diff --git a/host_vars/backup.oopen.de.yml b/host_vars/backup.oopen.de.yml index c64178c..330de69 100644 --- a/host_vars/backup.oopen.de.yml +++ b/host_vars/backup.oopen.de.yml @@ -288,6 +288,7 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqqmBWh3qmnx41NiLCn1LhVG0mn4++IUvRNC0OMh6h6 root@gitoea' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICR9o0+6jnfmXKOedKP6IZgt5lRIPFSJJ4FbMjz2SPkH root@gw-campus' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpNZFa+Jp5/8zKmSIZ3LGzuuPxj+QvfF+NYbWtblvTg root@iam-nd' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYFe6i0UdPRyENvfaJSJVCHtmnlJmhbqGEsdIlTapsj root@initiativenserver' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ54/I+TdZUA+Xc6bixSa3f0hN5y4kWW+xl9kqSZPBYS root@keycloak-nd' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO886BNZ/o9aBwkKqHku+MjS5/GEVRBbXXSF76ry7oZR root@mail-cadus' diff --git a/host_vars/backup.warenform.de.yml b/host_vars/backup.warenform.de.yml index 3098a32..93fe044 100644 --- a/host_vars/backup.warenform.de.yml +++ b/host_vars/backup.warenform.de.yml @@ -255,6 +255,7 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwG3cYT1S5ttaf7OCB2dfBAg4FFA3OO3HPTkiclaVFi root@server22' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyse/Fby2JiHjM10uotVfsBYO0W1EgmtFG2q+Q1xe38 root@server24' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIH9V1aqgZSqu7vfK9e5qGKm+ICHd8VglRr0Brm4kXfu root@server25' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUZHYQRap1XPOBsbtYs1elQMMm1hU1VMr7k2OFfOoi1 root@server18' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOOYhdtNPAQP8BlgSYBaMfWl8Yv4Y9ww7SWeLOn0HXH root@web0' diff --git a/host_vars/devel-php.wf.netz.yml b/host_vars/devel-php.wf.netz.yml index 097c1a8..1770fde 100644 --- a/host_vars/devel-php.wf.netz.yml +++ b/host_vars/devel-php.wf.netz.yml @@ -29,6 +29,13 @@ # vars used by roles/common/tasks/apt.yml # --- +apt_install_extra_pkgs: true +apt_extra_pkgs: + - weasyprint + - pdftk + - subversion + - subversion-tools + # --- # vars used by roles/common/tasks/systemd-resolved.yml diff --git a/host_vars/file-ebs.ebs.netz.yml b/host_vars/file-ebs.ebs.netz.yml index bdc0d36..921a5e9 100644 --- a/host_vars/file-ebs.ebs.netz.yml +++ b/host_vars/file-ebs.ebs.netz.yml @@ -536,6 +536,18 @@ samba_shares: guest_ok: !!str yes vfs_object_recycle: false + # --- + # - This share contains archived data that has not been backed up + # --- + - name: Archive-no-Backup + comment: Archive - keine Sicherungen + path: /data/samba/no-backup-shares/Archive-no-Backup + group_valid_users: alle + group_write_list: alle + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: false + # ============================== diff --git a/host_vars/file-km-neu.anw-km.netz.yml b/host_vars/file-km-neu.anw-km.netz.yml index d280e3c..c7b4042 100644 --- a/host_vars/file-km-neu.anw-km.netz.yml +++ b/host_vars/file-km-neu.anw-km.netz.yml @@ -60,7 +60,7 @@ network_interfaces: maxage: 12 # inline hook scripts - pre-up: + pre-up: - !!str "ip link set dev eno1np0 up" # pre-up script lines up: [] #up script lines post-up: [] # post-up script lines (alias for up) @@ -93,6 +93,13 @@ network_interfaces: # vars used by roles/common/tasks/apt.yml # --- +apt_install_extra_pkgs: + - lvm2 + - kpartx + - ntfs-3g + - swtpm + - swtpm-tools + # --- # vars used by roles/common/tasks/systemd-resolved.yml @@ -175,6 +182,44 @@ cron_user_special_time_entries: job: "sleep 10 ; /bin/systemctl restart systemd-resolved" insertafter: PATH + - name: "Activate ksm support" + special_time: reboot + job: "echo 1 > /sys/kernel/mm/ksm/run" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if postfix mailservice is running. Restart service if needed." + minute: "*/5" + hour: "*" + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors." + minute: "*/30" + hour: "*" + job: /root/bin/postfix/check-postfix-fatal-errors.sh + + - name: "Clean up Samba Trash Dirs" + minute: "02" + hour: "23" + job: /root/bin/samba/clean_samba_trash.sh + + - name: "Set (group and access) Permissons for Samba shares" + minute: "14" + hour: "23" + job: /root/bin/samba/set_permissions_samba_shares.sh + + - name: "Check if ntpsec is running. Restart service if needed." + minute: "*/6" + hour: "*" + job: /root/bin/monitoring/check_ntpsec_service.sh + # --- @@ -270,9 +315,9 @@ sudoers_file_user_back_mount_privileges: samba_server_ip: 192.168.122.210 samba_server_cidr_prefix: 24 -samba_workgroup: WORKGROUP +samba_workgroup: ANW-KM -samba_netbios_name: FILE-KM +samba_netbios_name: FILE-KM-01 samba_server_min_protocol: !!str NT1 @@ -285,10 +330,12 @@ samba_groups: group_id: 1115 - name: intern group_id: 1120 - - name: aulmann + - name: wildvang group_id: 1130 - - name: howe - group_id: 1140 + #- name: aulmann + # group_id: 1130 + #- name: howe + # group_id: 1140 - name: stahmann group_id: 1150 - name: traine @@ -318,8 +365,6 @@ samba_user: - name: andrea groups: - advoware - - aulmann - - howe - stahmann - traine - public @@ -336,8 +381,6 @@ samba_user: - name: aphex2 groups: - alle - - aulmann - - howe - stahmann - traine - public @@ -354,8 +397,6 @@ samba_user: - name: beuster groups: - advoware - - aulmann - - howe - stahmann - traine - public @@ -407,11 +448,11 @@ samba_user: - a-jur - advoware - alle - - aulmann - intern - kanzlei - stahmann - traine + - wildvang - public password: !vault | $ANSIBLE_VAULT;1.1;AES256 @@ -425,8 +466,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -436,8 +475,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -457,7 +494,6 @@ samba_user: - name: ho-st1 groups: - alle - - howe - stahmann password: '44-Ro-440' @@ -473,8 +509,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -484,8 +518,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -504,8 +536,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -515,8 +545,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -526,8 +554,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -537,8 +563,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine password: '66koeln66' @@ -562,8 +586,6 @@ samba_user: - name: rolf groups: - alle - - aulmann - - howe - stahmann - traine - public @@ -574,11 +596,11 @@ samba_user: - a-jur - advoware - alle - - aulmann - intern - kanzlei - stahmann - traine + - wildvang - public password: 'Ax_GSHh5' @@ -595,12 +617,18 @@ samba_user: - advoware - alle - kanzlei - - howe - stahmann - traine - public password: 'maltzwo2' + - name: wiebke + groups: + - alle + - wildvang + - public + password: 'uJ5gF/m53p.P' + - name: winadm groups: - a-jur @@ -657,27 +685,38 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_recycle: false - - name: aulmann - comment: Aulmann auf Fileserver - path: /data/samba/Aulmann - group_valid_users: aulmann - group_write_list: aulmann + - name: wildvang + comment: Wildvang auf Fileserver + path: /data/samba/Wildvang + group_valid_users: wildvang + group_write_list: wildvang file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - - name: howe - comment: Howe auf Fileserver - path: /data/samba/Howe - group_valid_users: howe - group_write_list: howe - file_create_mask: !!str 660 - dir_create_mask: !!str 2770 - vfs_object_recycle: true - recycle_path: '@Recycle' - vfs_object_recycle_is_visible: true +# - name: aulmann +# comment: Aulmann auf Fileserver +# path: /data/samba/Aulmann +# group_valid_users: aulmann +# group_write_list: aulmann +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true + +# - name: howe +# comment: Howe auf Fileserver +# path: /data/samba/Howe +# group_valid_users: howe +# group_write_list: howe +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true - name: stahmann comment: Stahmann auf Fileserver diff --git a/host_vars/file-km.anw-km.netz.yml b/host_vars/file-km.anw-km.netz.yml index 795c674..2868980 100644 --- a/host_vars/file-km.anw-km.netz.yml +++ b/host_vars/file-km.anw-km.netz.yml @@ -60,7 +60,7 @@ network_interfaces: maxage: 12 # inline hook scripts - pre-up: + pre-up: - !!str "ip link set dev enp97s0 up" # pre-up script lines up: [] #up script lines post-up: [] # post-up script lines (alias for up) @@ -175,6 +175,44 @@ cron_user_special_time_entries: job: "sleep 10 ; /bin/systemctl restart systemd-resolved" insertafter: PATH + - name: "Activate ksm support" + special_time: reboot + job: "echo 1 > /sys/kernel/mm/ksm/run" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if postfix mailservice is running. Restart service if needed." + minute: "*/5" + hour: "*" + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors." + minute: "*/30" + hour: "*" + job: /root/bin/postfix/check-postfix-fatal-errors.sh + + - name: "Clean up Samba Trash Dirs" + minute: "02" + hour: "23" + job: /root/bin/samba/clean_samba_trash.sh + + - name: "Set (group and access) Permissons for Samba shares" + minute: "14" + hour: "23" + job: /root/bin/samba/set_permissions_samba_shares.sh + + - name: "Check if ntpsec is running. Restart service if needed." + minute: "*/6" + hour: "*" + job: /root/bin/monitoring/check_ntpsec_service.sh + # --- @@ -233,10 +271,12 @@ samba_groups: group_id: 1110 - name: intern group_id: 1120 - - name: aulmann + - name: wildvang group_id: 1130 - - name: howe - group_id: 1140 + #- name: aulmann + # group_id: 1130 + #- name: howe + # group_id: 1140 - name: stahmann group_id: 1150 - name: traine @@ -266,8 +306,6 @@ samba_user: - name: andrea groups: - advoware - - aulmann - - howe - stahmann - traine - public @@ -284,8 +322,6 @@ samba_user: - name: aphex2 groups: - alle - - aulmann - - howe - stahmann - traine - public @@ -302,8 +338,6 @@ samba_user: - name: beuster groups: - advoware - - aulmann - - howe - stahmann - traine - public @@ -355,11 +389,11 @@ samba_user: - a-jur - advoware - alle - - aulmann - intern - kanzlei - stahmann - traine + - wildvang - public password: !vault | $ANSIBLE_VAULT;1.1;AES256 @@ -373,8 +407,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -384,8 +416,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -405,7 +435,6 @@ samba_user: - name: ho-st1 groups: - alle - - howe - stahmann password: '44-Ro-440' @@ -421,8 +450,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -432,8 +459,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -452,8 +477,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -463,8 +486,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -474,8 +495,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine - public @@ -485,8 +504,6 @@ samba_user: groups: - advoware - alle - - aulmann - - howe - stahmann - traine password: '66koeln66' @@ -510,8 +527,6 @@ samba_user: - name: rolf groups: - alle - - aulmann - - howe - stahmann - traine - public @@ -522,11 +537,11 @@ samba_user: - a-jur - advoware - alle - - aulmann - intern - kanzlei - stahmann - traine + - wildvang - public password: 'Ax_GSHh5' @@ -543,12 +558,18 @@ samba_user: - advoware - alle - kanzlei - - howe - stahmann - traine - public password: 'maltzwo2' + - name: wiebke + groups: + - alle + - wildvang + - public + password: 'uJ5gF/m53p.P' + - name: winadm groups: - a-jur @@ -605,27 +626,38 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_recycle: false - - name: aulmann - comment: Aulmann auf Fileserver - path: /data/samba/Aulmann - group_valid_users: aulmann - group_write_list: aulmann + - name: wildvang + comment: Wildvang auf Fileserver + path: /data/samba/Wildvang + group_valid_users: wildvang + group_write_list: wildvang file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - - name: howe - comment: Howe auf Fileserver - path: /data/samba/Howe - group_valid_users: howe - group_write_list: howe - file_create_mask: !!str 660 - dir_create_mask: !!str 2770 - vfs_object_recycle: true - recycle_path: '@Recycle' - vfs_object_recycle_is_visible: true +# - name: aulmann +# comment: Aulmann auf Fileserver +# path: /data/samba/Aulmann +# group_valid_users: aulmann +# group_write_list: aulmann +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true + +# - name: howe +# comment: Howe auf Fileserver +# path: /data/samba/Howe +# group_valid_users: howe +# group_write_list: howe +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true - name: stahmann comment: Stahmann auf Fileserver diff --git a/host_vars/file-km.anw-km.netz.yml.BAK.2026-04-18-1218 b/host_vars/file-km.anw-km.netz.yml.BAK.2026-04-18-1218 new file mode 100644 index 0000000..0797d30 --- /dev/null +++ b/host_vars/file-km.anw-km.netz.yml.BAK.2026-04-18-1218 @@ -0,0 +1,774 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + + +network_interfaces: + + - device: br0 + # use only once per device (for the first device entry) + headline: br0 - bridge over device enp97s0 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + description: + address: 192.168.122.10 + netmask: 24 + gateway: 192.168.122.254 + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + + # optional bridge parameters bridge: {} + # bridge: + # ports: + # stp: + # fd: + # maxwait: + # waitport: + bridge: + ports: enp97s0 # for mor devices support a blank separated list + stp: !!str off + fd: 5 + hello: 2 + maxage: 12 + + # inline hook scripts + pre-up: + - !!str "ip link set dev enp97s0 up" # pre-up script lines + up: [] #up script lines + post-up: [] # post-up script lines (alias for up) + pre-down: [] # pre-down script lines (alias for down) + down: [] # down script lines + post-down: [] # post-down script lines + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 192.168.122.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - anw-km.netz + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 172.16.122.254 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 10 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + - name: "Activate ksm support" + special_time: reboot + job: "echo 1 > /sys/kernel/mm/ksm/run" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if postfix mailservice is running. Restart service if needed." + minute: "*/5" + hour: "*" + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors." + minute: "*/30" + hour: "*" + job: /root/bin/postfix/check-postfix-fatal-errors.sh + + - name: "Clean up Samba Trash Dirs" + minute: "02" + hour: "23" + job: /root/bin/samba/clean_samba_trash.sh + + - name: "Set (group and access) Permissons for Samba shares" + minute: "14" + hour: "23" + job: /root/bin/samba/set_permissions_samba_shares.sh + + - name: "Check if ntpsec is running. Restart service if needed." + minute: "*/6" + hour: "*" + job: /root/bin/monitoring/check_ntpsec_service.sh + + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_back_mount_privileges: + - 'ALL=(root) NOPASSWD: /usr/bin/mount' + - 'ALL=(root) NOPASSWD: /usr/bin/umount' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + + +# --- +# vars used by roles/common/tasks/samba-config-server.yml +# vars used by roles/common/tasks/samba-user.yml +# --- + +samba_server_ip: 192.168.122.10 +samba_server_cidr_prefix: 24 + +samba_workgroup: WORKGROUP + +samba_netbios_name: FILE-KM + +samba_server_min_protocol: !!str NT1 + +samba_groups: + - name: kanzlei + group_id: 1100 + - name: a-jur + group_id: 1110 + - name: intern + group_id: 1120 + - name: wildvang + group_id: 1130 + #- name: aulmann + # group_id: 1130 + #- name: howe + # group_id: 1140 + - name: stahmann + group_id: 1150 + - name: traine + group_id: 1160 + - name: public + group_id: 1170 + - name: alle + group_id: 1180 + + + +samba_user: + + - name: advoware + groups: + - advoware + password: '9WNRbc49m3' + + - name: a-jur + groups: + - a-jur + - alle + - intern + - kanzlei + password: 'a-jur' + + - name: andrea + groups: + - advoware + - aulmann + - howe + - stahmann + - traine + - public + password: 'fXc3bmK9gj' + + - name: andreas + groups: + - a-jur + - advoware + - alle + - kanzlei + password: 'YKQRa.M9-6rL' + + - name: aphex2 + groups: + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'J3KMRprK9H' + + - name: berenice + groups: + - advoware + - kanzlei + - a-jur + - alle + password: 'berenice' + + - name: beuster + groups: + - advoware + - aulmann + - howe + - stahmann + - traine + - public + - alle + password: 'zlm17Kx' + + - name: buero + groups: + - advoware + - kanzlei + - a-jur + - alle + password: 'buero' + + - name: buero2 + groups: + - advoware + - kanzlei + - a-jur + - alle + password: 'buero2' + + - name: buero3 + groups: + - advoware + - kanzlei + - a-jur + - alle + password: 'buero3' + + - name: buero4 + groups: + - advoware + - kanzlei + - a-jur + - alle + password: 'buero4' + + - name: buero7 + groups: + - advoware + - kanzlei + - a-jur + - alle + password: 'buero7' + + - name: chris + groups: + - a-jur + - advoware + - alle + - aulmann + - intern + - kanzlei + - stahmann + - traine + - public + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30383265366434633965346530666535363761396165393434643665393137353765653739636364 + 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 + 63663763616630383264303039336562626537366634303636356237323630666635356130383165 + 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 + 3430 + + - name: christina + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'qvR7zX4Lhs' + + - name: federico + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'zHfj9g3NcC' + +# - name: gerhard +# groups: +# - advoware +# - alle +# - aulmann +# - howe +# - stahmann +# - traine +# - public +# password: 'bHdhzWnTj9' + + - name: ho-st1 + groups: + - alle + - howe + - stahmann + password: '44-Ro-440' + +# - name: howe-staff-1 +# groups: +# - advoware +# - alle +# - aulmann +# - howe +# password: '' + + - name: irina + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'W9NKv39pXW' + + - name: jessica + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'bV3pjPtjkR' + +# - name: laura +# groups: +# - alle +# - aulmann +# - howe +# - stahmann +# - traine +# password: '99-Hamburg-990' + + - name: lenovo3 + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'fndvLmrt7W' + + - name: lenovo4 + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'tpCMmTKj7H' + + - name: lenovo5 + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: 'L5Hannover51' + + - name: lenovo6 + groups: + - advoware + - alle + - aulmann + - howe + - stahmann + - traine + password: '66koeln66' + + - name: rm-buero1 + groups: + - advoware + - alle + - a-jur + - kanzlei + password: '' + + - name: rm-buero2 + groups: + - advoware + - alle + - a-jur + - kanzlei + password: '' + + - name: rolf + groups: + - alle + - aulmann + - howe + - stahmann + - traine + - public + password: '4xNVNFXgP4' + + - name: sysadm + groups: + - a-jur + - advoware + - alle + - aulmann + - intern + - kanzlei + - stahmann + - traine + - public + password: 'Ax_GSHh5' + + - name: thomas + groups: + - advoware + - alle + - traine + password: '55-tho-mas-550' + + - name: Tresen + groups: + - a-jur + - advoware + - alle + - kanzlei + - howe + - stahmann + - traine + - public + password: 'maltzwo2' + + - name: wiebke + groups: + - alle + - wildvang + - public + password: '4xNVNFXgP4' + + - name: winadm + groups: + - a-jur + - advoware + - alle + - intern + - kanzlei + - public + password: 'Ax_GSHh5' + + + +base_home: /data/home + +remove_samba_users: + - name: howe-staff-1 + - name: gerhard + - name: laura + +#remove_samba_users: [] +#remove_samba_users: +# - name: evren + +samba_shares: + + - name: a-jur + comment: a-jur Dokumente + path: /data/samba/a-jur + group_valid_users: a-jur + group_write_list: a-jur + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + + - name: kanzlei + comment: Kanzlei auf Fileserver + path: /data/samba/kanzlei + group_valid_users: kanzlei + group_write_list: kanzlei + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + + - name: install + comment: Install auf Fileserver + path: /data/samba/no-backup-shares/install + group_valid_users: intern + group_write_list: intern + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: false + + - name: wildvang + comment: Traine auf Fileserver + path: /data/samba/Wildvang + group_valid_users: wildvang + group_write_list: wildvang + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + +# - name: aulmann +# comment: Aulmann auf Fileserver +# path: /data/samba/Aulmann +# group_valid_users: aulmann +# group_write_list: aulmann +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true + +# - name: howe +# comment: Howe auf Fileserver +# path: /data/samba/Howe +# group_valid_users: howe +# group_write_list: howe +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true + + - name: stahmann + comment: Stahmann auf Fileserver + path: /data/samba/Stahmann + group_valid_users: stahmann + group_write_list: stahmann + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + + - name: traine + comment: Traine auf Fileserver + path: /data/samba/Traine + group_valid_users: traine + group_write_list: traine + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + + - name: public + comment: Public auf Fileserver + path: /data/samba/public + group_valid_users: public + group_write_list: public + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + + - name: Advoware-Schriftverkehr + comment: Advoware Dokumente + path: /data/samba/Advoware-Schriftverkehr + group_valid_users: advoware + group_write_list: advoware + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + + - name: Advoware-Backup + comment: Advoware Dokumente + path: /data/samba/Advoware-Backup + group_valid_users: intern + group_write_list: intern + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: false + + - name: alle + comment: Alle auf Fileserver + path: /data/samba/Alle + group_valid_users: alle + group_write_list: alle + file_create_mask: !!str 660 + dir_create_mask: !!str 2770 + vfs_object_recycle: true + recycle_path: '@Recycle' + vfs_object_recycle_is_visible: true + +# - name: web +# comment: Web auf Fileserver +# path: /data/samba/Web +# group_valid_users: web +# group_write_list: web +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_recycle: true +# recycle_path: '@Recycle' + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/gw-campus.oopen.de.yml b/host_vars/gw-campus.oopen.de.yml index eacddf8..f0bd497 100644 --- a/host_vars/gw-campus.oopen.de.yml +++ b/host_vars/gw-campus.oopen.de.yml @@ -90,8 +90,8 @@ network_interfaces: - /sbin/ifconfig eno4 up - - device: eno6 - headline: eno6 - Management Network Campus - network 10.72.1.0/24 + - device: eno6np1 + headline: eno6np1 - Management Network Campus - network 10.72.1.0/24 auto: true family: inet method: static @@ -99,8 +99,8 @@ network_interfaces: netmask: 24 - - device: eno7 - headline: eno7 - network 192.168.11.0/24 (LAN Stockhausen) + - device: eno7np2 + headline: eno7np2 - network 192.168.11.0/24 (LAN Stockhausen) auto: true family: inet method: static diff --git a/host_vars/iam-nd.oopen.de.yml b/host_vars/iam-nd.oopen.de.yml new file mode 100644 index 0000000..5ceb929 --- /dev/null +++ b/host_vars/iam-nd.oopen.de.yml @@ -0,0 +1,225 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 185.12.64.1 + - 2a01:4ff:ff00::add:2 + - 185.12.64.2 + - 2a01:4ff:ff00::add:1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 5 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + - name: "Check if postfix mailservice is running. Restart service if needed." + special_time: reboot + job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" + insertafter: PATH + + +cron_user_entries: + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check if cert for Keycloak service is up-to-date" + minute: '51' + hour: '05' + job: /root/bin/monitoring/check_cert_for_keycloak.sh + + - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)" + minute: '23' + hour: '05' + job: /var/lib/dehydrated/cron/dehydrated_cron.sh + + - name: "Check whether all certificates are included in the VHOST configurations" + minute: '33' + hour: '05' + job: /var/lib/dehydrated/tools/update_ssl_directives.sh + + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +extra_user: + + - name: nd-admin + user_id: 1045 + group_id: 1045 + group: nd-admin + password: $y$j9T$1YJwHY0qdLimgtdOKlTxR1$/O9QWTpr0Y41TduR2GZ0FMCiIxFqOaXWSM9hmHRnv80 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTjd4XFBdF/V9VdSZjy9G7nupBwaMqsrtQSP4Uctkrz org@rdsgn.de' + +sudo_users: + - chris + - sysadm + - nd-admin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-server + repo: https://git.oopen.de/firewall/ipt-server + dest: /usr/local/src/ipt-server + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/host_vars/meet.akweb.de.yml b/host_vars/meet.akweb.de.yml index 113068e..483b5b7 100644 --- a/host_vars/meet.akweb.de.yml +++ b/host_vars/meet.akweb.de.yml @@ -100,6 +100,62 @@ resolved_fallback_nameserver: - 194.150.168.168 +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_entries: + + - name: "Restart Prosody Servive (used by Jitsi Meet Authentification)" + minute: 57 + hour: 05 + job: systemctl restart prosody.service + + - name: "Check if cert for coTURN service is up-to-date" + minute: 03 + hour: 05 + job: /root/bin/monitoring/check_cert_for_service.sh + + - name: "Check if cert(s) for Prosody service are up-to-date" + minute: 13 + hour: 07 + job: /root/bin/monitoring/check_cert_for_prosody.sh + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors.." + minute: '*/5' + hour: '*' + job: /root/bin/postfix/check-postfix-fatal-errors.sh + + - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)" + minute: '23' + hour: '05' + job: /var/lib/dehydrated/cron/dehydrated_cron.sh + + - name: "Check whether all certificates are included in the VHOST configurations" + minute: '33' + hour: '05' + job: /var/lib/dehydrated/tools/update_ssl_directives.sh + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/meet.oopen.de.yml b/host_vars/meet.oopen.de.yml index 1c790ed..85d8011 100644 --- a/host_vars/meet.oopen.de.yml +++ b/host_vars/meet.oopen.de.yml @@ -102,6 +102,63 @@ resolved_fallback_nameserver: - 194.150.168.168 +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + insertafter: PATH + + +cron_user_entries: + + - name: "Restart Prosody Servive (used by Jitsi Meet Authentification)" + minute: 57 + hour: 05 + job: systemctl restart prosody.service + + - name: "Check if cert for coTURN service is up-to-date" + minute: 03 + hour: 05 + job: /root/bin/monitoring/check_cert_for_service.sh + + - name: "Check if cert(s) for Prosody service are up-to-date" + minute: 13 + hour: 07 + job: /root/bin/monitoring/check_cert_for_prosody.sh + + - name: "Check if SSH service is running. Restart service if needed." + minute: '*/5' + hour: '*' + job: /root/bin/monitoring/check_ssh.sh + + - name: "Check if Postfix Mailservice is up and running?" + minute: '*/15' + hour: '*' + job: /root/bin/monitoring/check_postfix.sh + + - name: "Check Postfix E-Mail LOG file for 'fatal' errors.." + minute: '*/5' + hour: '*' + job: /root/bin/postfix/check-postfix-fatal-errors.sh + + - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)" + minute: '23' + hour: '05' + job: /var/lib/dehydrated/cron/dehydrated_cron.sh + + - name: "Check whether all certificates are included in the VHOST configurations" + minute: '33' + hour: '05' + job: /var/lib/dehydrated/tools/update_ssl_directives.sh + + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/nd-archiv.warenform.de.yml b/host_vars/nd-archiv.warenform.de.yml index 703d707..64a5374 100644 --- a/host_vars/nd-archiv.warenform.de.yml +++ b/host_vars/nd-archiv.warenform.de.yml @@ -26,7 +26,7 @@ apt_install_extra_pkgs: true apt_extra_pkgs: - - wkhtmltopdf + - weasyprint - pdftk - subversion - subversion-tools diff --git a/host_vars/nd-live.warenform.de.yml b/host_vars/nd-live.warenform.de.yml index 5963021..64a5374 100644 --- a/host_vars/nd-live.warenform.de.yml +++ b/host_vars/nd-live.warenform.de.yml @@ -26,7 +26,8 @@ apt_install_extra_pkgs: true apt_extra_pkgs: - - wkhtmltopdf + - weasyprint + - pdftk - subversion - subversion-tools diff --git a/host_vars/nd.warenform.de.yml b/host_vars/nd.warenform.de.yml index 703d707..64a5374 100644 --- a/host_vars/nd.warenform.de.yml +++ b/host_vars/nd.warenform.de.yml @@ -26,7 +26,7 @@ apt_install_extra_pkgs: true apt_extra_pkgs: - - wkhtmltopdf + - weasyprint - pdftk - subversion - subversion-tools diff --git a/host_vars/o26.oopen.de.yml b/host_vars/o26.oopen.de.yml index 34525f6..53c2ade 100644 --- a/host_vars/o26.oopen.de.yml +++ b/host_vars/o26.oopen.de.yml @@ -262,7 +262,7 @@ root_ssh_keypair: priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup priv_key_dest: /root/.ssh/id_ed25519-backup pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup.pub - pub_key_dest: /root/.ssh/id_ed25519-backup + pub_key_dest: /root/.ssh/id_ed25519-backup.pub # --- @@ -386,7 +386,7 @@ cron_user_entries: - name: "Remote Borg Backup" minute: '04' hour: '00' - job: /root/crontab/backup-rborg/rborg.sh + job: /root/crontab/backup-rborg2/rborg2.sh - name: "Check if SSH service is running. Restart service if needed." minute: '*/5' diff --git a/host_vars/test.mariadb.oopen.de.yml b/host_vars/test.mariadb.oopen.de.yml new file mode 100644 index 0000000..e372b40 --- /dev/null +++ b/host_vars/test.mariadb.oopen.de.yml @@ -0,0 +1,56 @@ +--- + +# --- +# vars used by role 'firewall' +# --- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by cron.yml +# --- + +#cron_env_entries: [] +cron_env_entries: + - name: PATH + job: /root/bin/admin-stuff:/root/bin:/usr/local/php/bin:/usr/local/apache2/bin:/sbin:/bin:/usr/local/dovecot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + + - name: SHELL + job: /bin/bash + + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/web0.warenform.de.yml b/host_vars/web0.warenform.de.yml index 1208a58..c7d6196 100644 --- a/host_vars/web0.warenform.de.yml +++ b/host_vars/web0.warenform.de.yml @@ -26,7 +26,7 @@ apt_install_extra_pkgs: true apt_extra_pkgs: - - wkhtmltopdf + - weasyprint - pdftk - subversion - subversion-tools diff --git a/host_vars/web1.warenform.de.yml b/host_vars/web1.warenform.de.yml index 5719f62..1d78c8d 100644 --- a/host_vars/web1.warenform.de.yml +++ b/host_vars/web1.warenform.de.yml @@ -26,7 +26,8 @@ apt_install_extra_pkgs: true apt_extra_pkgs: - - wkhtmltopdf + - weasyprint + - pdftk - subversion - subversion-tools diff --git a/host_vars/web2.warenform.de.yml b/host_vars/web2.warenform.de.yml index f1e1654..e8caaaa 100644 --- a/host_vars/web2.warenform.de.yml +++ b/host_vars/web2.warenform.de.yml @@ -26,7 +26,8 @@ apt_install_extra_pkgs: true apt_extra_pkgs: - - wkhtmltopdf + - weasyprint + - pdftk - subversion - subversion-tools diff --git a/hosts b/hosts index 3607569..f73daea 100644 --- a/hosts +++ b/hosts @@ -163,6 +163,7 @@ o15.oopen.de o17.oopen.de test.mx.oopen.de +test.mariadb.oopen.de # Exil e.V. o18.oopen.de @@ -283,6 +284,7 @@ mm-rav.oopen.de o43.oopen.de formbricks-nd.oopen.de keycloak-nd.oopen.de +iam-nd.oopen.de prometheus-nd.oopen.de web-nd.oopen.de test-nd.oopen.de @@ -500,6 +502,7 @@ mm-rav.oopen.de o43.oopen.de formbricks-nd.oopen.de keycloak-nd.oopen.de +iam-nd.oopen.de prometheus-nd.oopen.de web-nd.oopen.de test-nd.oopen.de @@ -940,6 +943,7 @@ mm-rav.oopen.de # o43 - ND prometheus, web keycloak-nd.oopen.de +iam-nd.oopen.de prometheus-nd.oopen.de web-nd.oopen.de @@ -1081,6 +1085,7 @@ mm-rav.oopen.de # o43 - ND app keycloak-nd.oopen.de +iam-nd.oopen.de prometheus-nd.oopen.de @@ -1701,6 +1706,7 @@ mm-rav.oopen.de # o43 - ND keycloak-nd.oopen.de +iam-nd.oopen.de prometheus-nd.oopen.de web-nd.oopen.de test-nd.oopen.de @@ -1942,6 +1948,7 @@ mm-rav.oopen.de o43.oopen.de formbricks-nd.oopen.de keycloak-nd.oopen.de +iam-nd.oopen.de prometheus-nd.oopen.de web-nd.oopen.de test-nd.oopen.de