ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update network configurations and add new host variables

Browse Source 
- Modified network interface settings for gw-mbr.oopen.de, changing IP addresses and adding an alias for IPMI.
- Refactored network interface configuration for o28.oopen.de, consolidating and updating device settings, including bridge configurations and DNS settings.
- Added new user 'farina' to samba_user in zapata.opp.netz.yml.
- Updated hosts file to include new entries for ak-plan.oopen.de and adjusted existing entries for clarity.
- Created new host variable files for ak-plan.oopen.de, cl-ndm.oopen.de, and psono-ndm.oopen.de with comprehensive configurations for systemd-resolved and cron jobs.
This commit is contained in:
Christoph
2026-06-18 14:15:47 +02:00
parent 1c7ad75f47
commit 84d5a653c5
12 changed files with 1692 additions and 696 deletions
Download Patch File Download Diff File Expand all files Collapse all files
host_vars/o28.oopen.de.yml
+49 -197
View File
@@ -22,150 +22,21 @@ network_interface_required_packages:
network_interfaces:
# Many device configurations are possible (as many as needed)
#
- device: enp41s0
- device: br0
# use only once per device (for the first device entry)
headline: enp41s0 - primary device
headline: br0 - bridge over device eno1
# auto & allow are only used for the first entry of that devicei-name)
#
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
# The statisc Mode
# Options
# address <dotted quad address[/netmask]>
# gateway <dotted quad address>
# pointopoint <Address of other end point (dotted quad). Note the spelling of "point-to">
# hwaddress <mac-address>
# mtu <size>
# scope <Address validity scope. Possible values: global, link, host>
#
# The manual Method
# Options
# hwaddress <mac-address>
# mtu <size>
#
# The dhcp Method
# Options
# hwaddress <mac-address>
# hostname <Hostname to be requested (pump, dhcpcd, udhcpc)>
# metric <metric>
# leasehours <Preferred lease time in hours (pump)>
# leasetime <Preferred lease time in seconds (dhcpcd)>
# vendor <Vendor class identifier (dhcpcd)>
# client <Client identifier (dhcpcd), or "no" (dhclient)>
#
# The bootp Method
# Options
# bootfile: <file: Tell the server to use 'file' as the bootfile.>
# server: <address: Use the IP address 'address' to communicate with the server.>
# hwaddr <mac-address: Use addr as the hardware address instead of whatever it really is.>
#
method: static
hwaddress:
hwaddress: 08:bf:b8:a4:09:e0
description:
address: 65.108.238.45
# dotted quad or number of bits
#
# the entry will be: address/netmask
netmask: 26
gateway: 65.108.238.1
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 185.12.64.1
# - a01:4ff:ff00::add:2
#search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# mode:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
#
# example:
#
# up:
# - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0"
#
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 65.108.238.0 netmask 255.255.255.192 gw 65.108.238.1 dev enp41s0"
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: enp41s0
# use only once per device (for the first device entry)
headline:
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto:
family: inet6
method: static
address: 2a01:4f9:1a:b226::2
netmask: 64
gateway: fe80::1
address: 88.198.56.204
netmask: 27
gateway: 88.198.56.193
metric:
pointopoint:
mtu:
@@ -192,14 +63,11 @@ network_interfaces:
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
# ** MOVED TO systemd-resolved
#
nameservers:
search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
@@ -207,15 +75,24 @@ network_interfaces:
# fd:
# maxwait:
# waitport:
bridge: {}
bridge:
ports: eno1 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# optional bonding parameters bond: {}
# bond:
# mode:
# master
# primary
# slave
# method:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
# lacp-rate:
bond: {}
# optional vlan settings | vlan: {}
@@ -224,13 +101,24 @@ network_interfaces:
vlan: {}
# inline hook scripts
pre-up: []# pre-up script lines
up: [] # up script lines
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 88.198.56.192 netmask 255.255.255.224 gw 88.198.56.193 dev br0" # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: br0
family: inet6
method: static
address: '2a01:4f8:222:2c2::2'
netmask: 64
gateway: 'fe80::1'
# ---
# vars used by roles/ansible_dependencies
# ---
@@ -255,8 +143,6 @@ network_interfaces:
# vars used by roles/common/tasks/apt.yml
# ---
#apt_manage_sources_list: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
@@ -274,8 +160,8 @@ systemd_resolved: true
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
@@ -286,20 +172,20 @@ systemd_resolved: true
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
@@ -308,14 +194,14 @@ systemd_resolved: true
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
@@ -337,7 +223,7 @@ resolved_fallback_nameserver:
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
@@ -351,9 +237,9 @@ cron_user_special_time_entries:
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
- name: "Check if Check if all autostart LX-Container are running."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh"
insertafter: PATH
@@ -379,28 +265,6 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1
- name: "Backup internet hosts and then print out hdd-usage for all backuped hosts"
minute: '06'
hour: '00'
weekday: '1-6'
job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N
- name: "On sunday morning also determin diskspace usage"
minute: '06'
hour: '00'
weekday: 7
job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N ; /root/bin/admin-stuff/disk-space_usage.sh -q -o /root/disk-space_usage /backup
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'
@@ -411,18 +275,6 @@ cron_user_entries:
# vars used by roles/common/tasks/users.yml
# ---
create_sftp_group: true
extra_system_user:
- name: www-data
home: /var/www
groups: sftp_users
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml