" -> "Windows Server-Sicherung" + # --- + - name: Windows-Server-2025-Backup + comment: Windows-Server-2025-Backup on Fileserver + path: /data/samba/shares/Windows-Server-2025-Backup group_valid_users: sysadm group_write_list: sysadm file_create_mask: !!str 664 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 37c57d5..c909e44 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -172,6 +172,8 @@ - import_tasks: ntp.yml tags: - ntp + when: + - "'lxc_guest' not in group_names" # tags supportetd inside git.yml