ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update network configurations and add new host variables

Browse Source 
- Modified network interface settings for gw-mbr.oopen.de, changing IP addresses and adding an alias for IPMI.
- Refactored network interface configuration for o28.oopen.de, consolidating and updating device settings, including bridge configurations and DNS settings.
- Added new user 'farina' to samba_user in zapata.opp.netz.yml.
- Updated hosts file to include new entries for ak-plan.oopen.de and adjusted existing entries for clarity.
- Created new host variable files for ak-plan.oopen.de, cl-ndm.oopen.de, and psono-ndm.oopen.de with comprehensive configurations for systemd-resolved and cron jobs.
This commit is contained in:
Christoph
2026-06-18 14:15:47 +02:00
parent 1c7ad75f47
commit 84d5a653c5
12 changed files with 1692 additions and 696 deletions
Download Patch File Download Diff File Expand all files Collapse all files
group_vars/all/main.yml
-1
View File
@@ -1916,7 +1916,6 @@ apt_install: {}
apt_install_state: latest apt_install_state: latest
apt_remove: apt_remove:
- rpcbind
- apt-transport-tor - apt-transport-tor
- tor - tor
- tor-geoipdb - tor-geoipdb
host_vars/ak-plan.oopen.de.yml
+142
View File
@@ -0,0 +1,142 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 2a01:4ff:ff00::add:2
- 185.12.64.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
host_vars/anita.wf.netz.yml
+121
View File
@@ -163,6 +163,127 @@ resolved_fallback_nameserver:
# see: roles/common/tasks/vars # see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.52.10
samba_server_cidr_prefix: 24
samba_workgroup: WF
samba_netbios_name: ANITA
samba_groups:
- name: users
group_id: 100
- name: archive
group_id: 1020
- name: intern
group_id: 1030
samba_user:
- name: annette
groups:
- users
- intern
password: '20.18-annette%'
- name: axel
groups:
- archive
- users
- intern
password: 'axel123'
- name: chris
groups:
- users
- archive
- intern
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: kaya
groups:
- users
- intern
password: 'kaya123'
- name: lalix
groups:
- users
- intern
password: 'lalix123'
- name: mariette
groups:
- users
- intern
password: 'mariette123'
- name: sysadm
groups:
- users
- archive
- intern
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31306162383164643133623335323736323837613435333430363336353032323565633130353733
3363646437363062313763636333356436666331396131370a393762363931626166326530373261
62616332643232663432613662646134613539323861383436636364633562646138646538343863
6530336565363934330a363063653533396666373730663062363633363634363337323039363231
3130
base_home: /home
samba_homes_virusfilter: true
samba_shares:
- name: archiv
path: /data/samba/archiv
group_valid_users: users
group_write_list: archive
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: daten2
path: /data/samba/daten2
group_valid_users: users
group_write_list: users
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: verwaltung
path: /data/samba/archiv
group_valid_users: intern
group_write_list: intern
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
# ============================== # ==============================
host_vars/backup.oopen.de.yml
+5 -1
View File
@@ -257,6 +257,7 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmfp+4waTzHxdT5TaxAMsIPDDwNe8Dwuif1jL+9v9GP root@a.mx' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmfp+4waTzHxdT5TaxAMsIPDDwNe8Dwuif1jL+9v9GP root@a.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBIyXel+KOTLB6VB2xJwyWaZc0KuCJzocwlziFdovCl root@a.ns' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBIyXel+KOTLB6VB2xJwyWaZc0KuCJzocwlziFdovCl root@a.ns'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGi22vcCilahX9KwbqcF8/D0RnzQXvgzTUFTmRHNJsBZ root@anabaena' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGi22vcCilahX9KwbqcF8/D0RnzQXvgzTUFTmRHNJsBZ root@anabaena'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5xyeZBGQn4Iz5iV2DMBVll/6n/X0JuoPMDpc8D32ra root@ak-plan'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU1InXFKZX9emaT5QsY4Nr0tr8CzbyV8Js8RzZC9vGk root@b.mx' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU1InXFKZX9emaT5QsY4Nr0tr8CzbyV8Js8RzZC9vGk root@b.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPo7hI8oIS+/xufCUNTTgNoz592udJaU+79L0uADzKJY root@b.ns' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPo7hI8oIS+/xufCUNTTgNoz592udJaU+79L0uADzKJY root@b.ns'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtIXFS9OrKBvBl+fKtYN/lOOKpPuuc02H8HV+++LeBU root@backup' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtIXFS9OrKBvBl+fKtYN/lOOKpPuuc02H8HV+++LeBU root@backup'
@@ -272,6 +273,7 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvmOpsiL+eiJ3qZVDJiUCFVZge0OQJ1hpZgw7pJ8sq5 root@cl-irights' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvmOpsiL+eiJ3qZVDJiUCFVZge0OQJ1hpZgw7pJ8sq5 root@cl-irights'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjr0aBl2KQTJnlVK03DOs0u+IXSon4VewwAzzSBsmVW root@cl-lubax' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjr0aBl2KQTJnlVK03DOs0u+IXSon4VewwAzzSBsmVW root@cl-lubax'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhwPCxVHqABXzyXwVuqbH703RCU0N+SC/cx4TuoHhGU root@cl-nd' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhwPCxVHqABXzyXwVuqbH703RCU0N+SC/cx4TuoHhGU root@cl-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp6BXQ/v/Hf/IJnI0JIS96RC4NGDMFUbwyW8nH3Xq66 root@cl-ndm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7h6rR+q5bRh/qgzA7ZyiZcRr9vMbo7cxhQsoukWmUn root@cl-vbrg' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7h6rR+q5bRh/qgzA7ZyiZcRr9vMbo7cxhQsoukWmUn root@cl-vbrg'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcHQfSVG8DM1qHp2ce73ZBWXknZGZFur5s27V58T7ON root@cl-opp' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcHQfSVG8DM1qHp2ce73ZBWXknZGZFur5s27V58T7ON root@cl-opp'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClnyNS5RQsbXmgOX7NU7i154DElOlha3y0ybF6FwScT root@cl-test' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClnyNS5RQsbXmgOX7NU7i154DElOlha3y0ybF6FwScT root@cl-test'
@@ -319,7 +321,8 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGcgS05xGLPuECQ7E5zjzfSDxdFBO1mAjkSV2bktxld+ root@o23' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGcgS05xGLPuECQ7E5zjzfSDxdFBO1mAjkSV2bktxld+ root@o23'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEM1SI7Lwk0G8UycysL7ZPdXm1DRGgPnr01B0ewRGEKi root@o24' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEM1SI7Lwk0G8UycysL7ZPdXm1DRGgPnr01B0ewRGEKi root@o24'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJKfPInE9VjXVe+6DQ+4/H1nQJwXljYEK6gwfmTDgGy root@o26' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJKfPInE9VjXVe+6DQ+4/H1nQJwXljYEK6gwfmTDgGy root@o26'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIES9ftVcNMv6pW2HDM12fIbOOEvq1fcd74kbO4LHfhGH root@o28' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIES9ftVcNMv6pW2HDM12fIbOOEvq1fcd74kbO4LHfhGH root@o28-FM-BAK'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyLS+kyfMX0hlv0rMmGyG6huvuqZlEOOf007xuI6io0 root@o28'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtACieGFf34NDepB9GqJjVqji6bf6xrO1LevXgm3aN+ root@o29' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtACieGFf34NDepB9GqJjVqji6bf6xrO1LevXgm3aN+ root@o29'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE70FVVu2bsdH2qJITFVSDEPraiI4uSCuzEkYlbl6pRW root@o30' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE70FVVu2bsdH2qJITFVSDEPraiI4uSCuzEkYlbl6pRW root@o30'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0+aRoMxzmiQCAIMajNhbTZEumtZ9yCG2Nb4ucqK8lo root@o31' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0+aRoMxzmiQCAIMajNhbTZEumtZ9yCG2Nb4ucqK8lo root@o31'
@@ -339,6 +342,7 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUZ0WNd3rTqHH1tiXAELwssGw6xUP1ROdhgxKbMinYY root@oolm-web' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUZ0WNd3rTqHH1tiXAELwssGw6xUP1ROdhgxKbMinYY root@oolm-web'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJCzTmrRp0s0qpkf9HYyx4lL+zs1jTAYcCsvqpJ72p root@super-opferhilfefonds' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJCzTmrRp0s0qpkf9HYyx4lL+zs1jTAYcCsvqpJ72p root@super-opferhilfefonds'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID82UUUkYKYFbJdmTcMYu+vl3M0FVQznXFbngqPoumP+ root@prometheus-nd' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID82UUUkYKYFbJdmTcMYu+vl3M0FVQznXFbngqPoumP+ root@prometheus-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObY/MOgF4QVWROrQCaKCfBOfAwKVcja3q7Ngwo1MEDt root@psono-ndm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJU5HzfGYZwWeaoAGGFF7/3VQP19ce6Rgn5wcOR98Q3o root@server26' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJU5HzfGYZwWeaoAGGFF7/3VQP19ce6Rgn5wcOR98Q3o root@server26'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfCFz6mPdn3TKVCgffHQAKt3LN/0srS/gBsMoOyZpi root@shop-agr' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfCFz6mPdn3TKVCgffHQAKt3LN/0srS/gBsMoOyZpi root@shop-agr'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHbeMf/CvAYIU/4UW8Ql59FgPo/3vcZ3vI3QzK2kOadE root@srv-cityslang' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHbeMf/CvAYIU/4UW8Ql59FgPo/3vcZ3vI3QzK2kOadE root@srv-cityslang'
host_vars/cl-ndm.oopen.de.yml
+235
View File
@@ -0,0 +1,235 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
minute: '*/5'
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Optimize mysql tables"
minute: '53'
hour: '04'
job: /root/bin/mysql/optimize_mysql_tables.sh
- name: "Flush query cache for mysql tables"
minute: '27'
hour: '04'
job: /root/bin/mysql/flush_query_cache.sh
- name: "Flush Host cache"
minute: '17'
hour: '05'
job: /root/bin/mysql/flush_host_cache.sh
- name: "Run occ file:scan for each cloud account"
minute: '02'
hour: '23'
job: /root/bin/nextcloud/occ_maintenance.sh -s cloud.neuemedienmacher.de
- name: "Background job for nextcloud instance 'cloud.neuemedienmacher.de"
minute: '*/15'
hour: '*'
job: sudo -u "www-data" /usr/local/php/bin/php -f /var/www/cloud.neuemedienmacher.de/htdocs/cron.php
- name: "Check if certificates for coolwsd service are up to date"
minute: '17'
hour: '05'
job: /root/bin/nextcloud/check_cert_coolwsd.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
host_vars/file-km-neu.anw-km.netz.yml
+457 -297
View File
File diff suppressed because it is too large Load Diff
host_vars/file-km.anw-km.netz.yml
+362 -172
View File
@@ -273,10 +273,8 @@ samba_groups:
group_id: 1120 group_id: 1120
- name: wildvang - name: wildvang
group_id: 1130 group_id: 1130
#- name: aulmann - name: eibelshaeuser
# group_id: 1130 group_id: 1140
#- name: howe
# group_id: 1140
- name: stahmann - name: stahmann
group_id: 1150 group_id: 1150
- name: traine - name: traine
@@ -285,6 +283,8 @@ samba_groups:
group_id: 1170 group_id: 1170
- name: alle - name: alle
group_id: 1180 group_id: 1180
- name: install
group_id: 1190
@@ -293,108 +293,31 @@ samba_user:
- name: advoware - name: advoware
groups: groups:
- advoware - advoware
has_rdp: false
password: '9WNRbc49m3' password: '9WNRbc49m3'
- name: a-jur - name: a-jur
groups: groups:
- a-jur - a-jur
- alle - alle
- intern
- kanzlei - kanzlei
has_rdp: false
password: 'a-jur' password: 'a-jur'
- name: andrea
groups:
- advoware
- stahmann
- traine
- public
password: 'fXc3bmK9gj'
- name: andreas
groups:
- a-jur
- advoware
- alle
- kanzlei
password: 'YKQRa.M9-6rL'
- name: aphex2
groups:
- alle
- stahmann
- traine
- public
password: 'J3KMRprK9H'
- name: berenice
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'berenice'
- name: beuster
groups:
- advoware
- stahmann
- traine
- public
- alle
password: 'zlm17Kx'
- name: buero
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero'
- name: buero2
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero2'
- name: buero3
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero3'
- name: buero4
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero4'
- name: buero7
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero7'
- name: chris - name: chris
groups: groups:
- a-jur - a-jur
- advoware - advoware
- alle - alle
- intern - intern
- install
- kanzlei - kanzlei
- eibelshaeuser
- stahmann - stahmann
- traine - traine
- wildvang - wildvang
- public - public
has_rdp: true
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30383265366434633965346530666535363761396165393434643665393137353765653739636364 30383265366434633965346530666535363761396165393434643665393137353765653739636364
@@ -403,14 +326,201 @@ samba_user:
3837613337343533650a663061366230353531316535656433643162353063383534323833323138 3837613337343533650a663061366230353531316535656433643162353063383534323833323138
3430 3430
- name: christina - name: sysadm
groups:
- a-jur
- advoware
- alle
- intern
- install
- kanzlei
- eibelshaeuser
- stahmann
- traine
- wildvang
- public
has_rdp: false
password: 'Ax_GSHh5'
- name: winadm
groups:
- a-jur
- advoware
- alle
- intern
- install
- kanzlei
- eibelshaeuser
- stahmann
- traine
- wildvang
- public
has_rdp: false
password: 'Ax_GSHh5'
# ---
# Andreas Eibelhäuser
# ---
- name: andreas
groups:
- advoware
- alle
- eibelshaeuser
- public
has_rdp: true
password: 'YKQRa.M9-6rL'
- name: philipp
groups:
- advoware
- alle
- eibelshaeuser
- public
has_rdp: true
password: '20-phi.lip.26%'
- name: ref.eibelshaeuser
groups:
- advoware
- alle
- eibelshaeuser
- public
has_rdp: true
password: '20-ref-eibels.haeuser.26+'
# ---
# Berenice Böhlo
# ---
- name: berenice
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: true
password: 'berenice'
- name: annabel
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: true
password: '20+an-na.bel/26!'
- name: jens-uwe
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: false
password: '20_jens-uwe.thomas.26!'
- name: mariami
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: false
password: '20.ma-ri-ami/26!'
- name: nina
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: true
password: '20-ni.ha-ger%26%'
- name: zeina
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: true
password: '20/ze.ina-26+'
- name: rm-buero1
groups:
- advoware
- alle
- a-jur
- kanzlei
- public
has_rdp: false
password: '20+rm.buero-1/26!'
- name: rm-buero2
groups:
- advoware
- alle
- a-jur
- kanzlei
- public
has_rdp: false
password: '20_rmbuero.2-26%'
# ---
# Rolf Stahmann
# ---
- name: irina
groups: groups:
- advoware - advoware
- alle - alle
- stahmann - stahmann
- traine - traine
- public - public
password: 'qvR7zX4Lhs' has_rdp: false
password: 'W9NKv39pXW'
- name: rolf
groups:
- alle
- stahmann
- traine
- public
has_rdp: true
password: '4xNVNFXgP4'
- name: Tresen
groups:
- a-jur
- advoware
- alle
- kanzlei
- stahmann
- traine
- public
has_rdp: false
password: 'maltzwo2'
# ---
# Federico Traine
# ---
- name: andrea
groups:
- advoware
- alle
- stahmann
- traine
- public
has_rdp: true
password: 'fXc3bmK9gj'
- name: federico - name: federico
groups: groups:
@@ -419,8 +529,147 @@ samba_user:
- stahmann - stahmann
- traine - traine
- public - public
has_rdp: true
password: 'zHfj9g3NcC' password: 'zHfj9g3NcC'
- name: thomas
groups:
- advoware
- alle
- traine
- public
has_rdp: true
password: '55-tho-mas-550'
- name: leonora
groups:
- advoware
- alle
- traine
- public
has_rdp: true
password: '20/le-o-nora.26!'
- name: kristin
groups:
- advoware
- alle
- traine
- public
has_rdp: true
password: '20.kris_tin-26/'
- name: jule
groups:
- advoware
- alle
- traine
- public
has_rdp: true
password: '20_ju-le%26!'
- name: luanda
groups:
- advoware
- alle
- traine
- public
has_rdp: false
password: '20-lu.anda+26!'
# ---
# Wiebke Wildvang
# ---
- name: wiebke
groups:
- alle
- wildvang
- public
has_rdp: true
password: 'uJ5gF/m53p.P'
- name: aphex2
groups:
- alle
- stahmann
- traine
- public
has_rdp: false
password: 'J3KMRprK9H'
- name: beuster
groups:
- advoware
- stahmann
- traine
- public
- alle
has_rdp: false
password: 'zlm17Kx'
- name: buero
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: false
password: 'buero'
- name: buero2
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: false
password: 'buero2'
- name: buero3
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: false
password: 'buero3'
- name: buero4
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: false
password: 'buero4'
- name: buero7
groups:
- advoware
- kanzlei
- a-jur
- alle
- public
has_rdp: false
password: 'buero7'
- name: christina
groups:
- advoware
- alle
- stahmann
- traine
- public
has_rdp: false
password: 'qvR7zX4Lhs'
# - name: gerhard # - name: gerhard
# groups: # groups:
# - advoware # - advoware
@@ -436,6 +685,8 @@ samba_user:
groups: groups:
- alle - alle
- stahmann - stahmann
- public
has_rdp: false
password: '44-Ro-440' password: '44-Ro-440'
# - name: howe-staff-1 # - name: howe-staff-1
@@ -446,15 +697,6 @@ samba_user:
# - howe # - howe
# password: '' # password: ''
- name: irina
groups:
- advoware
- alle
- stahmann
- traine
- public
password: 'W9NKv39pXW'
- name: jessica - name: jessica
groups: groups:
- advoware - advoware
@@ -462,6 +704,7 @@ samba_user:
- stahmann - stahmann
- traine - traine
- public - public
has_rdp: false
password: 'bV3pjPtjkR' password: 'bV3pjPtjkR'
# - name: laura # - name: laura
@@ -480,6 +723,7 @@ samba_user:
- stahmann - stahmann
- traine - traine
- public - public
has_rdp: false
password: 'fndvLmrt7W' password: 'fndvLmrt7W'
- name: lenovo4 - name: lenovo4
@@ -489,6 +733,7 @@ samba_user:
- stahmann - stahmann
- traine - traine
- public - public
has_rdp: false
password: 'tpCMmTKj7H' password: 'tpCMmTKj7H'
- name: lenovo5 - name: lenovo5
@@ -498,6 +743,7 @@ samba_user:
- stahmann - stahmann
- traine - traine
- public - public
has_rdp: false
password: 'L5Hannover51' password: 'L5Hannover51'
- name: lenovo6 - name: lenovo6
@@ -506,81 +752,10 @@ samba_user:
- alle - alle
- stahmann - stahmann
- traine - traine
- public
has_rdp: false
password: '66koeln66' password: '66koeln66'
- name: rm-buero1
groups:
- advoware
- alle
- a-jur
- kanzlei
password: ''
- name: rm-buero2
groups:
- advoware
- alle
- a-jur
- kanzlei
password: ''
- name: rolf
groups:
- alle
- stahmann
- traine
- public
password: '4xNVNFXgP4'
- name: sysadm
groups:
- a-jur
- advoware
- alle
- intern
- kanzlei
- stahmann
- traine
- wildvang
- public
password: 'Ax_GSHh5'
- name: thomas
groups:
- advoware
- alle
- traine
password: '55-tho-mas-550'
- name: Tresen
groups:
- a-jur
- advoware
- alle
- kanzlei
- stahmann
- traine
- public
password: 'maltzwo2'
- name: wiebke
groups:
- alle
- wildvang
- public
password: 'uJ5gF/m53p.P'
- name: winadm
groups:
- a-jur
- advoware
- alle
- intern
- kanzlei
- public
password: 'Ax_GSHh5'
base_home: /data/home base_home: /data/home
@@ -624,13 +799,25 @@ samba_shares:
- name: install - name: install
comment: Install auf Fileserver comment: Install auf Fileserver
path: /data/samba/no-backup-shares/install path: /data/samba/no-backup-shares/install
group_valid_users: intern group_valid_users: install
group_write_list: intern group_write_list: install
file_create_mask: !!str 660 file_create_mask: !!str 660
dir_create_mask: !!str 2770 dir_create_mask: !!str 2770
vfs_object_virusfilter: true vfs_object_virusfilter: true
vfs_object_recycle: false vfs_object_recycle: false
- name: eibelshaeuser
comment: Eibelshaeuser auf Fileserver
path: /data/samba/eibelshaeuser
group_valid_users: eibelshaeuser
group_write_list: eibelshaeuser
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: wildvang - name: wildvang
comment: Wildvang auf Fileserver comment: Wildvang auf Fileserver
path: /data/samba/Wildvang path: /data/samba/Wildvang
@@ -650,6 +837,7 @@ samba_shares:
# group_write_list: aulmann # group_write_list: aulmann
# file_create_mask: !!str 660 # file_create_mask: !!str 660
# dir_create_mask: !!str 2770 # dir_create_mask: !!str 2770
# vfs_object_virusfilter: true
# vfs_object_recycle: true # vfs_object_recycle: true
# recycle_path: '@Recycle' # recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true # vfs_object_recycle_is_visible: true
@@ -661,6 +849,7 @@ samba_shares:
# group_write_list: howe # group_write_list: howe
# file_create_mask: !!str 660 # file_create_mask: !!str 660
# dir_create_mask: !!str 2770 # dir_create_mask: !!str 2770
# vfs_object_virusfilter: true
# vfs_object_recycle: true # vfs_object_recycle: true
# recycle_path: '@Recycle' # recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true # vfs_object_recycle_is_visible: true
@@ -744,6 +933,7 @@ samba_shares:
# group_write_list: web # group_write_list: web
# file_create_mask: !!str 660 # file_create_mask: !!str 660
# dir_create_mask: !!str 2770 # dir_create_mask: !!str 2770
# vfs_object_virusfilter: true
# vfs_object_recycle: true # vfs_object_recycle: true
# recycle_path: '@Recycle' # recycle_path: '@Recycle'
host_vars/gw-mbr.oopen.de.yml
+19 -3
View File
@@ -21,13 +21,21 @@ network_interface_required_packages:
network_interfaces: network_interfaces:
# - device: enp0s20f0
# headline: enp0s20f0 - Uplink DSL via Fritz!Box
# auto: true
# family: inet
# method: static
# address: 172.16.112.1/24
# gateway: 172.16.112.254
- device: enp0s20f0 - device: enp0s20f0
headline: enp0s20f0 - Uplink DSL via Fritz!Box headline: enp0s20f0 - Uplink
auto: true auto: true
family: inet family: inet
method: static method: static
address: 172.16.112.1/24 address: 217.6.72.202/30
gateway: 172.16.112.254 gateway: 217.6.72.201
- device: enp0s20f1 - device: enp0s20f1
@@ -53,6 +61,14 @@ network_interfaces:
method: static method: static
address: 192.168.113.254/24 address: 192.168.113.254/24
- device: enp0s20f1:ipmi
headline: enp0s20f1:ipmi - Alias on enp0s20f1 (IPMI)
auto: false
family: inet
method: static
address: 172.16.112.254/24
# --- # ---
# vars used by roles/ansible_dependencies # vars used by roles/ansible_dependencies
# --- # ---
host_vars/o28.oopen.de.yml
+49 -197
View File
@@ -22,150 +22,21 @@ network_interface_required_packages:
network_interfaces: network_interfaces:
# Many device configurations are possible (as many as needed) - device: br0
#
- device: enp41s0
# use only once per device (for the first device entry) # use only once per device (for the first device entry)
headline: enp41s0 - primary device headline: br0 - bridge over device eno1
# auto & allow are only used for the first entry of that devicei-name) # auto & allow are only used for the first device entry
#
allow: [] # array of allow-[stanzas] eg. allow-hotplug allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true auto: true
family: inet family: inet
# The statisc Mode
# Options
# address <dotted quad address[/netmask]>
# gateway <dotted quad address>
# pointopoint <Address of other end point (dotted quad). Note the spelling of "point-to">
# hwaddress <mac-address>
# mtu <size>
# scope <Address validity scope. Possible values: global, link, host>
#
# The manual Method
# Options
# hwaddress <mac-address>
# mtu <size>
#
# The dhcp Method
# Options
# hwaddress <mac-address>
# hostname <Hostname to be requested (pump, dhcpcd, udhcpc)>
# metric <metric>
# leasehours <Preferred lease time in hours (pump)>
# leasetime <Preferred lease time in seconds (dhcpcd)>
# vendor <Vendor class identifier (dhcpcd)>
# client <Client identifier (dhcpcd), or "no" (dhclient)>
#
# The bootp Method
# Options
# bootfile: <file: Tell the server to use 'file' as the bootfile.>
# server: <address: Use the IP address 'address' to communicate with the server.>
# hwaddr <mac-address: Use addr as the hardware address instead of whatever it really is.>
#
method: static method: static
hwaddress: 08:bf:b8:a4:09:e0
hwaddress:
description: description:
address: 65.108.238.45 address: 88.198.56.204
# dotted quad or number of bits netmask: 27
# gateway: 88.198.56.193
# the entry will be: address/netmask
netmask: 26
gateway: 65.108.238.1
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 185.12.64.1
# - a01:4ff:ff00::add:2
#search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# mode:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
#
# example:
#
# up:
# - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0"
#
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 65.108.238.0 netmask 255.255.255.192 gw 65.108.238.1 dev enp41s0"
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: enp41s0
# use only once per device (for the first device entry)
headline:
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto:
family: inet6
method: static
address: 2a01:4f9:1a:b226::2
netmask: 64
gateway: fe80::1
metric: metric:
pointopoint: pointopoint:
mtu: mtu:
@@ -192,14 +63,11 @@ network_interfaces:
# - 91.239.100.100 # anycast.censurfridns.dk # - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de # search: warenform.de
# #
# ** MOVED TO systemd-resolved
#
nameservers: nameservers:
search: search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {} # optional bridge parameters bridge: {}
# bridge: # bridge:
# ports: # ports:
@@ -207,15 +75,24 @@ network_interfaces:
# fd: # fd:
# maxwait: # maxwait:
# waitport: # waitport:
bridge: {} bridge:
ports: eno1 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# optional bonding parameters bond: {} # optional bonding parameters bond: {}
# bond: # bond:
# mode: # master
# primary
# slave
# method:
# miimon: # miimon:
# lacp-rate:
# ad-select-rate:
# master: # master:
# slaves: # slaves:
# lacp-rate:
bond: {} bond: {}
# optional vlan settings | vlan: {} # optional vlan settings | vlan: {}
@@ -224,13 +101,24 @@ network_interfaces:
vlan: {} vlan: {}
# inline hook scripts # inline hook scripts
pre-up: []# pre-up script lines pre-up: [] # pre-up script lines
up: [] # up script lines up:
- !!str "route add -net 88.198.56.192 netmask 255.255.255.224 gw 88.198.56.193 dev br0" # up script lines
post-up: [] # post-up script lines (alias for up) post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down) pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines down: [] # down script lines
post-down: [] # post-down script lines post-down: [] # post-down script lines
- device: br0
family: inet6
method: static
address: '2a01:4f8:222:2c2::2'
netmask: 64
gateway: 'fe80::1'
# --- # ---
# vars used by roles/ansible_dependencies # vars used by roles/ansible_dependencies
# --- # ---
@@ -255,8 +143,6 @@ network_interfaces:
# vars used by roles/common/tasks/apt.yml # vars used by roles/common/tasks/apt.yml
# --- # ---
#apt_manage_sources_list: false
# --- # ---
# vars used by roles/common/tasks/systemd-resolved.yml # vars used by roles/common/tasks/systemd-resolved.yml
@@ -274,8 +160,8 @@ systemd_resolved: true
# IPv6: 2606:4700:4700::1111 # IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse # sekundäre DNS-Adresse
# IPv4: 1.0.0.1 # IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001 # IPv6: 2606:4700:4700::1001
# #
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse # primäre DNS-Adresse
# IPv4: 8.8.8.8 # IPv4: 8.8.8.8
@@ -286,20 +172,20 @@ systemd_resolved: true
# #
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse # primäre DNS-Adresse
# IPv4: 9.9.9.9 # IPv4: 9.9.9.9
# IPv6: 2620:fe::fe # IPv6: 2620:fe::fe
# sekundäre DNS-Adresse # sekundäre DNS-Adresse
# IPv4: 149.112.112.112 # IPv4: 149.112.112.112
# IPv6: 2620:fe::9 # IPv6: 2620:fe::9
# #
# OpenNIC - https://www.opennic.org/ # OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de # IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de # IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de # IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de # IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de # IPv6: 2a00:f826:8:2::195 - ns31.de
# #
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) # Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255 # IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000:: # IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net # Servername für DNS-over-TLS: dot.ffmuc.net
@@ -308,14 +194,14 @@ systemd_resolved: true
# Servername für DNS-over-TLS: dot.ffmuc.net # Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) # für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver: resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 185.12.64.2 - 185.12.64.2
- 2a01:4ff:ff00::add:1 - 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains # search domains
# #
# If there are more than one search domains, then specify them here in the order in which # If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them # the resolver should also search them
# #
#resolved_domains: [] #resolved_domains: []
@@ -337,7 +223,7 @@ resolved_fallback_nameserver:
cron_env_entries: cron_env_entries:
- name: PATH - name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL - name: SHELL
job: /bin/bash job: /bin/bash
@@ -351,9 +237,9 @@ cron_user_special_time_entries:
job: "sleep 5 ; /bin/systemctl restart systemd-resolved" job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed." - name: "Check if Check if all autostart LX-Container are running."
special_time: reboot special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh"
insertafter: PATH insertafter: PATH
@@ -379,28 +265,6 @@ cron_user_entries:
hour: '*' hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1 job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1
- name: "Backup internet hosts and then print out hdd-usage for all backuped hosts"
minute: '06'
hour: '00'
weekday: '1-6'
job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N
- name: "On sunday morning also determin diskspace usage"
minute: '06'
hour: '00'
weekday: 7
job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N ; /root/bin/admin-stuff/disk-space_usage.sh -q -o /root/disk-space_usage /backup
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
- name: "Check hard disc usage." - name: "Check hard disc usage."
minute: '43' minute: '43'
hour: '6' hour: '6'
@@ -411,18 +275,6 @@ cron_user_entries:
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
create_sftp_group: true
extra_system_user:
- name: www-data
home: /var/www
groups: sftp_users
sudo_users:
- chris
- sysadm
- localadmin
# --- # ---
# vars used by roles/common/tasks/users-systemfiles.yml # vars used by roles/common/tasks/users-systemfiles.yml
host_vars/psono-ndm.oopen.de.yml
+235
View File
@@ -0,0 +1,235 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
#cron_user_special_time_entries:
#
# - name: "Restart DNS Cache service 'systemd-resolved'"
# special_time: reboot
# job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
# insertafter: PATH
#
#
#cron_user_entries:
#
# - name: "Check if webservices sre running. Restart if necessary"
# minute: '*/5'
# hour: '*'
# job: /root/bin/monitoring/check_webservice_load.sh
#
# - name: "Check if SSH service is running. Restart service if needed."
# minute: '*/5'
# hour: '*'
# job: /root/bin/monitoring/check_ssh.sh
#
# - name: "Check if Postfix Mailservice is up and running?"
# minute: '*/15'
# hour: '*'
# job: /root/bin/monitoring/check_postfix.sh
#
# - name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
# minute: '*/5'
# hour: '*'
# job: /root/bin/postfix/check-postfix-fatal-errors.sh
#
# - name: "Optimize mysql tables"
# minute: '53'
# hour: '04'
# job: /root/bin/mysql/optimize_mysql_tables.sh
#
# - name: "Flush query cache for mysql tables"
# minute: '27'
# hour: '04'
# job: /root/bin/mysql/flush_query_cache.sh
#
# - name: "Flush Host cache"
# minute: '17'
# hour: '05'
# job: /root/bin/mysql/flush_host_cache.sh
#
# - name: "Run occ file:scan for each cloud account"
# minute: '02'
# hour: '23'
# job: /root/bin/nextcloud/occ_maintenance.sh -s cloud.neuemedienmacher.de
#
# - name: "Background job for nextcloud instance 'cloud.neuemedienmacher.de"
# minute: '*/15'
# hour: '*'
# job: sudo -u "www-data" /usr/local/php/bin/php -f /var/www/cloud.neuemedienmacher.de/htdocs/cron.php
#
# - name: "Check if certificates for coolwsd service are up to date"
# minute: '17'
# hour: '05'
# job: /root/bin/nextcloud/check_cert_coolwsd.sh
#
# - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
# minute: '23'
# hour: '05'
# job: /var/lib/dehydrated/cron/dehydrated_cron.sh
#
# - name: "Check whether all certificates are included in the VHOST configurations"
# minute: '33'
# hour: '05'
# job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
host_vars/zapata.opp.netz.yml
+6
View File
@@ -297,6 +297,12 @@ samba_user:
- buero - buero
password: '20-printer-18' password: '20-printer-18'
- name: farina
groups:
- buero
- beratung
password: 'ADB_far!na_26'
- name: hanna - name: hanna
groups: groups:
- buero - buero
hosts
+61 -25
View File
@@ -32,6 +32,7 @@ o13-staging-board.oopen.de
o25.oopen.de o25.oopen.de
o41.oopen.de o41.oopen.de
dc-opp.oopen.de dc-opp.oopen.de
ak-plan.oopen.de
discourse.oopen.de discourse.oopen.de
test-nd.oopen.de test-nd.oopen.de
formbricks-nd.oopen.de formbricks-nd.oopen.de
@@ -203,16 +204,20 @@ mm-irights.oopen.de
# IL - PAD # IL - PAD
o25.oopen.de o25.oopen.de
# Hetzner Cloud CX31 - AK
# Backup Faire Mobilitaet
o26.oopen.de
# - o27.oopen.de # - o27.oopen.de
o27.oopen.de o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # - o28 NDM - neue deutsche Medienmacher*innen
# Backup Faire Mobilitaet
o28.oopen.de o28.oopen.de
o26.oopen.de cl-ndm.oopen.de
psono-ndm.oopen.de
# - o29.oopen.de Dissens Host System # - o29.oopen.de Dissens Host System
o29.oopen.de o29.oopen.de
@@ -222,6 +227,7 @@ cl-dissens.oopen.de
o30.oopen.de o30.oopen.de
meet.akweb.de meet.akweb.de
cloud.akweb.de cloud.akweb.de
ak-plan.oopen.de
# o31.oopen.de - Cadus e.V. # o31.oopen.de - Cadus e.V.
o31.oopen.de o31.oopen.de
@@ -420,16 +426,20 @@ cl-irights-neu.oopen.de
# IL - PAD # IL - PAD
o25.oopen.de o25.oopen.de
# Hetzner Cloud CX31 - AK
# Backup Faire Mobilitaet
o26.oopen.de
# - o27.oopen.de # - o27.oopen.de
o27.oopen.de o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # - o28 NDM - neue deutsche Medienmacher*innen
# Backup Faire Mobilitaet
o28.oopen.de o28.oopen.de
o26.oopen.de cl-ndm.oopen.de
psono-ndm.oopen.de
# - o29.oopen.de # - o29.oopen.de
o29.oopen.de o29.oopen.de
@@ -439,6 +449,7 @@ cl-dissens.oopen.de
o30.oopen.de o30.oopen.de
meet.akweb.de meet.akweb.de
cloud.akweb.de cloud.akweb.de
ak-plan.oopen.de
# o31.oopen.de - Cadus e.V. # o31.oopen.de - Cadus e.V.
o31.oopen.de o31.oopen.de
@@ -734,13 +745,16 @@ cl-test.oopen.de
cl-irights.oopen.de cl-irights.oopen.de
cl-irights-neu.oopen.de cl-irights-neu.oopen.de
# Backup Faire Mobilitaet
o26.oopen.de
# o27.oopen.de # o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Backup Faire Mobilitaet # - o28 neue deutsche Medienmacher*innen - NDM Host System
o28.oopen.de cl-ndm.oopen.de
o26.oopen.de psono-ndm.oopen.de
# o29.oopen.de # o29.oopen.de
cl-dissens.oopen.de cl-dissens.oopen.de
@@ -911,6 +925,10 @@ mm-irights.oopen.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
# o28 NDM - neue deutsche Medienmacher*innen
cl-ndm.oopen.de
psono-ndm.oopen.de
# o29.oopen.de . Dissens # o29.oopen.de . Dissens
cl-dissens.oopen.de cl-dissens.oopen.de
@@ -1045,6 +1063,10 @@ mm-irights.oopen.de
# o27.oopen.de # o27.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# o28.oopen.de
cl-ndm.oopen.de
psono-ndm.oopen.de
# o35.oopen.de # o35.oopen.de
e.mx.oopen.de e.mx.oopen.de
d.mx.oopen.de d.mx.oopen.de
@@ -1141,12 +1163,15 @@ mm-irights.oopen.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
# Backup Faire Mobilitaet
o26.oopen.de
# o27.oopen.de # o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
# Backup Faire Mobilitaet # - o28 neue deutsche Medienmacher*innen - NDM Host System
o28.oopen.de cl-ndm.oopen.de
o26.oopen.de psono-ndm.oopen.de
# o29.oopen.de - Dissens # o29.oopen.de - Dissens
cl-dissens.oopen.de cl-dissens.oopen.de
@@ -1256,14 +1281,15 @@ cl-test.oopen.de
cl-irights.oopen.de cl-irights.oopen.de
cl-irights-neu.oopen.de cl-irights-neu.oopen.de
# o26.oopen.de
o26.oopen.de
# o27.oopen.de # o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
# o28.oopen.de # - o28 neue deutsche Medienmacher*innen - NDM Host System
o28.oopen.de cl-ndm.oopen.de
psono-ndm.oopen.de
# o26.oopen.de
o26.oopen.de
# o29.oopen.de - Dissens # o29.oopen.de - Dissens
cl-dissens.oopen.de cl-dissens.oopen.de
@@ -1394,7 +1420,6 @@ backup.oopen.de
devel-root.wf.netz devel-root.wf.netz
# Backup Faire Mobilitaet # Backup Faire Mobilitaet
o28.oopen.de
o26.oopen.de o26.oopen.de
# --- # ---
@@ -1411,7 +1436,7 @@ o17.oopen.de
# --- # ---
# Warenform # Warenform
# --- # ---
#anita.wf.netz anita.wf.netz
# --- # ---
# Büro Netzwerke # Büro Netzwerke
@@ -1527,6 +1552,7 @@ o22.oopen.de
o23.oopen.de o23.oopen.de
o24.oopen.de o24.oopen.de
o27.oopen.de o27.oopen.de
o28.oopen.de
o29.oopen.de o29.oopen.de
o30.oopen.de o30.oopen.de
o31.oopen.de o31.oopen.de
@@ -1656,12 +1682,17 @@ mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # Hetzner Cloud CX31 - AK
# o28.oopen.de NDM - neue deutsche Medienmacher*innen
cl-ndm.oopen.de
psono-ndm.oopen.de
# o29.oopen.de - Dissens # o29.oopen.de - Dissens
cl-dissens.oopen.de cl-dissens.oopen.de
# o30.oopen.de - AK Server Nextcloud/Jitsi Meet # o30.oopen.de - AK Server Nextcloud/Jitsi Meet
meet.akweb.de meet.akweb.de
cloud.akweb.de cloud.akweb.de
ak-plan.oopen.de
# BigBlueButton - O.OPEN # BigBlueButton - O.OPEN
@@ -1866,16 +1897,20 @@ mm-irights.oopen.de
# IL - PAD # IL - PAD
o25.oopen.de o25.oopen.de
# Hetzner Cloud CX31 - AK
# Backup Faire Mobilitaet
o26.oopen.de
# - o27.oopen.de # - o27.oopen.de
o27.oopen.de o27.oopen.de
cl-fm.oopen.de cl-fm.oopen.de
mail.faire-mobilitaet.de mail.faire-mobilitaet.de
# Hetzner Cloud CX31 - AK # o28.oopen.de NDM - neue deutsche Medienmacher*innen
# Backup Faire Mobilitaet
o28.oopen.de o28.oopen.de
o26.oopen.de cl-ndm.oopen.de
psono-ndm.oopen.de
# o29.oopen.de # o29.oopen.de
o29.oopen.de o29.oopen.de
@@ -1885,6 +1920,7 @@ cl-dissens.oopen.de
o30.oopen.de o30.oopen.de
meet.akweb.de meet.akweb.de
cloud.akweb.de cloud.akweb.de
ak-plan.oopen.de
# - o31.oopen.de # - o31.oopen.de
o31.oopen.de o31.oopen.de