ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add new host entry and update Samba configuration

Browse Source 
- Added 'file-km-alt.anw-km.netz' to the hosts file in multiple locations.
- Updated Samba configuration to change the maximum file size for virus filtering from 25 MB to 15 MB, with commented-out options for 50 MB and 25 MB.
- Created a new host variable file for 'file-km-alt.anw-km.netz' with detailed network interface and Samba share configurations, including user definitions and permissions.
This commit is contained in:
Christoph
2026-06-19 11:49:11 +02:00
parent 84d5a653c5
commit f309e8cb1c
4 changed files with 352 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files
host_vars/file-km-neu.anw-km.netz.yml → host_vars/file-km-alt.anw-km.netz.yml
+84 -115
View File
@@ -1,8 +1,10 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
@@ -17,10 +19,12 @@ network_interface_required_packages:
- ifupdown
- ifenslave
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device eno1np0
headline: br0 - bridge over device enp97s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@@ -29,7 +33,7 @@ network_interfaces:
family: inet
method: static
description:
address: 192.168.122.210
address: 192.168.122.215
netmask: 24
gateway: 192.168.122.254
@@ -49,7 +53,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: eno1np0 # for mor devices support a blank separated list
ports: enp97s0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
@@ -57,39 +61,38 @@ network_interfaces:
# inline hook scripts
pre-up:
- !!str "ip link set dev eno1np0 up" # pre-up script lines
- !!str "ip link set dev enp97s0 up" # pre-up script lines
up: [] #up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_extra_pkgs:
- lvm2
- kpartx
- ntfs-3g
- swtpm
- swtpm-tools
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
@@ -160,11 +163,13 @@ resolved_dnssec: false
resolved_fallback_nameserver:
- 172.16.122.254
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
@@ -175,10 +180,12 @@ cron_user_special_time_entries:
job: "echo 1 > /sys/kernel/mm/ksm/run"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: "*/5"
hour: "*"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
@@ -206,66 +213,22 @@ cron_user_entries:
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
extra_user:
- name: advoware
user_id: 1115
group_id: 1115
group: advoware
home: / data/home/advoware
password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- name: a-jur
user_id: 1110
group_id: 1110
group: a-jur
home: / data/home/a-jur
password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- name: back
user_id: 1060
group_id: 1060
group: back
home: /home/back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de"
- name: borg
user_id: 1065
group_id: 1065
group: borg
home: /home/borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km"
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
@@ -273,28 +236,31 @@ extra_user:
# see: roles/common/tasks/vars
sudoers_file_user_back_mount_privileges:
- "ALL=(root) NOPASSWD: /usr/bin/mount"
- "ALL=(root) NOPASSWD: /usr/bin/umount"
- 'ALL=(root) NOPASSWD: /usr/bin/mount'
- 'ALL=(root) NOPASSWD: /usr/bin/umount'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.122.210
samba_server_ip: 192.168.122.215
samba_server_cidr_prefix: 24
samba_workgroup: ANW-KM
samba_workgroup: WORKGROUP
samba_netbios_name: FILE-KM-01
samba_netbios_name: FILE-KM-ALT
samba_server_min_protocol: !!str NT1
@@ -303,8 +269,6 @@ samba_groups:
group_id: 1100
- name: a-jur
group_id: 1110
- name: advoware
group_id: 1115
- name: intern
group_id: 1120
- name: wildvang
@@ -322,13 +286,15 @@ samba_groups:
- name: install
group_id: 1190
samba_user:
- name: advoware
groups:
- advoware
has_rdp: false
password: "9WNRbc49m3"
password: '9WNRbc49m3'
- name: a-jur
groups:
@@ -336,7 +302,7 @@ samba_user:
- alle
- kanzlei
has_rdp: false
password: "a-jur"
password: 'a-jur'
- name: chris
groups:
@@ -374,7 +340,7 @@ samba_user:
- wildvang
- public
has_rdp: false
password: "Ax_GSHh5"
password: 'Ax_GSHh5'
- name: winadm
groups:
@@ -390,7 +356,7 @@ samba_user:
- wildvang
- public
has_rdp: false
password: "Ax_GSHh5"
password: 'Ax_GSHh5'
# ---
# Andreas Eibelhäuser
@@ -403,7 +369,7 @@ samba_user:
- eibelshaeuser
- public
has_rdp: true
password: "YKQRa.M9-6rL"
password: 'YKQRa.M9-6rL'
- name: philipp
groups:
@@ -412,7 +378,7 @@ samba_user:
- eibelshaeuser
- public
has_rdp: true
password: "20-phi.lip.26%"
password: '20-phi.lip.26%'
- name: ref.eibelshaeuser
groups:
@@ -421,7 +387,7 @@ samba_user:
- eibelshaeuser
- public
has_rdp: true
password: "20-ref-eibels.haeuser.26+"
password: '20-ref-eibels.haeuser.26+'
# ---
# Berenice Böhlo
@@ -435,7 +401,7 @@ samba_user:
- alle
- public
has_rdp: true
password: "berenice"
password: 'berenice'
- name: annabel
groups:
@@ -445,7 +411,7 @@ samba_user:
- alle
- public
has_rdp: true
password: "20+an-na.bel/26!"
password: '20+an-na.bel/26!'
- name: jens-uwe
groups:
@@ -455,7 +421,7 @@ samba_user:
- alle
- public
has_rdp: false
password: "20_jens-uwe.thomas.26!"
password: '20_jens-uwe.thomas.26!'
- name: mariami
groups:
@@ -465,7 +431,7 @@ samba_user:
- alle
- public
has_rdp: false
password: "20.ma-ri-ami/26!"
password: '20.ma-ri-ami/26!'
- name: nina
groups:
@@ -475,7 +441,7 @@ samba_user:
- alle
- public
has_rdp: true
password: "20-ni.ha-ger%26%"
password: '20-ni.ha-ger%26%'
- name: zeina
groups:
@@ -485,7 +451,7 @@ samba_user:
- alle
- public
has_rdp: true
password: "20/ze.ina-26+"
password: '20/ze.ina-26+'
- name: rm-buero1
groups:
@@ -519,7 +485,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "W9NKv39pXW"
password: 'W9NKv39pXW'
- name: rolf
groups:
@@ -528,7 +494,7 @@ samba_user:
- traine
- public
has_rdp: true
password: "4xNVNFXgP4"
password: '4xNVNFXgP4'
- name: Tresen
groups:
@@ -540,7 +506,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "maltzwo2"
password: 'maltzwo2'
# ---
# Federico Traine
@@ -554,7 +520,7 @@ samba_user:
- traine
- public
has_rdp: true
password: "fXc3bmK9gj"
password: 'fXc3bmK9gj'
- name: federico
groups:
@@ -564,7 +530,7 @@ samba_user:
- traine
- public
has_rdp: true
password: "zHfj9g3NcC"
password: 'zHfj9g3NcC'
- name: thomas
groups:
@@ -573,7 +539,7 @@ samba_user:
- traine
- public
has_rdp: true
password: "55-tho-mas-550"
password: '55-tho-mas-550'
- name: leonora
groups:
@@ -582,7 +548,7 @@ samba_user:
- traine
- public
has_rdp: true
password: "20/le-o-nora.26!"
password: '20/le-o-nora.26!'
- name: kristin
groups:
@@ -591,7 +557,7 @@ samba_user:
- traine
- public
has_rdp: true
password: "20.kris_tin-26/"
password: '20.kris_tin-26/'
- name: jule
groups:
@@ -600,7 +566,7 @@ samba_user:
- traine
- public
has_rdp: true
password: "20_ju-le%26!"
password: '20_ju-le%26!'
- name: luanda
groups:
@@ -609,7 +575,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "20-lu.anda+26!"
password: '20-lu.anda+26!'
# ---
# Wiebke Wildvang
@@ -621,7 +587,7 @@ samba_user:
- wildvang
- public
has_rdp: true
password: "uJ5gF/m53p.P"
password: 'uJ5gF/m53p.P'
@@ -632,7 +598,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "J3KMRprK9H"
password: 'J3KMRprK9H'
- name: beuster
groups:
@@ -642,7 +608,7 @@ samba_user:
- public
- alle
has_rdp: false
password: "zlm17Kx"
password: 'zlm17Kx'
- name: buero
groups:
@@ -652,7 +618,7 @@ samba_user:
- alle
- public
has_rdp: false
password: "buero"
password: 'buero'
- name: buero2
groups:
@@ -662,7 +628,7 @@ samba_user:
- alle
- public
has_rdp: false
password: "buero2"
password: 'buero2'
- name: buero3
groups:
@@ -672,7 +638,7 @@ samba_user:
- alle
- public
has_rdp: false
password: "buero3"
password: 'buero3'
- name: buero4
groups:
@@ -682,7 +648,7 @@ samba_user:
- alle
- public
has_rdp: false
password: "buero4"
password: 'buero4'
- name: buero7
groups:
@@ -692,7 +658,7 @@ samba_user:
- alle
- public
has_rdp: false
password: "buero7"
password: 'buero7'
- name: christina
groups:
@@ -702,7 +668,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "qvR7zX4Lhs"
password: 'qvR7zX4Lhs'
# - name: gerhard
# groups:
@@ -721,7 +687,7 @@ samba_user:
- stahmann
- public
has_rdp: false
password: "44-Ro-440"
password: '44-Ro-440'
# - name: howe-staff-1
# groups:
@@ -739,7 +705,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "bV3pjPtjkR"
password: 'bV3pjPtjkR'
# - name: laura
# groups:
@@ -758,7 +724,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "fndvLmrt7W"
password: 'fndvLmrt7W'
- name: lenovo4
groups:
@@ -768,7 +734,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "tpCMmTKj7H"
password: 'tpCMmTKj7H'
- name: lenovo5
groups:
@@ -778,7 +744,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "L5Hannover51"
password: 'L5Hannover51'
- name: lenovo6
groups:
@@ -788,7 +754,7 @@ samba_user:
- traine
- public
has_rdp: false
password: "66koeln66"
password: '66koeln66'
base_home: /data/home
@@ -805,6 +771,7 @@ remove_samba_users:
# - name: evren
samba_shares:
- name: a-jur
comment: a-jur Dokumente
path: /data/samba/a-jur
@@ -814,7 +781,7 @@ samba_shares:
dir_create_mask: !!str 2775
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: kanzlei
@@ -826,7 +793,7 @@ samba_shares:
dir_create_mask: !!str 2775
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: install
@@ -848,7 +815,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: wildvang
@@ -860,7 +827,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
# - name: aulmann
@@ -896,7 +863,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: traine
@@ -908,7 +875,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: public
@@ -920,7 +887,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: Advoware-Schriftverkehr
@@ -932,7 +899,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: Advoware-Backup
@@ -944,7 +911,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: false
- name: alle
@@ -956,7 +923,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: "@Recycle"
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
# - name: web
@@ -970,8 +937,10 @@ samba_shares:
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
host_vars/file-km.anw-km.netz.yml
+117 -81
View File
@@ -1,10 +1,8 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
@@ -19,12 +17,10 @@ network_interface_required_packages:
- ifupdown
- ifenslave
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp97s0
headline: br0 - bridge over device eno1np0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@@ -53,7 +49,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: enp97s0 # for mor devices support a blank separated list
ports: eno1np0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
@@ -61,38 +57,39 @@ network_interfaces:
# inline hook scripts
pre-up:
- !!str "ip link set dev enp97s0 up" # pre-up script lines
- !!str "ip link set dev eno1np0 up" # pre-up script lines
up: [] #up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_extra_pkgs:
- lvm2
- kpartx
- ntfs-3g
- swtpm
- swtpm-tools
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
@@ -163,13 +160,11 @@ resolved_dnssec: false
resolved_fallback_nameserver:
- 172.16.122.254
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
@@ -180,12 +175,15 @@ cron_user_special_time_entries:
job: "echo 1 > /sys/kernel/mm/ksm/run"
insertafter: PATH
cron_user_entries:
- name: "Backup file server / gateway"
minute: "03"
hour: "00"
job: /root/crontab/backup-rborg2/rborg2.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
@@ -213,22 +211,66 @@ cron_user_entries:
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
extra_user:
- name: advoware
user_id: 1115
group_id: 1115
group: advoware
home: / data/home/advoware
password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- name: a-jur
user_id: 1110
group_id: 1110
group: a-jur
home: / data/home/a-jur
password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- name: back
user_id: 1060
group_id: 1060
group: back
home: /home/back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de"
- name: borg
user_id: 1065
group_id: 1065
group: borg
home: /home/borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km"
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
@@ -236,20 +278,17 @@ cron_user_entries:
# see: roles/common/tasks/vars
sudoers_file_user_back_mount_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/mount'
- 'ALL=(root) NOPASSWD: /usr/bin/umount'
- "ALL=(root) NOPASSWD: /usr/bin/mount"
- "ALL=(root) NOPASSWD: /usr/bin/umount"
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
@@ -258,9 +297,9 @@ sudoers_file_user_back_mount_privileges:
samba_server_ip: 192.168.122.10
samba_server_cidr_prefix: 24
samba_workgroup: WORKGROUP
samba_workgroup: ANW-KM
samba_netbios_name: FILE-KM
samba_netbios_name: FILE-KM-01
samba_server_min_protocol: !!str NT1
@@ -269,6 +308,8 @@ samba_groups:
group_id: 1100
- name: a-jur
group_id: 1110
- name: advoware
group_id: 1115
- name: intern
group_id: 1120
- name: wildvang
@@ -286,15 +327,13 @@ samba_groups:
- name: install
group_id: 1190
samba_user:
- name: advoware
groups:
- advoware
has_rdp: false
password: '9WNRbc49m3'
password: "9WNRbc49m3"
- name: a-jur
groups:
@@ -302,7 +341,7 @@ samba_user:
- alle
- kanzlei
has_rdp: false
password: 'a-jur'
password: "a-jur"
- name: chris
groups:
@@ -340,7 +379,7 @@ samba_user:
- wildvang
- public
has_rdp: false
password: 'Ax_GSHh5'
password: "Ax_GSHh5"
- name: winadm
groups:
@@ -356,7 +395,7 @@ samba_user:
- wildvang
- public
has_rdp: false
password: 'Ax_GSHh5'
password: "Ax_GSHh5"
# ---
# Andreas Eibelhäuser
@@ -369,7 +408,7 @@ samba_user:
- eibelshaeuser
- public
has_rdp: true
password: 'YKQRa.M9-6rL'
password: "YKQRa.M9-6rL"
- name: philipp
groups:
@@ -378,7 +417,7 @@ samba_user:
- eibelshaeuser
- public
has_rdp: true
password: '20-phi.lip.26%'
password: "20-phi.lip.26%"
- name: ref.eibelshaeuser
groups:
@@ -387,7 +426,7 @@ samba_user:
- eibelshaeuser
- public
has_rdp: true
password: '20-ref-eibels.haeuser.26+'
password: "20-ref-eibels.haeuser.26+"
# ---
# Berenice Böhlo
@@ -401,7 +440,7 @@ samba_user:
- alle
- public
has_rdp: true
password: 'berenice'
password: "berenice"
- name: annabel
groups:
@@ -411,7 +450,7 @@ samba_user:
- alle
- public
has_rdp: true
password: '20+an-na.bel/26!'
password: "20+an-na.bel/26!"
- name: jens-uwe
groups:
@@ -421,7 +460,7 @@ samba_user:
- alle
- public
has_rdp: false
password: '20_jens-uwe.thomas.26!'
password: "20_jens-uwe.thomas.26!"
- name: mariami
groups:
@@ -431,7 +470,7 @@ samba_user:
- alle
- public
has_rdp: false
password: '20.ma-ri-ami/26!'
password: "20.ma-ri-ami/26!"
- name: nina
groups:
@@ -441,7 +480,7 @@ samba_user:
- alle
- public
has_rdp: true
password: '20-ni.ha-ger%26%'
password: "20-ni.ha-ger%26%"
- name: zeina
groups:
@@ -451,7 +490,7 @@ samba_user:
- alle
- public
has_rdp: true
password: '20/ze.ina-26+'
password: "20/ze.ina-26+"
- name: rm-buero1
groups:
@@ -485,7 +524,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'W9NKv39pXW'
password: "W9NKv39pXW"
- name: rolf
groups:
@@ -494,7 +533,7 @@ samba_user:
- traine
- public
has_rdp: true
password: '4xNVNFXgP4'
password: "4xNVNFXgP4"
- name: Tresen
groups:
@@ -506,7 +545,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'maltzwo2'
password: "maltzwo2"
# ---
# Federico Traine
@@ -520,7 +559,7 @@ samba_user:
- traine
- public
has_rdp: true
password: 'fXc3bmK9gj'
password: "fXc3bmK9gj"
- name: federico
groups:
@@ -530,7 +569,7 @@ samba_user:
- traine
- public
has_rdp: true
password: 'zHfj9g3NcC'
password: "zHfj9g3NcC"
- name: thomas
groups:
@@ -539,7 +578,7 @@ samba_user:
- traine
- public
has_rdp: true
password: '55-tho-mas-550'
password: "55-tho-mas-550"
- name: leonora
groups:
@@ -548,7 +587,7 @@ samba_user:
- traine
- public
has_rdp: true
password: '20/le-o-nora.26!'
password: "20/le-o-nora.26!"
- name: kristin
groups:
@@ -557,7 +596,7 @@ samba_user:
- traine
- public
has_rdp: true
password: '20.kris_tin-26/'
password: "20.kris_tin-26/"
- name: jule
groups:
@@ -566,7 +605,7 @@ samba_user:
- traine
- public
has_rdp: true
password: '20_ju-le%26!'
password: "20_ju-le%26!"
- name: luanda
groups:
@@ -575,7 +614,7 @@ samba_user:
- traine
- public
has_rdp: false
password: '20-lu.anda+26!'
password: "20-lu.anda+26!"
# ---
# Wiebke Wildvang
@@ -587,7 +626,7 @@ samba_user:
- wildvang
- public
has_rdp: true
password: 'uJ5gF/m53p.P'
password: "uJ5gF/m53p.P"
@@ -598,7 +637,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'J3KMRprK9H'
password: "J3KMRprK9H"
- name: beuster
groups:
@@ -608,7 +647,7 @@ samba_user:
- public
- alle
has_rdp: false
password: 'zlm17Kx'
password: "zlm17Kx"
- name: buero
groups:
@@ -618,7 +657,7 @@ samba_user:
- alle
- public
has_rdp: false
password: 'buero'
password: "buero"
- name: buero2
groups:
@@ -628,7 +667,7 @@ samba_user:
- alle
- public
has_rdp: false
password: 'buero2'
password: "buero2"
- name: buero3
groups:
@@ -638,7 +677,7 @@ samba_user:
- alle
- public
has_rdp: false
password: 'buero3'
password: "buero3"
- name: buero4
groups:
@@ -648,7 +687,7 @@ samba_user:
- alle
- public
has_rdp: false
password: 'buero4'
password: "buero4"
- name: buero7
groups:
@@ -658,7 +697,7 @@ samba_user:
- alle
- public
has_rdp: false
password: 'buero7'
password: "buero7"
- name: christina
groups:
@@ -668,7 +707,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'qvR7zX4Lhs'
password: "qvR7zX4Lhs"
# - name: gerhard
# groups:
@@ -687,7 +726,7 @@ samba_user:
- stahmann
- public
has_rdp: false
password: '44-Ro-440'
password: "44-Ro-440"
# - name: howe-staff-1
# groups:
@@ -705,7 +744,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'bV3pjPtjkR'
password: "bV3pjPtjkR"
# - name: laura
# groups:
@@ -724,7 +763,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'fndvLmrt7W'
password: "fndvLmrt7W"
- name: lenovo4
groups:
@@ -734,7 +773,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'tpCMmTKj7H'
password: "tpCMmTKj7H"
- name: lenovo5
groups:
@@ -744,7 +783,7 @@ samba_user:
- traine
- public
has_rdp: false
password: 'L5Hannover51'
password: "L5Hannover51"
- name: lenovo6
groups:
@@ -754,7 +793,7 @@ samba_user:
- traine
- public
has_rdp: false
password: '66koeln66'
password: "66koeln66"
base_home: /data/home
@@ -771,7 +810,6 @@ remove_samba_users:
# - name: evren
samba_shares:
- name: a-jur
comment: a-jur Dokumente
path: /data/samba/a-jur
@@ -781,7 +819,7 @@ samba_shares:
dir_create_mask: !!str 2775
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
- name: kanzlei
@@ -793,7 +831,7 @@ samba_shares:
dir_create_mask: !!str 2775
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
- name: install
@@ -815,7 +853,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
- name: wildvang
@@ -827,7 +865,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
# - name: aulmann
@@ -863,7 +901,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
- name: traine
@@ -875,7 +913,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
- name: public
@@ -887,7 +925,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
- name: Advoware-Schriftverkehr
@@ -899,7 +937,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
- name: Advoware-Backup
@@ -911,7 +949,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: false
- name: alle
@@ -923,7 +961,7 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_virusfilter: true
vfs_object_recycle: true
recycle_path: '@Recycle'
recycle_path: "@Recycle"
vfs_object_recycle_is_visible: true
# - name: web
@@ -937,10 +975,8 @@ samba_shares:
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
hosts
+6
View File
@@ -77,6 +77,7 @@ file-ebs.ebs.netz
file-fm.fm.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-km-alt.anw-km.netz
file-km-neu.anw-km.netz
file-kb.anw-kb.netz
file-blkr.blkr.netz
@@ -567,6 +568,7 @@ gw-irights.oopen.de
# - Kanzlei Berenice
gw-km.oopen.de
file-km.anw-km.netz
file-km-alt.anw-km.netz
file-km-neu.anw-km.netz
file-kb.anw-kb.netz
@@ -1450,6 +1452,7 @@ file-ebs.ebs.netz
file-fm.fm.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-km-alt.anw-km.netz
file-km-neu.anw-km.netz
file-kb.anw-kb.netz
file-blkr.blkr.netz
@@ -1586,6 +1589,7 @@ file-ah.kanzlei-kiel.netz
file-ah-neu.kanzlei-kiel.netz
file-ah-alt.kanzlei-kiel.netz
file-km.anw-km.netz
file-km-alt.anw-km.netz
file-km-neu.anw-km.netz
file-kb.anw-kb.netz
file-blkr.blkr.netz
@@ -1758,6 +1762,7 @@ file-ebs.ebs.netz
file-fm.fm.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-km-alt.anw-km.netz
file-km-neu.anw-km.netz
file-kb.anw-kb.netz
file-blkr.blkr.netz
@@ -2010,6 +2015,7 @@ file-ebs.ebs.netz
file-fm.fm.netz
file-fhxb.fhxb.netz
file-km.anw-km.netz
file-km-alt.anw-km.netz
file-km-neu.anw-km.netz
file-kb.anw-kb.netz
file-blkr.blkr.netz
roles/common/templates/etc/samba/smb.conf.j2
+5 -2
View File
@@ -342,7 +342,9 @@
virusfilter:cache entry limit = 1000
virusfilter:cache time limit = 60
virusfilter:max file size = 26214400
#virusfilter:max file size = 52428800 # 50 MB max
#virusfilter:max file size = 26214400 # 25 MB max
virusfilter:max file size = 15728640 # 15 MB max
virusfilter:min file size = 10
virusfilter:scan on open = yes
@@ -522,7 +524,8 @@
# Dateigröße: Was wird gescannt?
#virusfilter:max file size = 52428800 # 50 MB max
virusfilter:max file size = 26214400 # 25 MB max
#virusfilter:max file size = 26214400 # 25 MB max
virusfilter:max file size = 15728640 # 15 MB max
virusfilter:min file size = 10 # unter 10 Byte ignorieren
# Scan-Zeitpunkt: nur beim Öffnen, nicht beim Schließen