diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 6e9e432..8b6533f 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1724,6 +1724,92 @@ apt_webserver_pkgs: - libexpect-perl - poppler-utils + +apt_webserver_pkgs_trixie: + - libdb-dev + - zlib1g + - zlib1g-dev + - libssl-dev + - libneon27-dev + - libxml2 + - libxml2-dev + - curl + - libcurl4-openssl-dev + - libqdbm-dev + - libgdbm-dev + - libpspell-dev + - libjpeg-dev + - libpng-dev + - libxpm-dev + - libfreetype6-dev + - libwmf-dev + - libtiff-dev + - libpaper-dev + - libmagic-dev + - libgraphics-magick-perl + - libgraphicsmagick++1-dev + - libgraphicsmagick-q16-3 + - libgraphicsmagick1-dev + - libgraphviz-dev + - libgsf-1-dev + - libilmbase-dev + - libvpx-dev + - vpx-tools + - libgpm-dev + - libkpathsea-dev + - libopenexr-dev + - librsvg2-dev + - libdjvulibre-dev + - libatm-dev + - libexpat-dev + - imagemagick + - graphicsmagick + - exif + - libexiv2-dev + - re2c + - netpbm + - libnetpbm-dev + - libmcrypt-dev + - mcrypt + - default-libmysqlclient-dev + - libpq-dev + - postgresql-client + - libreadline-dev + - libncurses-dev + - libdb5.3 + - libdb5.3++ + - libdb5.3++-dev + - libdb5.3-dev + - libxslt1-dev + - libpcre2-dev + - libicu-dev + - libtidy-dev + - libmm-dev + - libgmp-dev + - libkrb5-dev + - libldap-dev + - libmhash-dev + - libgd-dev + - liblua5.3-dev + - libapr1-dev + - libaprutil1-dev + - libsctp-dev + - libcrypto++-dev + - ffmpeg + - libmagickwand-dev + - libgeoip-dev + - libaio-dev + - tk-dev + - tcl-dev + - tclreadline + - expect + - expect-dev + - libexpect-perl + - poppler-utils + +# - libc-client2007e-dev +# - libc-client-dev + install_postgresql_pkgs: false apt_postgresql_pkgs: - postgresql diff --git a/host_vars/backup.oopen.de.yml b/host_vars/backup.oopen.de.yml index 15eb10e..25feda1 100644 --- a/host_vars/backup.oopen.de.yml +++ b/host_vars/backup.oopen.de.yml @@ -266,9 +266,11 @@ default_user: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPrJu40Up1x9VCTTac6+ANjJ2NFXfDb5v3dP4pVgm+c root@cl-01' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7JBJ0qQJsTlADj/zMoxGlzPCGlnh0ngDS5+tkyVqgf root@cl-02' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORi7e7u0KhCkCB8iCmPud0hzCwnJVhxpPmy8vFFkFgY root@cl-dissens' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx9aKkZp3qAdehTY+mdCsB+/c9yDExkg5y1lASCXRmL root@cl-exil' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3VloFw13vVt8UAV5h0860Wq/vFJEm5EazOqM+cVe17 root@cl-flr' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRaUsGqBvZBDzyh1kuldC/jdbtuoXFgBZ7PbgSqytSn root@cl-fm' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvmOpsiL+eiJ3qZVDJiUCFVZge0OQJ1hpZgw7pJ8sq5 root@cl-irights' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjr0aBl2KQTJnlVK03DOs0u+IXSon4VewwAzzSBsmVW root@cl-lubax' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7h6rR+q5bRh/qgzA7ZyiZcRr9vMbo7cxhQsoukWmUn root@cl-vbrg' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcHQfSVG8DM1qHp2ce73ZBWXknZGZFur5s27V58T7ON root@cl-opp' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClnyNS5RQsbXmgOX7NU7i154DElOlha3y0ybF6FwScT root@cl-test' diff --git a/host_vars/cl-lubax.oopen.de.yml b/host_vars/cl-lubax.oopen.de.yml new file mode 100644 index 0000000..aa249da --- /dev/null +++ b/host_vars/cl-lubax.oopen.de.yml @@ -0,0 +1,152 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +#sshd_permit_root_login: !!str "prohibit-password" +sshd_permit_root_login: !!str "no" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: false + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 185.12.64.2 + - 2a01:4ff:ff00::add:1 + - 185.12.64.1 + - 2a01:4ff:ff00::add:2 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/ga-st-gw.ga.netz.yml b/host_vars/ga-st-gw.ga.netz.yml index 5141134..438fdfb 100644 --- a/host_vars/ga-st-gw.ga.netz.yml +++ b/host_vars/ga-st-gw.ga.netz.yml @@ -124,8 +124,8 @@ network_interfaces: gateway: 172.16.13.254 - - device: lan7 - headline: lan7 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver) + - device: lan11 + headline: lan11 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver) auto: true family: inet method: static diff --git a/hosts b/hosts index ae0b6b5..7548d1f 100644 --- a/hosts +++ b/hosts @@ -214,6 +214,9 @@ o31.oopen.de mail.cadus.org web.cadus.org +# o32.oopen.de / cl-lubax.oopen.de +cl-lubax.oopen.de + # BigBlueButton - O.OPEN o33.oopen.de @@ -425,6 +428,9 @@ o31.oopen.de mail.cadus.org web.cadus.org +# o32.oopen.de / cl-lubax.oopen.de +cl-lubax.oopen.de + # BigBlueButton - O.OPEN o33.oopen.de @@ -717,6 +723,9 @@ cl-dissens.oopen.de # o30.oopen.de - AK server Jitsi Meet/Nextcloud cloud.akweb.de +# o32.oopen.de / cl-lubax.oopen.de +cl-lubax.oopen.de + # Nextcloud / DokuWiki VBER o34.oopen.de @@ -1122,6 +1131,9 @@ cloud.akweb.de web.cadus.org mail.cadus.org +# o32.oopen.de / cl-lubax.oopen.de +cl-lubax.oopen.de + # Nextcloud / DokuWiki VBER o34.oopen.de @@ -1229,6 +1241,9 @@ cl-dissens.oopen.de # o30.oopen.de - AK server Jitsi Meet/Nextcloud cloud.akweb.de +# o32.oopen.de / cl-lubax.oopen.de +cl-lubax.oopen.de + # Nextcloud / DokuWiki VBER o34.oopen.de @@ -1825,6 +1840,9 @@ o31.oopen.de mail.cadus.org web.cadus.org +# o32.oopen.de / cl-lubax.oopen.de +cl-lubax.oopen.de + # BigBlueButton - O.OPEN o33.oopen.de diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 2111cc0..d71b042 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -286,11 +286,25 @@ tags: - apt-postgresql-server-pkgs -- name: (apt.yml) Install webserver related packages +- name: (apt.yml) Install webserver related packages (Debian <= 12) apt: name: "{{ apt_webserver_pkgs }}" state: "{{ apt_install_state }}" - when: install_webserver_pkgs|bool + when: + - install_webserver_pkgs|bool + - ansible_facts['os_family'] == 'Debian' + - ansible_facts['distribution_major_version'] | int <= 12 + tags: + - apt-webserver-pkgs + +- name: (apt.yml) Install webserver related packages (Debian >= 13) + apt: + name: "{{ apt_webserver_pkgs_trixie }}" + state: "{{ apt_install_state }}" + when: + - install_webserver_pkgs|bool + - ansible_facts['os_family'] == 'Debian' + - ansible_facts['distribution_major_version'] | int >= 13 tags: - apt-webserver-pkgs diff --git a/roles/common/tasks/basic.yml b/roles/common/tasks/basic.yml index 5a336fc..ac3975f 100644 --- a/roles/common/tasks/basic.yml +++ b/roles/common/tasks/basic.yml @@ -1,5 +1,14 @@ --- +- name: Ensure util-linux-extra is installed on Debian + ansible.builtin.apt: + name: util-linux-extra + state: present + update_cache: yes + when: + - ansible_facts['os_family'] == 'Debian' + - ansible_facts['distribution_major_version'] | int >= 11 + - name: (basic.yml) Ensure timezone is is correct timezone: name={{ time_zone }} tags: