From 84d5a653c538c3cf81a446378769695a0bc52532 Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 18 Jun 2026 14:15:47 +0200 Subject: [PATCH] Update network configurations and add new host variables - Modified network interface settings for gw-mbr.oopen.de, changing IP addresses and adding an alias for IPMI. - Refactored network interface configuration for o28.oopen.de, consolidating and updating device settings, including bridge configurations and DNS settings. - Added new user 'farina' to samba_user in zapata.opp.netz.yml. - Updated hosts file to include new entries for ak-plan.oopen.de and adjusted existing entries for clarity. - Created new host variable files for ak-plan.oopen.de, cl-ndm.oopen.de, and psono-ndm.oopen.de with comprehensive configurations for systemd-resolved and cron jobs. --- group_vars/all/main.yml | 1 - host_vars/ak-plan.oopen.de.yml | 142 +++++ host_vars/anita.wf.netz.yml | 121 +++++ host_vars/backup.oopen.de.yml | 6 +- host_vars/cl-ndm.oopen.de.yml | 235 ++++++++ host_vars/file-km-neu.anw-km.netz.yml | 754 ++++++++++++++++---------- host_vars/file-km.anw-km.netz.yml | 534 ++++++++++++------ host_vars/gw-mbr.oopen.de.yml | 22 +- host_vars/o28.oopen.de.yml | 246 ++------- host_vars/psono-ndm.oopen.de.yml | 235 ++++++++ host_vars/zapata.opp.netz.yml | 6 + hosts | 86 ++- 12 files changed, 1692 insertions(+), 696 deletions(-) create mode 100644 host_vars/ak-plan.oopen.de.yml create mode 100644 host_vars/cl-ndm.oopen.de.yml create mode 100644 host_vars/psono-ndm.oopen.de.yml diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index f53117f..fc93350 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1916,7 +1916,6 @@ apt_install: {} apt_install_state: latest apt_remove: - - rpcbind - apt-transport-tor - tor - tor-geoipdb diff --git a/host_vars/ak-plan.oopen.de.yml b/host_vars/ak-plan.oopen.de.yml new file mode 100644 index 0000000..da22fd8 --- /dev/null +++ b/host_vars/ak-plan.oopen.de.yml @@ -0,0 +1,142 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 185.12.64.2 + - 2a01:4ff:ff00::add:1 + - 2a01:4ff:ff00::add:2 + - 185.12.64.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/anita.wf.netz.yml b/host_vars/anita.wf.netz.yml index 744a1fc..8eb986d 100644 --- a/host_vars/anita.wf.netz.yml +++ b/host_vars/anita.wf.netz.yml @@ -163,6 +163,127 @@ resolved_fallback_nameserver: # see: roles/common/tasks/vars +# --- +# vars used by roles/common/tasks/nfs.yml +# --- + + +# --- +# vars used by roles/common/tasks/samba-config-server.yml +# vars used by roles/common/tasks/samba-user.yml +# --- + +samba_server_ip: 192.168.52.10 +samba_server_cidr_prefix: 24 + +samba_workgroup: WF + +samba_netbios_name: ANITA + +samba_groups: + - name: users + group_id: 100 + - name: archive + group_id: 1020 + - name: intern + group_id: 1030 + +samba_user: + + - name: annette + groups: + - users + - intern + password: '20.18-annette%' + + - name: axel + groups: + - archive + - users + - intern + password: 'axel123' + + - name: chris + groups: + - users + - archive + - intern + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + - name: kaya + groups: + - users + - intern + password: 'kaya123' + + - name: lalix + groups: + - users + - intern + password: 'lalix123' + + - name: mariette + groups: + - users + - intern + password: 'mariette123' + + - name: sysadm + groups: + - users + - archive + - intern + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31306162383164643133623335323736323837613435333430363336353032323565633130353733 + 3363646437363062313763636333356436666331396131370a393762363931626166326530373261 + 62616332643232663432613662646134613539323861383436636364633562646138646538343863 + 6530336565363934330a363063653533396666373730663062363633363634363337323039363231 + 3130 + +base_home: /home + +samba_homes_virusfilter: true + +samba_shares: + + - name: archiv + path: /data/samba/archiv + group_valid_users: users + group_write_list: archive + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_virusfilter: true + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: daten2 + path: /data/samba/daten2 + group_valid_users: users + group_write_list: users + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_virusfilter: true + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: verwaltung + path: /data/samba/archiv + group_valid_users: intern + group_write_list: intern + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_virusfilter: true + vfs_object_recycle: true + recycle_path: '@Recycle' + + # ============================== diff --git a/host_vars/backup.oopen.de.yml b/host_vars/backup.oopen.de.yml index 330de69..9260977 100644 --- a/host_vars/backup.oopen.de.yml +++ b/host_vars/backup.oopen.de.yml @@ -257,6 +257,7 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmfp+4waTzHxdT5TaxAMsIPDDwNe8Dwuif1jL+9v9GP root@a.mx' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBIyXel+KOTLB6VB2xJwyWaZc0KuCJzocwlziFdovCl root@a.ns' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGi22vcCilahX9KwbqcF8/D0RnzQXvgzTUFTmRHNJsBZ root@anabaena' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5xyeZBGQn4Iz5iV2DMBVll/6n/X0JuoPMDpc8D32ra root@ak-plan' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU1InXFKZX9emaT5QsY4Nr0tr8CzbyV8Js8RzZC9vGk root@b.mx' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPo7hI8oIS+/xufCUNTTgNoz592udJaU+79L0uADzKJY root@b.ns' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtIXFS9OrKBvBl+fKtYN/lOOKpPuuc02H8HV+++LeBU root@backup' @@ -272,6 +273,7 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvmOpsiL+eiJ3qZVDJiUCFVZge0OQJ1hpZgw7pJ8sq5 root@cl-irights' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjr0aBl2KQTJnlVK03DOs0u+IXSon4VewwAzzSBsmVW root@cl-lubax' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhwPCxVHqABXzyXwVuqbH703RCU0N+SC/cx4TuoHhGU root@cl-nd' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp6BXQ/v/Hf/IJnI0JIS96RC4NGDMFUbwyW8nH3Xq66 root@cl-ndm' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7h6rR+q5bRh/qgzA7ZyiZcRr9vMbo7cxhQsoukWmUn root@cl-vbrg' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcHQfSVG8DM1qHp2ce73ZBWXknZGZFur5s27V58T7ON root@cl-opp' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClnyNS5RQsbXmgOX7NU7i154DElOlha3y0ybF6FwScT root@cl-test' @@ -319,7 +321,8 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGcgS05xGLPuECQ7E5zjzfSDxdFBO1mAjkSV2bktxld+ root@o23' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEM1SI7Lwk0G8UycysL7ZPdXm1DRGgPnr01B0ewRGEKi root@o24' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJKfPInE9VjXVe+6DQ+4/H1nQJwXljYEK6gwfmTDgGy root@o26' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIES9ftVcNMv6pW2HDM12fIbOOEvq1fcd74kbO4LHfhGH root@o28' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIES9ftVcNMv6pW2HDM12fIbOOEvq1fcd74kbO4LHfhGH root@o28-FM-BAK' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyLS+kyfMX0hlv0rMmGyG6huvuqZlEOOf007xuI6io0 root@o28' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtACieGFf34NDepB9GqJjVqji6bf6xrO1LevXgm3aN+ root@o29' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE70FVVu2bsdH2qJITFVSDEPraiI4uSCuzEkYlbl6pRW root@o30' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0+aRoMxzmiQCAIMajNhbTZEumtZ9yCG2Nb4ucqK8lo root@o31' @@ -339,6 +342,7 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUZ0WNd3rTqHH1tiXAELwssGw6xUP1ROdhgxKbMinYY root@oolm-web' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJCzTmrRp0s0qpkf9HYyx4lL+zs1jTAYcCsvqpJ72p root@super-opferhilfefonds' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID82UUUkYKYFbJdmTcMYu+vl3M0FVQznXFbngqPoumP+ root@prometheus-nd' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObY/MOgF4QVWROrQCaKCfBOfAwKVcja3q7Ngwo1MEDt root@psono-ndm' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJU5HzfGYZwWeaoAGGFF7/3VQP19ce6Rgn5wcOR98Q3o root@server26' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfCFz6mPdn3TKVCgffHQAKt3LN/0srS/gBsMoOyZpi root@shop-agr' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHbeMf/CvAYIU/4UW8Ql59FgPo/3vcZ3vI3QzK2kOadE root@srv-cityslang' diff --git a/host_vars/cl-ndm.oopen.de.yml b/host_vars/cl-ndm.oopen.de.yml new file mode 100644 index 0000000..928617c --- /dev/null +++ b/host_vars/cl-ndm.oopen.de.yml @@ -0,0 +1,235 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 185.12.64.2 + - 185.12.64.1 + - 2a01:4ff:ff00::add:2 + - 2a01:4ff:ff00::add:1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 5 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if webservices sre running. Restart if necessary" + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_webservice_load.sh + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors.." + minute: '*/5' + hour: '*' + job: /root/bin/postfix/check-postfix-fatal-errors.sh + + - name: "Optimize mysql tables" + minute: '53' + hour: '04' + job: /root/bin/mysql/optimize_mysql_tables.sh + + - name: "Flush query cache for mysql tables" + minute: '27' + hour: '04' + job: /root/bin/mysql/flush_query_cache.sh + + - name: "Flush Host cache" + minute: '17' + hour: '05' + job: /root/bin/mysql/flush_host_cache.sh + + - name: "Run occ file:scan for each cloud account" + minute: '02' + hour: '23' + job: /root/bin/nextcloud/occ_maintenance.sh -s cloud.neuemedienmacher.de + + - name: "Background job for nextcloud instance 'cloud.neuemedienmacher.de" + minute: '*/15' + hour: '*' + job: sudo -u "www-data" /usr/local/php/bin/php -f /var/www/cloud.neuemedienmacher.de/htdocs/cron.php + + - name: "Check if certificates for coolwsd service are up to date" + minute: '17' + hour: '05' + job: /root/bin/nextcloud/check_cert_coolwsd.sh + + - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)" + minute: '23' + hour: '05' + job: /var/lib/dehydrated/cron/dehydrated_cron.sh + + - name: "Check whether all certificates are included in the VHOST configurations" + minute: '33' + hour: '05' + job: /var/lib/dehydrated/tools/update_ssl_directives.sh + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/file-km-neu.anw-km.netz.yml b/host_vars/file-km-neu.anw-km.netz.yml index 56f0849..c01fd29 100644 --- a/host_vars/file-km-neu.anw-km.netz.yml +++ b/host_vars/file-km-neu.anw-km.netz.yml @@ -1,10 +1,8 @@ --- - # --- # vars used by roles/network_interfaces # --- - # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted network_manage_devices: True @@ -19,9 +17,7 @@ network_interface_required_packages: - ifupdown - ifenslave - network_interfaces: - - device: br0 # use only once per device (for the first device entry) headline: br0 - bridge over device eno1np0 @@ -68,27 +64,22 @@ network_interfaces: down: [] # down script lines post-down: [] # post-down script lines - # --- # vars used by roles/ansible_dependencies # --- - # --- # vars used by roles/ansible_user # --- - # --- # vars used by roles/common/tasks/basic.yml # --- - # --- # vars used by roles/common/tasks/sshd.yml # --- - # --- # vars used by roles/common/tasks/apt.yml # --- @@ -100,7 +91,6 @@ apt_install_extra_pkgs: - swtpm - swtpm-tools - # --- # vars used by roles/common/tasks/systemd-resolved.yml # --- @@ -168,15 +158,13 @@ resolved_dnssec: false # dns.as250.net: 194.150.168.168 # resolved_fallback_nameserver: - - 172.16.122.254 - + - 172.16.122.254 # --- # vars used by roles/common/tasks/cron.yml # --- cron_user_special_time_entries: - - name: "Restart DNS Cache service 'systemd-resolved'" special_time: reboot job: "sleep 10 ; /bin/systemctl restart systemd-resolved" @@ -187,12 +175,10 @@ cron_user_special_time_entries: job: "echo 1 > /sys/kernel/mm/ksm/run" insertafter: PATH - cron_user_entries: - - name: "Check if SSH service is running. Restart service if needed." - minute: '*/5' - hour: '*' + minute: "*/5" + hour: "*" job: /root/bin/monitoring/check_ssh.sh - name: "Check if postfix mailservice is running. Restart service if needed." @@ -220,14 +206,11 @@ cron_user_entries: hour: "*" job: /root/bin/monitoring/check_ntpsec_service.sh - - # --- # vars used by roles/common/tasks/users.yml # --- extra_user: - - name: advoware user_id: 1115 group_id: 1115 @@ -236,8 +219,8 @@ extra_user: password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22 shell: /bin/bash ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" - name: a-jur user_id: 1110 @@ -247,8 +230,8 @@ extra_user: password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22 shell: /bin/bash ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" - name: back user_id: 1060 @@ -258,9 +241,9 @@ extra_user: password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0 shell: /bin/bash ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de" - name: borg user_id: 1065 @@ -270,22 +253,19 @@ extra_user: password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 shell: /bin/bash ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km' - + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km" # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- - # --- # vars used by roles/common/tasks/webadmin-user.yml # --- - # --- # vars used by roles/common/tasks/sudoers.yml # --- @@ -293,20 +273,17 @@ extra_user: # see: roles/common/tasks/vars sudoers_file_user_back_mount_privileges: - - 'ALL=(root) NOPASSWD: /usr/bin/mount' - - 'ALL=(root) NOPASSWD: /usr/bin/umount' - + - "ALL=(root) NOPASSWD: /usr/bin/mount" + - "ALL=(root) NOPASSWD: /usr/bin/umount" # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- - # --- # vars used by roles/common/tasks/git.yml # --- - # --- # vars used by roles/common/tasks/samba-config-server.yml # vars used by roles/common/tasks/samba-user.yml @@ -332,10 +309,8 @@ samba_groups: group_id: 1120 - name: wildvang group_id: 1130 - #- name: aulmann - # group_id: 1130 - #- name: howe - # group_id: 1140 + - name: eibelshaeuser + group_id: 1140 - name: stahmann group_id: 1150 - name: traine @@ -344,104 +319,24 @@ samba_groups: group_id: 1170 - name: alle group_id: 1180 - - + - name: install + group_id: 1190 samba_user: - name: advoware groups: - advoware - password: '9WNRbc49m3' + has_rdp: false + password: "9WNRbc49m3" - name: a-jur groups: - a-jur - alle - - intern - kanzlei - password: 'a-jur' - - - name: andrea - groups: - - advoware - - stahmann - - traine - - public - password: 'fXc3bmK9gj' - - - name: andreas - groups: - - a-jur - - advoware - - alle - - kanzlei - password: 'YKQRa.M9-6rL' - - - name: aphex2 - groups: - - alle - - stahmann - - traine - - public - password: 'J3KMRprK9H' - - - name: berenice - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'berenice' - - - name: beuster - groups: - - advoware - - stahmann - - traine - - public - - alle - password: 'zlm17Kx' - - - name: buero - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero' - - - name: buero2 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero2' - - - name: buero3 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero3' - - - name: buero4 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero4' - - - name: buero7 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero7' + has_rdp: false + password: "a-jur" - name: chris groups: @@ -449,61 +344,172 @@ samba_user: - advoware - alle - intern + - install - kanzlei + - eibelshaeuser - stahmann - traine - wildvang - public + has_rdp: true password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30383265366434633965346530666535363761396165393434643665393137353765653739636364 - 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 - 63663763616630383264303039336562626537366634303636356237323630666635356130383165 - 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 - 3430 + $ANSIBLE_VAULT;1.1;AES256 + 30383265366434633965346530666535363761396165393434643665393137353765653739636364 + 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 + 63663763616630383264303039336562626537366634303636356237323630666635356130383165 + 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 + 3430 - - name: christina + - name: sysadm + groups: + - a-jur + - advoware + - alle + - intern + - install + - kanzlei + - eibelshaeuser + - stahmann + - traine + - wildvang + - public + has_rdp: false + password: "Ax_GSHh5" + + - name: winadm + groups: + - a-jur + - advoware + - alle + - intern + - install + - kanzlei + - eibelshaeuser + - stahmann + - traine + - wildvang + - public + has_rdp: false + password: "Ax_GSHh5" + + # --- + # Andreas Eibelhäuser + # --- + + - name: andreas groups: - advoware - alle - - stahmann - - traine + - eibelshaeuser - public - password: 'qvR7zX4Lhs' + has_rdp: true + password: "YKQRa.M9-6rL" - - name: federico + - name: philipp groups: - advoware - alle - - stahmann - - traine + - eibelshaeuser - public - password: 'zHfj9g3NcC' + has_rdp: true + password: "20-phi.lip.26%" -# - name: gerhard -# groups: -# - advoware -# - alle -# - aulmann -# - howe -# - stahmann -# - traine -# - public -# password: 'bHdhzWnTj9' - - - name: ho-st1 + - name: ref.eibelshaeuser groups: + - advoware - alle - - stahmann - password: '44-Ro-440' + - eibelshaeuser + - public + has_rdp: true + password: "20-ref-eibels.haeuser.26+" -# - name: howe-staff-1 -# groups: -# - advoware -# - alle -# - aulmann -# - howe -# password: '' + # --- + # Berenice Böhlo + # --- + + - name: berenice + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: "berenice" + + - name: annabel + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: "20+an-na.bel/26!" + + - name: jens-uwe + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: "20_jens-uwe.thomas.26!" + + - name: mariami + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: "20.ma-ri-ami/26!" + + - name: nina + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: "20-ni.ha-ger%26%" + + - name: zeina + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: "20/ze.ina-26+" + + - name: rm-buero1 + groups: + - advoware + - alle + - a-jur + - kanzlei + - public + has_rdp: false + password: '20+rm.buero-1/26!' + + - name: rm-buero2 + groups: + - advoware + - alle + - a-jur + - kanzlei + - public + has_rdp: false + password: '20_rmbuero.2-26%' + + # --- + # Rolf Stahmann + # --- - name: irina groups: @@ -512,76 +518,8 @@ samba_user: - stahmann - traine - public - password: 'W9NKv39pXW' - - - name: jessica - groups: - - advoware - - alle - - stahmann - - traine - - public - password: 'bV3pjPtjkR' - -# - name: laura -# groups: -# - alle -# - aulmann -# - howe -# - stahmann -# - traine -# password: '99-Hamburg-990' - - - name: lenovo3 - groups: - - advoware - - alle - - stahmann - - traine - - public - password: 'fndvLmrt7W' - - - name: lenovo4 - groups: - - advoware - - alle - - stahmann - - traine - - public - password: 'tpCMmTKj7H' - - - name: lenovo5 - groups: - - advoware - - alle - - stahmann - - traine - - public - password: 'L5Hannover51' - - - name: lenovo6 - groups: - - advoware - - alle - - stahmann - - traine - password: '66koeln66' - - - name: rm-buero1 - groups: - - advoware - - alle - - a-jur - - kanzlei - password: '' - - - name: rm-buero2 - groups: - - advoware - - alle - - a-jur - - kanzlei - password: '' + has_rdp: false + password: "W9NKv39pXW" - name: rolf groups: @@ -589,27 +527,8 @@ samba_user: - stahmann - traine - public - password: '4xNVNFXgP4' - - - name: sysadm - groups: - - a-jur - - advoware - - alle - - intern - - kanzlei - - stahmann - - traine - - wildvang - - public - password: 'Ax_GSHh5' - - - name: thomas - groups: - - advoware - - alle - - traine - password: '55-tho-mas-550' + has_rdp: true + password: "4xNVNFXgP4" - name: Tresen groups: @@ -620,25 +539,256 @@ samba_user: - stahmann - traine - public - password: 'maltzwo2' + has_rdp: false + password: "maltzwo2" + + # --- + # Federico Traine + # --- + + - name: andrea + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: true + password: "fXc3bmK9gj" + + - name: federico + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: true + password: "zHfj9g3NcC" + + - name: thomas + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: "55-tho-mas-550" + + - name: leonora + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: "20/le-o-nora.26!" + + - name: kristin + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: "20.kris_tin-26/" + + - name: jule + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: "20_ju-le%26!" + + - name: luanda + groups: + - advoware + - alle + - traine + - public + has_rdp: false + password: "20-lu.anda+26!" + + # --- + # Wiebke Wildvang + # --- - name: wiebke groups: - alle - wildvang - public - password: 'uJ5gF/m53p.P' + has_rdp: true + password: "uJ5gF/m53p.P" - - name: winadm + + + - name: aphex2 groups: + - alle + - stahmann + - traine + - public + has_rdp: false + password: "J3KMRprK9H" + + - name: beuster + groups: + - advoware + - stahmann + - traine + - public + - alle + has_rdp: false + password: "zlm17Kx" + + - name: buero + groups: + - advoware + - kanzlei - a-jur + - alle + - public + has_rdp: false + password: "buero" + + - name: buero2 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: "buero2" + + - name: buero3 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: "buero3" + + - name: buero4 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: "buero4" + + - name: buero7 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: "buero7" + + - name: christina + groups: - advoware - alle - - intern - - kanzlei + - stahmann + - traine - public - password: 'Ax_GSHh5' + has_rdp: false + password: "qvR7zX4Lhs" + # - name: gerhard + # groups: + # - advoware + # - alle + # - aulmann + # - howe + # - stahmann + # - traine + # - public + # password: 'bHdhzWnTj9' + + - name: ho-st1 + groups: + - alle + - stahmann + - public + has_rdp: false + password: "44-Ro-440" + + # - name: howe-staff-1 + # groups: + # - advoware + # - alle + # - aulmann + # - howe + # password: '' + + - name: jessica + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: false + password: "bV3pjPtjkR" + + # - name: laura + # groups: + # - alle + # - aulmann + # - howe + # - stahmann + # - traine + # password: '99-Hamburg-990' + + - name: lenovo3 + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: false + password: "fndvLmrt7W" + + - name: lenovo4 + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: false + password: "tpCMmTKj7H" + + - name: lenovo5 + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: false + password: "L5Hannover51" + + - name: lenovo6 + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: false + password: "66koeln66" base_home: /data/home @@ -655,7 +805,6 @@ remove_samba_users: # - name: evren samba_shares: - - name: a-jur comment: a-jur Dokumente path: /data/samba/a-jur @@ -665,7 +814,7 @@ samba_shares: dir_create_mask: !!str 2775 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: kanzlei @@ -677,18 +826,31 @@ samba_shares: dir_create_mask: !!str 2775 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: install comment: Install auf Fileserver path: /data/samba/no-backup-shares/install - group_valid_users: intern - group_write_list: intern + group_valid_users: install + group_write_list: install file_create_mask: !!str 660 dir_create_mask: !!str 2770 + vfs_object_virusfilter: true vfs_object_recycle: false + - name: eibelshaeuser + comment: Eibelshaeuser auf Fileserver + path: /data/samba/eibelshaeuser + group_valid_users: eibelshaeuser + group_write_list: eibelshaeuser + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_virusfilter: true + vfs_object_recycle: true + recycle_path: "@Recycle" + vfs_object_recycle_is_visible: true + - name: wildvang comment: Wildvang auf Fileserver path: /data/samba/Wildvang @@ -698,32 +860,32 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true -# - name: aulmann -# comment: Aulmann auf Fileserver -# path: /data/samba/Aulmann -# group_valid_users: aulmann -# group_write_list: aulmann -# file_create_mask: !!str 660 -# dir_create_mask: !!str 2770 -# vfs_object_virusfilter: true -# vfs_object_recycle: true -# recycle_path: '@Recycle' -# vfs_object_recycle_is_visible: true + # - name: aulmann + # comment: Aulmann auf Fileserver + # path: /data/samba/Aulmann + # group_valid_users: aulmann + # group_write_list: aulmann + # file_create_mask: !!str 660 + # dir_create_mask: !!str 2770 + # vfs_object_virusfilter: true + # vfs_object_recycle: true + # recycle_path: '@Recycle' + # vfs_object_recycle_is_visible: true -# - name: howe -# comment: Howe auf Fileserver -# path: /data/samba/Howe -# group_valid_users: howe -# group_write_list: howe -# file_create_mask: !!str 660 -# dir_create_mask: !!str 2770 -# vfs_object_virusfilter: true -# vfs_object_recycle: true -# recycle_path: '@Recycle' -# vfs_object_recycle_is_visible: true + # - name: howe + # comment: Howe auf Fileserver + # path: /data/samba/Howe + # group_valid_users: howe + # group_write_list: howe + # file_create_mask: !!str 660 + # dir_create_mask: !!str 2770 + # vfs_object_virusfilter: true + # vfs_object_recycle: true + # recycle_path: '@Recycle' + # vfs_object_recycle_is_visible: true - name: stahmann comment: Stahmann auf Fileserver @@ -734,7 +896,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: traine @@ -746,7 +908,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: public @@ -758,7 +920,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: Advoware-Schriftverkehr @@ -770,7 +932,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: Advoware-Backup @@ -782,7 +944,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: false - name: alle @@ -794,7 +956,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true # - name: web @@ -808,10 +970,8 @@ samba_shares: # vfs_object_recycle: true # recycle_path: '@Recycle' - # ============================== - # --- # vars used by scripts/reset_root_passwd.yml # --- diff --git a/host_vars/file-km.anw-km.netz.yml b/host_vars/file-km.anw-km.netz.yml index 72158fc..9eee95a 100644 --- a/host_vars/file-km.anw-km.netz.yml +++ b/host_vars/file-km.anw-km.netz.yml @@ -273,10 +273,8 @@ samba_groups: group_id: 1120 - name: wildvang group_id: 1130 - #- name: aulmann - # group_id: 1130 - #- name: howe - # group_id: 1140 + - name: eibelshaeuser + group_id: 1140 - name: stahmann group_id: 1150 - name: traine @@ -285,6 +283,8 @@ samba_groups: group_id: 1170 - name: alle group_id: 1180 + - name: install + group_id: 1190 @@ -293,108 +293,31 @@ samba_user: - name: advoware groups: - advoware + has_rdp: false password: '9WNRbc49m3' - name: a-jur groups: - a-jur - alle - - intern - kanzlei + has_rdp: false password: 'a-jur' - - name: andrea - groups: - - advoware - - stahmann - - traine - - public - password: 'fXc3bmK9gj' - - - name: andreas - groups: - - a-jur - - advoware - - alle - - kanzlei - password: 'YKQRa.M9-6rL' - - - name: aphex2 - groups: - - alle - - stahmann - - traine - - public - password: 'J3KMRprK9H' - - - name: berenice - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'berenice' - - - name: beuster - groups: - - advoware - - stahmann - - traine - - public - - alle - password: 'zlm17Kx' - - - name: buero - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero' - - - name: buero2 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero2' - - - name: buero3 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero3' - - - name: buero4 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero4' - - - name: buero7 - groups: - - advoware - - kanzlei - - a-jur - - alle - password: 'buero7' - - name: chris groups: - a-jur - advoware - alle - intern + - install - kanzlei + - eibelshaeuser - stahmann - traine - wildvang - public + has_rdp: true password: !vault | $ANSIBLE_VAULT;1.1;AES256 30383265366434633965346530666535363761396165393434643665393137353765653739636364 @@ -403,14 +326,201 @@ samba_user: 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 3430 - - name: christina + - name: sysadm + groups: + - a-jur + - advoware + - alle + - intern + - install + - kanzlei + - eibelshaeuser + - stahmann + - traine + - wildvang + - public + has_rdp: false + password: 'Ax_GSHh5' + + - name: winadm + groups: + - a-jur + - advoware + - alle + - intern + - install + - kanzlei + - eibelshaeuser + - stahmann + - traine + - wildvang + - public + has_rdp: false + password: 'Ax_GSHh5' + +# --- +# Andreas Eibelhäuser +# --- + + - name: andreas + groups: + - advoware + - alle + - eibelshaeuser + - public + has_rdp: true + password: 'YKQRa.M9-6rL' + + - name: philipp + groups: + - advoware + - alle + - eibelshaeuser + - public + has_rdp: true + password: '20-phi.lip.26%' + + - name: ref.eibelshaeuser + groups: + - advoware + - alle + - eibelshaeuser + - public + has_rdp: true + password: '20-ref-eibels.haeuser.26+' + +# --- +# Berenice Böhlo +# --- + + - name: berenice + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: 'berenice' + + - name: annabel + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: '20+an-na.bel/26!' + + - name: jens-uwe + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: '20_jens-uwe.thomas.26!' + + - name: mariami + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: '20.ma-ri-ami/26!' + + - name: nina + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: '20-ni.ha-ger%26%' + + - name: zeina + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: true + password: '20/ze.ina-26+' + + - name: rm-buero1 + groups: + - advoware + - alle + - a-jur + - kanzlei + - public + has_rdp: false + password: '20+rm.buero-1/26!' + + - name: rm-buero2 + groups: + - advoware + - alle + - a-jur + - kanzlei + - public + has_rdp: false + password: '20_rmbuero.2-26%' + +# --- +# Rolf Stahmann +# --- + + - name: irina groups: - advoware - alle - stahmann - traine - public - password: 'qvR7zX4Lhs' + has_rdp: false + password: 'W9NKv39pXW' + + - name: rolf + groups: + - alle + - stahmann + - traine + - public + has_rdp: true + password: '4xNVNFXgP4' + + - name: Tresen + groups: + - a-jur + - advoware + - alle + - kanzlei + - stahmann + - traine + - public + has_rdp: false + password: 'maltzwo2' + +# --- +# Federico Traine +# --- + + - name: andrea + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: true + password: 'fXc3bmK9gj' - name: federico groups: @@ -419,8 +529,147 @@ samba_user: - stahmann - traine - public + has_rdp: true password: 'zHfj9g3NcC' + - name: thomas + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: '55-tho-mas-550' + + - name: leonora + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: '20/le-o-nora.26!' + + - name: kristin + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: '20.kris_tin-26/' + + - name: jule + groups: + - advoware + - alle + - traine + - public + has_rdp: true + password: '20_ju-le%26!' + + - name: luanda + groups: + - advoware + - alle + - traine + - public + has_rdp: false + password: '20-lu.anda+26!' + +# --- +# Wiebke Wildvang +# --- + + - name: wiebke + groups: + - alle + - wildvang + - public + has_rdp: true + password: 'uJ5gF/m53p.P' + + + + - name: aphex2 + groups: + - alle + - stahmann + - traine + - public + has_rdp: false + password: 'J3KMRprK9H' + + - name: beuster + groups: + - advoware + - stahmann + - traine + - public + - alle + has_rdp: false + password: 'zlm17Kx' + + - name: buero + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: 'buero' + + - name: buero2 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: 'buero2' + + - name: buero3 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: 'buero3' + + - name: buero4 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: 'buero4' + + - name: buero7 + groups: + - advoware + - kanzlei + - a-jur + - alle + - public + has_rdp: false + password: 'buero7' + + - name: christina + groups: + - advoware + - alle + - stahmann + - traine + - public + has_rdp: false + password: 'qvR7zX4Lhs' + # - name: gerhard # groups: # - advoware @@ -436,6 +685,8 @@ samba_user: groups: - alle - stahmann + - public + has_rdp: false password: '44-Ro-440' # - name: howe-staff-1 @@ -446,15 +697,6 @@ samba_user: # - howe # password: '' - - name: irina - groups: - - advoware - - alle - - stahmann - - traine - - public - password: 'W9NKv39pXW' - - name: jessica groups: - advoware @@ -462,6 +704,7 @@ samba_user: - stahmann - traine - public + has_rdp: false password: 'bV3pjPtjkR' # - name: laura @@ -480,6 +723,7 @@ samba_user: - stahmann - traine - public + has_rdp: false password: 'fndvLmrt7W' - name: lenovo4 @@ -489,6 +733,7 @@ samba_user: - stahmann - traine - public + has_rdp: false password: 'tpCMmTKj7H' - name: lenovo5 @@ -498,6 +743,7 @@ samba_user: - stahmann - traine - public + has_rdp: false password: 'L5Hannover51' - name: lenovo6 @@ -506,81 +752,10 @@ samba_user: - alle - stahmann - traine + - public + has_rdp: false password: '66koeln66' - - name: rm-buero1 - groups: - - advoware - - alle - - a-jur - - kanzlei - password: '' - - - name: rm-buero2 - groups: - - advoware - - alle - - a-jur - - kanzlei - password: '' - - - name: rolf - groups: - - alle - - stahmann - - traine - - public - password: '4xNVNFXgP4' - - - name: sysadm - groups: - - a-jur - - advoware - - alle - - intern - - kanzlei - - stahmann - - traine - - wildvang - - public - password: 'Ax_GSHh5' - - - name: thomas - groups: - - advoware - - alle - - traine - password: '55-tho-mas-550' - - - name: Tresen - groups: - - a-jur - - advoware - - alle - - kanzlei - - stahmann - - traine - - public - password: 'maltzwo2' - - - name: wiebke - groups: - - alle - - wildvang - - public - password: 'uJ5gF/m53p.P' - - - name: winadm - groups: - - a-jur - - advoware - - alle - - intern - - kanzlei - - public - password: 'Ax_GSHh5' - - base_home: /data/home @@ -624,13 +799,25 @@ samba_shares: - name: install comment: Install auf Fileserver path: /data/samba/no-backup-shares/install - group_valid_users: intern - group_write_list: intern + group_valid_users: install + group_write_list: install file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: false + - name: eibelshaeuser + comment: Eibelshaeuser auf Fileserver + path: /data/samba/eibelshaeuser + group_valid_users: eibelshaeuser + group_write_list: eibelshaeuser + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_virusfilter: true + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + - name: wildvang comment: Wildvang auf Fileserver path: /data/samba/Wildvang @@ -650,6 +837,7 @@ samba_shares: # group_write_list: aulmann # file_create_mask: !!str 660 # dir_create_mask: !!str 2770 +# vfs_object_virusfilter: true # vfs_object_recycle: true # recycle_path: '@Recycle' # vfs_object_recycle_is_visible: true @@ -661,6 +849,7 @@ samba_shares: # group_write_list: howe # file_create_mask: !!str 660 # dir_create_mask: !!str 2770 +# vfs_object_virusfilter: true # vfs_object_recycle: true # recycle_path: '@Recycle' # vfs_object_recycle_is_visible: true @@ -744,6 +933,7 @@ samba_shares: # group_write_list: web # file_create_mask: !!str 660 # dir_create_mask: !!str 2770 +# vfs_object_virusfilter: true # vfs_object_recycle: true # recycle_path: '@Recycle' diff --git a/host_vars/gw-mbr.oopen.de.yml b/host_vars/gw-mbr.oopen.de.yml index 60ce254..fa7f237 100644 --- a/host_vars/gw-mbr.oopen.de.yml +++ b/host_vars/gw-mbr.oopen.de.yml @@ -21,13 +21,21 @@ network_interface_required_packages: network_interfaces: +# - device: enp0s20f0 +# headline: enp0s20f0 - Uplink DSL via Fritz!Box +# auto: true +# family: inet +# method: static +# address: 172.16.112.1/24 +# gateway: 172.16.112.254 + - device: enp0s20f0 - headline: enp0s20f0 - Uplink DSL via Fritz!Box + headline: enp0s20f0 - Uplink auto: true family: inet method: static - address: 172.16.112.1/24 - gateway: 172.16.112.254 + address: 217.6.72.202/30 + gateway: 217.6.72.201 - device: enp0s20f1 @@ -53,6 +61,14 @@ network_interfaces: method: static address: 192.168.113.254/24 + + - device: enp0s20f1:ipmi + headline: enp0s20f1:ipmi - Alias on enp0s20f1 (IPMI) + auto: false + family: inet + method: static + address: 172.16.112.254/24 + # --- # vars used by roles/ansible_dependencies # --- diff --git a/host_vars/o28.oopen.de.yml b/host_vars/o28.oopen.de.yml index f9b7c36..be4efe5 100644 --- a/host_vars/o28.oopen.de.yml +++ b/host_vars/o28.oopen.de.yml @@ -22,150 +22,21 @@ network_interface_required_packages: network_interfaces: - # Many device configurations are possible (as many as needed) - # - - device: enp41s0 + - device: br0 # use only once per device (for the first device entry) - headline: enp41s0 - primary device + headline: br0 - bridge over device eno1 - # auto & allow are only used for the first entry of that devicei-name) - # + # auto & allow are only used for the first device entry allow: [] # array of allow-[stanzas] eg. allow-hotplug auto: true family: inet - - # The statisc Mode - # Options - # address - # gateway - # pointopoint
- # hwaddress - # mtu - # scope
- # - # The manual Method - # Options - # hwaddress - # mtu - # - # The dhcp Method - # Options - # hwaddress - # hostname - # metric - # leasehours - # leasetime - # vendor - # client - # - # The bootp Method - # Options - # bootfile: - # server: - # hwaddr - # method: static - - hwaddress: + hwaddress: 08:bf:b8:a4:09:e0 description: - address: 65.108.238.45 - # dotted quad or number of bits - # - # the entry will be: address/netmask - netmask: 26 - gateway: 65.108.238.1 - metric: - pointopoint: - mtu: - scope: - - # additional user by dhcp method - # - hostname: - leasehours: - leasetime: - vendor: - client: - - # additional used by bootp method - # - bootfile: - server: - hwaddr: - - # optional dns settings nameservers: [] - # - # nameservers: - # - 194.150.168.168 # dns.as250.net - # - 91.239.100.100 # anycast.censurfridns.dk - # search: warenform.de - # - #nameservers: - # - 185.12.64.1 - # - a01:4ff:ff00::add:2 - #search: - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: {} - - # optional bonding parameters bond: {} - # bond: - # master - # primary - # slave - # mode: - # miimon: - # lacp-rate: - # ad-select-rate: - # master: - # slaves: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - # - # example: - # - # up: - # - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0" - # - pre-up: [] # pre-up script lines - up: - - !!str "route add -net 65.108.238.0 netmask 255.255.255.192 gw 65.108.238.1 dev enp41s0" - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - - - device: enp41s0 - # use only once per device (for the first device entry) - headline: - - # auto & allow are only used for the first device entry - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: - - family: inet6 - method: static - address: 2a01:4f9:1a:b226::2 - netmask: 64 - gateway: fe80::1 + address: 88.198.56.204 + netmask: 27 + gateway: 88.198.56.193 metric: pointopoint: mtu: @@ -192,14 +63,11 @@ network_interfaces: # - 91.239.100.100 # anycast.censurfridns.dk # search: warenform.de # + # ** MOVED TO systemd-resolved + # nameservers: search: - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - # optional bridge parameters bridge: {} # bridge: # ports: @@ -207,15 +75,24 @@ network_interfaces: # fd: # maxwait: # waitport: - bridge: {} + bridge: + ports: eno1 # for mor devices support a blank separated list + stp: !!str off + fd: 5 + hello: 2 + maxage: 12 # optional bonding parameters bond: {} # bond: - # mode: + # master + # primary + # slave + # method: # miimon: + # lacp-rate: + # ad-select-rate: # master: # slaves: - # lacp-rate: bond: {} # optional vlan settings | vlan: {} @@ -224,13 +101,24 @@ network_interfaces: vlan: {} # inline hook scripts - pre-up: []# pre-up script lines - up: [] # up script lines + pre-up: [] # pre-up script lines + up: + - !!str "route add -net 88.198.56.192 netmask 255.255.255.224 gw 88.198.56.193 dev br0" # up script lines post-up: [] # post-up script lines (alias for up) pre-down: [] # pre-down script lines (alias for down) down: [] # down script lines post-down: [] # post-down script lines + + + - device: br0 + family: inet6 + method: static + address: '2a01:4f8:222:2c2::2' + netmask: 64 + gateway: 'fe80::1' + + # --- # vars used by roles/ansible_dependencies # --- @@ -255,8 +143,6 @@ network_interfaces: # vars used by roles/common/tasks/apt.yml # --- -#apt_manage_sources_list: false - # --- # vars used by roles/common/tasks/systemd-resolved.yml @@ -274,8 +160,8 @@ systemd_resolved: true # IPv6: 2606:4700:4700::1111 # sekundäre DNS-Adresse # IPv4: 1.0.0.1 -# IPv6: 2606:4700:4700::1001 -# +# IPv6: 2606:4700:4700::1001 +# # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit # primäre DNS-Adresse # IPv4: 8.8.8.8 @@ -286,20 +172,20 @@ systemd_resolved: true # # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug # primäre DNS-Adresse -# IPv4: 9.9.9.9 -# IPv6: 2620:fe::fe +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe # sekundäre DNS-Adresse # IPv4: 149.112.112.112 # IPv6: 2620:fe::9 # # OpenNIC - https://www.opennic.org/ -# IPv4: 195.10.195.195 - ns31.de -# IPv4: 94.16.114.254 - ns28.de -# IPv4: 51.254.162.59 - ns9.de +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de # IPv4: 194.36.144.87 - ns29.de # IPv6: 2a00:f826:8:2::195 - ns31.de -# -# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) # IPv4: 5.1.66.255 # IPv6: 2001:678:e68:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net @@ -308,14 +194,14 @@ systemd_resolved: true # Servername für DNS-over-TLS: dot.ffmuc.net # für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) resolved_nameserver: - - 185.12.64.1 - - 2a01:4ff:ff00::add:2 - 185.12.64.2 - 2a01:4ff:ff00::add:1 + - 185.12.64.1 + - 2a01:4ff:ff00::add:2 # search domains # -# If there are more than one search domains, then specify them here in the order in which +# If there are more than one search domains, then specify them here in the order in which # the resolver should also search them # #resolved_domains: [] @@ -337,7 +223,7 @@ resolved_fallback_nameserver: cron_env_entries: - name: PATH - job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - name: SHELL job: /bin/bash @@ -351,9 +237,9 @@ cron_user_special_time_entries: job: "sleep 5 ; /bin/systemctl restart systemd-resolved" insertafter: PATH - - name: "Check if postfix mailservice is running. Restart service if needed." + - name: "Check if Check if all autostart LX-Container are running." special_time: reboot - job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" + job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh" insertafter: PATH @@ -379,28 +265,6 @@ cron_user_entries: hour: '*' job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1 - - name: "Backup internet hosts and then print out hdd-usage for all backuped hosts" - minute: '06' - hour: '00' - weekday: '1-6' - job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N - - - name: "On sunday morning also determin diskspace usage" - minute: '06' - hour: '00' - weekday: 7 - job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N ; /root/bin/admin-stuff/disk-space_usage.sh -q -o /root/disk-space_usage /backup - - - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)" - minute: '23' - hour: '05' - job: /var/lib/dehydrated/cron/dehydrated_cron.sh - - - name: "Check whether all certificates are included in the VHOST configurations" - minute: '33' - hour: '05' - job: /var/lib/dehydrated/tools/update_ssl_directives.sh - - name: "Check hard disc usage." minute: '43' hour: '6' @@ -411,18 +275,6 @@ cron_user_entries: # vars used by roles/common/tasks/users.yml # --- -create_sftp_group: true - -extra_system_user: - - name: www-data - home: /var/www - groups: sftp_users - -sudo_users: - - chris - - sysadm - - localadmin - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/psono-ndm.oopen.de.yml b/host_vars/psono-ndm.oopen.de.yml new file mode 100644 index 0000000..69a72df --- /dev/null +++ b/host_vars/psono-ndm.oopen.de.yml @@ -0,0 +1,235 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 185.12.64.2 + - 185.12.64.1 + - 2a01:4ff:ff00::add:2 + - 2a01:4ff:ff00::add:1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +#cron_user_special_time_entries: +# +# - name: "Restart DNS Cache service 'systemd-resolved'" +# special_time: reboot +# job: "sleep 5 ; /bin/systemctl restart systemd-resolved" +# insertafter: PATH +# +# +#cron_user_entries: +# +# - name: "Check if webservices sre running. Restart if necessary" +# minute: '*/5' +# hour: '*' +# job: /root/bin/monitoring/check_webservice_load.sh +# +# - name: "Check if SSH service is running. Restart service if needed." +# minute: '*/5' +# hour: '*' +# job: /root/bin/monitoring/check_ssh.sh +# +# - name: "Check if Postfix Mailservice is up and running?" +# minute: '*/15' +# hour: '*' +# job: /root/bin/monitoring/check_postfix.sh +# +# - name: "Check Postfix E-Mail LOG file for 'fatal' errors.." +# minute: '*/5' +# hour: '*' +# job: /root/bin/postfix/check-postfix-fatal-errors.sh +# +# - name: "Optimize mysql tables" +# minute: '53' +# hour: '04' +# job: /root/bin/mysql/optimize_mysql_tables.sh +# +# - name: "Flush query cache for mysql tables" +# minute: '27' +# hour: '04' +# job: /root/bin/mysql/flush_query_cache.sh +# +# - name: "Flush Host cache" +# minute: '17' +# hour: '05' +# job: /root/bin/mysql/flush_host_cache.sh +# +# - name: "Run occ file:scan for each cloud account" +# minute: '02' +# hour: '23' +# job: /root/bin/nextcloud/occ_maintenance.sh -s cloud.neuemedienmacher.de +# +# - name: "Background job for nextcloud instance 'cloud.neuemedienmacher.de" +# minute: '*/15' +# hour: '*' +# job: sudo -u "www-data" /usr/local/php/bin/php -f /var/www/cloud.neuemedienmacher.de/htdocs/cron.php +# +# - name: "Check if certificates for coolwsd service are up to date" +# minute: '17' +# hour: '05' +# job: /root/bin/nextcloud/check_cert_coolwsd.sh +# +# - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)" +# minute: '23' +# hour: '05' +# job: /var/lib/dehydrated/cron/dehydrated_cron.sh +# +# - name: "Check whether all certificates are included in the VHOST configurations" +# minute: '33' +# hour: '05' +# job: /var/lib/dehydrated/tools/update_ssl_directives.sh + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/zapata.opp.netz.yml b/host_vars/zapata.opp.netz.yml index 2c7d1b1..2958192 100644 --- a/host_vars/zapata.opp.netz.yml +++ b/host_vars/zapata.opp.netz.yml @@ -297,6 +297,12 @@ samba_user: - buero password: '20-printer-18' + - name: farina + groups: + - buero + - beratung + password: 'ADB_far!na_26' + - name: hanna groups: - buero diff --git a/hosts b/hosts index f73daea..2b1392d 100644 --- a/hosts +++ b/hosts @@ -32,6 +32,7 @@ o13-staging-board.oopen.de o25.oopen.de o41.oopen.de dc-opp.oopen.de +ak-plan.oopen.de discourse.oopen.de test-nd.oopen.de formbricks-nd.oopen.de @@ -203,16 +204,20 @@ mm-irights.oopen.de # IL - PAD o25.oopen.de +# Hetzner Cloud CX31 - AK + +# Backup Faire Mobilitaet +o26.oopen.de + # - o27.oopen.de o27.oopen.de cl-fm.oopen.de mail.faire-mobilitaet.de -# Hetzner Cloud CX31 - AK - -# Backup Faire Mobilitaet +# - o28 NDM - neue deutsche Medienmacher*innen o28.oopen.de -o26.oopen.de +cl-ndm.oopen.de +psono-ndm.oopen.de # - o29.oopen.de Dissens Host System o29.oopen.de @@ -222,6 +227,7 @@ cl-dissens.oopen.de o30.oopen.de meet.akweb.de cloud.akweb.de +ak-plan.oopen.de # o31.oopen.de - Cadus e.V. o31.oopen.de @@ -420,16 +426,20 @@ cl-irights-neu.oopen.de # IL - PAD o25.oopen.de +# Hetzner Cloud CX31 - AK + +# Backup Faire Mobilitaet +o26.oopen.de + # - o27.oopen.de o27.oopen.de cl-fm.oopen.de mail.faire-mobilitaet.de -# Hetzner Cloud CX31 - AK - -# Backup Faire Mobilitaet +# - o28 NDM - neue deutsche Medienmacher*innen o28.oopen.de -o26.oopen.de +cl-ndm.oopen.de +psono-ndm.oopen.de # - o29.oopen.de o29.oopen.de @@ -439,6 +449,7 @@ cl-dissens.oopen.de o30.oopen.de meet.akweb.de cloud.akweb.de +ak-plan.oopen.de # o31.oopen.de - Cadus e.V. o31.oopen.de @@ -734,13 +745,16 @@ cl-test.oopen.de cl-irights.oopen.de cl-irights-neu.oopen.de +# Backup Faire Mobilitaet +o26.oopen.de + # o27.oopen.de cl-fm.oopen.de mail.faire-mobilitaet.de -# Backup Faire Mobilitaet -o28.oopen.de -o26.oopen.de +# - o28 neue deutsche Medienmacher*innen - NDM Host System +cl-ndm.oopen.de +psono-ndm.oopen.de # o29.oopen.de cl-dissens.oopen.de @@ -911,6 +925,10 @@ mm-irights.oopen.de # Hetzner Cloud CX31 - AK +# o28 NDM - neue deutsche Medienmacher*innen +cl-ndm.oopen.de +psono-ndm.oopen.de + # o29.oopen.de . Dissens cl-dissens.oopen.de @@ -1045,6 +1063,10 @@ mm-irights.oopen.de # o27.oopen.de mail.faire-mobilitaet.de +# o28.oopen.de +cl-ndm.oopen.de +psono-ndm.oopen.de + # o35.oopen.de e.mx.oopen.de d.mx.oopen.de @@ -1141,12 +1163,15 @@ mm-irights.oopen.de # Hetzner Cloud CX31 - AK +# Backup Faire Mobilitaet +o26.oopen.de + # o27.oopen.de cl-fm.oopen.de -# Backup Faire Mobilitaet -o28.oopen.de -o26.oopen.de +# - o28 neue deutsche Medienmacher*innen - NDM Host System +cl-ndm.oopen.de +psono-ndm.oopen.de # o29.oopen.de - Dissens cl-dissens.oopen.de @@ -1256,14 +1281,15 @@ cl-test.oopen.de cl-irights.oopen.de cl-irights-neu.oopen.de +# o26.oopen.de +o26.oopen.de + # o27.oopen.de cl-fm.oopen.de -# o28.oopen.de -o28.oopen.de - -# o26.oopen.de -o26.oopen.de +# - o28 neue deutsche Medienmacher*innen - NDM Host System +cl-ndm.oopen.de +psono-ndm.oopen.de # o29.oopen.de - Dissens cl-dissens.oopen.de @@ -1394,7 +1420,6 @@ backup.oopen.de devel-root.wf.netz # Backup Faire Mobilitaet -o28.oopen.de o26.oopen.de # --- @@ -1411,7 +1436,7 @@ o17.oopen.de # --- # Warenform # --- -#anita.wf.netz +anita.wf.netz # --- # Büro Netzwerke @@ -1527,6 +1552,7 @@ o22.oopen.de o23.oopen.de o24.oopen.de o27.oopen.de +o28.oopen.de o29.oopen.de o30.oopen.de o31.oopen.de @@ -1656,12 +1682,17 @@ mail.faire-mobilitaet.de # Hetzner Cloud CX31 - AK +# o28.oopen.de NDM - neue deutsche Medienmacher*innen +cl-ndm.oopen.de +psono-ndm.oopen.de + # o29.oopen.de - Dissens cl-dissens.oopen.de # o30.oopen.de - AK Server Nextcloud/Jitsi Meet meet.akweb.de cloud.akweb.de +ak-plan.oopen.de # BigBlueButton - O.OPEN @@ -1866,16 +1897,20 @@ mm-irights.oopen.de # IL - PAD o25.oopen.de +# Hetzner Cloud CX31 - AK + +# Backup Faire Mobilitaet +o26.oopen.de + # - o27.oopen.de o27.oopen.de cl-fm.oopen.de mail.faire-mobilitaet.de -# Hetzner Cloud CX31 - AK - -# Backup Faire Mobilitaet +# o28.oopen.de NDM - neue deutsche Medienmacher*innen o28.oopen.de -o26.oopen.de +cl-ndm.oopen.de +psono-ndm.oopen.de # o29.oopen.de o29.oopen.de @@ -1885,6 +1920,7 @@ cl-dissens.oopen.de o30.oopen.de meet.akweb.de cloud.akweb.de +ak-plan.oopen.de # - o31.oopen.de o31.oopen.de