diff --git a/ansible.cfg b/ansible.cfg index 1af3970..1b12d9b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -10,7 +10,19 @@ [defaults] -ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** +ansible_managed = *** [ Ansible managed file: DO NOT EDIT DIRECTLY ] *** + +# Use of 'ansible_managed' +# +# + use with filter 'comment' - WITHOUT leading comment sign: +# +# {{ ansible_managed | comment }} +# +# +# + use without filter 'comment' - WITH leading comment sign: +# +# # {{ ansible_managed }} + #gathering = smart #fact_caching = jsonfile #fact_caching_connection = ~/.cache/ diff --git a/hosts b/hosts index b3b38ef..a09922e 100644 --- a/hosts +++ b/hosts @@ -22,9 +22,7 @@ gw-irights.oopen.de gw-km.oopen.de gw-mbr.oopen.de gw-opp.oopen.de -172.16.62.2 gw-ro.oopen.de -172.16.72.1 gw-spr.oopen.de gw-kb.oopen.de @@ -41,7 +39,6 @@ ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de ga-al-gw.ga.netz ga-nh-gw.ga.netz -192.168.11.182 server16.warenform.de helden.warenform.de @@ -87,9 +84,6 @@ o13-pad.oopen.de o13-schleuder.oopen.de o13-web.oopen.de -o14.oopen.de -a.mx.oopen.de - o17.oopen.de test.mx.oopen.de meet2.oopen.de @@ -162,7 +156,7 @@ e.mx.oopen.de etherpad.oopen.de web-02.oopen.de d.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # O.OPEN - b.mx web-01 ... o36.oopen.de @@ -191,9 +185,7 @@ gw-km.oopen.de gw-irights.oopen.de gw-mbr.oopen.de gw-opp.oopen.de -172.16.62.2 gw-ro.oopen.de -172.16.72.1 gw-km.oopen.de gw-spr.oopen.de @@ -213,7 +205,6 @@ ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de ga-al-gw.ga.netz ga-nh-gw.ga.netz -192.168.11.182 # --- # - Warenform Server @@ -287,10 +278,6 @@ o13-pad.oopen.de o13-schleuder.oopen.de o13-web.oopen.de -# - o14.oopen.de -o14.oopen.de -a.mx.oopen.de - o17.oopen.de test.mx.oopen.de test.mariadb.oopen.de @@ -373,7 +360,7 @@ e.mx.oopen.de etherpad.oopen.de web-02.oopen.de d.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # O.OPEN - b.mx web-01 ... o36.oopen.de @@ -445,9 +432,6 @@ o13-mail.oopen.de o13-mumble.oopen.de o13-web.oopen.de -# o14.oopen.de -a.mx.oopen.de - # o17.oopen.de test.mariadb.oopen.de test.mx.oopen.de @@ -485,7 +469,7 @@ cl-02.oopen.de e.mx.oopen.de web-02.oopen.de d.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # o36 - b.mx, web-01, web-03,-- matomo-01.oopen.de @@ -703,9 +687,6 @@ c.mx.oopen.de o13-mail.oopen.de o13-schleuder.oopen.de -# o14.oopen.de -a.mx.oopen.de - # o17.oopen.de test.mx.oopen.de @@ -718,7 +699,7 @@ mail.faire-mobilitaet.de # o35.oopen.de e.mx.oopen.de d.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # o36 - b.mx, web-01, web-03,-- web-01.oopen.de @@ -756,16 +737,13 @@ lists.mx.warenform.de o13-board.oopen.de o13-mail.oopen.de -# o14.oopen.de -a.mx.oopen.de - # o25.oopen.de mail.faire-mobilitaet.de # o35.oopen.de e.mx.oopen.de d.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # o36 - b.mx, web-01, web-03,-- web-01.oopen.de @@ -959,9 +937,6 @@ c.mx.oopen.de # o13.oopen.de o13-mail.oopen.de -# o14.oopen.de -a.mx.oopen.de - # o17.oopen.de test.mx.oopen.de @@ -977,7 +952,7 @@ mail.faire-mobilitaet.de # o35.oopen.de d.mx.oopen.de e.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # o36.oopen.de - b.mx, web-01, web-03 b.mx.oopen.de @@ -1078,7 +1053,6 @@ o34.oopen.de o12.oopen.de o13.oopen.de -o14.oopen.de o17.oopen.de o18.oopen.de #o20.oopen.de @@ -1142,9 +1116,6 @@ o13-pad.oopen.de o13-schleuder.oopen.de o13-web.oopen.de -# - o14.oopen.de -a.mx.oopen.de - # - o17.oopen.de test.mx.oopen.de test.mariadb.oopen.de @@ -1218,7 +1189,7 @@ etherpad.oopen.de web-02.oopen.de b.ns.oopen.de d.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # o36 - b.mx, web-01, web-03,-- b.mx.oopen.de @@ -1321,10 +1292,6 @@ o13-pad.oopen.de o13-schleuder.oopen.de o13-web.oopen.de -# - o14.oopen.de -o14.oopen.de -a.mx.oopen.de - # - o17.oopen.de o17.oopen.de test.mx.oopen.de @@ -1410,7 +1377,7 @@ etherpad.oopen.de web-02.oopen.de b.ns.oopen.de d.mx.oopen.de -95.217.204.247 +a.mx.oopen.de # o36 - b.mx, web-01, web-03,-- b.mx.oopen.de @@ -1458,7 +1425,6 @@ ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de ga-al-gw.ga.netz ga-nh-gw.ga.netz -192.168.11.182 # - readonly gateways gw-123.oopen.de @@ -1504,7 +1470,6 @@ ga-st-gw-ersatz.ga.netz ga-st-gw.oopen.de ga-al-gw.ga.netz ga-nh-gw.ga.netz -192.168.11.182 gw-replacement3.local.netz diff --git a/roles/common/templates/etc/ssh/sshd_config.j2 b/roles/common/templates/etc/ssh/sshd_config.j2 index 1dde1ff..81c620e 100644 --- a/roles/common/templates/etc/ssh/sshd_config.j2 +++ b/roles/common/templates/etc/ssh/sshd_config.j2 @@ -1,4 +1,8 @@ +# *** ---------------------------------------------- *** +# *** *** # {{ ansible_managed }} +# *** *** +# *** ---------------------------------------------- *** #----------------------------- # Daemon diff --git a/roles/common/templates/etc/sudoers.j2 b/roles/common/templates/etc/sudoers.j2 index c1399b6..78712e6 100644 --- a/roles/common/templates/etc/sudoers.j2 +++ b/roles/common/templates/etc/sudoers.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} # This file MUST be edited with the 'visudo' command as root. # diff --git a/roles/modify-ipt-gateway-ro/tasks/main.yml b/roles/modify-ipt-gateway-ro/tasks/main.yml index 9118cd0..bb023e7 100644 --- a/roles/modify-ipt-gateway-ro/tasks/main.yml +++ b/roles/modify-ipt-gateway-ro/tasks/main.yml @@ -804,6 +804,49 @@ - nc_turn_service_ipv6_present is changed +# --- +# Allow Outbound Streamin / Echo360 Video Streaming +# --- + +- name: Check if String 'allow_outbound_streaming..' (IPv4) is present + shell: grep -q -E "^allow_outbound_streaming=" /ro/etc/ipt-firewall/main_ipv4.conf + register: allow_outbound_streaming_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "allow_outbound_streaming_ipv4_present.rc > 1" + changed_when: "allow_outbound_streaming_ipv4_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (allow_outbound_streaming) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*allow_mumble_request_out' + block: | + allow_outbound_streaming=true + allow_echo360_video_streaming=true + marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)" + when: + - main_ipv4_exists.stat.exists + - allow_outbound_streaming_ipv4_present is changed + +- name: Check if String 'allow_outbound_streaming..' (IPv6) is present + shell: grep -q -E "^allow_outbound_streaming=" /ro/etc/ipt-firewall/main_ipv6.conf + register: allow_outbound_streaming_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "allow_outbound_streaming_ipv6_present.rc > 1" + changed_when: "allow_outbound_streaming_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_outbound_streaming) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*allow_mumble_request_out' + block: | + allow_outbound_streaming=true + allow_echo360_video_streaming=true + marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)" + when: + - main_ipv6_exists.stat.exists + - allow_outbound_streaming_ipv6_present is changed + + # --- # Remove Marker set by blockinfile # --- diff --git a/roles/modify-ipt-gateway/tasks/main.yml b/roles/modify-ipt-gateway/tasks/main.yml index f09e742..80deece 100644 --- a/roles/modify-ipt-gateway/tasks/main.yml +++ b/roles/modify-ipt-gateway/tasks/main.yml @@ -935,6 +935,49 @@ - bigbluebutton_service_ipv6_present is changed +# --- +# Allow Outbound Streamin / Echo360 Video Streaming +# --- + +- name: Check if String 'allow_outbound_streaming..' (IPv4) is present + shell: grep -q -E "^allow_outbound_streaming=" /etc/ipt-firewall/main_ipv4.conf + register: allow_outbound_streaming_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "allow_outbound_streaming_ipv4_present.rc > 1" + changed_when: "allow_outbound_streaming_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_outbound_streaming) + blockinfile: + path: /etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*allow_mumble_request_out' + block: | + allow_outbound_streaming=true + allow_echo360_video_streaming=true + marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)" + when: + - main_ipv4_exists.stat.exists + - allow_outbound_streaming_ipv4_present is changed + +- name: Check if String 'allow_outbound_streaming..' (IPv6) is present + shell: grep -q -E "^allow_outbound_streaming=" /etc/ipt-firewall/main_ipv6.conf + register: allow_outbound_streaming_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "allow_outbound_streaming_ipv6_present.rc > 1" + changed_when: "allow_outbound_streaming_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_outbound_streaming) + blockinfile: + path: /etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*allow_mumble_request_out' + block: | + allow_outbound_streaming=true + allow_echo360_video_streaming=true + marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)" + when: + - main_ipv6_exists.stat.exists + - allow_outbound_streaming_ipv6_present is changed + + # --- # Remove Marker set by blockinfile # ---