ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2024-02-26 00:43:42 +01:00
parent 04c420458c
commit 97fd7efb16
31 changed files with 663 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/homedirs/root/_bashrc
View File

@ -35,7 +35,9 @@ alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias la='ls $LS_OPTIONS -al'
alias l='ls $LS_OPTIONS -lA'
#
alias running_services='systemctl list-units --type=service --state=running'
# Some more alias to avoid making mistakes:
#alias rm='rm -i'
#alias cp='cp -i'

2
host_vars/bbb-server.b3-bornim.netz.yml
View File

@ -141,7 +141,7 @@ resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
- 172.16.42.254
# ---

27
host_vars/file-ah.kanzlei-kiel.netz.yml
View File

@ -160,7 +160,7 @@ resolved_domains:
- ~.
- kanzlei-kiel.netz
resolved_dnssec: true
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
@ -172,12 +172,12 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
#cron_user_special_time_entries:
#
# - name: "Restart DNS Cache service 'systemd-resolved'"
# special_time: reboot
# job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
# insertafter: PATH
@ -247,6 +247,13 @@ sudo_users:
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.100.10
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
@ -325,7 +332,7 @@ samba_user:
- buero
- intern
- verwaltung
password:
password: '20-buch_holz-20'
- name: schmidt
groups:
- intern
@ -449,8 +456,8 @@ samba_shares:
path: /data/samba/shares/Advoware-Backup
group_valid_users: back
group_write_list: back
file_create_mask: 664
dir_create_mask: 2775
file_create_mask: !!str 664
dir_create_mask: !!str 2775
guest_ok: !!str yes
vfs_object_recycle: false

31
host_vars/file-blkr-neu.blkr.netz.yml → host_vars/file-blkr-alt.blkr.netz.yml
View File

@ -33,7 +33,7 @@ network_interfaces:
family: inet
method: static
description:
address: 192.168.162.20
address: 192.168.162.10
netmask: 24
gateway: 192.168.162.254
@ -244,37 +244,12 @@ sudo_users:
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.162.20
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.162.20:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.162.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.162.20
samba_server_ip: 192.168.162.10
samba_server_cidr_prefix: 24
samba_workgroup: BLKR
@ -354,7 +329,7 @@ samba_user:
- buero
password: 'bhNC.P5eTy-2'
base_home: /data/home
base_home: /home
# remove_samba_users:
# - name: name1

28
host_vars/file-blkr.blkr.netz.yml
View File

@ -244,6 +244,31 @@ sudo_users:
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.162.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.162.10:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.162.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
@ -294,6 +319,7 @@ samba_user:
- name: julius-e
groups:
- buero
- verwaltung
password: '2/kcx3jju-tr'
- name: leonie
groups:
@ -329,7 +355,7 @@ samba_user:
- buero
password: 'bhNC.P5eTy-2'
base_home: /home
base_home: /data/home
# remove_samba_users:
# - name: name1

2
host_vars/file-fhxb.fhxb.netz.yml
View File

@ -141,7 +141,7 @@ resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
- 172.16.192.254
# ---

12
host_vars/ga-al-gw.oopen.de.yml
View File

@ -319,6 +319,18 @@ resolved_fallback_nameserver:
- 192.168.11.1
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

10
host_vars/ga-nh-gw.oopen.de.yml
View File

@ -76,6 +76,11 @@ network_interfaces:
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
@ -122,6 +127,11 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml

12
host_vars/ga-st-gw.ga.netz.yml
View File

@ -365,6 +365,18 @@ resolved_fallback_nameserver:
- 192.168.10.1
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml

12
host_vars/gw-123.oopen.de.yml
View File

@ -111,6 +111,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

14
host_vars/gw-ah.oopen.de.yml
View File

@ -106,6 +106,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
@ -203,6 +215,8 @@ bind9_gateway_acl:
entries:
- '// Nameserver Kanzlei EBS'
- 192.168.182.1
- '// lokal Nameserver Domän controler'
- 192.168.100.30
bind9_gateway_listen_on_v6:
- none

12
host_vars/gw-ak.oopen.de.yml
View File

@ -156,6 +156,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

12
host_vars/gw-akb.oopen.de.yml
View File

@ -111,6 +111,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

12
host_vars/gw-b3.oopen.de.yml
View File

@ -111,6 +111,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

10
host_vars/gw-blkr.oopen.de.yml
View File

@ -76,6 +76,11 @@ network_interfaces:
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
@ -127,6 +132,11 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml

10
host_vars/gw-ckubu.local.netz.yml
View File

@ -102,6 +102,16 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---

12
host_vars/gw-d11.oopen.de.yml
View File

@ -111,6 +111,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

14
host_vars/gw-ebs.oopen.de.yml
View File

@ -157,6 +157,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
@ -256,6 +268,8 @@ bind9_gateway_acl:
- 192.168.100.1
- '// Nameserver Kanzlei Elster'
- 192.168.202.1
- '// lokal Nameserver Domän controler'
- 192.168.182.30
bind9_gateway_listen_on_v6:
- none

10
host_vars/gw-elster.oopen.de.yml
View File

@ -76,6 +76,11 @@ network_interfaces:
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
@ -122,6 +127,11 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml

12
host_vars/gw-fhxb.oopen.de.yml
View File

@ -156,6 +156,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

10
host_vars/gw-flr.oopen.de.yml
View File

@ -75,6 +75,11 @@ network_interfaces:
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
@ -121,6 +126,11 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml

10
host_vars/gw-irights.oopen.de.yml
View File

@ -71,6 +71,11 @@ network_interfaces:
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
@ -117,6 +122,11 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml

10
host_vars/gw-km.oopen.de.yml
View File

@ -62,6 +62,11 @@ network_interfaces:
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
@ -108,6 +113,11 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml

12
host_vars/gw-opp.oopen.de.yml
View File

@ -156,6 +156,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

12
host_vars/gw-spr.oopen.de.yml
View File

@ -111,6 +111,18 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---

186
host_vars/o13-staging-board.oopen.de.yml Normal file
View File

@ -0,0 +1,186 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
#apt_manage_sources_list: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 212.42.230.1
- 83.223.66.51
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $y$j9T$myZ6f5/klmH0HDN2mb9tv/$s/bBrr6PEXdEgtn9CZYzBNZsA4.r6gWYYeZ4LAYotp9

72
host_vars/o25.oopen.de.yml
View File

@ -259,6 +259,78 @@ network_interfaces:
#apt_manage_sources_list: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 213.133.100.100
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---

2
host_vars/o35.oopen.de.yml
View File

@ -214,7 +214,7 @@ resolved_domains:
- ~.
- oopen.de
resolved_dnssec: true
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#

71
host_vars/zapata.opp.netz.yml
View File

@ -18,7 +18,6 @@ network_interface_required_packages:
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
@ -75,6 +74,76 @@ network_interfaces:
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.62.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- opp.netz
resolved_dnssec: true
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 172.16.62.254
# ---
# vars used by roles/common/tasks/cron.yml
# ---

11
hosts
View File

@ -19,6 +19,7 @@ rage.so36.net ansible_user=ckubu
lxc-host-kb.anw-kb.netz
o33.oopen.de
o25.oopen.de
o13-staging-board.oopen.de
[dns_sinma]
@ -56,7 +57,6 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
gw-replacement.local.netz
@ -465,7 +465,6 @@ file-km.anw-km.netz
# - Kanzlei BLKR
gw-blkr.oopen.de
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
# - Kanzlei EBS Leipzig
gw-ebs.oopen.de
@ -1163,7 +1162,6 @@ file-ipa.local.netz
server18.warenform.de
piwik.warenform.de
server22.warenform.de
nd-live.warenform.de
nd-epaper.warenform.de
nd-archiv.warenform.de
@ -1222,7 +1220,6 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
@ -1230,7 +1227,7 @@ zapata.opp.netz
[nfs_server]
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
file-ah.kanzlei-kiel.netz
file-ebs.ebs.netz
file-fhxb.fhxb.netz
@ -1241,7 +1238,6 @@ file-fhxb.fhxb.netz
[x2go_server]
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
[mumble_server]
@ -1318,7 +1314,6 @@ bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
# - GA - Gemeinschaft Altensclirf
@ -1464,7 +1459,6 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz
file-ipa.local.netz
@ -1671,7 +1665,6 @@ file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
file-blkr-neu.blkr.netz
zapata.opp.netz

62
roles/common/templates/etc/security/limits.conf.j2 Normal file
View File

@ -0,0 +1,62 @@
# {{ ansible_managed }}
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
# - NOTE: group and wildcard limits are not applied to root.
# To apply a limit to the root user, <domain> must be
# the literal username root.
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
# - chroot - change root to directory (Debian-specific)
#
#<domain> <type> <item> <value>
#
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
* - nofile 1048576
root - nofile 1048576
# End of file