diff --git a/host_vars/file-km-neu.anw-km.netz.yml b/host_vars/file-km-alt.anw-km.netz.yml similarity index 72% rename from host_vars/file-km-neu.anw-km.netz.yml rename to host_vars/file-km-alt.anw-km.netz.yml index c01fd29..7b0801c 100644 --- a/host_vars/file-km-neu.anw-km.netz.yml +++ b/host_vars/file-km-alt.anw-km.netz.yml @@ -1,8 +1,10 @@ --- + # --- # vars used by roles/network_interfaces # --- + # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted network_manage_devices: True @@ -17,10 +19,12 @@ network_interface_required_packages: - ifupdown - ifenslave + network_interfaces: + - device: br0 # use only once per device (for the first device entry) - headline: br0 - bridge over device eno1np0 + headline: br0 - bridge over device enp97s0 # auto & allow are only used for the first device entry allow: [] # array of allow-[stanzas] eg. allow-hotplug @@ -29,7 +33,7 @@ network_interfaces: family: inet method: static description: - address: 192.168.122.210 + address: 192.168.122.215 netmask: 24 gateway: 192.168.122.254 @@ -49,7 +53,7 @@ network_interfaces: # maxwait: # waitport: bridge: - ports: eno1np0 # for mor devices support a blank separated list + ports: enp97s0 # for mor devices support a blank separated list stp: !!str off fd: 5 hello: 2 @@ -57,39 +61,38 @@ network_interfaces: # inline hook scripts pre-up: - - !!str "ip link set dev eno1np0 up" # pre-up script lines + - !!str "ip link set dev enp97s0 up" # pre-up script lines up: [] #up script lines post-up: [] # post-up script lines (alias for up) pre-down: [] # pre-down script lines (alias for down) down: [] # down script lines post-down: [] # post-down script lines + # --- # vars used by roles/ansible_dependencies # --- + # --- # vars used by roles/ansible_user # --- + # --- # vars used by roles/common/tasks/basic.yml # --- + # --- # vars used by roles/common/tasks/sshd.yml # --- + # --- # vars used by roles/common/tasks/apt.yml # --- -apt_install_extra_pkgs: - - lvm2 - - kpartx - - ntfs-3g - - swtpm - - swtpm-tools # --- # vars used by roles/common/tasks/systemd-resolved.yml @@ -158,13 +161,15 @@ resolved_dnssec: false # dns.as250.net: 194.150.168.168 # resolved_fallback_nameserver: - - 172.16.122.254 + - 172.16.122.254 + # --- # vars used by roles/common/tasks/cron.yml # --- cron_user_special_time_entries: + - name: "Restart DNS Cache service 'systemd-resolved'" special_time: reboot job: "sleep 10 ; /bin/systemctl restart systemd-resolved" @@ -175,10 +180,12 @@ cron_user_special_time_entries: job: "echo 1 > /sys/kernel/mm/ksm/run" insertafter: PATH + cron_user_entries: + - name: "Check if SSH service is running. Restart service if needed." - minute: "*/5" - hour: "*" + minute: '*/5' + hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if postfix mailservice is running. Restart service if needed." @@ -206,66 +213,22 @@ cron_user_entries: hour: "*" job: /root/bin/monitoring/check_ntpsec_service.sh + + # --- # vars used by roles/common/tasks/users.yml # --- -extra_user: - - name: advoware - user_id: 1115 - group_id: 1115 - group: advoware - home: / data/home/advoware - password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22 - shell: /bin/bash - ssh_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" - - - name: a-jur - user_id: 1110 - group_id: 1110 - group: a-jur - home: / data/home/a-jur - password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22 - shell: /bin/bash - ssh_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" - - - name: back - user_id: 1060 - group_id: 1060 - group: back - home: /home/back - password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0 - shell: /bin/bash - ssh_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de" - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - home: /home/borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km" - # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- + # --- # vars used by roles/common/tasks/webadmin-user.yml # --- + # --- # vars used by roles/common/tasks/sudoers.yml # --- @@ -273,28 +236,31 @@ extra_user: # see: roles/common/tasks/vars sudoers_file_user_back_mount_privileges: - - "ALL=(root) NOPASSWD: /usr/bin/mount" - - "ALL=(root) NOPASSWD: /usr/bin/umount" + - 'ALL=(root) NOPASSWD: /usr/bin/mount' + - 'ALL=(root) NOPASSWD: /usr/bin/umount' + # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- + # --- # vars used by roles/common/tasks/git.yml # --- + # --- # vars used by roles/common/tasks/samba-config-server.yml # vars used by roles/common/tasks/samba-user.yml # --- -samba_server_ip: 192.168.122.210 +samba_server_ip: 192.168.122.215 samba_server_cidr_prefix: 24 -samba_workgroup: ANW-KM +samba_workgroup: WORKGROUP -samba_netbios_name: FILE-KM-01 +samba_netbios_name: FILE-KM-ALT samba_server_min_protocol: !!str NT1 @@ -303,13 +269,11 @@ samba_groups: group_id: 1100 - name: a-jur group_id: 1110 - - name: advoware - group_id: 1115 - name: intern group_id: 1120 - name: wildvang group_id: 1130 - - name: eibelshaeuser + - name: eibelshaeuser group_id: 1140 - name: stahmann group_id: 1150 @@ -322,13 +286,15 @@ samba_groups: - name: install group_id: 1190 + + samba_user: - name: advoware groups: - advoware has_rdp: false - password: "9WNRbc49m3" + password: '9WNRbc49m3' - name: a-jur groups: @@ -336,7 +302,7 @@ samba_user: - alle - kanzlei has_rdp: false - password: "a-jur" + password: 'a-jur' - name: chris groups: @@ -353,12 +319,12 @@ samba_user: - public has_rdp: true password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30383265366434633965346530666535363761396165393434643665393137353765653739636364 - 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 - 63663763616630383264303039336562626537366634303636356237323630666635356130383165 - 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 - 3430 + $ANSIBLE_VAULT;1.1;AES256 + 30383265366434633965346530666535363761396165393434643665393137353765653739636364 + 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 + 63663763616630383264303039336562626537366634303636356237323630666635356130383165 + 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 + 3430 - name: sysadm groups: @@ -374,7 +340,7 @@ samba_user: - wildvang - public has_rdp: false - password: "Ax_GSHh5" + password: 'Ax_GSHh5' - name: winadm groups: @@ -390,11 +356,11 @@ samba_user: - wildvang - public has_rdp: false - password: "Ax_GSHh5" + password: 'Ax_GSHh5' - # --- - # Andreas Eibelhäuser - # --- +# --- +# Andreas Eibelhäuser +# --- - name: andreas groups: @@ -403,7 +369,7 @@ samba_user: - eibelshaeuser - public has_rdp: true - password: "YKQRa.M9-6rL" + password: 'YKQRa.M9-6rL' - name: philipp groups: @@ -412,7 +378,7 @@ samba_user: - eibelshaeuser - public has_rdp: true - password: "20-phi.lip.26%" + password: '20-phi.lip.26%' - name: ref.eibelshaeuser groups: @@ -421,11 +387,11 @@ samba_user: - eibelshaeuser - public has_rdp: true - password: "20-ref-eibels.haeuser.26+" + password: '20-ref-eibels.haeuser.26+' - # --- - # Berenice Böhlo - # --- +# --- +# Berenice Böhlo +# --- - name: berenice groups: @@ -435,7 +401,7 @@ samba_user: - alle - public has_rdp: true - password: "berenice" + password: 'berenice' - name: annabel groups: @@ -445,7 +411,7 @@ samba_user: - alle - public has_rdp: true - password: "20+an-na.bel/26!" + password: '20+an-na.bel/26!' - name: jens-uwe groups: @@ -455,7 +421,7 @@ samba_user: - alle - public has_rdp: false - password: "20_jens-uwe.thomas.26!" + password: '20_jens-uwe.thomas.26!' - name: mariami groups: @@ -465,7 +431,7 @@ samba_user: - alle - public has_rdp: false - password: "20.ma-ri-ami/26!" + password: '20.ma-ri-ami/26!' - name: nina groups: @@ -475,7 +441,7 @@ samba_user: - alle - public has_rdp: true - password: "20-ni.ha-ger%26%" + password: '20-ni.ha-ger%26%' - name: zeina groups: @@ -485,7 +451,7 @@ samba_user: - alle - public has_rdp: true - password: "20/ze.ina-26+" + password: '20/ze.ina-26+' - name: rm-buero1 groups: @@ -507,9 +473,9 @@ samba_user: has_rdp: false password: '20_rmbuero.2-26%' - # --- - # Rolf Stahmann - # --- +# --- +# Rolf Stahmann +# --- - name: irina groups: @@ -519,7 +485,7 @@ samba_user: - traine - public has_rdp: false - password: "W9NKv39pXW" + password: 'W9NKv39pXW' - name: rolf groups: @@ -528,7 +494,7 @@ samba_user: - traine - public has_rdp: true - password: "4xNVNFXgP4" + password: '4xNVNFXgP4' - name: Tresen groups: @@ -540,11 +506,11 @@ samba_user: - traine - public has_rdp: false - password: "maltzwo2" + password: 'maltzwo2' - # --- - # Federico Traine - # --- +# --- +# Federico Traine +# --- - name: andrea groups: @@ -554,7 +520,7 @@ samba_user: - traine - public has_rdp: true - password: "fXc3bmK9gj" + password: 'fXc3bmK9gj' - name: federico groups: @@ -564,7 +530,7 @@ samba_user: - traine - public has_rdp: true - password: "zHfj9g3NcC" + password: 'zHfj9g3NcC' - name: thomas groups: @@ -573,7 +539,7 @@ samba_user: - traine - public has_rdp: true - password: "55-tho-mas-550" + password: '55-tho-mas-550' - name: leonora groups: @@ -582,7 +548,7 @@ samba_user: - traine - public has_rdp: true - password: "20/le-o-nora.26!" + password: '20/le-o-nora.26!' - name: kristin groups: @@ -591,7 +557,7 @@ samba_user: - traine - public has_rdp: true - password: "20.kris_tin-26/" + password: '20.kris_tin-26/' - name: jule groups: @@ -600,7 +566,7 @@ samba_user: - traine - public has_rdp: true - password: "20_ju-le%26!" + password: '20_ju-le%26!' - name: luanda groups: @@ -609,11 +575,11 @@ samba_user: - traine - public has_rdp: false - password: "20-lu.anda+26!" + password: '20-lu.anda+26!' - # --- - # Wiebke Wildvang - # --- +# --- +# Wiebke Wildvang +# --- - name: wiebke groups: @@ -621,7 +587,7 @@ samba_user: - wildvang - public has_rdp: true - password: "uJ5gF/m53p.P" + password: 'uJ5gF/m53p.P' @@ -632,7 +598,7 @@ samba_user: - traine - public has_rdp: false - password: "J3KMRprK9H" + password: 'J3KMRprK9H' - name: beuster groups: @@ -642,7 +608,7 @@ samba_user: - public - alle has_rdp: false - password: "zlm17Kx" + password: 'zlm17Kx' - name: buero groups: @@ -652,7 +618,7 @@ samba_user: - alle - public has_rdp: false - password: "buero" + password: 'buero' - name: buero2 groups: @@ -662,7 +628,7 @@ samba_user: - alle - public has_rdp: false - password: "buero2" + password: 'buero2' - name: buero3 groups: @@ -672,7 +638,7 @@ samba_user: - alle - public has_rdp: false - password: "buero3" + password: 'buero3' - name: buero4 groups: @@ -682,7 +648,7 @@ samba_user: - alle - public has_rdp: false - password: "buero4" + password: 'buero4' - name: buero7 groups: @@ -692,7 +658,7 @@ samba_user: - alle - public has_rdp: false - password: "buero7" + password: 'buero7' - name: christina groups: @@ -702,18 +668,18 @@ samba_user: - traine - public has_rdp: false - password: "qvR7zX4Lhs" + password: 'qvR7zX4Lhs' - # - name: gerhard - # groups: - # - advoware - # - alle - # - aulmann - # - howe - # - stahmann - # - traine - # - public - # password: 'bHdhzWnTj9' +# - name: gerhard +# groups: +# - advoware +# - alle +# - aulmann +# - howe +# - stahmann +# - traine +# - public +# password: 'bHdhzWnTj9' - name: ho-st1 groups: @@ -721,15 +687,15 @@ samba_user: - stahmann - public has_rdp: false - password: "44-Ro-440" + password: '44-Ro-440' - # - name: howe-staff-1 - # groups: - # - advoware - # - alle - # - aulmann - # - howe - # password: '' +# - name: howe-staff-1 +# groups: +# - advoware +# - alle +# - aulmann +# - howe +# password: '' - name: jessica groups: @@ -739,16 +705,16 @@ samba_user: - traine - public has_rdp: false - password: "bV3pjPtjkR" + password: 'bV3pjPtjkR' - # - name: laura - # groups: - # - alle - # - aulmann - # - howe - # - stahmann - # - traine - # password: '99-Hamburg-990' +# - name: laura +# groups: +# - alle +# - aulmann +# - howe +# - stahmann +# - traine +# password: '99-Hamburg-990' - name: lenovo3 groups: @@ -758,7 +724,7 @@ samba_user: - traine - public has_rdp: false - password: "fndvLmrt7W" + password: 'fndvLmrt7W' - name: lenovo4 groups: @@ -768,7 +734,7 @@ samba_user: - traine - public has_rdp: false - password: "tpCMmTKj7H" + password: 'tpCMmTKj7H' - name: lenovo5 groups: @@ -778,7 +744,7 @@ samba_user: - traine - public has_rdp: false - password: "L5Hannover51" + password: 'L5Hannover51' - name: lenovo6 groups: @@ -788,7 +754,7 @@ samba_user: - traine - public has_rdp: false - password: "66koeln66" + password: '66koeln66' base_home: /data/home @@ -805,6 +771,7 @@ remove_samba_users: # - name: evren samba_shares: + - name: a-jur comment: a-jur Dokumente path: /data/samba/a-jur @@ -814,7 +781,7 @@ samba_shares: dir_create_mask: !!str 2775 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: kanzlei @@ -826,7 +793,7 @@ samba_shares: dir_create_mask: !!str 2775 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: install @@ -848,7 +815,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: wildvang @@ -860,32 +827,32 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - # - name: aulmann - # comment: Aulmann auf Fileserver - # path: /data/samba/Aulmann - # group_valid_users: aulmann - # group_write_list: aulmann - # file_create_mask: !!str 660 - # dir_create_mask: !!str 2770 - # vfs_object_virusfilter: true - # vfs_object_recycle: true - # recycle_path: '@Recycle' - # vfs_object_recycle_is_visible: true +# - name: aulmann +# comment: Aulmann auf Fileserver +# path: /data/samba/Aulmann +# group_valid_users: aulmann +# group_write_list: aulmann +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_virusfilter: true +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true - # - name: howe - # comment: Howe auf Fileserver - # path: /data/samba/Howe - # group_valid_users: howe - # group_write_list: howe - # file_create_mask: !!str 660 - # dir_create_mask: !!str 2770 - # vfs_object_virusfilter: true - # vfs_object_recycle: true - # recycle_path: '@Recycle' - # vfs_object_recycle_is_visible: true +# - name: howe +# comment: Howe auf Fileserver +# path: /data/samba/Howe +# group_valid_users: howe +# group_write_list: howe +# file_create_mask: !!str 660 +# dir_create_mask: !!str 2770 +# vfs_object_virusfilter: true +# vfs_object_recycle: true +# recycle_path: '@Recycle' +# vfs_object_recycle_is_visible: true - name: stahmann comment: Stahmann auf Fileserver @@ -896,7 +863,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: traine @@ -908,7 +875,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: public @@ -920,7 +887,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: Advoware-Schriftverkehr @@ -932,7 +899,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: Advoware-Backup @@ -944,7 +911,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: false - name: alle @@ -956,7 +923,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: "@Recycle" + recycle_path: '@Recycle' vfs_object_recycle_is_visible: true # - name: web @@ -970,8 +937,10 @@ samba_shares: # vfs_object_recycle: true # recycle_path: '@Recycle' + # ============================== + # --- # vars used by scripts/reset_root_passwd.yml # --- diff --git a/host_vars/file-km.anw-km.netz.yml b/host_vars/file-km.anw-km.netz.yml index 9eee95a..6cdd031 100644 --- a/host_vars/file-km.anw-km.netz.yml +++ b/host_vars/file-km.anw-km.netz.yml @@ -1,10 +1,8 @@ --- - # --- # vars used by roles/network_interfaces # --- - # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted network_manage_devices: True @@ -19,12 +17,10 @@ network_interface_required_packages: - ifupdown - ifenslave - network_interfaces: - - device: br0 # use only once per device (for the first device entry) - headline: br0 - bridge over device enp97s0 + headline: br0 - bridge over device eno1np0 # auto & allow are only used for the first device entry allow: [] # array of allow-[stanzas] eg. allow-hotplug @@ -53,7 +49,7 @@ network_interfaces: # maxwait: # waitport: bridge: - ports: enp97s0 # for mor devices support a blank separated list + ports: eno1np0 # for mor devices support a blank separated list stp: !!str off fd: 5 hello: 2 @@ -61,38 +57,39 @@ network_interfaces: # inline hook scripts pre-up: - - !!str "ip link set dev enp97s0 up" # pre-up script lines + - !!str "ip link set dev eno1np0 up" # pre-up script lines up: [] #up script lines post-up: [] # post-up script lines (alias for up) pre-down: [] # pre-down script lines (alias for down) down: [] # down script lines post-down: [] # post-down script lines - # --- # vars used by roles/ansible_dependencies # --- - # --- # vars used by roles/ansible_user # --- - # --- # vars used by roles/common/tasks/basic.yml # --- - # --- # vars used by roles/common/tasks/sshd.yml # --- - # --- # vars used by roles/common/tasks/apt.yml # --- +apt_install_extra_pkgs: + - lvm2 + - kpartx + - ntfs-3g + - swtpm + - swtpm-tools # --- # vars used by roles/common/tasks/systemd-resolved.yml @@ -161,15 +158,13 @@ resolved_dnssec: false # dns.as250.net: 194.150.168.168 # resolved_fallback_nameserver: - - 172.16.122.254 - + - 172.16.122.254 # --- # vars used by roles/common/tasks/cron.yml # --- cron_user_special_time_entries: - - name: "Restart DNS Cache service 'systemd-resolved'" special_time: reboot job: "sleep 10 ; /bin/systemctl restart systemd-resolved" @@ -180,12 +175,15 @@ cron_user_special_time_entries: job: "echo 1 > /sys/kernel/mm/ksm/run" insertafter: PATH - cron_user_entries: + - name: "Backup file server / gateway" + minute: "03" + hour: "00" + job: /root/crontab/backup-rborg2/rborg2.sh - name: "Check if SSH service is running. Restart service if needed." - minute: '*/5' - hour: '*' + minute: "*/5" + hour: "*" job: /root/bin/monitoring/check_ssh.sh - name: "Check if postfix mailservice is running. Restart service if needed." @@ -213,22 +211,66 @@ cron_user_entries: hour: "*" job: /root/bin/monitoring/check_ntpsec_service.sh - - # --- # vars used by roles/common/tasks/users.yml # --- +extra_user: + - name: advoware + user_id: 1115 + group_id: 1115 + group: advoware + home: / data/home/advoware + password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22 + shell: /bin/bash + ssh_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" + + - name: a-jur + user_id: 1110 + group_id: 1110 + group: a-jur + home: / data/home/a-jur + password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22 + shell: /bin/bash + ssh_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" + + - name: back + user_id: 1060 + group_id: 1060 + group: back + home: /home/back + password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0 + shell: /bin/bash + ssh_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de" + + - name: borg + user_id: 1065 + group_id: 1065 + group: borg + home: /home/borg + password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 + shell: /bin/bash + ssh_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km" + # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- - # --- # vars used by roles/common/tasks/webadmin-user.yml # --- - # --- # vars used by roles/common/tasks/sudoers.yml # --- @@ -236,20 +278,17 @@ cron_user_entries: # see: roles/common/tasks/vars sudoers_file_user_back_mount_privileges: - - 'ALL=(root) NOPASSWD: /usr/bin/mount' - - 'ALL=(root) NOPASSWD: /usr/bin/umount' - + - "ALL=(root) NOPASSWD: /usr/bin/mount" + - "ALL=(root) NOPASSWD: /usr/bin/umount" # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- - # --- # vars used by roles/common/tasks/git.yml # --- - # --- # vars used by roles/common/tasks/samba-config-server.yml # vars used by roles/common/tasks/samba-user.yml @@ -258,9 +297,9 @@ sudoers_file_user_back_mount_privileges: samba_server_ip: 192.168.122.10 samba_server_cidr_prefix: 24 -samba_workgroup: WORKGROUP +samba_workgroup: ANW-KM -samba_netbios_name: FILE-KM +samba_netbios_name: FILE-KM-01 samba_server_min_protocol: !!str NT1 @@ -269,11 +308,13 @@ samba_groups: group_id: 1100 - name: a-jur group_id: 1110 + - name: advoware + group_id: 1115 - name: intern group_id: 1120 - name: wildvang group_id: 1130 - - name: eibelshaeuser + - name: eibelshaeuser group_id: 1140 - name: stahmann group_id: 1150 @@ -286,15 +327,13 @@ samba_groups: - name: install group_id: 1190 - - samba_user: - name: advoware groups: - advoware has_rdp: false - password: '9WNRbc49m3' + password: "9WNRbc49m3" - name: a-jur groups: @@ -302,7 +341,7 @@ samba_user: - alle - kanzlei has_rdp: false - password: 'a-jur' + password: "a-jur" - name: chris groups: @@ -319,12 +358,12 @@ samba_user: - public has_rdp: true password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30383265366434633965346530666535363761396165393434643665393137353765653739636364 - 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 - 63663763616630383264303039336562626537366634303636356237323630666635356130383165 - 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 - 3430 + $ANSIBLE_VAULT;1.1;AES256 + 30383265366434633965346530666535363761396165393434643665393137353765653739636364 + 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 + 63663763616630383264303039336562626537366634303636356237323630666635356130383165 + 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 + 3430 - name: sysadm groups: @@ -340,7 +379,7 @@ samba_user: - wildvang - public has_rdp: false - password: 'Ax_GSHh5' + password: "Ax_GSHh5" - name: winadm groups: @@ -356,11 +395,11 @@ samba_user: - wildvang - public has_rdp: false - password: 'Ax_GSHh5' + password: "Ax_GSHh5" -# --- -# Andreas Eibelhäuser -# --- + # --- + # Andreas Eibelhäuser + # --- - name: andreas groups: @@ -369,7 +408,7 @@ samba_user: - eibelshaeuser - public has_rdp: true - password: 'YKQRa.M9-6rL' + password: "YKQRa.M9-6rL" - name: philipp groups: @@ -378,7 +417,7 @@ samba_user: - eibelshaeuser - public has_rdp: true - password: '20-phi.lip.26%' + password: "20-phi.lip.26%" - name: ref.eibelshaeuser groups: @@ -387,11 +426,11 @@ samba_user: - eibelshaeuser - public has_rdp: true - password: '20-ref-eibels.haeuser.26+' + password: "20-ref-eibels.haeuser.26+" -# --- -# Berenice Böhlo -# --- + # --- + # Berenice Böhlo + # --- - name: berenice groups: @@ -401,7 +440,7 @@ samba_user: - alle - public has_rdp: true - password: 'berenice' + password: "berenice" - name: annabel groups: @@ -411,7 +450,7 @@ samba_user: - alle - public has_rdp: true - password: '20+an-na.bel/26!' + password: "20+an-na.bel/26!" - name: jens-uwe groups: @@ -421,7 +460,7 @@ samba_user: - alle - public has_rdp: false - password: '20_jens-uwe.thomas.26!' + password: "20_jens-uwe.thomas.26!" - name: mariami groups: @@ -431,7 +470,7 @@ samba_user: - alle - public has_rdp: false - password: '20.ma-ri-ami/26!' + password: "20.ma-ri-ami/26!" - name: nina groups: @@ -441,7 +480,7 @@ samba_user: - alle - public has_rdp: true - password: '20-ni.ha-ger%26%' + password: "20-ni.ha-ger%26%" - name: zeina groups: @@ -451,7 +490,7 @@ samba_user: - alle - public has_rdp: true - password: '20/ze.ina-26+' + password: "20/ze.ina-26+" - name: rm-buero1 groups: @@ -473,9 +512,9 @@ samba_user: has_rdp: false password: '20_rmbuero.2-26%' -# --- -# Rolf Stahmann -# --- + # --- + # Rolf Stahmann + # --- - name: irina groups: @@ -485,7 +524,7 @@ samba_user: - traine - public has_rdp: false - password: 'W9NKv39pXW' + password: "W9NKv39pXW" - name: rolf groups: @@ -494,7 +533,7 @@ samba_user: - traine - public has_rdp: true - password: '4xNVNFXgP4' + password: "4xNVNFXgP4" - name: Tresen groups: @@ -506,11 +545,11 @@ samba_user: - traine - public has_rdp: false - password: 'maltzwo2' + password: "maltzwo2" -# --- -# Federico Traine -# --- + # --- + # Federico Traine + # --- - name: andrea groups: @@ -520,7 +559,7 @@ samba_user: - traine - public has_rdp: true - password: 'fXc3bmK9gj' + password: "fXc3bmK9gj" - name: federico groups: @@ -530,7 +569,7 @@ samba_user: - traine - public has_rdp: true - password: 'zHfj9g3NcC' + password: "zHfj9g3NcC" - name: thomas groups: @@ -539,7 +578,7 @@ samba_user: - traine - public has_rdp: true - password: '55-tho-mas-550' + password: "55-tho-mas-550" - name: leonora groups: @@ -548,7 +587,7 @@ samba_user: - traine - public has_rdp: true - password: '20/le-o-nora.26!' + password: "20/le-o-nora.26!" - name: kristin groups: @@ -557,7 +596,7 @@ samba_user: - traine - public has_rdp: true - password: '20.kris_tin-26/' + password: "20.kris_tin-26/" - name: jule groups: @@ -566,7 +605,7 @@ samba_user: - traine - public has_rdp: true - password: '20_ju-le%26!' + password: "20_ju-le%26!" - name: luanda groups: @@ -575,11 +614,11 @@ samba_user: - traine - public has_rdp: false - password: '20-lu.anda+26!' + password: "20-lu.anda+26!" -# --- -# Wiebke Wildvang -# --- + # --- + # Wiebke Wildvang + # --- - name: wiebke groups: @@ -587,7 +626,7 @@ samba_user: - wildvang - public has_rdp: true - password: 'uJ5gF/m53p.P' + password: "uJ5gF/m53p.P" @@ -598,7 +637,7 @@ samba_user: - traine - public has_rdp: false - password: 'J3KMRprK9H' + password: "J3KMRprK9H" - name: beuster groups: @@ -608,7 +647,7 @@ samba_user: - public - alle has_rdp: false - password: 'zlm17Kx' + password: "zlm17Kx" - name: buero groups: @@ -618,7 +657,7 @@ samba_user: - alle - public has_rdp: false - password: 'buero' + password: "buero" - name: buero2 groups: @@ -628,7 +667,7 @@ samba_user: - alle - public has_rdp: false - password: 'buero2' + password: "buero2" - name: buero3 groups: @@ -638,7 +677,7 @@ samba_user: - alle - public has_rdp: false - password: 'buero3' + password: "buero3" - name: buero4 groups: @@ -648,7 +687,7 @@ samba_user: - alle - public has_rdp: false - password: 'buero4' + password: "buero4" - name: buero7 groups: @@ -658,7 +697,7 @@ samba_user: - alle - public has_rdp: false - password: 'buero7' + password: "buero7" - name: christina groups: @@ -668,18 +707,18 @@ samba_user: - traine - public has_rdp: false - password: 'qvR7zX4Lhs' + password: "qvR7zX4Lhs" -# - name: gerhard -# groups: -# - advoware -# - alle -# - aulmann -# - howe -# - stahmann -# - traine -# - public -# password: 'bHdhzWnTj9' + # - name: gerhard + # groups: + # - advoware + # - alle + # - aulmann + # - howe + # - stahmann + # - traine + # - public + # password: 'bHdhzWnTj9' - name: ho-st1 groups: @@ -687,15 +726,15 @@ samba_user: - stahmann - public has_rdp: false - password: '44-Ro-440' + password: "44-Ro-440" -# - name: howe-staff-1 -# groups: -# - advoware -# - alle -# - aulmann -# - howe -# password: '' + # - name: howe-staff-1 + # groups: + # - advoware + # - alle + # - aulmann + # - howe + # password: '' - name: jessica groups: @@ -705,16 +744,16 @@ samba_user: - traine - public has_rdp: false - password: 'bV3pjPtjkR' + password: "bV3pjPtjkR" -# - name: laura -# groups: -# - alle -# - aulmann -# - howe -# - stahmann -# - traine -# password: '99-Hamburg-990' + # - name: laura + # groups: + # - alle + # - aulmann + # - howe + # - stahmann + # - traine + # password: '99-Hamburg-990' - name: lenovo3 groups: @@ -724,7 +763,7 @@ samba_user: - traine - public has_rdp: false - password: 'fndvLmrt7W' + password: "fndvLmrt7W" - name: lenovo4 groups: @@ -734,7 +773,7 @@ samba_user: - traine - public has_rdp: false - password: 'tpCMmTKj7H' + password: "tpCMmTKj7H" - name: lenovo5 groups: @@ -744,7 +783,7 @@ samba_user: - traine - public has_rdp: false - password: 'L5Hannover51' + password: "L5Hannover51" - name: lenovo6 groups: @@ -754,7 +793,7 @@ samba_user: - traine - public has_rdp: false - password: '66koeln66' + password: "66koeln66" base_home: /data/home @@ -771,7 +810,6 @@ remove_samba_users: # - name: evren samba_shares: - - name: a-jur comment: a-jur Dokumente path: /data/samba/a-jur @@ -781,7 +819,7 @@ samba_shares: dir_create_mask: !!str 2775 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: kanzlei @@ -793,7 +831,7 @@ samba_shares: dir_create_mask: !!str 2775 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: install @@ -815,7 +853,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: wildvang @@ -827,32 +865,32 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true -# - name: aulmann -# comment: Aulmann auf Fileserver -# path: /data/samba/Aulmann -# group_valid_users: aulmann -# group_write_list: aulmann -# file_create_mask: !!str 660 -# dir_create_mask: !!str 2770 -# vfs_object_virusfilter: true -# vfs_object_recycle: true -# recycle_path: '@Recycle' -# vfs_object_recycle_is_visible: true + # - name: aulmann + # comment: Aulmann auf Fileserver + # path: /data/samba/Aulmann + # group_valid_users: aulmann + # group_write_list: aulmann + # file_create_mask: !!str 660 + # dir_create_mask: !!str 2770 + # vfs_object_virusfilter: true + # vfs_object_recycle: true + # recycle_path: '@Recycle' + # vfs_object_recycle_is_visible: true -# - name: howe -# comment: Howe auf Fileserver -# path: /data/samba/Howe -# group_valid_users: howe -# group_write_list: howe -# file_create_mask: !!str 660 -# dir_create_mask: !!str 2770 -# vfs_object_virusfilter: true -# vfs_object_recycle: true -# recycle_path: '@Recycle' -# vfs_object_recycle_is_visible: true + # - name: howe + # comment: Howe auf Fileserver + # path: /data/samba/Howe + # group_valid_users: howe + # group_write_list: howe + # file_create_mask: !!str 660 + # dir_create_mask: !!str 2770 + # vfs_object_virusfilter: true + # vfs_object_recycle: true + # recycle_path: '@Recycle' + # vfs_object_recycle_is_visible: true - name: stahmann comment: Stahmann auf Fileserver @@ -863,7 +901,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: traine @@ -875,7 +913,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: public @@ -887,7 +925,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: Advoware-Schriftverkehr @@ -899,7 +937,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true - name: Advoware-Backup @@ -911,7 +949,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: false - name: alle @@ -923,7 +961,7 @@ samba_shares: dir_create_mask: !!str 2770 vfs_object_virusfilter: true vfs_object_recycle: true - recycle_path: '@Recycle' + recycle_path: "@Recycle" vfs_object_recycle_is_visible: true # - name: web @@ -937,10 +975,8 @@ samba_shares: # vfs_object_recycle: true # recycle_path: '@Recycle' - # ============================== - # --- # vars used by scripts/reset_root_passwd.yml # --- diff --git a/hosts b/hosts index 2b1392d..ff8ffd4 100644 --- a/hosts +++ b/hosts @@ -77,6 +77,7 @@ file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz file-km.anw-km.netz +file-km-alt.anw-km.netz file-km-neu.anw-km.netz file-kb.anw-kb.netz file-blkr.blkr.netz @@ -567,6 +568,7 @@ gw-irights.oopen.de # - Kanzlei Berenice gw-km.oopen.de file-km.anw-km.netz +file-km-alt.anw-km.netz file-km-neu.anw-km.netz file-kb.anw-kb.netz @@ -1450,6 +1452,7 @@ file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz file-km.anw-km.netz +file-km-alt.anw-km.netz file-km-neu.anw-km.netz file-kb.anw-kb.netz file-blkr.blkr.netz @@ -1586,6 +1589,7 @@ file-ah.kanzlei-kiel.netz file-ah-neu.kanzlei-kiel.netz file-ah-alt.kanzlei-kiel.netz file-km.anw-km.netz +file-km-alt.anw-km.netz file-km-neu.anw-km.netz file-kb.anw-kb.netz file-blkr.blkr.netz @@ -1758,6 +1762,7 @@ file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz file-km.anw-km.netz +file-km-alt.anw-km.netz file-km-neu.anw-km.netz file-kb.anw-kb.netz file-blkr.blkr.netz @@ -2010,6 +2015,7 @@ file-ebs.ebs.netz file-fm.fm.netz file-fhxb.fhxb.netz file-km.anw-km.netz +file-km-alt.anw-km.netz file-km-neu.anw-km.netz file-kb.anw-kb.netz file-blkr.blkr.netz diff --git a/roles/common/templates/etc/samba/smb.conf.j2 b/roles/common/templates/etc/samba/smb.conf.j2 index 1865a5c..6b4210f 100644 --- a/roles/common/templates/etc/samba/smb.conf.j2 +++ b/roles/common/templates/etc/samba/smb.conf.j2 @@ -342,7 +342,9 @@ virusfilter:cache entry limit = 1000 virusfilter:cache time limit = 60 - virusfilter:max file size = 26214400 + #virusfilter:max file size = 52428800 # 50 MB max + #virusfilter:max file size = 26214400 # 25 MB max + virusfilter:max file size = 15728640 # 15 MB max virusfilter:min file size = 10 virusfilter:scan on open = yes @@ -522,7 +524,8 @@ # Dateigröße: Was wird gescannt? #virusfilter:max file size = 52428800 # 50 MB max - virusfilter:max file size = 26214400 # 25 MB max + #virusfilter:max file size = 26214400 # 25 MB max + virusfilter:max file size = 15728640 # 15 MB max virusfilter:min file size = 10 # unter 10 Byte ignorieren # Scan-Zeitpunkt: nur beim Öffnen, nicht beim Schließen