update..

2022-11-25 01:07:36 +01:00 · 2022-11-25 01:07:36 +01:00 · a143f30206
commit a143f30206
parent 45115c6700
16 changed files with 220 additions and 17 deletions
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -1109,6 +1109,14 @@ sshd_macs:
  - hmac-sha2-512-etm@openssh.com
  - umac-128-etm@openssh.com
 # This users are allowed to use password authentification
 #
 sshd_pasword_auth_user:
 # This IP-Addresses are allowed to use password authentification
 #
 sshd_pasword_auth_ip:
 # ---
 # vars used by roles/common/tasks/sudoers.yml
@ -1787,6 +1795,9 @@ roundcube_2_skin_logo:
 # vars used by roles/common/tasks/samba-user.yml
 # ==========
 samba_server_ip:
 samba_server_cidr_prefix: 24
 apt_install_server_samba:
  - samba
  - nscd
@ -1796,20 +1807,20 @@ apt_install_server_samba:
 # example:
 #    samba_workgroup: MBR
 #
-samba_workgroup: {}
+samba_workgroup:
 # samba_netbios_name
 #
 # example:
 #    samba_netbios_name: FILE-MBR
 #
-samba_netbios_name: {}
+samba_netbios_name:
 # samba_server_min_protocol
 #
-samba_server_min_protocol: {}
+samba_server_min_protocol:
-samba_groups: []
+samba_groups: ([])
 # samba_user:
 #   - name: chris
@ -1818,7 +1829,7 @@ samba_groups: []
 #       - group2
 #     password: 'H-.T/TvN5S9J'
 #
-samba_user: []
+samba_user: ([])
 base_home: /home
@ -1826,7 +1837,7 @@ base_home: /home
 #   - name: name1
 #   - name: name2
 #
-remove_samba_users: []
+remove_samba_users: ([])
 # samba_shares
 # 
--- a/host_vars/bbb-server.b3-bornim.netz.yml
+++ b/host_vars/bbb-server.b3-bornim.netz.yml
@ -159,6 +159,9 @@ sudo_users:
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 samba_server_ip: 192.168.42.10
 samba_server_cidr_prefix: 24
 samba_workgroup: B3-BORNIM
 samba_netbios_name: BBB-SERVER
--- a/host_vars/file-ah.kanzlei-kiel.netz.yml
+++ b/host_vars/file-ah.kanzlei-kiel.netz.yml
@ -194,6 +194,9 @@ sudo_users:
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 samba_server_ip: 192.168.100.10
 samba_server_cidr_prefix: 24
 samba_workgroup: AH
 samba_netbios_name: FILE-AH
--- a/host_vars/file-blkr.blkr.netz.yml
+++ b/host_vars/file-blkr.blkr.netz.yml
@ -180,6 +180,9 @@ sudo_users:
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 samba_server_ip: 192.168.162.10
 samba_server_cidr_prefix: 24
 samba_workgroup: BLKR
 samba_netbios_name: FILE-BLKR
--- a/host_vars/file-fhxb.fhxb.netz
+++ b/host_vars/file-fhxb.fhxb.netz
@ -35,7 +35,7 @@ network_interfaces:
    method: static
    description:
    address: 192.168.192.10
-    netmask: 24
+    netmask: 23
    gateway: 192.168.192.254
    # optional dns settings nameservers: []
@ -172,7 +172,7 @@ nfs_exports:
     mount_opts: users,rsize=8192,wsize=8192,hard,intr
     export_opt: rw,root_squash,sync,subtree_check
     export_networks:
-       - 192.168.192.0/24
+       - 192.168.192.0/23
       - 10.0.192.0/24
       - 10.1.192.0/24
       - 192.168.63.0/24
@ -183,7 +183,7 @@ nfs_exports:
     mount_opts: users,rsize=8192,wsize=8192,hard,intr
     export_opt: rw,root_squash,sync,subtree_check
     export_networks:
-       - 192.168.192.0/24
+       - 192.168.192.0/23
       - 10.0.192.0/24
       - 10.1.192.0/24
       - 192.168.63.0/24
@ -196,6 +196,9 @@ nfs_exports:
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 samba_server_ip: 192.168.192.10
 samba_server_cidr_prefix: 23
 samba_workgroup: FHXB
 samba_netbios_name: FILE-FHXB
@ -247,6 +250,9 @@ samba_groups:
    group_id: 1480
  - name: vermittlung
    group_id: 1490
  - name: altlasten
    group_id: 1510
 samba_user:
@ -278,6 +284,8 @@ samba_user:
      - vermittlung
      - leitung
      - altlasten
    password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          63643330373231636537366333326630333265303265653933613835656262323863363038653234
@ -288,6 +296,7 @@ samba_user:
  - name: sysadm
    groups:
      - altlasten
      - archiv
      - ausstellungen
      - buero
@ -380,6 +389,7 @@ samba_user:
    # Florian Helm
  - name : f.helm
    groups:
      - altlasten
      - archiv
      - ausstellungen
      - buero
@ -480,6 +490,7 @@ samba_user:
    # Natalie Bayer
  - name : n.bayer
    groups:
      - altlasten
      - archiv
      - ausstellungen
      - buero
@ -612,6 +623,15 @@ remove_samba_users:
 samba_shares:
  - name: Altlasten
    comment: Altlasten auf Fileserver
    path: /data/samba/FHXB-Server/Altlasten
    group_valid_users: altlasten
    group_write_list: altlasten
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
  - name: Archiv
    comment: Archiv auf Fileserver
    path: /data/samba/FHXB-Server/Archiv
@ -804,7 +824,7 @@ samba_shares:
  - name: FHXB-Sammlungen
    comment: FHXB-Sammlungen auf Fileserver
-    path: /data/samba/Darchim2/Bildarchiv
+    path: /data/samba/Darchim2/FHXB-Sammlungen
    group_valid_users: fhxb-sammlungen
    group_write_list: fhxb-sammlungen
    file_create_mask: !!str 660
--- a/host_vars/gw-fhxb.oopen.de.yml
+++ b/host_vars/gw-fhxb.oopen.de.yml
@ -26,9 +26,9 @@ network_interfaces:
    auto: true
    family: inet
    method: static
-    address: 192.168.178.254
+    address: 172.16.192.1
    netmask: 24
-    gateway: 192.168.178.1
+    gateway: 172.16.192.254
    nameservers:
      - 127.0.0.1
      - 192.168.192.1
@ -41,7 +41,7 @@ network_interfaces:
    family: inet
    method: static
    address: 192.168.192.254
-    netmask: 24
+    netmask: 23
  - device: eno2:ns
@ -54,11 +54,11 @@ network_interfaces:
  - device: eno3
-    headline: eno3 -  LAN 
+    headline: eno3 -  WLAN 
    auto: true
    family: inet
    method: static
-    address: 192.168.193.254
+    address: 192.168.194.254
    netmask: 24
--- a/host_vars/o17.oopen.de.yml
+++ b/host_vars/o17.oopen.de.yml
@ -234,6 +234,9 @@ git_firewall_repository:
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 samba_server_ip: 83.223.85.203
 samba_server_cidr_prefix: 24
 samba_workgroup: AH
 samba_netbios_name: FILE-AH
--- a/host_vars/oolm-db.oopen.de.yml
+++ b/host_vars/oolm-db.oopen.de.yml
@ -0,0 +1,73 @@
 ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 #sshd_pasword_auth_user:
 #  - chris
 #sshd_pasword_auth_ip:
 #  - 2003:ec:df0c:e7fe:ebb:d93b:1d33:3918
 #  - 2003:ec:df0c:e7fe:4b3a:a5ba:c661:f7f6
 # ---
 # vars used by apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
--- a/host_vars/oolm-shop.oopen.de.yml
+++ b/host_vars/oolm-shop.oopen.de.yml
@ -21,6 +21,13 @@
 #sshd_password_authentication: !!str "yes"
 # This users are allowed to use password authentification
 # 
 #sshd_pasword_auth_user:
 #  - nordkurier_live
 sshd_pasword_auth_ip:
  - 34.107.7.34
 # ---
 # vars used by apt.yml
--- a/host_vars/zapata.opp.netz.yml
+++ b/host_vars/zapata.opp.netz.yml
@ -159,6 +159,9 @@ sudo_users:
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 samba_server_ip: 192.168.62.10
 samba_server_cidr_prefix: 24
 samba_workgroup: OPP
 samba_netbios_name: ZAPATA
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
@ -44,3 +44,16 @@ dia-two-2\.de$
 surlumice\.store$
 hecnvoipl\.xyz$
 viastarco\.xyz$
 mail\.notistall\.balashov\.su$
 mail\.batistase\.hz\.cz$
 mail\.lorinsales\.de\.fr$
 mail\.jostalles\.azerbaijan\.su$
 mail\.batistase\.hz\.cz$
 wulprobot\.xyz$
 circuitlogix\.com$
 anelpones\.xyz$
 a27-10\.smtp-out.us-west-2\.amazonses\.com$
 relay01\.cne\.gob\.ve$
 mta01\.cne\.gob\.ve$
 news1\.worldnews\.hair$
 ritechager\.info$
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
@ -70,3 +70,31 @@
 217.199.96.0/19
 # viastarco.xyz (eur-versand.com)
 163.123.180.214
 # RU (u.a lorinsales.de.fr) 
 185.31.160.0/22
 # RU (batistase.hz.cz)
 93.189.42.0/23
 # RU (notistall.balashov.su)
 77.87.212.0/24
 # RU (jostalles.azerbaijan.su)
 62.173.128.0/19
 # RU ( u.a. batistase.hz.cz )
 62.76.184.0/21
 # US (u.a. premiumofen.com)
 172.93.96.0/20
 # US (u.a. premiumofen.com)
 108.171.192.0/19
 # US ()
 54.240.0.0/18
 # VE ( u.a. cne.gob.ve)
 201.130.82.0/23
 # mx1.privateemail.com mx2.privateemail.com
 198.54.122.250
 198.54.122.240
 # US (u.a. direktpaket.com>)
 198.54.112.0/20
 # classic-british-motorcycles.com
 172.67.189.127
 104.21.33.94
 # (u.a. direktpaket.com)
 194.116.228.0/24
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
@ -69,6 +69,10 @@ firmen-infos\.com$
@podiumskate\.\S+$
@ppe-healthcare-europe\.\S+$
@direktpaket\.com$
@revzilla\.com$
@christopherhinz\.com$
 # annoying spammer addresses
 ^error@mailfrom\.com$
--- a/roles/common/tasks/redis-server.yml
+++ b/roles/common/tasks/redis-server.yml
@ -91,7 +91,7 @@
  when:
    - redis_conf_exists.stat.exists == False
  tags:
-    - samba-server
+    - redis-server
 - name: (redis-server.yml) adjust configuration '/etc/redis/redis.conf'
  lineinfile:
--- a/roles/common/templates/etc/samba/smb.conf.j2
+++ b/roles/common/templates/etc/samba/smb.conf.j2
@ -67,7 +67,7 @@
 # This can be either the interface name or an IP address/netmask;
 # interface names are normally preferred
 ;   interfaces = 127.0.0.0/8 eth0
-   interfaces =  {{ ansible_default_ipv4.address }}/24  127.0.0.1/8
+   interfaces =  {{ samba_server_ip }}/{{ samba_server_cidr_prefix }}  127.0.0.1/8
 # Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf 
   hosts deny = 0.0.0.0/0
--- a/roles/common/templates/etc/ssh/sshd_config.j2
+++ b/roles/common/templates/etc/ssh/sshd_config.j2
@ -466,4 +466,36 @@ Match group sftp_users
  ChrootDirectory %h
  ForceCommand internal-sftp
 Match all
 {% endif -%}
 {% if (sshd_pasword_auth_user is defined) and sshd_pasword_auth_user %}
 #-----------------------------
 # Match User for PasswordAuthentication
 #-----------------------------
 {% for item in sshd_pasword_auth_user %}
 Match User {{ item }}
  PasswordAuthentication yes
 Match all
 {% endfor %}
 {% endif %}
 {% if (sshd_pasword_auth_ip is defined) and sshd_pasword_auth_ip %}
 #-----------------------------
 # Match IP Address for PasswordAuthentication
 #-----------------------------
 {% for item in sshd_pasword_auth_ip %}
 Match Address {{ item }}
  PasswordAuthentication yes
 Match all
 {% endfor %}
 {% endif %}