update..

host_vars/172.16.63.32.yml

@@ -0,0 +1,115 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+copy_additional_plain_files_sysctl:
+
+  - name: enable-ipv6
+    src_path: etc/sysctl.d/30-enable-ipv6.conf
+    dest_path: /etc/sysctl.d/30-enable-ipv6.conf
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: sysadm
+
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+sudo_users:
+  - chris
+  - sysadm
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+apt_install_bind9_packages: true
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+git_firewall_repository:
+  name: ipt-gateway
+  repo: https://git.oopen.de/firewall/ipt-gateway
+  dest: /usr/local/src/ipt-gateway
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

host_vars/gw-123.oopen.de.yml

@@ -15,6 +15,13 @@
 # ---
 
 
+copy_additional_plain_files_sysctl:
+
+  - name: enable-ipv6
+    src_path: etc/sysctl.d/30-enable-ipv6.conf
+    dest_path: /etc/sysctl.d/30-enable-ipv6.conf
+
+
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
@@ -87,6 +94,24 @@ sudo_users:
 
 apt_install_bind9_packages: true
 
+bind9_gateway_listen_on_v6:
+  - none
+
+bind9_gateway_listen_on:
+  - 127.0.0.1
+  - 192.168.142.1
+  - 192.168.142.254
+  - 172.16.142.1
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+git_firewall_repository:
+  name: ipt-gateway
+  repo: https://git.oopen.de/firewall/ipt-gateway
+  dest: /usr/local/src/ipt-gateway
+
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
@@ -105,5 +130,5 @@ git_firewall_repository:
 
 root_user:
   name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+  password: $y$j9T$IVBTpn.OrI6YiQ9q3fA8b1$Y1bmID5yXJbKfoLFt1VmQs6LezeTj5/1M9ppZBD2Pn4
 

host_vars/o22.oopen.de.yml

@@ -129,12 +129,19 @@ network_interfaces:
 # vars used by roles/common/tasks/basic.yml
 # ---
 
+copy_additional_plain_files_sysctl:
+
+  - name: elasticsearch
+    src_path: etc/sysctl.d/60-elasticsearch.conf
+    dest_path: /etc/sysctl.d/60-elasticsearch.conf
+
 
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 
 
+
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
@@ -153,13 +160,6 @@ default_user:
       - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
       - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 
-  - name: c3po
-    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
-
   - name: sysadm
     user_id: 1050
     group_id: 1050
@@ -193,7 +193,6 @@ default_user:
 
 sudo_users:
   - chris
-  - o13-pad
   - sysadm
   - localadmin
 

host_vars/o27.oopen.de.yml

@@ -4,6 +4,7 @@
 # vars used by roles/network_interfaces
 # ---
 
+
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True
 
@@ -16,15 +17,14 @@ network_interface_required_packages:
   - bridge-utils
   - ifmetric
   - ifupdown
-  - ifenslave
   - resolvconf
 
 
 network_interfaces:
 
-  - device: eth0
+  - device: br0
     # use only once per device (for the first device entry)
-    headline: eth0 - primary network interface
+    headline: br0 - bridge over device enp195s0
 
     # auto & allow are only used for the first device entry
     allow: [] # array of allow-[stanzas] eg. allow-hotplug
@@ -32,11 +32,11 @@ network_interfaces:
 
     family: inet
     method: static
-    hwaddress:
+    hwaddress: f0:2f:74:97:4a:c4
     description:
-    address: 94.16.115.62
+    address: 142.132.147.171
-    netmask: 22
+    netmask: 26
-    gateway: 94.16.112.1
+    gateway: 142.132.147.129
     metric:
     pointopoint:
     mtu:
@@ -64,9 +64,10 @@ network_interfaces:
     #    search: warenform.de
     #
     nameservers:
-      - 46.38.225.230
+      - 185.12.64.1
-      - 46.38.252.230
+      - 2a01:4ff:ff00::add:2
-      - 2a03:4000:8000::fce6
+      - 185.12.64.2
+      - 2a01:4ff:ff00::add:1
     search:
 
     # optional additional subnets/ips subnets: []
@@ -81,7 +82,12 @@ network_interfaces:
     #   fd:
     #   maxwait:
     #   waitport:
-    bridge: {}
+    bridge:
+      ports: enp195s0 # for mor devices support a blank separated list
+      stp: !!str off
+      fd: 5
+      hello: 2
+      maxage: 12
 
     #  optional bonding parameters bond: {}
     #  bond:
@@ -103,7 +109,7 @@ network_interfaces:
 
     # inline hook scripts
     pre-up: [] # pre-up script lines
-    up:  [] # up script lines
+    up: [] # up script lines
     post-up: [] # post-up script lines (alias for up)
     pre-down: [] # pre-down script lines (alias for down)
     down: [] # down script lines
@@ -111,130 +117,9 @@ network_interfaces:
 
 
 
-  - device: eth0
+  - device: br0
     family: inet6
     method: static
-    address: 2a03:4000:28:7d8:c89f:aaff:fe8e:fb89
+    address: 2a01:4f8:261:1994::2
     netmask: 64
     gateway: fe80::1
-
-
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-
-sudo_users:
-  - chris
-  - sysadm
-  - localadmin
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-server
-  repo: https://git.oopen.de/firewall/ipt-server
-  dest: /usr/local/src/ipt-server
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
-

host_vars/o28.oopen.de.yml

@@ -4,6 +4,7 @@
 # vars used by roles/network_interfaces
 # ---
 
+
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True
 
@@ -22,21 +23,59 @@ network_interface_required_packages:
 
 network_interfaces:
 
-  - device: br0
+  # Many device configurations are possible (as many as needed)
+  #
+  - device: enp41s0
     # use only once per device (for the first device entry)
-    headline: br0 - bridge over device enp35s0
+    headline: enp41s0 - primary device
 
-    # auto & allow are only used for the first device entry
+    # auto & allow are only used for the first entry of that devicei-name)
+    #
     allow: [] # array of allow-[stanzas] eg. allow-hotplug
     auto: true
 
     family: inet
+    
+    # The statisc Mode
+    #    Options
+    #       address        <dotted quad address[/netmask]>
+    #       gateway        <dotted quad address>
+    #       pointopoint    <Address of other end point (dotted quad). Note the spelling of "point-to">
+    #       hwaddress      <mac-address>
+    #       mtu            <size>
+    #       scope          <Address validity scope. Possible values: global, link, host>
+    #
+    # The manual Method
+    #    Options
+    #       hwaddress      <mac-address>
+    #       mtu            <size>
+    #
+    # The dhcp Method
+    #    Options
+    #       hwaddress      <mac-address>
+    #       hostname       <Hostname to be requested (pump, dhcpcd, udhcpc)>
+    #       metric         <metric>
+    #       leasehours     <Preferred lease time in hours (pump)>
+    #       leasetime      <Preferred lease time in seconds (dhcpcd)>
+    #       vendor         <Vendor class identifier (dhcpcd)>
+    #       client         <Client identifier (dhcpcd), or "no" (dhclient)>
+    #    
+    # The bootp Method  
+    #    Options
+    #       bootfile:      <file: Tell the server to use 'file' as the bootfile.>
+    #       server:        <address: Use the IP address 'address' to communicate with the server.>
+    #       hwaddr         <mac-address: Use addr as the hardware address instead of whatever it really is.>
+    #    
     method: static
-    hwaddress: a8:a1:59:0e:9f:2c
+    
+    hwaddress: 
     description:
-    address: 95.217.109.232
+    address: 65.108.238.45
+    # dotted quad or number of bits
+    #
+    # the entry will be: address/netmask
     netmask: 26
-    gateway: 95.217.109.193
+    gateway: 65.108.238.1
     metric: 
     pointopoint: 
     mtu: 
@@ -64,8 +103,8 @@ network_interfaces:
     #    search: warenform.de
     #
     nameservers:
-      - 195.201.179.131
+      - 185.12.64.1
-      - 95.217.204.204
+      - a01:4ff:ff00::add:2
     search:
 
     # optional additional subnets/ips subnets: []
@@ -80,19 +119,14 @@ network_interfaces:
     #   fd:
     #   maxwait:
     #   waitport:
-    bridge:
+    bridge: {}
-      ports: enp35s0 # for mor devices support a blank separated list
-      stp: !!str off
-      fd: 1
-      hello: 2
-      maxage: 12
 
     #  optional bonding parameters bond: {}
     #  bond:
     #    master
     #    primary
     #    slave
-    #    method:
+    #    mode:
     #    miimon:
     #    lacp-rate:
     #    ad-select-rate:
@@ -106,22 +140,97 @@ network_interfaces:
     vlan: {}
 
     # inline hook scripts
+    #
+    # example:
+    #
+    # up:
+    #   - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0"
+    #
     pre-up: [] # pre-up script lines
     up:
-      - !!str "route add -net 95.217.109.192 netmask 255.255.255.192 gw 95.217.109.193 dev br0" # up script lines
+      - !!str "route add -net 65.108.238.0 netmask 255.255.255.192 gw 65.108.238.1 dev enp41s0"
     post-up: [] # post-up script lines (alias for up)
     pre-down: [] # pre-down script lines (alias for down)
     down: [] # down script lines
     post-down: [] # post-down script lines
 
+  - device: enp41s0
+    # use only once per device (for the first device entry)
+    headline:
 
+    # auto & allow are only used for the first device entry
+    allow: [] # array of allow-[stanzas] eg. allow-hotplug
+    auto: 
 
-  - device: br0
     family: inet6
     method: static
-    address: 2a01:4f9:4a:2b57::2
+    address: 2a01:4f9:1a:b226::2
     netmask: 64
     gateway: fe80::1
+    metric:
+    pointopoint:
+    mtu:
+    scope:
+
+    # additional user by dhcp method
+    #
+    hostname:
+    leasehours:
+    leasetime:
+    vendor:
+    client:
+
+    # additional used by bootp method
+    #
+    bootfile:
+    server:
+    hwaddr:
+
+    # optional dns settings nameservers: []
+    #
+    #    nameservers:
+    #      - 194.150.168.168  # dns.as250.net
+    #      - 91.239.100.100   # anycast.censurfridns.dk
+    #    search: warenform.de
+    #
+    nameservers:
+    search:
+
+    # optional additional subnets/ips subnets: []
+    # subnets: 
+    #   - '192.168.123.0/24'
+    #   - '192.168.124.11/32'
+
+    # optional bridge parameters bridge: {}
+    # bridge:
+    #   ports:
+    #   stp:
+    #   fd:
+    #   maxwait:
+    #   waitport:
+    bridge: {}
+
+    #  optional bonding parameters bond: {}
+    #  bond:
+    #    mode:
+    #    miimon:
+    #    master:
+    #    slaves:
+    #    lacp-rate:
+    bond: {}
+
+    # optional vlan settings | vlan: {}
+    # vlan: {}
+    #   raw-device: 'eth0'
+    vlan: {}
+
+    # inline hook scripts
+    pre-up: []# pre-up script lines
+    up: [] # up script lines
+    post-up: [] # post-up script lines (alias for up)
+    pre-down: [] # pre-down script lines (alias for down)
+    down: [] # down script lines
+    post-down: [] # post-down script lines
 
 # ---
 # vars used by roles/ansible_dependencies
@@ -147,11 +256,16 @@ network_interfaces:
 # vars used by roles/common/tasks/apt.yml
 # ---
 
+#apt_manage_sources_list: false
+
 
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 
+create_sftp_group: true
+
+
 default_user:
 
   - name: chris
@@ -193,6 +307,12 @@ default_user:
       - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
       - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 
+
+extra_system_user:
+  - name: www-data
+    home: /var/www
+    groups: sftp_users
+
 sudo_users:
   - chris
   - sysadm

host_vars/oolm-shop.oopen.de.yml

@@ -0,0 +1,70 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_password_authentication: !!str "yes"
+
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/server27.warenform.de.yml

@@ -140,6 +140,12 @@ network_interfaces:
 # vars used by roles/common/tasks/basic.yml
 # ---
 
+copy_additional_plain_files_sysctl:
+
+  - name: elasticsearch
+    src_path: etc/sysctl.d/60-elasticsearch.conf
+    dest_path: /etc/sysctl.d/60-elasticsearch.conf
+
 
 # ---
 # vars used by roles/common/tasks/sshd.yml

host_vars/zapata.opp.netz.yml

@@ -315,6 +315,12 @@ samba_user:
       - beratung
     password: '20!lavinia*20'
 
+  - name: mahadi 
+    groups:
+      - buero
+      - beratung
+    password: '22_mahadi#obs'
+
   - name: marcus
     groups:
       - buero
@@ -322,6 +328,12 @@ samba_user:
       - verwaltung
     password: ''
 
+  - name: maria 
+    groups:
+      - buero
+      - beratung
+    password: 'm4ri4+adb22'
+
   - name: martin
     groups:
       - buero