ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update ..

Browse Source
This commit is contained in:
ckubu 2024-06-09 01:30:38 +02:00
parent eedc62c8a3
commit e29906f845
16 changed files with 636 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
host_vars/devel-cloud.wf.netz.yml
View File

@ -25,6 +25,75 @@
# --- # ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
resolved_nameserver:
- 192.168.52.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- wf.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# --- # ---
# vars used by roles/common/tasks/users.yml # vars used by roles/common/tasks/users.yml
# --- # ---
@ -32,26 +101,15 @@
extra_user: extra_user:
- name: kaya - name: kaya
user_id: 1002
group_id: 1002
password: $6$t9gheUvd$hFTJ5mp0bdu4Hc5zGmS6HuSAfFOc4QRROLX4wnCauLjwTxUtvhgeLDlL5YkjGfiWOCEe84krH4op0DdKjTJWG/ password: $6$t9gheUvd$hFTJ5mp0bdu4Hc5zGmS6HuSAfFOc4QRROLX4wnCauLjwTxUtvhgeLDlL5YkjGfiWOCEe84krH4op0DdKjTJWG/
shell: /bin/bash shell: /bin/bash
ssh_keys: ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNeWlp4fwExBSttvzD1LvSI49+b4YfIncB1lpFcCzLU4yJoAmPFCgoquhiL7TAjUnXa2/7BWLEJhsNQgdtOhCm431idLcJomwtK1FYpRkY/qfBYsYs8lLtpZwasHGrikEswDt5LiKutNnMnRlUBRNiJLRv90dR0hSNuGnIMaQUDfTkiq/RtkbOPJLNMcSsNr7MPN3GqzxhN2WBpcQ9dLUZKRJbHfrDt8g1aaLMrZVu/mO/kRplaShzmHtkJSQTXCsuA/hZy9mO38NNQdSl0+IY2OPDXxZtdHLbi+KKymIHHtKV7rxGmP3CF/stV1ux0H2ZLuv7c5dy75EZ386iT2c0OfUVXHX5+IBFrDP5RR9usyfyvTcqNhlGi39MiAaxlkn1GI1M/PXnrExEO4hqTQRbu4lnDbWxgeC7RIoUp62Y4UVjEOrTk57Reg5MeUx2Lp20Kd0OMYv4nJB2eEZ6uCfrh1s1QediVZ0SSE1Z1vJc2hoaGRUUX1q8bww2HzZaF+rBJo+euOZiSkYWgXNBnag74BBM9RPHOSRMdajNrgop2ceBkC/G3Z71Z39QIisF1y0KExmfsPMO4k126o55DnbfsAzCDNiBqv8unBZcFCq+4EP6SWXzWhtS3/71/W3XK9/JJ9n7JS1SCl5USyJMxAV7VUIjEkmU+8nkxQB1/tzKXw== xayax@xAyAx-imac.local' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNeWlp4fwExBSttvzD1LvSI49+b4YfIncB1lpFcCzLU4yJoAmPFCgoquhiL7TAjUnXa2/7BWLEJhsNQgdtOhCm431idLcJomwtK1FYpRkY/qfBYsYs8lLtpZwasHGrikEswDt5LiKutNnMnRlUBRNiJLRv90dR0hSNuGnIMaQUDfTkiq/RtkbOPJLNMcSsNr7MPN3GqzxhN2WBpcQ9dLUZKRJbHfrDt8g1aaLMrZVu/mO/kRplaShzmHtkJSQTXCsuA/hZy9mO38NNQdSl0+IY2OPDXxZtdHLbi+KKymIHHtKV7rxGmP3CF/stV1ux0H2ZLuv7c5dy75EZ386iT2c0OfUVXHX5+IBFrDP5RR9usyfyvTcqNhlGi39MiAaxlkn1GI1M/PXnrExEO4hqTQRbu4lnDbWxgeC7RIoUp62Y4UVjEOrTk57Reg5MeUx2Lp20Kd0OMYv4nJB2eEZ6uCfrh1s1QediVZ0SSE1Z1vJc2hoaGRUUX1q8bww2HzZaF+rBJo+euOZiSkYWgXNBnag74BBM9RPHOSRMdajNrgop2ceBkC/G3Z71Z39QIisF1y0KExmfsPMO4k126o55DnbfsAzCDNiBqv8unBZcFCq+4EP6SWXzWhtS3/71/W3XK9/JJ9n7JS1SCl5USyJMxAV7VUIjEkmU+8nkxQB1/tzKXw== xayax@xAyAx-imac.local'
- name: christian
user_id: 1003
group_id: 1003
password: $6$2paWmEea$G51JZDzjjDNE75aBl/xuM1dyH.FWYHwNCRHeKWkHhxjUmRRC/v.hhNh5jOk5EbVWDeVh7r5dz1tO2HTZUMftb1
shell: /bin/bash
ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb6ngLE9Vh0H6IqiHF2yeQX11kCeVE4QaK8Ca0Ogqtz8drC4/3Ugl9ZDtJR+UH+GpP/bOQZDTGF6f+p8dNlfpeoHZ92Yg62yMeD9qx9iQT8NeloLvpHk3B3NV10Lrff/zoeTGP7U8zKvLQsYnCwSPEodKEsxbf5mFcJN13/m+PW3tW0veRtYGvBwhimxidpSr+DLcRTZrZGs2Jf8BVqqAL0BIdH7exuLeKpACQzDAk10+DfLTNEXPgZ5jNBu3MBXqjyNRTTU+wEGAyUmHxv+ZJfjeBIM2Hgkl+lp2Bi5qQlsUduYtbXXrPQZzbgzIk+Rr0yY7/mfYSEXR41Uqv1QLScs2+Dpf713Lyr7H97bf64m1mzLd5vrps94JlqHSmcRzqENsW7HpdRmnpD7R+2lJe2faVX1HIT/mh/PjMItefbOhgV5FtcHcUiINVqi/4bmK68fPTXD+OBLuOHRkp1rYME6Z9pxXa6H6Ji8rIGOAHf2XyGqbvR80pG8n/jMk8AmaZLlvzCk1YAocphZDFAV/jm5zwFiUCzrND6mz4xCWJ8lJb2ZPoQpuGUppg/agoASFPeimbJp5zRuUp9tLL1xra0b9NjAA42M6ju1CkDvvNnRGEk/E9AD/G6v4AxHP5dzzmIlLSS6sNIDADPkdIfRhwe1Y7aF3TrYNq/P97Z1whtQ== schroeder@Christians-MacBook-Pro.local'
sudo_users: sudo_users:
- chris - chris
- axel - axel
- kaya - kaya
- christian
- sysadm - sysadm

4
host_vars/file-blkr.blkr.netz.yml
View File

@ -380,6 +380,10 @@ samba_user:
groups: groups:
- buero - buero
password: 'bhNC.P5eTy-2' password: 'bhNC.P5eTy-2'
- name: buero-05
groups:
- buero
password: '5/SXbV-M3vmQ'
base_home: /data/home base_home: /data/home

9
host_vars/ga-al-gw.oopen.de.yml
View File

@ -438,12 +438,15 @@ bind9_gateway_acl:
- internaldns: - internaldns:
name: internaldns name: internaldns
entries: entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1 - 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3 - 192.168.10.3
- 192.168.10.6
- '# Nameserver Gateway Altenschlirf' - '# Nameserver Gateway Altenschlirf'
- 192.168.10.1 - 192.168.10.1
- 192.168.10.254 - '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1 - 172.16.0.1
- '# Nameserver Gateway Novalishaus' - '# Nameserver Gateway Novalishaus'
- 192.168.81.1 - 192.168.81.1
@ -452,6 +455,8 @@ bind9_gateway_acl:
- 10.113.12.3 - 10.113.12.3
- '# Postfix Mailserver' - '# Postfix Mailserver'
- 192.168.11.2 - 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2

259
host_vars/ga-al-relay.ga.netz.yml Normal file
View File

@ -0,0 +1,259 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
install_compiler_pkgs: true
install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.10.1
- 192.168.10.3
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- ga.netz
- ga.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 192.168.11.1
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: id-rsa-dehydrated
priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated
priv_key_dest: /root/.ssh/id_rsa-dehydrated
pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub
pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
- name: id-rsa-opendkim
priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim
priv_key_dest: /root/.ssh/id_rsa-opendkim
pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub
pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3
- '# Nameserver Gateway Altenschlirf'
- 192.168.10.1
- '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1
- '# Nameserver Gateway Novalishaus'
- 192.168.81.1
- 10.2.11.2
- '# Nameserver wolle'
- 10.113.12.3
- '# Postfix Mailserver'
- 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- none
bind9_transfer_source: !!str "192.168.10.2"
bind9_notify_source: !!str "192.168.10.2"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
copy_plain_files_postfix_host_specific:
- name: relay_domains
src_path: ga-al-relay/etc/postfix/relay_domains
dest_path: /etc/postfix/relay_domains
copy_template_files: []
#
# - name: mailsystem_install_amavis.conf
# src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
# dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---
hostname: ga-al-relay.ga.netz
ipv4_address: 192.168.10.2
#ipv6_address:
admin_email: it@gemeinschaft-altenschlirf.org
is_relay_host: !!str "false"
sasl_auth_enable: !!str "yes"
template_files_mailsystem_script:
- name: mailsystem_install_postfix_advanced.conf
src_path: usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_postfix_advanced.conf
- name: mailsystem_install_amavis.conf
src_path: usr/local/src/mailsystem/conf/install_amavis.conf.j2
dest_path: /usr/local/src/mailsystem/conf/install_amavis.conf

9
host_vars/ga-nh-gw.oopen.de.yml
View File

@ -320,12 +320,15 @@ bind9_gateway_acl:
- internaldns: - internaldns:
name: internaldns name: internaldns
entries: entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1 - 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3 - 192.168.10.3
- 192.168.10.6
- '# Nameserver Gateway Altenschlirf' - '# Nameserver Gateway Altenschlirf'
- 192.168.10.1 - 192.168.10.1
- 192.168.10.254 - '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1 - 172.16.0.1
- '# Nameserver Gateway Novalishaus' - '# Nameserver Gateway Novalishaus'
- 192.168.81.1 - 192.168.81.1
@ -334,6 +337,8 @@ bind9_gateway_acl:
- 10.113.12.3 - 10.113.12.3
- '# Postfix Mailserver' - '# Postfix Mailserver'
- 192.168.11.2 - 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6: bind9_gateway_listen_on_v6:
- none - none

9
host_vars/ga-st-gw-ersatz.ga.netz.yml
View File

@ -209,12 +209,15 @@ bind9_gateway_acl:
- internaldns: - internaldns:
name: internaldns name: internaldns
entries: entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1 - 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3 - 192.168.10.3
- 192.168.10.6
- '# Nameserver Gateway Altenschlirf' - '# Nameserver Gateway Altenschlirf'
- 192.168.10.1 - 192.168.10.1
- 192.168.10.254 - '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1 - 172.16.0.1
- '# Nameserver Gateway Novalishaus' - '# Nameserver Gateway Novalishaus'
- 192.168.81.1 - 192.168.81.1
@ -223,6 +226,8 @@ bind9_gateway_acl:
- 10.113.12.3 - 10.113.12.3
- '# Postfix Mailserver' - '# Postfix Mailserver'
- 192.168.11.2 - 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6: bind9_gateway_listen_on_v6:
- none - none

9
host_vars/ga-st-gw.ga.netz.yml
View File

@ -484,12 +484,15 @@ bind9_gateway_acl:
- internaldns: - internaldns:
name: internaldns name: internaldns
entries: entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1 - 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3 - 192.168.10.3
- 192.168.10.6
- '# Nameserver Gateway Altenschlirf' - '# Nameserver Gateway Altenschlirf'
- 192.168.10.1 - 192.168.10.1
- 192.168.10.254 - '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1 - 172.16.0.1
- '# Nameserver Gateway Novalishaus' - '# Nameserver Gateway Novalishaus'
- 192.168.81.1 - 192.168.81.1
@ -498,6 +501,8 @@ bind9_gateway_acl:
- 10.113.12.3 - 10.113.12.3
- '# Postfix Mailserver' - '# Postfix Mailserver'
- 192.168.11.2 - 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6: bind9_gateway_listen_on_v6:
- none - none

9
host_vars/ga-st-gw.oopen.de.yml
View File

@ -472,12 +472,15 @@ bind9_gateway_acl:
- internaldns: - internaldns:
name: internaldns name: internaldns
entries: entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1 - 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3 - 192.168.10.3
- 192.168.10.6
- '# Nameserver Gateway Altenschlirf' - '# Nameserver Gateway Altenschlirf'
- 192.168.10.1 - 192.168.10.1
- 192.168.10.254 - '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1 - 172.16.0.1
- '# Nameserver Gateway Novalishaus' - '# Nameserver Gateway Novalishaus'
- 192.168.81.1 - 192.168.81.1
@ -486,6 +489,8 @@ bind9_gateway_acl:
- 10.113.12.3 - 10.113.12.3
- '# Postfix Mailserver' - '# Postfix Mailserver'
- 192.168.11.2 - 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6: bind9_gateway_listen_on_v6:
- none - none

209
host_vars/gw-replacement4.local.netz.yml Normal file
View File

@ -0,0 +1,209 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
copy_additional_plain_files_sysctl:
- name: enable-ipv6
src_path: etc/sysctl.d/30-enable-ipv6.conf
dest_path: /etc/sysctl.d/30-enable-ipv6.conf
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_hostkeyalgorithms:
- ssh-ed25519
- ssh-ed25519-cert-v01@openssh.com
- rsa-sha2-256
- rsa-sha2-512
- ecdsa-sha2-nistp256
- rsa-sha2-256-cert-v01@openssh.com
- rsa-sha2-512-cert-v01@openssh.com
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- wf.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $y$j9T$IVBTpn.OrI6YiQ9q3fA8b1$Y1bmID5yXJbKfoLFt1VmQs6LezeTj5/1M9ppZBD2Pn4

2
host_vars/o38.oopen.de.yml
View File

@ -114,7 +114,7 @@ network_interfaces:
- device: br0 - device: br0
family: inet6 family: inet6
method: static method: static
address: '2a01:4f8:222:161c::2' address: '2a01:4f8:222:161c::115'
netmask: 64 netmask: 64
gateway: 'fe80::1' gateway: 'fe80::1'

2
host_vars/o39.oopen.de.yml
View File

@ -114,7 +114,7 @@ network_interfaces:
- device: br0 - device: br0
family: inet6 family: inet6
method: static method: static
address: '2a01:4f9:3081:34d1::2' address: '2a01:4f9:3081:34d1::126'
netmask: 64 netmask: 64
gateway: 'fe80::1' gateway: 'fe80::1'

150
host_vars/zapata.opp.netz.yml
View File

@ -255,41 +255,18 @@ samba_user:
- verwaltung - verwaltung
password: 'Tax!ko11ekt!v' password: 'Tax!ko11ekt!v'
- name: anastasia
groups:
- buero
- beratung
password: '20anastas1a*22'
- name: andi
groups:
- buero
- beratung
password: 'D1dPWdPvopp4!'
- name: anika - name: anika
groups: groups:
- buero - buero
- beratung - beratung
password: '4n1k4*adb_23' password: '4n1k4*adb_23'
- name: anna
groups:
- buero
- beratung
password: '20_anna#19!'
- name: anne - name: anne
groups: groups:
- buero - buero
- beratung - beratung
password: 'antilottka110' password: 'antilottka110'
- name: anne-gr
groups:
- buero
password: '20:anne-gr:21'
- name: birgit - name: birgit
groups: groups:
- buero - buero
@ -326,48 +303,18 @@ samba_user:
- buero - buero
password: '20-printer-18' password: '20-printer-18'
- name: elisabeth
groups:
- buero
- beratung
password: '20_elisabeth_18!'
- name: gudrun
groups:
- buero
- beratung
password: '20good+run18'
- name: hannes - name: hannes
groups: groups:
- buero - buero
- beratung - beratung
password: 'U24Pdm-2' password: 'U24Pdm-2'
- name: ingmar
groups:
- buero
- beratung
password: '20_ingmar_16!'
- name: jenny
groups:
- buero
- beratung
password: '20_jenn13_18!'
- name: joschka - name: joschka
groups: groups:
- buero - buero
- beratung - beratung
password: '20_joschka_15' password: '20_joschka_15'
- name: josef
groups:
- buero
- beratung
password: 'P1nGu!N12345!'
- name: judith - name: judith
groups: groups:
- buero - buero
@ -386,24 +333,12 @@ samba_user:
- buero - buero
password: 'jun1a#adb22' password: 'jun1a#adb22'
- name: kyra
groups:
- buero
- beratung
password: 'kyra+burg*2021'
- name: lavinia - name: lavinia
groups: groups:
- buero - buero
- beratung - beratung
password: '20!lavinia*20' password: '20!lavinia*20'
- name: lorenz
groups:
- buero
- beratung
password: '20-lorenz-23'
- name: luise - name: luise
groups: groups:
- buero - buero
@ -416,12 +351,6 @@ samba_user:
- beratung - beratung
password: 'magdalena_23' password: 'magdalena_23'
- name: mahadi
groups:
- buero
- beratung
password: '22_mahadi#obs'
- name: marcus - name: marcus
groups: groups:
- buero - buero
@ -447,30 +376,12 @@ samba_user:
- beratung - beratung
password: 'm4rv!n*6urg_24' password: 'm4rv!n*6urg_24'
- name: miriam
groups:
- buero
- beratung
password: 'slh-m1r14m23'
- name: nevena - name: nevena
groups: groups:
- buero - buero
- beratung - beratung
password: 'n3v3na*2020' password: 'n3v3na*2020'
- name: nuria
groups:
- buero
- beratung
password: 'Nur1a*0bs21'
- name: oezge
groups:
- buero
- beratung
password: '20_oezge_18!'
- name: opp - name: opp
groups: groups:
- buero - buero
@ -478,23 +389,6 @@ samba_user:
- verwaltung - verwaltung
password: 'DaWirdIhnenGeholfen!' password: 'DaWirdIhnenGeholfen!'
- name: opp2
groups:
- beratung
password: 'antilottka110'
- name: opp3
groups:
- beratung
password: '20_martin_18'
- name: opp6
groups:
- buero
- beratung
- verwaltung
password: '20_opp6_15!'
- name: opp7 - name: opp7
groups: groups:
- buero - buero
@ -502,40 +396,35 @@ samba_user:
- verwaltung - verwaltung
password: '20_opp6_19!' password: '20_opp6_19!'
- name: philipp - name: paul
groups: groups:
- buero - buero
- beratung - beratung
password: 'Adorno*2411' password: '#polsfuss*adb24'
- name: praktikum - name: praktikum
groups: groups:
- buero - buero
password: 'praktikant*in_00p' password: 'praktikant*in_00p'
- name: samantha
groups:
- buero
- beratung
password: 'art_12*lvbbg+adb'
- name: simon - name: simon
groups: groups:
- buero - buero
- beratung - beratung
password: '20_simon_18!' password: '20_simon_18!'
- name: tine
groups:
- buero
- beratung
password: 't!ne*2018'
- name: ute - name: ute
groups: groups:
- buero - buero
- beratung - beratung
password: '23_ut3*obs' password: '23_ut3*obs'
- name: vali
groups:
- buero
password: '20_valentina_18!'
- name: veronika - name: veronika
groups: groups:
- buero - buero
@ -556,7 +445,28 @@ base_home: /home
# #
#remove_samba_users: [] #remove_samba_users: []
remove_samba_users: remove_samba_users:
- name: evren - name: gudrun
- name: oezge
- name: tine
- name: philipp
- name: vali
- name: ingmar
- name: anna
- name: andi
- name: jenny
- name: opp6
- name: opp3
- name: opp2
- name: katrin
- name: elisabeth
- name: josef
- name: anne-gr
- name: kyra
- name: nuria
- name: anastasia
- name: mahadi
- name: miriam
- name: lorenz
samba_shares: samba_shares:

11
hosts
View File

@ -64,6 +64,7 @@ zapata.opp.netz
gw-replacement.local.netz gw-replacement.local.netz
gw-replacement2.local.netz gw-replacement2.local.netz
gw-replacement3.local.netz gw-replacement3.local.netz
gw-replacement4.local.netz
kvm-ipa.local.netz kvm-ipa.local.netz
file-ipa.local.netz file-ipa.local.netz
@ -77,6 +78,7 @@ ga-al-gw.oopen.de
ga-nh-gw.oopen.de ga-nh-gw.oopen.de
ga-st-lxc1.ga.netz ga-st-lxc1.ga.netz
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
ga-st-kvm1.ga.netz ga-st-kvm1.ga.netz
ga-al-kvm2.ga.netz ga-al-kvm2.ga.netz
ga-al-kvm3.ga.netz ga-al-kvm3.ga.netz
@ -412,6 +414,7 @@ gw-ckubu.local.netz
gw-replacement.local.netz gw-replacement.local.netz
gw-replacement2.local.netz gw-replacement2.local.netz
gw-replacement3.local.netz gw-replacement3.local.netz
gw-replacement4.local.netz
kvm-ipa.local.netz kvm-ipa.local.netz
file-ipa.local.netz file-ipa.local.netz
@ -485,6 +488,7 @@ ga-nh-gw.oopen.de
ga-st-lxc1.ga.netz ga-st-lxc1.ga.netz
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
ga-st-services.ga.netz ga-st-services.ga.netz
ga-al-ws1.ga.netz ga-al-ws1.ga.netz
ga-st-kvm1.ga.netz ga-st-kvm1.ga.netz
@ -602,6 +606,7 @@ at-10-neu.ak.netz
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
ga-al-ws1.ga.netz ga-al-ws1.ga.netz
ga-st-services.ga.netz ga-st-services.ga.netz
@ -779,6 +784,7 @@ b.mx.oopen.de
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
# --- # ---
# Warenform server # Warenform server
@ -832,6 +838,7 @@ web-03.oopen.de
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
# --- # ---
# Warenform server # Warenform server
@ -1071,6 +1078,7 @@ b.mx.oopen.de
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
file-ipa.local.netz file-ipa.local.netz
@ -1375,6 +1383,7 @@ file-ipa.local.netz
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
ga-st-services.ga.netz ga-st-services.ga.netz
# --- # ---
@ -1596,6 +1605,7 @@ gw-flr.oopen.de
gw-replacement.local.netz gw-replacement.local.netz
gw-replacement2.local.netz gw-replacement2.local.netz
gw-replacement3.local.netz gw-replacement3.local.netz
gw-replacement4.local.netz
gw-irights.oopen.de gw-irights.oopen.de
gw-km.oopen.de gw-km.oopen.de
gw-mbr.oopen.de gw-mbr.oopen.de
@ -1688,6 +1698,7 @@ devel-ruby.wf.netz
# - GA - Gemeinschaft Altensclirf # - GA - Gemeinschaft Altensclirf
ga-st-lxc1.ga.netz ga-st-lxc1.ga.netz
ga-st-mail.ga.netz ga-st-mail.ga.netz
ga-al-relay.ga.netz
ga-st-services.ga.netz ga-st-services.ga.netz
ga-st-kvm1.ga.netz ga-st-kvm1.ga.netz
ga-al-kvm2.ga.netz ga-al-kvm2.ga.netz

11
roles/common/files/ga-al-relay/etc/postfix/relay_domains Normal file
View File

@ -0,0 +1,11 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
## - ga-st-mail.ga.net
## -
gemeinschaft-altenschlirf.de :[ga-st-mail.ga.netz]
gemeinschaft-altenschlirf.org :[ga-st-mail.ga.netz]
lists.gemeinschaft-altenschlirf.de :[ga-st-mail.ga.netz]
oopen.de :[ga-st-mail.ga.netz]

5
roles/common/tasks/main.yml
View File

@ -208,8 +208,8 @@
# tags supported inside config_files_mailsystem_scripts.yml: # tags supported inside config_files_mailsystem_scripts.yml:
# #
- import_tasks: config_files_mailsystem_scripts.yml #- import_tasks: config_files_mailsystem_scripts.yml
tags: # tags:
- config-files-mailsystem - config-files-mailsystem
# tags supported inside samba-user.yml: # tags supported inside samba-user.yml:
@ -245,6 +245,7 @@
when: inventory_hostname in groups['samba_server'] when: inventory_hostname in groups['samba_server']
tags: tags:
- samba-server - samba-server
- remove-samba-user
- import_tasks: redis-server.yml - import_tasks: redis-server.yml
when: inventory_hostname in groups['nextcloud_server'] or when: inventory_hostname in groups['nextcloud_server'] or

5
roles/common/tasks/samba-remove-user.yml
View File

@ -5,8 +5,9 @@
# --- # ---
- name: (samba-remove-user.yml) Check if samba user exists for removable system user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' - name: "(samba-remove-user.yml) Check if samba user exists for removable system user"
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep -q '{{ item.name }}'
register: samba_remove_system_users_present register: samba_remove_system_users_present
changed_when: "samba_remove_system_users_present.rc == 0" changed_when: "samba_remove_system_users_present.rc == 0"
failed_when: "samba_remove_system_users_present.rc > 1" failed_when: "samba_remove_system_users_present.rc > 1"