diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index a08654f..39df595 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -2003,6 +2003,9 @@ default_user: shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' extra_user: [] diff --git a/group_vars/gateway_server.yml b/group_vars/gateway_server.yml index 36be047..559fd3f 100644 --- a/group_vars/gateway_server.yml +++ b/group_vars/gateway_server.yml @@ -74,6 +74,9 @@ default_user: shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup' sudo_users: - chris diff --git a/group_vars/oopen_office.yml b/group_vars/oopen_office.yml index aec1a1b..56e02d6 100644 --- a/group_vars/oopen_office.yml +++ b/group_vars/oopen_office.yml @@ -75,6 +75,9 @@ default_user: ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup' sudo_users: - chris diff --git a/group_vars/oopen_office_ga.yml b/group_vars/oopen_office_ga.yml index a690b49..564ebf3 100644 --- a/group_vars/oopen_office_ga.yml +++ b/group_vars/oopen_office_ga.yml @@ -96,7 +96,9 @@ default_user: shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup' sudo_users: - chris diff --git a/group_vars/oopen_server.yml b/group_vars/oopen_server.yml index 455481e..8bec79f 100644 --- a/group_vars/oopen_server.yml +++ b/group_vars/oopen_server.yml @@ -84,12 +84,10 @@ default_user: password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. shell: /bin/bash ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/eGKbdxPYu7L/b/DjZrWek50e0AnkHFZS+zV12o5jy root@borg-client-key-warenform' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup' sudo_users: diff --git a/group_vars/warenform_office.yml b/group_vars/warenform_office.yml index a70e86b..f8cd8e2 100644 --- a/group_vars/warenform_office.yml +++ b/group_vars/warenform_office.yml @@ -81,7 +81,10 @@ default_user: shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID5v9m8a7zcMqIjm+faCYK9CdyHZjS8poMZrsUODzTSL root@devel-root' sudo_users: - chris diff --git a/group_vars/warenform_server.yml b/group_vars/warenform_server.yml index f63fbfd..3840f11 100644 --- a/group_vars/warenform_server.yml +++ b/group_vars/warenform_server.yml @@ -87,7 +87,9 @@ default_user: shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup' sudo_users: - chris diff --git a/host_vars/135.181.79.202.yml b/host_vars/135.181.79.202.yml deleted file mode 100644 index 0a7e47d..0000000 --- a/host_vars/135.181.79.202.yml +++ /dev/null @@ -1,335 +0,0 @@ ---- - -# --- -# vars used by roles/network_interfaces -# --- - - -# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted -network_manage_devices: True - -# Should the interfaces be reloaded after config change? -network_interface_reload: False - -network_interface_path: /etc/network/interfaces.d -network_interface_required_packages: - - vlan - - bridge-utils - - ifmetric - - ifupdown - - ifenslave - - rcconf - - -network_interfaces: - - # Many device configurations are possible (as many as needed) - # - - device: enp35s0 - # use only once per device (for the first device entry) - headline: enp35s0 - primary device - - # auto & allow are only used for the first entry of that devicei-name) - # - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: true - - family: inet - - # The statisc Mode - # Options - # address - # gateway - # pointopoint
- # hwaddress - # mtu - # scope
- # - # The manual Method - # Options - # hwaddress - # mtu - # - # The dhcp Method - # Options - # hwaddress - # hostname - # metric - # leasehours - # leasetime - # vendor - # client - # - # The bootp Method - # Options - # bootfile: - # server: - # hwaddr - # - method: static - - hwaddress: - description: - address: 135.181.79.202 - # dotted quad or number of bits - # - # the entry will be: address/netmask - netmask: 255.255.255.192 - gateway: 135.181.79.193 - metric: - pointopoint: - mtu: - scope: - - # additional user by dhcp method - # - hostname: - leasehours: - leasetime: - vendor: - client: - - # additional used by bootp method - # - bootfile: - server: - hwaddr: - - - # optional dns settings nameservers: [] - # nameservers: - # - "194.150.168.168" # dns.as250.net - # - "91.239.100.100" # anycast.censurfridns.dk - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: {} - - # optional bonding parameters bond: {} - # bond: - # master - # primary - # slave - # mode: - # miimon: - # lacp-rate: - # ad-select-rate: - # master: - # slaves: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - # - # example: - # - # up: - # - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp35s0" - # - pre-up: [] # pre-up script lines - up: - - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp35s0" - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - - - device: enp35s0 - # use only once per device (for the first device entry) - headline: - - # auto & allow are only used for the first device entry - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: - - family: inet6 - method: static - description: - address: 2a01:4f9:4b:17ce::2 - netmask: 64 - gateway: fe80::1 - - # optional dns settings nameservers: [] - # nameservers: - # - "194.150.168.168" # dns.as250.net - # - "91.239.100.100" # anycast.censurfridns.dk - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: {} - - # optional bonding parameters bond: {} - # bond: - # mode: - # miimon: - # master: - # slaves: - # lacp-rate: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - pre-up: []# pre-up script lines - up: [] # up script lines - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - -#apt_manage_sources_list: false - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - -create_sftp_group: true - - -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - -extra_system_user: - - name: www-data - home: /var/www - groups: sftp_users - -sudo_users: - - chris - - sysadm - - localadmin - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -git_firewall_repository: - name: ipt-server - repo: https://git.oopen.de/firewall/ipt-server - dest: /usr/local/src/ipt-server - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. - diff --git a/host_vars/172.16.122.2.yml b/host_vars/172.16.122.2.yml deleted file mode 100644 index 639e5b0..0000000 --- a/host_vars/172.16.122.2.yml +++ /dev/null @@ -1,309 +0,0 @@ ---- -# --- -# vars used by roles/network_interfaces -# --- - - -# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted -network_manage_devices: True - -# Should the interfaces be reloaded after config change? -network_interface_reload: False - -network_interface_path: /etc/network/interfaces.d -network_interface_required_packages: - - vlan - - bridge-utils - - ifmetric - - ifupdown - - ifenslave - -network_interfaces: - - - device: eno1 - headline: eno1 - Uplink DSL via Fritz!Box - auto: true - family: inet - method: static - address: 172.16.122.2 - netmask: 24 - gateway: 172.16.122.254 - - - - device: eno2 - headline: eno2 - LAN - auto: true - family: inet - method: static - address: 192.168.122.253 - netmask: 24 - - - - device: eno2:ns - headline: eno2:ns - Alias on eno5 (Nameserver) - auto: true - family: inet - method: static - address: 192.168.122.2 - netmask: 32 - - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - - -# --- -# vars used by roles/common/tasks/cron.yml -# --- - -cron_user_entries: - - - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' - hour: '*' - job: /root/bin/monitoring/check_postfix.sh - - - name: "Check if SSH service is up and running?" - minute: '*/15' - hour: '*' - job: /root/bin/monitoring/check_ssh.sh - - - name: "Check if OpenVPN service is up and running?" - minute: '*/30' - hour: '*' - job: /root/bin/monitoring/check_vpn.sh - - - name: "Check if nameservice (bind) is running?" - minute: '*/10' - hour: '*' - job: /root/bin/monitoring/check_dns.sh - - - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" - minute: '0-59/2' - hour: '*' - job: /root/bin/monitoring/check_forwarding.sh - - - name: "Copy gateway configuration" - minute: '09' - hour: '3' - job: /root/bin/manage-gw-config/copy_gateway-config.sh ANW-KM - - -#cron_user_special_time_entries: [] -cron_user_special_time_entries: - - - name: "Check if Postfix Service is running at boot time" - special_time: reboot - job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" - insertafter: PATH - - - name: "Restart Systemd's resolved at boottime." - special_time: reboot - job: "sleep 10 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - - name: "Restart NTP service 'ntpsec'" - special_time: reboot - job: "sleep 15 ; /bin/systemctl restart ntpsec" - insertafter: PATH - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - -sshd_hostkeyalgorithms: - - ssh-ed25519 - - ssh-ed25519-cert-v01@openssh.com - - rsa-sha2-256 - - rsa-sha2-512 - - ecdsa-sha2-nistp256 - - rsa-sha2-256-cert-v01@openssh.com - - rsa-sha2-512-cert-v01@openssh.com - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - - -# --- -# vars used by roles/common/tasks/systemd-resolved.yml -# --- - -systemd_resolved: true - -# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie -# Primäre DNS-Adresse: 38.132.106.139 -# Sekundäre DNS-Adresse: 194.187.251.67 -# -# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen -# primäre DNS-Adresse -# IPv4: 1.1.1.1 -# IPv6: 2606:4700:4700::1111 -# sekundäre DNS-Adresse -# IPv4: 1.0.0.1 -# IPv6: 2606:4700:4700::1001 -# -# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit -# primäre DNS-Adresse -# IPv4: 8.8.8.8 -# IPv6: 2001:4860:4860::8888 -# sekundäre DNS-Adresse -# IPv4: 8.8.4.4 -# IPv6: 2001:4860:4860::8844 -# -# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug -# primäre DNS-Adresse -# IPv4: 9.9.9.9 -# IPv6: 2620:fe::fe -# sekundäre DNS-Adresse -# IPv4: 149.112.112.112 -# IPv6: 2620:fe::9 -# -# OpenNIC - https://www.opennic.org/ -# IPv4: 195.10.195.195 - ns31.de -# IPv4: 94.16.114.254 - ns28.de -# IPv4: 51.254.162.59 - ns9.de -# IPv4: 194.36.144.87 - ns29.de -# IPv6: 2a00:f826:8:2::195 - ns31.de -# -# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) -# IPv4: 5.1.66.255 -# IPv6: 2001:678:e68:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# IPv4: 185.150.99.255 -# IPv6: 2001:678:ed0:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) -resolved_nameserver: - - 127.0.0.1 - -# search domains -# -# If there are more than one search domains, then specify them here in the order in which -# the resolver should also search them -# -#resolved_domains: [] -resolved_domains: - - ~. - - anw-km.netz - -resolved_dnssec: false - -# dns.as250.net: 194.150.168.168 -# -resolved_fallback_nameserver: - - 194.150.168.168 - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - -insert_ssh_keypair_backup_server: false -ssh_keypair_backup_server: - - name: backup - backup_user: back - priv_key_src: root/.ssh/id_rsa.backup.oopen.de - priv_key_dest: /root/.ssh/id_rsa - pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub - pub_key_dest: /root/.ssh/id_rsa.pub - -insert_keypair_backup_client: true -ssh_keypair_backup_client: - - name: backup - priv_key_src: root/.ssh/id_ed25519.oopen-server - priv_key_dest: /root/.ssh/id_ed25519 - pub_key_src: root/.ssh/id_ed25519.oopen-server.pub - pub_key_dest: /root/.ssh/id_ed25519.pub - target: backup.oopen.de - -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - -sudo_users: - - chris - - sysadm - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - -install_bind_packages: true - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -git_firewall_repository: - name: ipt-gateway - repo: https://git.oopen.de/firewall/ipt-gateway - dest: /usr/local/src/ipt-gateway - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. - diff --git a/host_vars/172.16.63.32.yml b/host_vars/172.16.63.32.yml deleted file mode 100644 index e8c620e..0000000 --- a/host_vars/172.16.63.32.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - -copy_additional_plain_files_sysctl: - - - name: enable-ipv6 - src_path: etc/sysctl.d/30-enable-ipv6.conf - dest_path: /etc/sysctl.d/30-enable-ipv6.conf - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - sysadm - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - -install_bind_packages: true - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -git_firewall_repository: - name: ipt-gateway - repo: https://git.oopen.de/firewall/ipt-gateway - dest: /usr/local/src/ipt-gateway - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. - diff --git a/host_vars/37.27.121.218.yml b/host_vars/37.27.121.218.yml deleted file mode 100644 index b91bbf5..0000000 --- a/host_vars/37.27.121.218.yml +++ /dev/null @@ -1,523 +0,0 @@ ---- - -# --- -# vars used by roles/network_interfaces -# --- - - -# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted -network_manage_devices: True - -# Should the interfaces be reloaded after config change? -network_interface_reload: False - -network_interface_path: /etc/network/interfaces.d -network_interface_required_packages: - - vlan - - bridge-utils - - ifmetric - - ifupdown - - ifenslave - - -network_interfaces: - - # Many device configurations are possible (as many as needed) - # - - device: enp6s0 - # use only once per device (for the first device entry) - headline: enp6s0 - primary device - - # auto & allow are only used for the first entry of that devicei-name) - # - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: true - - family: inet - - # The statisc Mode - # Options - # address - # gateway - # pointopoint
- # hwaddress - # mtu - # scope
- # - # The manual Method - # Options - # hwaddress - # mtu - # - # The dhcp Method - # Options - # hwaddress - # hostname - # metric - # leasehours - # leasetime - # vendor - # client - # - # The bootp Method - # Options - # bootfile: - # server: - # hwaddr - # - method: static - - hwaddress: - description: - address: 37.27.129.85 - # dotted quad or number of bits - # - # the entry will be: address/netmask - netmask: 26 - gateway: 37.27.129.65 - metric: - pointopoint: - mtu: - scope: - - # additional user by dhcp method - # - hostname: - leasehours: - leasetime: - vendor: - client: - - # additional used by bootp method - # - bootfile: - server: - hwaddr: - - # optional dns settings nameservers: [] - # - # nameservers: - # - 194.150.168.168 # dns.as250.net - # - 91.239.100.100 # anycast.censurfridns.dk - # search: warenform.de - # - #nameservers: - # - 185.12.64.1 - # - a01:4ff:ff00::add:2 - #search: - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: {} - - # optional bonding parameters bond: {} - # bond: - # master - # primary - # slave - # mode: - # miimon: - # lacp-rate: - # ad-select-rate: - # master: - # slaves: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - # - # example: - # - # up: - # - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp6s0" - # - pre-up: [] # pre-up script lines - up: - - !!str "route add -net 37.27.129.64 netmask 255.255.255.192 gw 37.27.129.65 dev enp6s0" - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - - - device: enp6s0 - # use only once per device (for the first device entry) - headline: - - # auto & allow are only used for the first device entry - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: - - family: inet6 - method: static - address: 2a01:4f9:3071:1141::2 - netmask: 64 - gateway: fe80::1 - metric: - pointopoint: - mtu: - scope: - - # additional user by dhcp method - # - hostname: - leasehours: - leasetime: - vendor: - client: - - # additional used by bootp method - # - bootfile: - server: - hwaddr: - - # optional dns settings nameservers: [] - # - # nameservers: - # - 194.150.168.168 # dns.as250.net - # - 91.239.100.100 # anycast.censurfridns.dk - # search: warenform.de - # - nameservers: - search: - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: {} - - # optional bonding parameters bond: {} - # bond: - # mode: - # miimon: - # master: - # slaves: - # lacp-rate: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - pre-up: []# pre-up script lines - up: [] # up script lines - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - -#apt_manage_sources_list: false - - -# --- -# vars used by roles/common/tasks/systemd-resolved.yml -# --- - -systemd_resolved: true - -# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie -# Primäre DNS-Adresse: 38.132.106.139 -# Sekundäre DNS-Adresse: 194.187.251.67 -# -# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen -# primäre DNS-Adresse -# IPv4: 1.1.1.1 -# IPv6: 2606:4700:4700::1111 -# sekundäre DNS-Adresse -# IPv4: 1.0.0.1 -# IPv6: 2606:4700:4700::1001 -# -# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit -# primäre DNS-Adresse -# IPv4: 8.8.8.8 -# IPv6: 2001:4860:4860::8888 -# sekundäre DNS-Adresse -# IPv4: 8.8.4.4 -# IPv6: 2001:4860:4860::8844 -# -# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug -# primäre DNS-Adresse -# IPv4: 9.9.9.9 -# IPv6: 2620:fe::fe -# sekundäre DNS-Adresse -# IPv4: 149.112.112.112 -# IPv6: 2620:fe::9 -# -# OpenNIC - https://www.opennic.org/ -# IPv4: 195.10.195.195 - ns31.de -# IPv4: 94.16.114.254 - ns28.de -# IPv4: 51.254.162.59 - ns9.de -# IPv4: 194.36.144.87 - ns29.de -# IPv6: 2a00:f826:8:2::195 - ns31.de -# -# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) -# IPv4: 5.1.66.255 -# IPv6: 2001:678:e68:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# IPv4: 185.150.99.255 -# IPv6: 2001:678:ed0:f000:: -# Servername für DNS-over-TLS: dot.ffmuc.net -# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) -resolved_nameserver: - - 185.12.64.1 - - 2a01:4ff:ff00::add:2 - - 185.12.64.2 - - 2a01:4ff:ff00::add:1 - -# search domains -# -# If there are more than one search domains, then specify them here in the order in which -# the resolver should also search them -# -#resolved_domains: [] -resolved_domains: - - ~. - - oopen.de - -resolved_dnssec: false - -# dns.as250.net: 194.150.168.168 -# -resolved_fallback_nameserver: - - 194.150.168.168 - - -# --- -# vars used by roles/common/tasks/cron.yml -# --- - -cron_env_entries: - - name: PATH - job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - - - name: SHELL - job: /bin/bash - insertafter: PATH - - -cron_user_special_time_entries: - - - name: "Restart DNS Cache service 'systemd-resolved'" - special_time: reboot - job: "sleep 5 ; /bin/systemctl restart systemd-resolved" - insertafter: PATH - - - name: "Check if postfix mailservice is running. Restart service if needed." - special_time: reboot - job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1" - insertafter: PATH - - -cron_user_entries: - - - name: "Remote Borg Backup" - minute: '04' - hour: '00' - job: /root/crontab/backup-rborg/rborg.sh - - - name: "Check if SSH service is running. Restart service if needed." - minute: '*/5' - hour: '*' - job: /root/bin/monitoring/check_ssh.sh - - - name: "Check connectifity - reboot if needed" - minute: '*/10' - hour: '*' - job: /root/bin/admin-stuff/check-connectivity.sh - - - name: "Check if Postfix Mailservice is up and running?" - minute: '*/15' - hour: '*' - job: /root/bin/monitoring/check_postfix.sh - - - name: "Check if NTP service 'ntpsec' is up and running?" - minute: '*/30' - hour: '*' - job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1 - -# - name: "Backup internet hosts and then print out hdd-usage for all backuped hosts" -# minute: '16' -# hour: '00' -# weekday: '1-6' -# job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N -# -# - name: "On sunday morning also determin diskspace usage" -# minute: '16' -# hour: '00' -# weekday: 7 -# job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N ; /root/bin/admin-stuff/disk-space_usage.sh -q -o /root/disk-space_usage /backup -# -# - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)" -# minute: '23' -# hour: '05' -# job: /var/lib/dehydrated/cron/dehydrated_cron.sh -# -# - name: "Check whether all certificates are included in the VHOST configurations" -# minute: '33' -# hour: '05' -# job: /var/lib/dehydrated/tools/update_ssl_directives.sh - - - name: "Check hard disc usage." - minute: '43' - hour: '6' - job: /root/bin/admin-stuff/check-disc-usage.sh -c 85 - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - -create_sftp_group: true - - -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - -extra_system_user: - - name: www-data - home: /var/www - groups: sftp_users - -sudo_users: - - chris - - sysadm - - localadmin - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -git_firewall_repository: - name: ipt-server - repo: https://git.oopen.de/firewall/ipt-server - dest: /usr/local/src/ipt-server - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. - diff --git a/host_vars/backup.oopen.de.yml b/host_vars/backup.oopen.de.yml index 2af3e78..5a946c7 100644 --- a/host_vars/backup.oopen.de.yml +++ b/host_vars/backup.oopen.de.yml @@ -22,16 +22,21 @@ root_ssh_keypair: priv_key_dest: /root/.ssh/id_ed25519-borg-backup pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-borg-backup.pub pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub - - name: id_rsa - priv_key_src: backup.oopen.de/root/.ssh/id_rsa - priv_key_dest: /root/.ssh/id_rsa - pub_key_src: backup.oopen.de/root/.ssh/id_rsa.pub - pub_key_dest: /root/.ssh/id_rsa.pub + - name: id_ed25519-backup + priv_key_src: backup.oopen.de/root/.ssh/id_ed25519-backup + priv_key_dest: /root/.ssh/id_ed25519-backup + pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-backup.pub + pub_key_dest: /root/.ssh/id_ed25519-backup.pub - name: id_ed25519-gitea priv_key_src: backup.oopen.de/root/.ssh/id_ed25519-gitea - priv_key_dest: /root/.ssh/id_rsa + priv_key_dest: /root/.ssh/id_ed25519-gitea pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-gitea.pub - pub_key_dest: /root/.ssh/id_rsa.pub + pub_key_dest: /root/.ssh/id_ed25519-gitea.pub +# - name: id_rsa +# priv_key_src: backup.oopen.de/root/.ssh/id_rsa +# priv_key_dest: /root/.ssh/id_rsa +# pub_key_src: backup.oopen.de/root/.ssh/id_rsa.pub +# pub_key_dest: /root/.ssh/id_rsa.pub # --- @@ -236,11 +241,9 @@ default_user: shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/eGKbdxPYu7L/b/DjZrWek50e0AnkHFZS+zV12o5jy root@borg-client-key-warenform' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' - name: borg user_id: 1065 diff --git a/host_vars/backup.warenform.de.yml b/host_vars/backup.warenform.de.yml index 3de9805..234e906 100644 --- a/host_vars/backup.warenform.de.yml +++ b/host_vars/backup.warenform.de.yml @@ -36,11 +36,17 @@ root_ssh_keypair: pub_key_src: backup.warenform.de/root/.ssh/id_ed25519-borg-backup.pub pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub - - name: id_rsa - priv_key_src: backup.warenform.de/root/.ssh/id_rsa - priv_key_dest: /root/.ssh/id_rsa - pub_key_src: backup.warenform.de/root/.ssh/id_rsa.pub - pub_key_dest: /root/.ssh/id_rsa.pub + - name: id_ed25519-backup + priv_key_src: backup.warenform.de/root/.ssh/id_ed25519-backup + priv_key_dest: /root/.ssh/id_ed25519-backup + pub_key_src: backup.warenform.de/root/.ssh/id_ed25519-backup.pub + pub_key_dest: /root/.ssh/id_ed25519-backup.pub + +# - name: id_rsa +# priv_key_src: backup.warenform.de/root/.ssh/id_rsa +# priv_key_dest: /root/.ssh/id_rsa +# pub_key_src: backup.warenform.de/root/.ssh/id_rsa.pub +# pub_key_dest: /root/.ssh/id_rsa.pub # --- @@ -237,11 +243,9 @@ default_user: shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/eGKbdxPYu7L/b/DjZrWek50e0AnkHFZS+zV12o5jy root@borg-client-key-warenform' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' - name: borg user_id: 1065 diff --git a/host_vars/bbb-server.b3-bornim.netz.yml b/host_vars/bbb-server.b3-bornim.netz.yml index 0d40d0a..fcaae76 100644 --- a/host_vars/bbb-server.b3-bornim.netz.yml +++ b/host_vars/bbb-server.b3-bornim.netz.yml @@ -161,54 +161,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - sudo_users: - chris diff --git a/host_vars/file-ah.kanzlei-kiel.netz.yml b/host_vars/file-ah.kanzlei-kiel.netz.yml index 09381fe..9af20c5 100644 --- a/host_vars/file-ah.kanzlei-kiel.netz.yml +++ b/host_vars/file-ah.kanzlei-kiel.netz.yml @@ -185,59 +185,6 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$1X6iXiYz2fIQcfKWSSzno1$9Uos8SGn/8V3oHWwiR6kaRPfUuIrxKP8kRNUZ1.da3/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - localadmin - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- diff --git a/host_vars/file-blkr-alt.blkr.netz.yml b/host_vars/file-blkr-alt.blkr.netz.yml index 92e72ab..3a40f00 100644 --- a/host_vars/file-blkr-alt.blkr.netz.yml +++ b/host_vars/file-blkr-alt.blkr.netz.yml @@ -182,59 +182,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - localadmin - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- diff --git a/host_vars/file-blkr.blkr.netz.yml b/host_vars/file-blkr.blkr.netz.yml index 5d4dee0..acc7623 100644 --- a/host_vars/file-blkr.blkr.netz.yml +++ b/host_vars/file-blkr.blkr.netz.yml @@ -182,59 +182,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - localadmin - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/file-dissens.dissens.netz.yml b/host_vars/file-dissens.dissens.netz.yml new file mode 100644 index 0000000..7afde19 --- /dev/null +++ b/host_vars/file-dissens.dissens.netz.yml @@ -0,0 +1,396 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + + +network_interfaces: + + - device: eno1np0 + # use only once per device (for the first device entry) + headline: eno1 - LAN + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + description: + address: 192.168.132.10 + netmask: 24 + gateway: 192.168.132.254 + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + #nameservers: + # - 192.168.132.1 + #search: blkr.netz + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.132.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 192.168.132.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - dissens.netz + +resolved_dnssec: false + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/cron.yml +# --- + +cron_user_special_time_entries: + + - name: "Restart DNS Cache service 'systemd-resolved'" + special_time: reboot + job: "sleep 10 ; /bin/systemctl restart systemd-resolved" + insertafter: PATH + + - name: "Restart NTP Service ntpsec" + special_time: reboot + job: "sleep 15 ; /bin/systemctl restart intpsec > /dev/null 2>&1" + insertafter: PATH + + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_aliases: + - name: MAIN_USER + entry: 'malte.taeubrich, ulla.wittenzellner, sarah.klemm, bernard.koennecke, elenor.faellgrem,mario.freidank ' + +sudoers_file_cmnd_aliases: + - name: REBOOT + entry: '/sbin/reboot' + - name: MANAGE_SERVICE + entry: '/usr/bin/systemctl' + + +sudoers_file_user_privileges: + - name: MAIN_USER + entry: ALL = REBOOT + - name: MAIN_USER + entry: ALL = MANAGE_SERVICE + +# - name: julius +# entry: 'ALL=(root) NOPASSWD: /sbin/reboot' +# - name: josephine +# entry: 'ALL=(root) NOPASSWD: /sbin/reboot' +# - name: sebastian +# entry: 'ALL=(root) NOPASSWD: /sbin/reboot' +# - name: julius-e +# entry: 'ALL=(root) NOPASSWD: /sbin/reboot' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + + +# --- +# vars used by roles/common/tasks/nfs.yml +# --- + +nfs_server: 192.168.132.10 + +# Set 'fs_encrypted' to true if filesystem lives on an encrypted +# partition. +# +# NOTE !! +# Take car to increase 'fsid' in case of more than one export +# +nfs_exports: + - src: 192.168.132.10:/data/samba/shares + path: /data/samba/shares + mount_opts: users,rsize=8192,wsize=8192,hard,intr + export_opt: rw,root_squash,sync,subtree_check + export_networks: + - 192.168.132.0/24 + - 10.0.192.0/24 + - 10.1.192.0/24 + - 192.168.63.0/24 + use_fsid_option: true + + +# --- +# vars used by roles/common/tasks/samba-config-server.yml +# vars used by roles/common/tasks/samba-user.yml +# --- + +samba_server_ip: 192.168.132.10 +samba_server_cidr_prefix: 24 + +samba_workgroup: DISSENS + +samba_netbios_name: FILE-DISSENS + +samba_server_min_protocol: !!str NT1 + +samba_groups: + - name: team + group_id: 1100 + - name: projekte + group_id: 1110 + - name: verwaltung + group_id: 1120 + - name: gf + group_id: 1120 + +samba_user: + - name: bernard.koennecke + groups: + - gf + - projekte + - team + - verwaltung + password: '20.ber-n4rd.ko3n-3cke-24!' + + - name: chris + groups: + - gf + - projekte + - team + - verwaltung + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63643330373231636537366333326630333265303265653933613835656262323863363038653234 + 3462653135633266373439626263356636646637643035340a653466356235346663626163306363 + 61313164643061306433643738643563303036646334376536626531383965303036386162393832 + 6631333038306462610a356535633265633563633962333137326533633834636331343562633765 + 3631 + + - name: david.gelhaar + groups: + - projekte + - team + - verwaltung + password: '20-da-v1d.g3lh44r_24%' + + - name: elenor.faellgrem + groups: + - projekte + - team + password: '20/313n0r-g3l.h4r/24?' + - name: johanna.hess + groups: + - buero + - verwaltung + password: '20_j0.h4nn4_h3ss-24+' + + - name: leonie + groups: + - buero + - verwaltung + password: '6.4aVX7rQ-9H' + - name: philip + groups: + - buero + - verwaltung + password: 'fN%749Psv_NR' + - name: buero1 + groups: + - buero + password: 'Mfr!7tK+d49C' + - name: buero2 + groups: + - buero + password: 'gW-wg3Pttf4/' + - name: buero3 + groups: + - buero + password: 'Qc-WyMhJ/3-2' + - name: referendariat + groups: + - buero + password: '4/zCNXnVF7+i' + - name: ref1 + groups: + - buero + password: '???' + - name: sebastian + groups: + - buero + - verwaltung + password: 'bhNC.P5eTy-2' + - name: buero-05 + groups: + - buero + password: '5/SXbV-M3vmQ' + - name: buero-06 + groups: + - buero + password: 'N-ba2R+i/2eM' + +base_home: /data/home + +# remove_samba_users: +# - name: name1 +# - name: name2 +# +remove_samba_users: [] + +samba_shares: + + - name: buero + comment: Buero auf Fileserver + path: /data/samba/shares/buero + group_valid_users: buero + group_write_list: buero + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + - name: Verwaltung + comment: verwaltung auf Fileserver + path: /data/samba/shares/verwaltung + group_valid_users: verwaltung + group_write_list: verwaltung + file_create_mask: !!str 664 + dir_create_mask: !!str 2775 + vfs_object_recycle: true + recycle_path: '@Recycle' + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/file-ebs.ebs.netz.yml b/host_vars/file-ebs.ebs.netz.yml index 2bdc687..ee571b1 100644 --- a/host_vars/file-ebs.ebs.netz.yml +++ b/host_vars/file-ebs.ebs.netz.yml @@ -191,59 +191,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$WWsYp2DSIw4jNx5/IaKzY1$VjvTQYvSaQtJDiiNYxOUDEx9QdIPTZ1YWXSSaS1whH/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - sysadm - - localadmin - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/file-fhxb.fhxb.netz.yml b/host_vars/file-fhxb.fhxb.netz.yml index bf705a8..9e35013 100644 --- a/host_vars/file-fhxb.fhxb.netz.yml +++ b/host_vars/file-fhxb.fhxb.netz.yml @@ -161,39 +161,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/file-kb.anw-kb.netz.yml b/host_vars/file-kb.anw-kb.netz.yml index 2b061e7..ecefc47 100644 --- a/host_vars/file-kb.anw-kb.netz.yml +++ b/host_vars/file-kb.anw-kb.netz.yml @@ -117,39 +117,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/file-km.anw-km.netz.yml b/host_vars/file-km.anw-km.netz.yml index 7a30baf..48cb78d 100644 --- a/host_vars/file-km.anw-km.netz.yml +++ b/host_vars/file-km.anw-km.netz.yml @@ -181,59 +181,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$ypzdcD.iMXQGS4W1nCJvn1$pzQKmc6Y6rej4ZRBRGzAyHIyWHFhsUkTK2WYEi/a9s1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - localadmin - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- diff --git a/host_vars/ga-al-gw.oopen.de.yml b/host_vars/ga-al-gw.oopen.de.yml index a6ffc52..efecbf4 100644 --- a/host_vars/ga-al-gw.oopen.de.yml +++ b/host_vars/ga-al-gw.oopen.de.yml @@ -353,60 +353,6 @@ ssh_keypair_backup_client: pub_key_dest: /root/.ssh/id_ed25519.pub target: backup.oopen.de -default_user: - - - name: chris - password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: maadmin - password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1' - - - name: wadmin - password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - -sudo_users: - - chris - - sysadm - - maadmin - - wadmin - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/gw-ah.oopen.de.yml b/host_vars/gw-ah.oopen.de.yml index 400f0c7..edd60ca 100644 --- a/host_vars/gw-ah.oopen.de.yml +++ b/host_vars/gw-ah.oopen.de.yml @@ -140,59 +140,6 @@ ssh_keypair_backup_client: pub_key_dest: /root/.ssh/id_ed25519.pub target: backup.oopen.de -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$1X6iXiYz2fIQcfKWSSzno1$9Uos8SGn/8V3oHWwiR6kaRPfUuIrxKP8kRNUZ1.da3/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - localadmin - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- diff --git a/host_vars/gw-akb.oopen.de.yml b/host_vars/gw-akb.oopen.de.yml index 2a42d02..53cf9cb 100644 --- a/host_vars/gw-akb.oopen.de.yml +++ b/host_vars/gw-akb.oopen.de.yml @@ -128,60 +128,6 @@ cron_user_special_time_entries: # --- -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$K/AHoqM8bynaxxgb6l3a41$my3J.c2hXYxkHgQviZZww5OP6ZgaaPsNscKPRSRT5E5 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$d5p0SWRwuW2CDvpMdtFcQ0$fKsGolV/38OZzTDRq00wjrbw3MfnJkUAWMreb3xNgT2 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$K/AHoqM8bynaxxgb6l3a41$my3J.c2hXYxkHgQviZZww5OP6ZgaaPsNscKPRSRT5E5 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$QczbPLpIHiEZFf7FChcTC0$9SoBJzI8k/j5gjRdfK/x3vc/h73sNRGyAmr0KninMn0 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - sysadm - - localadmin - - # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- diff --git a/host_vars/gw-blkr.oopen.de.yml b/host_vars/gw-blkr.oopen.de.yml index c88b886..cb5714d 100644 --- a/host_vars/gw-blkr.oopen.de.yml +++ b/host_vars/gw-blkr.oopen.de.yml @@ -249,59 +249,6 @@ ssh_keypair_backup_client: pub_key_dest: /root/.ssh/id_ed25519.pub target: backup.oopen.de -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - localadmin - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/gw-ckubu.local.netz.yml b/host_vars/gw-ckubu.local.netz.yml index ae40832..9d63b6e 100644 --- a/host_vars/gw-ckubu.local.netz.yml +++ b/host_vars/gw-ckubu.local.netz.yml @@ -118,39 +118,6 @@ cron_user_special_time_entries: # vars used by roles/common/tasks/users.yml # --- -default_user: - - - name: chris - password: $y$j9T$KUDlIDddLeymNRsoS7Z51/$eelMaGW/JhVsCjl6nducJmjxrHpuyLStWuOGrohKZZD - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$1SUeBB9jQKPnG9JPt30O5/$aiZOeMJbJqE.cEKkFdSBxeuhma8n1thBVn00SClT3C/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$n17mARf7i72xHDBW0lfT40$2WQMFPops.4.T3H7mk7Kzh3sRt3YfJtlhtn0Vl.uU37 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' -sudo_users: - - chris - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/gw-dissens.oopen.de.yml b/host_vars/gw-dissens.oopen.de.yml index ec87f35..bd1ea94 100644 --- a/host_vars/gw-dissens.oopen.de.yml +++ b/host_vars/gw-dissens.oopen.de.yml @@ -186,40 +186,6 @@ ssh_keypair_backup_client: pub_key_dest: /root/.ssh/id_ed25519.pub target: backup.oopen.de -default_user: - - - name: chris - password: $y$j9T$JLezdt23fYO1OVfqTGPLG.$0WZW1GBGvIs7aITanCemuvZ9CbHwCFg1uxMynQiO7Y/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$daq5sPNG0I8/BEqIRc8tq0$gLVISkrP7ziAnQUbBD6ZROpU2ud0/Y1Vmkqkq/yPH09 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$Sc6W8dHBquFeXxNvdaB9r1$S.yGBl7KHTvmlSNncI6cJ.2dHHg8LCoy.JSfJaZneH7 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/gw-ebs.oopen.de.yml b/host_vars/gw-ebs.oopen.de.yml index e190399..9293bf6 100644 --- a/host_vars/gw-ebs.oopen.de.yml +++ b/host_vars/gw-ebs.oopen.de.yml @@ -186,59 +186,6 @@ ssh_keypair_backup_client: pub_key_dest: /root/.ssh/id_ed25519.pub target: backup.oopen.de -default_user: - - - name: chris - password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$WWsYp2DSIw4jNx5/IaKzY1$VjvTQYvSaQtJDiiNYxOUDEx9QdIPTZ1YWXSSaS1whH/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: borg - user_id: 1065 - group_id: 1065 - group: borg - password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - sysadm - - localadmin - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/gw-kb.oopen.de.yml b/host_vars/gw-kb.oopen.de.yml index bdc9951..dfeb5b8 100644 --- a/host_vars/gw-kb.oopen.de.yml +++ b/host_vars/gw-kb.oopen.de.yml @@ -230,38 +230,6 @@ ssh_keypair_backup_client: pub_key_dest: /root/.ssh/id_ed25519.pub target: backup.oopen.de -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - -sudo_users: - - chris - - sysadm - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/host_vars/o13-alt.oopen.de.yml b/host_vars/o13-alt.oopen.de.yml deleted file mode 100644 index 54953e9..0000000 --- a/host_vars/o13-alt.oopen.de.yml +++ /dev/null @@ -1,187 +0,0 @@ ---- - -# --- -# vars used by roles/network_interfaces -# --- - -# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted -network_manage_devices: True - -# Should the interfaces be reloaded after config change? -network_interface_reload: False - -network_interface_path: /etc/network/interfaces.d -network_interface_required_packages: - - vlan - - bridge-utils - - ifmetric - - ifupdown - - ifenslave - - -network_interfaces: - - - device: br0 - # use only once per device (for the first device entry) - headline: br0 - bridge over device ens3 - - # auto & allow are only used for the first device entry - allow: [] # array of allow-[stanzas] eg. allow-hotplug - auto: true - - family: inet - method: manual - hwaddress: 52:54:00:62:fb:9c - description: - address: - netmask: - gateway: - metric: - pointopoint: - mtu: - scope: - - # additional user by dhcp method - # - hostname: - leasehours: - leasetime: - vendor: - client: - - # additional used by bootp method - # - bootfile: - server: - hwaddr: - - # optional dns settings nameservers: [] - # - # nameservers: - # - 194.150.168.168 # dns.as250.net - # - 91.239.100.100 # anycast.censurfridns.dk - # search: warenform.de - # - #nameservers: - # - 195.201.179.131 - # - 95.217.204.204 - #search: - - # optional additional subnets/ips subnets: [] - # subnets: - # - '192.168.123.0/24' - # - '192.168.124.11/32' - - # optional bridge parameters bridge: {} - # bridge: - # ports: - # stp: - # fd: - # maxwait: - # waitport: - bridge: - ports: ens3 # for mor devices support a blank separated list - stp: !!str off - fd: 1 - hello: 2 - maxage: 12 - - # optional bonding parameters bond: {} - # bond: - # master - # primary - # slave - # method: - # miimon: - # lacp-rate: - # ad-select-rate: - # master: - # slaves: - bond: {} - - # optional vlan settings | vlan: {} - # vlan: {} - # raw-device: 'eth0' - vlan: {} - - # inline hook scripts - pre-up: [] # pre-up script lines - up: - - !!str "ip addr add 83.223.86.200/24 dev br0" - - !!str "ip route add default via 83.223.86.1" - post-up: [] # post-up script lines (alias for up) - pre-down: [] # pre-down script lines (alias for down) - down: [] # down script lines - post-down: [] # post-down script lines - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -git_firewall_repository: - name: ipt-server - repo: https://git.oopen.de/firewall/ipt-server - dest: /usr/local/src/ipt-server - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/o13-board.oopen.de.yml b/host_vars/o13-board.oopen.de.yml deleted file mode 100644 index 8ca99e2..0000000 --- a/host_vars/o13-board.oopen.de.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -git_firewall_repository: - name: ipt-server - repo: https://git.oopen.de/firewall/ipt-server - dest: /usr/local/src/ipt-server - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/o13-cryptpad.oopen.de.yml b/host_vars/o13-cryptpad.oopen.de.yml index f84cab7..01e9f8d 100644 --- a/host_vars/o13-cryptpad.oopen.de.yml +++ b/host_vars/o13-cryptpad.oopen.de.yml @@ -100,67 +100,30 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/users.yml # --- -default_user: +extra_user: - - name: chris - password: $y$j9T$KUDlIDddLeymNRsoS7Z51/$eelMaGW/JhVsCjl6nducJmjxrHpuyLStWuOGrohKZZD + - name: marsupilami + password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/ shell: /bin/bash + group: marsupilami ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $y$j9T$1SUeBB9jQKPnG9JPt30O5/$aiZOeMJbJqE.cEKkFdSBxeuhma8n1thBVn00SClT3C/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $y$j9T$/TGIkTdH5zV4wTPsrZNko0$nGIMPM7WhOaeg4qUrwqiJ4Fvmn7He0bmYdZlXQ4ow80 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $y$j9T$n17mARf7i72xHDBW0lfT40$2WQMFPops.4.T3H7mk7Kzh3sRt3YfJtlhtn0Vl.uU37 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: cryptpad - user_id: 2010 - group_id: 2010 - group: cryptpad - home: /var/www/cryptpad - password: $y$j9T$TUSURhYNq5B1eWlxis.xy.$YfCpyp24dmaZwiIEMaJvX7u3P.MEdAyz8YXMusM4lu7 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is' - name: c3po password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/ shell: /bin/bash + group: c3po ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net' sudo_users: - chris + - c3po + - marsupilami - sysadm - localadmin - - c3po # --- diff --git a/host_vars/o13-mumble.oopen.de.yml b/host_vars/o13-mumble.oopen.de.yml index be8f976..01e9f8d 100644 --- a/host_vars/o13-mumble.oopen.de.yml +++ b/host_vars/o13-mumble.oopen.de.yml @@ -100,53 +100,28 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/users.yml # --- -default_user: +extra_user: - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + - name: marsupilami + password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/ shell: /bin/bash + group: marsupilami ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is' - name: c3po password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/ shell: /bin/bash + group: c3po ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net' - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - sudo_users: - chris + - c3po + - marsupilami - sysadm - localadmin diff --git a/host_vars/o13-pad.oopen.de.yml b/host_vars/o13-pad.oopen.de.yml index 86d2ecf..01e9f8d 100644 --- a/host_vars/o13-pad.oopen.de.yml +++ b/host_vars/o13-pad.oopen.de.yml @@ -100,64 +100,28 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/users.yml # --- -default_user: +extra_user: - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + - name: marsupilami + password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/ shell: /bin/bash + group: marsupilami ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is' - name: c3po password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/ shell: /bin/bash + group: c3po ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net' - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: cryptpad - user_id: 2010 - group_id: 2010 - group: cryptpad - home: /var/www/cryptpad - password: $y$j9T$TUSURhYNq5B1eWlxis.xy.$YfCpyp24dmaZwiIEMaJvX7u3P.MEdAyz8YXMusM4lu7 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - sudo_users: - chris + - c3po + - marsupilami - sysadm - localadmin diff --git a/host_vars/o13-schleuder.oopen.de.yml b/host_vars/o13-schleuder.oopen.de.yml deleted file mode 100644 index 5cc403d..0000000 --- a/host_vars/o13-schleuder.oopen.de.yml +++ /dev/null @@ -1,120 +0,0 @@ ---- - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: c3po - password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net' - - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- - -git_firewall_repository: - name: ipt-server - repo: https://git.oopen.de/firewall/ipt-server - dest: /usr/local/src/ipt-server - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - -root_user: - name: root - password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. diff --git a/host_vars/o13-staging-board.oopen.de.yml b/host_vars/o13-staging-board.oopen.de.yml index c69116f..5839dbb 100644 --- a/host_vars/o13-staging-board.oopen.de.yml +++ b/host_vars/o13-staging-board.oopen.de.yml @@ -106,40 +106,30 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/users.yml # --- -default_user: +extra_user: - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + - name: marsupilami + password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/ shell: /bin/bash + group: marsupilami ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is' - - name: sysadm - - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + - name: c3po + password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/ shell: /bin/bash + group: c3po ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net' sudo_users: - chris + - c3po + - marsupilami - sysadm + - localadmin # --- diff --git a/host_vars/o13-web.oopen.de.yml b/host_vars/o13-web.oopen.de.yml index a1ad5ca..01e9f8d 100644 --- a/host_vars/o13-web.oopen.de.yml +++ b/host_vars/o13-web.oopen.de.yml @@ -100,54 +100,28 @@ resolved_fallback_nameserver: # vars used by roles/common/tasks/users.yml # --- -default_user: +extra_user: - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + - name: marsupilami + password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/ shell: /bin/bash + group: marsupilami ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is' - name: c3po password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/ shell: /bin/bash + group: c3po ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net' - - name: sysadm - user_id: 1050 - group_id: 1050 - group: sysadm - password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: back - user_id: 1060 - group_id: 1060 - group: back - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - sudo_users: - chris - c3po + - marsupilami - sysadm - localadmin diff --git a/host_vars/o26.oopen.de.yml b/host_vars/o26.oopen.de.yml index a814886..34525f6 100644 --- a/host_vars/o26.oopen.de.yml +++ b/host_vars/o26.oopen.de.yml @@ -255,9 +255,14 @@ root_ssh_keypair: pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub - name: id_ed25519-gitea priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-gitea - priv_key_dest: /root/.ssh/id_rsa + priv_key_dest: /root/.ssh/id_ed25519-gitea pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-gitea.pub - pub_key_dest: /root/.ssh/id_rsa.pub + pub_key_dest: /root/.ssh/id_ed25519-gitea.pub + - name: id_ed25519-backup + priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup + priv_key_dest: /root/.ssh/id_ed25519-backup + pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup.pub + pub_key_dest: /root/.ssh/id_ed25519-backup # --- @@ -474,10 +479,9 @@ default_user: ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/eGKbdxPYu7L/b/DjZrWek50e0AnkHFZS+zV12o5jy root@borg-client-key-warenform' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup' - name: borg user_id: 1065 diff --git a/host_vars/server28.warenform.de.yml b/host_vars/server28.warenform.de.yml index de16d0a..d9fcd70 100644 --- a/host_vars/server28.warenform.de.yml +++ b/host_vars/server28.warenform.de.yml @@ -309,78 +309,6 @@ cron_user_entries: # vars used by roles/common/tasks/users.yml # --- -insert_ssh_keypair_backup_server: false -ssh_keypair_backup_server: - - name: backup - backup_user: back - priv_key_src: root/.ssh/id_rsa.backup.warenform.de - priv_key_dest: /root/.ssh/id_rsa - pub_key_src: root/.ssh/id_rsa.backup.warenform.de.pub - pub_key_dest: /root/.ssh/id_rsa.pub - -insert_keypair_backup_client: true -ssh_keypair_backup_client: - - name: backup - priv_key_src: root/.ssh/id_ed25519.warenform-server - priv_key_dest: /root/.ssh/id_ed25519 - pub_key_src: root/.ssh/id_ed25519.warenform-server.pub - pub_key_dest: /root/.ssh/id_ed25519.pub - target: backup.warenform.de - - -default_user: - - - name: chris - password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - - name: axel - password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz' - - - name: sysadm - user_id: 1050 - group_id: 1050 - password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/ - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz' - - - name: localadmin - user_id: 1051 - group_id: 1051 - password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS' - - - name: back - user_id: 1060 - group_id: 1060 - password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. - shell: /bin/bash - ssh_keys: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - -sudo_users: - - chris - - axel - - sysadm - - localadmin - # --- # vars used by roles/common/tasks/users-systemfiles.yml diff --git a/hosts b/hosts index 21f1728..cf56c41 100644 --- a/hosts +++ b/hosts @@ -189,7 +189,6 @@ cloud.akweb.de # o31.oopen.de - Cadus e.V. o31.oopen.de mail.cadus.org -135.181.22.161 web.cadus.org # etventure @@ -384,7 +383,6 @@ cloud.akweb.de # o31.oopen.de - Cadus e.V. o31.oopen.de mail.cadus.org -135.181.22.161 web.cadus.org # etventure @@ -546,9 +544,7 @@ ga-al-kvm3.ga.netz devel-root.wf.netz anita.wf.netz -devel-cloud.wf.netz devel-db.wf.netz -devel-git.wf.netz devel-repos.wf.netz devel-php.wf.netz devel-todo.wf.netz @@ -632,7 +628,6 @@ o20.oopen.de # o31.oopen.de web.cadus.org mail.cadus.org -135.181.22.161 # o22.oopen.de oolm-shop-dev.oopen.de @@ -871,7 +866,6 @@ test.mx.oopen.de # o31.oopen.de mail.cadus.org -135.181.22.161 # o27.oopen.de mail.faire-mobilitaet.de @@ -1037,7 +1031,6 @@ cloud.akweb.de # o31.oopen.de - Cadus e.V. web.cadus.org mail.cadus.org -135.181.22.161 # etventure o32.oopen.de @@ -1195,7 +1188,6 @@ test.mx.oopen.de # o31.oopen.de mail.cadus.org -135.181.22.161 # o27.oopen.de @@ -1459,7 +1451,6 @@ munin.oopen.de # - o31.oopen.de mail.cadus.org -135.181.22.161 web.cadus.org # o21.oopen.de @@ -1610,9 +1601,7 @@ dns1.warenform.de # devel-root anita.wf.netz -devel-cloud.wf.netz devel-db.wf.netz -devel-git.wf.netz devel-php.wf.netz devel-repos.wf.netz devel-todo.wf.netz @@ -1699,7 +1688,6 @@ cloud.akweb.de # - o31.oopen.de o31.oopen.de mail.cadus.org -135.181.22.161 web.cadus.org # etventure @@ -1883,8 +1871,6 @@ dns1.warenform.de anita.wf.netz devel-root.wf.netz devel-db.wf.netz -devel-cloud.wf.netz -devel-git.wf.netz devel-php.wf.netz devel-repos.wf.netz devel-todo.wf.netz @@ -1894,13 +1880,16 @@ devel-ruby.wf.netz [oopen_office_ga] # - GA - Gemeinschaft Altensclirf -ga-st-lxc1.ga.netz -ga-st-mail.ga.netz -ga-al-relay.ga.netz -ga-st-services.ga.netz -ga-st-kvm1.ga.netz +ga-al-gw.oopen.de ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz +ga-al-relay.ga.netz +ga-nh-gw.oopen.de.yml +ga-st-lxc1.ga.netz +ga-st-mail.ga.netz +ga-st-services.ga.netz +ga-st-kvm1.ga.netz +ga-st-kvm5.ga.netz [o13_server] diff --git a/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519 b/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519 new file mode 100644 index 0000000..4d7c069 --- /dev/null +++ b/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCHBD3fjAySs1qlkrbd16SVNTqSdLsZoqWnCBpJupNzEgAAAJDPLbb2zy22 +9gAAAAtzc2gtZWQyNTUxOQAAACCHBD3fjAySs1qlkrbd16SVNTqSdLsZoqWnCBpJupNzEg +AAAEBJe9jEXHRRNKsWRZnEC6gkT+68rSus6TQsWoCIo1f+S4cEPd+MDJKzWqWStt3XpJU1 +OpJ0uxmipacIGkm6k3MSAAAACmNocmlzQGx1bmEBAgM= +-----END OPENSSH PRIVATE KEY----- diff --git a/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519-backup b/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519-backup new file mode 100644 index 0000000..87b5063 --- /dev/null +++ b/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519-backup @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCndAMEx2wwSuA4LPiGVprZwwY6FSKIDlL5CyGL7H39cgAAAJCPEfpPjxH6 +TwAAAAtzc2gtZWQyNTUxOQAAACCndAMEx2wwSuA4LPiGVprZwwY6FSKIDlL5CyGL7H39cg +AAAEAU6QJe7XCLoBUkLQQfUIO6lqRS8eG0Aya2mMuIfU9Vo6d0AwTHbDBK4Dgs+IZWmtnD +BjoVIogOUvkLIYvsff1yAAAAC3Jvb3RAYmFja3VwAQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519-backup.pub b/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519-backup.pub new file mode 100644 index 0000000..f986fd2 --- /dev/null +++ b/roles/common/files/backup.oopen.de/root/.ssh/id_ed25519-backup.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de diff --git a/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519 b/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519 new file mode 100644 index 0000000..4d7c069 --- /dev/null +++ b/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCHBD3fjAySs1qlkrbd16SVNTqSdLsZoqWnCBpJupNzEgAAAJDPLbb2zy22 +9gAAAAtzc2gtZWQyNTUxOQAAACCHBD3fjAySs1qlkrbd16SVNTqSdLsZoqWnCBpJupNzEg +AAAEBJe9jEXHRRNKsWRZnEC6gkT+68rSus6TQsWoCIo1f+S4cEPd+MDJKzWqWStt3XpJU1 +OpJ0uxmipacIGkm6k3MSAAAACmNocmlzQGx1bmEBAgM= +-----END OPENSSH PRIVATE KEY----- diff --git a/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519-backup b/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519-backup new file mode 100644 index 0000000..5afd4d1 --- /dev/null +++ b/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519-backup @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDY9JwnRTmZudQFQnz22dtkETiBIm6F2e0Wph7zNhPSDAAAAJD+EYMa/hGD +GgAAAAtzc2gtZWQyNTUxOQAAACDY9JwnRTmZudQFQnz22dtkETiBIm6F2e0Wph7zNhPSDA +AAAEBqjDwPH+BcqDhXZcMYac/0aRMS5mN5xHYc/61tyP2Ogtj0nCdFOZm51AVCfPbZ22QR +OIEiboXZ7RamHvM2E9IMAAAAC3Jvb3RAYmFja3VwAQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519-backup.pub b/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519-backup.pub new file mode 100644 index 0000000..bf8553d --- /dev/null +++ b/roles/common/files/backup.warenform.de/root/.ssh/id_ed25519-backup.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts index 6b4bf21..cf638fd 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts @@ -19,66 +19,15 @@ # --- # give hostnames to blocke here -illuminatus\.lionheart\.lovejoy$ -dancortez\.500$ -geplosser\.pl$ -zukunftbeitragen\.quest$ -gulpagerts\.com$ -flodesyta\.shop$ -einfach-mail-express\.eu$ -feowatley\.shop$ -kssalon\.com$ -zeitarbeitsgruppe\.com$ -jobinscenter\.mom$ -bilingates\.gsm\.pl$ -^mail\.finsky-palace\.radio\.am$ -^mail\.newslinkes\.radio\.fm$ -thecaffeinatedquilter\.com$ -^mail\.hossted\.app$ -rea\.realflightshop\.com$ -tetontimberlinetrading\.com$ -walelaber\.shop$ -technedigitale\.com$ -dia-two-2\.de$ -surlumice\.store$ -mail\.notistall\.balashov\.su$ -mail\.batistase\.hz\.cz$ -mail\.lorinsales\.de\.fr$ -mail\.jostalles\.azerbaijan\.su$ -mail\.batistase\.hz\.cz$ -circuitlogix\.com$ -a27-10\.smtp-out.us-west-2\.amazonses\.com$ -relay01\.cne\.gob\.ve$ -mta01\.cne\.gob\.ve$ -news1\.worldnews\.hair$ -ritechager\.info$ -berligpot\.quest$ -chwestinstrumentalmusic\.com$ -nrgroekle\.site$ -classyak\.com$ -childswork\.com$ -ywgf\.net$ -alnweohct\.online$ -kitchenfantasy\.com$ -kitchenfaucetcenter\.com$ -fqmeta\.net$ -kitchenespial\.com$ -owboyhardware\.com$ -comicartcollective\.com$ -fesg56wesg\.xyz$ -convinceandconvert\.com$ -thelargest\.homes$ -eamyobai\.cfd$ -countryfields\.ca$ -urgencypasture\.shop$ -detectivecomics\.net$ -bell\.net$ -beheshtfoundation\.com$ -tohochina\.com$ -mailer-service\.de$ -hunshachang\.com$ -likelark\.com$ -mlmlh\.xyz$ -osdh\.net$ -trentbbs\.com$ -sharelikecrazy\.com$ + +# edge.toprains.shop:w +edge\.toprains\.shop$ + +# Specht Office +mta3\.dev\.60cr\.com$ + +# lichtbringer.sho +lichtbringer\.shop$ + +# insights.sternenpfad.shop +insights\.sternenpfad\.shop$ diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts.00 b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts.00 new file mode 100644 index 0000000..6b4bf21 --- /dev/null +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts.00 @@ -0,0 +1,84 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + +# --- +# hosts blocked by postfwd +# +# This file is called with '=~'. This means perl regexp is possible +# +# +# To increase performance use ^ and/or $ in regular expressions +# +# Example: +# +# # block all hosts of domain 'oopen.de' +# \.oopen\.de$ +# +# # block host a.mx.oopen.de +# ^a\.mx\.oopen\.de$ +# +# --- + +# give hostnames to blocke here +illuminatus\.lionheart\.lovejoy$ +dancortez\.500$ +geplosser\.pl$ +zukunftbeitragen\.quest$ +gulpagerts\.com$ +flodesyta\.shop$ +einfach-mail-express\.eu$ +feowatley\.shop$ +kssalon\.com$ +zeitarbeitsgruppe\.com$ +jobinscenter\.mom$ +bilingates\.gsm\.pl$ +^mail\.finsky-palace\.radio\.am$ +^mail\.newslinkes\.radio\.fm$ +thecaffeinatedquilter\.com$ +^mail\.hossted\.app$ +rea\.realflightshop\.com$ +tetontimberlinetrading\.com$ +walelaber\.shop$ +technedigitale\.com$ +dia-two-2\.de$ +surlumice\.store$ +mail\.notistall\.balashov\.su$ +mail\.batistase\.hz\.cz$ +mail\.lorinsales\.de\.fr$ +mail\.jostalles\.azerbaijan\.su$ +mail\.batistase\.hz\.cz$ +circuitlogix\.com$ +a27-10\.smtp-out.us-west-2\.amazonses\.com$ +relay01\.cne\.gob\.ve$ +mta01\.cne\.gob\.ve$ +news1\.worldnews\.hair$ +ritechager\.info$ +berligpot\.quest$ +chwestinstrumentalmusic\.com$ +nrgroekle\.site$ +classyak\.com$ +childswork\.com$ +ywgf\.net$ +alnweohct\.online$ +kitchenfantasy\.com$ +kitchenfaucetcenter\.com$ +fqmeta\.net$ +kitchenespial\.com$ +owboyhardware\.com$ +comicartcollective\.com$ +fesg56wesg\.xyz$ +convinceandconvert\.com$ +thelargest\.homes$ +eamyobai\.cfd$ +countryfields\.ca$ +urgencypasture\.shop$ +detectivecomics\.net$ +bell\.net$ +beheshtfoundation\.com$ +tohochina\.com$ +mailer-service\.de$ +hunshachang\.com$ +likelark\.com$ +mlmlh\.xyz$ +osdh\.net$ +trentbbs\.com$ +sharelikecrazy\.com$ diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets index 68bde18..6d9f745 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets @@ -12,158 +12,17 @@ # # --- -# give networks to block here -188.214.104.0/24 -91.219.236.254 -85.254.72.106 -103.136.40.0/23 -185.53.170.115 -# zukunftbeitragen.quest -86.107.103.211 -# RU (u.a. mail.geplosser.pl) -62.152.59.0/24 -# GB mx.bilingates.gsm.pl -95.168.184.156 -# RU (u.a. mx.jobinscenter.mom) -31.28.27.0/24 -# RU (u.a. mx.novatechs.gen.tr) -93.189.44.0/22 -# RU (u.a. vh126.timeweb.ru) -92.53.96.0/24 -# RU (u.a. mail.newslinkes.radio.am) -45.130.151.0/24 -# US - OLink Cloud LLC US Cloud ( u.a. pritionch.store) -104.160.19.0/24 -# TR (u.a. dosvufpro.store -185.219.135.0/24 -# RZ ( u.a. mx.jobinscenter.mom) -31.28.27.0/24 -# RU (mx.novatechs.gen.tr) -93.189.44.0/22 -# mx.bilingates.gsm.pl -95.168.184.156 -# mail.finsky-palace.radio.am -89.163.230.186 -# mail.newslinkes.radio.fm -62.3.58.20 -# SC ( u.a. undialogy.store) -149.3.170.0/24 -# tetontimberlinetrading.com -155.94.219.66 -185.43.108.101 -# US (u.a.walelaber.shop) -216.250.247.0/24 -# IN (u.a. couetsart.xyz) -103.174.86.0/23 -# DE ( u.a. smtp15.dia-two-2.de -193.168.252.0/23 -# US ( u.a. surlumice.store ) -# 192.161.160.0/19 -192.161.173.22 -# RU -194.87.236.0/22 -# SC (u.a. werkzeughandeldirekt.net) -146.19.253.0/24 -# Piscataway NJ (u.a. werkzeughandeldirekt.net) -209.182.224.0/22 -# LV (u.a. eur-versand.com ) -217.199.96.0/19 -# viastarco.xyz (eur-versand.com) -163.123.180.214 -# RU (u.a lorinsales.de.fr) -185.31.160.0/22 -# RU (batistase.hz.cz) -93.189.42.0/23 -# RU (notistall.balashov.su) -77.87.212.0/24 -# RU (jostalles.azerbaijan.su) -62.173.128.0/19 -# RU ( u.a. batistase.hz.cz ) -62.76.184.0/21 -# US (u.a. premiumofen.com) -172.93.96.0/20 -# US (u.a. premiumofen.com) -108.171.192.0/19 -# VE ( u.a. cne.gob.ve) -201.130.82.0/23 -# classic-british-motorcycles.com -172.67.189.127 -104.21.33.94 -# (u.a. direktpaket.com) -194.116.228.0/24 -# GB (u.a.versand-king.com) -78.129.191.68/28 -# US ( u.a.profiverkauf.com) -192.30.240.0/22 -# (u.a. profiverkauf.com) -185.221.200.0/22 -# US u.a.(liefer-experten.com) -69.12.79.32/27 -207.167.64.0/23 -# US (u.a. premiumversender.com) -192.161.172.0/23 -# LIR (u.a. premiumversender.com) -185.101.92.0/22 -# US (u.a. d-logistik.com) -216.144.236.224/28 -# GB - 146.59.88.240/29 -# UA (Ukraine) -193.3.23.0/24 -# DE (u.a. lagerexpress.com) -41.216.188.0/24 -# US (u.a. echtzeit-video.com>) -104.161.0.0/17 -158.51.124.0/22 -193.42.38.0/24 -# US (u.a. pro-versender.com) -173.254.192.0/18 -# US ( u.a. werksvertriebe.com) -104.218.236.0/23 -# US ( u.a. notstrom-generatoren.com) -68.69.187.0/24 -104.156.156.0/22 -# US (u.a direktversender.net) -103.83.37.0/24 -103.114.162.0/24 -# US (u.a.versender50.com) -204.152.197.0/24 -# US (u.a.vs-dienst.com) -45.134.11.0/24 -212.83.56.0/24 -# US ( u.a. urgencypasture.shop) -194.87.84.0/24 -# US ( u.a. dkdirekt.com) -64.188.1.176/28 -# CA (Canada) (u.a. bell.net) -209.71.192.0/18 -# HU (u.a. beheshtfoundation.com) -83.137.158.0/24 -# US (u.a. josephraffael.com / auftrag@v-markt-direkt.com) -64.188.4.0/22 -# IR (Iran) brute force on SASL Login -46.148.32.0/20 -# US -45.15.128.0/22 -# US -103.114.163.0/24 -# US -192.154.224.0/21 -# US -139.28.234.0/23 -# US -213.59.118.0/23 -# US cityboxing.com -103.114.160.0/24 -104.237.192.0/19 -# CZ -176.102.65.0/24 -46.36.39.0/24 -# US -91.193.19.0/24 -# US -103.125.147.0/24 -# US -79.141.173.0/24 -# LU Luxenburg -107.189.3.105 +# edge.toprains.shop +51.89.16.112 + +# Specht Office +91.193.18.0/24 + +# lichtbringer.shop +94.23.144.0/21 + +# insights.sternenpfad.shop +94.23.152.0/21 + +# ?? +181.214.99.0/24 diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets.00 b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets.00 new file mode 100644 index 0000000..68bde18 --- /dev/null +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets.00 @@ -0,0 +1,169 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + +# --- +# Networks blocked by postfwd +# +# Example: +# +# # web0.warenform.de +# #83.223.86.76 +# #2a01:30:0:505:286:96ff:fe4a:6ee +# #2a01:30:0:13:286:96ff:fe4a:6eee +# +# --- + +# give networks to block here +188.214.104.0/24 +91.219.236.254 +85.254.72.106 +103.136.40.0/23 +185.53.170.115 +# zukunftbeitragen.quest +86.107.103.211 +# RU (u.a. mail.geplosser.pl) +62.152.59.0/24 +# GB mx.bilingates.gsm.pl +95.168.184.156 +# RU (u.a. mx.jobinscenter.mom) +31.28.27.0/24 +# RU (u.a. mx.novatechs.gen.tr) +93.189.44.0/22 +# RU (u.a. vh126.timeweb.ru) +92.53.96.0/24 +# RU (u.a. mail.newslinkes.radio.am) +45.130.151.0/24 +# US - OLink Cloud LLC US Cloud ( u.a. pritionch.store) +104.160.19.0/24 +# TR (u.a. dosvufpro.store +185.219.135.0/24 +# RZ ( u.a. mx.jobinscenter.mom) +31.28.27.0/24 +# RU (mx.novatechs.gen.tr) +93.189.44.0/22 +# mx.bilingates.gsm.pl +95.168.184.156 +# mail.finsky-palace.radio.am +89.163.230.186 +# mail.newslinkes.radio.fm +62.3.58.20 +# SC ( u.a. undialogy.store) +149.3.170.0/24 +# tetontimberlinetrading.com +155.94.219.66 +185.43.108.101 +# US (u.a.walelaber.shop) +216.250.247.0/24 +# IN (u.a. couetsart.xyz) +103.174.86.0/23 +# DE ( u.a. smtp15.dia-two-2.de +193.168.252.0/23 +# US ( u.a. surlumice.store ) +# 192.161.160.0/19 +192.161.173.22 +# RU +194.87.236.0/22 +# SC (u.a. werkzeughandeldirekt.net) +146.19.253.0/24 +# Piscataway NJ (u.a. werkzeughandeldirekt.net) +209.182.224.0/22 +# LV (u.a. eur-versand.com ) +217.199.96.0/19 +# viastarco.xyz (eur-versand.com) +163.123.180.214 +# RU (u.a lorinsales.de.fr) +185.31.160.0/22 +# RU (batistase.hz.cz) +93.189.42.0/23 +# RU (notistall.balashov.su) +77.87.212.0/24 +# RU (jostalles.azerbaijan.su) +62.173.128.0/19 +# RU ( u.a. batistase.hz.cz ) +62.76.184.0/21 +# US (u.a. premiumofen.com) +172.93.96.0/20 +# US (u.a. premiumofen.com) +108.171.192.0/19 +# VE ( u.a. cne.gob.ve) +201.130.82.0/23 +# classic-british-motorcycles.com +172.67.189.127 +104.21.33.94 +# (u.a. direktpaket.com) +194.116.228.0/24 +# GB (u.a.versand-king.com) +78.129.191.68/28 +# US ( u.a.profiverkauf.com) +192.30.240.0/22 +# (u.a. profiverkauf.com) +185.221.200.0/22 +# US u.a.(liefer-experten.com) +69.12.79.32/27 +207.167.64.0/23 +# US (u.a. premiumversender.com) +192.161.172.0/23 +# LIR (u.a. premiumversender.com) +185.101.92.0/22 +# US (u.a. d-logistik.com) +216.144.236.224/28 +# GB + 146.59.88.240/29 +# UA (Ukraine) +193.3.23.0/24 +# DE (u.a. lagerexpress.com) +41.216.188.0/24 +# US (u.a. echtzeit-video.com>) +104.161.0.0/17 +158.51.124.0/22 +193.42.38.0/24 +# US (u.a. pro-versender.com) +173.254.192.0/18 +# US ( u.a. werksvertriebe.com) +104.218.236.0/23 +# US ( u.a. notstrom-generatoren.com) +68.69.187.0/24 +104.156.156.0/22 +# US (u.a direktversender.net) +103.83.37.0/24 +103.114.162.0/24 +# US (u.a.versender50.com) +204.152.197.0/24 +# US (u.a.vs-dienst.com) +45.134.11.0/24 +212.83.56.0/24 +# US ( u.a. urgencypasture.shop) +194.87.84.0/24 +# US ( u.a. dkdirekt.com) +64.188.1.176/28 +# CA (Canada) (u.a. bell.net) +209.71.192.0/18 +# HU (u.a. beheshtfoundation.com) +83.137.158.0/24 +# US (u.a. josephraffael.com / auftrag@v-markt-direkt.com) +64.188.4.0/22 +# IR (Iran) brute force on SASL Login +46.148.32.0/20 +# US +45.15.128.0/22 +# US +103.114.163.0/24 +# US +192.154.224.0/21 +# US +139.28.234.0/23 +# US +213.59.118.0/23 +# US cityboxing.com +103.114.160.0/24 +104.237.192.0/19 +# CZ +176.102.65.0/24 +46.36.39.0/24 +# US +91.193.19.0/24 +# US +103.125.147.0/24 +# US +79.141.173.0/24 +# LU Luxenburg +107.189.3.105 diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender index 7d52e11..6ecdf24 100644 --- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender @@ -36,83 +36,29 @@ ludwigpestow@gmail.com # annoying spammer domains @acieu\.co\.uk$ -@sendelope\.eu$ -@growthrecords\.com$ -@videosicherheit.biz$ -@arbeitsschutzmasken.shop$ -@medprodukte.shop$ -@geplosser\.pl$ -@alfasells\.de$ -@news-des-tages\.de$ -@handel2022\.com$ -@zukunftbeitragen\.quest$ -@ip-51-83-242\.eu$ -@notreesnolife\.com$ -@ilsang\.biz$ -vorteilsemail\.de$ -@inbox\.ru$ -@poeloker\.com$ -@jobinscenter\.mom$ -@novatechs\.gen\.tr$ -@bilingates\.gsm\.pl$ -@newslinkes\.radio\.fm$ -@finsky-palace\.radio\.am$ -@deutsche-ecommerce\.net$ -@cpsarg\.com$ -@markenhandelonline\.com$ -firmen-infos\.com$ -@inx1and1\..+$ -@ppe-healthcare-europe\.\S+$ -@testbedarf\.shop$ -@acievents\.\S+$ -@dokpotenz\.\S+$ -@doktorapo\.\S+$ -@team-de-luxe\.\S+$ -@klickensiejetzt\.\S+$ -@podiumskate\.\S+$ -@ppe-healthcare-europe\.\S+$ +# ---- -@direktpaket\.com$ -@revzilla\.com$ -@christopherhinz\.com$ -@versand-king\.com$ +# edge.toprains.shop +@edge.toprains.shop$ -@profiverkauf\.com$ -@liefer-experten\.com$ -@premiumversender\.com$ -@longhornvapor\.com$ -@d-logistik\.com$ -@corvsport\.com$ -@echtzeit-video\.com$ -@cortlandparkcashmere\.com$ -@pro-versender\.com$ -@werksvertriebe\.com$ -@notstrom-generatoren\.com$ +# Specht Offic +officeuf@jxb669\.com$ +officeuf@ -# annoying spammer addresses -^error@mailfrom\.com$ -^sqek@eike\.se$ -^info@webmeinung\.de$ -^info@handel-versand\.com$ -^order@direktversender\.net$ -versender.*\.com$ -vs-dienst\.com$ -urgencypasture\.shop$ -dkdirekt\.com$ -nb\.sympatico\.ca$ -beheshtfoundation\.com$ -josephraffael\.com$ -v-markt-direkt\.com$ -mailer-service\.de$ -swissad\.biz$ -@math-salamanders\.com$ -mazdas247\.com$ -johnnybugs\.com$ -livingoncookies\.com$ -joshua24\.com$ -cityboxing\.com$ -clotheswithoutlimits\.com$ -distrowatch\.com$ -designerwicker\.com$ -sharelikecrazy\.com$ +# edge.toprains.shop +@edge.toprains.shop$ + +# lichtbringer.shop +lichtbringer\.shop$ + +# insights.sternenpfad.shop +@insights\.sternenpfad\.shop$ + +# ?? 181.214.99.0/24 +imrx4k.com$ + +# --- + +# Google Mail Adresse +@laravel.digital diff --git a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender.00 b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender.00 new file mode 100644 index 0000000..7d52e11 --- /dev/null +++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender.00 @@ -0,0 +1,118 @@ +# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + +# --- +# Sender addresses blocked by postfwd +# +# This file is called with '=~'. This means perl regexp is possible +# +# +# To increase performance use ^ and/or $ in regular expressions +# +# @acieu\.co\.uk$ +# ^error@mailfrom.com$ +# +# instedt of +# +# @acieu.co.uk +# error@mailfrom.com +# +# +# Example: +# +# # # annoying spammer domains +# # block all senders of maildomaindomain 'oopen.de' +# @acieu\.co\.uk$ +# +# # annoying spammer addresses +# # block sender address +# error@mailfrom.com +# sqek@eike\.se$ +# +# --- + +# reported by MBR +paul.graber99@gmail.com +ludwigpestow@gmail.com + +# annoying spammer domains +@acieu\.co\.uk$ +@sendelope\.eu$ +@growthrecords\.com$ +@videosicherheit.biz$ +@arbeitsschutzmasken.shop$ +@medprodukte.shop$ +@geplosser\.pl$ +@alfasells\.de$ +@news-des-tages\.de$ +@handel2022\.com$ +@zukunftbeitragen\.quest$ +@ip-51-83-242\.eu$ +@notreesnolife\.com$ +@ilsang\.biz$ +vorteilsemail\.de$ +@inbox\.ru$ +@poeloker\.com$ +@jobinscenter\.mom$ +@novatechs\.gen\.tr$ +@bilingates\.gsm\.pl$ +@newslinkes\.radio\.fm$ +@finsky-palace\.radio\.am$ +@deutsche-ecommerce\.net$ +@cpsarg\.com$ +@markenhandelonline\.com$ +firmen-infos\.com$ + +@inx1and1\..+$ +@ppe-healthcare-europe\.\S+$ +@testbedarf\.shop$ +@acievents\.\S+$ +@dokpotenz\.\S+$ +@doktorapo\.\S+$ +@team-de-luxe\.\S+$ +@klickensiejetzt\.\S+$ +@podiumskate\.\S+$ +@ppe-healthcare-europe\.\S+$ + +@direktpaket\.com$ +@revzilla\.com$ +@christopherhinz\.com$ +@versand-king\.com$ + +@profiverkauf\.com$ +@liefer-experten\.com$ +@premiumversender\.com$ +@longhornvapor\.com$ +@d-logistik\.com$ +@corvsport\.com$ +@echtzeit-video\.com$ +@cortlandparkcashmere\.com$ +@pro-versender\.com$ +@werksvertriebe\.com$ +@notstrom-generatoren\.com$ + +# annoying spammer addresses +^error@mailfrom\.com$ +^sqek@eike\.se$ +^info@webmeinung\.de$ +^info@handel-versand\.com$ +^order@direktversender\.net$ +versender.*\.com$ +vs-dienst\.com$ +urgencypasture\.shop$ +dkdirekt\.com$ +nb\.sympatico\.ca$ +beheshtfoundation\.com$ +josephraffael\.com$ +v-markt-direkt\.com$ +mailer-service\.de$ +swissad\.biz$ +@math-salamanders\.com$ +mazdas247\.com$ +johnnybugs\.com$ +livingoncookies\.com$ +joshua24\.com$ +cityboxing\.com$ +clotheswithoutlimits\.com$ +distrowatch\.com$ +designerwicker\.com$ +sharelikecrazy\.com$ diff --git a/roles/common/files/o26.oopen.de/root/.ssh/id_ed25519-backup b/roles/common/files/o26.oopen.de/root/.ssh/id_ed25519-backup new file mode 100644 index 0000000..7ee052a --- /dev/null +++ b/roles/common/files/o26.oopen.de/root/.ssh/id_ed25519-backup @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAOS7nTPgYP6JzoAa3XC3yXGe7Npmp60Gtj+A++LRkmvQAAAJDAkxXywJMV +8gAAAAtzc2gtZWQyNTUxOQAAACAOS7nTPgYP6JzoAa3XC3yXGe7Npmp60Gtj+A++LRkmvQ +AAAEAEJeME+8h4U47VvVWXQGMHvI6MgjFG83h4zZoq7jS4wg5LudM+Bg/onOgBrdcLfJcZ +7s2manrQa2P4D74tGSa9AAAACHJvb3RAbzI2AQIDBAU= +-----END OPENSSH PRIVATE KEY----- diff --git a/roles/common/files/o26.oopen.de/root/.ssh/id_ed25519-backup.pub b/roles/common/files/o26.oopen.de/root/.ssh/id_ed25519-backup.pub new file mode 100644 index 0000000..5e86305 --- /dev/null +++ b/roles/common/files/o26.oopen.de/root/.ssh/id_ed25519-backup.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup diff --git a/roles/common/tasks/users.yml b/roles/common/tasks/users.yml index fcc9d99..2a43a66 100644 --- a/roles/common/tasks/users.yml +++ b/roles/common/tasks/users.yml @@ -145,58 +145,58 @@ # - Take care backup host has rsa key to connect via ssh to the other hosts # --- -- name: (users.yml) Copy ssh rsa private key to user root on backup server - copy: - src: '{{ item.priv_key_src }}' - dest: '{{ item.priv_key_dest }}' - owner: root - group: root - mode: '0600' - loop: "{{ ssh_keypair_backup_server }}" - loop_control: - label: '{{ item.priv_key_dest }}' - when: - - insert_ssh_keypair_backup_server|bool - - ssh_keypair_backup_server is defined - - ssh_keypair_backup_server|length > 0 - tags: - - insert-ssh-keypair-backup-server - - keypair-backup-server - - -- name: (users.yml) Copy ssh rsa public key to user root on backup server - copy: - src: '{{ item.pub_key_src }}' - dest: '{{ item.pub_key_dest }}' - owner: root - group: root - mode: '0644' - loop: "{{ ssh_keypair_backup_server }}" - loop_control: - label: '{{ item.pub_key_dest }}' - when: - - insert_ssh_keypair_backup_server|bool - - ssh_keypair_backup_server is defined - - ssh_keypair_backup_server|length > 0 - tags: - - insert-ssh-keypair-backup-server - - keypair-backup-server - - -- name: (users.yml) Ensure user back has public rsa key of backup server - authorized_key: - user: "{{ item.backup_user }}" - key: "{{ lookup('file', item.pub_key_src) }}" - state: present - loop: "{{ ssh_keypair_backup_server }}" - loop_control: - label: 'authorized_keys - user: {{ item.backup_user }}' - when: - - ssh_keypair_backup_server is defined - - ssh_keypair_backup_server|length > 0 - tags: - - authorized_key - - keypair-backup-server +#- name: (users.yml) Copy ssh rsa private key to user root on backup server +# copy: +# src: '{{ item.priv_key_src }}' +# dest: '{{ item.priv_key_dest }}' +# owner: root +# group: root +# mode: '0600' +# loop: "{{ ssh_keypair_backup_server }}" +# loop_control: +# label: '{{ item.priv_key_dest }}' +# when: +# - insert_ssh_keypair_backup_server|bool +# - ssh_keypair_backup_server is defined +# - ssh_keypair_backup_server|length > 0 +# tags: +# - insert-ssh-keypair-backup-server +# - keypair-backup-server +# +# +#- name: (users.yml) Copy ssh rsa public key to user root on backup server +# copy: +# src: '{{ item.pub_key_src }}' +# dest: '{{ item.pub_key_dest }}' +# owner: root +# group: root +# mode: '0644' +# loop: "{{ ssh_keypair_backup_server }}" +# loop_control: +# label: '{{ item.pub_key_dest }}' +# when: +# - insert_ssh_keypair_backup_server|bool +# - ssh_keypair_backup_server is defined +# - ssh_keypair_backup_server|length > 0 +# tags: +# - insert-ssh-keypair-backup-server +#- keypair-backup-server +# +# +#- name: (users.yml) Ensure user back has public rsa key of backup server +# authorized_key: +# user: "{{ item.backup_user }}" +# key: "{{ lookup('file', item.pub_key_src) }}" +# state: present +# loop: "{{ ssh_keypair_backup_server }}" +# loop_control: +# label: 'authorized_keys - user: {{ item.backup_user }}' +# when: +# - ssh_keypair_backup_server is defined +# - ssh_keypair_backup_server|length > 0 +# tags: +# - authorized_key +# - keypair-backup-server # ---