diff --git a/host_vars/devel-cloud.wf.netz.yml b/host_vars/devel-cloud.wf.netz.yml index 8d9182e..615eb5a 100644 --- a/host_vars/devel-cloud.wf.netz.yml +++ b/host_vars/devel-cloud.wf.netz.yml @@ -25,6 +25,75 @@ # --- +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +resolved_nameserver: + - 192.168.52.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - wf.netz + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + # --- # vars used by roles/common/tasks/users.yml # --- @@ -32,26 +101,15 @@ extra_user: - name: kaya - user_id: 1002 - group_id: 1002 password: $6$t9gheUvd$hFTJ5mp0bdu4Hc5zGmS6HuSAfFOc4QRROLX4wnCauLjwTxUtvhgeLDlL5YkjGfiWOCEe84krH4op0DdKjTJWG/ shell: /bin/bash ssh_keys: - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNeWlp4fwExBSttvzD1LvSI49+b4YfIncB1lpFcCzLU4yJoAmPFCgoquhiL7TAjUnXa2/7BWLEJhsNQgdtOhCm431idLcJomwtK1FYpRkY/qfBYsYs8lLtpZwasHGrikEswDt5LiKutNnMnRlUBRNiJLRv90dR0hSNuGnIMaQUDfTkiq/RtkbOPJLNMcSsNr7MPN3GqzxhN2WBpcQ9dLUZKRJbHfrDt8g1aaLMrZVu/mO/kRplaShzmHtkJSQTXCsuA/hZy9mO38NNQdSl0+IY2OPDXxZtdHLbi+KKymIHHtKV7rxGmP3CF/stV1ux0H2ZLuv7c5dy75EZ386iT2c0OfUVXHX5+IBFrDP5RR9usyfyvTcqNhlGi39MiAaxlkn1GI1M/PXnrExEO4hqTQRbu4lnDbWxgeC7RIoUp62Y4UVjEOrTk57Reg5MeUx2Lp20Kd0OMYv4nJB2eEZ6uCfrh1s1QediVZ0SSE1Z1vJc2hoaGRUUX1q8bww2HzZaF+rBJo+euOZiSkYWgXNBnag74BBM9RPHOSRMdajNrgop2ceBkC/G3Z71Z39QIisF1y0KExmfsPMO4k126o55DnbfsAzCDNiBqv8unBZcFCq+4EP6SWXzWhtS3/71/W3XK9/JJ9n7JS1SCl5USyJMxAV7VUIjEkmU+8nkxQB1/tzKXw== xayax@xAyAx-imac.local' - - name: christian - user_id: 1003 - group_id: 1003 - password: $6$2paWmEea$G51JZDzjjDNE75aBl/xuM1dyH.FWYHwNCRHeKWkHhxjUmRRC/v.hhNh5jOk5EbVWDeVh7r5dz1tO2HTZUMftb1 - shell: /bin/bash - ssh_keys: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb6ngLE9Vh0H6IqiHF2yeQX11kCeVE4QaK8Ca0Ogqtz8drC4/3Ugl9ZDtJR+UH+GpP/bOQZDTGF6f+p8dNlfpeoHZ92Yg62yMeD9qx9iQT8NeloLvpHk3B3NV10Lrff/zoeTGP7U8zKvLQsYnCwSPEodKEsxbf5mFcJN13/m+PW3tW0veRtYGvBwhimxidpSr+DLcRTZrZGs2Jf8BVqqAL0BIdH7exuLeKpACQzDAk10+DfLTNEXPgZ5jNBu3MBXqjyNRTTU+wEGAyUmHxv+ZJfjeBIM2Hgkl+lp2Bi5qQlsUduYtbXXrPQZzbgzIk+Rr0yY7/mfYSEXR41Uqv1QLScs2+Dpf713Lyr7H97bf64m1mzLd5vrps94JlqHSmcRzqENsW7HpdRmnpD7R+2lJe2faVX1HIT/mh/PjMItefbOhgV5FtcHcUiINVqi/4bmK68fPTXD+OBLuOHRkp1rYME6Z9pxXa6H6Ji8rIGOAHf2XyGqbvR80pG8n/jMk8AmaZLlvzCk1YAocphZDFAV/jm5zwFiUCzrND6mz4xCWJ8lJb2ZPoQpuGUppg/agoASFPeimbJp5zRuUp9tLL1xra0b9NjAA42M6ju1CkDvvNnRGEk/E9AD/G6v4AxHP5dzzmIlLSS6sNIDADPkdIfRhwe1Y7aF3TrYNq/P97Z1whtQ== schroeder@Christians-MacBook-Pro.local' - sudo_users: - chris - axel - kaya - - christian - sysadm diff --git a/host_vars/file-blkr.blkr.netz.yml b/host_vars/file-blkr.blkr.netz.yml index d4ae438..992162b 100644 --- a/host_vars/file-blkr.blkr.netz.yml +++ b/host_vars/file-blkr.blkr.netz.yml @@ -380,6 +380,10 @@ samba_user: groups: - buero password: 'bhNC.P5eTy-2' + - name: buero-05 + groups: + - buero + password: '5/SXbV-M3vmQ' base_home: /data/home diff --git a/host_vars/ga-al-gw.oopen.de.yml b/host_vars/ga-al-gw.oopen.de.yml index cda95d1..764bf2f 100644 --- a/host_vars/ga-al-gw.oopen.de.yml +++ b/host_vars/ga-al-gw.oopen.de.yml @@ -438,12 +438,15 @@ bind9_gateway_acl: - internaldns: name: internaldns entries: + - '# Nameserver Gateway Stockhausen' - 192.168.11.1 + - '# Domain Controller Stockhausen' - 192.168.10.3 - - 192.168.10.6 - '# Nameserver Gateway Altenschlirf' - 192.168.10.1 - - 192.168.10.254 + - '# Domain Controller Altenschlirf' + - 192.168.10.3 + - 192.168.10.6 - 172.16.0.1 - '# Nameserver Gateway Novalishaus' - 192.168.81.1 @@ -452,6 +455,8 @@ bind9_gateway_acl: - 10.113.12.3 - '# Postfix Mailserver' - 192.168.11.2 + - '# Mail Relay System' + - 192.168.10.2 diff --git a/host_vars/ga-al-relay.ga.netz.yml b/host_vars/ga-al-relay.ga.netz.yml new file mode 100644 index 0000000..0d8a4e3 --- /dev/null +++ b/host_vars/ga-al-relay.ga.netz.yml @@ -0,0 +1,259 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + +install_compiler_pkgs: true + +install_postgresql_pkgs: true + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 192.168.10.1 + - 192.168.10.3 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - ga.netz + - ga.intra + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 192.168.11.1 + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +insert_root_ssh_keypair: true + +root_ssh_keypair: + - name: id-rsa-dehydrated + priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated + priv_key_dest: /root/.ssh/id_rsa-dehydrated + pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub + pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub + - name: id-rsa-opendkim + priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim + priv_key_dest: /root/.ssh/id_rsa-opendkim + pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub + pub_key_dest: /root/.ssh/id_rsa-opendkim.pub + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +install_bind_packages: true + + +bind9_gateway_acl: + - local-net: + name: local-net + entries: + - 127.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 10.0.0.0/8 + - fc00::/7 + - fe80::/10 + - ::1/128 + - internaldns: + name: internaldns + entries: + - '# Nameserver Gateway Stockhausen' + - 192.168.11.1 + - '# Domain Controller Stockhausen' + - 192.168.10.3 + - '# Nameserver Gateway Altenschlirf' + - 192.168.10.1 + - '# Domain Controller Altenschlirf' + - 192.168.10.3 + - 192.168.10.6 + - 172.16.0.1 + - '# Nameserver Gateway Novalishaus' + - 192.168.81.1 + - 10.2.11.2 + - '# Nameserver wolle' + - 10.113.12.3 + - '# Postfix Mailserver' + - 192.168.11.2 + - '# Mail Relay System' + - 192.168.10.2 + + + +bind9_gateway_listen_on_v6: + - none + +bind9_gateway_listen_on: + - any + +#bind9_gateway_allow_transfer: {} +bind9_gateway_allow_transfer: + - none + +bind9_transfer_source: !!str "192.168.10.2" +bind9_notify_source: !!str "192.168.10.2" + +#bind9_gateway_allow_query: {} +bind9_gateway_allow_query: + - local-net + +#bind9_gateway_allow_query_cache: {} +bind9_gateway_allow_query_cache: + - local-net + +bind9_gateway_recursion: !!str "yes" +#bind9_gateway_allow_recursion: {} +bind9_gateway_allow_recursion: + - local-net + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/copy_files.yml +# --- + + +copy_plain_files_postfix_host_specific: + + - name: relay_domains + src_path: ga-al-relay/etc/postfix/relay_domains + dest_path: /etc/postfix/relay_domains + + +copy_template_files: [] +# +# - name: mailsystem_install_amavis.conf +# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2 +# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf + + + +# --- +# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml +# --- + +hostname: ga-al-relay.ga.netz +ipv4_address: 192.168.10.2 +#ipv6_address: + +admin_email: it@gemeinschaft-altenschlirf.org +is_relay_host: !!str "false" +sasl_auth_enable: !!str "yes" + + + +template_files_mailsystem_script: + + - name: mailsystem_install_postfix_advanced.conf + src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 + dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf + + - name: mailsystem_install_amavis.conf + src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2 + dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf diff --git a/host_vars/ga-nh-gw.oopen.de.yml b/host_vars/ga-nh-gw.oopen.de.yml index f2861e8..95bcc3c 100644 --- a/host_vars/ga-nh-gw.oopen.de.yml +++ b/host_vars/ga-nh-gw.oopen.de.yml @@ -320,12 +320,15 @@ bind9_gateway_acl: - internaldns: name: internaldns entries: + - '# Nameserver Gateway Stockhausen' - 192.168.11.1 + - '# Domain Controller Stockhausen' - 192.168.10.3 - - 192.168.10.6 - '# Nameserver Gateway Altenschlirf' - 192.168.10.1 - - 192.168.10.254 + - '# Domain Controller Altenschlirf' + - 192.168.10.3 + - 192.168.10.6 - 172.16.0.1 - '# Nameserver Gateway Novalishaus' - 192.168.81.1 @@ -334,6 +337,8 @@ bind9_gateway_acl: - 10.113.12.3 - '# Postfix Mailserver' - 192.168.11.2 + - '# Mail Relay System' + - 192.168.10.2 bind9_gateway_listen_on_v6: - none diff --git a/host_vars/ga-st-gw-ersatz.ga.netz.yml b/host_vars/ga-st-gw-ersatz.ga.netz.yml index 7a030ed..dd6b0b7 100644 --- a/host_vars/ga-st-gw-ersatz.ga.netz.yml +++ b/host_vars/ga-st-gw-ersatz.ga.netz.yml @@ -209,12 +209,15 @@ bind9_gateway_acl: - internaldns: name: internaldns entries: + - '# Nameserver Gateway Stockhausen' - 192.168.11.1 + - '# Domain Controller Stockhausen' - 192.168.10.3 - - 192.168.10.6 - '# Nameserver Gateway Altenschlirf' - 192.168.10.1 - - 192.168.10.254 + - '# Domain Controller Altenschlirf' + - 192.168.10.3 + - 192.168.10.6 - 172.16.0.1 - '# Nameserver Gateway Novalishaus' - 192.168.81.1 @@ -223,6 +226,8 @@ bind9_gateway_acl: - 10.113.12.3 - '# Postfix Mailserver' - 192.168.11.2 + - '# Mail Relay System' + - 192.168.10.2 bind9_gateway_listen_on_v6: - none diff --git a/host_vars/ga-st-gw.ga.netz.yml b/host_vars/ga-st-gw.ga.netz.yml index c3e8189..3eca636 100644 --- a/host_vars/ga-st-gw.ga.netz.yml +++ b/host_vars/ga-st-gw.ga.netz.yml @@ -484,12 +484,15 @@ bind9_gateway_acl: - internaldns: name: internaldns entries: + - '# Nameserver Gateway Stockhausen' - 192.168.11.1 + - '# Domain Controller Stockhausen' - 192.168.10.3 - - 192.168.10.6 - '# Nameserver Gateway Altenschlirf' - 192.168.10.1 - - 192.168.10.254 + - '# Domain Controller Altenschlirf' + - 192.168.10.3 + - 192.168.10.6 - 172.16.0.1 - '# Nameserver Gateway Novalishaus' - 192.168.81.1 @@ -498,6 +501,8 @@ bind9_gateway_acl: - 10.113.12.3 - '# Postfix Mailserver' - 192.168.11.2 + - '# Mail Relay System' + - 192.168.10.2 bind9_gateway_listen_on_v6: - none diff --git a/host_vars/ga-st-gw.oopen.de.yml b/host_vars/ga-st-gw.oopen.de.yml index ca1d670..1004178 100644 --- a/host_vars/ga-st-gw.oopen.de.yml +++ b/host_vars/ga-st-gw.oopen.de.yml @@ -472,12 +472,15 @@ bind9_gateway_acl: - internaldns: name: internaldns entries: + - '# Nameserver Gateway Stockhausen' - 192.168.11.1 + - '# Domain Controller Stockhausen' - 192.168.10.3 - - 192.168.10.6 - '# Nameserver Gateway Altenschlirf' - 192.168.10.1 - - 192.168.10.254 + - '# Domain Controller Altenschlirf' + - 192.168.10.3 + - 192.168.10.6 - 172.16.0.1 - '# Nameserver Gateway Novalishaus' - 192.168.81.1 @@ -486,6 +489,8 @@ bind9_gateway_acl: - 10.113.12.3 - '# Postfix Mailserver' - 192.168.11.2 + - '# Mail Relay System' + - 192.168.10.2 bind9_gateway_listen_on_v6: - none diff --git a/host_vars/gw-replacement4.local.netz.yml b/host_vars/gw-replacement4.local.netz.yml new file mode 100644 index 0000000..781081a --- /dev/null +++ b/host_vars/gw-replacement4.local.netz.yml @@ -0,0 +1,209 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +copy_additional_plain_files_sysctl: + + - name: enable-ipv6 + src_path: etc/sysctl.d/30-enable-ipv6.conf + dest_path: /etc/sysctl.d/30-enable-ipv6.conf + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_hostkeyalgorithms: + - ssh-ed25519 + - ssh-ed25519-cert-v01@openssh.com + - rsa-sha2-256 + - rsa-sha2-512 + - ecdsa-sha2-nistp256 + - rsa-sha2-256-cert-v01@openssh.com + - rsa-sha2-512-cert-v01@openssh.com + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 127.0.0.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - wf.netz + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_user_special_time_entries: + + - name: "Restart NTP service 'ntpsec'" + special_time: reboot + job: "sleep 15 ; /bin/systemctl restart ntpsec" + insertafter: PATH + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: sysadm + + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + +sudo_users: + - chris + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +git_firewall_repository: + name: ipt-gateway + repo: https://git.oopen.de/firewall/ipt-gateway + dest: /usr/local/src/ipt-gateway + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + +install_bind_packages: true + +bind9_gateway_listen_on_v6: + - none + +bind9_gateway_listen_on: + - any + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $y$j9T$IVBTpn.OrI6YiQ9q3fA8b1$Y1bmID5yXJbKfoLFt1VmQs6LezeTj5/1M9ppZBD2Pn4 + diff --git a/host_vars/o38.oopen.de.yml b/host_vars/o38.oopen.de.yml index 6532f78..b9f3c28 100644 --- a/host_vars/o38.oopen.de.yml +++ b/host_vars/o38.oopen.de.yml @@ -114,7 +114,7 @@ network_interfaces: - device: br0 family: inet6 method: static - address: '2a01:4f8:222:161c::2' + address: '2a01:4f8:222:161c::115' netmask: 64 gateway: 'fe80::1' diff --git a/host_vars/o39.oopen.de.yml b/host_vars/o39.oopen.de.yml index 2b74c5d..759d578 100644 --- a/host_vars/o39.oopen.de.yml +++ b/host_vars/o39.oopen.de.yml @@ -114,7 +114,7 @@ network_interfaces: - device: br0 family: inet6 method: static - address: '2a01:4f9:3081:34d1::2' + address: '2a01:4f9:3081:34d1::126' netmask: 64 gateway: 'fe80::1' diff --git a/host_vars/zapata.opp.netz.yml b/host_vars/zapata.opp.netz.yml index 15e7c91..c99a935 100644 --- a/host_vars/zapata.opp.netz.yml +++ b/host_vars/zapata.opp.netz.yml @@ -255,41 +255,18 @@ samba_user: - verwaltung password: 'Tax!ko11ekt!v' - - name: anastasia - groups: - - buero - - beratung - password: '20anastas1a*22' - - - name: andi - groups: - - buero - - beratung - password: 'D1dPWdPvopp4!' - - name: anika groups: - buero - beratung password: '4n1k4*adb_23' - - name: anna - groups: - - buero - - beratung - password: '20_anna#19!' - - name: anne groups: - buero - beratung password: 'antilottka110' - - name: anne-gr - groups: - - buero - password: '20:anne-gr:21' - - name: birgit groups: - buero @@ -326,48 +303,18 @@ samba_user: - buero password: '20-printer-18' - - name: elisabeth - groups: - - buero - - beratung - password: '20_elisabeth_18!' - - - name: gudrun - groups: - - buero - - beratung - password: '20good+run18' - - name: hannes groups: - buero - beratung password: 'U24Pdm-2' - - name: ingmar - groups: - - buero - - beratung - password: '20_ingmar_16!' - - - name: jenny - groups: - - buero - - beratung - password: '20_jenn13_18!' - - name: joschka groups: - buero - beratung password: '20_joschka_15' - - name: josef - groups: - - buero - - beratung - password: 'P1nGu!N12345!' - - name: judith groups: - buero @@ -386,24 +333,12 @@ samba_user: - buero password: 'jun1a#adb22' - - name: kyra - groups: - - buero - - beratung - password: 'kyra+burg*2021' - - name: lavinia groups: - buero - beratung password: '20!lavinia*20' - - name: lorenz - groups: - - buero - - beratung - password: '20-lorenz-23' - - name: luise groups: - buero @@ -416,12 +351,6 @@ samba_user: - beratung password: 'magdalena_23' - - name: mahadi - groups: - - buero - - beratung - password: '22_mahadi#obs' - - name: marcus groups: - buero @@ -447,30 +376,12 @@ samba_user: - beratung password: 'm4rv!n*6urg_24' - - name: miriam - groups: - - buero - - beratung - password: 'slh-m1r14m23' - - name: nevena groups: - buero - beratung password: 'n3v3na*2020' - - name: nuria - groups: - - buero - - beratung - password: 'Nur1a*0bs21' - - - name: oezge - groups: - - buero - - beratung - password: '20_oezge_18!' - - name: opp groups: - buero @@ -478,23 +389,6 @@ samba_user: - verwaltung password: 'DaWirdIhnenGeholfen!' - - name: opp2 - groups: - - beratung - password: 'antilottka110' - - - name: opp3 - groups: - - beratung - password: '20_martin_18' - - - name: opp6 - groups: - - buero - - beratung - - verwaltung - password: '20_opp6_15!' - - name: opp7 groups: - buero @@ -502,40 +396,35 @@ samba_user: - verwaltung password: '20_opp6_19!' - - name: philipp + - name: paul groups: - buero - beratung - password: 'Adorno*2411' + password: '#polsfuss*adb24' - name: praktikum groups: - buero password: 'praktikant*in_00p' + - name: samantha + groups: + - buero + - beratung + password: 'art_12*lvbbg+adb' + - name: simon groups: - buero - beratung password: '20_simon_18!' - - name: tine - groups: - - buero - - beratung - password: 't!ne*2018' - - name: ute groups: - buero - beratung password: '23_ut3*obs' - - name: vali - groups: - - buero - password: '20_valentina_18!' - - name: veronika groups: - buero @@ -556,7 +445,28 @@ base_home: /home # #remove_samba_users: [] remove_samba_users: - - name: evren + - name: gudrun + - name: oezge + - name: tine + - name: philipp + - name: vali + - name: ingmar + - name: anna + - name: andi + - name: jenny + - name: opp6 + - name: opp3 + - name: opp2 + - name: katrin + - name: elisabeth + - name: josef + - name: anne-gr + - name: kyra + - name: nuria + - name: anastasia + - name: mahadi + - name: miriam + - name: lorenz samba_shares: diff --git a/hosts b/hosts index 86b4058..519e5c4 100644 --- a/hosts +++ b/hosts @@ -64,6 +64,7 @@ zapata.opp.netz gw-replacement.local.netz gw-replacement2.local.netz gw-replacement3.local.netz +gw-replacement4.local.netz kvm-ipa.local.netz file-ipa.local.netz @@ -77,6 +78,7 @@ ga-al-gw.oopen.de ga-nh-gw.oopen.de ga-st-lxc1.ga.netz ga-st-mail.ga.netz +ga-al-relay.ga.netz ga-st-kvm1.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz @@ -412,6 +414,7 @@ gw-ckubu.local.netz gw-replacement.local.netz gw-replacement2.local.netz gw-replacement3.local.netz +gw-replacement4.local.netz kvm-ipa.local.netz file-ipa.local.netz @@ -485,6 +488,7 @@ ga-nh-gw.oopen.de ga-st-lxc1.ga.netz ga-st-mail.ga.netz +ga-al-relay.ga.netz ga-st-services.ga.netz ga-al-ws1.ga.netz ga-st-kvm1.ga.netz @@ -602,6 +606,7 @@ at-10-neu.ak.netz # - GA - Gemeinschaft Altensclirf ga-st-mail.ga.netz +ga-al-relay.ga.netz ga-al-ws1.ga.netz ga-st-services.ga.netz @@ -779,6 +784,7 @@ b.mx.oopen.de # - GA - Gemeinschaft Altensclirf ga-st-mail.ga.netz +ga-al-relay.ga.netz # --- # Warenform server @@ -832,6 +838,7 @@ web-03.oopen.de # - GA - Gemeinschaft Altensclirf ga-st-mail.ga.netz +ga-al-relay.ga.netz # --- # Warenform server @@ -1071,6 +1078,7 @@ b.mx.oopen.de # - GA - Gemeinschaft Altensclirf ga-st-mail.ga.netz +ga-al-relay.ga.netz file-ipa.local.netz @@ -1375,6 +1383,7 @@ file-ipa.local.netz # - GA - Gemeinschaft Altensclirf ga-st-mail.ga.netz +ga-al-relay.ga.netz ga-st-services.ga.netz # --- @@ -1596,6 +1605,7 @@ gw-flr.oopen.de gw-replacement.local.netz gw-replacement2.local.netz gw-replacement3.local.netz +gw-replacement4.local.netz gw-irights.oopen.de gw-km.oopen.de gw-mbr.oopen.de @@ -1688,6 +1698,7 @@ devel-ruby.wf.netz # - GA - Gemeinschaft Altensclirf ga-st-lxc1.ga.netz ga-st-mail.ga.netz +ga-al-relay.ga.netz ga-st-services.ga.netz ga-st-kvm1.ga.netz ga-al-kvm2.ga.netz diff --git a/roles/common/files/ga-al-relay/etc/postfix/relay_domains b/roles/common/files/ga-al-relay/etc/postfix/relay_domains new file mode 100644 index 0000000..2484e6b --- /dev/null +++ b/roles/common/files/ga-al-relay/etc/postfix/relay_domains @@ -0,0 +1,11 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + + +## - ga-st-mail.ga.net +## - +gemeinschaft-altenschlirf.de :[ga-st-mail.ga.netz] +gemeinschaft-altenschlirf.org :[ga-st-mail.ga.netz] + +lists.gemeinschaft-altenschlirf.de :[ga-st-mail.ga.netz] + +oopen.de :[ga-st-mail.ga.netz] diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index a3e788d..40f5d32 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -208,8 +208,8 @@ # tags supported inside config_files_mailsystem_scripts.yml: # -- import_tasks: config_files_mailsystem_scripts.yml - tags: +#- import_tasks: config_files_mailsystem_scripts.yml +# tags: - config-files-mailsystem # tags supported inside samba-user.yml: @@ -245,6 +245,7 @@ when: inventory_hostname in groups['samba_server'] tags: - samba-server + - remove-samba-user - import_tasks: redis-server.yml when: inventory_hostname in groups['nextcloud_server'] or diff --git a/roles/common/tasks/samba-remove-user.yml b/roles/common/tasks/samba-remove-user.yml index fdd9d6b..fe0c6bd 100644 --- a/roles/common/tasks/samba-remove-user.yml +++ b/roles/common/tasks/samba-remove-user.yml @@ -5,8 +5,9 @@ # --- -- name: (samba-remove-user.yml) Check if samba user exists for removable system user - shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' + +- name: "(samba-remove-user.yml) Check if samba user exists for removable system user" + shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep -q '{{ item.name }}' register: samba_remove_system_users_present changed_when: "samba_remove_system_users_present.rc == 0" failed_when: "samba_remove_system_users_present.rc > 1"