update ..

host_vars/cl-01.oopen.de.yml

@@ -0,0 +1,73 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: !!str "prohibit-password"
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_privileges:
+  - name: back
+    entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/cl-02.oopen.de.yml

@@ -0,0 +1,73 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: !!str "prohibit-password"
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_privileges:
+  - name: back
+    entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/cl-fm.oopen.de

@@ -0,0 +1,73 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: !!str "prohibit-password"
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_privileges:
+  - name: back
+    entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/cl-irights.oopen.de

@@ -0,0 +1,73 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: !!str "prohibit-password"
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_privileges:
+  - name: back
+    entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/cloud-giz.warenform.de.yml

@@ -0,0 +1,73 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: !!str "prohibit-password"
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_privileges:
+  - name: back
+    entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/cloud.oopen.de.yml

@@ -0,0 +1,73 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: !!str "prohibit-password"
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_privileges:
+  - name: back
+    entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+

host_vars/o35.oopen.de.yml

@@ -0,0 +1,232 @@
+---
+
+# ---
+# vars used by roles/network_interfaces
+# ---
+
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: True
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: False
+
+network_interface_path: /etc/network/interfaces.d
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown2
+
+
+network_interfaces:
+
+  - device: br0
+    # use only once per device (for the first device entry)
+    headline: br0 - bridge over device enp35s0
+
+    # auto & allow are only used for the first device entry
+    allow: [] # array of allow-[stanzas] eg. allow-hotplug
+    auto: true
+
+    family: inet
+    mode: static
+    description: Bridge Interface IPv4 for LXC
+    address: '95.217.204.218'
+    netmask: '255.255.255.192'
+    network: '95.217.204.192'
+    broadcast: '95.217.204.255'
+    gateway: '95.217.204.193'
+
+    # optional dns settings nameservers: []
+    # nameservers:
+    #  - "194.150.168.168"  # dns.as250.net
+    #  - "91.239.100.100"   # anycast.censurfridns.dk
+
+    # optional additional subnets/ips subnets: []
+    # subnets: 
+    #   - '192.168.123.0/24'
+    #   - '192.168.124.11/32'
+
+    # optional bridge parameters bridge: {}
+    # bridge:
+    #   ports:
+    #   stp:
+    #   fd:
+    #   maxwait:
+    #   waitport:
+    bridge:
+      ports: enp35s0 # for mor devices support a blan separated list
+      stp: !!str off
+      fd: 5
+      hello: 2
+
+    #  optional bonding parameters bond: {}
+    #  bond:
+    #    mode:
+    #    miimon:
+    #    master:
+    #    slaves:
+    #    lacp-rate:
+    bond: {}
+
+    # optional vlan settings | vlan: {}
+    # vlan: {}
+    #   raw-device: 'eth0'
+    vlan: {}
+
+    # inline hook scripts
+    pre-up: [] # pre-up script lines
+    up: 
+      - !!str "route add -net 95.217.204.192 netmask 255.255.255.192 gw 95.217.204.193 dev br0" # up script lines
+    post-up: [] # post-up script lines (alias for up)
+    pre-down: [] # pre-down script lines (alias for down)
+    down: [] # down script lines
+    post-down: [] # post-down script lines
+
+
+
+  - device: br0
+    family: inet6
+    mode: static
+    description: Bridge Interface IPv6 for LXC
+    address: '2a01:4f9:4a:47e5::2'
+    netmask: 64
+    gateway: 'fe80::1'
+
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+ssh_keypair_backup_server:
+  - name: backup
+    backup_user: back
+    priv_key_src: root/.ssh/id_rsa.backup.oopen.de
+    priv_key_dest: /root/.ssh/id_rsa
+    pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
+    pub_key_dest: /root/.ssh/id_rsa.pub
+
+insert_root_ssh_keypair: true
+
+root_ssh_keypair:
+  - name: backup
+    login: root
+    priv_key_src: root/.ssh/id_ed25519.oopen-server
+    priv_key_dest: /root/.ssh/id_ed25519
+    pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
+    pub_key_dest: /root/.ssh/id_ed25519.pub
+    target: backup.oopen.de
+
+
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: sysadm
+
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
+
+  - name: localadmin
+    user_id: 1051
+    group_id: 1051
+    password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+     - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
+
+sudo_users:
+  - chris
+  - sysadm
+  - localadmin
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+git_firewall_repository:
+  name: ipt-server
+  repo: https://git.oopen.de/firewall/ipt-server
+  dest: /usr/local/src/ipt-server
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
+

hosts

@@ -165,6 +165,10 @@ o33.oopen.de
 o34.oopen.de
 
 o35.oopen.de
+cl-02.oopen.de
+
+# Jitsi Meet - ReachOut
+o36.oopen.de
 
 
 [initial_setup]
@@ -367,6 +371,10 @@ o34.oopen.de
 
 # - o35.oopen.de
 o35.oopen.de
+cl-02.oopen.de
+
+# Jitsi Meet - ReachOut
+o36.oopen.de
 
 # - Vserver von Sinma
 a.ns.oopen.de
@@ -462,6 +470,9 @@ cl-irights.oopen.de
 cl-fm.oopen.de
 mail.faire-mobilitaet.de
 
+# o35.oopen.de
+cl-02.oopen.de
+
 # ---
 #  O.OPEN office network
 # ---
@@ -600,6 +611,11 @@ o33.oopen.de
 # Jitsi Meet - AG Beratung
 o34.oopen.de
 
+# o35.oopen.de
+cl-02.oopen.de
+
+# Jitsi Meet - ReachOut
+o36.oopen.de
 
 
 [ftp_server]
@@ -811,6 +827,9 @@ o26.oopen.de
 # etventure
 o32.oopen.de
 
+# o35.oopen.de
+cl-02.oopen.de
+
 
 # ---
 # Warenform
@@ -872,6 +891,9 @@ cl-irights.oopen.de
 # o25.oopen.de
 cl-fm.oopen.de
 
+# o35.oopen.de
+cl-02.oopen.de
+
 # ---
 # Warenform
 # ---
@@ -1144,6 +1166,12 @@ o33.oopen.de
 # Jitsi Meet - AG Beratung
 o34.oopen.de
 
+# o35.oopen.de
+cl-02.oopen.de
+
+# Jitsi Meet - ReachOut
+o36.oopen.de
+
 # ---
 #  O.OPEN office network
 # ---
@@ -1328,6 +1356,10 @@ o34.oopen.de
 
 # - o35.oopen.de
 o35.oopen.de
+cl-02.oopen.de
+
+# Jitsi Meet - ReachOut
+o36.oopen.de
 
 # - Vserver von Sinma
 a.ns.oopen.de
@@ -1379,6 +1411,7 @@ gw-d11.oopen.de
 gw-flr.oopen.de
 gw-replacement.local.netz
 gw-replacement2.local.netz
+gw-replacement3.local.netz
 gw-replacement.wf.netz
 
 
@@ -1394,7 +1427,6 @@ gw-mbr.oopen.de
 gw-opp.oopen.de
 gw-ro.oopen.de
 gw-spr.oopen.de
-gw-replacement3.local.netz
 
 ga-st-gw-ersatz.ga.netz
 ga-st-gw.ga.netz

roles/modify-ipt-gateway-ro/tasks/main.yml

@@ -61,6 +61,21 @@
   when: 
       - main_ipv6_exists.stat.exists
 
+- name: addjust line 'brscan_port' (IPv4)
+  lineinfile:
+    path: /ro/etc/ipt-firewall/main_ipv4.conf
+    regexp: '^brscan_port='
+    line: 'brscan_port="$standard_brother_brscan_port"'
+
+- name: addjust line 'brscan_port' (IPv6)
+  lineinfile:
+    path: /ro/etc/ipt-firewall/main_ipv6.conf
+    regexp: '^brscan_port='
+    line: 'brscan_port="$standard_brother_brscan_port"'
+  when: 
+      - main_ipv6_exists.stat.exists
+
+
 # ---
 # allow_jitsi_video_conference_out
 # ---
@@ -141,6 +156,199 @@
     - main_ipv6_exists.stat.exists
     - nc_talk_out_ipv6_present is changed
 
+
+# ---
+# allow_alfaview_video_conference_out
+# ---
+
+- name: Check if String 'allow_alfaview_video_conference_out..' (IPv4) is present
+  shell: grep -q -E "^allow_alfaview_video_conference_out=" /ro/etc/ipt-firewall/main_ipv4.conf
+  register: alfaview_video_conference_out_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "alfaview_video_conference_out_ipv4_present.rc > 1"
+  changed_when: "alfaview_video_conference_out_ipv4_present.rc > 0"
+
+- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton)
+  lineinfile:
+    dest: /ro/etc/ipt-firewall/main_ipv4.conf
+    state: present
+    regexp: '^allow_alfaview_video_conference_out'
+    line: 'allow_alfaview_video_conference_out=true'
+    insertafter: '^#?\s*allow_mumble_request_out'
+  when:
+    - main_ipv4_exists.stat.exists
+    - alfaview_video_conference_out_ipv4_present is changed
+
+- name: Check if String 'allow_alfaview_video_conference_out..' (IPv6) is present
+  shell: grep -q -E "^allow_alfaview_video_conference_out=" /ro/etc/ipt-firewall/main_ipv6.conf
+  register: alfaview_video_conference_out_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "alfaview_video_conference_out_ipv6_present.rc > 1"
+  changed_when: "alfaview_video_conference_out_ipv6_present.rc > 0"
+
+- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton)
+  lineinfile:
+    dest: /ro/etc/ipt-firewall/main_ipv6.conf
+    state: present
+    regexp: '^allow_alfaview_video_conference_out'
+    line: 'allow_alfaview_video_conference_out=true'
+    insertafter: '^#?\s*allow_mumble_request_out'
+  when:
+    - main_ipv6_exists.stat.exists
+    - alfaview_video_conference_out_ipv6_present is changed
+
+
+# ---
+# Allow local services from ALL extern netwoks
+# ---
+
+- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv4) is present
+  shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /ro/etc/ipt-firewall/main_ipv4.conf
+  register: allow_all_ext_traffic_to_local_service_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 1"
+  changed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 0"
+
+- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (allow_all_ext_traffic_to_local_service)
+  blockinfile:
+    path: /ro/etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*any_access_from_inet_networks'
+    block: |
+
+      # =============
+      # - Allow local services from ALL extern netwoks
+      # =============
+
+      # - allow_all_ext_traffic_to_local_service
+      # -
+      # - allow_all_ext_traffic_to_local_service="local-address:port:protocol [local-address:port:protocol] .."
+      # -
+      # - Note:
+      # - =====
+      # -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+      # -
+      # - Example:
+      # -    allow extern traffic to service at 83.223.73.210 on port 1036
+      # -    allow extern traffic to https service at 83.223.73.204
+      # -
+      # -    allow_ext_net_to_local_service="
+      # -       83.223.73.210:1036:tcp
+      # -       83.223.73.204:$standard_https_port:tcp
+      # -    "
+      # -
+      # - Blank separated list
+      # -
+      allow_all_ext_traffic_to_local_service=""
+    marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
+  when: 
+    - main_ipv4_exists.stat.exists
+    - allow_all_ext_traffic_to_local_service_ipv4_present is changed
+
+- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv6) is present
+  shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /ro/etc/ipt-firewall/main_ipv6.conf
+  register: allow_all_ext_traffic_to_local_service_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 1"
+  changed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 0"
+
+- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (allow_all_ext_traffic_to_local_service)
+  blockinfile:
+    path: /ro/etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*any_access_from_inet_networks'
+    block: |
+
+
+      # =============
+      # - Allow local services from ALL extern netwoks
+      # =============
+
+      # - allow_all_ext_traffic_to_local_service
+      # -
+      # - allow_all_ext_traffic_to_local_service="local-address,port,protocol [local-address,port,protocol] .."
+      # -
+      # - Note:
+      # - =====
+      # -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+      # -
+      # - Example:
+      # -    allow extern traffic to service at 2a01:30:1fff:fd00::210 on port 1036
+      # -    allow extern traffic to https service at 2a01:30:1fff:fd00::204
+      # -
+      # -    allow_ext_net_to_local_service="
+      # -       2a01:30:1fff:fd00::210,1036,tcp
+      # -       2a01:30:1fff:fd00::204,$standard_https_port,tcp
+      # -    "
+      # -
+      # - Blank separated list
+      # -
+      allow_all_ext_traffic_to_local_service=""
+    marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
+  when: 
+    - main_ipv6_exists.stat.exists
+    - allow_all_ext_traffic_to_local_service_ipv6_present is changed
+
+
+# ---
+# Epson Network Scanner
+# ---
+
+- name: Check if String 'epson_scanner_ips..' (IPv4) is present
+  shell: grep -q -E "^epson_scanner_ips=" /ro/etc/ipt-firewall/main_ipv4.conf
+  register: epson_scanner_ips_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "epson_scanner_ips_ipv4_present.rc > 1"
+  changed_when: "epson_scanner_ips_ipv4_present.rc > 0"
+
+- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (epson_scanner)
+  blockinfile:
+    path: /ro/etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*brscan_port'
+    block: |
+      # ======
+      # - Epson Network Scan
+      # ======
+
+      # - IP Adresses Epson Network Scanner
+      # -
+      # - Blank seoarated list
+      # -
+      epson_scanner_ips=""
+      epson_scan_port="$standard_epson_network_scan_port"
+
+    marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
+  when: 
+    - main_ipv4_exists.stat.exists
+    - epson_scanner_ips_ipv4_present is changed
+
+- name: Check if String 'epson_scanner_ips..' (IPv6) is present
+  shell: grep -q -E "^epson_scanner_ips=" /ro/etc/ipt-firewall/main_ipv6.conf
+  register: epson_scanner_ips_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "epson_scanner_ips_ipv6_present.rc > 1"
+  changed_when: "epson_scanner_ips_ipv6_present.rc > 0"
+
+- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (epson_scanner)
+  blockinfile:
+    path: /ro/etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*brscan_port'
+    block: |
+      # ======
+      # - Epson Network Scan
+      # ======
+
+      # - IP Adresses Epson Network Scanner
+      # -
+      # - Blank seoarated list
+      # -
+      epson_scanner_ips=""
+      epson_scan_port="$standard_epson_network_scan_port"
+
+    marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
+  when: 
+    - main_ipv6_exists.stat.exists
+    - epson_scanner_ips_ipv6_present is changed
+
+
 # ---
 # jitsi video conference service
 # ---
@@ -220,6 +428,63 @@
     - jitsi_service_ipv6_present is changed
 
 
+# ---
+# alfaview video conference service
+# ---
+
+- name: Check if String 'alfaview_tcp_ports=..' (IPv4) is present
+  shell: grep -q -E "^alfaview_tcp_ports=" /ro/etc/ipt-firewall/main_ipv4.conf
+  register: alfaview_service_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "alfaview_service_ipv4_present.rc > 1"
+  changed_when: "alfaview_service_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service)
+  blockinfile:
+    path: /ro/etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*mumble_ports'
+    block: |
+
+      # ======
+      # - alfaview - Video Conferencing Systems
+      # ======
+
+      # - alfaview Service Ports
+      # -
+      alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
+      alfaview_udp_ports="$standard_alfaview_service_udp_ports"      
+    marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
+  when: 
+    - main_ipv4_exists.stat.exists
+    - alfaview_service_ipv4_present is changed
+
+- name: Check if String 'alfaview_tcp_ports=..' (IPv6) is present
+  shell: grep -q -E "^alfaview_tcp_ports=" /ro/etc/ipt-firewall/main_ipv6.conf
+  register: alfaview_service_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "alfaview_service_ipv6_present.rc > 1"
+  changed_when: "alfaview_service_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (alfaview service)
+  blockinfile:
+    path: /ro/etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*mumble_ports'
+    block: |
+
+      # ======
+      # - alfaview - Video Conferencing Systems
+      # ======
+
+      # - alfaview Service Ports
+      # -
+      alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
+      alfaview_udp_ports="$standard_alfaview_service_udp_ports"      
+    marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
+  when: 
+    - main_ipv6_exists.stat.exists
+    - alfaview_service_ipv6_present is changed
+
+
 # ---
 # TURN Server (Stun Server) (for Nextcloud 'talk' app)
 # ---

roles/modify-ipt-gateway/tasks/main.yml

@@ -65,6 +65,24 @@
   notify:
     - Restart IPv6 Firewall
 
+- name: addjust line 'brscan_port' (IPv4)
+  lineinfile:
+    path: /etc/ipt-firewall/main_ipv4.conf
+    regexp: '^brscan_port='
+    line: 'brscan_port="$standard_brother_brscan_port"'
+  notify:
+    - Restart IPv4 Firewall
+
+- name: addjust line 'brscan_port' (IPv6)
+  lineinfile:
+    path: /etc/ipt-firewall/main_ipv6.conf
+    regexp: '^brscan_port='
+    line: 'brscan_port="$standard_brother_brscan_port"'
+  when: 
+    - main_ipv6_exists.stat.exists
+  notify:
+    - Restart IPv6 Firewall
+
 # ---
 # allow_jitsi_video_conference_out
 # ---
@@ -187,6 +205,201 @@
     - main_ipv6_exists.stat.exists
     - bigbluebutton_video_conference_out_ipv6_present is changed
 
+
+# ---
+# allow_alfaview_video_conference_out
+# ---
+
+- name: Check if String 'allow_alfaview_video_conference_out..' (IPv4) is present
+  shell: grep -q -E "^allow_alfaview_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf
+  register: alfaview_video_conference_out_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "alfaview_video_conference_out_ipv4_present.rc > 1"
+  changed_when: "alfaview_video_conference_out_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton)
+  lineinfile:
+    dest: /etc/ipt-firewall/main_ipv4.conf
+    state: present
+    regexp: '^allow_alfaview_video_conference_out'
+    line: 'allow_alfaview_video_conference_out=true'
+    insertafter: '^#?\s*allow_mumble_request_out'
+  when: 
+    - main_ipv4_exists.stat.exists
+    - alfaview_video_conference_out_ipv4_present is changed
+
+- name: Check if String 'allow_alfaview_video_conference_out..' (IPv6) is present
+  shell: grep -q -E "^allow_alfaview_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf
+  register: alfaview_video_conference_out_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "alfaview_video_conference_out_ipv6_present.rc > 1"
+  changed_when: "alfaview_video_conference_out_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton)
+  lineinfile:
+    dest: /etc/ipt-firewall/main_ipv6.conf
+    state: present
+    regexp: '^allow_alfaview_video_conference_out'
+    line: 'allow_alfaview_video_conference_out=true'
+    insertafter: '^#?\s*allow_mumble_request_out'
+  when: 
+    - main_ipv6_exists.stat.exists
+    - alfaview_video_conference_out_ipv6_present is changed
+
+
+# ---
+# Allow local services from ALL extern netwoks
+# ---
+
+- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv4) is present
+  shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /etc/ipt-firewall/main_ipv4.conf
+  register: allow_all_ext_traffic_to_local_service_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 1"
+  changed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_all_ext_traffic_to_local_service)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*any_access_from_inet_networks'
+    block: |
+
+      # =============
+      # - Allow local services from ALL extern netwoks
+      # =============
+
+      # - allow_all_ext_traffic_to_local_service
+      # -
+      # - allow_all_ext_traffic_to_local_service="local-address:port:protocol [local-address:port:protocol] .."
+      # -
+      # - Note:
+      # - =====
+      # -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+      # -
+      # - Example:
+      # -    allow extern traffic to service at 83.223.73.210 on port 1036
+      # -    allow extern traffic to https service at 83.223.73.204
+      # -
+      # -    allow_ext_net_to_local_service="
+      # -       83.223.73.210:1036:tcp
+      # -       83.223.73.204:$standard_https_port:tcp
+      # -    "
+      # -
+      # - Blank separated list
+      # -    
+      allow_all_ext_traffic_to_local_service=""
+    marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
+  when: 
+    - main_ipv4_exists.stat.exists
+    - allow_all_ext_traffic_to_local_service_ipv4_present is changed
+
+
+- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv6) is present
+  shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /etc/ipt-firewall/main_ipv6.conf
+  register: allow_all_ext_traffic_to_local_service_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 1"
+  changed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_all_ext_traffic_to_local_service)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*any_access_from_inet_networks'
+    block: |
+
+
+      # =============
+      # - Allow local services from ALL extern netwoks
+      # =============
+
+      # - allow_all_ext_traffic_to_local_service
+      # -
+      # - allow_all_ext_traffic_to_local_service="local-address,port,protocol [local-address,port,protocol] .."
+      # -
+      # - Note:
+      # - =====
+      # -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+      # -
+      # - Example:
+      # -    allow extern traffic to service at 2a01:30:1fff:fd00::210 on port 1036
+      # -    allow extern traffic to https service at 2a01:30:1fff:fd00::204
+      # -
+      # -    allow_ext_net_to_local_service="
+      # -       2a01:30:1fff:fd00::210,1036,tcp
+      # -       2a01:30:1fff:fd00::204,$standard_https_port,tcp
+      # -    "
+      # -
+      # - Blank separated list
+      # -
+      allow_all_ext_traffic_to_local_service=""
+    marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
+  when: 
+    - main_ipv6_exists.stat.exists
+    - allow_all_ext_traffic_to_local_service_ipv6_present is changed
+
+
+
+# ---
+# Epson Network Scanner
+# ---
+
+- name: Check if String 'epson_scanner_ips..' (IPv4) is present
+  shell: grep -q -E "^epson_scanner_ips=" /etc/ipt-firewall/main_ipv4.conf
+  register: epson_scanner_ips_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "epson_scanner_ips_ipv4_present.rc > 1"
+  changed_when: "epson_scanner_ips_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (epson_scanner)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*brscan_port'
+    block: |
+      # ======
+      # - Epson Network Scan
+      # ======
+
+      # - IP Adresses Epson Network Scanner
+      # -
+      # - Blank seoarated list
+      # -
+      epson_scanner_ips=""
+      epson_scan_port="$standard_epson_network_scan_port"
+
+    marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
+  when: 
+    - main_ipv4_exists.stat.exists
+    - epson_scanner_ips_ipv4_present is changed
+
+- name: Check if String 'epson_scanner_ips..' (IPv6) is present
+  shell: grep -q -E "^epson_scanner_ips=" /etc/ipt-firewall/main_ipv6.conf
+  register: epson_scanner_ips_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "epson_scanner_ips_ipv6_present.rc > 1"
+  changed_when: "epson_scanner_ips_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (epson_scanner)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*brscan_port'
+    block: |
+      # ======
+      # - Epson Network Scan
+      # ======
+
+      # - IP Adresses Epson Network Scanner
+      # -
+      # - Blank seoarated list
+      # -
+      epson_scanner_ips=""
+      epson_scan_port="$standard_epson_network_scan_port"
+
+    marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
+  when: 
+    - main_ipv6_exists.stat.exists
+    - epson_scanner_ips_ipv6_present is changed
+
+
 # ---
 # jitsi video conference service
 # ---
@@ -266,6 +479,63 @@
     - jitsi_service_ipv6_present is changed
 
 
+# ---
+# alfaview video conference service
+# ---
+
+- name: Check if String 'alfaview_tcp_ports=..' (IPv4) is present
+  shell: grep -q -E "^alfaview_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf
+  register: alfaview_service_ipv4_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "alfaview_service_ipv4_present.rc > 1"
+  changed_when: "alfaview_service_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*mumble_ports'
+    block: |
+
+      # ======
+      # - alfaview - Video Conferencing Systems
+      # ======
+
+      # - alfaview Service Ports
+      # -
+      alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
+      alfaview_udp_ports="$standard_alfaview_service_udp_ports"      
+    marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
+  when: 
+    - main_ipv4_exists.stat.exists
+    - alfaview_service_ipv4_present is changed
+
+- name: Check if String 'alfaview_tcp_ports=..' (IPv6) is present
+  shell: grep -q -E "^alfaview_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf
+  register: alfaview_service_ipv6_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "alfaview_service_ipv6_present.rc > 1"
+  changed_when: "alfaview_service_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (alfaview service)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*mumble_ports'
+    block: |
+
+      # ======
+      # - alfaview - Video Conferencing Systems
+      # ======
+
+      # - alfaview Service Ports
+      # -
+      alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
+      alfaview_udp_ports="$standard_alfaview_service_udp_ports"      
+    marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
+  when: 
+    - main_ipv6_exists.stat.exists
+    - alfaview_service_ipv6_present is changed
+
+
 # ---
 # TURN Server (Stun Server) (for Nextcloud 'talk' app)
 # ---