ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2022-11-25 01:07:36 +01:00
parent 45115c6700
commit a143f30206
16 changed files with 220 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
group_vars/all/main.yml
View File

@ -1109,6 +1109,14 @@ sshd_macs:
- hmac-sha2-512-etm@openssh.com
- umac-128-etm@openssh.com
# This users are allowed to use password authentification
#
sshd_pasword_auth_user:
# This IP-Addresses are allowed to use password authentification
#
sshd_pasword_auth_ip:
# ---
# vars used by roles/common/tasks/sudoers.yml
@ -1787,6 +1795,9 @@ roundcube_2_skin_logo:
# vars used by roles/common/tasks/samba-user.yml
# ==========
samba_server_ip:
samba_server_cidr_prefix: 24
apt_install_server_samba:
- samba
- nscd
@ -1796,20 +1807,20 @@ apt_install_server_samba:
# example:
# samba_workgroup: MBR
#
samba_workgroup: {}
samba_workgroup:
# samba_netbios_name
#
# example:
# samba_netbios_name: FILE-MBR
#
samba_netbios_name: {}
samba_netbios_name:
# samba_server_min_protocol
#
samba_server_min_protocol: {}
samba_server_min_protocol:
samba_groups: []
samba_groups: ([])
# samba_user:
# - name: chris
@ -1818,7 +1829,7 @@ samba_groups: []
# - group2
# password: 'H-.T/TvN5S9J'
#
samba_user: []
samba_user: ([])
base_home: /home
@ -1826,7 +1837,7 @@ base_home: /home
# - name: name1
# - name: name2
#
remove_samba_users: []
remove_samba_users: ([])
# samba_shares
#

3
host_vars/bbb-server.b3-bornim.netz.yml
View File

@ -159,6 +159,9 @@ sudo_users:
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.42.10
samba_server_cidr_prefix: 24
samba_workgroup: B3-BORNIM
samba_netbios_name: BBB-SERVER

3
host_vars/file-ah.kanzlei-kiel.netz.yml
View File

@ -194,6 +194,9 @@ sudo_users:
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.100.10
samba_server_cidr_prefix: 24
samba_workgroup: AH
samba_netbios_name: FILE-AH

3
host_vars/file-blkr.blkr.netz.yml
View File

@ -180,6 +180,9 @@ sudo_users:
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.162.10
samba_server_cidr_prefix: 24
samba_workgroup: BLKR
samba_netbios_name: FILE-BLKR

28
host_vars/file-fhxb.fhxb.netz
View File

@ -35,7 +35,7 @@ network_interfaces:
method: static
description:
address: 192.168.192.10
netmask: 24
netmask: 23
gateway: 192.168.192.254
# optional dns settings nameservers: []
@ -172,7 +172,7 @@ nfs_exports:
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.192.0/24
- 192.168.192.0/23
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
@ -183,7 +183,7 @@ nfs_exports:
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.192.0/24
- 192.168.192.0/23
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
@ -196,6 +196,9 @@ nfs_exports:
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.192.10
samba_server_cidr_prefix: 23
samba_workgroup: FHXB
samba_netbios_name: FILE-FHXB
@ -247,6 +250,9 @@ samba_groups:
group_id: 1480
- name: vermittlung
group_id: 1490
- name: altlasten
group_id: 1510
samba_user:
@ -278,6 +284,8 @@ samba_user:
- vermittlung
- leitung
- altlasten
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
@ -288,6 +296,7 @@ samba_user:
- name: sysadm
groups:
- altlasten
- archiv
- ausstellungen
- buero
@ -380,6 +389,7 @@ samba_user:
# Florian Helm
- name : f.helm
groups:
- altlasten
- archiv
- ausstellungen
- buero
@ -480,6 +490,7 @@ samba_user:
# Natalie Bayer
- name : n.bayer
groups:
- altlasten
- archiv
- ausstellungen
- buero
@ -612,6 +623,15 @@ remove_samba_users:
samba_shares:
- name: Altlasten
comment: Altlasten auf Fileserver
path: /data/samba/FHXB-Server/Altlasten
group_valid_users: altlasten
group_write_list: altlasten
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
- name: Archiv
comment: Archiv auf Fileserver
path: /data/samba/FHXB-Server/Archiv
@ -804,7 +824,7 @@ samba_shares:
- name: FHXB-Sammlungen
comment: FHXB-Sammlungen auf Fileserver
path: /data/samba/Darchim2/Bildarchiv
path: /data/samba/Darchim2/FHXB-Sammlungen
group_valid_users: fhxb-sammlungen
group_write_list: fhxb-sammlungen
file_create_mask: !!str 660

10
host_vars/gw-fhxb.oopen.de.yml
View File

@ -26,9 +26,9 @@ network_interfaces:
auto: true
family: inet
method: static
address: 192.168.178.254
address: 172.16.192.1
netmask: 24
gateway: 192.168.178.1
gateway: 172.16.192.254
nameservers:
- 127.0.0.1
- 192.168.192.1
@ -41,7 +41,7 @@ network_interfaces:
family: inet
method: static
address: 192.168.192.254
netmask: 24
netmask: 23
- device: eno2:ns
@ -54,11 +54,11 @@ network_interfaces:
- device: eno3
headline: eno3 - LAN
headline: eno3 - WLAN
auto: true
family: inet
method: static
address: 192.168.193.254
address: 192.168.194.254
netmask: 24

3
host_vars/o17.oopen.de.yml
View File

@ -234,6 +234,9 @@ git_firewall_repository:
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 83.223.85.203
samba_server_cidr_prefix: 24
samba_workgroup: AH
samba_netbios_name: FILE-AH

73
host_vars/oolm-db.oopen.de.yml Normal file
View File

@ -0,0 +1,73 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
#sshd_pasword_auth_user:
# - chris
#sshd_pasword_auth_ip:
# - 2003:ec:df0c:e7fe:ebb:d93b:1d33:3918
# - 2003:ec:df0c:e7fe:4b3a:a5ba:c661:f7f6
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

7
host_vars/oolm-shop.oopen.de.yml
View File

@ -21,6 +21,13 @@
#sshd_password_authentication: !!str "yes"
# This users are allowed to use password authentification
#
#sshd_pasword_auth_user:
# - nordkurier_live
sshd_pasword_auth_ip:
- 34.107.7.34
# ---
# vars used by apt.yml

3
host_vars/zapata.opp.netz.yml
View File

@ -159,6 +159,9 @@ sudo_users:
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.62.10
samba_server_cidr_prefix: 24
samba_workgroup: OPP
samba_netbios_name: ZAPATA

13
roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
View File

@ -44,3 +44,16 @@ dia-two-2\.de$
surlumice\.store$
hecnvoipl\.xyz$
viastarco\.xyz$
mail\.notistall\.balashov\.su$
mail\.batistase\.hz\.cz$
mail\.lorinsales\.de\.fr$
mail\.jostalles\.azerbaijan\.su$
mail\.batistase\.hz\.cz$
wulprobot\.xyz$
circuitlogix\.com$
anelpones\.xyz$
a27-10\.smtp-out.us-west-2\.amazonses\.com$
relay01\.cne\.gob\.ve$
mta01\.cne\.gob\.ve$
news1\.worldnews\.hair$
ritechager\.info$

28
roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
View File

@ -70,3 +70,31 @@
217.199.96.0/19
# viastarco.xyz (eur-versand.com)
163.123.180.214
# RU (u.a lorinsales.de.fr)
185.31.160.0/22
# RU (batistase.hz.cz)
93.189.42.0/23
# RU (notistall.balashov.su)
77.87.212.0/24
# RU (jostalles.azerbaijan.su)
62.173.128.0/19
# RU ( u.a. batistase.hz.cz )
62.76.184.0/21
# US (u.a. premiumofen.com)
172.93.96.0/20
# US (u.a. premiumofen.com)
108.171.192.0/19
# US ()
54.240.0.0/18
# VE ( u.a. cne.gob.ve)
201.130.82.0/23
# mx1.privateemail.com mx2.privateemail.com
198.54.122.250
198.54.122.240
# US (u.a. direktpaket.com>)
198.54.112.0/20
# classic-british-motorcycles.com
172.67.189.127
104.21.33.94
# (u.a. direktpaket.com)
194.116.228.0/24

4
roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
View File

@ -69,6 +69,10 @@ firmen-infos\.com$
@podiumskate\.\S+$
@ppe-healthcare-europe\.\S+$
@direktpaket\.com$
@revzilla\.com$
@christopherhinz\.com$
# annoying spammer addresses
^error@mailfrom\.com$

2
roles/common/tasks/redis-server.yml
View File

@ -91,7 +91,7 @@
when:
- redis_conf_exists.stat.exists == False
tags:
- samba-server
- redis-server
- name: (redis-server.yml) adjust configuration '/etc/redis/redis.conf'
lineinfile:

2
roles/common/templates/etc/samba/smb.conf.j2
View File

@ -67,7 +67,7 @@
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
; interfaces = 127.0.0.0/8 eth0
interfaces = {{ ansible_default_ipv4.address }}/24 127.0.0.1/8
interfaces = {{ samba_server_ip }}/{{ samba_server_cidr_prefix }} 127.0.0.1/8
# Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf
hosts deny = 0.0.0.0/0

32
roles/common/templates/etc/ssh/sshd_config.j2
View File

@ -466,4 +466,36 @@ Match group sftp_users
ChrootDirectory %h
ForceCommand internal-sftp
Match all
{% endif -%}
{% if (sshd_pasword_auth_user is defined) and sshd_pasword_auth_user %}
#-----------------------------
# Match User for PasswordAuthentication
#-----------------------------
{% for item in sshd_pasword_auth_user %}
Match User {{ item }}
PasswordAuthentication yes
Match all
{% endfor %}
{% endif %}
{% if (sshd_pasword_auth_ip is defined) and sshd_pasword_auth_ip %}
#-----------------------------
# Match IP Address for PasswordAuthentication
#-----------------------------
{% for item in sshd_pasword_auth_ip %}
Match Address {{ item }}
PasswordAuthentication yes
Match all
{% endfor %}
{% endif %}