From b6097221e7d2b05c61e975d518b1fff7ee07d3ad Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 9 Feb 2026 14:23:32 +0100 Subject: [PATCH] update-- --- host_vars/a.mx.oopen.de.yml | 4 - host_vars/b.mx.oopen.de.yml | 7 - host_vars/c.mx.oopen.de.yml | 4 - host_vars/d.mx.oopen.de.yml | 4 - host_vars/e.mx.oopen.de.yml | 4 - host_vars/g.mx.oopen.de.yml | 7 - host_vars/ga-st-mail.ga.netz.yml | 6 +- host_vars/lists.mx.warenform.de.yml | 4 - host_vars/mail-neu.cadus.org.yml | 4 - host_vars/mail.cadus.org.yml | 4 - host_vars/mail.faire-mobilitaet.de.yml | 4 - host_vars/mx.warenform.de.yml | 4 - host_vars/o13-mail.oopen.de.yml | 12 - host_vars/rage.so36.net.yml | 8 - main.yml | 2917 ----------------- .../conf/check_webservice_load.conf | 262 -- .../conf/check_webservice_load.conf | 154 - .../conf/check_webservice_load.conf | 263 -- .../conf/check_webservice_load.conf | 262 -- .../conf/check_webservice_load.conf | 147 - .../conf/check_webservice_load.conf | 270 -- .../conf/check_webservice_load.conf | 262 -- .../conf/check_webservice_load.conf | 261 -- .../conf/check_webservice_load.conf | 263 -- .../conf/check_webservice_load.conf | 262 -- .../mailserver/etc/postfix/header_checks.pcre | 67 +- .../etc/postfix/header_checks.pcre.01} | 4 +- .../conf/check_webservice_load.conf | 262 -- .../o13-mail/etc/postfix/header_checks.pcre | 43 - .../conf/check_webservice_load.conf | 178 - .../files/rage/etc/postfix/postfwd.wl-nets | 5 + 31 files changed, 47 insertions(+), 5911 deletions(-) delete mode 100644 main.yml delete mode 100644 roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/b.mx/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/g.mx/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf rename roles/common/files/{rage/etc/postfix/header_checks.pcre => mailserver/etc/postfix/header_checks.pcre.01} (81%) delete mode 100644 roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf delete mode 100644 roles/common/files/o13-mail/etc/postfix/header_checks.pcre delete mode 100644 roles/common/files/o13-mail/root/bin/monitoring/conf/check_webservice_load.conf diff --git a/host_vars/a.mx.oopen.de.yml b/host_vars/a.mx.oopen.de.yml index ae4f1d5..f2ab5a2 100644 --- a/host_vars/a.mx.oopen.de.yml +++ b/host_vars/a.mx.oopen.de.yml @@ -159,10 +159,6 @@ copy_plain_files: src_path: a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: a.mx/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/b.mx.oopen.de.yml b/host_vars/b.mx.oopen.de.yml index c598015..70cb3b5 100644 --- a/host_vars/b.mx.oopen.de.yml +++ b/host_vars/b.mx.oopen.de.yml @@ -151,13 +151,6 @@ root_ssh_keypair: copy_plain_files: - # /root/bin/monitoring - # - - - name: monitoring_check_webservice_load.conf - src_path: b.mx/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/c.mx.oopen.de.yml b/host_vars/c.mx.oopen.de.yml index 903c4fb..e450c9f 100644 --- a/host_vars/c.mx.oopen.de.yml +++ b/host_vars/c.mx.oopen.de.yml @@ -164,10 +164,6 @@ copy_plain_files: src_path: c.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: c.mx/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/d.mx.oopen.de.yml b/host_vars/d.mx.oopen.de.yml index f01e82e..45e9a0c 100644 --- a/host_vars/d.mx.oopen.de.yml +++ b/host_vars/d.mx.oopen.de.yml @@ -153,10 +153,6 @@ root_ssh_keypair: copy_plain_files: - - name: monitoring_check_webservice_load.conf - src_path: d.mx/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - - name: postfix_create_opendkim_key.conf src_path: d.mx/root/bin/postfix/conf/create_opendkim_key.conf dest_path: /root/bin/postfix/conf/create_opendkim_key.conf diff --git a/host_vars/e.mx.oopen.de.yml b/host_vars/e.mx.oopen.de.yml index c7070c4..bddf9e4 100644 --- a/host_vars/e.mx.oopen.de.yml +++ b/host_vars/e.mx.oopen.de.yml @@ -157,10 +157,6 @@ copy_plain_files: src_path: e.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: e.mx/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - - name: postfix_create_opendkim_key.conf src_path: e.mx/root/bin/postfix/conf/create_opendkim_key.conf dest_path: /root/bin/postfix/conf/create_opendkim_key.conf diff --git a/host_vars/g.mx.oopen.de.yml b/host_vars/g.mx.oopen.de.yml index c7e852b..9f0c134 100644 --- a/host_vars/g.mx.oopen.de.yml +++ b/host_vars/g.mx.oopen.de.yml @@ -151,13 +151,6 @@ resolved_fallback_nameserver: copy_plain_files: - # /root/bin/monitoring - # - - - name: monitoring_check_webservice_load.conf - src_path: g.mx/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/ga-st-mail.ga.netz.yml b/host_vars/ga-st-mail.ga.netz.yml index 78b8de6..b82d709 100644 --- a/host_vars/ga-st-mail.ga.netz.yml +++ b/host_vars/ga-st-mail.ga.netz.yml @@ -214,10 +214,6 @@ copy_plain_files: src_path: ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf @@ -265,6 +261,8 @@ ipv4_address: 192.168.11.2 admin_email: it@gemeinschaft-altenschlirf.org is_relay_host: !!str "false" +support_dmarc_reporting: !!str "false" + db_in_use: !!str "true" # postfix_db_type # diff --git a/host_vars/lists.mx.warenform.de.yml b/host_vars/lists.mx.warenform.de.yml index 59e9f9b..81ff675 100644 --- a/host_vars/lists.mx.warenform.de.yml +++ b/host_vars/lists.mx.warenform.de.yml @@ -148,10 +148,6 @@ root_ssh_keypair: copy_plain_files: - - name: monitoring_check_webservice_load.conf - src_path: lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - - name: postfix_create_opendkim_key.conf src_path: lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf dest_path: /root/bin/postfix/conf/create_opendkim_key.conf diff --git a/host_vars/mail-neu.cadus.org.yml b/host_vars/mail-neu.cadus.org.yml index a3a17ef..e470978 100644 --- a/host_vars/mail-neu.cadus.org.yml +++ b/host_vars/mail-neu.cadus.org.yml @@ -89,10 +89,6 @@ copy_plain_files: src_path: mail.cadus/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/mail.cadus.org.yml b/host_vars/mail.cadus.org.yml index 19d439a..763c89b 100644 --- a/host_vars/mail.cadus.org.yml +++ b/host_vars/mail.cadus.org.yml @@ -159,10 +159,6 @@ copy_plain_files: src_path: mail.cadus/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/mail.faire-mobilitaet.de.yml b/host_vars/mail.faire-mobilitaet.de.yml index a9a7342..61c52c2 100644 --- a/host_vars/mail.faire-mobilitaet.de.yml +++ b/host_vars/mail.faire-mobilitaet.de.yml @@ -159,10 +159,6 @@ copy_plain_files: src_path: mail.faire-mobilitaet/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/mx.warenform.de.yml b/host_vars/mx.warenform.de.yml index b38af47..e9fd474 100644 --- a/host_vars/mx.warenform.de.yml +++ b/host_vars/mx.warenform.de.yml @@ -154,10 +154,6 @@ copy_plain_files: src_path: mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_create_opendkim_key.conf diff --git a/host_vars/o13-mail.oopen.de.yml b/host_vars/o13-mail.oopen.de.yml index 9082f13..328f2f7 100644 --- a/host_vars/o13-mail.oopen.de.yml +++ b/host_vars/o13-mail.oopen.de.yml @@ -154,10 +154,6 @@ copy_plain_files: src_path: o13-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf - - name: monitoring_check_webservice_load.conf - src_path: o13-mail/root/bin/monitoring/conf/check_webservice_load.conf - dest_path: /root/bin/monitoring/conf/check_webservice_load.conf - # /root/bin/postfix # - name: postfix_check-postfix-fatal-errors.conf @@ -167,14 +163,6 @@ copy_plain_files: copy_plain_files_postfwd_host_specific: - - name: header_checks.pcre - src_path: o13-mail/etc/postfix/header_checks.pcre - dest_path: /etc/postfix/header_checks.pcre - - - name: postfwd.wl-hosts - src_path: o13-mail/etc/postfix/postfwd.wl-hosts - dest_path: /etc/postfix/postfwd.wl-hosts - - name: postfwd.wl-hosts src_path: o13-mail/etc/postfix/postfwd.wl-hosts dest_path: /etc/postfix/postfwd.wl-hosts diff --git a/host_vars/rage.so36.net.yml b/host_vars/rage.so36.net.yml index 050df6e..d3a724e 100644 --- a/host_vars/rage.so36.net.yml +++ b/host_vars/rage.so36.net.yml @@ -147,14 +147,6 @@ copy_plain_files: copy_plain_files_postfwd_host_specific: - - name: header_checks.pcre - src_path: rage/etc/postfix/header_checks.pcre - dest_path: /etc/postfix/header_checks.pcre - - - name: postfwd.wl-hosts - src_path: rage/etc/postfix/postfwd.wl-hosts - dest_path: /etc/postfix/postfwd.wl-hosts - - name: postfwd.wl-hosts src_path: rage/etc/postfix/postfwd.wl-hosts dest_path: /etc/postfix/postfwd.wl-hosts diff --git a/main.yml b/main.yml deleted file mode 100644 index 6e47d34..0000000 --- a/main.yml +++ /dev/null @@ -1,2917 +0,0 @@ ---- - -# --- -# vars used by roles/ansible_dependencies -# --- - -apt_ansible_dependencies: - - apt-transport-https - - ca-certificates - - dbus - - lsb-release - - mc - - net-tools - - openssl - - python-apt-common - - python3 - - python3-apt - - software-properties-common - - sudo - - vim - - vlan - - -# --- -# vars used by roles/ansible_user -# --- - -ansible_remote_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - -time_zone: Europe/Berlin - -locales: - - en_US.UTF-8 - - de_DE.UTF-8 - -#copy_plain_files_security_limits: [] -copy_plain_files_security_limits: - - # /etc/security/limits.d/*.conf - # - - name: 90-user-NOFILE.conf - src_path: etc/security/limits.d/90-user-NOFILE.conf - dest_path: /etc/security/limits.d/90-user-NOFILE.conf - - -#copy_plain_files_systemd: [] -copy_plain_files_systemd: - - # /etc/systemd/system.conf.d/*.conf - # - - name: DefaultLimitNOFILE - src_path: etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf - dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf - - - name: DefaultTasksMax - src_path: etc/systemd/system.conf.d/20-DefaultTasksMax.conf - dest_path: /etc/systemd/system.conf.d/20-DefaultTasksMax.conf - - - name: DefaultLimitCORE - src_path: etc/systemd/system.conf.d/20-DefaultLimitCORE.conf - dest_path: /etc/systemd/system.conf.d/20-DefaultLimitCORE.conf - - - name: DefaultLimitNPROC - src_path: etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf - dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf - - - name: DefaultLimitRTPRIO - src_path: etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf - dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf - - - name: DefaultLimitRTTIME - src_path: etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf - dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf - - -#copy_plain_files_journald: [] -copy_plain_files_journald: - - - name: SystemMaxUse - src_path: etc/systemd/journald.conf.d/50-SystemMaxUse.conf - dest_path: /etc/systemd/journald.conf.d/50-SystemMaxUse.conf - - - name: SystemMaxFileSize - src_path: etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf - dest_path: /etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf - - - name: MaxFileSec - src_path: etc/systemd/journald.conf.d/50-MaxFileSec.conf - dest_path: /etc/systemd/journald.conf.d/50-MaxFileSec.conf - - - -#copy_plain_files_sysctl: [] -copy_plain_files_sysctl: - - # /etc/sysctl.d/*.conf - # - - name: dovecot - src_path: etc/sysctl.d/50-dovecot.conf - dest_path: /etc/sysctl.d/50-dovecot.conf - - - name: redis - src_path: etc/sysctl.d/50-redis.conf - dest_path: /etc/sysctl.d/50-redis.conf - - - name: swappiness - src_path: etc/sysctl.d/50-swappiness.conf - dest_path: /etc/sysctl.d/50-swappiness.conf - - - name: ddos - src_path: etc/sysctl.d/10-ddos.conf - dest_path: /etc/sysctl.d/10-ddos.conf - -copy_additional_plain_files_sysctl: [] - - -# --- -# vars used by apt.yml -# --- - -apt_manage_sources_list: true - -apt_src_enable: true -apt_backports_enable: true - -apt_debian_mirror: http://ftp.de.debian.org/debian/ -apt_debian_contrib_nonfree_enable: true - -# Ubuntu mirror -apt_ubuntu_mirror: http://archive.ubuntu.com/ubuntu - -apt_update_cache_valid_time: 3600 - -apt_upgrade: true -apt_update: true - -apt_clean: true -apt_autoremove: true - -apt_dpkg_configure: true -apt_upgrade_type: dist -apt_upgrade_dpkg_options: - - force-confdef - - force-confold - -apt_initial_install_stretch: - - apt-transport-https - - cryptsetup - - dbus - - openssh-server - - rssh - - bash - - bash-completion - - vim - - vim-common - - vim-doc - - mc - - screen - - tmux - - bc - - figlet - - rcconf - - sudo - - rsync - - dselect - - iputils-ping - - apt-utils - - aptitude - - zip - - unzip - - bzip2 - - arj - - locate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - exuberant-ctags - - mime-support - - file - - coreutils - - moreutils - - less - - realpath - - sipcalc - - psmisc - - dnsutils - - rblcheck - - whois - - gettext - - gettext-base - - gettext-doc - - debian-keyring - - patch - - patchutils - - recode - - recode-doc - - librecode0 - - librecode-dev - - sharutils - - perl - - perl-modules-5.24 - - perl-doc - - libperl-dev - - libterm-readline-gnu-perl - - libterm-readline-perl-perl - - libterm-readkey-perl - - libmail-imapclient-perl - - libtime-duration-perl - - libtimedate-perl - - libwww-perl - - libpcre3 - - libreadline5 - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - iproute2 - - bridge-utils - - vlan - - ethtool - - wipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - wipe - - man-db - - groff - - iptables - - shellcheck - - ssl-cert - - ssl-cert-check - - git - - ftp - - htop - - net-tools - - lsb-release - - attr - - acl - - quota - - quotatool - - needrestart - - socat - - zsh - -apt_initial_install_buster: - - apt-transport-https - - cryptsetup - - gnupg - - gpgv - - deborphan - - dbus - - openssh-server - - rush - - bash - - bash-completion - - vim - - vim-common - - vim-doc - - mc - - screen - - tmux - - cron - - bc - - figlet - - rcconf - - sudo - - rsync - - dselect - - iputils-ping - - apt-utils - - aptitude - - zip - - unzip - - bzip2 - - arj - - locate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - ctags - - mime-support - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - dnsutils - - rblcheck - - whois - - gettext - - gettext-base - - gettext-doc - - debian-keyring - - patch - - patchutils - - recode - - recode-doc - - librecode0 - - librecode-dev - - sharutils - - perl - - perl-modules-5.28 - - perl-doc - - libperl-dev - - libterm-readline-gnu-perl - - libterm-readline-perl-perl - - libterm-readkey-perl - - libmail-imapclient-perl - - libtime-duration-perl - - libtimedate-perl - - libwww-perl - - libpcre3 - - libio-compress-perl - - libreadline5 - - libcroco3-dev - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - iproute2 - - bridge-utils - - vlan - - ethtool - - wipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - wipe - - man - - groff - - iptables - - shellcheck - - ssl-cert - - ssl-cert-check - - git - - ftp - - htop - - net-tools - - lsb-release - - attr - - acl - - quota - - quotatool - - needrestart - - socat - - zsh - - lua5.3 - - btrfs-tools - - fdisk - -apt_initial_install_bullseye: - - apt-transport-https - - cryptsetup - - gnupg - - gpgv - - deborphan - - zstd - - dbus - - openssh-server - - rush - - bash - - bash-completion - - vim - - vim-common - - vim-doc - - mc - - screen - - tmux - - cron - - bc - - figlet - - rcconf - - sudo - - rsync - - dselect - - iputils-ping - - apt-utils - - aptitude - - zip - - unzip - - bzip2 - - arj - - locate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - universal-ctags - - mime-support - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - dnsutils - - rblcheck - - whois - - gettext - - gettext-base - - gettext-doc - - debian-keyring - - patch - - patchutils - - recode - - recode-doc - - librecode0 - - librecode-dev - - sharutils - - perl - - perl-modules-5.32 - - perl-doc - - libperl-dev - - libterm-readline-gnu-perl - - libterm-readline-perl-perl - - libterm-readkey-perl - - libmail-imapclient-perl - - libtime-duration-perl - - libtimedate-perl - - libwww-perl - - libpcre3 - - libio-compress-perl - - libreadline-dev - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - iproute2 - - bridge-utils - - vlan - - ethtool - - wipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - wipe - - man - - groff - - iptables - - shellcheck - - ssl-cert - - ssl-cert-check - - git - - ftp - - htop - - net-tools - - lsb-release - - attr - - acl - - quota - - quotatool - - needrestart - - socat - - zsh - - lua5.4 - - btrfs-progs - - fdisk - -apt_initial_install_bookworm: - - cryptsetup - - dbus - - openssh-server - - rush - - bash - - bash-completion - - vim - - vim-common - - vim-doc - - mc - - screen - - tmux - - cron - - bc - - figlet - - rcconf - - sudo - - rsync - - dselect - - iputils-ping - - apt-utils - - aptitude - - zip - - unzip - - bzip2 - - arj - - locate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - universal-ctags - - mime-support - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - dnsutils - - rblcheck - - whois - - gettext - - gettext-base - - gettext-doc - - debian-keyring - - patch - - patchutils - - recode - - recode-doc - - librecode0 - - librecode-dev - - sharutils - - perl - - perl-modules-5.36 - - perl-doc - - libperl-dev - - libreadline-dev - - libterm-readline-gnu-perl - - libterm-readline-perl-perl - - libterm-readkey-perl - - libmail-imapclient-perl - - libtime-duration-perl - - libtimedate-perl - - libwww-perl - - libpcre3 - - libio-compress-perl - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - unhide - - lsof - - hdparm - - groff - - iproute2 - - bridge-utils - - vlan - - ethtool - - wipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - wipe - - man - - groff - - iptables - - shellcheck - - ssl-cert - - ssl-cert-check - - git - - ftp - - htop - - net-tools - - lsb-release - - attr - - acl - - quota - - quotatool - - needrestart - - socat - - zsh - - lua5.4 - - btrfs-progs - - fdisk - - -apt_initial_install_xenial: - - apt-transport-https - - cryptsetup - - dbus - - openssh-server - - rush - - vim - - vim-common - - vim-doc - - mc - - screen - - tmux - - bc - - figlet - - sudo - - rsync - - dselect - - iputils-ping - - apt-utils - - aptitude - - zip - - unzip - - bzip2 - - arj - - locate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - ctags - - mime-support - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - dnsutils - - rblcheck - - whois - - gettext - - gettext-base - - gettext-doc - - debian-keyring - - patch - - patchutils - - recode - - recode-doc - - librecode0 - - librecode-dev - - sharutils - - perl - - perl-modules-5.22 - - perl-doc - - libperl-dev - - libterm-readline-gnu-perl - - libterm-readline-perl-perl - - libterm-readkey-perl - - libmail-imapclient-perl - - libtime-duration-perl - - libtimedate-perl - - libwww-perl - - libpcre3 - - libio-compress-perl - - libreadline5 - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - iproute2 - - bridge-utils - - vlan - - ethtool - - wipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - wipe - - man - - groff - - iptables - - shellcheck - - ssl-cert - - ssl-cert-check - - git - - ftp - - htop - - net-tools - - lsb-release - - attr - - acl - - quota - - quotatool - - needrestart - - ifupdown - - socat - -apt_initial_install_bionic: - - apt-transport-https - - cryptsetup - - dbus - - openssh-server - - rush - - vim - - vim-common - - vim-doc - - mc - - screen - - tmux - - bc - - figlet - - sudo - - rsync - - dselect - - iputils-ping - - apt-utils - - aptitude - - zip - - unzip - - bzip2 - - arj - - locate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - ctags - - mime-support - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - dnsutils - - rblcheck - - whois - - gettext - - gettext-base - - gettext-doc - - debian-keyring - - patch - - patchutils - - recode - - recode-doc - - librecode0 - - librecode-dev - - sharutils - - perl - - perl-modules-5.26 - - perl-doc - - libperl-dev - - libterm-readline-gnu-perl - - libterm-readline-perl-perl - - libterm-readkey-perl - - libmail-imapclient-perl - - libtime-duration-perl - - libtimedate-perl - - libwww-perl - - libpcre3 - - libio-compress-perl - - libreadline5 - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - iproute2 - - bridge-utils - - vlan - - ethtool - - wipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - wipe - - man - - groff - - iptables - - shellcheck - - ssl-cert - - ssl-cert-check - - git - - ftp - - htop - - net-tools - - lsb-release - - attr - - acl - - quota - - quotatool - - needrestart - - ifupdown - - socat - -apt_initial_install_jammy: - - apt-transport-https - - dbus - - openssh-server - - rush - - vim - - vim-common - - vim-doc - - mc - - screen - - tmux - - bc - - figlet - - sudo - - rsync - - dselect - - iputils-ping - - apt-utils - - aptitude - - zip - - unzip - - bzip2 - - arj - - locate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - exuberant-ctags - - universal-ctags - - mime-support - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - dnsutils - - rblcheck - - whois - - gettext - - gettext-base - - gettext-doc - - debian-keyring - - patch - - patchutils - - recode - - recode-doc - - librecode0 - - librecode-dev - - sharutils - - perl - - perl-modules - - perl-doc - - libperl-dev - - libterm-readline-gnu-perl - - libterm-readline-perl-perl - - libterm-readkey-perl - - libmail-imapclient-perl - - libtime-duration-perl - - libtimedate-perl - - libwww-perl - - libpcre3 - - libio-compress-perl - - libreadline5 - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - iproute2 - - bridge-utils - - vlan - - ethtool - - wipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - wipe - - man - - groff - - iptables - - shellcheck - - ssl-cert - - ssl-cert-check - - git - - ftp - - htop - - net-tools - - lsb-release - - attr - - acl - - quota - - quotatool - - needrestart - - ifupdown - - socat - -install_compiler_pkgs: false -apt_compiler_pkgs: - - g++ - - g++-multilib - - gcc - - gcc-multilib - - cpp - - make - - automake - - autoconf - - libtool - - flex - - bison - - gettext - - pkg-config - - gnu-standards - - libssl-dev - - libreadline-dev - - libncurses-dev - - libsystemd-dev - - libnss3-dev - #- python-dev - -yum_compiler_pkgs_centos: - - gcc-c++ - - cpp - - make - - cmake - - automake - - autoconf - - libtool - - flex - - bison - - gettext - - pkgconfig - - openssl-devel - - openssl-static - - readline-devel - - readline-static - - ncurses - - ncurses-devel - - ncurses-static - - systemd-devel - - nss-devel - -yum_compiler_pkgs_fedora: - - gcc-c++ - - cpp - - make - - cmake - - automake - - autoconf - - libtool - - flex - - bison - - gettext - - pkgconfig - - openssl-devel - - readline-devel - - readline-static - - ncurses - - ncurses-devel - - ncurses-static - - systemd-devel - - nss-devel - -install_webserver_pkgs: false - -yum_webserver_pkgs_centos: - - libdb-devel - - zlib - - zlib-devel - - zlib-static - - openssl-devel - - openssl-static - - neon - - neon-devel - - libxml2 - - libxml2-devel - - libxml2-static - - curl - - libcurl - - libcurl-devel - - gdbm - - gdbm-devel - - aspell - - aspell-devel - - libjpeg-turbo - - libjpeg-turbo-devel - - libjpeg-turbo-static - - libXpm - - libXpm-devel - - freetype - - freetype-devel - - libwmf - - libwmf-devel - - libtiff - - libtiff-devel - - libtiff-static - - libpaper-devel - - libpaper-devel - - file-libs - - file-devel - - file-static - - GraphicsMagick - - GraphicsMagick-perl - - GraphicsMagick-devel - - GraphicsMagick-doc - - GraphicsMagick-c++ - - GraphicsMagick-c++-devel - - graphviz - - graphviz-devel - - libgsf - - libgsf-devel - - ilmbase - - ilmbase-devel - - libvpx - - libvpx-devel - - libvpx-utils - - gpm - - gpm-devel - - gpm-static - - texlive-kpathsea - - texlive-kpathsea-bin - - texlive-kpathsea-lib - - texlive-kpathsea-lib-devel - - OpenEXR - - OpenEXR-libs - - OpenEXR-devel - - librsvg2 - - librsvg2-devel - - librsvg2-tools - - djvulibre - - djvulibre-libs - - djvulibre-devel - - expat - - expat-devel - - expat-static - - ImageMagick - - ImageMagick-devel - - libexif - - libexif-devel - - exiv2 - - exiv2-libs - - exiv2-devel - - re2c - - netpbm - - netpbm-devel - - netpbm-progs - - mcrypt - - libmcrypt - - libmcrypt-devel - - mariadb-libs - - mariadb-devel - - postgresql-libs - - postgresql-devel - - postgresql-static - - libdbi - - libdbi-devel - - libdbi-dbd-mysql - - libdbi-dbd-pgsql - - libdbi-dbd-sqlite - - libdbi-devel - - libdbi-drivers - - readline - - readline-devel - - ncurses - - ncurses-devel - - ncurses-static - - libdb - - libdb-devel - - libdb-cxx - - libdb-cxx-devel - - libxslt - - libxslt-devel - - pcre - - pcre-devel - - pcre-static - - libc-client - - libicu - - libicu-devel - - libtidy - - libtidy-devel - - ModemManager - - ModemManager-glib - - gmp - - gmp-devel - - gmp-static - - krb5-libs - - krb5-devel - - openldap - - openldap-devel - - mhash - - mhash-devel.x86_64 - - gd - - gd-devel - - lua - - lua-static - - lua-devel - - apr - - apr-devel.i686 - - apr-util - - apr-util-devel - - apr-util-ldap - - apr-util-mysql - - apr-util-nss - - apr-util-odbc - - apr-util-openssl - - apr-util-pgsql - - apr-util-sqlite - - lksctp-tools - - lksctp-tools-devel - - openssl - - openssl-libs - - openssl-devel - - openssl-static - - cryptopp - - cryptopp-devel - - GeoIP - - GeoIP-devel - - libaio - - libaio-devel - - tk - - tk-devel - - tcl - - tcl-devel - - tcl-tclreadline - - tcl-tclreadline-devel - - expect - - expect-devel - - perl-Expect - - poppler-utils - - # - libqdbm-dev - #- libatm-dev - #- libc-client2007e-dev - #- libc-client-dev - #- ffmpeg - -yum_webserver_pkgs_fedora: - - libdb-devel - - zlib - - zlib-devel - - zlib-static - - openssl-devel - - neon - - neon-devel - - libxml2 - - libxml2-devel - - libxml2-static - - curl - - libcurl - - libcurl-devel - - gdbm - - gdbm-devel - - aspell - - aspell-devel - - libjpeg-turbo - - libjpeg-turbo-devel - - libjpeg-turbo-static - - libXpm - - libXpm-devel - - freetype - - freetype-devel - - libwmf - - libwmf-devel - - libtiff - - libtiff-devel - - libtiff-static - - libpaper-devel - - libpaper-devel - - file-libs - - file-devel - - file-static - - GraphicsMagick - - GraphicsMagick-perl - - GraphicsMagick-devel - - GraphicsMagick-doc - - GraphicsMagick-c++ - - GraphicsMagick-c++-devel - - graphviz - - graphviz-devel - - libgsf - - libgsf-devel - - ilmbase - - ilmbase-devel - - libvpx - - libvpx-devel - - libvpx-utils - - gpm - - gpm-devel - - gpm-static - - texlive-kpathsea - - texlive-kpathsea-bin - - texlive-kpathsea-lib - - texlive-kpathsea-lib-devel - - OpenEXR - - OpenEXR-libs - - OpenEXR-devel - - librsvg2 - - librsvg2-devel - - librsvg2-tools - - djvulibre - - djvulibre-libs - - djvulibre-devel - - expat - - expat-devel - - expat-static - - ImageMagick - - ImageMagick-devel - - libexif - - libexif-devel - - exiv2 - - exiv2-libs - - exiv2-devel - - re2c - - netpbm - - netpbm-devel - - netpbm-progs - - mcrypt - - libmcrypt - - libmcrypt-devel - - mariadb-devel - - postgresql-libs - - postgresql-private-devel - - postgresql-static - - libdbi - - libdbi-devel - - libdbi-dbd-mysql - - libdbi-dbd-pgsql - - libdbi-dbd-sqlite - - libdbi-devel - - libdbi-drivers - - readline - - readline-devel - - ncurses - - ncurses-devel - - ncurses-static - - libdb - - libdb-devel - - libdb-cxx - - libdb-cxx-devel - - libxslt - - libxslt-devel - - pcre - - pcre-devel - - pcre-static - - libicu - - libicu-devel - - libtidy - - libtidy-devel - - ModemManager - - ModemManager-glib - - gmp - - gmp-devel - - gmp-static - - krb5-libs - - krb5-devel - - openldap - - openldap-devel - - mhash - - mhash-devel.x86_64 - - gd - - gd-devel - - lua - - lua-static - - lua-devel - - apr - - apr-devel.i686 - - apr-util - - apr-util-devel - - apr-util-ldap - - apr-util-mysql - - apr-util-odbc - - apr-util-openssl - - apr-util-pgsql - - apr-util-sqlite - - lksctp-tools - - lksctp-tools-devel - - openssl - - openssl-libs - - openssl-devel - - cryptopp - - cryptopp-devel - - GeoIP - - GeoIP-devel - - libaio - - libaio-devel - - tk - - tk-devel - - tcl - - tcl-devel - - tcl-tclreadline - - tcl-tclreadline-devel - - expect - - expect-devel - - perl-Expect - - poppler-utils - - -apt_webserver_pkgs: - - libdb-dev - - zlib1g - - zlib1g-dev - - libssl-dev - - libneon27-dev - - libxml2 - - libxml2-dev - - curl - - libcurl4-openssl-dev - - libqdbm-dev - - libgdbm-dev - - libpspell-dev - - libjpeg-dev - - libpng-dev - - libxpm-dev - - libfreetype6-dev - - libwmf-dev - - libtiff-dev - - libpaper-dev - - libmagic-dev - - libgraphics-magick-perl - - libgraphicsmagick++1-dev - - libgraphicsmagick-q16-3 - - libgraphicsmagick1-dev - - libgraphviz-dev - - libgsf-1-dev - - libilmbase-dev - - libvpx-dev - - vpx-tools - - libgpm-dev - - libkpathsea-dev - - libopenexr-dev - - librsvg2-dev - - libdjvulibre-dev - - libatm-dev - - libexpat-dev - - imagemagick - - graphicsmagick - - exif - - libexiv2-dev - - re2c - - netpbm - - libnetpbm10-dev - - libmcrypt-dev - - mcrypt - - default-libmysqlclient-dev - - libpq-dev - - postgresql-client - - libreadline-dev - - libncurses-dev - - libdb5.3 - - libdb5.3++ - - libdb5.3++-dev - - libdb5.3-dev - - libxslt1-dev - - libpcre3-dev - - libc-client2007e-dev - - libc-client-dev - - libicu-dev - - libtidy-dev - - libmm-dev - - libgmp-dev - - libkrb5-dev - - libldap-dev - - libmhash-dev - - libgd-dev - - liblua5.3-dev - - libapr1-dev - - libaprutil1-dev - - libsctp-dev - - libcrypto++-dev - - ffmpeg - - libmagickwand-dev - - libgeoip-dev - - libaio-dev - - tk-dev - - tcl-dev - - tclreadline - - expect - - expect-dev - - libexpect-perl - - poppler-utils - -install_postgresql_pkgs: false -apt_postgresql_pkgs: - - postgresql - -yum_postgresql_pkgs_centos: - - postgresql - - postgresql-server - - postgresql-libs - - postgresql-devel - - postgresql-static - - postgresql-plperl - - perl-DBD-Pg - - perl-DateTime-Format-Pg - - check_postgres - -yum_postgresql_pkgs_fedora: - - postgresql - - postgresql-server - - postgresql-libs - - postgresql-private-devel - - postgresql-static - - postgresql-plperl - - perl-DBD-Pg - - perl-DateTime-Format-Pg - - check_postgres - -install_bind_packages: false -apt_bind_pkgs: - - bind9 - -yum_bind_pks: - - bind - - -install_lxc_host_pkgs: false -apt_lxc_host_pkgs: - - bridge-utils - - lxc - - lxc-templates - - lxcfs - - python3-lxc - - debootstrap - - ntpsec - -yum_lxc_host_pkgs_centos: - - bridge-utils - - lxc - - lxc-templates - - python36-lxc - - debootstrap - - ntp - -yum_lxc_host_pkgs_fedora: - - bridge-utils - - lxc - - lxc-templates - - python3-lxc - - debootstrap - - ntpsec - - -install_kvm_host_pkgs: false -apt_kvm_host_pkgs: - - lvm2 - - bridge-utils - - ntfs-3g - - qemu-system - - qemu-kvm - - libvirt-clients - - libvirt-daemon-system - - libosinfo-bin - - virtinst - - libguestfs-tools - - kpartx - - debootstrap - - ntpsec - - -apt_gateway_host_pkgs: - - iptraf - - speedtest-cli - - -# available in debian 10 (buster) but not in debian 11 (bullseye) -# -apt_kvm_host_buster_pkgs: - - virt-top - -apt_install_extra_pkgs: false -apt_extra_pkgs: [] - -apt_install: {} -apt_install_state: latest - -apt_remove: - - rpcbind - - apt-transport-tor - - tor - - tor-geoipdb - - torsocks - -apt_remove_purge: false - -microcode_package: - - intel-microcode - - amd64-microcode - - -# --- -# vars used by yum.yml -# --- - -yum_install_state: latest - -yum_ansible_dependencies: - - ca-certificates - - dbus - - redhat-lsb-core - - mc - - net-tools - - openssl - - python3 - - sudo - - vim - -yum_base_install_centos_7: - - redhat-lsb-core - - ca-certificates - - git - - iproute - - mc - - net-tools - - bind-utils - - openssl - - python2 - - python3 - - sudo - - vim - - yum-utils - -yum_initial_install_centos_7: - - cryptsetup - - dbus - - openssh-server - - bash - - bash-completion - - vim - - vim-common - - mc - - screen - - tmux - - cronie - - bc - - figlet - - sudo - - rsync - - dselect - - iputils - - zip - - unzip - - bzip2 - - arj - - mlocate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - ctags - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - whois - - gettext - - gettext-devel - - debian-keyring - - patch - - patchutils - - recode - - recode-devel - - sharutils - - perl - - perl-devel - - readline - - readline-devel - - libtermkey - - libtermkey-devel - - perl-Time-Duration-Parse - - perl-DateTime - - perl-libwww-perl - - pcre - - pcre2 - - perl-IO-Compress - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - bridge-utils - - ethtool - - nwipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - ntpdate - - man - - groff - - iptables - - ShellCheck - - ftp - - htop - - net-tools - - attr - - acl - - quota - - quotatool - - needrestart - - socat - - zsh - - lua - - btrfs-progs - -yum_base_install_fedora_38: - - redhat-lsb-core - - ca-certificates - - git - - iproute - - mc - - net-tools - - bind-utils - - openssl - - python2 - - python3 - - sudo - - vim - - yum-utils - -yum_initial_install_fedora_38: - - cryptsetup - - dbus - - openssh-server - - bash - - bash-completion - - vim - - vim-common - - mc - - screen - - tmux - - cronie - - bc - - figlet - - sudo - - rsync - - dselect - - iputils - - zip - - unzip - - bzip2 - - arj - - mlocate - - curl - - gawk - - mawk - - lynx - - links - - w3m - - ctags - - file - - coreutils - - moreutils - - less - - sipcalc - - psmisc - - whois - - gettext - - gettext-devel - - debian-keyring - - patch - - patchutils - - recode - - recode-devel - - sharutils - - perl - - perl-devel - - readline - - readline-devel - - libtermkey - - libtermkey-devel - - perl-Time-Duration-Parse - - perl-DateTime - - perl-libwww-perl - - pcre - - pcre2 - - perl-IO-Compress - - re2c - - util-linux - - parted - - lshw - - gdisk - - smartmontools - - tcpdump - - telnet - - unhide - - lsof - - hdparm - - groff - - bridge-utils - - ethtool - - nwipe - - iperf - - mtr - - iptraf - - wget - - logrotate - - rsyslog - - haveged - - rdate - - man - - groff - - iptables - - ShellCheck - - ftp - - htop - - net-tools - - attr - - acl - - quota - - quotatool - - needrestart - - socat - - zsh - - lua - - btrfs-progs - - - #- ntpdate - - -# --- -# vars used by roles/common/tasks/systemd-resolved.yml -# --- - -systemd_resolved: false - - -# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie -# Primäre DNS-Adresse: 38.132.106.139 -# Sekundäre DNS-Adresse: 194.187.251.67 -# -# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen -# primäre DNS-Adresse -# IPv4: 1.1.1.1 -# IPv6: 2606:4700:4700::1111 -# sekundäre DNS-Adresse -# IPv4: 1.0.0.1 -# IPv6: 2606:4700:4700::1001 -# -# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit -# primäre DNS-Adresse -# IPv4: 8.8.8.8 -# IPv6: 2001:4860:4860::8888 -# sekundäre DNS-Adresse -# IPv4: 8.8.4.4 -# IPv6: 2001:4860:4860::8844 -# -# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug -# primäre DNS-Adresse -# IPv4: 9.9.9.9 -# IPv6: 2620:fe::fe -# sekundäre DNS-Adresse -# IPv4: 149.112.112.112 -# IPv6: 2620:fe::9 -# -# OpenNIC - https://www.opennic.org/ -# IPv4: 195.10.195.195 - ns31.de -# IPv4: 94.16.114.254 - ns28.de -# IPv4: 51.254.162.59 - ns9.de -# IPv4: 194.36.144.87 - ns29.de -# IPv6: 2a00:f826:8:2::195 - ns31.de -# -# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) -# IPv4: 5.1.66.255 -# IPv6: 2001:678:e68:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# IPv4: 185.150.99.255 -# IPv6: 2001:678:ed0:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) -resolved_nameserver: - - 195.10.195.195 - - 1.1.1.1 - -# search domains -# -# If there are more than one search domains, then specify them here in the order in which -# the resolver should also search them -# -#resolved_domains: [] -resolved_domains: - - oopen.de - -resolved_dnssec: true - -# dns.as250.net: 194.150.168.168 -# -resolved_fallback_nameserver: - - 194.150.168.168 - - -# --- -# vars used by tor.yml -# --- - -torrc_path: /etc/tor/torrc - -tordir: /var/lib/tor/ - -tor_hidden_service_dir: /var/lib/tor/hidden_service/ - -tor_hidden_service_port: - - 25 127.0.0.25:25 - - 80 127.0.0.1:80 - - 465 127.0.0.25:465 - - 587 127.0.0.25:587 - - 993 127.0.0.1:993 - - 995 127.0.0.1:995 - - -# --- -# vars used by modify-munin-ip.yml -# --- - -munin_remote_ipv4: 37.27.121.227 -munin_remote_ipv6: 2a01:4f9:3070:2bda::22 - -munin_remote_ipv4_old: 135.181.136.84 -munin_remote_ipv6_old: 2a01:4f9:3a:1051::84 - - -# --- -# vars used by cron.yml -# --- - -cron_env_entries: [] -#cron_env_entries: -# - name: PATH -# job: /root/bin/admin-stuff:/root/bin:usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -# -# - name: SHELLforwarding -# job: /bin/bash - -cron_user_entries: [] -#cron_user_entries: -# -# - name: "Check if Postfix Mailservice is up and running?" -# minute: "*/15" -# job: /root/bin/monitoring/check_postfix.sh -# -# - name: "Check if SSH service is up and running?" -# minute: "*/15" -# job: /root/bin/monitoring/check_ssh.sh - - -cron_user_special_time_entries: [] -#cron_user_special_time_entries: -# -# - name: "Check if Postfix Service is running at boot time" -# special_time: reboot -# job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" -# insertafter: PATH - -# --- -# vars used by roles/common/tasks/users.yml -# --- - -insert_ssh_keypair_backup_server: false - -ssh_keypair_backup_server: [] - - -insert_keypair_backup_client: false - -ssh_keypair_backup_client: [] - - -insert_root_ssh_keypair: false - -root_ssh_keypair: [] - -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - - user_id: 1051 - group_id: 1051 - group: localadmin - password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -extra_user: [] - -sudo_users: [] - -extra_system_user: [] - - -entries_authorized_key: [] -#entries_authorized_key: -# - user: root -# - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcc4brtgGW0xP2KiZGq5xsyUKcNiYF72zQ49Z0lqx3iu0zj9oz79oGZY1N9jCeKG30AsbwL+4H6/l2hAekFZu6fIwuiRgCVRAwYrnnlOGDAnYOGHfks23pk2BU0/fb2VnxiK967FvpJ/xDP49t1UC5voX/O2MTkz6NROJPwIClHgnwN1bg+C09UpJNmmdROi8myhiu1/aYbAWDfQzVUnHio0q3vBM16ZUQkoIHxQT4fF8elS408n0jd9WJHyRtLB/mCMI6O3G2yHdPVciqKwgRwRtJ8hDjmFfyeLtxb4ADpa2Q/f6MuJI0elxbxjp8l2XKjVSwPJ8GKomC16HfgFMrnUNQcx9YMrXB26f+lperf9NlwbQtXZffj9M+BxTAFvh+1Q/iIHqRat2Bb/8OUY9JI2zuWUliffqb5Kbzjik4vMqZvI2ED2zphsPcpLST7u+4z40vZliBf1F4P2vDBfIRK87ldfJQQw6saMZznjZPNV7CA+K7IFCpOz0wuoVE3wOka8hdYmMIMno34Zf6P+xuTaAPXJOCubKuhicUlhtX7q72Pln5kuvbO3ZRgEK3XnyIWeAd2rkaU6XVo7W19043e9HkkbG8nZETYu7TGFhufXyloinde5XLyW295BS8fKa1AteJPDLY4ClF2PZiWbxWRjAhlRAlgXgup09rN2HHjw== root@b.ns' - -create_sftp_group: false - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - -insert_webadmin_ssh_keypair: false - -webadmin_ssh_keypair: [] - -webadmin_user: [] - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - -sshd_ports: - - 22 - -sshd_listen_address: - - '::' - - '0.0.0.0' - -sshd_host_keys: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - -sshd_max_startups: !!str "10:30:100" - -sshd_max_auth_tries: 6 - -sshd_max_sessions: 10 - -# only for debian version <= 9 -# -sshd_use_privilege_separation: !!str "sandbox" - -sshd_permit_root_login: !!str "prohibit-password" - -sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2" - -sshd_pubkey_authentication: !!str "yes" - -sshd_password_authentication: !!str "no" - -sshd_use_pam: !!str "yes" - -#sshd_allowed_users: -# - chris -# - sysadm -sshd_allowed_users: {} - -sshd_print_motd: !!str "no" - -sshd_use_dns: !!str "no" - -sshd_gateway_ports: !!str "no" - -# sshd_kexalgorithms -# -# Example: -# sshd_kexalgorithms: -# - curve25519-sha256@libssh.org -# - diffie-hellman-group-exchange-sha256 -# - diffie-hellman-group14-sha1 -# -#sshd_kexalgorithms: {} - -sshd_hostkeyalgorithms: - - ssh-ed25519 - - ssh-ed25519-cert-v01@openssh.com - - rsa-sha2-256 - - rsa-sha2-512 - - rsa-sha2-256-cert-v01@openssh.com - - rsa-sha2-512-cert-v01@openssh.com - - -# sshd_kexalgorithms -# -# Example: -# sshd_ciphers: -# - chacha20-poly1305@openssh.com -# - aes256-gcm@openssh.com -# - aes256-ctr - -#sshd_ciphers: {} -sshd_ciphers: - - chacha20-poly1305@openssh.com - - aes256-gcm@openssh.com - - aes128-gcm@openssh.com - - aes256-ctr - - aes192-ctr - - aes128-ctr - -#sshd_macs: {} -sshd_macs: - - hmac-sha2-256-etm@openssh.com - - hmac-sha2-512-etm@openssh.com - - umac-128-etm@openssh.com - -# This users are allowed to use password authentification -# -sshd_pasword_auth_user: - -# This IP-Addresses are allowed to use password authentification -# -sshd_pasword_auth_ip: - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- - -# /etc/sudoers -# -sudoers_defaults: - - env_reset - - mail_badpass - - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' - -sudoers_host_aliases: [] - -sudoers_user_aliases: [] - -sudoers_cmnd_aliases: [] - -sudoers_runas_aliases: [] - -sudoers_user_privileges: - - name: root - entry: 'ALL=(ALL:ALL) ALL' - -sudoers_group_privileges: [] - -sudoers_remove_user: - - back - - www-data - - -# /etc/sudoers.d/50-user -# -sudoers_file_defaults: [] - -sudoers_file_host_aliases: [] - -sudoers_file_user_aliases: [] - -sudoers_file_cmnd_aliases: [] - -sudoers_file_runas_aliases: [] - -sudoers_file_user_back_privileges: - - 'ALL=(root) NOPASSWD: /usr/bin/rsync' - - 'ALL=(root) NOPASSWD: /usr/bin/find' - - 'ALL=(root) NOPASSWD: /usr/bin/realpath' - -sudoers_file_user_back_postgres_privileges: - - 'ALL=(postgres) NOPASSWD: /usr/bin/psql' - - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dump' - - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dumpall' - -sudoers_file_user_back_svn_privileges: [] - -sudoers_file_user_back_disk_privileges: - - 'ALL=(root) NOPASSWD: /usr/bin/which' - - 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*' - - 'ALL=(root) NOPASSWD: /sbin/fdisk' - - 'ALL=(root) NOPASSWD: /sbin/sgdisk' - - 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*' - - 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*' - - 'ALL=(root) NOPASSWD: /sbin/parted' - - 'ALL=(root) NOPASSWD: /sbin/gdisk' - -sudoers_file_user_webadmin_disk_privileges: - - 'ALL=(root) NOPASSWD: /usr/bin/mailq' - - 'ALL=(root) NOPASSWD: /usr/bin/tail' - - 'ALL=(root) NOPASSWD: /usr/bin/view' - -sudoers_file_dns_server_privileges: - - name: manage-bind - entry: 'ALL=(root) NOPASSWD: /usr/local/bin/bind_*' - - name: manage-bind - entry: 'ALL=(root) NOPASSWD: /root/bin/bind/bind_*' - - name: chris - entry: 'ALL=(root) NOPASSWD: /root/bin/bind/*' - -sudoers_file_postfixadmin_privileges: - - name: www-data - entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh' - - name: www-data - entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-domain-postdeletion.sh' - -sudoers_file_user_privileges: [] - -sudoers_file_group_privileges: [] - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - -acl_caching_nameserver: {} - - -bind9_gateway_acl: - - local-net: - name: local-net - entries: - - 127.0.0.0/8 - - 172.16.0.0/12 - - 192.168.0.0/16 - - 10.0.0.0/8 - - fc00::/7 - - fe80::/10 - - ::1/128 - -bind9_gateway_listen_on_v6: - - none - -bind9_gateway_listen_on: - - any - -#bind9_gateway_allow_transfer: {} -bind9_gateway_allow_transfer: - - none - -#bind9_transfer_source: !!str "192.168.182.1" -bind9_transfer_source: {} - -#bind9_notify_source: !!str "192.168.182.1" -bind9_notify_source: {} - -#bind9_gateway_allow_query: {} -bind9_gateway_allow_query: - - local-net - -#bind9_gateway_allow_query_cache: {} -bind9_gateway_allow_query_cache: - - local-net - -bind9_gateway_recursion: !!str "yes" -#bind9_gateway_allow_recursion: {} -bind9_gateway_allow_recursion: - - local-net - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -# --- -# Firewall repository -# --- - -git_firewall_repository: {} - -# --- -# all servers -# --- - -git_default_repositories: - - # script repositories (destination /root/bin/) - - name: admin-stuff - repo: https://git.oopen.de/script/admin-stuff - dest: /root/bin/admin-stuff - - - name: postfix - repo: https://git.oopen.de/script/postfix - dest: /root/bin/postfix - - # install repositories (destination: /usr/local/src/) - - name: mailsystem - repo: https://git.oopen.de/install/mailsystem - dest: /usr/local/src/mailsystem - - # Monitoring - - name: monitoring - repo: https://git.oopen.de/script/monitoring - dest: /root/bin/monitoring - -# --- -# group [oopen_server] -# --- -git_oopen_server_repositories: - - # firewall - - name: ipt-server - repo: https://git.oopen.de/firewall/ipt-server - dest: /usr/local/src/ipt-server - -# --- -# group [warenform_server] -# --- -git_warenform_server_repositories: - - # firewall - - name: ipt-server - repo: https://git.oopen.de/firewall/ipt-server - dest: /usr/local/src/ipt-server - -# --- -# group [lxc_host] -# --- -git_lxc_host_repositories: - - # LXC - - name: LXC - repo: https://git.oopen.de/script/LXC - dest: /root/bin/LXC - -# --- -# group [lxc_guest] -# --- -git_lxc_guest_repositories: - - # dehydrated-cron - - name: dehydrated-cron - repo: https://git.oopen.de/certificates/dehydrated-cron.git - dest: /usr/local/src/dehydrated-cron - -# --- -# group [gateway_server] -# --- - -git_gateway_repositories: - - # install repositories (destination: /usr/local/src/) - # mailsystem - - name: mailsystem - repo: https://git.oopen.de/install/mailsystem - dest: /usr/local/src/mailsystem - - # firewall - - name: ipt-gateway - repo: https://git.oopen.de/firewall/ipt-gateway - dest: /usr/local/src/ipt-gateway - - - name: manage-gw-config - repo: https://git.oopen.de/script/manage-gw-config - dest: /root/bin/manage-gw-config - - -# --- -# group [apache2_webserver] -# --- -git_apache2_repositories: - # script repositories (destination /root/bin/) - - name: apache2 - repo: https://git.oopen.de/script/apache2 - dest: /root/bin/apache2 - - # install repositories (destination: /usr/local/src/) - - name: apache2 - repo: https://git.oopen.de/install/apache2 - dest: /usr/local/src/apache2 - - - name: php - repo: https://git.oopen.de/install/php - dest: /usr/local/src/php - - # dehydrated-cron - - name: dehydrated-cron - repo: https://git.oopen.de/certificates/dehydrated-cron.git - dest: /usr/local/src/dehydrated-cron - - -# --- -# group [nginx_webserver] -# --- -git_nginx_repositories: - - name: nginx - repo: https://git.oopen.de/install/nginx - dest: /usr/local/src/nginx - - - name: php - repo: https://git.oopen.de/install/php - dest: /usr/local/src/php - - -# --- -# group [mysql_server] -# --- -git_mysql_repositories: - - # script repositories (destination /root/bin/) - - name: mysql - repo: https://git.oopen.de/script/mysql - dest: /root/bin/mysql - - # install repositories (destination: /usr/local/src/) - - name: mysql - repo: https://git.oopen.de/install/mysql - dest: /usr/local/src/mysql - - -# --- -# group [postgresql_server] -# --- -git_postgresql_repositories: - - # script repositories (destination /root/bin/) - - name: postgres - repo: https://git.oopen.de/script/postgres - dest: /root/bin/postgres - - -# --- -# group [nextcloud_server] -# --- -git_nextcloud_repositories: - - # script repositories (destination /root/bin/) - - name: nextcloud - repo: https://git.oopen.de/script/nextcloud - dest: /root/bin/nextcloud - - # install repositories (destination: /usr/local/src/) - - name: nextcloud - repo: https://git.oopen.de/install/nextcloud - dest: /usr/local/src/nextcloud - - -# --- -# group [dns_server] -# --- -git_dns_repositories: - - # script repositories (destination /root/bin/) - - name: bind - repo: https://git.oopen.de/script/bind - dest: /root/bin/bind - - -# --- -# group [backup_server] -# --- -git_backup_repositories: - - # script repositories (destination /root/bin/) - - name: backup-rcopy - repo: https://git.oopen.de/backup/backup-rcopy - dest: /root/crontab/backup-rcopy - - -# --- -# group [samba_server] -# --- -git_samba_repositories: - - # script repositories (destination /root/bin/) - - name: samba - repo: https://git.oopen.de/script/samba - dest: /root/bin/samba - - -# --- -# group [mail_server] -# --- -git_mailserver_repositories: - - # script repositories (destination /root/bin/) - - name: apache2 - repo: https://git.oopen.de/script/apache2 - dest: /root/bin/apache2 - - - name: postfix - repo: https://git.oopen.de/script/postfix - dest: /root/bin/postfix - - # install repositories (destination: /usr/local/src/) - - name: apache2 - repo: https://git.oopen.de/install/apache2 - dest: /usr/local/src/apache2 - - - name: php - repo: https://git.oopen.de/install/php - dest: /usr/local/src/php - - - name: mysql - repo: https://git.oopen.de/install/mysql - dest: /usr/local/src/mysql - - - name: mailsystem - repo: https://git.oopen.de/install/mailsystem - dest: /usr/local/src/mailsystem - - - name: fail2ban - repo: https://git.oopen.de/install/fail2ban - dest: /usr/local/src/fail2ban - - # let's encrypt - - name: dehydrated-cron - repo: https://git.oopen.de/certificates/dehydrated-cron.git - dest: /usr/local/src/dehydrated-cron - - -# --- -# group [sympa_list_servers] -# --- -git_sympa_repositories: - - # install repositories (destination: /usr/local/src/) - - name: sympa - repo: https://git.oopen.de/install/sympa - dest: /usr/local/src/sympa - - -# --- -# group [jitsi_meet_server] -# --- -git_jitsi_meet_repositories: - - # install repositories (destination: /usr/local/src/) - - name: jitsi - repo: https://git.oopen.de/install/jitsi - dest: /usr/local/src/jitsi - - -# --- -# group [so36_server_dehydrated] -# --- -#git_so36_dehydrated_repositories: -# -# # install repositories (destination: /usr/local/src/) -# - name: dehydrated-cron -# repo: https://git.oopen.de/certificates/dehydrated-cron.git -# dest: /usr/local/src/dehydrated-cron - - -# --- -# Use this for host specific repositories defined in files git-.yaml -# -# Leave empty here -# --- -git_other_repositories: [] - - -# ========== -# vars used by roles/common/tasks/nfs.yml -# ========== - -nfs_server: {} - -# Set 'fs_encrypted' to true if filesystem lives on an encrypted -# partition. -# -# NOTE !! -# Take car to increase 'fsid' in case of more than one export -# -#nfs_exports: -# - src: 192.168.112.10:/data/home -# path: /data/home -# mount_opts: users,rsize=8192,wsize=8192,hard,intr -# export_opt: rw,root_squash,sync,subtree_check -# export_networks: -# - 192.168.112.0/24 -# - 10.0.112.0/24 -# - 10.1.112.0/24 -# - 192.168.63.0/24 -# use_fsid_option: true -# -nfs_exports: [] - - -# --- -# vars used by roles/common/tasks/copy_files.yml -# --- - -copy_plain_files: [] - -copy_plain_files_postfix_host_specific: [] - -copy_plain_files_postfwd_host_specific: [] - -copy_plain_files_postfix: - - - name: header_checks.pcre - src_path: mailserver/etc/postfix/header_checks.pcre - dest_path: /etc/postfix/header_checks.pcre - - - name: body_check.pcre - src_path: mailserver/etc/postfix/body_check.pcre - dest_path: /etc/postfix/body_check.pcre - - -copy_plain_files_postfwd: - - # Postfix Firewall postfwd - # - - name: postfwd.cf - src_path: mailserver/etc/postfix/postfwd.cf - dest_path: /etc/postfix/postfwd.cf - - - name: postfwd.bl-hosts - src_path: mailserver/etc/postfix/postfwd.bl-hosts - dest_path: /etc/postfix/postfwd.bl-hosts - - - name: postfwd.bl-nets - src_path: mailserver/etc/postfix/postfwd.bl-nets - dest_path: /etc/postfix/postfwd.bl-nets - - - name: postfwd.bl-sender - src_path: mailserver/etc/postfix/postfwd.bl-sender - dest_path: /etc/postfix/postfwd.bl-sender - - - name: postfwd.bl-user - src_path: mailserver/etc/postfix/postfwd.bl-user - dest_path: /etc/postfix/postfwd.bl-user - - - name: postfwd.wl-hosts - src_path: mailserver/etc/postfix/postfwd.wl-hosts - dest_path: /etc/postfix/postfwd.wl-hosts - - - name: postfwd.wl-nets - src_path: mailserver/etc/postfix/postfwd.wl-nets - dest_path: /etc/postfix/postfwd.wl-nets - - - name: postfwd.wl-sender - src_path: mailserver/etc/postfix/postfwd.wl-sender - dest_path: /etc/postfix/postfwd.wl-sender - - - name: postfwd.wl-user - src_path: mailserver/etc/postfix/postfwd.wl-user - dest_path: /etc/postfix/postfwd.wl-user - -copy_template_files: [] - - -# --- -# vars used by roles/common/tasks/symlink_files.yml -# --- - -symlink_files: [] - - -# --- -# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml -# --- - -hostname: -ipv4_address: -ipv6_address: - -# postfix_db_type -# - -is_relay_host: - -# sasl_auth_enable: -# -# possible values are: -# !!str "true" -# !!str "false" -sasl_auth_enable: -sasl_user: -sasl_pass: - -# - -# install_amavis.conf -# - - -# db_in_use: -# -# possible values are: -# !!str "true" -# !!str "false" -db_in_use: -# postfix_db_type -# -# possible values are -# 'PostgreSQL' -# 'MySQL' -# -postfix_db_type: -postfix_db_name: -postfix_db_user: -postfix_db_host: -postfix_db_pass: - -# mp_receipt_number -# -# O.OPEN/IL/Warenform: 106015125438 -# -mp_receipt_number: - -# si_authorisation_signature -# -# O.OPEN/IL: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89 -# -# Warenform: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b -# -si_authorisation_signature: - -# - -# install_postfixadmin.conf -# - - -website_name_postfixadmin: - -#email_welcome_message: "\n -#Hallo,\n -# -#Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n -# -#O.OPEN\n -# -#--\n -#O.OPEN | Phone: +49 30 / 290 484 91\n -#Erkelenzdamm 21 | Fax: +49 30 / 290 484 99\n -#D-10999 Berlin | E-MAIL: oo@oopen.de\n -#" -email_welcome_message: - -# - -# install_update_dovecot.conf -# - - -dovecot_from_address: -dovecot_reply_to: -webmailer_address: - -#salutation: "O.OPEN\n -# -#--\n -#O.OPEN | Phone: +49 30 / 290 484 91\n -#Erkelenzdamm 21 | Fax: +49 30 / 290 484 99\n -#D-10999 Berlin | http://oopen.de" -salutation: - -# - -# install_upgrade_roundcube-webmail.conf -# - - -# First Webmailer -webmail_site_name: -autoreply_hostname: -# possible values: 'pgsql' or 'mysql' -roundcube_db_type: -roundcube_db_name: -roundcube_db_user: -roundcube_db_host: -roundcube_db_pass: - -roundcube_product_name: -roundcube_support_url: -roundcube_skin_logo: - -# 2 Webmailer -webmaili_2_site_name: -autoreply_2_hostname: -# possible values: 'pgsql' or 'mysql' -roundcube_2_db_type: -roundcube_2_db_name: -roundcube_2_db_user: -roundcube_2_db_host: -roundcube_2_db_pass: - -roundcube_2_product_name: -roundcube_2_support_url: -roundcube_2_skin_logo: - - -# ========== -# vars used by roles/common/tasks/samba-config-server.yml -# vars used by roles/common/tasks/samba-user.yml -# ========== - -samba_server_ip: -samba_server_cidr_prefix: 24 - -apt_install_server_samba: - - samba - - nscd - -# samba_workgroup -# -# example: -# samba_workgroup: MBR -# -samba_workgroup: - -# samba_netbios_name -# -# example: -# samba_netbios_name: FILE-MBR -# -samba_netbios_name: - -# samba_server_min_protocol -# -samba_server_min_protocol: [] - -samba_groups: [] - -# samba_user: -# - name: chris -# groups: -# - group1 -# - group2 -# password: 'H-.T/TvN5S9J' -# -samba_user: [] - -base_home: /home - -# remove_samba_users: -# - name: name1 -# - name: name2 -# -remove_samba_users: [] - -# samba_shares -# -# samba_shares: -# - name: Arbeitsrechtliches -# comment: -# path: /data/shares/Arbeitsrechtliches -# browseable: !!str yes -# read_only: !!str no -# writeable: !!str yes -# guest_ok: !!str no -# file_create_mask: !!str 0660 -# dir_create_mask: !!str 2770 -# valid_users: '%S' -# group_valid_users: mbr-finanzen -# group_write_list: mbr-finanzen -# vfs_object_recycle: true -# recycle_path: '@Recycle.Bin' -# vfs_object_recycle_is_visible: false -# -samba_shares: [] - -samba_cronjob_trash_dirs: - name: Clean up Samba Trash Dirs - minute: "02" - hour: "23" - day: "*" - month: "*" - weekday: '*' - user: root - job: "/root/bin/samba/clean_samba_trash.sh" - -samba_cronjob_permissions: - name: Set (group and access) Permissons for Samba shares - minute: "14" - hour: "23" - day: "*" - month: "*" - weekday: '*' - user: root - job: "/root/bin/samba/set_permissions_samba_shares.sh" - - -# ========== -# vars used by roles/common/tasks/systemd-services.yml -# ========== - -# Take care that if these services are installed, they are running and -# start automatically after boot. -# -debian_services_active_and_started: - - bind - - cron - - haveged - - ntp - - redis-server - - ssh - - tor - -redhat_services_active_and_started: - - crond - - haveged - - named - - ntpd - - redis - - sshd - - tor - - - - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: {} diff --git a/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index f6f71dc..0000000 --- a/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,262 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=false - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=true - -check_apache=true -check_nginx=false -check_php_fpm=true -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.2" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/b.mx/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/b.mx/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index a40811b..0000000 --- a/roles/common/files/b.mx/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,154 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - What to check -# - -check_load=true -check_mysql=false -check_apache=true -check_php_fpm=false -check_website=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -mysql_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index 8a5f19c..0000000 --- a/roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,263 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=true - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=false - -check_apache=true -check_nginx=false -check_php_fpm=true -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" -mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.2" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index d813351..0000000 --- a/roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,262 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=true - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=true - -check_apache=true -check_nginx=false -check_php_fpm=false -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index 88a86a4..0000000 --- a/roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,147 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - -#LOGGING=true -LOGGING=false - -# - What to check -# - -check_load=true -check_mysql=false -check_apache=true -check_php_fpm=true -check_website=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -mysql_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.1" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/g.mx/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/g.mx/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index c7f227f..0000000 --- a/roles/common/files/g.mx/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,270 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=false - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=false - -check_apache=true -check_nginx=false -check_php_fpm=false -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" - - -# - Port of PostgreSQL Service -# - -# - defaults to '5432' -# - postgresql_port=5432 -# - -#postgresql_port=5432 - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index a1de7f7..0000000 --- a/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,262 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=false - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=true - -check_apache=true -check_nginx=false -check_php_fpm=true -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.2" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index f98adb8..0000000 --- a/roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,261 +0,0 @@ -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=true - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=false - -check_apache=true -check_nginx=false -check_php_fpm=false -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" -mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index e469ff9..0000000 --- a/roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,263 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=true - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=false - -check_apache=true -check_nginx=false -check_php_fpm=true -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" -mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.2" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index a1de7f7..0000000 --- a/roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,262 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=false - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=true - -check_apache=true -check_nginx=false -check_php_fpm=true -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.2" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/mailserver/etc/postfix/header_checks.pcre b/roles/common/files/mailserver/etc/postfix/header_checks.pcre index be59481..0909c3d 100644 --- a/roles/common/files/mailserver/etc/postfix/header_checks.pcre +++ b/roles/common/files/mailserver/etc/postfix/header_checks.pcre @@ -1,43 +1,52 @@ # *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** # --- -# - Replace headers - -# - Replace recieved from IPv4 / IPv6 header - hide senders IP address and also 'Authenticated sender' +# - Header Checks - /etc/postfix/header_checks +# --- # -#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4 -# -#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6 +# Ziel: offensichtlich kaputte RFC-Header ablehnen (wenig False Positives) -# - Replace recieved from IPv4 / IPv6 header - hide only sender IP address -# -#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3 +######################################## +# A) Kaputter From:-Header +######################################## -#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5 +# 1) From: ist leer +/^From:\s*$/ REJECT Invalid From header (empty) - Spamschutzregel FROM-1001 -# --- -# - Ignore Headers -# --- - -#/^\s*User-Agent/ IGNORE -#/^\s*X-Enigmail/ IGNORE -#/^\s*X-Mailer/ IGNORE -#/^\s*X-Originating-IP/ IGNORE +# 2) Mehr als ein '@' im From:-Header -> syntaktisch kaputt +/^From:.*@.*@/ REJECT Invalid From header (multiple @) - Spamschutzregel FROM-1002 -# --- -# - Reject / Discard headers -# --- +# 3) Mehrere Mailboxen durch Komma getrennt (wie: Die@..., Lions@..., ...) +# (Legitime Fälle nutzen i.d.R. Display-Namen/Group-Syntax; dieses Muster ist in Spam sehr häufig) +/^From:\s*[^<>,]+@[^,]+,\s*[^<>,]+@/ REJECT Invalid From header (multiple mailboxes) - Spamschutzregel FROM-1003 -/^To:.*<>/ REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001 +# 4) Typische kaputte UTF-8-Fragmente +/^From:.*\xC3\xA2/ REJECT Invalid UTF-8 in From header - Spamschutzregel FROM-1004 -/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001 -/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001 +######################################## +# B) Optional: sehr spezifische lokale Blacklist +######################################## -/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001 +#/^Reply-To: .+\@inx1and1\..+/ REJECT Possible spam (local pattern) -/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001 -/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002 -/^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003 -/^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004 + +######################################## +# C) Warn +######################################## + +# Date-Rejects sind oft zu aggressiv -> wenn nötig: lieber taggen oder loggen statt reject +/^Date: .* 19[0-9][0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1001 +/^Date: .* 200[0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1002 +/^Date: .* 201[0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1003 + + + +######################################## +# Bemerkungen +######################################## + +# (envelope-from <>) nicht pauschal rejecten: +# echte DSNs/Bounces haben legitimerweise MAIL FROM: <> +#/\(envelope-from <>\)/ REJECT Null envelope-from diff --git a/roles/common/files/rage/etc/postfix/header_checks.pcre b/roles/common/files/mailserver/etc/postfix/header_checks.pcre.01 similarity index 81% rename from roles/common/files/rage/etc/postfix/header_checks.pcre rename to roles/common/files/mailserver/etc/postfix/header_checks.pcre.01 index 88aa69f..be59481 100644 --- a/roles/common/files/rage/etc/postfix/header_checks.pcre +++ b/roles/common/files/mailserver/etc/postfix/header_checks.pcre.01 @@ -11,9 +11,9 @@ # - Replace recieved from IPv4 / IPv6 header - hide only sender IP address # -/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3 +#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3 -/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5 +#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5 # --- # - Ignore Headers diff --git a/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index a1de7f7..0000000 --- a/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,262 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - CONFLICTING_SCRIPTS -# - -# - The scripts listed here conflict with this script. If one of these scripts -# - is currently running, this script will be stopped. -# - -# - In addition to the script, a LOCK directory can also be specified which is -# - connected to it. -# - -# - If no fixed LOCK directory is connected to the script, set -# - this value to the constant 'CHECK_PROCESS_LIST'. -# - -# - If no value for the LOCK directory is given, the LOCK directory -# - '/tmp/.LOCK' is assumed. -# - -# - -# - Example: -# - CONFLICTING_SCRIPTS=" -# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST -# - /root/bin/monitoring/check_remote_websites.sh -# - " -# - -# - Defaults to: -# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK" -# - -#CONFLICTING_SCRIPTS="" - - -# - What to check -# - -check_load=true -check_mysql=false -check_mariadb=false - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=true - -check_apache=true -check_nginx=false -check_php_fpm=true -check_redis=false -check_website=false - - -# TIMEOUT_CHECK_WEBSITE -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_WEBSITE=10 -# -#TIMEOUT_CHECK_WEBSITE=10 - -# TIMEOUT_CHECK_PHP -# -# Maximum time in seconds that you allow for the response from the webserver. -# -# Defaults to: -# TIMEOUT_CHECK_PHP=10 -# -#TIMEOUT_CHECK_PHP=10 - - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to: -# - mysql_credential_args="--login-path=local" -# - -#mysql_credential_args="--login-path=local" - - -# - Additional Settings for check_mariadb -# - -# - MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock" -# - mariadb_credential_args="--login-path=local" -# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -# - defaults to empty string -# - mariadb_credential_args="" -# - -#mariadb_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.2" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/o13-mail/etc/postfix/header_checks.pcre b/roles/common/files/o13-mail/etc/postfix/header_checks.pcre deleted file mode 100644 index a0ec32b..0000000 --- a/roles/common/files/o13-mail/etc/postfix/header_checks.pcre +++ /dev/null @@ -1,43 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -# --- -# - Replace headers - -# - Replace recieved from IPv4 / IPv6 header - hide senders IP address and also 'Authenticated sender' -# -/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4 -# -/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6 - -# - Replace recieved from IPv4 / IPv6 header - hide only sender IP address -# -#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3 - -#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5 - -# --- -# - Ignore Headers -# --- - -#/^\s*User-Agent/ IGNORE -#/^\s*X-Enigmail/ IGNORE -#/^\s*X-Mailer/ IGNORE -#/^\s*X-Originating-IP/ IGNORE - - -# --- -# - Reject / Discard headers -# --- - -/^To:.*<>/ REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001 - -/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001 - -/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001 - -/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001 - -/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001 -/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002 -/^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003 -/^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004 diff --git a/roles/common/files/o13-mail/root/bin/monitoring/conf/check_webservice_load.conf b/roles/common/files/o13-mail/root/bin/monitoring/conf/check_webservice_load.conf deleted file mode 100644 index cf1ad71..0000000 --- a/roles/common/files/o13-mail/root/bin/monitoring/conf/check_webservice_load.conf +++ /dev/null @@ -1,178 +0,0 @@ -# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** - -#--------------------------------------- -#----------------------------- -# Settings -#----------------------------- -#--------------------------------------- - - -# --- -# - LOGGING -# - -# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose, -# - the output will be verbos. If running as cronjob, output will only be written, if warnings or -# - errors occurs. -# --- - - -# - What to check -# - -check_load=true -check_mysql=false - -# - PostgreSQL -# - -# - NOT useful, if more than one PostgreSQL instances are running! -# - -check_postgresql=true - -check_apache=true -check_nginx=false -check_php_fpm=true -check_redis=false -check_website=false - -# - If service is not listen on 127.0.0.1/loclhost, curl check must -# - be ommited -# - -# - Defaults to: ommit_curl_check_nginx=false -# - -#ommit_curl_check_nginx=false - -# - Is this a vserver guest machine? -# - -# - Not VSerber guest host does not support systemd! -# - -# - defaults to: vserver_guest=false -# - -#vserver_guest=false - - -# - Additional Settings for check_mysql -# - -# - MySQL / MariaDB credentials -# - -# - Giving password on command line is insecure an sind mysql 5.5 -# - you will get a warning doing so. -# - -# - Reading username/password fro file ist also possible, using MySQL/MariaDB -# - commandline parameter '--defaults-file'. -# - -# - Since Mysql Version 5.6, you can read username/password from -# - encrypted file. -# - -# - Create (encrypted) option file: -# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password -# - $ Password: -# - -# - Use of option file: -# - $ mysql --login-path=local ... -# - -# - Example -# - mysql_credential_args="--login-path=local" -# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default) -# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf" -# - -mysql_credential_args="" - - -# - Additional Settings for check_php_fpm -# - -# - On Linux Vserver System set -# - curl_check_host=localhost -# - -# - On LX-Container set -# - curl_check_host=127.0.0.1 -# - -curl_check_host=127.0.0.1 - -# - Which PHP versions should be supported by this script. If more than one, -# - give a blank separated list -# - -# - Example: -# - php_versions="5.4 5.6 7.0 7.1" -# - -php_versions="8.2" - -# - If PHP-FPM's ping.path setting does not match ping-$php_major_version, -# - set the value given in your ping.path setting here. Give ping_path also -# - the concerning php_version in form -# - : -# - -# - Multiple settings are possible, give a blank separated list. -# - -# - Example: -# - -# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de" -# - -ping_path="" - - -# - Additional Settings for check_website - checking (expected) website response -# - -# - example: -# - is_working_url="https://www.outoflineshop.de/" -# - check_string='ool-account-links' -# - include_cleanup_function=true -# - extra_alert_address="ilker@so36.net" -# - cleanup_function=' -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/* -# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/* -# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1 -# - if [[ "$?" = "0" ]]; then -# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\"" -# - else -# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!" -# - fi -# - /etc/init.d/redis_6379 restart -# - if [[ "$?" = "0" ]]; then -# - ok "I restarted the redis service" -# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt -# - else -# - error "Restarting the redis server failed!" -# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt -# - fi -# - ' -# - -is_working_url='' - -check_string='' - -include_cleanup_function=true - -# - An extra e-mail address, which will be informed, if the given check URL -# - does not response as expected (check_string) AFTER script checking, restarting -# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done. -# - -extra_alert_address='' - -# - php_version_of_working_url -# - -# - If given website (is_working_url) does not response as expected, this PHP FPM -# - engines will be restarted. -# - -# - Type "None" if site does not support php -# - -# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions) -# - will be restarted -# - -php_version_of_working_url='' - -# - Notice: -# - If single qoutes "'" not needed inside cleanup function, then use single quotes -# - to enclose variable "cleanup_function". Then you don't have do masquerade any -# - sign inside. -# - -# - Otherwise use double quotes and masq any sign to prevent bash from interpreting. -# - -cleanup_function=' -' - - -# - E-Mail settings for sending script messages -# - -from_address="root@`hostname -f`" -content_type='Content-Type: text/plain;\n charset="utf-8"' -to_addresses="root" - diff --git a/roles/common/files/rage/etc/postfix/postfwd.wl-nets b/roles/common/files/rage/etc/postfix/postfwd.wl-nets index 02ef1ed..25ce90d 100644 --- a/roles/common/files/rage/etc/postfix/postfwd.wl-nets +++ b/roles/common/files/rage/etc/postfix/postfwd.wl-nets @@ -16,3 +16,8 @@ # d.mx.oopen.de (listen server) 95.217.204.227 2a01:4f9:4a:47e5::227 + +# b.mx.oopen.de +162.55.82.73/32 +2a01:4f8:271:1266::73 +~