update...

2024-12-13 10:44:19 +01:00
parent 229c4bb27d
commit f61e2ff73c
56 changed files with 1017 additions and 3057 deletions
--- a/host_vars/135.181.79.202.yml
+++ b/host_vars/135.181.79.202.yml
@ -1,335 +0,0 @@
---
-
-# ---
-# vars used by roles/network_interfaces
-# ---
-
-
-# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
-network_manage_devices: True
-
-# Should the interfaces be reloaded after config change?
-network_interface_reload: False
-
-network_interface_path: /etc/network/interfaces.d
-network_interface_required_packages:
-  - vlan
-  - bridge-utils
-  - ifmetric
-  - ifupdown
-  - ifenslave
-  - rcconf
-
-
-network_interfaces:
-
-  # Many device configurations are possible (as many as needed)
-  #
-  - device: enp35s0
-    # use only once per device (for the first device entry)
-    headline: enp35s0 - primary device
-
-    # auto & allow are only used for the first entry of that devicei-name)
-    #
-    allow: [] # array of allow-[stanzas] eg. allow-hotplug
-    auto: true
-
-    family: inet
-    
-    # The statisc Mode
-    #    Options
-    #       address        <dotted quad address[/netmask]>
-    #       gateway        <dotted quad address>
-    #       pointopoint    <Address of other end point (dotted quad). Note the spelling of "point-to">
-    #       hwaddress      <mac-address>
-    #       mtu            <size>
-    #       scope          <Address validity scope. Possible values: global, link, host>
-    #
-    # The manual Method
-    #    Options
-    #       hwaddress      <mac-address>
-    #       mtu            <size>
-    #
-    # The dhcp Method
-    #    Options
-    #       hwaddress      <mac-address>
-    #       hostname       <Hostname to be requested (pump, dhcpcd, udhcpc)>
-    #       metric         <metric>
-    #       leasehours     <Preferred lease time in hours (pump)>
-    #       leasetime      <Preferred lease time in seconds (dhcpcd)>
-    #       vendor         <Vendor class identifier (dhcpcd)>
-    #       client         <Client identifier (dhcpcd), or "no" (dhclient)>
-    #    
-    # The bootp Method  
-    #    Options
-    #       bootfile:      <file: Tell the server to use 'file' as the bootfile.>
-    #       server:        <address: Use the IP address 'address' to communicate with the server.>
-    #       hwaddr         <mac-address: Use addr as the hardware address instead of whatever it really is.>
-    #    
-    method: static
-    
-    hwaddress: 
-    description:
-    address: 135.181.79.202
-    # dotted quad or number of bits
-    #
-    # the entry will be: address/netmask
-    netmask: 255.255.255.192
-    gateway: 135.181.79.193
-    metric: 
-    pointopoint: 
-    mtu: 
-    scope: 
-
-    # additional user by dhcp method
-    #
-    hostname:
-    leasehours:
-    leasetime:
-    vendor:
-    client:
-
-    # additional used by bootp method
-    #
-    bootfile:
-    server:
-    hwaddr:
- 
-
-    # optional dns settings nameservers: []
-    # nameservers:
-    #  - "194.150.168.168"  # dns.as250.net
-    #  - "91.239.100.100"   # anycast.censurfridns.dk
-
-    # optional additional subnets/ips subnets: []
-    # subnets: 
-    #   - '192.168.123.0/24'
-    #   - '192.168.124.11/32'
-
-    # optional bridge parameters bridge: {}
-    # bridge:
-    #   ports:
-    #   stp:
-    #   fd:
-    #   maxwait:
-    #   waitport:
-    bridge: {}
-
-    #  optional bonding parameters bond: {}
-    #  bond:
-    #    master
-    #    primary
-    #    slave
-    #    mode:
-    #    miimon:
-    #    lacp-rate:
-    #    ad-select-rate:
-    #    master:
-    #    slaves:
-    bond: {}
-
-    # optional vlan settings | vlan: {}
-    # vlan: {}
-    #   raw-device: 'eth0'
-    vlan: {}
-
-    # inline hook scripts
-    #
-    # example:
-    #
-    # up:
-    #   - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp35s0"
-    #
-    pre-up: [] # pre-up script lines
-    up:
-      - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp35s0"
-    post-up: [] # post-up script lines (alias for up)
-    pre-down: [] # pre-down script lines (alias for down)
-    down: [] # down script lines
-    post-down: [] # post-down script lines
-
-  - device: enp35s0
-    # use only once per device (for the first device entry)
-    headline:
-
-    # auto & allow are only used for the first device entry
-    allow: [] # array of allow-[stanzas] eg. allow-hotplug
-    auto: 
-
-    family: inet6
-    method: static
-    description:
-    address: 2a01:4f9:4b:17ce::2
-    netmask: 64
-    gateway: fe80::1
-
-    # optional dns settings nameservers: []
-    # nameservers:
-    #  - "194.150.168.168"  # dns.as250.net
-    #  - "91.239.100.100"   # anycast.censurfridns.dk
-
-    # optional additional subnets/ips subnets: []
-    # subnets: 
-    #   - '192.168.123.0/24'
-    #   - '192.168.124.11/32'
-
-    # optional bridge parameters bridge: {}
-    # bridge:
-    #   ports:
-    #   stp:
-    #   fd:
-    #   maxwait:
-    #   waitport:
-    bridge: {}
-
-    #  optional bonding parameters bond: {}
-    #  bond:
-    #    mode:
-    #    miimon:
-    #    master:
-    #    slaves:
-    #    lacp-rate:
-    bond: {}
-
-    # optional vlan settings | vlan: {}
-    # vlan: {}
-    #   raw-device: 'eth0'
-    vlan: {}
-
-    # inline hook scripts
-    pre-up: []# pre-up script lines
-    up: [] # up script lines
-    post-up: [] # post-up script lines (alias for up)
-    pre-down: [] # pre-down script lines (alias for down)
-    down: [] # down script lines
-    post-down: [] # post-down script lines
-
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-#apt_manage_sources_list: false
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-create_sftp_group: true
-
-
-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-
-extra_system_user:
-  - name: www-data
-    home: /var/www
-    groups: sftp_users
-
-sudo_users:
-  - chris
-  - sysadm
-  - localadmin
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-server
-  repo: https://git.oopen.de/firewall/ipt-server
-  dest: /usr/local/src/ipt-server
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
-
--- a/host_vars/172.16.122.2.yml
+++ b/host_vars/172.16.122.2.yml
@ -1,309 +0,0 @@
---
-# ---
-# vars used by roles/network_interfaces
-# ---
-
-
-# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
-network_manage_devices: True
-
-# Should the interfaces be reloaded after config change?
-network_interface_reload: False
-
-network_interface_path: /etc/network/interfaces.d
-network_interface_required_packages:
-  - vlan
-  - bridge-utils
-  - ifmetric
-  - ifupdown
-  - ifenslave
-
-network_interfaces:
-
-  - device: eno1
-    headline: eno1 - Uplink DSL via Fritz!Box
-    auto: true
-    family: inet
-    method: static
-    address: 172.16.122.2
-    netmask: 24
-    gateway: 172.16.122.254
-
-
-  - device: eno2
-    headline: eno2 -  LAN 
-    auto: true
-    family: inet
-    method: static
-    address: 192.168.122.253
-    netmask: 24
-
-
-  - device: eno2:ns
-    headline: eno2:ns - Alias on eno5 (Nameserver)
-    auto: true
-    family: inet
-    method: static
-    address: 192.168.122.2
-    netmask: 32
-
-
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/cron.yml
-# ---
-
-cron_user_entries:
-
-  - name: "Check if Postfix Mailservice is up and running?"
-    minute: '*/15'
-    hour: '*'
-    job: /root/bin/monitoring/check_postfix.sh
-
-  - name: "Check if SSH service is up and running?"
-    minute: '*/15'
-    hour: '*'
-    job: /root/bin/monitoring/check_ssh.sh
-
-  - name: "Check if OpenVPN service is up and running?"
-    minute: '*/30'
-    hour: '*'
-    job: /root/bin/monitoring/check_vpn.sh
-
-  - name: "Check if nameservice (bind) is running?"
-    minute: '*/10'
-    hour: '*'
-    job: /root/bin/monitoring/check_dns.sh
-
-  - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
-    minute: '0-59/2'
-    hour: '*'
-    job: /root/bin/monitoring/check_forwarding.sh
-
-  - name: "Copy gateway configuration"
-    minute: '09'
-    hour: '3'
-    job: /root/bin/manage-gw-config/copy_gateway-config.sh ANW-KM
-
-
-#cron_user_special_time_entries: []
-cron_user_special_time_entries:
-
-  - name: "Check if Postfix Service is running at boot time"
-    special_time: reboot
-    job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
-    insertafter: PATH
-
-  - name: "Restart Systemd's resolved at boottime."
-    special_time: reboot
-    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
-    insertafter: PATH
-
-  - name: "Restart NTP service 'ntpsec'"
-    special_time: reboot
-    job: "sleep 15 ; /bin/systemctl restart ntpsec"
-    insertafter: PATH
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-sshd_hostkeyalgorithms:
-  - ssh-ed25519
-  - ssh-ed25519-cert-v01@openssh.com
-  - rsa-sha2-256
-  - rsa-sha2-512
-  - ecdsa-sha2-nistp256
-  - rsa-sha2-256-cert-v01@openssh.com
-  - rsa-sha2-512-cert-v01@openssh.com
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/systemd-resolved.yml
-# ---
-
-systemd_resolved: true
-
-# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
-#   Primäre DNS-Adresse: 38.132.106.139
-#   Sekundäre DNS-Adresse: 194.187.251.67
-#
-# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
-#   primäre DNS-Adresse
-#      IPv4: 1.1.1.1
-#      IPv6: 2606:4700:4700::1111
-#   sekundäre DNS-Adresse
-#      IPv4: 1.0.0.1
-#      IPv6: 2606:4700:4700::1001
-#
-# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
-#   primäre DNS-Adresse
-#      IPv4: 8.8.8.8
-#      IPv6: 2001:4860:4860::8888
-#   sekundäre DNS-Adresse
-#      IPv4: 8.8.4.4
-#      IPv6: 2001:4860:4860::8844
-#
-# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
-#   primäre DNS-Adresse
-#      IPv4: 9.9.9.9
-#      IPv6: 2620:fe::fe
-#   sekundäre DNS-Adresse
-#      IPv4: 149.112.112.112
-#      IPv6: 2620:fe::9
-#
-# OpenNIC - https://www.opennic.org/
-#      IPv4: 195.10.195.195 - ns31.de
-#      IPv4: 94.16.114.254  - ns28.de
-#      IPv4: 51.254.162.59  - ns9.de
-#      IPv4: 194.36.144.87  - ns29.de
-#      IPv6: 2a00:f826:8:2::195 - ns31.de
-#
-# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
-#    IPv4: 5.1.66.255
-#    IPv6: 2001:678:e68:f000::
-#    Servername für DNS-over-TLS: dot.ffmuc.net
-#    IPv4: 185.150.99.255
-#    IPv6: 2001:678:ed0:f000::
-#    Servername für DNS-over-TLS: dot.ffmuc.net
-#    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
-resolved_nameserver:
-  - 127.0.0.1
-
-# search domains
-#
-# If there are more than one search domains, then specify them here in the order in which
-# the resolver should also search them
-#
-#resolved_domains: []
-resolved_domains:
-  - ~.
-  - anw-km.netz
-
-resolved_dnssec: false
-
-# dns.as250.net: 194.150.168.168
-#
-resolved_fallback_nameserver:
-   - 194.150.168.168
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-insert_ssh_keypair_backup_server: false
-ssh_keypair_backup_server:
-  - name: backup
-    backup_user: back
-    priv_key_src: root/.ssh/id_rsa.backup.oopen.de
-    priv_key_dest: /root/.ssh/id_rsa
-    pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
-    pub_key_dest: /root/.ssh/id_rsa.pub
-
-insert_keypair_backup_client: true
-ssh_keypair_backup_client:
-  - name: backup
-    priv_key_src: root/.ssh/id_ed25519.oopen-server
-    priv_key_dest: /root/.ssh/id_ed25519
-    pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
-    pub_key_dest: /root/.ssh/id_ed25519.pub
-    target: backup.oopen.de
-
-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-install_bind_packages: true
-
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-gateway
-  repo: https://git.oopen.de/firewall/ipt-gateway
-  dest: /usr/local/src/ipt-gateway
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
-
--- a/host_vars/172.16.63.32.yml
+++ b/host_vars/172.16.63.32.yml
@ -1,115 +0,0 @@
---
-
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-copy_additional_plain_files_sysctl:
-
-  - name: enable-ipv6
-    src_path: etc/sysctl.d/30-enable-ipv6.conf
-    dest_path: /etc/sysctl.d/30-enable-ipv6.conf
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-install_bind_packages: true
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-gateway
-  repo: https://git.oopen.de/firewall/ipt-gateway
-  dest: /usr/local/src/ipt-gateway
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
-
--- a/host_vars/37.27.121.218.yml
+++ b/host_vars/37.27.121.218.yml
@ -1,523 +0,0 @@
---
-
-# ---
-# vars used by roles/network_interfaces
-# ---
-
-
-# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
-network_manage_devices: True
-
-# Should the interfaces be reloaded after config change?
-network_interface_reload: False
-
-network_interface_path: /etc/network/interfaces.d
-network_interface_required_packages:
-  - vlan
-  - bridge-utils
-  - ifmetric
-  - ifupdown
-  - ifenslave
-
-
-network_interfaces:
-
-  # Many device configurations are possible (as many as needed)
-  #
-  - device: enp6s0
-    # use only once per device (for the first device entry)
-    headline: enp6s0 - primary device
-
-    # auto & allow are only used for the first entry of that devicei-name)
-    #
-    allow: [] # array of allow-[stanzas] eg. allow-hotplug
-    auto: true
-
-    family: inet
-    
-    # The statisc Mode
-    #    Options
-    #       address        <dotted quad address[/netmask]>
-    #       gateway        <dotted quad address>
-    #       pointopoint    <Address of other end point (dotted quad). Note the spelling of "point-to">
-    #       hwaddress      <mac-address>
-    #       mtu            <size>
-    #       scope          <Address validity scope. Possible values: global, link, host>
-    #
-    # The manual Method
-    #    Options
-    #       hwaddress      <mac-address>
-    #       mtu            <size>
-    #
-    # The dhcp Method
-    #    Options
-    #       hwaddress      <mac-address>
-    #       hostname       <Hostname to be requested (pump, dhcpcd, udhcpc)>
-    #       metric         <metric>
-    #       leasehours     <Preferred lease time in hours (pump)>
-    #       leasetime      <Preferred lease time in seconds (dhcpcd)>
-    #       vendor         <Vendor class identifier (dhcpcd)>
-    #       client         <Client identifier (dhcpcd), or "no" (dhclient)>
-    #    
-    # The bootp Method  
-    #    Options
-    #       bootfile:      <file: Tell the server to use 'file' as the bootfile.>
-    #       server:        <address: Use the IP address 'address' to communicate with the server.>
-    #       hwaddr         <mac-address: Use addr as the hardware address instead of whatever it really is.>
-    #    
-    method: static
-    
-    hwaddress: 
-    description:
-    address: 37.27.129.85
-    # dotted quad or number of bits
-    #
-    # the entry will be: address/netmask
-    netmask: 26
-    gateway: 37.27.129.65
-    metric: 
-    pointopoint: 
-    mtu: 
-    scope: 
-
-    # additional user by dhcp method
-    #
-    hostname:
-    leasehours:
-    leasetime:
-    vendor:
-    client:
-
-    # additional used by bootp method
-    #
-    bootfile:
-    server:
-    hwaddr:
-
-    # optional dns settings nameservers: []
-    #
-    #    nameservers:
-    #      - 194.150.168.168  # dns.as250.net
-    #      - 91.239.100.100   # anycast.censurfridns.dk
-    #    search: warenform.de
-    #
-    #nameservers:
-    #  - 185.12.64.1
-    #  - a01:4ff:ff00::add:2
-    #search:
-
-    # optional additional subnets/ips subnets: []
-    # subnets: 
-    #   - '192.168.123.0/24'
-    #   - '192.168.124.11/32'
-
-    # optional bridge parameters bridge: {}
-    # bridge:
-    #   ports:
-    #   stp:
-    #   fd:
-    #   maxwait:
-    #   waitport:
-    bridge: {}
-
-    #  optional bonding parameters bond: {}
-    #  bond:
-    #    master
-    #    primary
-    #    slave
-    #    mode:
-    #    miimon:
-    #    lacp-rate:
-    #    ad-select-rate:
-    #    master:
-    #    slaves:
-    bond: {}
-
-    # optional vlan settings | vlan: {}
-    # vlan: {}
-    #   raw-device: 'eth0'
-    vlan: {}
-
-    # inline hook scripts
-    #
-    # example:
-    #
-    # up:
-    #   - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp6s0"
-    #
-    pre-up: [] # pre-up script lines
-    up:
-      - !!str "route add -net 37.27.129.64 netmask 255.255.255.192 gw 37.27.129.65 dev enp6s0"
-    post-up: [] # post-up script lines (alias for up)
-    pre-down: [] # pre-down script lines (alias for down)
-    down: [] # down script lines
-    post-down: [] # post-down script lines
-
-  - device: enp6s0
-    # use only once per device (for the first device entry)
-    headline:
-
-    # auto & allow are only used for the first device entry
-    allow: [] # array of allow-[stanzas] eg. allow-hotplug
-    auto: 
-
-    family: inet6
-    method: static
-    address: 2a01:4f9:3071:1141::2
-    netmask: 64
-    gateway: fe80::1
-    metric:
-    pointopoint:
-    mtu:
-    scope:
-
-    # additional user by dhcp method
-    #
-    hostname:
-    leasehours:
-    leasetime:
-    vendor:
-    client:
-
-    # additional used by bootp method
-    #
-    bootfile:
-    server:
-    hwaddr:
-
-    # optional dns settings nameservers: []
-    #
-    #    nameservers:
-    #      - 194.150.168.168  # dns.as250.net
-    #      - 91.239.100.100   # anycast.censurfridns.dk
-    #    search: warenform.de
-    #
-    nameservers:
-    search:
-
-    # optional additional subnets/ips subnets: []
-    # subnets: 
-    #   - '192.168.123.0/24'
-    #   - '192.168.124.11/32'
-
-    # optional bridge parameters bridge: {}
-    # bridge:
-    #   ports:
-    #   stp:
-    #   fd:
-    #   maxwait:
-    #   waitport:
-    bridge: {}
-
-    #  optional bonding parameters bond: {}
-    #  bond:
-    #    mode:
-    #    miimon:
-    #    master:
-    #    slaves:
-    #    lacp-rate:
-    bond: {}
-
-    # optional vlan settings | vlan: {}
-    # vlan: {}
-    #   raw-device: 'eth0'
-    vlan: {}
-
-    # inline hook scripts
-    pre-up: []# pre-up script lines
-    up: [] # up script lines
-    post-up: [] # post-up script lines (alias for up)
-    pre-down: [] # pre-down script lines (alias for down)
-    down: [] # down script lines
-    post-down: [] # post-down script lines
-
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-#apt_manage_sources_list: false
-
-
-# ---
-# vars used by roles/common/tasks/systemd-resolved.yml
-# ---
-
-systemd_resolved: true
-
-# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
-#   Primäre DNS-Adresse: 38.132.106.139
-#   Sekundäre DNS-Adresse: 194.187.251.67
-#
-# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
-#   primäre DNS-Adresse
-#      IPv4: 1.1.1.1
-#      IPv6: 2606:4700:4700::1111
-#   sekundäre DNS-Adresse
-#      IPv4: 1.0.0.1
-#      IPv6: 2606:4700:4700::1001
-#
-# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
-#   primäre DNS-Adresse
-#      IPv4: 8.8.8.8
-#      IPv6: 2001:4860:4860::8888
-#   sekundäre DNS-Adresse
-#      IPv4: 8.8.4.4
-#      IPv6: 2001:4860:4860::8844
-#
-# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
-#   primäre DNS-Adresse
-#      IPv4: 9.9.9.9
-#      IPv6: 2620:fe::fe
-#   sekundäre DNS-Adresse
-#      IPv4: 149.112.112.112
-#      IPv6: 2620:fe::9
-#
-# OpenNIC - https://www.opennic.org/
-#      IPv4: 195.10.195.195 - ns31.de
-#      IPv4: 94.16.114.254  - ns28.de
-#      IPv4: 51.254.162.59  - ns9.de
-#      IPv4: 194.36.144.87  - ns29.de
-#      IPv6: 2a00:f826:8:2::195 - ns31.de
-#
-# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
-#    IPv4: 5.1.66.255
-#    IPv6: 2001:678:e68:f000::
-#    Servername für DNS-over-TLS: dot.ffmuc.net
-#    IPv4: 185.150.99.255
-#    IPv6: 2001:678:ed0:f000::
-#    Servername für DNS-over-TLS: dot.ffmuc.net
-#    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
-resolved_nameserver:
-  - 185.12.64.1
-  - 2a01:4ff:ff00::add:2
-  - 185.12.64.2
-  - 2a01:4ff:ff00::add:1
-
-# search domains
-#
-# If there are more than one search domains, then specify them here in the order in which
-# the resolver should also search them
-#
-#resolved_domains: []
-resolved_domains:
-  - ~.
-  - oopen.de
-
-resolved_dnssec: false
-
-# dns.as250.net: 194.150.168.168
-#
-resolved_fallback_nameserver:
-   - 194.150.168.168
-
-
-# ---
-# vars used by roles/common/tasks/cron.yml
-# ---
-
-cron_env_entries:
-  - name: PATH
-    job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-  - name: SHELL
-    job: /bin/bash
-    insertafter: PATH
-
-
-cron_user_special_time_entries:
-
-  - name: "Restart DNS Cache service 'systemd-resolved'"
-    special_time: reboot
-    job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
-    insertafter: PATH
-
-  - name: "Check if postfix mailservice is running. Restart service if needed."
-    special_time: reboot
-    job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
-    insertafter: PATH
-
-
-cron_user_entries:
-
-  - name: "Remote Borg Backup"
-    minute: '04'
-    hour: '00'
-    job: /root/crontab/backup-rborg/rborg.sh
-
-  - name: "Check if SSH service is running. Restart service if needed."
-    minute: '*/5'
-    hour: '*'
-    job: /root/bin/monitoring/check_ssh.sh
-
-  - name: "Check connectifity - reboot if needed"
-    minute: '*/10'
-    hour: '*'
-    job: /root/bin/admin-stuff/check-connectivity.sh
-
-  - name: "Check if Postfix Mailservice is up and running?"
-    minute: '*/15'
-    hour: '*'
-    job: /root/bin/monitoring/check_postfix.sh
-
-  - name: "Check if NTP service 'ntpsec' is up and running?"
-    minute: '*/30'
-    hour: '*'
-    job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1
-
-#  - name: "Backup internet hosts and then print out hdd-usage for all backuped hosts"
-#    minute: '16'
-#    hour: '00'
-#    weekday: '1-6'
-#    job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N
-#
-#  - name: "On sunday morning also determin diskspace usage"
-#    minute: '16'
-#    hour: '00'
-#    weekday: 7
-#    job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N ; /root/bin/admin-stuff/disk-space_usage.sh -q -o /root/disk-space_usage /backup
-#
-#  - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
-#    minute: '23'
-#    hour: '05'
-#    job: /var/lib/dehydrated/cron/dehydrated_cron.sh
-#
-#  - name: "Check whether all certificates are included in the VHOST configurations"
-#    minute: '33'
-#    hour: '05'
-#    job: /var/lib/dehydrated/tools/update_ssl_directives.sh
-
-  - name: "Check hard disc usage."
-    minute: '43'
-    hour: '6'
-    job: /root/bin/admin-stuff/check-disc-usage.sh -c 85
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-create_sftp_group: true
-
-
-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-
-extra_system_user:
-  - name: www-data
-    home: /var/www
-    groups: sftp_users
-
-sudo_users:
-  - chris
-  - sysadm
-  - localadmin
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-server
-  repo: https://git.oopen.de/firewall/ipt-server
-  dest: /usr/local/src/ipt-server
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
-
--- a/host_vars/backup.oopen.de.yml
+++ b/host_vars/backup.oopen.de.yml
@ -22,16 +22,21 @@ root_ssh_keypair:
    priv_key_dest: /root/.ssh/id_ed25519-borg-backup
    pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-borg-backup.pub
    pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub
-  - name: id_rsa
-    priv_key_src: backup.oopen.de/root/.ssh/id_rsa
-    priv_key_dest: /root/.ssh/id_rsa
-    pub_key_src: backup.oopen.de/root/.ssh/id_rsa.pub
-    pub_key_dest: /root/.ssh/id_rsa.pub
+  - name: id_ed25519-backup
+    priv_key_src: backup.oopen.de/root/.ssh/id_ed25519-backup
+    priv_key_dest: /root/.ssh/id_ed25519-backup
+    pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-backup.pub
+    pub_key_dest: /root/.ssh/id_ed25519-backup.pub
  - name: id_ed25519-gitea
    priv_key_src: backup.oopen.de/root/.ssh/id_ed25519-gitea
-    priv_key_dest: /root/.ssh/id_rsa
+    priv_key_dest: /root/.ssh/id_ed25519-gitea
    pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-gitea.pub
-    pub_key_dest: /root/.ssh/id_rsa.pub
+    pub_key_dest: /root/.ssh/id_ed25519-gitea.pub
+#  - name: id_rsa
+#    priv_key_src: backup.oopen.de/root/.ssh/id_rsa
+#    priv_key_dest: /root/.ssh/id_rsa
+#    pub_key_src: backup.oopen.de/root/.ssh/id_rsa.pub
+#    pub_key_dest: /root/.ssh/id_rsa.pub


 # ---
@ -236,11 +241,9 @@ default_user:
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/eGKbdxPYu7L/b/DjZrWek50e0AnkHFZS+zV12o5jy root@borg-client-key-warenform'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'

  - name: borg
    user_id: 1065
--- a/host_vars/backup.warenform.de.yml
+++ b/host_vars/backup.warenform.de.yml
@ -36,11 +36,17 @@ root_ssh_keypair:
    pub_key_src: backup.warenform.de/root/.ssh/id_ed25519-borg-backup.pub
    pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub

-  - name: id_rsa
-    priv_key_src: backup.warenform.de/root/.ssh/id_rsa
-    priv_key_dest: /root/.ssh/id_rsa
-    pub_key_src: backup.warenform.de/root/.ssh/id_rsa.pub
-    pub_key_dest: /root/.ssh/id_rsa.pub
+  - name: id_ed25519-backup
+    priv_key_src: backup.warenform.de/root/.ssh/id_ed25519-backup
+    priv_key_dest: /root/.ssh/id_ed25519-backup
+    pub_key_src: backup.warenform.de/root/.ssh/id_ed25519-backup.pub
+    pub_key_dest: /root/.ssh/id_ed25519-backup.pub
+
+#  - name: id_rsa
+#    priv_key_src: backup.warenform.de/root/.ssh/id_rsa
+#    priv_key_dest: /root/.ssh/id_rsa
+#    pub_key_src: backup.warenform.de/root/.ssh/id_rsa.pub
+#    pub_key_dest: /root/.ssh/id_rsa.pub


 # ---
@ -237,11 +243,9 @@ default_user:
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/eGKbdxPYu7L/b/DjZrWek50e0AnkHFZS+zV12o5jy root@borg-client-key-warenform'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'

  - name: borg
    user_id: 1065
--- a/host_vars/bbb-server.b3-bornim.netz.yml
+++ b/host_vars/bbb-server.b3-bornim.netz.yml
@ -161,54 +161,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-

 sudo_users:
  - chris
--- a/host_vars/file-ah.kanzlei-kiel.netz.yml
+++ b/host_vars/file-ah.kanzlei-kiel.netz.yml
@ -185,59 +185,6 @@ resolved_fallback_nameserver:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$1X6iXiYz2fIQcfKWSSzno1$9Uos8SGn/8V3oHWwiR6kaRPfUuIrxKP8kRNUZ1.da3/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - localadmin
-  - sysadm
-
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
--- a/host_vars/file-blkr-alt.blkr.netz.yml
+++ b/host_vars/file-blkr-alt.blkr.netz.yml
@ -182,59 +182,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - localadmin
-  - sysadm
-
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
--- a/host_vars/file-blkr.blkr.netz.yml
+++ b/host_vars/file-blkr.blkr.netz.yml
@ -182,59 +182,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - localadmin
-  - sysadm
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/file-dissens.dissens.netz.yml
+++ b/host_vars/file-dissens.dissens.netz.yml
@ -0,0 +1,396 @@
+---
+
+# ---
+# vars used by roles/network_interfaces
+# ---
+
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: True
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: False
+
+network_interface_path: /etc/network/interfaces.d
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown
+  - ifenslave
+
+
+network_interfaces:
+
+  - device: eno1np0
+    # use only once per device (for the first device entry)
+    headline: eno1 - LAN
+
+    # auto & allow are only used for the first device entry
+    allow: [] # array of allow-[stanzas] eg. allow-hotplug
+    auto: true
+
+    family: inet
+    method: static
+    description:
+    address: 192.168.132.10
+    netmask: 24
+    gateway: 192.168.132.254
+
+    # optional dns settings nameservers: []
+    #
+    #    nameservers:
+    #      - 194.150.168.168  # dns.as250.net
+    #      - 91.239.100.100   # anycast.censurfridns.dk
+    #    search: warenform.de
+    #
+    #nameservers:
+    #  - 192.168.132.1
+    #search: blkr.netz
+
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/systemd-resolved.yml
+# ---
+
+systemd_resolved: true
+
+# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
+#   Primäre DNS-Adresse: 38.132.106.139
+#   Sekundäre DNS-Adresse: 194.187.251.67
+#
+# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
+#   primäre DNS-Adresse
+#      IPv4: 1.1.1.1
+#      IPv6: 2606:4700:4700::1111
+#   sekundäre DNS-Adresse
+#      IPv4: 1.0.0.1
+#      IPv6: 2606:4700:4700::1001
+#
+# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
+#   primäre DNS-Adresse
+#      IPv4: 8.8.8.8
+#      IPv6: 2001:4860:4860::8888
+#   sekundäre DNS-Adresse
+#      IPv4: 8.8.4.4
+#      IPv6: 2001:4860:4860::8844
+#
+# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
+#   primäre DNS-Adresse
+#      IPv4: 9.9.9.9
+#      IPv6: 2620:fe::fe
+#   sekundäre DNS-Adresse
+#      IPv4: 149.112.112.112
+#      IPv6: 2620:fe::9
+#
+# OpenNIC - https://www.opennic.org/
+#      IPv4: 195.10.195.195 - ns31.de
+#      IPv4: 94.16.114.254  - ns28.de
+#      IPv4: 51.254.132.59  - ns9.de
+#      IPv4: 194.36.144.87  - ns29.de
+#      IPv6: 2a00:f826:8:2::195 - ns31.de
+#
+# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
+#    IPv4: 5.1.66.255
+#    IPv6: 2001:678:e68:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    IPv4: 185.150.99.255
+#    IPv6: 2001:678:ed0:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
+resolved_nameserver:
+  - 192.168.132.1
+
+# search domains
+#
+# If there are more than one search domains, then specify them here in the order in which
+# the resolver should also search them
+#
+#resolved_domains: []
+resolved_domains:
+  - ~.
+  - dissens.netz
+
+resolved_dnssec: false
+
+# dns.as250.net: 194.150.168.168
+#
+resolved_fallback_nameserver:
+   - 194.150.168.168
+
+
+# ---
+# vars used by roles/common/tasks/cron.yml
+# ---
+
+cron_user_special_time_entries:
+
+  - name: "Restart DNS Cache service 'systemd-resolved'"
+    special_time: reboot
+    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
+    insertafter: PATH
+
+  - name: "Restart NTP Service ntpsec"
+    special_time: reboot
+    job: "sleep 15 ; /bin/systemctl restart intpsec > /dev/null 2>&1"
+    insertafter: PATH
+
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_aliases:
+   - name: MAIN_USER
+     entry: 'malte.taeubrich, ulla.wittenzellner, sarah.klemm, bernard.koennecke, elenor.faellgrem,mario.freidank '
+
+sudoers_file_cmnd_aliases:
+   - name: REBOOT 
+     entry: '/sbin/reboot'
+   - name: MANAGE_SERVICE
+     entry: '/usr/bin/systemctl'
+
+
+sudoers_file_user_privileges:
+  - name: MAIN_USER
+    entry: ALL = REBOOT
+  - name: MAIN_USER
+    entry: ALL = MANAGE_SERVICE
+
+#  - name: julius
+#    entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
+#  - name: josephine
+#    entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
+#  - name: sebastian
+#    entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
+#  - name: julius-e
+#    entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/nfs.yml
+# ---
+
+nfs_server: 192.168.132.10
+
+# Set 'fs_encrypted' to true if filesystem lives on an encrypted
+# partition.
+#
+# NOTE !!
+#    Take car to increase 'fsid' in case of more than one export
+#
+nfs_exports:
+   - src: 192.168.132.10:/data/samba/shares
+     path: /data/samba/shares
+     mount_opts: users,rsize=8192,wsize=8192,hard,intr
+     export_opt: rw,root_squash,sync,subtree_check
+     export_networks:
+       - 192.168.132.0/24
+       - 10.0.192.0/24
+       - 10.1.192.0/24
+       - 192.168.63.0/24
+     use_fsid_option: true
+
+
+# ---
+# vars used by roles/common/tasks/samba-config-server.yml
+# vars used by roles/common/tasks/samba-user.yml
+# ---
+
+samba_server_ip: 192.168.132.10
+samba_server_cidr_prefix: 24
+
+samba_workgroup: DISSENS
+
+samba_netbios_name: FILE-DISSENS
+
+samba_server_min_protocol: !!str NT1
+
+samba_groups:
+  - name: team
+    group_id: 1100
+  - name: projekte
+    group_id: 1110
+  - name: verwaltung
+    group_id: 1120
+  - name: gf
+    group_id: 1120
+
+samba_user:
+  - name: bernard.koennecke
+    groups:
+      - gf
+      - projekte
+      - team
+      - verwaltung
+    password: '20.ber-n4rd.ko3n-3cke-24!'
+
+  - name: chris
+    groups:
+      - gf
+      - projekte
+      - team
+      - verwaltung
+    password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63643330373231636537366333326630333265303265653933613835656262323863363038653234
+          3462653135633266373439626263356636646637643035340a653466356235346663626163306363
+          61313164643061306433643738643563303036646334376536626531383965303036386162393832
+          6631333038306462610a356535633265633563633962333137326533633834636331343562633765
+          3631
+
+  - name: david.gelhaar
+    groups:
+      - projekte
+      - team
+      - verwaltung
+    password: '20-da-v1d.g3lh44r_24%'
+
+  - name: elenor.faellgrem
+    groups:
+      - projekte
+      - team
+    password: '20/313n0r-g3l.h4r/24?'
+  - name: johanna.hess
+    groups:
+      - buero
+      - verwaltung
+    password: '20_j0.h4nn4_h3ss-24+'
+
+  - name: leonie
+    groups:
+      - buero
+      - verwaltung
+    password: '6.4aVX7rQ-9H'
+  - name: philip
+    groups:
+      - buero
+      - verwaltung
+    password: 'fN%749Psv_NR'
+  - name: buero1
+    groups:
+      - buero
+    password: 'Mfr!7tK+d49C'
+  - name: buero2
+    groups:
+      - buero
+    password: 'gW-wg3Pttf4/'
+  - name: buero3
+    groups:
+      - buero
+    password: 'Qc-WyMhJ/3-2'
+  - name: referendariat
+    groups:
+      - buero
+    password: '4/zCNXnVF7+i'
+  - name: ref1
+    groups:
+      - buero
+    password: '???'
+  - name: sebastian
+    groups:
+      - buero
+      - verwaltung
+    password: 'bhNC.P5eTy-2'
+  - name: buero-05
+    groups:
+      - buero
+    password: '5/SXbV-M3vmQ'
+  - name: buero-06
+    groups:
+      - buero
+    password: 'N-ba2R+i/2eM'
+
+base_home: /data/home
+
+# remove_samba_users:
+#   - name: name1
+#   - name: name2
+#
+remove_samba_users: []
+
+samba_shares:
+
+  - name: buero
+    comment: Buero auf Fileserver
+    path: /data/samba/shares/buero
+    group_valid_users: buero
+    group_write_list: buero
+    file_create_mask: !!str 664
+    dir_create_mask: !!str 2775
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: Verwaltung
+    comment: verwaltung auf Fileserver
+    path: /data/samba/shares/verwaltung
+    group_valid_users: verwaltung
+    group_write_list: verwaltung
+    file_create_mask: !!str 664
+    dir_create_mask: !!str 2775
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/file-ebs.ebs.netz.yml
+++ b/host_vars/file-ebs.ebs.netz.yml
@ -191,59 +191,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$WWsYp2DSIw4jNx5/IaKzY1$VjvTQYvSaQtJDiiNYxOUDEx9QdIPTZ1YWXSSaS1whH/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-  - localadmin
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/file-fhxb.fhxb.netz.yml
+++ b/host_vars/file-fhxb.fhxb.netz.yml
@ -161,39 +161,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/file-kb.anw-kb.netz.yml
+++ b/host_vars/file-kb.anw-kb.netz.yml
@ -117,39 +117,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/file-km.anw-km.netz.yml
+++ b/host_vars/file-km.anw-km.netz.yml
@ -181,59 +181,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$ypzdcD.iMXQGS4W1nCJvn1$pzQKmc6Y6rej4ZRBRGzAyHIyWHFhsUkTK2WYEi/a9s1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - localadmin
-  - sysadm
-
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
--- a/host_vars/ga-al-gw.oopen.de.yml
+++ b/host_vars/ga-al-gw.oopen.de.yml
@ -353,60 +353,6 @@ ssh_keypair_backup_client:
    pub_key_dest: /root/.ssh/id_ed25519.pub
    target: backup.oopen.de

-default_user:
-
-  - name: chris
-    password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: maadmin
-    password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
-
-  - name: wadmin
-    password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-  - maadmin
-  - wadmin
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/gw-ah.oopen.de.yml
+++ b/host_vars/gw-ah.oopen.de.yml
@ -140,59 +140,6 @@ ssh_keypair_backup_client:
    pub_key_dest: /root/.ssh/id_ed25519.pub
    target: backup.oopen.de

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$1X6iXiYz2fIQcfKWSSzno1$9Uos8SGn/8V3oHWwiR6kaRPfUuIrxKP8kRNUZ1.da3/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - localadmin
-  - sysadm
-
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
--- a/host_vars/gw-akb.oopen.de.yml
+++ b/host_vars/gw-akb.oopen.de.yml
@ -128,60 +128,6 @@ cron_user_special_time_entries:
 # ---


-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$K/AHoqM8bynaxxgb6l3a41$my3J.c2hXYxkHgQviZZww5OP6ZgaaPsNscKPRSRT5E5
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$d5p0SWRwuW2CDvpMdtFcQ0$fKsGolV/38OZzTDRq00wjrbw3MfnJkUAWMreb3xNgT2
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$K/AHoqM8bynaxxgb6l3a41$my3J.c2hXYxkHgQviZZww5OP6ZgaaPsNscKPRSRT5E5
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$QczbPLpIHiEZFf7FChcTC0$9SoBJzI8k/j5gjRdfK/x3vc/h73sNRGyAmr0KninMn0
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-  - localadmin
-
-
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
--- a/host_vars/gw-blkr.oopen.de.yml
+++ b/host_vars/gw-blkr.oopen.de.yml
@ -249,59 +249,6 @@ ssh_keypair_backup_client:
    pub_key_dest: /root/.ssh/id_ed25519.pub
    target: backup.oopen.de

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - localadmin
-  - sysadm
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/gw-ckubu.local.netz.yml
+++ b/host_vars/gw-ckubu.local.netz.yml
@ -118,39 +118,6 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
-
-  - name: chris
-    password: $y$j9T$KUDlIDddLeymNRsoS7Z51/$eelMaGW/JhVsCjl6nducJmjxrHpuyLStWuOGrohKZZD
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$1SUeBB9jQKPnG9JPt30O5/$aiZOeMJbJqE.cEKkFdSBxeuhma8n1thBVn00SClT3C/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$n17mARf7i72xHDBW0lfT40$2WQMFPops.4.T3H7mk7Kzh3sRt3YfJtlhtn0Vl.uU37
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-sudo_users:
-  - chris
-  - sysadm
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/gw-dissens.oopen.de.yml
+++ b/host_vars/gw-dissens.oopen.de.yml
@ -186,40 +186,6 @@ ssh_keypair_backup_client:
    pub_key_dest: /root/.ssh/id_ed25519.pub
    target: backup.oopen.de

-default_user:
-
-  - name: chris
-    password: $y$j9T$JLezdt23fYO1OVfqTGPLG.$0WZW1GBGvIs7aITanCemuvZ9CbHwCFg1uxMynQiO7Y/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$daq5sPNG0I8/BEqIRc8tq0$gLVISkrP7ziAnQUbBD6ZROpU2ud0/Y1Vmkqkq/yPH09
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$Sc6W8dHBquFeXxNvdaB9r1$S.yGBl7KHTvmlSNncI6cJ.2dHHg8LCoy.JSfJaZneH7
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/gw-ebs.oopen.de.yml
+++ b/host_vars/gw-ebs.oopen.de.yml
@ -186,59 +186,6 @@ ssh_keypair_backup_client:
    pub_key_dest: /root/.ssh/id_ed25519.pub
    target: backup.oopen.de

-default_user:
-
-  - name: chris
-    password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$WWsYp2DSIw4jNx5/IaKzY1$VjvTQYvSaQtJDiiNYxOUDEx9QdIPTZ1YWXSSaS1whH/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: borg
-    user_id: 1065
-    group_id: 1065
-    group: borg
-    password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-  - localadmin
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/gw-kb.oopen.de.yml
+++ b/host_vars/gw-kb.oopen.de.yml
@ -230,38 +230,6 @@ ssh_keypair_backup_client:
    pub_key_dest: /root/.ssh/id_ed25519.pub
    target: backup.oopen.de

-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-
-sudo_users:
-  - chris
-  - sysadm
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
--- a/host_vars/o13-alt.oopen.de.yml
+++ b/host_vars/o13-alt.oopen.de.yml
@ -1,187 +0,0 @@
---
-
-# ---
-# vars used by roles/network_interfaces
-# ---
-
-# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
-network_manage_devices: True
-
-# Should the interfaces be reloaded after config change?
-network_interface_reload: False
-
-network_interface_path: /etc/network/interfaces.d
-network_interface_required_packages:
-  - vlan
-  - bridge-utils
-  - ifmetric
-  - ifupdown
-  - ifenslave
-
-
-network_interfaces:
-
-  - device: br0
-    # use only once per device (for the first device entry)
-    headline: br0 - bridge over device ens3
-
-    # auto & allow are only used for the first device entry
-    allow: [] # array of allow-[stanzas] eg. allow-hotplug
-    auto: true
-
-    family: inet
-    method: manual
-    hwaddress: 52:54:00:62:fb:9c
-    description:
-    address:
-    netmask:
-    gateway:
-    metric:
-    pointopoint:
-    mtu:
-    scope:
-
-    # additional user by dhcp method
-    #
-    hostname:
-    leasehours:
-    leasetime:
-    vendor:
-    client:
-
-    # additional used by bootp method
-    #
-    bootfile:
-    server:
-    hwaddr:
-
-    # optional dns settings nameservers: []
-    #
-    #    nameservers:
-    #      - 194.150.168.168  # dns.as250.net
-    #      - 91.239.100.100   # anycast.censurfridns.dk
-    #    search: warenform.de
-    #
-    #nameservers:
-    #  - 195.201.179.131
-    #  - 95.217.204.204
-    #search:
-
-    # optional additional subnets/ips subnets: []
-    # subnets: 
-    #   - '192.168.123.0/24'
-    #   - '192.168.124.11/32'
-
-    # optional bridge parameters bridge: {}
-    # bridge:
-    #   ports:
-    #   stp:
-    #   fd:
-    #   maxwait:
-    #   waitport:
-    bridge:
-      ports: ens3 # for mor devices support a blank separated list
-      stp: !!str off
-      fd: 1
-      hello: 2
-      maxage: 12
-
-    #  optional bonding parameters bond: {}
-    #  bond:
-    #    master
-    #    primary
-    #    slave
-    #    method:
-    #    miimon:
-    #    lacp-rate:
-    #    ad-select-rate:
-    #    master:
-    #    slaves:
-    bond: {}
-
-    # optional vlan settings | vlan: {}
-    # vlan: {}
-    #   raw-device: 'eth0'
-    vlan: {}
-
-    # inline hook scripts
-    pre-up: [] # pre-up script lines
-    up: 
-      - !!str "ip addr add 83.223.86.200/24 dev br0"
-      - !!str "ip route add default via 83.223.86.1"
-    post-up: [] # post-up script lines (alias for up)
-    pre-down: [] # pre-down script lines (alias for down)
-    down: [] # down script lines
-    post-down: [] # post-down script lines
-  
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-server
-  repo: https://git.oopen.de/firewall/ipt-server
-  dest: /usr/local/src/ipt-server
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/o13-board.oopen.de.yml
+++ b/host_vars/o13-board.oopen.de.yml
@ -1,73 +0,0 @@
---
-  
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-server
-  repo: https://git.oopen.de/firewall/ipt-server
-  dest: /usr/local/src/ipt-server
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/o13-cryptpad.oopen.de.yml
+++ b/host_vars/o13-cryptpad.oopen.de.yml
@ -100,67 +100,30 @@ resolved_fallback_nameserver:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
+extra_user:

-  - name: chris
-    password: $y$j9T$KUDlIDddLeymNRsoS7Z51/$eelMaGW/JhVsCjl6nducJmjxrHpuyLStWuOGrohKZZD
+  - name: marsupilami
+    password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
    shell: /bin/bash
+    group: marsupilami
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $y$j9T$1SUeBB9jQKPnG9JPt30O5/$aiZOeMJbJqE.cEKkFdSBxeuhma8n1thBVn00SClT3C/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $y$j9T$/TGIkTdH5zV4wTPsrZNko0$nGIMPM7WhOaeg4qUrwqiJ4Fvmn7He0bmYdZlXQ4ow80
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $y$j9T$n17mARf7i72xHDBW0lfT40$2WQMFPops.4.T3H7mk7Kzh3sRt3YfJtlhtn0Vl.uU37
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: cryptpad
-    user_id: 2010
-    group_id: 2010
-    group: cryptpad
-    home: /var/www/cryptpad
-    password: $y$j9T$TUSURhYNq5B1eWlxis.xy.$YfCpyp24dmaZwiIEMaJvX7u3P.MEdAyz8YXMusM4lu7
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'

  - name: c3po
    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
    shell: /bin/bash
+    group: c3po
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'

 sudo_users:
  - chris
+  - c3po
+  - marsupilami
  - sysadm
  - localadmin
-  - c3po


 # ---
--- a/host_vars/o13-mumble.oopen.de.yml
+++ b/host_vars/o13-mumble.oopen.de.yml
@ -100,53 +100,28 @@ resolved_fallback_nameserver:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
+extra_user:

-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+  - name: marsupilami
+    password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
    shell: /bin/bash
+    group: marsupilami
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'

  - name: c3po
    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
    shell: /bin/bash
+    group: c3po
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'

-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
 sudo_users:
  - chris
+  - c3po
+  - marsupilami
  - sysadm
  - localadmin

--- a/host_vars/o13-pad.oopen.de.yml
+++ b/host_vars/o13-pad.oopen.de.yml
@ -100,64 +100,28 @@ resolved_fallback_nameserver:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
+extra_user:

-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+  - name: marsupilami
+    password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
    shell: /bin/bash
+    group: marsupilami
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'

  - name: c3po
    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
    shell: /bin/bash
+    group: c3po
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'

-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: cryptpad
-    user_id: 2010
-    group_id: 2010
-    group: cryptpad
-    home: /var/www/cryptpad
-    password: $y$j9T$TUSURhYNq5B1eWlxis.xy.$YfCpyp24dmaZwiIEMaJvX7u3P.MEdAyz8YXMusM4lu7
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
 sudo_users:
  - chris
+  - c3po
+  - marsupilami
  - sysadm
  - localadmin

--- a/host_vars/o13-schleuder.oopen.de.yml
+++ b/host_vars/o13-schleuder.oopen.de.yml
@ -1,120 +0,0 @@
---
-  
-# ---
-# vars used by roles/ansible_dependencies
-# ---
-
-
-# ---
-# vars used by roles/ansible_user
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/basic.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/apt.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/users.yml
-# ---
-
-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: c3po
-    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-
-# ---
-# vars used by roles/common/tasks/users-systemfiles.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/webadmin-user.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/sudoers.yml
-# ---
-#
-# see: roles/common/tasks/vars
-
-
-# ---
-# vars used by roles/common/tasks/caching-nameserver.yml
-# ---
-
-
-# ---
-# vars used by roles/common/tasks/git.yml
-# ---
-
-git_firewall_repository:
-  name: ipt-server
-  repo: https://git.oopen.de/firewall/ipt-server
-  dest: /usr/local/src/ipt-server
-
-# ==============================
-
-
-# ---
-# vars used by scripts/reset_root_passwd.yml
-# ---
-
-root_user:
-  name: root
-  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/o13-staging-board.oopen.de.yml
+++ b/host_vars/o13-staging-board.oopen.de.yml
@ -106,40 +106,30 @@ resolved_fallback_nameserver:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
+extra_user:

-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+  - name: marsupilami
+    password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
    shell: /bin/bash
+    group: marsupilami
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'

-  - name: sysadm
-
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+  - name: c3po
+    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
    shell: /bin/bash
+    group: c3po
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'

 sudo_users:
  - chris
+  - c3po
+  - marsupilami
  - sysadm
+  - localadmin


 # ---
--- a/host_vars/o13-web.oopen.de.yml
+++ b/host_vars/o13-web.oopen.de.yml
@ -100,54 +100,28 @@ resolved_fallback_nameserver:
 # vars used by roles/common/tasks/users.yml
 # ---

-default_user:
+extra_user:

-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+  - name: marsupilami
+    password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
    shell: /bin/bash
+    group: marsupilami
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'

  - name: c3po
    password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
    shell: /bin/bash
+    group: c3po
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'

-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    group: sysadm
-    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    group: back
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
 sudo_users:
  - chris
  - c3po
+  - marsupilami
  - sysadm
  - localadmin

--- a/host_vars/o26.oopen.de.yml
+++ b/host_vars/o26.oopen.de.yml
@ -255,9 +255,14 @@ root_ssh_keypair:
    pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub
  - name: id_ed25519-gitea
    priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-gitea
-    priv_key_dest: /root/.ssh/id_rsa
+    priv_key_dest: /root/.ssh/id_ed25519-gitea
    pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-gitea.pub
-    pub_key_dest: /root/.ssh/id_rsa.pub
+    pub_key_dest: /root/.ssh/id_ed25519-gitea.pub
+  - name: id_ed25519-backup
+    priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup
+    priv_key_dest: /root/.ssh/id_ed25519-backup
+    pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup.pub
+    pub_key_dest: /root/.ssh/id_ed25519-backup


 # ---
@ -474,10 +479,9 @@ default_user:
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvy+IDUeoVwLg+cJNcKzls5guOrVUretsf05v3Y2N+Y root@default-oopen-server'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcEPd+MDJKzWqWStt3XpJU1OpJ0uxmipacIGkm6k3MS root@default-warenform-server'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/eGKbdxPYu7L/b/DjZrWek50e0AnkHFZS+zV12o5jy root@borg-client-key-warenform'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'

  - name: borg
    user_id: 1065
--- a/host_vars/server28.warenform.de.yml
+++ b/host_vars/server28.warenform.de.yml
@ -309,78 +309,6 @@ cron_user_entries:
 # vars used by roles/common/tasks/users.yml
 # ---

-insert_ssh_keypair_backup_server: false
-ssh_keypair_backup_server:
-  - name: backup
-    backup_user: back
-    priv_key_src: root/.ssh/id_rsa.backup.warenform.de
-    priv_key_dest: /root/.ssh/id_rsa
-    pub_key_src: root/.ssh/id_rsa.backup.warenform.de.pub
-    pub_key_dest: /root/.ssh/id_rsa.pub
-
-insert_keypair_backup_client: true
-ssh_keypair_backup_client:
-  - name: backup
-    priv_key_src: root/.ssh/id_ed25519.warenform-server
-    priv_key_dest: /root/.ssh/id_ed25519
-    pub_key_src: root/.ssh/id_ed25519.warenform-server.pub
-    pub_key_dest: /root/.ssh/id_ed25519.pub
-    target: backup.warenform.de
-
-
-default_user:
-
-  - name: chris
-    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-  - name: axel
-    password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz'
-
-  - name: sysadm
-    user_id: 1050
-    group_id: 1050
-    password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz'
-
-  - name: localadmin
-    user_id: 1051
-    group_id: 1051
-    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
-      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
-
-  - name: back
-    user_id: 1060
-    group_id: 1060
-    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
-    shell: /bin/bash
-    ssh_keys:
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
-      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
-
-sudo_users:
-  - chris
-  - axel
-  - sysadm
-  - localadmin
-

 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml