diff --git a/host_vars/cl-01.oopen.de.yml b/host_vars/cl-01.oopen.de.yml new file mode 100644 index 0000000..a7c1f06 --- /dev/null +++ b/host_vars/cl-01.oopen.de.yml @@ -0,0 +1,73 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/cl-02.oopen.de.yml b/host_vars/cl-02.oopen.de.yml new file mode 100644 index 0000000..a7c1f06 --- /dev/null +++ b/host_vars/cl-02.oopen.de.yml @@ -0,0 +1,73 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/cl-fm.oopen.de b/host_vars/cl-fm.oopen.de new file mode 100644 index 0000000..a7c1f06 --- /dev/null +++ b/host_vars/cl-fm.oopen.de @@ -0,0 +1,73 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/cl-irights.oopen.de b/host_vars/cl-irights.oopen.de new file mode 100644 index 0000000..a7c1f06 --- /dev/null +++ b/host_vars/cl-irights.oopen.de @@ -0,0 +1,73 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/cloud-giz.warenform.de.yml b/host_vars/cloud-giz.warenform.de.yml new file mode 100644 index 0000000..a7c1f06 --- /dev/null +++ b/host_vars/cloud-giz.warenform.de.yml @@ -0,0 +1,73 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/cloud.oopen.de.yml b/host_vars/cloud.oopen.de.yml new file mode 100644 index 0000000..a7c1f06 --- /dev/null +++ b/host_vars/cloud.oopen.de.yml @@ -0,0 +1,73 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + +sudoers_file_user_privileges: + - name: back + entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php' + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- +# +# see: roles/common/tasks/vars + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + diff --git a/host_vars/o35.oopen.de.yml b/host_vars/o35.oopen.de.yml new file mode 100644 index 0000000..f7f51d1 --- /dev/null +++ b/host_vars/o35.oopen.de.yml @@ -0,0 +1,232 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown2 + + +network_interfaces: + + - device: br0 + # use only once per device (for the first device entry) + headline: br0 - bridge over device enp35s0 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + mode: static + description: Bridge Interface IPv4 for LXC + address: '95.217.204.218' + netmask: '255.255.255.192' + network: '95.217.204.192' + broadcast: '95.217.204.255' + gateway: '95.217.204.193' + + # optional dns settings nameservers: [] + # nameservers: + # - "194.150.168.168" # dns.as250.net + # - "91.239.100.100" # anycast.censurfridns.dk + + # optional additional subnets/ips subnets: [] + # subnets: + # - '192.168.123.0/24' + # - '192.168.124.11/32' + + # optional bridge parameters bridge: {} + # bridge: + # ports: + # stp: + # fd: + # maxwait: + # waitport: + bridge: + ports: enp35s0 # for mor devices support a blan separated list + stp: !!str off + fd: 5 + hello: 2 + + # optional bonding parameters bond: {} + # bond: + # mode: + # miimon: + # master: + # slaves: + # lacp-rate: + bond: {} + + # optional vlan settings | vlan: {} + # vlan: {} + # raw-device: 'eth0' + vlan: {} + + # inline hook scripts + pre-up: [] # pre-up script lines + up: + - !!str "route add -net 95.217.204.192 netmask 255.255.255.192 gw 95.217.204.193 dev br0" # up script lines + post-up: [] # post-up script lines (alias for up) + pre-down: [] # pre-down script lines (alias for down) + down: [] # down script lines + post-down: [] # post-down script lines + + + + - device: br0 + family: inet6 + mode: static + description: Bridge Interface IPv6 for LXC + address: '2a01:4f9:4a:47e5::2' + netmask: 64 + gateway: 'fe80::1' + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- +ssh_keypair_backup_server: + - name: backup + backup_user: back + priv_key_src: root/.ssh/id_rsa.backup.oopen.de + priv_key_dest: /root/.ssh/id_rsa + pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub + pub_key_dest: /root/.ssh/id_rsa.pub + +insert_root_ssh_keypair: true + +root_ssh_keypair: + - name: backup + login: root + priv_key_src: root/.ssh/id_ed25519.oopen-server + priv_key_dest: /root/.ssh/id_ed25519 + pub_key_src: root/.ssh/id_ed25519.oopen-server.pub + pub_key_dest: /root/.ssh/id_ed25519.pub + target: backup.oopen.de + + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: sysadm + + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna' + + - name: localadmin + user_id: 1051 + group_id: 1051 + password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna' + +sudo_users: + - chris + - sysadm + - localadmin + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-server + repo: https://git.oopen.de/firewall/ipt-server + dest: /usr/local/src/ipt-server + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/hosts b/hosts index 71bd84e..1abe951 100644 --- a/hosts +++ b/hosts @@ -165,6 +165,10 @@ o33.oopen.de o34.oopen.de o35.oopen.de +cl-02.oopen.de + +# Jitsi Meet - ReachOut +o36.oopen.de [initial_setup] @@ -367,6 +371,10 @@ o34.oopen.de # - o35.oopen.de o35.oopen.de +cl-02.oopen.de + +# Jitsi Meet - ReachOut +o36.oopen.de # - Vserver von Sinma a.ns.oopen.de @@ -462,6 +470,9 @@ cl-irights.oopen.de cl-fm.oopen.de mail.faire-mobilitaet.de +# o35.oopen.de +cl-02.oopen.de + # --- # O.OPEN office network # --- @@ -600,6 +611,11 @@ o33.oopen.de # Jitsi Meet - AG Beratung o34.oopen.de +# o35.oopen.de +cl-02.oopen.de + +# Jitsi Meet - ReachOut +o36.oopen.de [ftp_server] @@ -811,6 +827,9 @@ o26.oopen.de # etventure o32.oopen.de +# o35.oopen.de +cl-02.oopen.de + # --- # Warenform @@ -872,6 +891,9 @@ cl-irights.oopen.de # o25.oopen.de cl-fm.oopen.de +# o35.oopen.de +cl-02.oopen.de + # --- # Warenform # --- @@ -1144,6 +1166,12 @@ o33.oopen.de # Jitsi Meet - AG Beratung o34.oopen.de +# o35.oopen.de +cl-02.oopen.de + +# Jitsi Meet - ReachOut +o36.oopen.de + # --- # O.OPEN office network # --- @@ -1328,6 +1356,10 @@ o34.oopen.de # - o35.oopen.de o35.oopen.de +cl-02.oopen.de + +# Jitsi Meet - ReachOut +o36.oopen.de # - Vserver von Sinma a.ns.oopen.de @@ -1379,6 +1411,7 @@ gw-d11.oopen.de gw-flr.oopen.de gw-replacement.local.netz gw-replacement2.local.netz +gw-replacement3.local.netz gw-replacement.wf.netz @@ -1394,7 +1427,6 @@ gw-mbr.oopen.de gw-opp.oopen.de gw-ro.oopen.de gw-spr.oopen.de -gw-replacement3.local.netz ga-st-gw-ersatz.ga.netz ga-st-gw.ga.netz diff --git a/roles/modify-ipt-gateway-ro/tasks/main.yml b/roles/modify-ipt-gateway-ro/tasks/main.yml index 1c5499c..fab55b4 100644 --- a/roles/modify-ipt-gateway-ro/tasks/main.yml +++ b/roles/modify-ipt-gateway-ro/tasks/main.yml @@ -61,6 +61,21 @@ when: - main_ipv6_exists.stat.exists +- name: addjust line 'brscan_port' (IPv4) + lineinfile: + path: /ro/etc/ipt-firewall/main_ipv4.conf + regexp: '^brscan_port=' + line: 'brscan_port="$standard_brother_brscan_port"' + +- name: addjust line 'brscan_port' (IPv6) + lineinfile: + path: /ro/etc/ipt-firewall/main_ipv6.conf + regexp: '^brscan_port=' + line: 'brscan_port="$standard_brother_brscan_port"' + when: + - main_ipv6_exists.stat.exists + + # --- # allow_jitsi_video_conference_out # --- @@ -141,6 +156,199 @@ - main_ipv6_exists.stat.exists - nc_talk_out_ipv6_present is changed + +# --- +# allow_alfaview_video_conference_out +# --- + +- name: Check if String 'allow_alfaview_video_conference_out..' (IPv4) is present + shell: grep -q -E "^allow_alfaview_video_conference_out=" /ro/etc/ipt-firewall/main_ipv4.conf + register: alfaview_video_conference_out_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "alfaview_video_conference_out_ipv4_present.rc > 1" + changed_when: "alfaview_video_conference_out_ipv4_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton) + lineinfile: + dest: /ro/etc/ipt-firewall/main_ipv4.conf + state: present + regexp: '^allow_alfaview_video_conference_out' + line: 'allow_alfaview_video_conference_out=true' + insertafter: '^#?\s*allow_mumble_request_out' + when: + - main_ipv4_exists.stat.exists + - alfaview_video_conference_out_ipv4_present is changed + +- name: Check if String 'allow_alfaview_video_conference_out..' (IPv6) is present + shell: grep -q -E "^allow_alfaview_video_conference_out=" /ro/etc/ipt-firewall/main_ipv6.conf + register: alfaview_video_conference_out_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "alfaview_video_conference_out_ipv6_present.rc > 1" + changed_when: "alfaview_video_conference_out_ipv6_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton) + lineinfile: + dest: /ro/etc/ipt-firewall/main_ipv6.conf + state: present + regexp: '^allow_alfaview_video_conference_out' + line: 'allow_alfaview_video_conference_out=true' + insertafter: '^#?\s*allow_mumble_request_out' + when: + - main_ipv6_exists.stat.exists + - alfaview_video_conference_out_ipv6_present is changed + + +# --- +# Allow local services from ALL extern netwoks +# --- + +- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv4) is present + shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /ro/etc/ipt-firewall/main_ipv4.conf + register: allow_all_ext_traffic_to_local_service_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 1" + changed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (allow_all_ext_traffic_to_local_service) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*any_access_from_inet_networks' + block: | + + # ============= + # - Allow local services from ALL extern netwoks + # ============= + + # - allow_all_ext_traffic_to_local_service + # - + # - allow_all_ext_traffic_to_local_service="local-address:port:protocol [local-address:port:protocol] .." + # - + # - Note: + # - ===== + # - - Only 'tcp' and 'udp' are allowed valuse for protocol. + # - + # - Example: + # - allow extern traffic to service at 83.223.73.210 on port 1036 + # - allow extern traffic to https service at 83.223.73.204 + # - + # - allow_ext_net_to_local_service=" + # - 83.223.73.210:1036:tcp + # - 83.223.73.204:$standard_https_port:tcp + # - " + # - + # - Blank separated list + # - + allow_all_ext_traffic_to_local_service="" + marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)" + when: + - main_ipv4_exists.stat.exists + - allow_all_ext_traffic_to_local_service_ipv4_present is changed + +- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv6) is present + shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /ro/etc/ipt-firewall/main_ipv6.conf + register: allow_all_ext_traffic_to_local_service_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 1" + changed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (allow_all_ext_traffic_to_local_service) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*any_access_from_inet_networks' + block: | + + + # ============= + # - Allow local services from ALL extern netwoks + # ============= + + # - allow_all_ext_traffic_to_local_service + # - + # - allow_all_ext_traffic_to_local_service="local-address,port,protocol [local-address,port,protocol] .." + # - + # - Note: + # - ===== + # - - Only 'tcp' and 'udp' are allowed valuse for protocol. + # - + # - Example: + # - allow extern traffic to service at 2a01:30:1fff:fd00::210 on port 1036 + # - allow extern traffic to https service at 2a01:30:1fff:fd00::204 + # - + # - allow_ext_net_to_local_service=" + # - 2a01:30:1fff:fd00::210,1036,tcp + # - 2a01:30:1fff:fd00::204,$standard_https_port,tcp + # - " + # - + # - Blank separated list + # - + allow_all_ext_traffic_to_local_service="" + marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)" + when: + - main_ipv6_exists.stat.exists + - allow_all_ext_traffic_to_local_service_ipv6_present is changed + + +# --- +# Epson Network Scanner +# --- + +- name: Check if String 'epson_scanner_ips..' (IPv4) is present + shell: grep -q -E "^epson_scanner_ips=" /ro/etc/ipt-firewall/main_ipv4.conf + register: epson_scanner_ips_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "epson_scanner_ips_ipv4_present.rc > 1" + changed_when: "epson_scanner_ips_ipv4_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (epson_scanner) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*brscan_port' + block: | + # ====== + # - Epson Network Scan + # ====== + + # - IP Adresses Epson Network Scanner + # - + # - Blank seoarated list + # - + epson_scanner_ips="" + epson_scan_port="$standard_epson_network_scan_port" + + marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)" + when: + - main_ipv4_exists.stat.exists + - epson_scanner_ips_ipv4_present is changed + +- name: Check if String 'epson_scanner_ips..' (IPv6) is present + shell: grep -q -E "^epson_scanner_ips=" /ro/etc/ipt-firewall/main_ipv6.conf + register: epson_scanner_ips_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "epson_scanner_ips_ipv6_present.rc > 1" + changed_when: "epson_scanner_ips_ipv6_present.rc > 0" + +- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (epson_scanner) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*brscan_port' + block: | + # ====== + # - Epson Network Scan + # ====== + + # - IP Adresses Epson Network Scanner + # - + # - Blank seoarated list + # - + epson_scanner_ips="" + epson_scan_port="$standard_epson_network_scan_port" + + marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)" + when: + - main_ipv6_exists.stat.exists + - epson_scanner_ips_ipv6_present is changed + + # --- # jitsi video conference service # --- @@ -220,6 +428,63 @@ - jitsi_service_ipv6_present is changed +# --- +# alfaview video conference service +# --- + +- name: Check if String 'alfaview_tcp_ports=..' (IPv4) is present + shell: grep -q -E "^alfaview_tcp_ports=" /ro/etc/ipt-firewall/main_ipv4.conf + register: alfaview_service_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "alfaview_service_ipv4_present.rc > 1" + changed_when: "alfaview_service_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*mumble_ports' + block: | + + # ====== + # - alfaview - Video Conferencing Systems + # ====== + + # - alfaview Service Ports + # - + alfaview_tcp_ports="$standard_alfaview_service_tcp_ports" + alfaview_udp_ports="$standard_alfaview_service_udp_ports" + marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)" + when: + - main_ipv4_exists.stat.exists + - alfaview_service_ipv4_present is changed + +- name: Check if String 'alfaview_tcp_ports=..' (IPv6) is present + shell: grep -q -E "^alfaview_tcp_ports=" /ro/etc/ipt-firewall/main_ipv6.conf + register: alfaview_service_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "alfaview_service_ipv6_present.rc > 1" + changed_when: "alfaview_service_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (alfaview service) + blockinfile: + path: /ro/etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*mumble_ports' + block: | + + # ====== + # - alfaview - Video Conferencing Systems + # ====== + + # - alfaview Service Ports + # - + alfaview_tcp_ports="$standard_alfaview_service_tcp_ports" + alfaview_udp_ports="$standard_alfaview_service_udp_ports" + marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)" + when: + - main_ipv6_exists.stat.exists + - alfaview_service_ipv6_present is changed + + # --- # TURN Server (Stun Server) (for Nextcloud 'talk' app) # --- diff --git a/roles/modify-ipt-gateway/tasks/main.yml b/roles/modify-ipt-gateway/tasks/main.yml index 27d3224..70c9dbc 100644 --- a/roles/modify-ipt-gateway/tasks/main.yml +++ b/roles/modify-ipt-gateway/tasks/main.yml @@ -65,6 +65,24 @@ notify: - Restart IPv6 Firewall +- name: addjust line 'brscan_port' (IPv4) + lineinfile: + path: /etc/ipt-firewall/main_ipv4.conf + regexp: '^brscan_port=' + line: 'brscan_port="$standard_brother_brscan_port"' + notify: + - Restart IPv4 Firewall + +- name: addjust line 'brscan_port' (IPv6) + lineinfile: + path: /etc/ipt-firewall/main_ipv6.conf + regexp: '^brscan_port=' + line: 'brscan_port="$standard_brother_brscan_port"' + when: + - main_ipv6_exists.stat.exists + notify: + - Restart IPv6 Firewall + # --- # allow_jitsi_video_conference_out # --- @@ -187,6 +205,201 @@ - main_ipv6_exists.stat.exists - bigbluebutton_video_conference_out_ipv6_present is changed + +# --- +# allow_alfaview_video_conference_out +# --- + +- name: Check if String 'allow_alfaview_video_conference_out..' (IPv4) is present + shell: grep -q -E "^allow_alfaview_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf + register: alfaview_video_conference_out_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "alfaview_video_conference_out_ipv4_present.rc > 1" + changed_when: "alfaview_video_conference_out_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton) + lineinfile: + dest: /etc/ipt-firewall/main_ipv4.conf + state: present + regexp: '^allow_alfaview_video_conference_out' + line: 'allow_alfaview_video_conference_out=true' + insertafter: '^#?\s*allow_mumble_request_out' + when: + - main_ipv4_exists.stat.exists + - alfaview_video_conference_out_ipv4_present is changed + +- name: Check if String 'allow_alfaview_video_conference_out..' (IPv6) is present + shell: grep -q -E "^allow_alfaview_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf + register: alfaview_video_conference_out_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "alfaview_video_conference_out_ipv6_present.rc > 1" + changed_when: "alfaview_video_conference_out_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton) + lineinfile: + dest: /etc/ipt-firewall/main_ipv6.conf + state: present + regexp: '^allow_alfaview_video_conference_out' + line: 'allow_alfaview_video_conference_out=true' + insertafter: '^#?\s*allow_mumble_request_out' + when: + - main_ipv6_exists.stat.exists + - alfaview_video_conference_out_ipv6_present is changed + + +# --- +# Allow local services from ALL extern netwoks +# --- + +- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv4) is present + shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /etc/ipt-firewall/main_ipv4.conf + register: allow_all_ext_traffic_to_local_service_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 1" + changed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_all_ext_traffic_to_local_service) + blockinfile: + path: /etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*any_access_from_inet_networks' + block: | + + # ============= + # - Allow local services from ALL extern netwoks + # ============= + + # - allow_all_ext_traffic_to_local_service + # - + # - allow_all_ext_traffic_to_local_service="local-address:port:protocol [local-address:port:protocol] .." + # - + # - Note: + # - ===== + # - - Only 'tcp' and 'udp' are allowed valuse for protocol. + # - + # - Example: + # - allow extern traffic to service at 83.223.73.210 on port 1036 + # - allow extern traffic to https service at 83.223.73.204 + # - + # - allow_ext_net_to_local_service=" + # - 83.223.73.210:1036:tcp + # - 83.223.73.204:$standard_https_port:tcp + # - " + # - + # - Blank separated list + # - + allow_all_ext_traffic_to_local_service="" + marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)" + when: + - main_ipv4_exists.stat.exists + - allow_all_ext_traffic_to_local_service_ipv4_present is changed + + +- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv6) is present + shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /etc/ipt-firewall/main_ipv6.conf + register: allow_all_ext_traffic_to_local_service_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 1" + changed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_all_ext_traffic_to_local_service) + blockinfile: + path: /etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*any_access_from_inet_networks' + block: | + + + # ============= + # - Allow local services from ALL extern netwoks + # ============= + + # - allow_all_ext_traffic_to_local_service + # - + # - allow_all_ext_traffic_to_local_service="local-address,port,protocol [local-address,port,protocol] .." + # - + # - Note: + # - ===== + # - - Only 'tcp' and 'udp' are allowed valuse for protocol. + # - + # - Example: + # - allow extern traffic to service at 2a01:30:1fff:fd00::210 on port 1036 + # - allow extern traffic to https service at 2a01:30:1fff:fd00::204 + # - + # - allow_ext_net_to_local_service=" + # - 2a01:30:1fff:fd00::210,1036,tcp + # - 2a01:30:1fff:fd00::204,$standard_https_port,tcp + # - " + # - + # - Blank separated list + # - + allow_all_ext_traffic_to_local_service="" + marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)" + when: + - main_ipv6_exists.stat.exists + - allow_all_ext_traffic_to_local_service_ipv6_present is changed + + + +# --- +# Epson Network Scanner +# --- + +- name: Check if String 'epson_scanner_ips..' (IPv4) is present + shell: grep -q -E "^epson_scanner_ips=" /etc/ipt-firewall/main_ipv4.conf + register: epson_scanner_ips_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "epson_scanner_ips_ipv4_present.rc > 1" + changed_when: "epson_scanner_ips_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (epson_scanner) + blockinfile: + path: /etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*brscan_port' + block: | + # ====== + # - Epson Network Scan + # ====== + + # - IP Adresses Epson Network Scanner + # - + # - Blank seoarated list + # - + epson_scanner_ips="" + epson_scan_port="$standard_epson_network_scan_port" + + marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)" + when: + - main_ipv4_exists.stat.exists + - epson_scanner_ips_ipv4_present is changed + +- name: Check if String 'epson_scanner_ips..' (IPv6) is present + shell: grep -q -E "^epson_scanner_ips=" /etc/ipt-firewall/main_ipv6.conf + register: epson_scanner_ips_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "epson_scanner_ips_ipv6_present.rc > 1" + changed_when: "epson_scanner_ips_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (epson_scanner) + blockinfile: + path: /etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*brscan_port' + block: | + # ====== + # - Epson Network Scan + # ====== + + # - IP Adresses Epson Network Scanner + # - + # - Blank seoarated list + # - + epson_scanner_ips="" + epson_scan_port="$standard_epson_network_scan_port" + + marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)" + when: + - main_ipv6_exists.stat.exists + - epson_scanner_ips_ipv6_present is changed + + # --- # jitsi video conference service # --- @@ -266,6 +479,63 @@ - jitsi_service_ipv6_present is changed +# --- +# alfaview video conference service +# --- + +- name: Check if String 'alfaview_tcp_ports=..' (IPv4) is present + shell: grep -q -E "^alfaview_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf + register: alfaview_service_ipv4_present + when: main_ipv4_exists.stat.exists + failed_when: "alfaview_service_ipv4_present.rc > 1" + changed_when: "alfaview_service_ipv4_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service) + blockinfile: + path: /etc/ipt-firewall/main_ipv4.conf + insertafter: '^#?\s*mumble_ports' + block: | + + # ====== + # - alfaview - Video Conferencing Systems + # ====== + + # - alfaview Service Ports + # - + alfaview_tcp_ports="$standard_alfaview_service_tcp_ports" + alfaview_udp_ports="$standard_alfaview_service_udp_ports" + marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)" + when: + - main_ipv4_exists.stat.exists + - alfaview_service_ipv4_present is changed + +- name: Check if String 'alfaview_tcp_ports=..' (IPv6) is present + shell: grep -q -E "^alfaview_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf + register: alfaview_service_ipv6_present + when: main_ipv6_exists.stat.exists + failed_when: "alfaview_service_ipv6_present.rc > 1" + changed_when: "alfaview_service_ipv6_present.rc > 0" + +- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (alfaview service) + blockinfile: + path: /etc/ipt-firewall/main_ipv6.conf + insertafter: '^#?\s*mumble_ports' + block: | + + # ====== + # - alfaview - Video Conferencing Systems + # ====== + + # - alfaview Service Ports + # - + alfaview_tcp_ports="$standard_alfaview_service_tcp_ports" + alfaview_udp_ports="$standard_alfaview_service_udp_ports" + marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)" + when: + - main_ipv6_exists.stat.exists + - alfaview_service_ipv6_present is changed + + # --- # TURN Server (Stun Server) (for Nextcloud 'talk' app) # ---