ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2022-12-13 22:42:29 +01:00
parent b43c5a25cd
commit c00d41cc9c
10 changed files with 412 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
group_vars/all/main.yml
View File

@ -1820,7 +1820,7 @@ samba_netbios_name:
#
samba_server_min_protocol:
samba_groups: ([])
samba_groups: []
# samba_user:
# - name: chris
@ -1829,7 +1829,7 @@ samba_groups: ([])
# - group2
# password: 'H-.T/TvN5S9J'
#
samba_user: ([])
samba_user: []
base_home: /home
@ -1837,7 +1837,7 @@ base_home: /home
# - name: name1
# - name: name2
#
remove_samba_users: ([])
remove_samba_users: []
# samba_shares
#

306
host_vars/file-ebs.ebs.netz.yml Normal file
View File

@ -0,0 +1,306 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- resolvconf
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device eno1
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
hwaddress: 3c:ec:ef:96:ab:f6
description:
address: 192.168.182.10
netmask: 24
gateway: 192.168.182.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 192.168.182.1
search: ebs.netz
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge:
ports: eno1 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# inline hook scripts
pre-up:
- !!str "ip link set dev eno1 up" # pre-up script lines
up: [] #up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$XI.g9q9bTmzqe35q$tDrpoJFBGsHrmy/mtOAQfrstgIhZEaYGt6hxfTCXI0YvAAUiHT4cJOLR6ivN0CPVNtkv8IFe7dk8NXR/1yScm.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$8v0PKesHmS2Z1xIO$n2a19e2GawIvHNi9U.W4nTxjJCTDtO5AlEP082PnCdp.fw5vIMv1AA.i2RMbXH2XuMdphXU6srSV/wFmp0e0q.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.182.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.182.10:/data/samba
path: /data/samba
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.182.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.182.10
samba_server_cidr_prefix: 24
samba_workgroup: EBS
samba_netbios_name: FILE-EBS
#samba_server_min_protocol: !!str NT1
samba_groups:
- name: alle
group_id: 1110
samba_user:
- name: chris
groups:
- alle
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: sysadm
groups:
- alle
password: 'IrcR3uo-QJ.5'
- name: buero
groups:
- alle
password: 'buero-ebs/2022.%'
- name: axel
groups:
- alle
password: 'ah-ebs.2022-!'
- name: bjoern
groups:
- alle
password: 'be-ebs-2022/%'
- name: christoph
groups:
- alle
password: 'ck-ebs-2022.%'
- name: kristin
groups:
- alle
password: 'kp-ebs.2022_%'
- name: maik
groups:
- alle
password: 'me-ebs_2022.!'
base_home: /data/home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
samba_shares:
- name: 4all
comment: 4all auf Fileserver
path: /data/samba/4all
group_valid_users: alle
group_write_list: alle
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

0
host_vars/file-fhxb.fhxb.netz → host_vars/file-fhxb.fhxb.netz.yml
View File

2
host_vars/gw-ebs.oopen.de.yml
View File

@ -122,6 +122,8 @@ bind9_gateway_acl:
entries:
- '# Nameserver Kanzlei Kiel'
- 192.168.100.1
- '# Nameserver Kanzlei Elster'
- 192.168.202.1
bind9_gateway_listen_on_v6:
- none

35
host_vars/gw-fhxb.oopen.de.yml → host_vars/gw-elster.oopen.de.yml
View File

@ -26,13 +26,13 @@ network_interfaces:
auto: true
family: inet
method: static
address: 172.16.192.1
address: 192.168.1.253
netmask: 24
gateway: 172.16.192.254
gateway: 192.168.1.1
nameservers:
- 127.0.0.1
- 192.168.192.1
search: fhxb.netz
- 192.168.1.253
search: elster.netz
- device: eno2
@ -40,7 +40,7 @@ network_interfaces:
auto: true
family: inet
method: static
address: 192.168.192.254
address: 192.168.202.254
netmask: 23
@ -49,7 +49,7 @@ network_interfaces:
auto: true
family: inet
method: static
address: 192.168.192.1
address: 192.168.202.1
netmask: 32
@ -58,16 +58,7 @@ network_interfaces:
auto: true
family: inet
method: static
address: 192.168.194.254
netmask: 24
- device: eno4
headline: eno4 - OLD LAN
auto: true
family: inet
method: static
address: 192.168.178.254
address: 192.168.203.254
netmask: 24
@ -115,7 +106,7 @@ cron_user_entries:
- name: "Copy gateway configuration"
minute: '09'
hour: '3'
job: /root/bin/manage-gw-config/copy_gateway-config.sh FHXB
job: /root/bin/manage-gw-config/copy_gateway-config.sh ELSTER
#cron_user_special_time_entries: []
@ -231,6 +222,11 @@ bind9_gateway_acl:
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '# Nameserver Kanzlei EBS'
- 192.168.182.1
bind9_gateway_listen_on_v6:
- none
@ -240,7 +236,10 @@ bind9_gateway_listen_on:
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- none
- internaldns
bind9_transfer_source: !!str "192.168.202.1"
bind9_notify_source: !!str "192.168.202.1"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:

117
hosts
View File

@ -29,6 +29,7 @@ gw-ah.oopen.de
gw-ak.oopen.de
gw-akb.akb.netz
gw-ebs.oopen.de
gw-elster.oopen.de
gw-fhxb.oopen.de
gw-ckubu.local.netz
gw-b3.oopen.de
@ -44,6 +45,7 @@ gw-kb.oopen.de
bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz
file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
@ -207,45 +209,6 @@ lxc-host-kb.anw-kb.netz
[initial_setup]
gw-123.oopen.de
gw-fhxb.oopen.de
gw-ah.oopen.de
gw-ak.oopen.de
gw-ebs.oopen.de
gw-akb.akb.netz
gw-b3.oopen.de
gw-blkr.oopen.de
gw-d11.oopen.de
gw-flr.oopen.de
gw-km.oopen.de
gw-irights.irights.netz
gw-mbr.oopen.de
gw-opp.oopen.de
gw-km.oopen.de
gw-spr.oopen.de
gw-kb.oopen.de
bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
zapata.opp.netz
gw-ckubu.local.netz
gw-replacement.local.netz
gw-replacement2.local.netz
gw-replacement3.local.netz
k1371.dyndns.org
ga-st-gw-ersatz.ga.netz
ga-st-gw-surf1.oopen.de
ga-al-gw.oopen.de
ga-nh-gw.oopen.de
# ---
# - Warenform Server
# ---
@ -418,31 +381,76 @@ lxc-host-kb.anw-kb.netz
# - local network ckubu
gw-ckubu.local.netz
gw-replacement.local.netz
gw-replacement2.local.netz
gw-replacement3.local.netz
# 123Comics
gw-123.oopen.de
# AK
k1371.dyndns.org
gw-ak.oopen.de
# AKB
gw-akb.akb.netz
# - AK
gw-ak.oopen.de
# B3 Bornim
gw-b3.oopen.de
bbb-server.b3-bornim.netz
# - FHXB Museum Friedrichshain Kreuzberg
gw-fhxb.oopen.de
file-fhxb.fhxb.netz
# Fluechtlingsrat BRB
gw-flr.oopen.de
# iRights
gw-irights.irights.netz
# - Kanzlei Berenice
gw-km.oopen.de
file-km.anw-km.netz
# - Kanzlei BLKR
gw-blkr.oopen.de
file-blkr.blkr.netz
# - Kanzlei EBS Leipzig
gw-ebs.oopen.de
file-ebs.ebs.netz
# Kanzlei Elster Jena
gw-elster.oopen.de
# - Kanzlei Kiel
gw-ah.oopen.de
file-ah.kanzlei-kiel.netz
# - FHXB Museum Friedrichshain Kreuzberg
file-fhxb.fhxb.netz
# Kanzlei Kreuzbergstraße
gw-kb.oopen.de
# - Kanzlei Berenice
file-km.anw-km.netz
# - Kanzlei BLKR
file-blkr.blkr.netz
# MBR / VDK
gw-mbr.oopen.de
# OPP
gw-opp.oopen.de
zapata.opp.netz
# - Kanzlei EBS Leipzig
gw-ebs.oopen.de
# Sprachenatelier
gw-spr.oopen.de
# Warenform
gw-d11.oopen.de
# - GA - Gemeinschaft Altensclirf
ga-st-gw-ersatz.ga.netz
ga-st-gw-surf1.oopen.de
ga-al-gw.oopen.de
ga-nh-gw.oopen.de
ga-st-lxc1.ga.netz
ga-st-mail.ga.netz
ga-al-ws1.ga.netz
@ -688,8 +696,6 @@ cl-test.oopen.de
file-ah.kanzlei-kiel.netz
file-fhxb.fhxb.netz
[ftp_server]
@ -939,6 +945,9 @@ web0.warenform.de
web1.warenform.de
web2.warenform.de
# server26.warenform.de
backup.warenform.de
# ---
# - Warenform Office
# ---
@ -1114,6 +1123,7 @@ o17.oopen.de
# ---
bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz
file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
@ -1122,6 +1132,7 @@ zapata.opp.netz
[nfs_server]
file-ebs.ebs.netz
file-fhxb.fhxb.netz
@ -1328,6 +1339,7 @@ cl-test.oopen.de
bbb-server.b3-bornim.netz
file-ah.kanzlei-kiel.netz
file-ebs.ebs.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-blkr.blkr.netz
@ -1546,6 +1558,7 @@ gw-ak.oopen.de
gw-b3.oopen.de
gw-d11.oopen.de
gw-ebs.oopen.de
gw-elster.oopen.de
gw-ak.oopen.de
gw-akb.oopen.de
gw-ckubu.local.netz

11
roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
View File

@ -38,20 +38,15 @@ thecaffeinatedquilter\.com$
rea\.realflightshop\.com$
tetontimberlinetrading\.com$
walelaber\.shop$
couetsart\.xyz$
technedigitale\.com$
dia-two-2\.de$
surlumice\.store$
hecnvoipl\.xyz$
viastarco\.xyz$
mail\.notistall\.balashov\.su$
mail\.batistase\.hz\.cz$
mail\.lorinsales\.de\.fr$
mail\.jostalles\.azerbaijan\.su$
mail\.batistase\.hz\.cz$
wulprobot\.xyz$
circuitlogix\.com$
anelpones\.xyz$
a27-10\.smtp-out.us-west-2\.amazonses\.com$
relay01\.cne\.gob\.ve$
mta01\.cne\.gob\.ve$
@ -61,7 +56,11 @@ berligpot\.quest$
chwestinstrumentalmusic\.com$
nrgroekle\.site$
classyak\.com$
homrondea\.xyz$
childswork\.com$
ywgf\.net$
alnweohct\.online$
kitchenfantasy\.com$
kitchenfaucetcenter\.com$
fqmeta\.net$
kitchenespial\.com$

11
roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
View File

@ -107,4 +107,13 @@
# US u.a.(liefer-experten.com)
69.12.79.32/27
207.167.64.0/23
# US (u.a. premiumversender.com)
192.161.172.0/23
# LIR (u.a. premiumversender.com)
185.101.92.0/22
# US (u.a. d-logistik.com)
216.144.236.224/28
# GB
146.59.88.240/29
# UA (Ukraine)
193.3.23.0/24

3
roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
View File

@ -76,6 +76,9 @@ firmen-infos\.com$
@profiverkauf\.com$
@liefer-experten\.com$
@premiumversender\.com$
@longhornvapor\.com$
@d-logistik\.com$
# annoying spammer addresses
^error@mailfrom\.com$

2
roles/common/templates/etc/samba/smb.conf.j2
View File

@ -57,7 +57,7 @@
#
# Example: server min protocol = NT1
#
server min protocol = {{ samba_server_min_protocol }}
server min protocol = {{ samba_server_min_protocol|default('SMB2_02') }}
{% endif %}