ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2024-12-19 22:44:32 +01:00
parent f61e2ff73c
commit c9cee6deae
17 changed files with 714 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
host_vars/backup.warenform.de.yml
View File

@ -170,16 +170,6 @@ cron_user_entries:
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
- name: "Check if remote website is online"
minute: '*/15'
hour: '7-23'

151
host_vars/cl-dissens.oopen.de.yml Normal file
View File

@ -0,0 +1,151 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

169
host_vars/file-dissens.dissens.netz.yml
View File

@ -184,7 +184,7 @@ cron_user_special_time_entries:
sudoers_file_user_aliases:
- name: MAIN_USER
entry: 'malte.taeubrich, ulla.wittenzellner, sarah.klemm, bernard.koennecke, elenor.faellgrem,mario.freidank '
entry: 'malte.taeubrich, ulla.wittenzellner, sarah.klemm, bernard.koennecke, elenor.faellgren, mario.freidank '
sudoers_file_cmnd_aliases:
- name: REBOOT
@ -219,6 +219,15 @@ sudoers_file_user_privileges:
# ---
# ---
# vars used by roles/common/tasks/ntp.yml
# ---
local_ntp_service: true
ntp_server: gw-dissens.dissens.netz
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
@ -264,9 +273,9 @@ samba_groups:
- name: projekte
group_id: 1110
- name: verwaltung
group_id: 1120
group_id: 1200
- name: gf
group_id: 1120
group_id: 1300
samba_user:
- name: bernard.koennecke
@ -296,62 +305,99 @@ samba_user:
- projekte
- team
- verwaltung
password: '20-da-v1d.g3lh44r_24%'
password: '20-dav1d.g3lh44r_24%'
- name: elenor.faellgrem
- name: elenor.faellgren
groups:
- projekte
- team
password: '20/313n0r-g3l.h4r/24?'
password: '20/3l3n0r-fa3llg3em/24?'
- name: johanna.hess
groups:
- buero
- verwaltung
password: '20_j0.h4nn4_h3ss-24+'
- projekte
- team
password: '20_j0h4nn4_h3ss-24+'
- name: leonie
- name: johanna.ruekgauer
groups:
- buero
- projekte
password: '20.j0hanna.ru3kgau3r+24!'
- name: laura.sasse
groups:
- projekte
- team
password: '20/l4ur4-s4sse-24?'
- name: maite.gabriel
groups:
- projekte
password: '20+m4ite.g4briel-24+'
- name: malte.taeubrich
groups:
- gf
- projekte
- team
- verwaltung
password: '6.4aVX7rQ-9H'
- name: philip
password: '20%m4lt3-t3ubrich+24!'
- name: mario.freidank
groups:
- buero
- projekte
- team
- verwaltung
password: 'fN%749Psv_NR'
- name: buero1
password: '20-mar1o.fr31dank-24+'
- name: olaf.stuve
groups:
- buero
password: 'Mfr!7tK+d49C'
- name: buero2
- projekte
password: '20-0l4f_stuve_24?"'
- name: rositsa.mahdi
groups:
- buero
password: 'gW-wg3Pttf4/'
- name: buero3
- projekte
password: '20.ros1tsa-mahd1+24+'
- name: sarah.klemm
groups:
- buero
password: 'Qc-WyMhJ/3-2'
- name: referendariat
groups:
- buero
password: '4/zCNXnVF7+i'
- name: ref1
groups:
- buero
password: '???'
- name: sebastian
groups:
- buero
- gf
- projekte
- team
- verwaltung
password: 'bhNC.P5eTy-2'
- name: buero-05
password: '20.s4r4h_kl3mm-24!'
- name: simon.krugmann
groups:
- buero
password: '5/SXbV-M3vmQ'
- name: buero-06
- projekte
password: '20%sim0n.krugm4nn.24?'
- name: tabea.koepp
groups:
- buero
password: 'N-ba2R+i/2eM'
- projekte
- team
password: '20?tab3a/ko3pp.24/'
- name: till.dahlmueller
groups:
- projekte
- team
password: '20.t1ll/d4hlmueller-24!'
- name: ulla.wittenzellner
groups:
- gf
- projekte
- team
- verwaltung
password: '20+ull4_w1tt3nz3lln3r_24-'
- name: yannik.markhof
groups:
- projekte
- team
password: '20.y4nnik/m4rkhof_24/'
base_home: /data/home
@ -360,14 +406,37 @@ base_home: /data/home
# - name: name2
#
remove_samba_users: []
#remove_samba_users:
# - name: elenor.faellgrem
# - name: maiken.schiele
samba_shares:
- name: buero
comment: Buero auf Fileserver
path: /data/samba/shares/buero
group_valid_users: buero
group_write_list: buero
- name: GF
comment: GF auf Fileserver
path: /data/samba/shares/GF
group_valid_users: gf
group_write_list: gf
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Projekte
comment: verwaltung auf Fileserver
path: /data/samba/shares/Projekte
group_valid_users: projekte
group_write_list: projekte
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Team
comment: verwaltung auf Fileserver
path: /data/samba/shares/Team
group_valid_users: team
group_write_list: team
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
@ -375,11 +444,11 @@ samba_shares:
- name: Verwaltung
comment: verwaltung auf Fileserver
path: /data/samba/shares/verwaltung
path: /data/samba/shares/Verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 664
dir_create_mask: !!str 2775
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'

14
host_vars/o29.oopen.de.yml
View File

@ -23,7 +23,7 @@ network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp35s0
headline: br0 - bridge over device enp8s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -31,11 +31,11 @@ network_interfaces:
family: inet
method: static
hwaddress: a8:a1:59:3e:bd:b8
hwaddress: 9c:6b:00:6d:f5:a1
description:
address: 135.181.136.120
address: 65.21.220.154
netmask: 26
gateway: 135.181.136.65
gateway: 65.21.220.129
metric:
pointopoint:
mtu:
@ -80,7 +80,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: enp35s0 # for mor devices support a blank separated list
ports: enp8s0 # for mor devices support a blank separated list
stp: !!str off
fd: 1
hello: 2
@ -107,7 +107,7 @@ network_interfaces:
# inline hook scripts
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 135.181.136.64 netmask 255.255.255.192 gw 135.181.136.65 dev br0" # up script lines
- !!str "route add -net 65.21.220.128 netmask 255.255.255.192 gw 65.21.220.129 dev br0" # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
@ -118,7 +118,7 @@ network_interfaces:
- device: br0
family: inet6
method: static
address: 2a01:4f9:3a:1051::2
address: 2a01:4f9:3080:318c::2
netmask: 64
gateway: fe80::1

22
host_vars/web0.warenform.de.yml
View File

@ -142,6 +142,28 @@ ssh_keypair_backup_client:
#
# see: roles/common/tasks/vars
sudoers_file_user_aliases:
- name: WEB_USER
entry: 'webadmin, axel, chris'
- name: MAIN_USER
entry: 'sysadm, axel, chris'
sudoers_file_cmnd_aliases:
- name: REBOOT
entry: '/sbin/reboot'
- name: MANAGE_SERVICE
entry: '/usr/bin/systemctl'
sudoers_file_user_privileges:
- name: MAIN_USER
entry: ALL = REBOOT, MANAGE_SERVICE
- name: WEB_USER
entry: ALL = MANAGE_SERVICE
# ---
# vars used by roles/common/tasks/caching-nameserver.yml