ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update ..

Browse Source
This commit is contained in:
Christoph 2020-08-01 13:04:15 +02:00
parent 48a531ea3e
commit fbd72568e3
10 changed files with 1238 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
host_vars/cl-01.oopen.de.yml Normal file
View File

@ -0,0 +1,73 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

73
host_vars/cl-02.oopen.de.yml Normal file
View File

@ -0,0 +1,73 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

73
host_vars/cl-fm.oopen.de Normal file
View File

@ -0,0 +1,73 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

73
host_vars/cl-irights.oopen.de Normal file
View File

@ -0,0 +1,73 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

73
host_vars/cloud-giz.warenform.de.yml Normal file
View File

@ -0,0 +1,73 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

73
host_vars/cloud.oopen.de.yml Normal file
View File

@ -0,0 +1,73 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

232
host_vars/o35.oopen.de.yml Normal file
View File

@ -0,0 +1,232 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown2
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp35s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
mode: static
description: Bridge Interface IPv4 for LXC
address: '95.217.204.218'
netmask: '255.255.255.192'
network: '95.217.204.192'
broadcast: '95.217.204.255'
gateway: '95.217.204.193'
# optional dns settings nameservers: []
# nameservers:
# - "194.150.168.168" # dns.as250.net
# - "91.239.100.100" # anycast.censurfridns.dk
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge:
ports: enp35s0 # for mor devices support a blan separated list
stp: !!str off
fd: 5
hello: 2
# optional bonding parameters bond: {}
# bond:
# mode:
# miimon:
# master:
# slaves:
# lacp-rate:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 95.217.204.192 netmask 255.255.255.192 gw 95.217.204.193 dev br0" # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: br0
family: inet6
mode: static
description: Bridge Interface IPv6 for LXC
address: '2a01:4f9:4a:47e5::2'
netmask: 64
gateway: 'fe80::1'
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: backup
login: root
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

34
hosts
View File

@ -165,6 +165,10 @@ o33.oopen.de
o34.oopen.de
o35.oopen.de
cl-02.oopen.de
# Jitsi Meet - ReachOut
o36.oopen.de
[initial_setup]
@ -367,6 +371,10 @@ o34.oopen.de
# - o35.oopen.de
o35.oopen.de
cl-02.oopen.de
# Jitsi Meet - ReachOut
o36.oopen.de
# - Vserver von Sinma
a.ns.oopen.de
@ -462,6 +470,9 @@ cl-irights.oopen.de
cl-fm.oopen.de
mail.faire-mobilitaet.de
# o35.oopen.de
cl-02.oopen.de
# ---
# O.OPEN office network
# ---
@ -600,6 +611,11 @@ o33.oopen.de
# Jitsi Meet - AG Beratung
o34.oopen.de
# o35.oopen.de
cl-02.oopen.de
# Jitsi Meet - ReachOut
o36.oopen.de
[ftp_server]
@ -811,6 +827,9 @@ o26.oopen.de
# etventure
o32.oopen.de
# o35.oopen.de
cl-02.oopen.de
# ---
# Warenform
@ -872,6 +891,9 @@ cl-irights.oopen.de
# o25.oopen.de
cl-fm.oopen.de
# o35.oopen.de
cl-02.oopen.de
# ---
# Warenform
# ---
@ -1144,6 +1166,12 @@ o33.oopen.de
# Jitsi Meet - AG Beratung
o34.oopen.de
# o35.oopen.de
cl-02.oopen.de
# Jitsi Meet - ReachOut
o36.oopen.de
# ---
# O.OPEN office network
# ---
@ -1328,6 +1356,10 @@ o34.oopen.de
# - o35.oopen.de
o35.oopen.de
cl-02.oopen.de
# Jitsi Meet - ReachOut
o36.oopen.de
# - Vserver von Sinma
a.ns.oopen.de
@ -1379,6 +1411,7 @@ gw-d11.oopen.de
gw-flr.oopen.de
gw-replacement.local.netz
gw-replacement2.local.netz
gw-replacement3.local.netz
gw-replacement.wf.netz
@ -1394,7 +1427,6 @@ gw-mbr.oopen.de
gw-opp.oopen.de
gw-ro.oopen.de
gw-spr.oopen.de
gw-replacement3.local.netz
ga-st-gw-ersatz.ga.netz
ga-st-gw.ga.netz

265
roles/modify-ipt-gateway-ro/tasks/main.yml
View File

@ -61,6 +61,21 @@
when:
- main_ipv6_exists.stat.exists
- name: addjust line 'brscan_port' (IPv4)
lineinfile:
path: /ro/etc/ipt-firewall/main_ipv4.conf
regexp: '^brscan_port='
line: 'brscan_port="$standard_brother_brscan_port"'
- name: addjust line 'brscan_port' (IPv6)
lineinfile:
path: /ro/etc/ipt-firewall/main_ipv6.conf
regexp: '^brscan_port='
line: 'brscan_port="$standard_brother_brscan_port"'
when:
- main_ipv6_exists.stat.exists
# ---
# allow_jitsi_video_conference_out
# ---
@ -141,6 +156,199 @@
- main_ipv6_exists.stat.exists
- nc_talk_out_ipv6_present is changed
# ---
# allow_alfaview_video_conference_out
# ---
- name: Check if String 'allow_alfaview_video_conference_out..' (IPv4) is present
shell: grep -q -E "^allow_alfaview_video_conference_out=" /ro/etc/ipt-firewall/main_ipv4.conf
register: alfaview_video_conference_out_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "alfaview_video_conference_out_ipv4_present.rc > 1"
changed_when: "alfaview_video_conference_out_ipv4_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton)
lineinfile:
dest: /ro/etc/ipt-firewall/main_ipv4.conf
state: present
regexp: '^allow_alfaview_video_conference_out'
line: 'allow_alfaview_video_conference_out=true'
insertafter: '^#?\s*allow_mumble_request_out'
when:
- main_ipv4_exists.stat.exists
- alfaview_video_conference_out_ipv4_present is changed
- name: Check if String 'allow_alfaview_video_conference_out..' (IPv6) is present
shell: grep -q -E "^allow_alfaview_video_conference_out=" /ro/etc/ipt-firewall/main_ipv6.conf
register: alfaview_video_conference_out_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "alfaview_video_conference_out_ipv6_present.rc > 1"
changed_when: "alfaview_video_conference_out_ipv6_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton)
lineinfile:
dest: /ro/etc/ipt-firewall/main_ipv6.conf
state: present
regexp: '^allow_alfaview_video_conference_out'
line: 'allow_alfaview_video_conference_out=true'
insertafter: '^#?\s*allow_mumble_request_out'
when:
- main_ipv6_exists.stat.exists
- alfaview_video_conference_out_ipv6_present is changed
# ---
# Allow local services from ALL extern netwoks
# ---
- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv4) is present
shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /ro/etc/ipt-firewall/main_ipv4.conf
register: allow_all_ext_traffic_to_local_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 1"
changed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (allow_all_ext_traffic_to_local_service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*any_access_from_inet_networks'
block: |
# =============
# - Allow local services from ALL extern netwoks
# =============
# - allow_all_ext_traffic_to_local_service
# -
# - allow_all_ext_traffic_to_local_service="local-address:port:protocol [local-address:port:protocol] .."
# -
# - Note:
# - =====
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
# -
# - Example:
# - allow extern traffic to service at 83.223.73.210 on port 1036
# - allow extern traffic to https service at 83.223.73.204
# -
# - allow_ext_net_to_local_service="
# - 83.223.73.210:1036:tcp
# - 83.223.73.204:$standard_https_port:tcp
# - "
# -
# - Blank separated list
# -
allow_all_ext_traffic_to_local_service=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
when:
- main_ipv4_exists.stat.exists
- allow_all_ext_traffic_to_local_service_ipv4_present is changed
- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv6) is present
shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /ro/etc/ipt-firewall/main_ipv6.conf
register: allow_all_ext_traffic_to_local_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 1"
changed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (allow_all_ext_traffic_to_local_service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*any_access_from_inet_networks'
block: |
# =============
# - Allow local services from ALL extern netwoks
# =============
# - allow_all_ext_traffic_to_local_service
# -
# - allow_all_ext_traffic_to_local_service="local-address,port,protocol [local-address,port,protocol] .."
# -
# - Note:
# - =====
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
# -
# - Example:
# - allow extern traffic to service at 2a01:30:1fff:fd00::210 on port 1036
# - allow extern traffic to https service at 2a01:30:1fff:fd00::204
# -
# - allow_ext_net_to_local_service="
# - 2a01:30:1fff:fd00::210,1036,tcp
# - 2a01:30:1fff:fd00::204,$standard_https_port,tcp
# - "
# -
# - Blank separated list
# -
allow_all_ext_traffic_to_local_service=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
when:
- main_ipv6_exists.stat.exists
- allow_all_ext_traffic_to_local_service_ipv6_present is changed
# ---
# Epson Network Scanner
# ---
- name: Check if String 'epson_scanner_ips..' (IPv4) is present
shell: grep -q -E "^epson_scanner_ips=" /ro/etc/ipt-firewall/main_ipv4.conf
register: epson_scanner_ips_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "epson_scanner_ips_ipv4_present.rc > 1"
changed_when: "epson_scanner_ips_ipv4_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (epson_scanner)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*brscan_port'
block: |
# ======
# - Epson Network Scan
# ======
# - IP Adresses Epson Network Scanner
# -
# - Blank seoarated list
# -
epson_scanner_ips=""
epson_scan_port="$standard_epson_network_scan_port"
marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
when:
- main_ipv4_exists.stat.exists
- epson_scanner_ips_ipv4_present is changed
- name: Check if String 'epson_scanner_ips..' (IPv6) is present
shell: grep -q -E "^epson_scanner_ips=" /ro/etc/ipt-firewall/main_ipv6.conf
register: epson_scanner_ips_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "epson_scanner_ips_ipv6_present.rc > 1"
changed_when: "epson_scanner_ips_ipv6_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (epson_scanner)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*brscan_port'
block: |
# ======
# - Epson Network Scan
# ======
# - IP Adresses Epson Network Scanner
# -
# - Blank seoarated list
# -
epson_scanner_ips=""
epson_scan_port="$standard_epson_network_scan_port"
marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
when:
- main_ipv6_exists.stat.exists
- epson_scanner_ips_ipv6_present is changed
# ---
# jitsi video conference service
# ---
@ -220,6 +428,63 @@
- jitsi_service_ipv6_present is changed
# ---
# alfaview video conference service
# ---
- name: Check if String 'alfaview_tcp_ports=..' (IPv4) is present
shell: grep -q -E "^alfaview_tcp_ports=" /ro/etc/ipt-firewall/main_ipv4.conf
register: alfaview_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "alfaview_service_ipv4_present.rc > 1"
changed_when: "alfaview_service_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*mumble_ports'
block: |
# ======
# - alfaview - Video Conferencing Systems
# ======
# - alfaview Service Ports
# -
alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
alfaview_udp_ports="$standard_alfaview_service_udp_ports"
marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
when:
- main_ipv4_exists.stat.exists
- alfaview_service_ipv4_present is changed
- name: Check if String 'alfaview_tcp_ports=..' (IPv6) is present
shell: grep -q -E "^alfaview_tcp_ports=" /ro/etc/ipt-firewall/main_ipv6.conf
register: alfaview_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "alfaview_service_ipv6_present.rc > 1"
changed_when: "alfaview_service_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (alfaview service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*mumble_ports'
block: |
# ======
# - alfaview - Video Conferencing Systems
# ======
# - alfaview Service Ports
# -
alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
alfaview_udp_ports="$standard_alfaview_service_udp_ports"
marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
when:
- main_ipv6_exists.stat.exists
- alfaview_service_ipv6_present is changed
# ---
# TURN Server (Stun Server) (for Nextcloud 'talk' app)
# ---

270
roles/modify-ipt-gateway/tasks/main.yml
View File

@ -65,6 +65,24 @@
notify:
- Restart IPv6 Firewall
- name: addjust line 'brscan_port' (IPv4)
lineinfile:
path: /etc/ipt-firewall/main_ipv4.conf
regexp: '^brscan_port='
line: 'brscan_port="$standard_brother_brscan_port"'
notify:
- Restart IPv4 Firewall
- name: addjust line 'brscan_port' (IPv6)
lineinfile:
path: /etc/ipt-firewall/main_ipv6.conf
regexp: '^brscan_port='
line: 'brscan_port="$standard_brother_brscan_port"'
when:
- main_ipv6_exists.stat.exists
notify:
- Restart IPv6 Firewall
# ---
# allow_jitsi_video_conference_out
# ---
@ -187,6 +205,201 @@
- main_ipv6_exists.stat.exists
- bigbluebutton_video_conference_out_ipv6_present is changed
# ---
# allow_alfaview_video_conference_out
# ---
- name: Check if String 'allow_alfaview_video_conference_out..' (IPv4) is present
shell: grep -q -E "^allow_alfaview_video_conference_out=" /etc/ipt-firewall/main_ipv4.conf
register: alfaview_video_conference_out_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "alfaview_video_conference_out_ipv4_present.rc > 1"
changed_when: "alfaview_video_conference_out_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (bigbluebutton)
lineinfile:
dest: /etc/ipt-firewall/main_ipv4.conf
state: present
regexp: '^allow_alfaview_video_conference_out'
line: 'allow_alfaview_video_conference_out=true'
insertafter: '^#?\s*allow_mumble_request_out'
when:
- main_ipv4_exists.stat.exists
- alfaview_video_conference_out_ipv4_present is changed
- name: Check if String 'allow_alfaview_video_conference_out..' (IPv6) is present
shell: grep -q -E "^allow_alfaview_video_conference_out=" /etc/ipt-firewall/main_ipv6.conf
register: alfaview_video_conference_out_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "alfaview_video_conference_out_ipv6_present.rc > 1"
changed_when: "alfaview_video_conference_out_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (bigbluebutton)
lineinfile:
dest: /etc/ipt-firewall/main_ipv6.conf
state: present
regexp: '^allow_alfaview_video_conference_out'
line: 'allow_alfaview_video_conference_out=true'
insertafter: '^#?\s*allow_mumble_request_out'
when:
- main_ipv6_exists.stat.exists
- alfaview_video_conference_out_ipv6_present is changed
# ---
# Allow local services from ALL extern netwoks
# ---
- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv4) is present
shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /etc/ipt-firewall/main_ipv4.conf
register: allow_all_ext_traffic_to_local_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 1"
changed_when: "allow_all_ext_traffic_to_local_service_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_all_ext_traffic_to_local_service)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*any_access_from_inet_networks'
block: |
# =============
# - Allow local services from ALL extern netwoks
# =============
# - allow_all_ext_traffic_to_local_service
# -
# - allow_all_ext_traffic_to_local_service="local-address:port:protocol [local-address:port:protocol] .."
# -
# - Note:
# - =====
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
# -
# - Example:
# - allow extern traffic to service at 83.223.73.210 on port 1036
# - allow extern traffic to https service at 83.223.73.204
# -
# - allow_ext_net_to_local_service="
# - 83.223.73.210:1036:tcp
# - 83.223.73.204:$standard_https_port:tcp
# - "
# -
# - Blank separated list
# -
allow_all_ext_traffic_to_local_service=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
when:
- main_ipv4_exists.stat.exists
- allow_all_ext_traffic_to_local_service_ipv4_present is changed
- name: Check if String 'allow_all_ext_traffic_to_local_service..' (IPv6) is present
shell: grep -q -E "^allow_all_ext_traffic_to_local_service=" /etc/ipt-firewall/main_ipv6.conf
register: allow_all_ext_traffic_to_local_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 1"
changed_when: "allow_all_ext_traffic_to_local_service_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_all_ext_traffic_to_local_service)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*any_access_from_inet_networks'
block: |
# =============
# - Allow local services from ALL extern netwoks
# =============
# - allow_all_ext_traffic_to_local_service
# -
# - allow_all_ext_traffic_to_local_service="local-address,port,protocol [local-address,port,protocol] .."
# -
# - Note:
# - =====
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
# -
# - Example:
# - allow extern traffic to service at 2a01:30:1fff:fd00::210 on port 1036
# - allow extern traffic to https service at 2a01:30:1fff:fd00::204
# -
# - allow_ext_net_to_local_service="
# - 2a01:30:1fff:fd00::210,1036,tcp
# - 2a01:30:1fff:fd00::204,$standard_https_port,tcp
# - "
# -
# - Blank separated list
# -
allow_all_ext_traffic_to_local_service=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_all_ext_traffic_to_local_service)"
when:
- main_ipv6_exists.stat.exists
- allow_all_ext_traffic_to_local_service_ipv6_present is changed
# ---
# Epson Network Scanner
# ---
- name: Check if String 'epson_scanner_ips..' (IPv4) is present
shell: grep -q -E "^epson_scanner_ips=" /etc/ipt-firewall/main_ipv4.conf
register: epson_scanner_ips_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "epson_scanner_ips_ipv4_present.rc > 1"
changed_when: "epson_scanner_ips_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (epson_scanner)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*brscan_port'
block: |
# ======
# - Epson Network Scan
# ======
# - IP Adresses Epson Network Scanner
# -
# - Blank seoarated list
# -
epson_scanner_ips=""
epson_scan_port="$standard_epson_network_scan_port"
marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
when:
- main_ipv4_exists.stat.exists
- epson_scanner_ips_ipv4_present is changed
- name: Check if String 'epson_scanner_ips..' (IPv6) is present
shell: grep -q -E "^epson_scanner_ips=" /etc/ipt-firewall/main_ipv6.conf
register: epson_scanner_ips_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "epson_scanner_ips_ipv6_present.rc > 1"
changed_when: "epson_scanner_ips_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (epson_scanner)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*brscan_port'
block: |
# ======
# - Epson Network Scan
# ======
# - IP Adresses Epson Network Scanner
# -
# - Blank seoarated list
# -
epson_scanner_ips=""
epson_scan_port="$standard_epson_network_scan_port"
marker: "# Marker set by modify-ipt-gateway.yml (epson_scanner)"
when:
- main_ipv6_exists.stat.exists
- epson_scanner_ips_ipv6_present is changed
# ---
# jitsi video conference service
# ---
@ -266,6 +479,63 @@
- jitsi_service_ipv6_present is changed
# ---
# alfaview video conference service
# ---
- name: Check if String 'alfaview_tcp_ports=..' (IPv4) is present
shell: grep -q -E "^alfaview_tcp_ports=" /etc/ipt-firewall/main_ipv4.conf
register: alfaview_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "alfaview_service_ipv4_present.rc > 1"
changed_when: "alfaview_service_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (alfaview service)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*mumble_ports'
block: |
# ======
# - alfaview - Video Conferencing Systems
# ======
# - alfaview Service Ports
# -
alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
alfaview_udp_ports="$standard_alfaview_service_udp_ports"
marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
when:
- main_ipv4_exists.stat.exists
- alfaview_service_ipv4_present is changed
- name: Check if String 'alfaview_tcp_ports=..' (IPv6) is present
shell: grep -q -E "^alfaview_tcp_ports=" /etc/ipt-firewall/main_ipv6.conf
register: alfaview_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "alfaview_service_ipv6_present.rc > 1"
changed_when: "alfaview_service_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (alfaview service)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*mumble_ports'
block: |
# ======
# - alfaview - Video Conferencing Systems
# ======
# - alfaview Service Ports
# -
alfaview_tcp_ports="$standard_alfaview_service_tcp_ports"
alfaview_udp_ports="$standard_alfaview_service_udp_ports"
marker: "# Marker set by modify-ipt-gateway.yml (alfaview service)"
when:
- main_ipv6_exists.stat.exists
- alfaview_service_ipv6_present is changed
# ---
# TURN Server (Stun Server) (for Nextcloud 'talk' app)
# ---