Add new host entry and update Samba configuration

- Added 'file-km-alt.anw-km.netz' to the hosts file in multiple locations. - Updated Samba configuration to change the maximum file size for virus filtering from 25 MB to 15 MB, with commented-out options for 50 MB and 25 MB. - Created a new host variable file for 'file-km-alt.anw-km.netz' with detailed network interface and Samba share configurations, including user definitions and permissions.
2026-06-19 11:49:11 +02:00
parent 84d5a653c5
commit f309e8cb1c
4 changed files with 352 additions and 338 deletions
@@ -1,8 +1,10 @@
 ---
+
 # ---
 # vars used by roles/network_interfaces
 # ---

+
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True

@@ -17,10 +19,12 @@ network_interface_required_packages:
  - ifupdown
  - ifenslave

+
 network_interfaces:
+
  - device: br0
    # use only once per device (for the first device entry)
-    headline: br0 - bridge over device eno1np0
+    headline: br0 - bridge over device enp97s0

    # auto & allow are only used for the first device entry
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
@@ -29,7 +33,7 @@ network_interfaces:
    family: inet
    method: static
    description:
-    address: 192.168.122.210
+    address: 192.168.122.215
    netmask: 24
    gateway: 192.168.122.254

@@ -49,7 +53,7 @@ network_interfaces:
    #   maxwait:
    #   waitport:
    bridge:
-      ports: eno1np0 # for mor devices support a blank separated list
+      ports: enp97s0 # for mor devices support a blank separated list
      stp: !!str off
      fd: 5
      hello: 2
@@ -57,39 +61,38 @@ network_interfaces:

    # inline hook scripts
    pre-up:
-      - !!str "ip link set dev eno1np0 up" # pre-up script lines
+      - !!str "ip link set dev enp97s0 up" # pre-up script lines
    up: [] #up script lines
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines

+
 # ---
 # vars used by roles/ansible_dependencies
 # ---

+
 # ---
 # vars used by roles/ansible_user
 # ---

+
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---

+
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---

+
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---

-apt_install_extra_pkgs:
-  - lvm2
-  - kpartx
-  - ntfs-3g
-  - swtpm
-  - swtpm-tools

 # ---
 # vars used by roles/common/tasks/systemd-resolved.yml
@@ -160,11 +163,13 @@ resolved_dnssec: false
 resolved_fallback_nameserver:
   - 172.16.122.254

+
 # ---
 # vars used by roles/common/tasks/cron.yml
 # ---

 cron_user_special_time_entries:
+
  - name: "Restart DNS Cache service 'systemd-resolved'"
    special_time: reboot
    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
@@ -175,10 +180,12 @@ cron_user_special_time_entries:
    job: "echo 1 > /sys/kernel/mm/ksm/run"
    insertafter: PATH

+
 cron_user_entries:
+
  - name: "Check if SSH service is running. Restart service if needed."
-    minute: "*/5"
-    hour: "*"
+    minute: '*/5'
+    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh

  - name: "Check if postfix mailservice is running. Restart service if needed."
@@ -206,66 +213,22 @@ cron_user_entries:
    hour: "*"
    job: /root/bin/monitoring/check_ntpsec_service.sh

+
+
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---

-extra_user:
-  - name: advoware
-    user_id: 1115
-    group_id: 1115
-    group: advoware
-    home: / data/home/advoware
-    password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
-    shell: /bin/bash
-    ssh_keys:
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
-
-  - name: a-jur
-    user_id: 1110
-    group_id: 1110
-    group: a-jur
-    home: / data/home/a-jur
-    password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
-    shell: /bin/bash
-    ssh_keys:
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    home: /home/back
-    password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
-    shell: /bin/bash
-    ssh_keys:
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de"
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    home: /home/borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km"
-
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---

+
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---

+
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
@@ -273,28 +236,31 @@ extra_user:
 # see: roles/common/tasks/vars

 sudoers_file_user_back_mount_privileges:
-  - "ALL=(root) NOPASSWD: /usr/bin/mount"
-  - "ALL=(root) NOPASSWD: /usr/bin/umount"
+  - 'ALL=(root) NOPASSWD: /usr/bin/mount'
+  - 'ALL=(root) NOPASSWD: /usr/bin/umount'
+

 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---

+
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---

+
 # ---
 # vars used by roles/common/tasks/samba-config-server.yml
 # vars used by roles/common/tasks/samba-user.yml
 # ---

-samba_server_ip: 192.168.122.210
+samba_server_ip: 192.168.122.215
 samba_server_cidr_prefix: 24

-samba_workgroup: ANW-KM
+samba_workgroup: WORKGROUP

-samba_netbios_name: FILE-KM-01
+samba_netbios_name: FILE-KM-ALT

 samba_server_min_protocol: !!str NT1

@@ -303,8 +269,6 @@ samba_groups:
    group_id: 1100
  - name: a-jur
    group_id: 1110
-  - name: advoware
-    group_id: 1115
  - name: intern
    group_id: 1120
  - name: wildvang
@@ -322,13 +286,15 @@ samba_groups:
  - name: install
    group_id: 1190

+
+
 samba_user:

  - name: advoware
    groups:
      - advoware
    has_rdp: false
-    password: "9WNRbc49m3"
+    password: '9WNRbc49m3'

  - name: a-jur
    groups:
@@ -336,7 +302,7 @@ samba_user:
      - alle
      - kanzlei
    has_rdp: false
-    password: "a-jur"
+    password: 'a-jur'

  - name: chris
    groups:
@@ -374,7 +340,7 @@ samba_user:
      - wildvang
      - public
    has_rdp: false
-    password: "Ax_GSHh5"
+    password: 'Ax_GSHh5'

  - name: winadm
    groups:
@@ -390,11 +356,11 @@ samba_user:
      - wildvang
      - public
    has_rdp: false
-    password: "Ax_GSHh5"
+    password: 'Ax_GSHh5'

-  # ---
-  # Andreas Eibelhäuser
-  # ---
+# ---
+# Andreas Eibelhäuser
+# ---

  - name: andreas
    groups:
@@ -403,7 +369,7 @@ samba_user:
      - eibelshaeuser
      - public
    has_rdp: true
-    password: "YKQRa.M9-6rL"
+    password: 'YKQRa.M9-6rL'

  - name: philipp
    groups:
@@ -412,7 +378,7 @@ samba_user:
      - eibelshaeuser
      - public
    has_rdp: true
-    password: "20-phi.lip.26%"
+    password: '20-phi.lip.26%'

  - name: ref.eibelshaeuser
    groups:
@@ -421,11 +387,11 @@ samba_user:
      - eibelshaeuser
      - public
    has_rdp: true
-    password: "20-ref-eibels.haeuser.26+"
+    password: '20-ref-eibels.haeuser.26+'

-  # ---
-  # Berenice Böhlo
-  # ---
+# ---
+# Berenice Böhlo
+# ---

  - name: berenice
    groups:
@@ -435,7 +401,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: "berenice"
+    password: 'berenice'

  - name: annabel
    groups:
@@ -445,7 +411,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: "20+an-na.bel/26!"
+    password: '20+an-na.bel/26!'

  - name: jens-uwe
    groups:
@@ -455,7 +421,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: "20_jens-uwe.thomas.26!"
+    password: '20_jens-uwe.thomas.26!'

  - name: mariami
    groups:
@@ -465,7 +431,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: "20.ma-ri-ami/26!"
+    password: '20.ma-ri-ami/26!'

  - name: nina
    groups:
@@ -475,7 +441,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: "20-ni.ha-ger%26%"
+    password: '20-ni.ha-ger%26%'

  - name: zeina
    groups:
@@ -485,7 +451,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: "20/ze.ina-26+"
+    password: '20/ze.ina-26+'

  - name: rm-buero1
    groups:
@@ -507,9 +473,9 @@ samba_user:
    has_rdp: false
    password: '20_rmbuero.2-26%'

-  # ---
-  # Rolf Stahmann
-  # ---
+# ---
+# Rolf Stahmann
+# ---

  - name: irina
    groups:
@@ -519,7 +485,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "W9NKv39pXW"
+    password: 'W9NKv39pXW'

  - name: rolf
    groups:
@@ -528,7 +494,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: "4xNVNFXgP4"
+    password: '4xNVNFXgP4'

  - name: Tresen
    groups:
@@ -540,11 +506,11 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "maltzwo2"
+    password: 'maltzwo2'

-  # ---
-  # Federico Traine
-  # ---
+# ---
+# Federico Traine
+# ---

  - name: andrea
    groups:
@@ -554,7 +520,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: "fXc3bmK9gj"
+    password: 'fXc3bmK9gj'

  - name: federico
    groups:
@@ -564,7 +530,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: "zHfj9g3NcC"
+    password: 'zHfj9g3NcC'

  - name: thomas
    groups:
@@ -573,7 +539,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: "55-tho-mas-550"
+    password: '55-tho-mas-550'

  - name: leonora
    groups:
@@ -582,7 +548,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: "20/le-o-nora.26!"
+    password: '20/le-o-nora.26!'

  - name: kristin
    groups:
@@ -591,7 +557,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: "20.kris_tin-26/"
+    password: '20.kris_tin-26/'

  - name: jule
    groups:
@@ -600,7 +566,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: "20_ju-le%26!"
+    password: '20_ju-le%26!'

  - name: luanda
    groups:
@@ -609,11 +575,11 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "20-lu.anda+26!"
+    password: '20-lu.anda+26!'

-  # ---
-  # Wiebke Wildvang
-  # ---
+# ---
+# Wiebke Wildvang
+# ---

  - name: wiebke
    groups:
@@ -621,7 +587,7 @@ samba_user:
      - wildvang
      - public
    has_rdp: true
-    password: "uJ5gF/m53p.P"
+    password: 'uJ5gF/m53p.P'



@@ -632,7 +598,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "J3KMRprK9H"
+    password: 'J3KMRprK9H'

  - name: beuster
    groups:
@@ -642,7 +608,7 @@ samba_user:
      - public
      - alle
    has_rdp: false
-    password: "zlm17Kx"
+    password: 'zlm17Kx'

  - name: buero
    groups:
@@ -652,7 +618,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: "buero"
+    password: 'buero'

  - name: buero2
    groups:
@@ -662,7 +628,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: "buero2"
+    password: 'buero2'

  - name: buero3
    groups:
@@ -672,7 +638,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: "buero3"
+    password: 'buero3'

  - name: buero4
    groups:
@@ -682,7 +648,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: "buero4"
+    password: 'buero4'

  - name: buero7
    groups:
@@ -692,7 +658,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: "buero7"
+    password: 'buero7'

  - name: christina
    groups:
@@ -702,18 +668,18 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "qvR7zX4Lhs"
+    password: 'qvR7zX4Lhs'

-  #  - name: gerhard
-  #    groups:
-  #      - advoware
-  #      - alle
-  #      - aulmann
-  #      - howe
-  #      - stahmann
-  #      - traine
-  #      - public
-  #    password: 'bHdhzWnTj9'
+#  - name: gerhard
+#    groups:
+#      - advoware
+#      - alle
+#      - aulmann
+#      - howe
+#      - stahmann
+#      - traine
+#      - public
+#    password: 'bHdhzWnTj9'

  - name: ho-st1
    groups:
@@ -721,15 +687,15 @@ samba_user:
      - stahmann
      - public
    has_rdp: false
-    password: "44-Ro-440"
+    password: '44-Ro-440'

-  #  - name: howe-staff-1
-  #    groups:
-  #      - advoware
-  #      - alle
-  #      - aulmann
-  #      - howe
-  #    password: ''
+#  - name: howe-staff-1
+#    groups:
+#      - advoware
+#      - alle
+#      - aulmann
+#      - howe
+#    password: ''

  - name: jessica
    groups:
@@ -739,16 +705,16 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "bV3pjPtjkR"
+    password: 'bV3pjPtjkR'

-  #  - name: laura
-  #    groups:
-  #      - alle
-  #      - aulmann
-  #      - howe
-  #      - stahmann
-  #      - traine
-  #    password: '99-Hamburg-990'
+#  - name: laura
+#    groups:
+#      - alle
+#      - aulmann
+#      - howe
+#      - stahmann
+#      - traine
+#    password: '99-Hamburg-990'

  - name: lenovo3
    groups:
@@ -758,7 +724,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "fndvLmrt7W"
+    password: 'fndvLmrt7W'

  - name: lenovo4
    groups:
@@ -768,7 +734,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "tpCMmTKj7H"
+    password: 'tpCMmTKj7H'

  - name: lenovo5
    groups:
@@ -778,7 +744,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "L5Hannover51"
+    password: 'L5Hannover51'

  - name: lenovo6
    groups:
@@ -788,7 +754,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: "66koeln66"
+    password: '66koeln66'


 base_home: /data/home
@@ -805,6 +771,7 @@ remove_samba_users:
 #  - name: evren

 samba_shares:
+
  - name: a-jur
    comment: a-jur Dokumente
    path: /data/samba/a-jur
@@ -814,7 +781,7 @@ samba_shares:
    dir_create_mask: !!str 2775
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

  - name: kanzlei
@@ -826,7 +793,7 @@ samba_shares:
    dir_create_mask: !!str 2775
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

  - name: install
@@ -848,7 +815,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

  - name: wildvang
@@ -860,32 +827,32 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

-  #  - name: aulmann
-  #    comment: Aulmann auf Fileserver
-  #    path: /data/samba/Aulmann
-  #    group_valid_users: aulmann
-  #    group_write_list: aulmann
-  #    file_create_mask: !!str 660
-  #    dir_create_mask: !!str 2770
-  #    vfs_object_virusfilter: true
-  #    vfs_object_recycle: true
-  #    recycle_path: '@Recycle'
-  #    vfs_object_recycle_is_visible: true
+#  - name: aulmann
+#    comment: Aulmann auf Fileserver
+#    path: /data/samba/Aulmann
+#    group_valid_users: aulmann
+#    group_write_list: aulmann
+#    file_create_mask: !!str 660
+#    dir_create_mask: !!str 2770
+#    vfs_object_virusfilter: true
+#    vfs_object_recycle: true
+#    recycle_path: '@Recycle'
+#    vfs_object_recycle_is_visible: true

-  #  - name: howe
-  #    comment: Howe auf Fileserver
-  #    path: /data/samba/Howe
-  #    group_valid_users: howe
-  #    group_write_list: howe
-  #    file_create_mask: !!str 660
-  #    dir_create_mask: !!str 2770
-  #    vfs_object_virusfilter: true
-  #    vfs_object_recycle: true
-  #    recycle_path: '@Recycle'
-  #    vfs_object_recycle_is_visible: true
+#  - name: howe
+#    comment: Howe auf Fileserver
+#    path: /data/samba/Howe
+#    group_valid_users: howe
+#    group_write_list: howe
+#    file_create_mask: !!str 660
+#    dir_create_mask: !!str 2770
+#    vfs_object_virusfilter: true
+#    vfs_object_recycle: true
+#    recycle_path: '@Recycle'
+#    vfs_object_recycle_is_visible: true

  - name: stahmann
    comment: Stahmann auf Fileserver
@@ -896,7 +863,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

  - name: traine
@@ -908,7 +875,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

  - name: public
@@ -920,7 +887,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

  - name: Advoware-Schriftverkehr
@@ -932,7 +899,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

  - name: Advoware-Backup
@@ -944,7 +911,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: false

  - name: alle
@@ -956,7 +923,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: "@Recycle"
+    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true

 #  - name: web
@@ -970,8 +937,10 @@ samba_shares:
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'

+
 # ==============================

+
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
@@ -1,10 +1,8 @@
 ---
-
 # ---
 # vars used by roles/network_interfaces
 # ---

-
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True

@@ -19,12 +17,10 @@ network_interface_required_packages:
  - ifupdown
  - ifenslave

-
 network_interfaces:
-
  - device: br0
    # use only once per device (for the first device entry)
-    headline: br0 - bridge over device enp97s0
+    headline: br0 - bridge over device eno1np0

    # auto & allow are only used for the first device entry
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
@@ -53,7 +49,7 @@ network_interfaces:
    #   maxwait:
    #   waitport:
    bridge:
-      ports: enp97s0 # for mor devices support a blank separated list
+      ports: eno1np0 # for mor devices support a blank separated list
      stp: !!str off
      fd: 5
      hello: 2
@@ -61,38 +57,39 @@ network_interfaces:

    # inline hook scripts
    pre-up:
-      - !!str "ip link set dev enp97s0 up" # pre-up script lines
+      - !!str "ip link set dev eno1np0 up" # pre-up script lines
    up: [] #up script lines
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines

-
 # ---
 # vars used by roles/ansible_dependencies
 # ---

-
 # ---
 # vars used by roles/ansible_user
 # ---

-
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---

-
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---

-
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---

+apt_install_extra_pkgs:
+  - lvm2
+  - kpartx
+  - ntfs-3g
+  - swtpm
+  - swtpm-tools

 # ---
 # vars used by roles/common/tasks/systemd-resolved.yml
@@ -163,13 +160,11 @@ resolved_dnssec: false
 resolved_fallback_nameserver:
  - 172.16.122.254

-
 # ---
 # vars used by roles/common/tasks/cron.yml
 # ---

 cron_user_special_time_entries:
-
  - name: "Restart DNS Cache service 'systemd-resolved'"
    special_time: reboot
    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
@@ -180,12 +175,15 @@ cron_user_special_time_entries:
    job: "echo 1 > /sys/kernel/mm/ksm/run"
    insertafter: PATH

-
 cron_user_entries:
+  - name: "Backup file server / gateway"
+    minute: "03"
+    hour: "00"
+    job: /root/crontab/backup-rborg2/rborg2.sh

  - name: "Check if SSH service is running. Restart service if needed."
-    minute: '*/5'
-    hour: '*'
+    minute: "*/5"
+    hour: "*"
    job: /root/bin/monitoring/check_ssh.sh

  - name: "Check if postfix mailservice is running. Restart service if needed."
@@ -213,22 +211,66 @@ cron_user_entries:
    hour: "*"
    job: /root/bin/monitoring/check_ntpsec_service.sh

-
-
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---

+extra_user:
+  - name: advoware
+    user_id: 1115
+    group_id: 1115
+    group: advoware
+    home: / data/home/advoware
+    password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
+    shell: /bin/bash
+    ssh_keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
+
+  - name: a-jur
+    user_id: 1110
+    group_id: 1110
+    group: a-jur
+    home: / data/home/a-jur
+    password: $y$j9T$wuQkVnvJxMIy/2Hvmqm2w/$AlMLFmglx764uNSekaFJ3inN59jiDc8.4F2vhUybF22
+    shell: /bin/bash
+    ssh_keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    home: /home/back
+    password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
+    shell: /bin/bash
+    ssh_keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de"
+
+  - name: borg
+    user_id: 1065
+    group_id: 1065
+    group: borg
+    home: /home/borg
+    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
+    shell: /bin/bash
+    ssh_keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsqkTV7RiYPljwlP/MZA+MBeTgiwZI7oCAD77Ujpm1V root@file-km"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOan+hwlA8B3mk82tsvL1LGlejrF5pqT2J3POrg/QJLX root@gw-km"
+
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---

-
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---

-
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
@@ -236,20 +278,17 @@ cron_user_entries:
 # see: roles/common/tasks/vars

 sudoers_file_user_back_mount_privileges:
-  - 'ALL=(root) NOPASSWD: /usr/bin/mount'
-  - 'ALL=(root) NOPASSWD: /usr/bin/umount'
-
+  - "ALL=(root) NOPASSWD: /usr/bin/mount"
+  - "ALL=(root) NOPASSWD: /usr/bin/umount"

 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---

-
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---

-
 # ---
 # vars used by roles/common/tasks/samba-config-server.yml
 # vars used by roles/common/tasks/samba-user.yml
@@ -258,9 +297,9 @@ sudoers_file_user_back_mount_privileges:
 samba_server_ip: 192.168.122.10
 samba_server_cidr_prefix: 24

-samba_workgroup: WORKGROUP
+samba_workgroup: ANW-KM

-samba_netbios_name: FILE-KM
+samba_netbios_name: FILE-KM-01

 samba_server_min_protocol: !!str NT1

@@ -269,6 +308,8 @@ samba_groups:
    group_id: 1100
  - name: a-jur
    group_id: 1110
+  - name: advoware
+    group_id: 1115
  - name: intern
    group_id: 1120
  - name: wildvang
@@ -286,15 +327,13 @@ samba_groups:
  - name: install
    group_id: 1190

-
-
 samba_user:

  - name: advoware
    groups:
      - advoware
    has_rdp: false
-    password: '9WNRbc49m3'
+    password: "9WNRbc49m3"

  - name: a-jur
    groups:
@@ -302,7 +341,7 @@ samba_user:
      - alle
      - kanzlei
    has_rdp: false
-    password: 'a-jur'
+    password: "a-jur"

  - name: chris
    groups:
@@ -340,7 +379,7 @@ samba_user:
      - wildvang
      - public
    has_rdp: false
-    password: 'Ax_GSHh5'
+    password: "Ax_GSHh5"

  - name: winadm
    groups:
@@ -356,11 +395,11 @@ samba_user:
      - wildvang
      - public
    has_rdp: false
-    password: 'Ax_GSHh5'
+    password: "Ax_GSHh5"

-# ---
-# Andreas Eibelhäuser
-# ---
+  # ---
+  # Andreas Eibelhäuser
+  # ---

  - name: andreas
    groups:
@@ -369,7 +408,7 @@ samba_user:
      - eibelshaeuser
      - public
    has_rdp: true
-    password: 'YKQRa.M9-6rL'
+    password: "YKQRa.M9-6rL"

  - name: philipp
    groups:
@@ -378,7 +417,7 @@ samba_user:
      - eibelshaeuser
      - public
    has_rdp: true
-    password: '20-phi.lip.26%'
+    password: "20-phi.lip.26%"

  - name: ref.eibelshaeuser
    groups:
@@ -387,11 +426,11 @@ samba_user:
      - eibelshaeuser
      - public
    has_rdp: true
-    password: '20-ref-eibels.haeuser.26+'
+    password: "20-ref-eibels.haeuser.26+"

-# ---
-# Berenice Böhlo
-# ---
+  # ---
+  # Berenice Böhlo
+  # ---

  - name: berenice
    groups:
@@ -401,7 +440,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: 'berenice'
+    password: "berenice"

  - name: annabel
    groups:
@@ -411,7 +450,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: '20+an-na.bel/26!'
+    password: "20+an-na.bel/26!"

  - name: jens-uwe
    groups:
@@ -421,7 +460,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: '20_jens-uwe.thomas.26!'
+    password: "20_jens-uwe.thomas.26!"

  - name: mariami
    groups:
@@ -431,7 +470,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: '20.ma-ri-ami/26!'
+    password: "20.ma-ri-ami/26!"

  - name: nina
    groups:
@@ -441,7 +480,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: '20-ni.ha-ger%26%'
+    password: "20-ni.ha-ger%26%"

  - name: zeina
    groups:
@@ -451,7 +490,7 @@ samba_user:
      - alle
      - public
    has_rdp: true
-    password: '20/ze.ina-26+'
+    password: "20/ze.ina-26+"

  - name: rm-buero1
    groups:
@@ -473,9 +512,9 @@ samba_user:
    has_rdp: false
    password: '20_rmbuero.2-26%'

-# ---
-# Rolf Stahmann
-# ---
+  # ---
+  # Rolf Stahmann
+  # ---

  - name: irina
    groups:
@@ -485,7 +524,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'W9NKv39pXW'
+    password: "W9NKv39pXW"

  - name: rolf
    groups:
@@ -494,7 +533,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: '4xNVNFXgP4'
+    password: "4xNVNFXgP4"

  - name: Tresen
    groups:
@@ -506,11 +545,11 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'maltzwo2'
+    password: "maltzwo2"

-# ---
-# Federico Traine
-# ---
+  # ---
+  # Federico Traine
+  # ---

  - name: andrea
    groups:
@@ -520,7 +559,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: 'fXc3bmK9gj'
+    password: "fXc3bmK9gj"

  - name: federico
    groups:
@@ -530,7 +569,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: 'zHfj9g3NcC'
+    password: "zHfj9g3NcC"

  - name: thomas
    groups:
@@ -539,7 +578,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: '55-tho-mas-550'
+    password: "55-tho-mas-550"

  - name: leonora
    groups:
@@ -548,7 +587,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: '20/le-o-nora.26!'
+    password: "20/le-o-nora.26!"

  - name: kristin
    groups:
@@ -557,7 +596,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: '20.kris_tin-26/'
+    password: "20.kris_tin-26/"

  - name: jule
    groups:
@@ -566,7 +605,7 @@ samba_user:
      - traine
      - public
    has_rdp: true
-    password: '20_ju-le%26!'
+    password: "20_ju-le%26!"

  - name: luanda
    groups:
@@ -575,11 +614,11 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: '20-lu.anda+26!'
+    password: "20-lu.anda+26!"

-# ---
-# Wiebke Wildvang
-# ---
+  # ---
+  # Wiebke Wildvang
+  # ---

  - name: wiebke
    groups:
@@ -587,7 +626,7 @@ samba_user:
      - wildvang
      - public
    has_rdp: true
-    password: 'uJ5gF/m53p.P'
+    password: "uJ5gF/m53p.P"



@@ -598,7 +637,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'J3KMRprK9H'
+    password: "J3KMRprK9H"

  - name: beuster
    groups:
@@ -608,7 +647,7 @@ samba_user:
      - public
      - alle
    has_rdp: false
-    password: 'zlm17Kx'
+    password: "zlm17Kx"

  - name: buero
    groups:
@@ -618,7 +657,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: 'buero'
+    password: "buero"

  - name: buero2
    groups:
@@ -628,7 +667,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: 'buero2'
+    password: "buero2"

  - name: buero3
    groups:
@@ -638,7 +677,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: 'buero3'
+    password: "buero3"

  - name: buero4
    groups:
@@ -648,7 +687,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: 'buero4'
+    password: "buero4"

  - name: buero7
    groups:
@@ -658,7 +697,7 @@ samba_user:
      - alle
      - public
    has_rdp: false
-    password: 'buero7'
+    password: "buero7"

  - name: christina
    groups:
@@ -668,18 +707,18 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'qvR7zX4Lhs'
+    password: "qvR7zX4Lhs"

-#  - name: gerhard
-#    groups:
-#      - advoware
-#      - alle
-#      - aulmann
-#      - howe
-#      - stahmann
-#      - traine
-#      - public
-#    password: 'bHdhzWnTj9'
+  #  - name: gerhard
+  #    groups:
+  #      - advoware
+  #      - alle
+  #      - aulmann
+  #      - howe
+  #      - stahmann
+  #      - traine
+  #      - public
+  #    password: 'bHdhzWnTj9'

  - name: ho-st1
    groups:
@@ -687,15 +726,15 @@ samba_user:
      - stahmann
      - public
    has_rdp: false
-    password: '44-Ro-440'
+    password: "44-Ro-440"

-#  - name: howe-staff-1
-#    groups:
-#      - advoware
-#      - alle
-#      - aulmann
-#      - howe
-#    password: ''
+  #  - name: howe-staff-1
+  #    groups:
+  #      - advoware
+  #      - alle
+  #      - aulmann
+  #      - howe
+  #    password: ''

  - name: jessica
    groups:
@@ -705,16 +744,16 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'bV3pjPtjkR'
+    password: "bV3pjPtjkR"

-#  - name: laura
-#    groups:
-#      - alle
-#      - aulmann
-#      - howe
-#      - stahmann
-#      - traine
-#    password: '99-Hamburg-990'
+  #  - name: laura
+  #    groups:
+  #      - alle
+  #      - aulmann
+  #      - howe
+  #      - stahmann
+  #      - traine
+  #    password: '99-Hamburg-990'

  - name: lenovo3
    groups:
@@ -724,7 +763,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'fndvLmrt7W'
+    password: "fndvLmrt7W"

  - name: lenovo4
    groups:
@@ -734,7 +773,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'tpCMmTKj7H'
+    password: "tpCMmTKj7H"

  - name: lenovo5
    groups:
@@ -744,7 +783,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: 'L5Hannover51'
+    password: "L5Hannover51"

  - name: lenovo6
    groups:
@@ -754,7 +793,7 @@ samba_user:
      - traine
      - public
    has_rdp: false
-    password: '66koeln66'
+    password: "66koeln66"


 base_home: /data/home
@@ -771,7 +810,6 @@ remove_samba_users:
 #  - name: evren

 samba_shares:
-
  - name: a-jur
    comment: a-jur Dokumente
    path: /data/samba/a-jur
@@ -781,7 +819,7 @@ samba_shares:
    dir_create_mask: !!str 2775
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

  - name: kanzlei
@@ -793,7 +831,7 @@ samba_shares:
    dir_create_mask: !!str 2775
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

  - name: install
@@ -815,7 +853,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

  - name: wildvang
@@ -827,32 +865,32 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

-#  - name: aulmann
-#    comment: Aulmann auf Fileserver
-#    path: /data/samba/Aulmann
-#    group_valid_users: aulmann
-#    group_write_list: aulmann
-#    file_create_mask: !!str 660
-#    dir_create_mask: !!str 2770
-#    vfs_object_virusfilter: true
-#    vfs_object_recycle: true
-#    recycle_path: '@Recycle'
-#    vfs_object_recycle_is_visible: true
+  #  - name: aulmann
+  #    comment: Aulmann auf Fileserver
+  #    path: /data/samba/Aulmann
+  #    group_valid_users: aulmann
+  #    group_write_list: aulmann
+  #    file_create_mask: !!str 660
+  #    dir_create_mask: !!str 2770
+  #    vfs_object_virusfilter: true
+  #    vfs_object_recycle: true
+  #    recycle_path: '@Recycle'
+  #    vfs_object_recycle_is_visible: true

-#  - name: howe
-#    comment: Howe auf Fileserver
-#    path: /data/samba/Howe
-#    group_valid_users: howe
-#    group_write_list: howe
-#    file_create_mask: !!str 660
-#    dir_create_mask: !!str 2770
-#    vfs_object_virusfilter: true
-#    vfs_object_recycle: true
-#    recycle_path: '@Recycle'
-#    vfs_object_recycle_is_visible: true
+  #  - name: howe
+  #    comment: Howe auf Fileserver
+  #    path: /data/samba/Howe
+  #    group_valid_users: howe
+  #    group_write_list: howe
+  #    file_create_mask: !!str 660
+  #    dir_create_mask: !!str 2770
+  #    vfs_object_virusfilter: true
+  #    vfs_object_recycle: true
+  #    recycle_path: '@Recycle'
+  #    vfs_object_recycle_is_visible: true

  - name: stahmann
    comment: Stahmann auf Fileserver
@@ -863,7 +901,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

  - name: traine
@@ -875,7 +913,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

  - name: public
@@ -887,7 +925,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

  - name: Advoware-Schriftverkehr
@@ -899,7 +937,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

  - name: Advoware-Backup
@@ -911,7 +949,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: false

  - name: alle
@@ -923,7 +961,7 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_virusfilter: true
    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+    recycle_path: "@Recycle"
    vfs_object_recycle_is_visible: true

 #  - name: web
@@ -937,10 +975,8 @@ samba_shares:
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'

-
 # ==============================

-
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
@@ -77,6 +77,7 @@ file-ebs.ebs.netz
 file-fm.fm.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
+file-km-alt.anw-km.netz
 file-km-neu.anw-km.netz
 file-kb.anw-kb.netz
 file-blkr.blkr.netz
@@ -567,6 +568,7 @@ gw-irights.oopen.de
 # - Kanzlei Berenice
 gw-km.oopen.de
 file-km.anw-km.netz
+file-km-alt.anw-km.netz
 file-km-neu.anw-km.netz
 file-kb.anw-kb.netz

@@ -1450,6 +1452,7 @@ file-ebs.ebs.netz
 file-fm.fm.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
+file-km-alt.anw-km.netz
 file-km-neu.anw-km.netz
 file-kb.anw-kb.netz
 file-blkr.blkr.netz
@@ -1586,6 +1589,7 @@ file-ah.kanzlei-kiel.netz
 file-ah-neu.kanzlei-kiel.netz
 file-ah-alt.kanzlei-kiel.netz
 file-km.anw-km.netz
+file-km-alt.anw-km.netz
 file-km-neu.anw-km.netz
 file-kb.anw-kb.netz
 file-blkr.blkr.netz
@@ -1758,6 +1762,7 @@ file-ebs.ebs.netz
 file-fm.fm.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
+file-km-alt.anw-km.netz
 file-km-neu.anw-km.netz
 file-kb.anw-kb.netz
 file-blkr.blkr.netz
@@ -2010,6 +2015,7 @@ file-ebs.ebs.netz
 file-fm.fm.netz
 file-fhxb.fhxb.netz
 file-km.anw-km.netz
+file-km-alt.anw-km.netz
 file-km-neu.anw-km.netz
 file-kb.anw-kb.netz
 file-blkr.blkr.netz
@@ -342,7 +342,9 @@
   virusfilter:cache entry limit = 1000
   virusfilter:cache time limit = 60

-   virusfilter:max file size = 26214400
+   #virusfilter:max file size = 52428800   # 50 MB max
+   #virusfilter:max file size = 26214400   # 25 MB max
+   virusfilter:max file size = 15728640   # 15 MB max
   virusfilter:min file size = 10

   virusfilter:scan on open = yes
@@ -522,7 +524,8 @@

   # Dateigröße: Was wird gescannt?
   #virusfilter:max file size = 52428800   # 50 MB max
-   virusfilter:max file size = 26214400   # 25 MB max
+   #virusfilter:max file size = 26214400   # 25 MB max
+   virusfilter:max file size = 15728640   # 15 MB max
   virusfilter:min file size = 10         # unter 10 Byte ignorieren

   # Scan-Zeitpunkt: nur beim Öffnen, nicht beim Schließen