update..

2022-07-20 00:54:01 +02:00 · 2022-07-20 00:54:01 +02:00 · 9137c0a021
commit 9137c0a021
parent 151a3b467b
8 changed files with 408 additions and 176 deletions
--- a/host_vars/172.16.63.32.yml
+++ b/host_vars/172.16.63.32.yml
@ -0,0 +1,115 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 copy_additional_plain_files_sysctl:
  - name: enable-ipv6
    src_path: etc/sysctl.d/30-enable-ipv6.conf
    dest_path: /etc/sysctl.d/30-enable-ipv6.conf
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 default_user:
  - name: chris
    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: sysadm
    user_id: 1050
    group_id: 1050
    group: sysadm
    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: back
    user_id: 1060
    group_id: 1060
    group: back
    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 sudo_users:
  - chris
  - sysadm
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 apt_install_bind9_packages: true
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 git_firewall_repository:
  name: ipt-gateway
  repo: https://git.oopen.de/firewall/ipt-gateway
  dest: /usr/local/src/ipt-gateway
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
 root_user:
  name: root
  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/gw-123.oopen.de.yml
+++ b/host_vars/gw-123.oopen.de.yml
@ -15,6 +15,13 @@
 # ---
 copy_additional_plain_files_sysctl:
  - name: enable-ipv6
    src_path: etc/sysctl.d/30-enable-ipv6.conf
    dest_path: /etc/sysctl.d/30-enable-ipv6.conf
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
@ -87,6 +94,24 @@ sudo_users:
 apt_install_bind9_packages: true
 bind9_gateway_listen_on_v6:
  - none
 bind9_gateway_listen_on:
  - 127.0.0.1
  - 192.168.142.1
  - 192.168.142.254
  - 172.16.142.1
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 git_firewall_repository:
  name: ipt-gateway
  repo: https://git.oopen.de/firewall/ipt-gateway
  dest: /usr/local/src/ipt-gateway
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
@ -105,5 +130,5 @@ git_firewall_repository:
 root_user:
  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+  password: $y$j9T$IVBTpn.OrI6YiQ9q3fA8b1$Y1bmID5yXJbKfoLFt1VmQs6LezeTj5/1M9ppZBD2Pn4
--- a/host_vars/o22.oopen.de.yml
+++ b/host_vars/o22.oopen.de.yml
@ -129,12 +129,19 @@ network_interfaces:
 # vars used by roles/common/tasks/basic.yml
 # ---
 copy_additional_plain_files_sysctl:
  - name: elasticsearch
    src_path: etc/sysctl.d/60-elasticsearch.conf
    dest_path: /etc/sysctl.d/60-elasticsearch.conf
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
@ -153,13 +160,6 @@ default_user:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: c3po
    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
  - name: sysadm
    user_id: 1050
    group_id: 1050
@ -193,7 +193,6 @@ default_user:
 sudo_users:
  - chris
  - o13-pad
  - sysadm
  - localadmin
--- a/host_vars/o27.oopen.de.yml
+++ b/host_vars/o27.oopen.de.yml
@ -4,6 +4,7 @@
 # vars used by roles/network_interfaces
 # ---
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True
@ -16,15 +17,14 @@ network_interface_required_packages:
  - bridge-utils
  - ifmetric
  - ifupdown
  - ifenslave
  - resolvconf
 network_interfaces:
-  - device: eth0
+  - device: br0
    # use only once per device (for the first device entry)
-    headline: eth0 - primary network interface
+    headline: br0 - bridge over device enp195s0
    # auto & allow are only used for the first device entry
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -32,11 +32,11 @@ network_interfaces:
    family: inet
    method: static
-    hwaddress:
+    hwaddress: f0:2f:74:97:4a:c4
    description:
-    address: 94.16.115.62
+    address: 142.132.147.171
-    netmask: 22
+    netmask: 26
-    gateway: 94.16.112.1
+    gateway: 142.132.147.129
    metric:
    pointopoint:
    mtu:
@ -64,9 +64,10 @@ network_interfaces:
    #    search: warenform.de
    #
    nameservers:
-      - 46.38.225.230
+      - 185.12.64.1
-      - 46.38.252.230
+      - 2a01:4ff:ff00::add:2
-      - 2a03:4000:8000::fce6
+      - 185.12.64.2
      - 2a01:4ff:ff00::add:1
    search:
    # optional additional subnets/ips subnets: []
@ -81,7 +82,12 @@ network_interfaces:
    #   fd:
    #   maxwait:
    #   waitport:
-    bridge: {}
+    bridge:
      ports: enp195s0 # for mor devices support a blank separated list
      stp: !!str off
      fd: 5
      hello: 2
      maxage: 12
    #  optional bonding parameters bond: {}
    #  bond:
@ -103,7 +109,7 @@ network_interfaces:
    # inline hook scripts
    pre-up: [] # pre-up script lines
-    up:  [] # up script lines
+    up: [] # up script lines
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
@ -111,130 +117,9 @@ network_interfaces:
-  - device: eth0
+  - device: br0
    family: inet6
    method: static
-    address: 2a03:4000:28:7d8:c89f:aaff:fe8e:fb89
+    address: 2a01:4f8:261:1994::2
    netmask: 64
    gateway: fe80::1
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 default_user:
  - name: chris
    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: sysadm
    user_id: 1050
    group_id: 1050
    group: sysadm
    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
  - name: localadmin
    user_id: 1051
    group_id: 1051
    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
  - name: back
    user_id: 1060
    group_id: 1060
    group: back
    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 sudo_users:
  - chris
  - sysadm
  - localadmin
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 git_firewall_repository:
  name: ipt-server
  repo: https://git.oopen.de/firewall/ipt-server
  dest: /usr/local/src/ipt-server
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
 root_user:
  name: root
  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/o28.oopen.de.yml
+++ b/host_vars/o28.oopen.de.yml
@ -4,6 +4,7 @@
 # vars used by roles/network_interfaces
 # ---
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True
@ -22,21 +23,150 @@ network_interface_required_packages:
 network_interfaces:
-  - device: br0
+  # Many device configurations are possible (as many as needed)
  #
  - device: enp41s0
    # use only once per device (for the first device entry)
-    headline: br0 - bridge over device enp35s0
+    headline: enp41s0 - primary device
-    # auto & allow are only used for the first device entry
+    # auto & allow are only used for the first entry of that devicei-name)
    #
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
    auto: true
    family: inet
    # The statisc Mode
    #    Options
    #       address        <dotted quad address[/netmask]>
    #       gateway        <dotted quad address>
    #       pointopoint    <Address of other end point (dotted quad). Note the spelling of "point-to">
    #       hwaddress      <mac-address>
    #       mtu            <size>
    #       scope          <Address validity scope. Possible values: global, link, host>
    #
    # The manual Method
    #    Options
    #       hwaddress      <mac-address>
    #       mtu            <size>
    #
    # The dhcp Method
    #    Options
    #       hwaddress      <mac-address>
    #       hostname       <Hostname to be requested (pump, dhcpcd, udhcpc)>
    #       metric         <metric>
    #       leasehours     <Preferred lease time in hours (pump)>
    #       leasetime      <Preferred lease time in seconds (dhcpcd)>
    #       vendor         <Vendor class identifier (dhcpcd)>
    #       client         <Client identifier (dhcpcd), or "no" (dhclient)>
    #    
    # The bootp Method  
    #    Options
    #       bootfile:      <file: Tell the server to use 'file' as the bootfile.>
    #       server:        <address: Use the IP address 'address' to communicate with the server.>
    #       hwaddr         <mac-address: Use addr as the hardware address instead of whatever it really is.>
    #    
    method: static
-    hwaddress: a8:a1:59:0e:9f:2c
+    
    hwaddress: 
    description:
-    address: 95.217.109.232
+    address: 65.108.238.45
    # dotted quad or number of bits
    #
    # the entry will be: address/netmask
    netmask: 26
-    gateway: 95.217.109.193
+    gateway: 65.108.238.1
    metric: 
    pointopoint: 
    mtu: 
    scope: 
    # additional user by dhcp method
    #
    hostname:
    leasehours:
    leasetime:
    vendor:
    client:
    # additional used by bootp method
    #
    bootfile:
    server:
    hwaddr:
    # optional dns settings nameservers: []
    #
    #    nameservers:
    #      - 194.150.168.168  # dns.as250.net
    #      - 91.239.100.100   # anycast.censurfridns.dk
    #    search: warenform.de
    #
    nameservers:
      - 185.12.64.1
      - a01:4ff:ff00::add:2
    search:
    # optional additional subnets/ips subnets: []
    # subnets: 
    #   - '192.168.123.0/24'
    #   - '192.168.124.11/32'
    # optional bridge parameters bridge: {}
    # bridge:
    #   ports:
    #   stp:
    #   fd:
    #   maxwait:
    #   waitport:
    bridge: {}
    #  optional bonding parameters bond: {}
    #  bond:
    #    master
    #    primary
    #    slave
    #    mode:
    #    miimon:
    #    lacp-rate:
    #    ad-select-rate:
    #    master:
    #    slaves:
    bond: {}
    # optional vlan settings | vlan: {}
    # vlan: {}
    #   raw-device: 'eth0'
    vlan: {}
    # inline hook scripts
    #
    # example:
    #
    # up:
    #   - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp41s0"
    #
    pre-up: [] # pre-up script lines
    up:
      - !!str "route add -net 65.108.238.0 netmask 255.255.255.192 gw 65.108.238.1 dev enp41s0"
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines
  - device: enp41s0
    # use only once per device (for the first device entry)
    headline:
    # auto & allow are only used for the first device entry
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
    auto: 
    family: inet6
    method: static
    address: 2a01:4f9:1a:b226::2
    netmask: 64
    gateway: fe80::1
    metric:
    pointopoint:
    mtu:
@ -64,8 +194,6 @@ network_interfaces:
    #    search: warenform.de
    #
    nameservers:
      - 195.201.179.131
      - 95.217.204.204
    search:
    # optional additional subnets/ips subnets: []
@ -80,24 +208,15 @@ network_interfaces:
    #   fd:
    #   maxwait:
    #   waitport:
-    bridge:
+    bridge: {}
      ports: enp35s0 # for mor devices support a blank separated list
      stp: !!str off
      fd: 1
      hello: 2
      maxage: 12
    #  optional bonding parameters bond: {}
    #  bond:
-    #    master
+    #    mode:
    #    primary
    #    slave
    #    method:
    #    miimon:
    #    lacp-rate:
    #    ad-select-rate:
    #    master:
    #    slaves:
    #    lacp-rate:
    bond: {}
    # optional vlan settings | vlan: {}
@ -106,23 +225,13 @@ network_interfaces:
    vlan: {}
    # inline hook scripts
-    pre-up: [] # pre-up script lines
+    pre-up: []# pre-up script lines
-    up: 
+    up: [] # up script lines
      - !!str "route add -net 95.217.109.192 netmask 255.255.255.192 gw 95.217.109.193 dev br0" # up script lines
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines
  - device: br0
    family: inet6
    method: static
    address: 2a01:4f9:4a:2b57::2
    netmask: 64
    gateway: fe80::1
 # ---
 # vars used by roles/ansible_dependencies
 # ---
@ -147,11 +256,16 @@ network_interfaces:
 # vars used by roles/common/tasks/apt.yml
 # ---
 #apt_manage_sources_list: false
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 create_sftp_group: true
 default_user:
  - name: chris
@ -193,6 +307,12 @@ default_user:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
 extra_system_user:
  - name: www-data
    home: /var/www
    groups: sftp_users
 sudo_users:
  - chris
  - sysadm
--- a/host_vars/oolm-shop.oopen.de.yml
+++ b/host_vars/oolm-shop.oopen.de.yml
@ -0,0 +1,70 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 sshd_password_authentication: !!str "yes"
 # ---
 # vars used by apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
--- a/host_vars/server27.warenform.de.yml
+++ b/host_vars/server27.warenform.de.yml
@ -140,6 +140,12 @@ network_interfaces:
 # vars used by roles/common/tasks/basic.yml
 # ---
 copy_additional_plain_files_sysctl:
  - name: elasticsearch
    src_path: etc/sysctl.d/60-elasticsearch.conf
    dest_path: /etc/sysctl.d/60-elasticsearch.conf
 # ---
 # vars used by roles/common/tasks/sshd.yml
--- a/host_vars/zapata.opp.netz.yml
+++ b/host_vars/zapata.opp.netz.yml
@ -315,6 +315,12 @@ samba_user:
      - beratung
    password: '20!lavinia*20'
  - name: mahadi 
    groups:
      - buero
      - beratung
    password: '22_mahadi#obs'
  - name: marcus
    groups:
      - buero
@ -322,6 +328,12 @@ samba_user:
      - verwaltung
    password: ''
  - name: maria 
    groups:
      - buero
      - beratung
    password: 'm4ri4+adb22'
  - name: martin
    groups:
      - buero