ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ansible:4a2b244eeb317c698da1797866840e610f3d630d
Branches Tags
ansible:master
..
compare: ansible:master
Branches Tags
ansible:master

19 Commits
4a2b244eeb ... master

Author SHA1 Message Date
Christoph
d7cab54470 Add support of insecure wide links 2025-08-20 10:24:35 +02:00
Christoph
b64076ed5d update.. 2025-08-10 10:19:51 +02:00
Christoph
e5321fc0d2 update... 2025-08-06 10:25:02 +02:00
Christoph
67ea094453 update.. 2025-08-04 18:39:16 +02:00
Christoph
a81cf75e13 update.. 2025-08-03 01:00:01 +02:00
Christoph
5d18b79372 update.. 2025-07-15 00:38:25 +02:00
Christoph
86a1d988c7 update.. 2025-06-06 10:31:05 +02:00
Christoph
7ca6f6a2ab update 2025-04-21 11:04:04 +02:00
Christoph
70c0c3bb7c update.. 2025-02-14 11:36:24 +01:00
Christoph
6e60b3718e update .. 2025-02-01 00:05:57 +01:00
Christoph
1d7ebc52cd update.. 2025-01-28 00:17:15 +01:00
Christoph
5fe32c6473 update.. 2025-01-21 16:53:58 +01:00
Christoph
c9cee6deae update.. 2024-12-19 22:44:32 +01:00
Christoph
f61e2ff73c update... 2024-12-13 10:44:19 +01:00
Christoph
229c4bb27d update.. 2024-12-08 13:01:22 +01:00
Christoph
aca84e9298 update.. 2024-12-08 12:30:45 +01:00
Christoph
233e375ce6 update-- 2024-12-08 09:55:05 +01:00
Christoph
445edf8637 update.. 2024-12-07 21:47:25 +01:00
Christoph
19617c6a5c update.. 2024-12-04 17:57:55 +01:00
154 changed files with 11057 additions and 5992 deletions
Expand all files Collapse all files

8
ansible-dependencies-ububtu-noble-sudo.yml Normal file
View File

@ -0,0 +1,8 @@
---
- hosts: initial_setup
gather_facts: false
roles:
- ansible_dependencies-ubuntu-noble
- ansible_user_debian

1
common.yml
View File

@ -16,5 +16,6 @@
# ansible-playbook first_run.yml -i hosts -u root --ask-pass
- hosts: all
strategy: free
roles:
- common

1
environments/ubuntu-server/files Symbolic link
View File

@ -0,0 +1 @@
../../files

37
environments/ubuntu-server/inventory Normal file
View File

@ -0,0 +1,37 @@
[ansible_dependencies]
formbricks-nd.oopen.de
[initial_setup]
formbricks-nd.oopen.de
[lxc_guest]
formbricks-nd.oopen.de
[lxc_host]
[docker_host]
[kvm_host]
[oopen_office_server]
[samba_server]
[jitsi_meet_server]
[mysql_server]
[postgresql_server]
[apache2_webserver]
[nextcloud_server]
[dns_server]
[mail_server]
[webadmin]

4
files/homedirs/back/_bashrc
View File

@ -111,3 +111,7 @@ export EDITOR=vim
## - set beep more quiet
## -
#xset b 10 500 50
# turn off the beep (only in bash tab-complete ?)
# only if interactiv shell
[[ "$-" =~ "i" ]] && bind 'set bell-style none'

1
files/homedirs/back/_vimrc
View File

@ -171,3 +171,4 @@ set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\
set laststatus=2
highlight StatusLine cterm=none ctermfg=white ctermbg=blue
set belloff=all

178
files/homedirs/chris/.vimrc
View File

@ -1,178 +0,0 @@
" An example for a vimrc file.
"
" Maintainer: Bram Moolenaar <Bram@vim.org>
" Last change: 1999 Sep 09
"
" To use it, copy it to
" for Unix and OS/2: ~/.vimrc
" for Amiga: s:.vimrc
" for MS-DOS and Win32: $VIM\_vimrc
" This line should not be removed as it ensures that various options are
" properly set to work with the Vim-related packages available in Debian.
runtime! debian.vim
set nocompatible " Use Vim defaults (much better!)
set bs=2 " allow backspacing over everything in insert mode
set ai " always set autoindenting on
" set backup " keep a backup file
"set viminfo='20,\"50 " read/write a .viminfo file, don't store more
" than 50 lines of registers
set viminfo='20,\"50,:20,%,n~/.viminfo
set history=50 " keep 50 lines of command line history
set ruler " show the cursor position all the time
set ignorecase " suchen case-insenitiv
set showmatch " zeige passende klammern
set shell=/bin/bash " shell to start with !
set expandtab " tabs --> blanks
set showmode " anzeige INSERT/REPLACE/...
" set smartcase " Do smart case matching
set incsearch " Incremental search
" Start searching when you type the first character of
" the search string. As you type in more characters, the
" search is refined.
set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
" einrueckung
"set noexpandtab
set expandtab
set shiftwidth=3
set tabstop=3
set softtabstop=3
" Round indent to multiple of 'shiftwidth' for > and < commands
set shiftround
"set number
" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
" let &guioptions = substitute(&guioptions, "t", "", "g")
" Don't use Ex mode, use Q for formatting
map Q gq
" Make p in isual Visual mode replace the selected text with the "" register.
vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
" Switch syntax highlighting on, when the terminal has colors
" Also switch on highlighting the last used search pattern.
if &t_Co > 2 || has("gui_running")
syntax on
set hlsearch
endif
" Only do this part when compiled with support for autocommands.
if has("autocmd")
" In text files, always limit the width of text to 78 characters
autocmd BufRead *.txt set tw=78
augroup cprog
" Remove all cprog autocommands
au!
" When starting to edit a file:
" For C and C++ files set formatting of comments and set C-indenting on.
" For other files switch it off.
" Don't change the order, it's important that the line with * comes first.
autocmd FileType * set formatoptions=tcql nocindent comments&
autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
augroup END
augroup gzip
" Remove all gzip autocommands
au!
" Enable editing of gzipped files
" set binary mode before reading the file
autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin
autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip")
autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2")
autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip")
autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2")
autocmd FileAppendPre *.gz call GZIP_appre("gunzip")
autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2")
autocmd FileAppendPost *.gz call GZIP_write("gzip")
autocmd FileAppendPost *.bz2 call GZIP_write("bzip2")
" After reading compressed file: Uncompress text in buffer with "cmd"
fun! GZIP_read(cmd)
let ch_save = &ch
set ch=2
execute "'[,']!" . a:cmd
set nobin
let &ch = ch_save
execute ":doautocmd BufReadPost " . expand("%:r")
endfun
" After writing compressed file: Compress written file with "cmd"
fun! GZIP_write(cmd)
if rename(expand("<afile>"), expand("<afile>:r")) == 0
execute "!" . a:cmd . " <afile>:r"
endif
endfun
" Before appending to compressed file: Uncompress file with "cmd"
fun! GZIP_appre(cmd)
execute "!" . a:cmd . " <afile>"
call rename(expand("<afile>:r"), expand("<afile>"))
endfun
augroup END
" This is disabled, because it changes the jumplist. Can't use CTRL-O to go
" back to positions in previous files more than once.
if 0
" When editing a file, always jump to the last cursor position.
" This must be after the uncompress commands.
autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
endif
endif " has("autocmd")
" toggle syntax highlighting
map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
map <F11> :nohls <CR>
" use <F6> to toggle line numbers
nmap <silent> <F6> :set number!<CR>
" If using a dark background within the editing area and syntax highlighting
" turn on this option as well
set background=dark
" set color for search
hi clear search
hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
" set color for Comment
hi clear Comment
"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
" Go back to the position the cursor was on the last time this file was edited
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
" visual shifting (does not exit Visual mode)
vnoremap < <gv
vnoremap > >gv
" Scroll when cursor gets within 3 characters of top/bottom edge
set scrolloff=3
" Show line, column number, and relative position within a file in the status line
" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
" Always show status line, even for one window
set laststatus=2
highlight StatusLine cterm=none ctermfg=white ctermbg=blue
colorscheme PaperColor

178
files/homedirs/chris/.vimrc.BAK
View File

@ -1,178 +0,0 @@
" An example for a vimrc file.
"
" Maintainer: Bram Moolenaar <Bram@vim.org>
" Last change: 1999 Sep 09
"
" To use it, copy it to
" for Unix and OS/2: ~/.vimrc
" for Amiga: s:.vimrc
" for MS-DOS and Win32: $VIM\_vimrc
" This line should not be removed as it ensures that various options are
" properly set to work with the Vim-related packages available in Debian.
runtime! debian.vim
set nocompatible " Use Vim defaults (much better!)
set bs=2 " allow backspacing over everything in insert mode
set ai " always set autoindenting on
" set backup " keep a backup file
"set viminfo='20,\"50 " read/write a .viminfo file, don't store more
" than 50 lines of registers
set viminfo='20,\"50,:20,%,n~/.viminfo
set history=50 " keep 50 lines of command line history
set ruler " show the cursor position all the time
set ignorecase " suchen case-insenitiv
set showmatch " zeige passende klammern
set shell=/bin/bash " shell to start with !
set expandtab " tabs --> blanks
set showmode " anzeige INSERT/REPLACE/...
" set smartcase " Do smart case matching
set incsearch " Incremental search
" Start searching when you type the first character of
" the search string. As you type in more characters, the
" search is refined.
set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
" einrueckung
"set noexpandtab
set expandtab
set shiftwidth=3
set tabstop=3
set softtabstop=3
" Round indent to multiple of 'shiftwidth' for > and < commands
set shiftround
"set number
" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
" let &guioptions = substitute(&guioptions, "t", "", "g")
" Don't use Ex mode, use Q for formatting
map Q gq
" Make p in isual Visual mode replace the selected text with the "" register.
vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
" Switch syntax highlighting on, when the terminal has colors
" Also switch on highlighting the last used search pattern.
if &t_Co > 2 || has("gui_running")
syntax on
set hlsearch
endif
" Only do this part when compiled with support for autocommands.
if has("autocmd")
" In text files, always limit the width of text to 78 characters
autocmd BufRead *.txt set tw=78
augroup cprog
" Remove all cprog autocommands
au!
" When starting to edit a file:
" For C and C++ files set formatting of comments and set C-indenting on.
" For other files switch it off.
" Don't change the order, it's important that the line with * comes first.
autocmd FileType * set formatoptions=tcql nocindent comments&
autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
augroup END
augroup gzip
" Remove all gzip autocommands
au!
" Enable editing of gzipped files
" set binary mode before reading the file
autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin
autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip")
autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2")
autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip")
autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2")
autocmd FileAppendPre *.gz call GZIP_appre("gunzip")
autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2")
autocmd FileAppendPost *.gz call GZIP_write("gzip")
autocmd FileAppendPost *.bz2 call GZIP_write("bzip2")
" After reading compressed file: Uncompress text in buffer with "cmd"
fun! GZIP_read(cmd)
let ch_save = &ch
set ch=2
execute "'[,']!" . a:cmd
set nobin
let &ch = ch_save
execute ":doautocmd BufReadPost " . expand("%:r")
endfun
" After writing compressed file: Compress written file with "cmd"
fun! GZIP_write(cmd)
if rename(expand("<afile>"), expand("<afile>:r")) == 0
execute "!" . a:cmd . " <afile>:r"
endif
endfun
" Before appending to compressed file: Uncompress file with "cmd"
fun! GZIP_appre(cmd)
execute "!" . a:cmd . " <afile>"
call rename(expand("<afile>:r"), expand("<afile>"))
endfun
augroup END
" This is disabled, because it changes the jumplist. Can't use CTRL-O to go
" back to positions in previous files more than once.
if 0
" When editing a file, always jump to the last cursor position.
" This must be after the uncompress commands.
autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
endif
endif " has("autocmd")
" toggle syntax highlighting
map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
map <F11> :nohls <CR>
" use <F6> to toggle line numbers
nmap <silent> <F6> :set number!<CR>
" If using a dark background within the editing area and syntax highlighting
" turn on this option as well
set background=dark
" set color for search
hi clear search
hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
" set color for Comment
hi clear Comment
"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
" Go back to the position the cursor was on the last time this file was edited
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
" visual shifting (does not exit Visual mode)
vnoremap < <gv
vnoremap > >gv
" Scroll when cursor gets within 3 characters of top/bottom edge
set scrolloff=3
" Show line, column number, and relative position within a file in the status line
" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
" Always show status line, even for one window
set laststatus=2
highlight StatusLine cterm=none ctermfg=white ctermbg=blue
colorscheme PaperColor

4
files/homedirs/chris/_bashrc
View File

@ -113,3 +113,7 @@ export EDITOR=vim
## - set beep more quiet
## -
#xset b 10 500 50
# turn off the beep (only in bash tab-complete ?)
# only if interactiv shell
[[ "$-" =~ "i" ]] && bind 'set bell-style none'

2
files/homedirs/chris/_vimrc
View File

@ -178,4 +178,6 @@ highlight StatusLine cterm=none ctermfg=white ctermbg=blue
"Remove all trailing whitespace by pressing F5
nnoremap <F5> :let _s=@/<Bar>:%s/\s\+$//e<Bar>:let @/=_s<Bar><CR>
set belloff=all
colorscheme PaperColor

4
files/homedirs/root/_bashrc
View File

@ -76,3 +76,7 @@ export LINES=64
## - set beep more quiet
## -
#xset b 10 500 50
# turn off the beep (only in bash tab-complete ?)
# only if interactiv shell
[[ "$-" =~ "i" ]] && bind 'set bell-style none'

2
files/homedirs/root/_vimrc
View File

@ -178,4 +178,6 @@ highlight StatusLine cterm=none ctermfg=white ctermbg=blue
"Remove all trailing whitespace by pressing F5
nnoremap <F5> :let _s=@/<Bar>:%s/\s\+$//e<Bar>:let @/=_s<Bar><CR>
set belloff=all
colorscheme PaperColor

173
files/homedirs/root/_vimrc.BAK
View File

@ -1,173 +0,0 @@
" An example for a vimrc file.
"
" Maintainer: Bram Moolenaar <Bram@vim.org>
" Last change: 1999 Sep 09
"
" To use it, copy it to
" for Unix and OS/2: ~/.vimrc
" for Amiga: s:.vimrc
" for MS-DOS and Win32: $VIM\_vimrc
" This line should not be removed as it ensures that various options are
" properly set to work with the Vim-related packages available in Debian.
runtime! debian.vim
set nocompatible " Use Vim defaults (much better!)
set bs=2 " allow backspacing over everything in insert mode
set ai " always set autoindenting on
" set backup " keep a backup file
"set viminfo='20,\"50 " read/write a .viminfo file, don't store more
" than 50 lines of registers
set viminfo='20,\"50,:20,%,n~/.viminfo
set history=50 " keep 50 lines of command line history
set ruler " show the cursor position all the time
set ignorecase " suchen case-insenitiv
set showmatch " zeige passende klammern
set shell=/bin/bash " shell to start with !
set expandtab " tabs --> blanks
set showmode " anzeige INSERT/REPLACE/...
" set smartcase " Do smart case matching
set incsearch " Incremental search
" Start searching when you type the first character of
" the search string. As you type in more characters, the
" search is refined.
set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
" einrueckung
set shiftwidth=3
set tabstop=3
" Round indent to multiple of 'shiftwidth' for > and < commands
set shiftround
" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
" let &guioptions = substitute(&guioptions, "t", "", "g")
" Don't use Ex mode, use Q for formatting
map Q gq
" Make p in isual Visual mode replace the selected text with the "" register.
vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
" Switch syntax highlighting on, when the terminal has colors
" Also switch on highlighting the last used search pattern.
if &t_Co > 2 || has("gui_running")
syntax on
set hlsearch
endif
" Only do this part when compiled with support for autocommands.
if has("autocmd")
" In text files, always limit the width of text to 78 characters
autocmd BufRead *.txt set tw=78
augroup cprog
" Remove all cprog autocommands
au!
" When starting to edit a file:
" For C and C++ files set formatting of comments and set C-indenting on.
" For other files switch it off.
" Don't change the order, it's important that the line with * comes first.
autocmd FileType * set formatoptions=tcql nocindent comments&
autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
augroup END
augroup gzip
" Remove all gzip autocommands
au!
" Enable editing of gzipped files
" set binary mode before reading the file
autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin
autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip")
autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2")
autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip")
autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2")
autocmd FileAppendPre *.gz call GZIP_appre("gunzip")
autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2")
autocmd FileAppendPost *.gz call GZIP_write("gzip")
autocmd FileAppendPost *.bz2 call GZIP_write("bzip2")
" After reading compressed file: Uncompress text in buffer with "cmd"
fun! GZIP_read(cmd)
let ch_save = &ch
set ch=2
execute "'[,']!" . a:cmd
set nobin
let &ch = ch_save
execute ":doautocmd BufReadPost " . expand("%:r")
endfun
" After writing compressed file: Compress written file with "cmd"
fun! GZIP_write(cmd)
if rename(expand("<afile>"), expand("<afile>:r")) == 0
execute "!" . a:cmd . " <afile>:r"
endif
endfun
" Before appending to compressed file: Uncompress file with "cmd"
fun! GZIP_appre(cmd)
execute "!" . a:cmd . " <afile>"
call rename(expand("<afile>:r"), expand("<afile>"))
endfun
augroup END
" This is disabled, because it changes the jumplist. Can't use CTRL-O to go
" back to positions in previous files more than once.
if 0
" When editing a file, always jump to the last cursor position.
" This must be after the uncompress commands.
autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
endif
endif " has("autocmd")
" toggle syntax highlighting
map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
map <F11> :nohls <CR>
" use <F6> to toggle line numbers
nmap <silent> <F6> :set number!<CR>
" If using a dark background within the editing area and syntax highlighting
" turn on this option as well
set background=dark
" set color for search
hi clear search
hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
" set color for Comment
hi clear Comment
"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
" Go back to the position the cursor was on the last time this file was edited
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
" visual shifting (does not exit Visual mode)
vnoremap < <gv
vnoremap > >gv
" Scroll when cursor gets within 3 characters of top/bottom edge
set scrolloff=3
" Show line, column number, and relative position within a file in the status line
" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
" Always show status line, even for one window
set laststatus=2
highlight StatusLine cterm=none ctermfg=white ctermbg=blue

4
files/homedirs/sysadm/_bashrc
View File

@ -73,3 +73,7 @@ export LINES=64
## - set beep more quiet
## -
#xset b 10 500 50
# turn off the beep (only in bash tab-complete ?)
# only if interactiv shell
[[ "$-" =~ "i" ]] && bind 'set bell-style none'

2
files/homedirs/sysadm/_vimrc
View File

@ -175,4 +175,6 @@ set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\
set laststatus=2
highlight StatusLine cterm=none ctermfg=white ctermbg=blue
set belloff=all
colorscheme PaperColor

251
group_vars/all/main.yml
View File

@ -976,6 +976,122 @@ apt_initial_install_jammy:
- ifupdown
- socat
apt_initial_install_ubuntu_noble:
- cryptsetup
- dbus
- openssh-server
- rush
- bash
- bash-completion
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- cron
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- universal-ctags
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules
- perl-doc
- libperl-dev
- libreadline-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- zsh
- lua5.4
- btrfs-progs
- fdisk
install_compiler_pkgs: false
apt_compiler_pkgs:
- g++
@ -1918,11 +2034,11 @@ tor_hidden_service_port:
# vars used by modify-munin-ip.yml
# ---
munin_remote_ipv4: 135.181.136.84
munin_remote_ipv6: 2a01:4f9:3a:1051::84
munin_remote_ipv4: 37.27.121.227
munin_remote_ipv6: 2a01:4f9:3070:2bda::227
munin_remote_ipv4_old: 95.217.64.122
munin_remote_ipv6_old: 2a01:4f9:4a:2b57::122
munin_remote_ipv4_old: 135.181.136.84
munin_remote_ipv6_old: 2a01:4f9:3a:1051::84
# ---
@ -1978,7 +2094,7 @@ root_ssh_keypair: []
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
password: $y$j9T$RY2Nt/UmjMjxuyAhKXxMV0$IPvnS5XkNBluEiOARFmyQLp6GzXA1tY96rW.S9H7U84
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
@ -1988,7 +2104,7 @@ default_user:
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
@ -1997,7 +2113,8 @@ default_user:
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
group: sysadm
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
@ -2007,21 +2124,13 @@ default_user:
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
password: $y$j9T$FLeyg8Xy09ppHGVbKOr5l1$XJbJdjX7XlS5QeiTzBvl2dMYcC0AxIylkvayJgFR3CC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
extra_user: []
@ -2108,92 +2217,7 @@ sshd_use_dns: !!str "no"
sshd_gateway_ports: !!str "no"
sshd_required_rsa_size: 4096
# sshd_pubkey_accepted_algorithms:
#
# if the specified list begins with a '+' character, then the specified
# algorithms will be appended to the default set instead of replacing them.
#
# If the specified list begins with a '-' character, then the specified algorithms
# (including wildcards) will be removed from the default set instead of replacing them.
#
# If the specified list begins with a '^' character, then the
# specified algorithms will be placed at the head of the default set.
#sshd_pubkey_accepted_algorithms:
# - curve25519-sha256@libssh.org
# - diffie-hellman-group1-sha1
# - diffie-hellman-group14-sha1
# - diffie-hellman-group14-sha256
# - diffie-hellman-group16-sha512
# - diffie-hellman-group18-sha512
# - diffie-hellman-group-exchange-sha1
# - diffie-hellman-group-exchange-sha256
# - ecdh-sha2-nistp256
# - ecdh-sha2-nistp384
# - ecdh-sha2-nistp521
#sshd_pubkey_accepted_algorithms:
# - +ssh-rsa
# - ssh-dss
# sshd_kexalgorithms
#
# Example:
# sshd_kexalgorithms:
# - ntrup761x25519-sha512@openssh.com
# - curve25519-sha256,curve25519-sha256@libssh.org
# - ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
# - diffie-hellman-group-exchange-sha256
# - diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
# - diffie-hellman-group14-sha256
#
#sshd_kexalgorithms: {}
# sshd__ciphers
#
# Example:
# sshd_ciphers:
# - chacha20-poly1305@openssh.com
# - aes128-ctr
# - aes192-ctr
# - aes256-ctr
# - aes128-gcm@openssh.com
# - aes256-gcm@openssh.com
#sshd_ciphers: {}
# sshd_macs
#
# Example:
# sshd_macs:
# - umac-64-etm@openssh.com,umac-128-etm@openssh.com
# - hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
# - hmac-sha1-etm@openssh.com
# - umac-64@openssh.com,umac-128@openssh.com
# - hmac-sha2-256,hmac-sha2-512,hmac-sha1
#sshd_macs: {}
# sshd_hostkeyalgorithms
#
# Example:
# - ssh-ed25519-cert-v01@openssh.com
# - ecdsa-sha2-nistp256-cert-v01@openssh.com
# - ecdsa-sha2-nistp384-cert-v01@openssh.com
# - ecdsa-sha2-nistp521-cert-v01@openssh.com
# - sk-ssh-ed25519-cert-v01@openssh.com
# - sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
# - rsa-sha2-512-cert-v01@openssh.com
# - rsa-sha2-256-cert-v01@openssh.com
# - ssh-ed25519
# - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
# - sk-ssh-ed25519@openssh.com
# - sk-ecdsa-sha2-nistp256@openssh.com
# - rsa-sha2-512
# - rsa-sha2-256
#
#sshd_hostkeyalgorithms: {}
#sshd_required_rsa_size: 4096
# This users are allowed to use password authentification
#
@ -2250,8 +2274,12 @@ sudoers_file_user_back_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/rsync'
- 'ALL=(root) NOPASSWD: /usr/bin/find'
- 'ALL=(root) NOPASSWD: /usr/bin/realpath'
- 'ALL=(root) NOPASSWD: /root/bin/borg-backup/borg-umount-archiv.sh'
- 'ALL=(root) NOPASSWD: /root/bin/borg-backup/borg-backup.sh'
- 'ALL=(root) NOPASSWD: /root/bin/borg-backup/borg-backup-nc.sh'
- 'ALL=(root) NOPASSWD: /root/bin/borg2-backup/borg2-umount-archiv.sh'
- 'ALL=(root) NOPASSWD: /root/bin/borg2-backup/borg2-backup.sh'
- 'ALL=(root) NOPASSWD: /root/bin/borg2-backup/borg2-backup-nc.sh'
sudoers_file_user_back_postgres_privileges:
@ -2350,6 +2378,15 @@ bind9_gateway_allow_recursion:
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/ntp.yml
# ---
local_ntp_service: false
ntp_server: {}
# ---
# Firewall repository
# ---
@ -2904,6 +2941,10 @@ samba_netbios_name:
#
samba_server_min_protocol: []
# samba_allow_insecure_wide_links
#
samba_allow_insecure_wide_links: !!str no
samba_groups: []
# samba_user:

3
group_vars/gateway_server.yml
View File

@ -74,6 +74,9 @@ default_user:
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup'
sudo_users:
- chris

10
group_vars/oopen_office.yml
View File

@ -73,9 +73,11 @@ default_user:
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup'
sudo_users:
- chris
@ -108,6 +110,12 @@ sudo_users:
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/ntp.yml
# ---
# ==============================

6
group_vars/oopen_office_ga.yml
View File

@ -67,7 +67,7 @@ default_user:
password: $6$7oimWvvy$EHjynqU3KxaHie.9njz9rmVyh/dYpZOREl9gLo7fLrQXCAM9LqvrRvijCiAhfgnA6pz5VQe5oubkJQB0HF2pf/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
@ -96,7 +96,9 @@ default_user:
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup'
sudo_users:
- chris

20
group_vars/oopen_server.yml
View File

@ -48,21 +48,30 @@ ssh_keypair_backup_client:
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
@ -72,10 +81,13 @@ default_user:
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup'
sudo_users:

5
group_vars/warenform_office.yml
View File

@ -81,7 +81,10 @@ default_user:
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID5v9m8a7zcMqIjm+faCYK9CdyHZjS8poMZrsUODzTSL root@devel-root'
sudo_users:
- chris

4
group_vars/warenform_server.yml
View File

@ -87,7 +87,9 @@ default_user:
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5LudM+Bg/onOgBrdcLfJcZ7s2manrQa2P4D74tGSa9 root@o26-backup'
sudo_users:
- chris

335
host_vars/135.181.79.202.yml
View File

@ -1,335 +0,0 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
- rcconf
network_interfaces:
# Many device configurations are possible (as many as needed)
#
- device: enp35s0
# use only once per device (for the first device entry)
headline: enp35s0 - primary device
# auto & allow are only used for the first entry of that devicei-name)
#
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
# The statisc Mode
# Options
# address <dotted quad address[/netmask]>
# gateway <dotted quad address>
# pointopoint <Address of other end point (dotted quad). Note the spelling of "point-to">
# hwaddress <mac-address>
# mtu <size>
# scope <Address validity scope. Possible values: global, link, host>
#
# The manual Method
# Options
# hwaddress <mac-address>
# mtu <size>
#
# The dhcp Method
# Options
# hwaddress <mac-address>
# hostname <Hostname to be requested (pump, dhcpcd, udhcpc)>
# metric <metric>
# leasehours <Preferred lease time in hours (pump)>
# leasetime <Preferred lease time in seconds (dhcpcd)>
# vendor <Vendor class identifier (dhcpcd)>
# client <Client identifier (dhcpcd), or "no" (dhclient)>
#
# The bootp Method
# Options
# bootfile: <file: Tell the server to use 'file' as the bootfile.>
# server: <address: Use the IP address 'address' to communicate with the server.>
# hwaddr <mac-address: Use addr as the hardware address instead of whatever it really is.>
#
method: static
hwaddress:
description:
address: 135.181.79.202
# dotted quad or number of bits
#
# the entry will be: address/netmask
netmask: 255.255.255.192
gateway: 135.181.79.193
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
# nameservers:
# - "194.150.168.168" # dns.as250.net
# - "91.239.100.100" # anycast.censurfridns.dk
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# mode:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
#
# example:
#
# up:
# - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp35s0"
#
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp35s0"
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: enp35s0
# use only once per device (for the first device entry)
headline:
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto:
family: inet6
method: static
description:
address: 2a01:4f9:4b:17ce::2
netmask: 64
gateway: fe80::1
# optional dns settings nameservers: []
# nameservers:
# - "194.150.168.168" # dns.as250.net
# - "91.239.100.100" # anycast.censurfridns.dk
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# mode:
# miimon:
# master:
# slaves:
# lacp-rate:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: []# pre-up script lines
up: [] # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
#apt_manage_sources_list: false
# ---
# vars used by roles/common/tasks/users.yml
# ---
create_sftp_group: true
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
extra_system_user:
- name: www-data
home: /var/www
groups: sftp_users
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

115
host_vars/172.16.63.32.yml
View File

@ -1,115 +0,0 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
copy_additional_plain_files_sysctl:
- name: enable-ipv6
src_path: etc/sysctl.d/30-enable-ipv6.conf
dest_path: /etc/sysctl.d/30-enable-ipv6.conf
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

175
host_vars/172.16.82.197.yml Normal file
View File

@ -0,0 +1,175 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
copy_additional_plain_files_sysctl:
- name: enable-ipv6
src_path: etc/sysctl.d/30-enable-ipv6.conf
dest_path: /etc/sysctl.d/30-enable-ipv6.conf
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
#sshd_hostkeyalgorithms:
# - ssh-ed25519
# - ssh-ed25519-cert-v01@openssh.com
# - rsa-sha2-256
# - rsa-sha2-512
# - ecdsa-sha2-nistp256
# - rsa-sha2-256-cert-v01@openssh.com
# - rsa-sha2-512-cert-v01@openssh.com
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- akb.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $y$j9T$IVBTpn.OrI6YiQ9q3fA8b1$Y1bmID5yXJbKfoLFt1VmQs6LezeTj5/1M9ppZBD2Pn4

523
host_vars/37.27.121.218.yml
View File

@ -1,523 +0,0 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
# Many device configurations are possible (as many as needed)
#
- device: enp6s0
# use only once per device (for the first device entry)
headline: enp6s0 - primary device
# auto & allow are only used for the first entry of that devicei-name)
#
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
# The statisc Mode
# Options
# address <dotted quad address[/netmask]>
# gateway <dotted quad address>
# pointopoint <Address of other end point (dotted quad). Note the spelling of "point-to">
# hwaddress <mac-address>
# mtu <size>
# scope <Address validity scope. Possible values: global, link, host>
#
# The manual Method
# Options
# hwaddress <mac-address>
# mtu <size>
#
# The dhcp Method
# Options
# hwaddress <mac-address>
# hostname <Hostname to be requested (pump, dhcpcd, udhcpc)>
# metric <metric>
# leasehours <Preferred lease time in hours (pump)>
# leasetime <Preferred lease time in seconds (dhcpcd)>
# vendor <Vendor class identifier (dhcpcd)>
# client <Client identifier (dhcpcd), or "no" (dhclient)>
#
# The bootp Method
# Options
# bootfile: <file: Tell the server to use 'file' as the bootfile.>
# server: <address: Use the IP address 'address' to communicate with the server.>
# hwaddr <mac-address: Use addr as the hardware address instead of whatever it really is.>
#
method: static
hwaddress:
description:
address: 37.27.129.85
# dotted quad or number of bits
#
# the entry will be: address/netmask
netmask: 26
gateway: 37.27.129.65
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 185.12.64.1
# - a01:4ff:ff00::add:2
#search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# mode:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
#
# example:
#
# up:
# - !!str "route add -net 135.181.79.192 netmask 255.255.255.192 gw 135.181.79.193 dev enp6s0"
#
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 37.27.129.64 netmask 255.255.255.192 gw 37.27.129.65 dev enp6s0"
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
- device: enp6s0
# use only once per device (for the first device entry)
headline:
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto:
family: inet6
method: static
address: 2a01:4f9:3071:1141::2
netmask: 64
gateway: fe80::1
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge: {}
# optional bonding parameters bond: {}
# bond:
# mode:
# miimon:
# master:
# slaves:
# lacp-rate:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: []# pre-up script lines
up: [] # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
#apt_manage_sources_list: false
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 185.12.64.2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
cron_user_entries:
- name: "Remote Borg Backup"
minute: '04'
hour: '00'
job: /root/crontab/backup-rborg/rborg.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check connectifity - reboot if needed"
minute: '*/10'
hour: '*'
job: /root/bin/admin-stuff/check-connectivity.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if NTP service 'ntpsec' is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1
# - name: "Backup internet hosts and then print out hdd-usage for all backuped hosts"
# minute: '16'
# hour: '00'
# weekday: '1-6'
# job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N
#
# - name: "On sunday morning also determin diskspace usage"
# minute: '16'
# hour: '00'
# weekday: 7
# job: /root/crontab/backup-rcopy/rcopy.sh -B ; /root/crontab/backup-rcopy/rcopy.sh -N ; /root/bin/admin-stuff/disk-space_usage.sh -q -o /root/disk-space_usage /backup
#
# - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
# minute: '23'
# hour: '05'
# job: /var/lib/dehydrated/cron/dehydrated_cron.sh
#
# - name: "Check whether all certificates are included in the VHOST configurations"
# minute: '33'
# hour: '05'
# job: /var/lib/dehydrated/tools/update_ssl_directives.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'
job: /root/bin/admin-stuff/check-disc-usage.sh -c 85
# ---
# vars used by roles/common/tasks/users.yml
# ---
create_sftp_group: true
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
extra_system_user:
- name: www-data
home: /var/www
groups: sftp_users
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

78
host_vars/anita.wf.netz.yml
View File

@ -55,14 +55,6 @@ extra_user:
ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
- name: christian
user_id: 1005
group_id: 1005
password: $6$2paWmEea$G51JZDzjjDNE75aBl/xuM1dyH.FWYHwNCRHeKWkHhxjUmRRC/v.hhNh5jOk5EbVWDeVh7r5dz1tO2HTZUMftb1
shell: /bin/bash
ssh_keys:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb6ngLE9Vh0H6IqiHF2yeQX11kCeVE4QaK8Ca0Ogqtz8drC4/3Ugl9ZDtJR+UH+GpP/bOQZDTGF6f+p8dNlfpeoHZ92Yg62yMeD9qx9iQT8NeloLvpHk3B3NV10Lrff/zoeTGP7U8zKvLQsYnCwSPEodKEsxbf5mFcJN13/m+PW3tW0veRtYGvBwhimxidpSr+DLcRTZrZGs2Jf8BVqqAL0BIdH7exuLeKpACQzDAk10+DfLTNEXPgZ5jNBu3MBXqjyNRTTU+wEGAyUmHxv+ZJfjeBIM2Hgkl+lp2Bi5qQlsUduYtbXXrPQZzbgzIk+Rr0yY7/mfYSEXR41Uqv1QLScs2+Dpf713Lyr7H97bf64m1mzLd5vrps94JlqHSmcRzqENsW7HpdRmnpD7R+2lJe2faVX1HIT/mh/PjMItefbOhgV5FtcHcUiINVqi/4bmK68fPTXD+OBLuOHRkp1rYME6Z9pxXa6H6Ji8rIGOAHf2XyGqbvR80pG8n/jMk8AmaZLlvzCk1YAocphZDFAV/jm5zwFiUCzrND6mz4xCWJ8lJb2ZPoQpuGUppg/agoASFPeimbJp5zRuUp9tLL1xra0b9NjAA42M6ju1CkDvvNnRGEk/E9AD/G6v4AxHP5dzzmIlLSS6sNIDADPkdIfRhwe1Y7aF3TrYNq/P97Z1whtQ== schroeder@Christians-MacBook-Pro.local'
- name: annette
user_id: 1006
group_id: 1006
@ -72,6 +64,76 @@ extra_user:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.52.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- wf.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---

200
host_vars/backup.oopen.de.yml
View File

@ -9,6 +9,35 @@
# vars used by roles/ansible_user
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: borg-client_key
priv_key_src: backup.oopen.de/root/.ssh/borg-client_key
priv_key_dest: /root/.ssh/borg-client_key
pub_key_src: backup.oopen.de/root/.ssh/borg-client_key.pub
pub_key_dest: /root/.ssh/borg-client_key.pub
- name: id_ed25519-borg-backup
priv_key_src: backup.oopen.de/root/.ssh/id_ed25519-borg-backup
priv_key_dest: /root/.ssh/id_ed25519-borg-backup
pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-borg-backup.pub
pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub
- name: id_ed25519-backup
priv_key_src: backup.oopen.de/root/.ssh/id_ed25519-backup
priv_key_dest: /root/.ssh/id_ed25519-backup
pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-backup.pub
pub_key_dest: /root/.ssh/id_ed25519-backup.pub
- name: id_ed25519-gitea
priv_key_src: backup.oopen.de/root/.ssh/id_ed25519-gitea
priv_key_dest: /root/.ssh/id_ed25519-gitea
pub_key_src: backup.oopen.de/root/.ssh/id_ed25519-gitea.pub
pub_key_dest: /root/.ssh/id_ed25519-gitea.pub
# - name: id_rsa
# priv_key_src: backup.oopen.de/root/.ssh/id_rsa
# priv_key_dest: /root/.ssh/id_rsa
# pub_key_src: backup.oopen.de/root/.ssh/id_rsa.pub
# pub_key_dest: /root/.ssh/id_rsa.pub
# ---
# vars used by roles/common/tasks/basic.yml
@ -96,6 +125,80 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "/root/bin/postfix/check-postfix-fatal-errors.sh"
minute: '*/17'
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
- name: "Check if remote website is online"
minute: '*/15'
hour: '7-23'
job: /root/bin/monitoring/check_remote_websites.sh
- name: "Remote Borg2 Backup"
minute: '04'
hour: '00'
job: /root/crontab/backup-rborg2/rborg2.sh
- name: "Remote Borg Backup"
minute: '34'
hour: '01'
job: /root/crontab/backup-rborg/rborg.sh
- name: "Check hard disc usage."
minute: '43'
hour: '6'
job: /root/bin/admin-stuff/check-disc-usage.sh -c 85
# ---
# vars used by roles/common/tasks/users.yml
# ---
@ -138,7 +241,9 @@ default_user:
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
- name: borg
user_id: 1065
@ -149,6 +254,99 @@ default_user:
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmfp+4waTzHxdT5TaxAMsIPDDwNe8Dwuif1jL+9v9GP root@a.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBIyXel+KOTLB6VB2xJwyWaZc0KuCJzocwlziFdovCl root@a.ns'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGi22vcCilahX9KwbqcF8/D0RnzQXvgzTUFTmRHNJsBZ root@anabaena'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU1InXFKZX9emaT5QsY4Nr0tr8CzbyV8Js8RzZC9vGk root@b.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPo7hI8oIS+/xufCUNTTgNoz592udJaU+79L0uADzKJY root@b.ns'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtIXFS9OrKBvBl+fKtYN/lOOKpPuuc02H8HV+++LeBU root@backup'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZkez42c+5KVt/ZOhwslO321ibzV02oMImImRGNBIRD root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT+QOy+R6O4ojAeB7y/CRMmfbB19rFstvEW7saHpHMX root@c.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXaxrm1MdUsiGviWJX/LaaaTaHga7+GKXYZPjUr5aBV root@chamaesiphon'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPrJu40Up1x9VCTTac6+ANjJ2NFXfDb5v3dP4pVgm+c root@cl-01'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7JBJ0qQJsTlADj/zMoxGlzPCGlnh0ngDS5+tkyVqgf root@cl-02'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORi7e7u0KhCkCB8iCmPud0hzCwnJVhxpPmy8vFFkFgY root@cl-dissens'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3VloFw13vVt8UAV5h0860Wq/vFJEm5EazOqM+cVe17 root@cl-flr'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRaUsGqBvZBDzyh1kuldC/jdbtuoXFgBZ7PbgSqytSn root@cl-fm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvmOpsiL+eiJ3qZVDJiUCFVZge0OQJ1hpZgw7pJ8sq5 root@cl-irights'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7h6rR+q5bRh/qgzA7ZyiZcRr9vMbo7cxhQsoukWmUn root@cl-vbrg'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcHQfSVG8DM1qHp2ce73ZBWXknZGZFur5s27V58T7ON root@cl-opp'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClnyNS5RQsbXmgOX7NU7i154DElOlha3y0ybF6FwScT root@cl-test'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9juGhHhby43voUlTszqmhteuRl4pEWBGjypB1mmDfq root@cloud.akweb.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjhcoyYp05x8cp0WxOqSMQmWP8Kk/JGqCYdjcym0oFY root@cp-01'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTgn7Wu9MC0ZlyYfZ4RtTImJu2BBAtsZ7DSt9cO/N2y root@cp-flr'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAguHJx7QJyFEb26ffG84oZ09rcvrWPoLZMIaAeZttHq root@d.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDNzUe1NSR+r3RTQ11QMUudiyrAWVwWzsgAlxvxx43wN root@dc-opp'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMHxvK5kzKgypVi8ZvshveSpyo0eSXiBCnAC5Pcjdgv root@discourse'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDy5WM1qsLE2SRwWG1Y38WJcMYUpL8MuQiraqiXfHzaH root@e.mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvOkCWNKUJ5o9e+0NhY4IFZv8LA7tkkkEFjr8nqFKhe root@formbricks-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPbony+4g4iFS32Cv/Bkmet4FsCAsrGTffwWm2eM16x root@git.warenform'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqqmBWh3qmnx41NiLCn1LhVG0mn4++IUvRNC0OMh6h6 root@gitoea'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICR9o0+6jnfmXKOedKP6IZgt5lRIPFSJJ4FbMjz2SPkH root@gw-campus'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYFe6i0UdPRyENvfaJSJVCHtmnlJmhbqGEsdIlTapsj root@initiativenserver'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ54/I+TdZUA+Xc6bixSa3f0hN5y4kWW+xl9kqSZPBYS root@keycloak-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO886BNZ/o9aBwkKqHku+MjS5/GEVRBbXXSF76ry7oZR root@mail-cadus'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsPJQGHl1GVZ3yPl3Oi3xlH+EUsN1/EWDY2XAohag/P root@mail-fm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICM4+Zvs5SY3E2cAMdnta1BujzudGg/97nz+nE5sipVD root@matomo-01'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDNIGI5HpfYnZCvDM3bf3UQti8SRhgL7wLu8LfxZLqwB root@meet.akweb.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLG5tE0tHh+iFRzellU80eJTxZfqDB3e6Dg4XRKBrA root@meet.oopen.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2bxZZNXrlsvERYo0VyXzdW1AZuGmsTNjgF4oQJNfnn root@mm-irights'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpKuS8DFuHHvfQZCHOGiurOvzlFkx1unnMfZWEM3wUY root@mm-rav'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnwSzzSrAQJN3I0Y3xRU0rjlrO2KlHD3tFMgCqEyk0i root@mm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBTRzuXg2lzAERsNWpQYHEI1T6dP7VJehBPKF2pAsH4 root@o12'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAyyyFaDWqjQjDFgOSW6cs71yxw7DRNFQapWMZXds03 root@o13'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN6Z+3zYorB3NKO3TObynG8vn9xi1H8IBmadIOQBPE+ root@o13-cryptpad'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINgejUarJhSeXVswvyycIC62BIdGZWevz+Lr1spEJClR root@o13-git'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHIzL5IM0ljUs0b8lRv20qoZzPZRXVA5CKzGql42zPer root@o13-mail'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIQfWW6et5x2DU7jG9iR+T6kbAipVxyjKuRksTtcvtb root@o13-mumble'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTxl1BwIslVhsiFCZeRlgwoSO2ahaHWwMeiKAIRFJm6 root@o13-pad'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHl2xONyeBX/gnJ4iVeSVoxu/W6ku2VorA5gxAbp95q root@o13-staging-board'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaXEVvhblxX045H2/B/6RJmoW77WOKJM5FQfvMUPCIs root@o13-web'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAp24VDXOsa0MuzGFaFa3CPDUsnA/ASojHAiN344m+dP root@o14'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcQ9MFqTMOmjnec4ftUJAYiAe8p7pp7a5EBSIM0A5ji root@o17'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFstQOOM/U18SV27+XTtBhso+vICK5L4aOGC83QnvS8+ root@o19'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC85aj16Ow1ZPutkp5TmZdxjMsECkhnO64ktc3OYZJHc root@o25-board'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICurG4lWMuEercht716M3x2KgsUYKIwku4VdF52sBu41 root@o21-oolm-db'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4zWDGHh75cKB0AZKIbiWHosK4Xvk6vS2r/aChs8u42 root@o22'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGcgS05xGLPuECQ7E5zjzfSDxdFBO1mAjkSV2bktxld+ root@o23'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEM1SI7Lwk0G8UycysL7ZPdXm1DRGgPnr01B0ewRGEKi root@o24'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJKfPInE9VjXVe+6DQ+4/H1nQJwXljYEK6gwfmTDgGy root@o26'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIES9ftVcNMv6pW2HDM12fIbOOEvq1fcd74kbO4LHfhGH root@o28'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtACieGFf34NDepB9GqJjVqji6bf6xrO1LevXgm3aN+ root@o29'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE70FVVu2bsdH2qJITFVSDEPraiI4uSCuzEkYlbl6pRW root@o30'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0+aRoMxzmiQCAIMajNhbTZEumtZ9yCG2Nb4ucqK8lo root@o31'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJvhepf3kho9zJz1QO52aLbr4/Rim/FLdENg1GNKCPx root@o32'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMuN9gOcpjKIh468XkKJDkLqfHr3dAClpJQEHKgv16y root@o33'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOa43l92OhS5mCArXvIL1Ub3Oj6wu1esooaqoTNwWt7O root@o35'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBSDsGwvvuxMbBsD8CIazWVZYDxZsrUP7SWvxtlJOA2 root@o36'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzgTXbAtndo6ZhbBTiveznUoyRGbmNr2TTDvUTB4ikF root@o38'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaU4dQebr9Zu9UUX9W9KIHBvlyKzIWPqY3Ta+wq5N6d root@o39'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwKlqSxMkU699gyHGrJwltGK81agT4hwlg38rnviN8X root@o40'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB4J/cF/pB9cWyWEKmyTkVEDocPHH3ZMNHdoiqcOmsfp root@o41'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDW54VI+M5SjV6dQLew/IA31RI1GOneIqg5dI1/VZQgJ root@o42'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2b60T/OXKCoze083GsHXuMFtm8Zo3WnCFb9Q9ofGie root@o43'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUnxlKIffm8a5BmoQE40h8ut0R6eCxcm+Iewv3evmE9 root@oolm-shop'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ylglAkPst7G6kES2lE96ECp0AGXGjzCVkZSqGVru6 root@oolm-shop-dev'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUZ0WNd3rTqHH1tiXAELwssGw6xUP1ROdhgxKbMinYY root@oolm-web'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJCzTmrRp0s0qpkf9HYyx4lL+zs1jTAYcCsvqpJ72p root@super-opferhilfefonds'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID82UUUkYKYFbJdmTcMYu+vl3M0FVQznXFbngqPoumP+ root@prometheus-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJU5HzfGYZwWeaoAGGFF7/3VQP19ce6Rgn5wcOR98Q3o root@server26'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfCFz6mPdn3TKVCgffHQAKt3LN/0srS/gBsMoOyZpi root@shop-agr'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHbeMf/CvAYIU/4UW8Ql59FgPo/3vcZ3vI3QzK2kOadE root@srv-cityslang'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINiVJ2QVuGz0bLlrJVa3CJ+DtwOv0pt6M53ipkGbW1JQ root@stolpersteine'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVZ38bJGxecaM5cNj8U+3t1h7+qEEMyjNZ8hzwf2LIT root@test.mariadb'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD79xl6N7GJVXKLdKTmuOp4LFuGLWjintKn1/jRSijN root@web-01'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUaZJexZs5IgoaHtXe9BmP7F1lo1CoXPuY+u3Sy1KZg root@web.cadus.org'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWTNSuBRncq7cK7JRvXDFZtY9SX4V27HrdJLI4MafHw root@web-02'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfm+DaBXSQEqhBSCrLqtG4pykjqqvJFSONauO5Y4/nQ root@web-03'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOzSjKX9dVlCN9GLvG3gtD201O+WlC8TgdtB+USk3bY root@web-04'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJplxgMsGCaiLf2KtHYW1Xp1U7D7geQn3fHci0GWZGi9 root@web-05'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAUmUR9jN7rZcFGlBoURwhFJbEK7wtZOKsQiwJgYkBv root@web-06'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzt5Gfw+BbB53qSXdzhLtzbCcp9vZSOtO0DB6PBKNwh root@web-07'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID2ByQIUPa7F+AmU1swI3goQoS1dzlxVq3uMdVLkmqcn root@web-08'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhsrYnt08oQ3bt/dU/uw9lpYhsUK7e+2GXZJO9aqufK root@web-09'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAHeAPDssTd+j9fOUt+fPtmt7s2ukFKTzig788I5tldH root@web-nd'
sudo_users:
- chris

127
host_vars/backup.warenform.de.yml
View File

@ -14,6 +14,40 @@
# vars used by roles/ansible_user
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: id_ed25519-gitea
priv_key_src: backup.warenform.de/root/.ssh/id_ed25519-gitea
priv_key_dest: /root/.ssh/id_ed25519-gitea
pub_key_src: backup.warenform.de/root/.ssh/id_ed25519-gitea.pub
pub_key_dest: /root/.ssh/id_ed25519-gitea.pub
- name: borg-client_key
priv_key_src: backup.warenform.de/root/.ssh/borg-client_key
priv_key_dest: /root/.ssh/borg-client_key
pub_key_src: backup.warenform.de/root/.ssh/borg-client_key.pub
pub_key_dest: /root/.ssh/borg-client_key.pub
- name: id_ed25519-borg-backup
priv_key_src: backup.warenform.de/root/.ssh/id_ed25519-borg-backup
priv_key_dest: /root/.ssh/id_ed25519-borg-backup
pub_key_src: backup.warenform.de/root/.ssh/id_ed25519-borg-backup.pub
pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub
- name: id_ed25519-backup
priv_key_src: backup.warenform.de/root/.ssh/id_ed25519-backup
priv_key_dest: /root/.ssh/id_ed25519-backup
pub_key_src: backup.warenform.de/root/.ssh/id_ed25519-backup.pub
pub_key_dest: /root/.ssh/id_ed25519-backup.pub
# - name: id_rsa
# priv_key_src: backup.warenform.de/root/.ssh/id_rsa
# priv_key_dest: /root/.ssh/id_rsa
# pub_key_src: backup.warenform.de/root/.ssh/id_rsa.pub
# pub_key_dest: /root/.ssh/id_rsa.pub
# ---
# vars used by roles/common/tasks/basic.yml
@ -93,27 +127,67 @@ resolved_nameserver:
- 2a01:4f8:0:1::add:9999
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "/root/bin/postfix/check-postfix-fatal-errors.sh"
minute: '*/17'
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Check if remote website is online"
minute: '*/15'
hour: '7-23'
job: /root/bin/monitoring/check_remote_websites.sh
- name: "Remote Borg2 Backup"
minute: '02'
hour: '00'
job: /root/crontab/backup-rborg2/rborg2.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.warenform.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.warenform.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.warenform-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.warenform-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.warenform.de
default_user:
@ -157,9 +231,32 @@ default_user:
group_id: 1060
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFstQOOM/U18SV27+XTtBhso+vICK5L4aOGC83QnvS8+ root@o19'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqqmBWh3qmnx41NiLCn1LhVG0mn4++IUvRNC0OMh6h6 root@gitea.oopen.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtIXFS9OrKBvBl+fKtYN/lOOKpPuuc02H8HV+++LeBU root@backup.oopen.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1RkJYM8qcEagoKt9gNVaeBbXZEJscqIBNnhL/KZfSA root@munin.oopen.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIj2SdZgxG4NCjUiCXY7msCG+Vn6MQ5jsGxrs2qn1QZh root@mx'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQAvCK/h7+8h8hPm3WyeEdBbhY4SdOSWJYxuFW24XbM root@nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwG3cYT1S5ttaf7OCB2dfBAg4FFA3OO3HPTkiclaVFi root@server22'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyse/Fby2JiHjM10uotVfsBYO0W1EgmtFG2q+Q1xe38 root@server24'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIH9V1aqgZSqu7vfK9e5qGKm+ICHd8VglRr0Brm4kXfu root@server25'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOOYhdtNPAQP8BlgSYBaMfWl8Yv4Y9ww7SWeLOn0HXH root@web0'
sudo_users:
- chris

48
host_vars/bbb-server.b3-bornim.netz.yml
View File

@ -161,54 +161,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris

151
host_vars/cl-dissens.oopen.de.yml Normal file
View File

@ -0,0 +1,151 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

151
host_vars/cl-irights-neu.oopen.de.yml Normal file
View File

@ -0,0 +1,151 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

84
host_vars/cl-irights.oopen.de.yml
View File

@ -99,6 +99,90 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
minute: '*/5'
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Optimize mysql tables"
minute: '53'
hour: '04'
job: /root/bin/mysql/optimize_mysql_tables.sh
- name: "Flush query cache for mysql tables"
minute: '27'
hour: '04'
job: /root/bin/mysql/flush_query_cache.sh
- name: "Flush Host cache"
minute: '17'
hour: '05'
job: /root/bin/mysql/flush_host_cache.sh
- name: "Run occ file:scan for each cloud account"
minute: '02'
hour: '23'
job: /root/bin/nextcloud/occ_maintenance.sh -s cloud-irights.oopen.de
- name: "Background job for nextcloud instance 'cloud-irights.oopen.de"
minute: '*/15'
hour: '*'
job: sudo -u "www-data" /usr/local/php/bin/php -f /var/www/cloud-irights.oopen.de/htdocs/cron.php
- name: "Check if certificates for coolwsd service are up to date"
minute: '17'
hour: '05'
job: /root/bin/nextcloud/check_cert_coolwsd.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---

163
host_vars/devel-db.wf.netz.yml Normal file
View File

@ -0,0 +1,163 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.52.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- wf.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

163
host_vars/devel-php.wf.netz.yml Normal file
View File

@ -0,0 +1,163 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.52.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- wf.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

163
host_vars/devel-repos.wf.netz.yml Normal file
View File

@ -0,0 +1,163 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.52.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- wf.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

163
host_vars/devel-wiki.wf.netz.yml Normal file
View File

@ -0,0 +1,163 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.52.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- wf.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

115
host_vars/file-ah.kanzlei-kiel.netz.yml
View File

@ -168,6 +168,68 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users
# ---
default_user:
- name: chris
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$sHxqz7NyYdn38ZegSbewO.$PPHR0n.XeMcS3AQ9KybllBT.2hxpYlQ7AiVhxHgUOX8
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
home: /home/localadmin
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
- name: borg
user_id: 1065
group_id: 1065
group: borg
home: /home/borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF7MKFmJ2kJrNs5DhlPqfizZgz3wNpzFAITo63p/VBOe root@file-ah'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItQLQ7lhBY2USF4Jcp4teF+1NydI73VeHYbQW8q4Mcw root@gw-ah'
# ---
# vars used by roles/common/tasks/cron.yml
# ---
@ -185,59 +247,6 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$1X6iXiYz2fIQcfKWSSzno1$9Uos8SGn/8V3oHWwiR6kaRPfUuIrxKP8kRNUZ1.da3/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- localadmin
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---

53
host_vars/file-blkr-alt.blkr.netz.yml
View File

@ -182,59 +182,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- localadmin
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---

67
host_vars/file-blkr.blkr.netz.yml
View File

@ -182,59 +182,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- localadmin
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
@ -254,7 +201,7 @@ sudo_users:
sudoers_file_user_aliases:
- name: MAIN_USER
entry: 'josephine, julius, julius-e, sebastian'
entry: 'josephine, julius, julius-e, leonie, buero1, buero2, buero3, referendariat, refa, ref1, sebastian, buero-05, buero-06, lap-01'
sudoers_file_cmnd_aliases:
- name: REBOOT
@ -392,6 +339,10 @@ samba_user:
groups:
- buero
password: '4/zCNXnVF7+i'
- name: refa
groups:
- buero
password: 'Mehringdamm40'
- name: ref1
groups:
- buero
@ -409,6 +360,14 @@ samba_user:
groups:
- buero
password: 'N-ba2R+i/2eM'
- name: lap-01
groups:
- buero
password: 'X_2yYs2AIo.E'
# - name: lap-02
# groups:
# - buero
# password: 'N.i/_UXcG5C9'
base_home: /data/home

588
host_vars/file-dissens.dissens.netz.yml Normal file
View File

@ -0,0 +1,588 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1np0
# use only once per device (for the first device entry)
headline: eno1 - LAN
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.132.10
netmask: 24
gateway: 192.168.132.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 192.168.132.1
#search: blkr.netz
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.132.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.132.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- dissens.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users
# ---
default_user:
- name: chris
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$sHxqz7NyYdn38ZegSbewO.$PPHR0n.XeMcS3AQ9KybllBT.2hxpYlQ7AiVhxHgUOX8
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
home: /home/localadmin
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
#extra_user:
#
# - name: borg
# user_id: 1065
# group_id: 1065
# group: borg
# home: /home/borg
# password: $y$j9T$SZty9T8ZWbnyHR2S85xaG.$GhxHOKG9fKErT9s5TAehXXyZJSkNaIcXY18Rg1iMyhC
# shell: /bin/bash
# ssh_keys:
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrNhcgNtZykTgzcwX/L1cL8qpSyQQy75M01UpjdSmA root@file-dissens'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens'
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Daily Backup "
minute: "03"
hour: "00"
job: /root/crontab/backup-rborg2/rborg2.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_aliases:
- name: MAIN_USER
entry: 'malte.taeubrich, ulla.wittenzellner, sarah.klemm, bernard.koennecke, elenor.faellgren, mario.freidank '
sudoers_file_cmnd_aliases:
- name: REBOOT
entry: '/sbin/reboot'
- name: MANAGE_SERVICE
entry: '/usr/bin/systemctl'
sudoers_file_user_privileges:
- name: MAIN_USER
entry: ALL = REBOOT
- name: MAIN_USER
entry: ALL = MANAGE_SERVICE
# - name: julius
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: josephine
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: sebastian
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: julius-e
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/ntp.yml
# ---
local_ntp_service: true
ntp_server: gw-dissens.dissens.netz
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.132.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.132.10:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.132.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.132.10
samba_server_cidr_prefix: 24
samba_workgroup: DISSENS
samba_netbios_name: FILE-DISSENS
samba_server_min_protocol: !!str NT1
samba_groups:
- name: team
group_id: 1100
- name: projekte
group_id: 1110
- name: verwaltung
group_id: 1200
- name: gf
group_id: 1300
samba_user:
- name: bernard.koennecke
groups:
- gf
- projekte
- team
- verwaltung
password: '20.ber-n4rd.ko3n-3cke-24!'
- name: chris
groups:
- gf
- projekte
- team
- verwaltung
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: david.gelhaar
groups:
- projekte
- team
- verwaltung
password: '20-dav1d.g3lh44r_24%'
- name: elenor.faellgren
groups:
- projekte
- team
- verwaltung
password: '20/3l3n0r-fa3llg3em/24?'
- name: johanna.hess
groups:
- projekte
- team
password: '20_j0h4nn4_h3ss-24+'
- name: johanna.ruekgauer
groups:
- projekte
password: '20.j0hanna.ru3kgau3r+24!'
- name: laura.sasse
groups:
- projekte
- team
password: '20/l4ur4-s4sse-24?'
- name: lino.koehler
groups:
- projekte
password: '20.l1no-ko3hl3r_25/'
- name: maite.gabriel
groups:
- projekte
password: '20+m4ite.g4briel-24+'
- name: malte.taeubrich
groups:
- gf
- projekte
- team
- verwaltung
password: '20%m4lt3-t3ubrich+24!'
- name: mario.freidank
groups:
- projekte
- team
- verwaltung
password: '20-mar1o.fr31dank-24+'
- name: olaf.stuve
groups:
- projekte
password: '20-0l4f_stuve_24?"'
- name: ralph.klesch
groups:
- projekte
- team
- verwaltung
password: '20/r4lph-kl3sch.24-'
- name: rositsa.mahdi
groups:
- projekte
password: '20.ros1tsa-mahd1+24+'
- name: selma.albrecht
groups:
- projekte
password: '20-sel-ma.al-brecht/25!'
- name: sarah.klemm
groups:
- gf
- projekte
- team
- verwaltung
password: '20.s4r4h_kl3mm-24!'
- name: selma.albrecht
groups:
- projekte
password: '20-sel-ma.al-brecht/25!'
- name: scan
groups:
- team
password: '20-sc4n.25!'
- name: sebastian.scheele
groups:
- projekte
- team
password: '20/s3-bast1an+sch33l3_24-'
- name: simon.krugmann
groups:
- projekte
password: '20%sim0n.krugm4nn.24?'
- name: tabea.koepp
groups:
- projekte
- team
password: '20?tab3a/ko3pp.24/'
- name: till.dahlmueller
groups:
- projekte
- team
password: '20.t1ll/d4hlmueller-24!'
- name: ulla.wittenzellner
groups:
- gf
- projekte
- team
- verwaltung
password: '20+ull4_w1tt3nz3lln3r_24-'
- name: yannik.markhof
groups:
- projekte
- team
password: '20.y4nnik/m4rkhof_24/'
base_home: /data/home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
#remove_samba_users:
# - name: elenor.faellgrem
# - name: maiken.schiele
samba_shares:
- name: GF
comment: GF auf Fileserver
path: /data/samba/shares/GF
group_valid_users: gf
group_write_list: gf
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Projekte
comment: verwaltung auf Fileserver
path: /data/samba/shares/Projekte
group_valid_users: projekte
group_write_list: projekte
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Team
comment: verwaltung auf Fileserver
path: /data/samba/shares/Team
group_valid_users: team
group_write_list: team
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Verwaltung
comment: verwaltung auf Fileserver
path: /data/samba/shares/Verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

138
host_vars/file-ebs.ebs.netz.yml
View File

@ -174,6 +174,67 @@ resolved_fallback_nameserver:
- 172.16.182.254
# ---
# vars used by roles/common/tasks/users
# ---
default_user:
- name: chris
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$sHxqz7NyYdn38ZegSbewO.$PPHR0n.XeMcS3AQ9KybllBT.2hxpYlQ7AiVhxHgUOX8
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
home: /home/localadmin
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
- name: borg
user_id: 1065
group_id: 1065
group: borg
home: /home/borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAMFUnBjVV0WjUlhd2FT49nXlpHUDPEwaJ7bAvRJfB56 root@file-ebs'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBK8Ngbtl8Yjtk1JkT0Xn1HVIAHKdtfh0qicnnJTa3Kx root@gw-ebs'
# ---
# vars used by roles/common/tasks/cron.yml
# ---
@ -191,59 +252,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$WWsYp2DSIw4jNx5/IaKzY1$VjvTQYvSaQtJDiiNYxOUDEx9QdIPTZ1YWXSSaS1whH/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
@ -314,6 +322,9 @@ samba_netbios_name: FILE-EBS
samba_groups:
- name: sysadm
group_id: 1050
- name: admin
group_id: 1100
@ -365,6 +376,12 @@ samba_user:
- recherche
password: 'IrcR3uo-QJ.5'
- name: winadm
groups:
- admin
- sysadm
password: 'ZbPS.Lh6d-9E'
- name: buero
groups:
- alle
@ -505,6 +522,21 @@ samba_shares:
vfs_object_recycle: false
# ---
# - This share will be written by Windows Server 2016 configured at
# - "Windows Zubehör" -> "Windows Server-Sicherung"
# ---
- name: WinServer2022-Backup
comment: WinServer2022-Backup on Fileserver
path: /data/samba/shares/WinServer2022-Backup
group_valid_users: sysadm
group_write_list: sysadm
file_create_mask: !!str 664
dir_create_mask: !!str 2775
guest_ok: !!str yes
vfs_object_recycle: false
# ==============================

33
host_vars/file-fhxb.fhxb.netz.yml
View File

@ -161,39 +161,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$2aYNjVAaYCJ7KuKYMjX3o1$M7E8/NkOHJnmmVcx0zD27oYExIf2aEergJ1KBnVbn92
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

527
host_vars/file-fm.fm.netz.yml Normal file
View File

@ -0,0 +1,527 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1np0
# use only once per device (for the first device entry)
headline: eno1 - LAN
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.222.10
netmask: 24
gateway: 192.168.222.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 192.168.222.1
#search: blkr.netz
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.222.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.132.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.222.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- fm.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users
# ---
default_user:
- name: chris
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$UHsnOrOT5qXnAwrPCzB7A1$jnqz4CHvLEaIke3RxnresjAOS6NfcTxyDH/fbKnXTC/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
home: /home/localadmin
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
- name: borg
user_id: 1065
group_id: 1065
group: borg
home: /home/borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUvk8+UduCcBbQO1YxXSU8SaGIl8x+TBmIFmPb9JQu8 root@gw-fm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0ibOee8TvYlrEzKno5J6h3ZQs79i0wPElqYvQxAymK root@file-fm'
#extra_user:
#
# - name: borg
# user_id: 1065
# group_id: 1065
# group: borg
# home: /home/borg
# password: $y$j9T$SZty9T8ZWbnyHR2S85xaG.$GhxHOKG9fKErT9s5TAehXXyZJSkNaIcXY18Rg1iMyhC
# shell: /bin/bash
# ssh_keys:
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrNhcgNtZykTgzcwX/L1cL8qpSyQQy75M01UpjdSmA root@file-dissens'
# - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens'
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Daily Backup "
minute: "03"
hour: "00"
job: /root/crontab/backup-rborg2/rborg2.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/11"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/7"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: "*/13"
hour: "*"
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if systemd-resolved service is running. Restart service if needed."
minute: "*/17"
hour: "*"
job: /root/bin/monitoring/check_systemd_service.sh systemd-resolved
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_aliases:
- name: MAIN_USER
entry: 'sysadm'
sudoers_file_cmnd_aliases:
- name: REBOOT
entry: '/sbin/reboot'
- name: MANAGE_SERVICE
entry: '/usr/bin/systemctl'
sudoers_file_user_privileges:
- name: MAIN_USER
entry: ALL = REBOOT
- name: MAIN_USER
entry: ALL = MANAGE_SERVICE
# - name: julius
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: josephine
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: sebastian
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: julius-e
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/ntp.yml
# ---
local_ntp_service: true
ntp_server: gw-fm.fm.netz
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.222.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.222.10:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.222.0/24
- 10.0.222.0/24
- 10.1.222.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.222.10
samba_server_cidr_prefix: 24
samba_workgroup: FM
samba_netbios_name: FILE-FM
samba_server_min_protocol: !!str NT1
samba_groups:
- name: buero
group_id: 1100
- name: projekte
group_id: 1200
- name: verwaltung
group_id: 1300
samba_user:
- name: sysadm
groups:
- buero
- projekte
- verwaltung
password: 'k6-C5.X-/YGm'
- name: chris
groups:
- buero
- projekte
- verwaltung
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: agnieszka
groups:
- buero
password: '20%4gni_eszk4-25-'
- name: anja
groups:
- buero
- projekte
- verwaltung
password: '20-4nj4.m4y3r_25?'
- name: anna
groups:
- buero
- projekte
password: '20.4n.n4-25!'
- name: barbara
groups:
- buero
- projekte
- verwaltung
password: '20.b4rb4r4-25?'
- name: dominique
groups:
- buero
- projekte
- verwaltung
password: '20/do-m1-ni1que/25?'
- name: franziska
groups:
- buero
- projekte
- verwaltung
password: '20-fr4nzisk4.25%'
- name: karina
groups:
- buero
password: '20_k4-ri-n4/25.'
- name: linda
groups:
- buero
- projekte
password: '20-l1n-d4.25%'
- name: michael
groups:
- buero
password: '20.m1cha-3l/25/'
- name: stephanie
groups:
- buero
- projekte
- verwaltung
password: '20.st3pha-ni3_25%'
base_home: /data/home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
#remove_samba_users:
# - name: elenor.faellgrem
# - name: maiken.schiele
samba_shares:
- name: Buero
comment: Buero auf Fileserver
path: /data/samba/shares/Buero
group_valid_users: buero
group_write_list: buero
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Projekte
comment: Projekte auf Fileserver
path: /data/samba/shares/Projekte
group_valid_users: projekte
group_write_list: projekte
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Verwaltung
comment: Verwaltung auf Fileserver
path: /data/samba/shares/Verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

33
host_vars/file-kb.anw-kb.netz.yml
View File

@ -117,39 +117,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

118
host_vars/file-km.anw-km.netz.yml
View File

@ -181,59 +181,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$ypzdcD.iMXQGS4W1nCJvn1$pzQKmc6Y6rej4ZRBRGzAyHIyWHFhsUkTK2WYEi/a9s1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- localadmin
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
@ -332,7 +279,7 @@ samba_user:
- advoware
- alle
- kanzlei
password: ''
password: 'YKQRa.M9-6rL'
- name: aphex2
groups:
@ -438,16 +385,16 @@ samba_user:
- public
password: 'zHfj9g3NcC'
- name: gerhard
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'bHdhzWnTj9'
# - name: gerhard
# groups:
# - advoware
# - alle
# - aulmann
# - howe
# - stahmann
# - traine
# - public
# password: 'bHdhzWnTj9'
- name: ho-st1
groups:
@ -456,16 +403,17 @@ samba_user:
- stahmann
password: '44-Ro-440'
- name: howe-staff-1
groups:
- advoware
- alle
- aulmann
- howe
password: ''
# - name: howe-staff-1
# groups:
# - advoware
# - alle
# - aulmann
# - howe
# password: ''
- name: irina
groups:
- advoware
- alle
- aulmann
- howe
@ -476,6 +424,7 @@ samba_user:
- name: jessica
groups:
- advoware
- alle
- aulmann
- howe
@ -484,14 +433,14 @@ samba_user:
- public
password: 'bV3pjPtjkR'
- name: laura
groups:
- alle
- aulmann
- howe
- stahmann
- traine
password: '99-Hamburg-990'
# - name: laura
# groups:
# - alle
# - aulmann
# - howe
# - stahmann
# - traine
# password: '99-Hamburg-990'
- name: lenovo3
groups:
@ -606,11 +555,12 @@ samba_user:
base_home: /data/home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
remove_samba_users:
- name: howe-staff-1
- name: gerhard
- name: laura
#remove_samba_users: []
#remove_samba_users:
# - name: evren

200
host_vars/formbricks-nd.oopen.de.yml Normal file
View File

@ -0,0 +1,200 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 185.12.64.2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
extra_user:
- name: nd-admin
user_id: 1045
group_id: 1045
group: nd-admin
password: $y$j9T$1YJwHY0qdLimgtdOKlTxR1$/O9QWTpr0Y41TduR2GZ0FMCiIxFqOaXWSM9hmHRnv80
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTjd4XFBdF/V9VdSZjy9G7nupBwaMqsrtQSP4Uctkrz org@rdsgn.de'
sudo_users:
- chris
- sysadm
- nd-admin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

78
host_vars/ga-al-gw.oopen.de.yml
View File

@ -44,6 +44,7 @@ network_interfaces:
post-up:
# - VLAN 221 (Ubiquiti UniFi Accesspoints)
- /sbin/ip link add link eth2 name eth2.221 type vlan id 221
- /sbin/ip link add link eth2 name eth2.231 type vlan id 231
- device: eth2:ns
headline: eth2:ns - Alias on eth2 (Nameserver)
@ -81,7 +82,7 @@ network_interfaces:
- device: eth2.221
# use only once per device (for the first device entry)
headline: eth2 - VLAN 221 (Ubiquiti UniFi Accesspoints)
headline: eth2 - VLAN 221 (Ubiquiti UniFi Accesspoints Guest NET)
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -99,6 +100,14 @@ network_interfaces:
mtu:
scope:
- device: eth2.231
headline: eth2 - VLAN 231 (Ubiquiti UniFi Accesspoints private NET)
auto: true
family: inet
method: static
address: 10.231.15.254
netmask: 20
# additional user by dhcp method
#
hostname:
@ -175,6 +184,9 @@ network_interfaces:
# User Networks Stockhausen
- /sbin/ip route add 192.168.11.0/24 via 172.16.111.254
- /sbin/ip route add 192.168.78.0/24 via 172.16.111.254
# User Networks Campus
#- /sbin/ip route add 192.168.72.0/24 via 172.16.111.254
#- /sbin/ip route add 192.168.73.0/24 via 172.16.111.254
# User Network Novalishaus
- /sbin/ip route add 192.168.81.0/24 via 172.16.111.254
# Management Network Stockhausen
@ -183,12 +195,20 @@ network_interfaces:
- /sbin/ip route add 10.10.9.0/24 via 172.16.111.254
# IPMI Stockhausen
- /sbin/ip route add 10.11.11.0/24 via 172.16.111.254
# WLAN Gast Novalishaus
- /sbin/ip route add 10.21.0.0/20 via 172.16.111.254
# WLAN privat Novalishaus
- /sbin/ip route add 10.31.0.0/20 via 172.16.111.254
# Management Netork Campus
#- /sbin/ip route add 10.72.1.0/24 via 172.16.111.254
# WLan Router Stockhausen
- /sbin/ip route add 10.112.1.0/24 via 172.16.111.254
# WLan Netz
- /sbin/ip route add 10.113.0.0/16 via 172.16.111.254
# Unifi WLan Netz Stockhausen
# Unifi WLan Netz Stockhausen Gast
- /sbin/ip route add 10.121.0.0/20 via 172.16.111.254
# Unifi WLan Netz Stockhausen privat
- /sbin/ip route add 10.131.0.0/20 via 172.16.111.254
# Richtfunkantennen Stockhausen (2) / Schlechtenwegen / Kirschbaumhaus
- /sbin/ip route add 10.10.111.0/24 via 172.16.111.254
# VPN Netz Stockhausen - Novalishaus (Schlechtenwegen)
@ -353,60 +373,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: maadmin
password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- maadmin
- wadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

394
host_vars/ga-campus-gw-temp.ga.netz.yml Normal file
View File

@ -0,0 +1,394 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1
headline: eno1 - Uplink DSL via (static) line to Fritz!Box 7490
auto: true
family: inet
method: static
address: 172.16.72.1
netmask: 24
gateway: 172.16.72.254
#nameservers:
# - 192.168.81.1
# - 172.16.81.254
#search: ga.netz ga.intra
- device: eno2
headline: eno2 - Uplink Lehrer-und Schülerdatenbank (LUSD)
auto: true
family: inet
method: static
address: 192.168.100.254
netmask: 24
post-up:
# Traffic zur ehrer-und Schülerdatenbank (LUSD)
- /sbin/ip route add 10.9.131.0/24 via 192.168.100.253
- device: eno3
family: inet
method: manual
post-up:
# VLAN 10 LAN 1 Campus
- /sbin/ip link add link eno3 name eno3.10 type vlan id 10
- device: eno3:ns
headline: eno3:ns - Alias on eno3 (Nameserver)
auto: true
family: inet
method: static
address: 192.168.72.1
netmask: 32
- device: eno3.10
headline: eno3.10 - LAN 1 Campus - network 192.168.72.0/24
auto: true
family: inet
method: static
address: 192.168.72.254
netmask: 24
pre-up:
- /sbin/ifconfig eno3 up
- device: eno4
family: inet
method: manual
post-up:
# VLAN 20 - LAN 2 Campus including UniFi Accesspoints
- /sbin/ip link add link eno4 name eno4.20 type vlan id 20
- device: eno4.20
headline: eno4.20 - LAN 2 Campus - network 192.168.73.0/24
auto: true
family: inet
method: static
address: 192.168.73.254
netmask: 24
pre-up:
- /sbin/ifconfig eno4 up
- device: eno6
headline: eno6 - Management Network Campus - network 10.72.1.0/24
auto: true
family: inet
method: static
address: 10.72.1.254
netmask: 24
- device: eno7
headline: eno7 - network 192.168.11.0/24 (LAN Stockhausen)
auto: true
family: inet
method: static
address: 192.168.11.72/24
gateway: 192.168.11.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- campus.netz
- campus.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: maadmin
password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- maadmin
- wadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3
- '# Nameserver Gateway Altenschlirf'
- 192.168.10.1
- '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1
- '# Nameserver Gateway Novalishaus'
- 192.168.81.1
- 10.2.11.2
- '# Nameserver wolle'
- 10.113.12.3
- '# Postfix Mailserver'
- 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- none
bind9_transfer_source: !!str "192.168.81.1"
bind9_notify_source: !!str "192.168.81.1"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

22
host_vars/ga-nh-gw.oopen.de.yml
View File

@ -51,6 +51,28 @@ network_interfaces:
method: static
address: 192.168.81.254
netmask: 24
post-up:
# VLAN 321 - for Ubiquiti UniFi Accesspoints Guest NET
- /sbin/ip link add link eno5 name eno5.21 type vlan id 21
# VLAN 331 - for Ubiquiti UniFi Accesspoints private NET
- /sbin/ip link add link eno5 name eno5.31 type vlan id 31
- device: eno5.21
headline: eno5 - VLAN 321 (Ubiquiti UniFi Accesspoints Guest NET)
auto: true
family: inet
method: static
address: 10.21.15.254
netmask: 20
- device: eno5.31
headline: eno5 - VLAN 331 (Ubiquiti UniFi Accesspoints private NET)
auto: true
family: inet
method: static
address: 10.31.15.254
netmask: 20
- device: eno5:ns

591
host_vars/ga-st-gw-neu.ga.netz.yml.00 Normal file
View File

@ -0,0 +1,591 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1np0
headline: eno1np0 - Temporary LAN network
auto: true
family: inet
method: static
address: 192.168.11.18
netmask: 24
- device: enp129s0f2
headline: enp129s0f2 - Uplink static line (radio) to Altenschlirf
auto: true
family: inet
method: static
address: 172.16.111.254
netmask: 24
up:
# - For management Antennas
- /sbin/ip link add link enp129s0f2 name enp129s0f2.111 type vlan id 111
post-up:
# - Static routes to Altenschlirf (Router Ip-Address Altenschlirf: 172.16.111.253)
# -
# - Telefon Altenshlirf
- /sbin/ip route add 172.16.210.0/24 via 172.16.111.253
# User Network Altenshlirf
- /sbin/ip route add 192.168.10.0/24 via 172.16.111.253
# Management Network Altenschlirf
- /sbin/ip route add 10.10.10.0/24 via 172.16.111.253
# WLan Router (Accesspoints) Altenshlirf
- /sbin/ip route add 10.122.1.0/24 via 172.16.111.253
# # WLan Networks Altenshlirf
- /sbin/ip route add 10.123.0.0/16 via 172.16.111.253
# DSL via Fritzbox Altenschlirf
- /sbin/ip route add 172.16.10.0/24 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf guest NET (Unifi routet Network)
- /sbin/ip route add 10.221.0.0/20 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf private NET (Unifi routet Network)
- /sbin/ip route add 10.231.0.0/20 via 172.16.111.253
# VPN home Network Altenschlirf
#
- /sbin/ip route add 10.0.10.0/24 via 172.16.111.253
# VPN 'gw-ckubu' Network Altenschlirf
#
- /sbin/ip route add 10.1.10.0/24 via 172.16.111.253
# private networks 'ckubu'
#
# connections from private ckubu networks ist routed through VPN Altenschlirf (gw-ckubu),
# so we route them back to that gateway..
- /sbin/ip route add 192.168.63.0/24 via 172.16.111.253
- /sbin/ip route add 192.168.64.0/24 via 172.16.111.253
- device: enp129s0f2.111
headline: enp129s0f2.111 - network 10.10.111.0 (management antennas)
auto: true
family: inet
method: static
address: 10.10.111.254
netmask: 24
- device: enp1s0f0
headline: enp1s0f0 - holds VLAN 211 device for Network Telefons Stockhausen
auto: false
family: inet
method: manual
up:
- /sbin/ip link add link enp1s0f0 name enp1s0f0.211 type vlan id 211
- device: enp1s0f0.211
headline: enp1s0f0.211 - Network Telefons Stockhausen
auto: true
family: inet
method: static
# Note:
# !! 172.16.211.254 is reserved for LANCom Router (DSL line teleefon).
# This LANCom Router IS NOT pngable !!
address: 172.16.211.1
netmask: 24
pre-up:
- /sbin/ifconfig enp1s0f0 up
- device: enp1s0f2
headline: enp1s0f2 - Uplink DSL surf2 via (static) line to Fritz!Box 7490 (formaly Zyxel 6501)
auto: true
family: inet
method: static
address: 172.16.11.1
netmask: 24
gateway: 172.16.11.254
- device: enp1s0f3
headline: enp1s0f3 - Uplink DSL surf3 via (static) line to Fritz!Box 7490
auto: true
family: inet
method: static
address: 172.16.13.1
netmask: 24
gateway: 172.16.13.254
- device: enp1s0f1
headline: enp1s0f1 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver)
auto: true
family: inet
method: static
address: 172.16.12.1
netmask: 24
gateway: 172.16.12.254
# ----------
# Note: Install the 'ifenslave' package, necessary to enable bonding:
#
# apt-get install ifenslave
# ----------
- device: bond0
headline: bond0 - LAG (Link Aggregation) on devices enp129s0f0 and enp194s0f0
auto: true
family: inet
method: static
address: 10.1.9.254
netmask: 24
bond:
slaves: enp129s0f0 enp194s0f0
# Mode 4 (802.3ad)
#
# also possible here:
# - Mode 5: balance-tlb
# - Mode 6: balance-alb
mode: 4
miimon: 100
lacp-rate: 1
ad-select: count
downdelay: 200
updelay: 200
post-up:
# VLAN 11 for management network Stockhausen/Schloss 10.10.11.0/24
- /sbin/ip link add link bond0 name bond0.11 type vlan id 11
# VLAN 78 for network Georgshaus 192.168.78.0/24
- /sbin/ip link add link bond0 name bond0.78 type vlan id 78
- device: bond0.11
headline: bond0.11 - VLAN 11 on interface bond0 (Management Network Stockhausen)
auto: true
family: inet
method: static
address: 10.10.11.254
netmask: 24
- device: bond0.78
headline: bond0.78 - VLAN 78 on interface bond0 (Georgshaus ?)
auto: true
family: inet
method: static
address: 192.168.78.254
netmask: 24
# ----------
# Note: Install the 'ifenslave' package, necessary to enable bonding:
#
# apt-get install ifenslave
# ----------
- device: bond1
headline: bond1 - LAG (Link Aggregation) on devices enp129s0f1 and enp194s0f1 - Main Network Stockhausen
auto: true
family: inet
method: static
address: 192.168.11.254
netmask: 24
nameservers:
- 192.168.11.1
- 192.168.10.3
search: ga.netz ga.intra
bond:
slaves: enp129s0f1 enp194s0f1
# Mode 4 (802.3ad)
#
# also possible here:
# - Mode 5: balance-tlb
# - Mode 6: balance-alb
mode: 4
miimon: 100
lacp-rate: 1
ad-select: count
downdelay: 200
updelay: 200
post-up:
# VLAN 121 - for Ubiquiti UniFi Accesspoints
- /sbin/ip link add link bond1 name bond1.121 type vlan id 121
# VLAN 121 - for Ubiquiti UniFi Accesspoints Guests
- /sbin/ip link add link bond1 name bond1.131 type vlan id 131
# Route ???
- /sbin/ip route add 10.11.16.0/24 via 192.168.11.6
# Route to management network campus
- /sbin/ip route add 10.72.1.0/24 via 192.168.11.72
# Route to LAN campus
- /sbin/ip route add 192.168.72.0/24 via 192.168.11.72
# Route to WLAN campus
- /sbin/ip route add 192.168.73.0/24 via 192.168.11.72
- device: bond1.121
headline: bond1.121 - VLAN 121 on interface bond1 for Ubiquiti UniFi Accesspoints Guest NET
auto: true
family: inet
method: static
address: 10.121.15.254
netmask: 20
- device: bond1.131
headline: bond1.131 - VLAN 131 on interface bond1 for Ubiquiti UniFi Accesspoints private NET
auto: true
family: inet
method: static
address: 10.131.15.254
netmask: 20
- device: bond1:ns
headline: bond1:ns - Alias IP on bond1 device for Nameservice
auto: true
family: inet
method: static
address: 192.168.11.1
netmask: 32
- device: bond1:1
headline: bond1:1 - Alias IP on bond1 device for (depricated) Management Network
auto: true
family: inet
method: static
address: 10.10.9.254
netmask: 24
- device: bond1:ap
headline: bond1:ap - Alias IP on bond1 device for Network Accesspoints
auto: true
family: inet
method: static
address: 10.112.1.254
netmask: 24
post-up:
# - Wireless Networks routed through appropriate Accesspoints
# -
- /sbin/ip route add 10.113.1.0/24 via 10.112.1.1
- /sbin/ip route add 10.113.2.0/24 via 10.112.1.2
- /sbin/ip route add 10.113.3.0/24 via 10.112.1.3
- /sbin/ip route add 10.113.4.0/24 via 10.112.1.4
- /sbin/ip route add 10.113.5.0/24 via 10.112.1.5
- /sbin/ip route add 10.113.6.0/24 via 10.112.1.6
- /sbin/ip route add 10.113.7.0/24 via 10.112.1.7
- /sbin/ip route add 10.113.8.0/24 via 10.112.1.8
- /sbin/ip route add 10.113.9.0/24 via 10.112.1.9
- /sbin/ip route add 10.113.10.0/24 via 10.112.1.10
- /sbin/ip route add 10.113.11.0/24 via 10.112.1.11
- /sbin/ip route add 10.113.12.0/24 via 10.112.1.12
- /sbin/ip route add 10.113.13.0/24 via 10.112.1.13
- /sbin/ip route add 10.113.14.0/24 via 10.112.1.14
- /sbin/ip route add 10.113.15.0/24 via 10.112.1.15
- device: bond1:ipmi
headline: bond1:ipmi - Alias IP on bond1 for IPMI Addresses Servr Stockhausen
auto: true
family: inet
method: static
address: 10.11.11.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- ga.netz
- ga.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 192.168.10.1
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: maadmin
password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- maadmin
- wadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3
- '# Nameserver Gateway Altenschlirf'
- 192.168.10.1
- '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1
- '# Nameserver Gateway Novalishaus'
- 192.168.81.1
- 10.2.11.2
- '# Nameserver wolle'
- 10.113.12.3
- '# Postfix Mailserver'
- 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- internaldns
bind9_transfer_source: !!str "192.168.11.1"
bind9_notify_source: !!str "192.168.11.1"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

592
host_vars/ga-st-gw-neu.ga.netz.yml.01 Normal file
View File

@ -0,0 +1,592 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: lan0
headline: lan0 - Temporary LAN network
auto: false
family: inet
method: static
address: 192.168.11.18
gateway: 192.168.11.254
netmask: 24
- device: lan4
headline: lan4 - Uplink static line (radio) to Altenschlirf
auto: true
family: inet
method: static
address: 172.16.111.254
netmask: 24
up:
# - For management Antennas
- /sbin/ip link add link lan4 name lan4.111 type vlan id 111
post-up:
# - Static routes to Altenschlirf (Router Ip-Address Altenschlirf: 172.16.111.253)
# -
# - Telefon Altenshlirf
- /sbin/ip route add 172.16.210.0/24 via 172.16.111.253
# User Network Altenshlirf
- /sbin/ip route add 192.168.10.0/24 via 172.16.111.253
# Management Network Altenschlirf
- /sbin/ip route add 10.10.10.0/24 via 172.16.111.253
# WLan Router (Accesspoints) Altenshlirf
- /sbin/ip route add 10.122.1.0/24 via 172.16.111.253
# # WLan Networks Altenshlirf
- /sbin/ip route add 10.123.0.0/16 via 172.16.111.253
# DSL via Fritzbox Altenschlirf
- /sbin/ip route add 172.16.10.0/24 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf guest NET (Unifi routet Network)
- /sbin/ip route add 10.221.0.0/20 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf private NET (Unifi routet Network)
- /sbin/ip route add 10.231.0.0/20 via 172.16.111.253
# VPN home Network Altenschlirf
#
- /sbin/ip route add 10.0.10.0/24 via 172.16.111.253
# VPN 'gw-ckubu' Network Altenschlirf
#
- /sbin/ip route add 10.1.10.0/24 via 172.16.111.253
# private networks 'ckubu'
#
# connections from private ckubu networks ist routed through VPN Altenschlirf (gw-ckubu),
# so we route them back to that gateway..
- /sbin/ip route add 192.168.63.0/24 via 172.16.111.253
- /sbin/ip route add 192.168.64.0/24 via 172.16.111.253
- device: lan4.111
headline: lan4.111 - network 10.10.111.0 (management antennas)
auto: true
family: inet
method: static
address: 10.10.111.254
netmask: 24
- device: lan6
headline: lan6 - holds VLAN 211 device for Network Telefons Stockhausen
auto: false
family: inet
method: manual
up:
- /sbin/ip link add link lan6 name lan6.211 type vlan id 211
- device: lan6.211
headline: lan6.211 - Network Telefons Stockhausen
auto: true
family: inet
method: static
# Note:
# !! 172.16.211.254 is reserved for LANCom Router (DSL line teleefon).
# This LANCom Router IS NOT pngable !!
address: 172.16.211.1
netmask: 24
pre-up:
- /sbin/ifconfig lan6 up
- device: lan8
headline: lan8 - Uplink DSL surf2 via (static) line to Fritz!Box 7490 (formaly Zyxel 6501)
auto: true
family: inet
method: static
address: 172.16.11.1
netmask: 24
gateway: 172.16.11.254
- device: lan9
headline: lan9 - Uplink DSL surf3 via (static) line to Fritz!Box 7490
auto: true
family: inet
method: static
address: 172.16.13.1
netmask: 24
gateway: 172.16.13.254
- device: lan7
headline: lan7 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver)
auto: true
family: inet
method: static
address: 172.16.12.1
netmask: 24
gateway: 172.16.12.254
# ----------
# Note: Install the 'ifenslave' package, necessary to enable bonding:
#
# apt-get install ifenslave
# ----------
- device: bond0
headline: bond0 - LAG (Link Aggregation) on devices lan2 and lan10
auto: true
family: inet
method: static
address: 10.1.9.254
netmask: 24
bond:
slaves: lan2 lan10
# Mode 4 (802.3ad)
#
# also possible here:
# - Mode 5: balance-tlb
# - Mode 6: balance-alb
mode: 4
miimon: 100
lacp-rate: 1
ad-select: count
downdelay: 200
updelay: 200
post-up:
# VLAN 11 for management network Stockhausen/Schloss 10.10.11.0/24
- /sbin/ip link add link bond0 name bond0.11 type vlan id 11
# VLAN 78 for network Georgshaus 192.168.78.0/24
- /sbin/ip link add link bond0 name bond0.78 type vlan id 78
- device: bond0.11
headline: bond0.11 - VLAN 11 on interface bond0 (Management Network Stockhausen)
auto: true
family: inet
method: static
address: 10.10.11.254
netmask: 24
- device: bond0.78
headline: bond0.78 - VLAN 78 on interface bond0 (Georgshaus ?)
auto: true
family: inet
method: static
address: 192.168.78.254
netmask: 24
# ----------
# Note: Install the 'ifenslave' package, necessary to enable bonding:
#
# apt-get install ifenslave
# ----------
- device: bond1
headline: bond1 - LAG (Link Aggregation) on devices lan3 and lan11 - Main Network Stockhausen
auto: true
family: inet
method: static
address: 192.168.11.254
netmask: 24
nameservers:
- 192.168.11.1
- 192.168.10.3
search: ga.netz ga.intra
bond:
slaves: lan3 lan11
# Mode 4 (802.3ad)
#
# also possible here:
# - Mode 5: balance-tlb
# - Mode 6: balance-alb
mode: 4
miimon: 100
lacp-rate: 1
ad-select: count
downdelay: 200
updelay: 200
post-up:
# VLAN 121 - for Ubiquiti UniFi Accesspoints
- /sbin/ip link add link bond1 name bond1.121 type vlan id 121
# VLAN 121 - for Ubiquiti UniFi Accesspoints Guests
- /sbin/ip link add link bond1 name bond1.131 type vlan id 131
# Route ???
- /sbin/ip route add 10.11.16.0/24 via 192.168.11.6
# Route to management network campus
- /sbin/ip route add 10.72.1.0/24 via 192.168.11.72
# Route to LAN campus
- /sbin/ip route add 192.168.72.0/24 via 192.168.11.72
# Route to WLAN campus
- /sbin/ip route add 192.168.73.0/24 via 192.168.11.72
- device: bond1.121
headline: bond1.121 - VLAN 121 on interface bond1 for Ubiquiti UniFi Accesspoints Guest NET
auto: true
family: inet
method: static
address: 10.121.15.254
netmask: 20
- device: bond1.131
headline: bond1.131 - VLAN 131 on interface bond1 for Ubiquiti UniFi Accesspoints private NET
auto: true
family: inet
method: static
address: 10.131.15.254
netmask: 20
- device: bond1:ns
headline: bond1:ns - Alias IP on bond1 device for Nameservice
auto: true
family: inet
method: static
address: 192.168.11.1
netmask: 32
- device: bond1:1
headline: bond1:1 - Alias IP on bond1 device for (depricated) Management Network
auto: true
family: inet
method: static
address: 10.10.9.254
netmask: 24
- device: bond1:ap
headline: bond1:ap - Alias IP on bond1 device for Network Accesspoints
auto: true
family: inet
method: static
address: 10.112.1.254
netmask: 24
post-up:
# - Wireless Networks routed through appropriate Accesspoints
# -
- /sbin/ip route add 10.113.1.0/24 via 10.112.1.1
- /sbin/ip route add 10.113.2.0/24 via 10.112.1.2
- /sbin/ip route add 10.113.3.0/24 via 10.112.1.3
- /sbin/ip route add 10.113.4.0/24 via 10.112.1.4
- /sbin/ip route add 10.113.5.0/24 via 10.112.1.5
- /sbin/ip route add 10.113.6.0/24 via 10.112.1.6
- /sbin/ip route add 10.113.7.0/24 via 10.112.1.7
- /sbin/ip route add 10.113.8.0/24 via 10.112.1.8
- /sbin/ip route add 10.113.9.0/24 via 10.112.1.9
- /sbin/ip route add 10.113.10.0/24 via 10.112.1.10
- /sbin/ip route add 10.113.11.0/24 via 10.112.1.11
- /sbin/ip route add 10.113.12.0/24 via 10.112.1.12
- /sbin/ip route add 10.113.13.0/24 via 10.112.1.13
- /sbin/ip route add 10.113.14.0/24 via 10.112.1.14
- /sbin/ip route add 10.113.15.0/24 via 10.112.1.15
- device: bond1:ipmi
headline: bond1:ipmi - Alias IP on bond1 for IPMI Addresses Servr Stockhausen
auto: true
family: inet
method: static
address: 10.11.11.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- ga.netz
- ga.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 192.168.10.1
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: maadmin
password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- maadmin
- wadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3
- '# Nameserver Gateway Altenschlirf'
- 192.168.10.1
- '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1
- '# Nameserver Gateway Novalishaus'
- 192.168.81.1
- 10.2.11.2
- '# Nameserver wolle'
- 10.113.12.3
- '# Postfix Mailserver'
- 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- internaldns
bind9_transfer_source: !!str "192.168.11.1"
bind9_notify_source: !!str "192.168.11.1"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

125
host_vars/ga-st-gw.ga.netz.yml
View File

@ -20,8 +20,17 @@ network_interface_required_packages:
network_interfaces:
- device: eth2
headline: eth2 - Uplink static line (radio) to Altenschlirf
- device: lan0
headline: lan0 - Temporary LAN network
auto: false
family: inet
method: static
address: 192.168.11.18
#gateway: 192.168.11.254
netmask: 24
- device: lan4
headline: lan4 - Uplink static line (radio) to Altenschlirf
auto: true
family: inet
method: static
@ -29,7 +38,7 @@ network_interfaces:
netmask: 24
up:
# - For management Antennas
- /sbin/ip link add link eth2 name eth2.111 type vlan id 111
- /sbin/ip link add link lan4 name lan4.111 type vlan id 111
post-up:
# - Static routes to Altenschlirf (Router Ip-Address Altenschlirf: 172.16.111.253)
# -
@ -45,11 +54,16 @@ network_interfaces:
- /sbin/ip route add 10.123.0.0/16 via 172.16.111.253
# DSL via Fritzbox Altenschlirf
- /sbin/ip route add 172.16.10.0/24 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf (Unifi routet Network)
# - WLAN Gemeinschaft Altenschlirf guest NET (Unifi routet Network)
- /sbin/ip route add 10.221.0.0/20 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf private NET (Unifi routet Network)
- /sbin/ip route add 10.231.0.0/20 via 172.16.111.253
# VPN home Network Altenschlirf
#
- /sbin/ip route add 10.0.10.0/24 via 172.16.111.253
# VPN 'gw-ckubu' Network Altenschlirf
#
- /sbin/ip route add 10.1.10.0/24 via 172.16.111.253
# private networks 'ckubu'
#
# connections from private ckubu networks ist routed through VPN Altenschlirf (gw-ckubu),
@ -58,8 +72,8 @@ network_interfaces:
- /sbin/ip route add 192.168.64.0/24 via 172.16.111.253
- device: eth2.111
headline: eth2.111 - network 10.10.111.0 (management antennas)
- device: lan4.111
headline: lan4.111 - network 10.10.111.0 (management antennas)
auto: true
family: inet
method: static
@ -67,17 +81,17 @@ network_interfaces:
netmask: 24
- device: eth8
headline: eth8 - holds VLAN 211 device for Network Telefons Stockhausen
- device: lan6
headline: lan6 - holds VLAN 211 device for Network Telefons Stockhausen
auto: false
family: inet
method: manual
up:
- /sbin/ip link add link eth8 name eth8.211 type vlan id 211
- /sbin/ip link add link lan6 name lan6.211 type vlan id 211
- device: eth8.211
headline: eth8.211 - Network Telefons Stockhausen
- device: lan6.211
headline: lan6.211 - Network Telefons Stockhausen
auto: true
family: inet
method: static
@ -87,11 +101,11 @@ network_interfaces:
address: 172.16.211.1
netmask: 24
pre-up:
- /sbin/ifconfig eth8 up
- /sbin/ifconfig lan6 up
- device: eth9
headline: eth9 - Uplink DSL surf2 via (static) line to Fritz!Box 7490 (formaly Zyxel 6501)
- device: lan8
headline: lan8 - Uplink DSL surf2 via (static) line to Fritz!Box 7490 (formaly Zyxel 6501)
auto: true
family: inet
method: static
@ -100,8 +114,8 @@ network_interfaces:
gateway: 172.16.11.254
- device: eth10
headline: eth10 - Uplink DSL surf3 via (static) line to Fritz!Box 7490
- device: lan9
headline: lan9 - Uplink DSL surf3 via (static) line to Fritz!Box 7490
auto: true
family: inet
method: static
@ -110,8 +124,8 @@ network_interfaces:
gateway: 172.16.13.254
- device: eth11
headline: eth11 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver)
- device: lan7
headline: lan7 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver)
auto: true
family: inet
method: static
@ -126,14 +140,14 @@ network_interfaces:
# apt-get install ifenslave
# ----------
- device: bond0
headline: bond0 - LAG (Link Aggregation) on devices eth0 and eth4
headline: bond0 - LAG (Link Aggregation) on devices lan2 and lan10
auto: true
family: inet
method: static
address: 10.1.9.254
netmask: 24
bond:
slaves: eth0 eth4
slaves: lan2 lan10
# Mode 4 (802.3ad)
#
# also possible here:
@ -175,8 +189,8 @@ network_interfaces:
#
# apt-get install ifenslave
# ----------
- device: bond1
headline: bond1 - LAG (Link Aggregation) on devices eth1 and eth5 - Main Network Stockhausen
- device: sfp0
headline: sfp0 - Main Network Stockhausen
auto: true
family: inet
method: static
@ -186,28 +200,36 @@ network_interfaces:
- 192.168.11.1
- 192.168.10.3
search: ga.netz ga.intra
bond:
slaves: eth1 eth5
# Mode 4 (802.3ad)
#
# also possible here:
# - Mode 5: balance-tlb
# - Mode 6: balance-alb
mode: 4
miimon: 100
lacp-rate: 1
ad-select: count
downdelay: 200
updelay: 200
#bond:
# slaves: lan3 lan11
# # Mode 4 (802.3ad)
# #
# # also possible here:
# # - Mode 5: balance-tlb
# # - Mode 6: balance-alb
# mode: 4
# miimon: 100
# lacp-rate: 1
# ad-select: count
# downdelay: 200
# updelay: 200
post-up:
# VLAN 121 - for Ubiquiti UniFi Accesspoints)
- /sbin/ip link add link bond1 name bond1.121 type vlan id 121
# VLAN 121 - for Ubiquiti UniFi Accesspoints
- /sbin/ip link add link sfp0 name sfp0.121 type vlan id 121
# VLAN 121 - for Ubiquiti UniFi Accesspoints Guests
- /sbin/ip link add link sfp0 name sfp0.131 type vlan id 131
# Route ???
- /sbin/ip route add 10.11.16.0/24 via 192.168.11.6
# Route to management network campus
- /sbin/ip route add 10.72.1.0/24 via 192.168.11.72
# Route to LAN campus
- /sbin/ip route add 192.168.72.0/24 via 192.168.11.72
# Route to WLAN campus
- /sbin/ip route add 192.168.73.0/24 via 192.168.11.72
- device: bond1.121
headline: bond1.121 - VLAN 121 on interface bond1 for Ubiquiti UniFi Accesspoints
- device: sfp0.121
headline: sfp0.121 - VLAN 121 on interface sfp0 for Ubiquiti UniFi Accesspoints Guest NET
auto: true
family: inet
method: static
@ -215,8 +237,17 @@ network_interfaces:
netmask: 20
- device: bond1:ns
headline: bond1:ns - Alias IP on bond1 device for Nameservice
- device: sfp0.131
headline: sfp0.131 - VLAN 131 on interface sfp0 for Ubiquiti UniFi Accesspoints private NET
auto: true
family: inet
method: static
address: 10.131.15.254
netmask: 20
- device: sfp0:ns
headline: sfp0:ns - Alias IP on sfp0 device for Nameservice
auto: true
family: inet
method: static
@ -224,8 +255,8 @@ network_interfaces:
netmask: 32
- device: bond1:1
headline: bond1:1 - Alias IP on bond1 device for (depricated) Management Network
- device: sfp0:1
headline: sfp0:1 - Alias IP on sfp0 device for (depricated) Management Network
auto: true
family: inet
method: static
@ -233,8 +264,8 @@ network_interfaces:
netmask: 24
- device: bond1:ap
headline: bond1:ap - Alias IP on bond1 device for Network Accesspoints
- device: sfp0:ap
headline: sfp0:ap - Alias IP on sfp0 device for Network Accesspoints
auto: true
family: inet
method: static
@ -260,8 +291,8 @@ network_interfaces:
- /sbin/ip route add 10.113.15.0/24 via 10.112.1.15
- device: bond1:ipmi
headline: bond1:ipmi - Alias IP on bond1 for IPMI Addresses Servr Stockhausen
- device: sfp0:ipmi
headline: sfp0:ipmi - Alias IP on sfp0 for IPMI Addresses Servr Stockhausen
auto: true
family: inet
method: static

48
host_vars/ga-st-gw.oopen.de.yml → host_vars/ga-st-gw.ga.netz.yml.00
View File

@ -45,11 +45,16 @@ network_interfaces:
- /sbin/ip route add 10.123.0.0/16 via 172.16.111.253
# DSL via Fritzbox Altenschlirf
- /sbin/ip route add 172.16.10.0/24 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf (Unifi routet Network)
# - WLAN Gemeinschaft Altenschlirf guest NET (Unifi routet Network)
- /sbin/ip route add 10.221.0.0/20 via 172.16.111.253
# - WLAN Gemeinschaft Altenschlirf private NET (Unifi routet Network)
- /sbin/ip route add 10.231.0.0/20 via 172.16.111.253
# VPN home Network Altenschlirf
#
- /sbin/ip route add 10.0.10.0/24 via 172.16.111.253
# VPN 'gw-ckubu' Network Altenschlirf
#
- /sbin/ip route add 10.1.10.0/24 via 172.16.111.253
# private networks 'ckubu'
#
# connections from private ckubu networks ist routed through VPN Altenschlirf (gw-ckubu),
@ -176,7 +181,7 @@ network_interfaces:
# apt-get install ifenslave
# ----------
- device: bond1
headline: bond1 - LAG (Link Aggregation) on devices eth1 and eth5 - Main Network Stockhausen
headline: bond1 - LAG (Link Aggregation) on devices eth3 and eth5 - Main Network Stockhausen
auto: true
family: inet
method: static
@ -187,7 +192,7 @@ network_interfaces:
- 192.168.10.3
search: ga.netz ga.intra
bond:
slaves: eth1 eth5
slaves: eth3 eth5
# Mode 4 (802.3ad)
#
# also possible here:
@ -200,14 +205,22 @@ network_interfaces:
downdelay: 200
updelay: 200
post-up:
# VLAN 121 - for Ubiquiti UniFi Accesspoints)
# VLAN 121 - for Ubiquiti UniFi Accesspoints
- /sbin/ip link add link bond1 name bond1.121 type vlan id 121
# VLAN 121 - for Ubiquiti UniFi Accesspoints Guests
- /sbin/ip link add link bond1 name bond1.131 type vlan id 131
# Route ???
- /sbin/ip route add 10.11.16.0/24 via 192.168.11.6
# Route to management network campus
- /sbin/ip route add 10.72.1.0/24 via 192.168.11.72
# Route to LAN campus
- /sbin/ip route add 192.168.72.0/24 via 192.168.11.72
# Route to WLAN campus
- /sbin/ip route add 192.168.73.0/24 via 192.168.11.72
- device: bond1.121
headline: bond1.121 - VLAN 121 on interface bond1 for Ubiquiti UniFi Accesspoints
headline: bond1.121 - VLAN 121 on interface bond1 for Ubiquiti UniFi Accesspoints Guest NET
auto: true
family: inet
method: static
@ -215,6 +228,15 @@ network_interfaces:
netmask: 20
- device: bond1.131
headline: bond1.131 - VLAN 131 on interface bond1 for Ubiquiti UniFi Accesspoints private NET
auto: true
family: inet
method: static
address: 10.131.15.254
netmask: 20
- device: bond1:ns
headline: bond1:ns - Alias IP on bond1 device for Nameservice
auto: true
@ -365,6 +387,18 @@ resolved_fallback_nameserver:
- 192.168.10.1
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
@ -388,8 +422,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
@ -441,8 +473,8 @@ default_user:
sudo_users:
- chris
- sysadm
- wadmin
- maadmin
- wadmin
# ---

215
host_vars/ga-st-mm.ga.netz.yml Normal file
View File

@ -0,0 +1,215 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
install_compiler_pkgs: true
install_postgresql_pkgs: true
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.11.1
- 192.168.10.3
- 192.168.10.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- ga.netz
- ga.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 192.168.11.3
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: id-rsa-dehydrated
priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated
priv_key_dest: /root/.ssh/id_rsa-dehydrated
pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-dehydrated.pub
pub_key_dest: /root/.ssh/id_rsa-dehydrated.pub
- name: id-rsa-opendkim
priv_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim
priv_key_dest: /root/.ssh/id_rsa-opendkim
pub_key_src: ga-st-mail/root/.ssh/ga-st-mail-id_rsa-opendkim.pub
pub_key_dest: /root/.ssh/id_rsa-opendkim.pub
default_user:
- name: chris
password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: maadmin
password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- maadmin
- wadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
# ---
# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml
# ---

53
host_vars/gw-ah.oopen.de.yml
View File

@ -140,59 +140,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$1X6iXiYz2fIQcfKWSSzno1$9Uos8SGn/8V3oHWwiR6kaRPfUuIrxKP8kRNUZ1.da3/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- localadmin
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---

70
host_vars/gw-akb.oopen.de.yml
View File

@ -26,14 +26,14 @@ copy_additional_plain_files_sysctl:
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_hostkeyalgorithms:
- ssh-ed25519
- ssh-ed25519-cert-v01@openssh.com
- rsa-sha2-256
- rsa-sha2-512
- ecdsa-sha2-nistp256
- rsa-sha2-256-cert-v01@openssh.com
- rsa-sha2-512-cert-v01@openssh.com
#sshd_hostkeyalgorithms:
# - ssh-ed25519
# - ssh-ed25519-cert-v01@openssh.com
# - rsa-sha2-256
# - rsa-sha2-512
# - ecdsa-sha2-nistp256
# - rsa-sha2-256-cert-v01@openssh.com
# - rsa-sha2-512-cert-v01@openssh.com
# ---
@ -128,60 +128,6 @@ cron_user_special_time_entries:
# ---
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$K/AHoqM8bynaxxgb6l3a41$my3J.c2hXYxkHgQviZZww5OP6ZgaaPsNscKPRSRT5E5
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$d5p0SWRwuW2CDvpMdtFcQ0$fKsGolV/38OZzTDRq00wjrbw3MfnJkUAWMreb3xNgT2
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$K/AHoqM8bynaxxgb6l3a41$my3J.c2hXYxkHgQviZZww5OP6ZgaaPsNscKPRSRT5E5
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$QczbPLpIHiEZFf7FChcTC0$9SoBJzI8k/j5gjRdfK/x3vc/h73sNRGyAmr0KninMn0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---

53
host_vars/gw-blkr.oopen.de.yml
View File

@ -249,59 +249,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$qmeacaq0WLATk6o7374lj1$1MrdyEubi5m4E9MCNZWrS04nZi1Qgk4vHu.J5LwKrJB:19757
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- localadmin
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

394
host_vars/gw-campus.oopen.de.yml Normal file
View File

@ -0,0 +1,394 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1
headline: eno1 - Uplink DSL via (static) line to Fritz!Box 7490
auto: true
family: inet
method: static
address: 172.16.72.1
netmask: 24
gateway: 172.16.72.254
#nameservers:
# - 192.168.81.1
# - 172.16.81.254
#search: ga.netz ga.intra
- device: eno2
headline: eno2 - Uplink Lehrer-und Schülerdatenbank (LUSD)
auto: true
family: inet
method: static
address: 192.168.100.254
netmask: 24
post-up:
# Traffic zur ehrer-und Schülerdatenbank (LUSD)
- /sbin/ip route add 10.9.131.0/24 via 192.168.100.253
- device: eno3
family: inet
method: manual
post-up:
# VLAN 10 LAN 1 Campus
- /sbin/ip link add link eno3 name eno3.10 type vlan id 10
- device: eno3:ns
headline: eno3:ns - Alias on eno3 (Nameserver)
auto: true
family: inet
method: static
address: 192.168.72.1
netmask: 32
- device: eno3.10
headline: eno3.10 - LAN 1 Campus - network 192.168.72.0/24
auto: true
family: inet
method: static
address: 192.168.72.254
netmask: 24
pre-up:
- /sbin/ifconfig eno3 up
- device: eno4
family: inet
method: manual
post-up:
# VLAN 20 - LAN 2 Campus including UniFi Accesspoints
- /sbin/ip link add link eno4 name eno4.20 type vlan id 20
- device: eno4.20
headline: eno4.20 - LAN 2 Campus - network 192.168.73.0/24
auto: true
family: inet
method: static
address: 192.168.73.254
netmask: 24
pre-up:
- /sbin/ifconfig eno4 up
- device: eno6
headline: eno6 - Management Network Campus - network 10.72.1.0/24
auto: true
family: inet
method: static
address: 10.72.1.254
netmask: 24
- device: eno7
headline: eno7 - network 192.168.11.0/24 (LAN Stockhausen)
auto: true
family: inet
method: static
address: 192.168.11.72
#gateway: 192.168.11.254
netmask: 24
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 127.0.0.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- campus.netz
- campus.intra
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.oopen-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$rDrvWa/KInzTe601YYf9./$WjDlaItCrgX7gu4nCs481y8WLxiRaNJCC/MgFgKuzg3
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: maadmin
password: $y$j9T$LCkYWvykWzrpFxIlmSUB01$e1ROfZxXAU53UdAwZAECzED4iV4LS02Q4IPQ2fycv51
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- name: wadmin
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$awYUu9oRvV39ojITZOC7D1$czTh5HHIE32PXb0vl40ayAarm39txR4jaH1QzBscqfC
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCQRRXy0+9D+mhLniRlUpZZ3kZdZcQKXBsGnlsFYaRi maadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$wpg8hlvMpO4PAWSVdLoJq/$dgpQh4cEnbUOQkkZzKUM4S8XzNS/Md5gMmMuNTqec74
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
- maadmin
- wadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
install_bind_packages: true
bind9_gateway_acl:
- local-net:
name: local-net
entries:
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 10.0.0.0/8
- fc00::/7
- fe80::/10
- ::1/128
- internaldns:
name: internaldns
entries:
- '# Nameserver Gateway Stockhausen'
- 192.168.11.1
- '# Domain Controller Stockhausen'
- 192.168.10.3
- '# Nameserver Gateway Altenschlirf'
- 192.168.10.1
- '# Domain Controller Altenschlirf'
- 192.168.10.3
- 192.168.10.6
- 172.16.0.1
- '# Nameserver Gateway Novalishaus'
- 192.168.81.1
- 10.2.11.2
- '# Nameserver wolle'
- 10.113.12.3
- '# Postfix Mailserver'
- 192.168.11.2
- '# Mail Relay System'
- 192.168.10.2
bind9_gateway_listen_on_v6:
- none
bind9_gateway_listen_on:
- any
#bind9_gateway_allow_transfer: {}
bind9_gateway_allow_transfer:
- none
bind9_transfer_source: !!str "192.168.81.1"
bind9_notify_source: !!str "192.168.81.1"
#bind9_gateway_allow_query: {}
bind9_gateway_allow_query:
- local-net
#bind9_gateway_allow_query_cache: {}
bind9_gateway_allow_query_cache:
- local-net
bind9_gateway_recursion: !!str "yes"
#bind9_gateway_allow_recursion: {}
bind9_gateway_allow_recursion:
- local-net
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-gateway
repo: https://git.oopen.de/firewall/ipt-gateway
dest: /usr/local/src/ipt-gateway
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

33
host_vars/gw-ckubu.local.netz.yml
View File

@ -118,39 +118,6 @@ cron_user_special_time_entries:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $y$j9T$KUDlIDddLeymNRsoS7Z51/$eelMaGW/JhVsCjl6nducJmjxrHpuyLStWuOGrohKZZD
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$1SUeBB9jQKPnG9JPt30O5/$aiZOeMJbJqE.cEKkFdSBxeuhma8n1thBVn00SClT3C/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$n17mARf7i72xHDBW0lfT40$2WQMFPops.4.T3H7mk7Kzh3sRt3YfJtlhtn0Vl.uU37
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

81
host_vars/gw-dissens.oopen.de.yml
View File

@ -82,6 +82,53 @@ sshd_hostkeyalgorithms:
# ---
# ---
# vars used by roles/common/tasks/users
# ---
default_user:
- name: chris
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$sHxqz7NyYdn38ZegSbewO.$PPHR0n.XeMcS3AQ9KybllBT.2hxpYlQ7AiVhxHgUOX8
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
group: localadmin
home: /home/localadmin
password: $y$j9T$1WH8G2UkuN1jjp4QLuoeC0$dXpOnJUfMMAqAXlwN8XD0pq78r.a4UZOgt3LY4afxy/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$WmitGB98lhPLJ39Iy4YfH.$irv0LP1bB5ImQKBUr1acEif6Ed6zDu6gLQuGQd/i5s0
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
@ -186,40 +233,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$JLezdt23fYO1OVfqTGPLG.$0WZW1GBGvIs7aITanCemuvZ9CbHwCFg1uxMynQiO7Y/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$daq5sPNG0I8/BEqIRc8tq0$gLVISkrP7ziAnQUbBD6ZROpU2ud0/Y1Vmkqkq/yPH09
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$Sc6W8dHBquFeXxNvdaB9r1$S.yGBl7KHTvmlSNncI6cJ.2dHHg8LCoy.JSfJaZneH7
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

53
host_vars/gw-ebs.oopen.de.yml
View File

@ -186,59 +186,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$WWsYp2DSIw4jNx5/IaKzY1$VjvTQYvSaQtJDiiNYxOUDEx9QdIPTZ1YWXSSaS1whH/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

182
host_vars/172.16.122.2.yml → host_vars/gw-fm.oopen.de.yml
View File

@ -1,4 +1,5 @@
---
# ---
# vars used by roles/network_interfaces
# ---
@ -25,9 +26,9 @@ network_interfaces:
auto: true
family: inet
method: static
address: 172.16.122.2
address: 172.16.222.1
netmask: 24
gateway: 172.16.122.254
gateway: 172.16.222.254
- device: eno2
@ -35,16 +36,36 @@ network_interfaces:
auto: true
family: inet
method: static
address: 192.168.122.253
address: 192.168.222.254
netmask: 24
post-up:
# VLAN 13 Guest Net
- /sbin/ip link add link eno2 name eno2.13 type vlan id 13
- device: eno2:ns
headline: eno2:ns - Alias on eno5 (Nameserver)
headline: eno2:ns - Alias on eno2 (Nameserver)
auto: true
family: inet
method: static
address: 192.168.122.2
address: 192.168.222.1
netmask: 32
- device: eno2.13
headline: eno2.13 - Guest Network
auto: true
family: inet
method: static
address: 192.168.223.254
netmask: 24
- device: eno2.13:ns
headline: eno2.13:ns - alias on eno2.13 (Guest Network)
auto: true
family: inet
method: static
address: 192.168.223.1
netmask: 32
@ -63,62 +84,6 @@ network_interfaces:
# ---
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if SSH service is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if OpenVPN service is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_vpn.sh
- name: "Check if nameservice (bind) is running?"
minute: '*/10'
hour: '*'
job: /root/bin/monitoring/check_dns.sh
- name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
minute: '0-59/2'
hour: '*'
job: /root/bin/monitoring/check_forwarding.sh
- name: "Copy gateway configuration"
minute: '09'
hour: '3'
job: /root/bin/manage-gw-config/copy_gateway-config.sh ANW-KM
#cron_user_special_time_entries: []
cron_user_special_time_entries:
- name: "Check if Postfix Service is running at boot time"
special_time: reboot
job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
insertafter: PATH
- name: "Restart Systemd's resolved at boottime."
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
@ -198,16 +163,77 @@ resolved_nameserver:
#resolved_domains: []
resolved_domains:
- ~.
- anw-km.netz
- fm.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 172.16.222.254
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if SSH service is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if OpenVPN service is up and running?"
minute: '*/30'
hour: '*'
job: /root/bin/monitoring/check_vpn.sh
- name: "Check if nameservice (bind) is running?"
minute: '*/10'
hour: '*'
job: /root/bin/monitoring/check_dns.sh
- name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )"
minute: '0-59/2'
hour: '*'
job: /root/bin/monitoring/check_forwarding.sh
# - name: "Speedtest"
# minute: '17'
# hour: '*0-8'
# job: /root/bin/admin-stuff/speedtest.sh
- name: "Copy gateway configuration"
minute: '09'
hour: '3'
job: /root/bin/manage-gw-config/copy_gateway-config.sh FM
cron_user_special_time_entries:
- name: "Check if Postfix Service is running at boot time"
special_time: reboot
job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh"
insertafter: PATH
- name: "Restart Systemd's resolved at boottime."
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 15 ; /bin/systemctl restart ntpsec"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
@ -230,38 +256,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

32
host_vars/gw-kb.oopen.de.yml
View File

@ -230,38 +230,6 @@ ssh_keypair_backup_client:
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.oopen.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
sudo_users:
- chris
- sysadm
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

225
host_vars/keycloak-nd.oopen.de.yml Normal file
View File

@ -0,0 +1,225 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 185.12.64.2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if cert for Keycloak service is up-to-date"
minute: '51'
hour: '05'
job: /root/bin/monitoring/check_cert_for_keycloak.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
extra_user:
- name: nd-admin
user_id: 1045
group_id: 1045
group: nd-admin
password: $y$j9T$1YJwHY0qdLimgtdOKlTxR1$/O9QWTpr0Y41TduR2GZ0FMCiIxFqOaXWSM9hmHRnv80
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTjd4XFBdF/V9VdSZjy9G7nupBwaMqsrtQSP4Uctkrz org@rdsgn.de'
sudo_users:
- chris
- sysadm
- nd-admin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

64
host_vars/mm-irights.oopen.de.yml
View File

@ -75,12 +75,10 @@ systemd_resolved: true
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 213.133.98.98
- 2a01:4f8:0:1::add:9999
- 213.133.99.99
- 2a01:4f8:0:a111::add:9898
- 213.133.100.100
- 2a01:4f8:0:a0a1::add:1010
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
@ -100,6 +98,60 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
cron_user_entries:
- name: "Check if mattermost service ist running - Restart Service if needed."
minute: '*/6'
hour: '*'
job: /root/bin/monitoring/check_local_mattermost_service.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '01'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---

141
host_vars/mm-migration.oopen.de.yml Normal file
View File

@ -0,0 +1,141 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
sshd_permit_root_login: !!str "prohibit-password"
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 195.201.179.131
- 95.217.204.204
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
#
# see: roles/common/tasks/vars
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

7
host_vars/mm-rav.oopen.de.yml
View File

@ -123,11 +123,16 @@ cron_user_special_time_entries:
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
- name: "Check if mattermost service is running. Restart service if needed."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_local_mattermost_service.sh > /dev/null 2>&1"
insertafter: PATH
cron_user_entries:
- name: "Check if mattermost service ist running - Restart Service if needed."
minute: '*/6'
minute: '*/16'
hour: '*'
job: /root/bin/monitoring/check_local_mattermost_service.sh

5
host_vars/o12.oopen.de.yml
View File

@ -273,6 +273,11 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1
- name: "Check if all autostart LX-Container are running.?"
minute: '*/10'
hour: '*'
job: /root/bin/LXC/boot-autostart-lx-container.sh
# ---

187
host_vars/o13-alt.oopen.de.yml
View File

@ -1,187 +0,0 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device ens3
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: manual
hwaddress: 52:54:00:62:fb:9c
description:
address:
netmask:
gateway:
metric:
pointopoint:
mtu:
scope:
# additional user by dhcp method
#
hostname:
leasehours:
leasetime:
vendor:
client:
# additional used by bootp method
#
bootfile:
server:
hwaddr:
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 195.201.179.131
# - 95.217.204.204
#search:
# optional additional subnets/ips subnets: []
# subnets:
# - '192.168.123.0/24'
# - '192.168.124.11/32'
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge:
ports: ens3 # for mor devices support a blank separated list
stp: !!str off
fd: 1
hello: 2
maxage: 12
# optional bonding parameters bond: {}
# bond:
# master
# primary
# slave
# method:
# miimon:
# lacp-rate:
# ad-select-rate:
# master:
# slaves:
bond: {}
# optional vlan settings | vlan: {}
# vlan: {}
# raw-device: 'eth0'
vlan: {}
# inline hook scripts
pre-up: [] # pre-up script lines
up:
- !!str "ip addr add 83.223.86.200/24 dev br0"
- !!str "ip route add default via 83.223.86.1"
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

73
host_vars/o13-board.oopen.de.yml
View File

@ -1,73 +0,0 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

53
host_vars/o13-cryptpad.oopen.de.yml
View File

@ -100,67 +100,30 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
extra_user:
- name: chris
password: $y$j9T$KUDlIDddLeymNRsoS7Z51/$eelMaGW/JhVsCjl6nducJmjxrHpuyLStWuOGrohKZZD
- name: marsupilami
password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
shell: /bin/bash
group: marsupilami
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$1SUeBB9jQKPnG9JPt30O5/$aiZOeMJbJqE.cEKkFdSBxeuhma8n1thBVn00SClT3C/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$/TGIkTdH5zV4wTPsrZNko0$nGIMPM7WhOaeg4qUrwqiJ4Fvmn7He0bmYdZlXQ4ow80
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$n17mARf7i72xHDBW0lfT40$2WQMFPops.4.T3H7mk7Kzh3sRt3YfJtlhtn0Vl.uU37
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: cryptpad
user_id: 2010
group_id: 2010
group: cryptpad
home: /var/www/cryptpad
password: $y$j9T$TUSURhYNq5B1eWlxis.xy.$YfCpyp24dmaZwiIEMaJvX7u3P.MEdAyz8YXMusM4lu7
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'
- name: c3po
password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
shell: /bin/bash
group: c3po
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
sudo_users:
- chris
- c3po
- marsupilami
- sysadm
- localadmin
- c3po
# ---

41
host_vars/o13-mumble.oopen.de.yml
View File

@ -100,53 +100,28 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
extra_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
- name: marsupilami
password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
shell: /bin/bash
group: marsupilami
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'
- name: c3po
password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
shell: /bin/bash
group: c3po
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- c3po
- marsupilami
- sysadm
- localadmin

52
host_vars/o13-pad.oopen.de.yml
View File

@ -100,64 +100,28 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
extra_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
- name: marsupilami
password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
shell: /bin/bash
group: marsupilami
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'
- name: c3po
password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
shell: /bin/bash
group: c3po
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: cryptpad
user_id: 2010
group_id: 2010
group: cryptpad
home: /var/www/cryptpad
password: $y$j9T$TUSURhYNq5B1eWlxis.xy.$YfCpyp24dmaZwiIEMaJvX7u3P.MEdAyz8YXMusM4lu7
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- c3po
- marsupilami
- sysadm
- localadmin

120
host_vars/o13-schleuder.oopen.de.yml
View File

@ -1,120 +0,0 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: c3po
password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

34
host_vars/o13-staging-board.oopen.de.yml
View File

@ -106,40 +106,30 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
extra_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
- name: marsupilami
password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
shell: /bin/bash
group: marsupilami
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
- name: c3po
password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
shell: /bin/bash
group: c3po
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
sudo_users:
- chris
- c3po
- marsupilami
- sysadm
- localadmin
# ---

40
host_vars/o13-web.oopen.de.yml
View File

@ -100,54 +100,28 @@ resolved_fallback_nameserver:
# vars used by roles/common/tasks/users.yml
# ---
default_user:
extra_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
- name: marsupilami
password: $y$j9T$guTT3egsLUFwxUGCnDJ0o0$WCQt3gXcYIpArTxbn2BunvIWG6w7GZLx./fFGJYCsd/
shell: /bin/bash
group: marsupilami
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4wVpkMrF4M5wKBxRAonR4gVngO9+yhBEAyhV03l6Is'
- name: c3po
password: $6$z0yywBoF$VtusXNrSvL4s4kQSeCl/6rZoCcAOz0aSINm0ArntILNvLnurVDGk9nJz42ZMya/DFe8snlf5kLymeAmNRiyDK/
shell: /bin/bash
group: c3po
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDinfnbnVooKT0iFpkZeRZMj8JpYJk+EkgGHyK2xhb0HNoYvDoG06Clckm0vauuRlSYnWkZC0dLIbqHlACA+jbCKa2w/5yOjCXmJiJEO04YCMhkQH08It+wpWZb/Bx2O6DB3cY+3mHwPocp/la8caYW4NIE5+67AnHxIQifJLXM44TgkmFEhXSBMIZj8b8wL+MA0zKD0LXwgEH9Wllcccq6D5lfsrUSLvTRHq362pE+ZtVXh2peVkS4r98HNtYVUjBMgOIIPEypopceUzXC0L+vB7s2SolAsh3CGjqyjYW8x3fWnAewlfa5TbgIC+11e+KJKFr5+tVfwSgHC+TtfuXDU5Ws80ETejbuwx2iRVfHG0fDcjPzaVUXGmY+j8OR4jACz5KY5+VMJgMuXJTbZBEf1C5O3lCTaEf/Pmw50SHrshT/bhdrMBUaS+AOTFHrI3WOu+ujWMXJK3pRdROXDFDtPfc1afaJkMuKO5Uay/qwTEKd8NwXNoAGkXjowKBerNgJRy5JwhmbHMA6xsCDEjXMVy+yiMw+58JE76g5HVVu7dpyz0bjXD3LrpB+lclQHRLxNajWAjVsAu/eI2zQDDS7YHi1IZVUGdYD0g0qXdeNQ//KA7FVr22VFUP8xtbseZfOZpKFGVEMVkIOcYHZoYhOYxZDVNNmvle13F4PU1zOiQ== c3po@riseup.net'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- c3po
- marsupilami
- sysadm
- localadmin

286
host_vars/o17.oopen.de.yml
View File

@ -63,8 +63,6 @@ network_interfaces:
# search: warenform.de
#
nameservers:
- 195.201.179.131
- 95.217.204.204
search: oopen.de warenform.de
# optional additional subnets/ips subnets: []
@ -105,6 +103,13 @@ network_interfaces:
vlan: {}
# inline hook scripts
#
# example:
#
# up:
# - !!str "ip addr add 83.223.86.115/24 dev br0"
# - !!str "ip route add default via 83.223.86.1"
#
pre-up: [] # pre-up script lines
up:
- !!str "ip addr add 83.223.85.203/24 dev br0"
@ -114,6 +119,7 @@ network_interfaces:
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
@ -139,6 +145,76 @@ network_interfaces:
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 195.201.179.131
- 95.217.204.204
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
@ -156,7 +232,7 @@ cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
job: "sleep 5 ; /bin/systemctl restart systemd-resolved > /dev/null 2>&1"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
@ -250,210 +326,6 @@ git_firewall_repository:
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 83.223.85.203
samba_server_cidr_prefix: 24
samba_workgroup: AH
samba_netbios_name: FILE-AH
samba_groups:
- name: verwaltung
group_id: 1200
- name: intern
group_id: 1210
- name: hoffmann-elberling
group_id: 1220
- name: gubitz-partner
group_id: 1230
samba_user:
- name: buero
groups:
- verwaltung
- intern
password: 'buero2011'
- name: axel
groups:
- intern
- verwaltung
- hoffmann-elberling
password: 'ah-kiel.2018'
- name: bjoern
groups:
- intern
- verwaltung
- hoffmann-elberling
password: 'bjoern2011'
- name: gubitz
groups:
- intern
- verwaltung
- gubitz-partner
password: '20gubitz12'
- name: schaar
groups:
- intern
- verwaltung
- gubitz-partner
password: '20schaar12'
- name: molkentin
groups:
- intern
- verwaltung
- gubitz-partner
password: 20molkentin12
- name: buerooben
groups:
- intern
- verwaltung
- hoffmann-elberling
password: 'buero2013'
- name: back
groups: []
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: buchholz
groups:
- buero
- intern
- verwaltung
password: '20-buch_holz-20'
- name: schmidt
groups:
- intern
- verwaltung
- gubitz-partner
password: '20-schmidt_21%'
- name: kiel-nb1
groups:
- buero
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: '20-note%book1-20'
- name: kiel-nb2
groups:
- buero
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: '20-note%book2-20'
- name: chris
groups:
- buero
- intern
- verwaltung
- gubitz-partner
- hoffmann-elberling
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
base_home: /home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
samba_shares:
- name: profiles-RDP
comment: Users profiles RDP
path: /data/samba/profiles-RDP
guest_ok: !!str no
browseable: !!str no
valid_users: '%S'
file_create_mask: !!str 600
dir_create_mask: !!str 700
- name: Buero
path: /data/samba/shares/Buero
group_valid_users: intern
group_write_list: intern
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: recycle
- name: Verwaltung
path: /data/samba/shares/Verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: recycle
- name: Scans_schnell
path: /data/samba/shares/Scans_schnell
group_valid_users: intern
group_write_list: intern
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: recycle
- name: Hoffmann-Elberling
path: /data/samba/shares/Hoffmann-Elberling
group_valid_users: hoffmann-elberling
group_write_list: hoffmann-elberling
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: recycle
- name: Gubitz-Partner
path: /data/samba/shares/Gubitz-Partner
group_valid_users: gubitz-partner
group_write_list: gubitz-partner
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: recycle
- name: Gubitz-Backup
path: /data/samba/shares/Gubitz-Backup
group_valid_users: gubitz
group_write_list: gubitz
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: recycle
- name: WinServer2016-Backup
comment: WinServer2016-Backup on Fileserver
path: /data/samba/shares/WinServer2016-Backup
group_valid_users: {}
group_write_list: {}
file_create_mask: !!str 664
dir_create_mask: !!str 2775
guest_ok: !!str yes
vfs_object_recycle: true
recycle_path: {}
- name: Advoware-Backup
comment: Advoware-Backup (only read) on Fileserver
path: /data/samba/shares/Advoware-Backup
group_valid_users: back
group_write_list: back
file_create_mask: !!str 664
dir_create_mask: !!str 2775
guest_ok: !!str yes
vfs_object_recycle: true
# ==============================

14
host_vars/o23.oopen.de.yml
View File

@ -24,7 +24,7 @@ network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp6s0
headline: br0 - bridge over device enp27s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -32,7 +32,7 @@ network_interfaces:
family: inet
method: static
hwaddress: 88:d7:f6:7d:e6:ef
hwaddress: 30:9c:23:63:40:b5
description:
address: 159.69.74.150
netmask: 26
@ -63,10 +63,10 @@ network_interfaces:
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 195.201.179.131
- 95.217.204.204
search:
#nameservers:
# - 195.201.179.131
# - 95.217.204.204
#search:
# optional additional subnets/ips subnets: []
# subnets:
@ -81,7 +81,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: enp6s0 # for mor devices support a blank separated list
ports: enp27s0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2

24
host_vars/o24.oopen.de.yml
View File

@ -24,7 +24,7 @@ network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp7s0
headline: br0 - bridge over device enp193s0f0np0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -32,11 +32,11 @@ network_interfaces:
family: inet
method: static
hwaddress: 7c:10:c9:9e:bd:51
hwaddress: 9c:6b:00:4e:fc:15
description:
address: 168.119.70.7
address: 157.90.140.173
netmask: 26
gateway: 168.119.70.1
gateway: 157.90.140.129
metric:
pointopoint:
mtu:
@ -81,7 +81,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: enp7s0 # for mor devices support a blank separated list
ports: enp193s0f0np0 # for mor devices support a blank separated list
stp: !!str off
fd: 1
hello: 2
@ -108,7 +108,7 @@ network_interfaces:
# inline hook scripts
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 168.119.70.0 netmask 255.255.255.192 gw 168.119.70.1 dev br0" # up script lines
- !!str "route add -net 157.90.140.128 netmask 255.255.255.192 gw 157.90.140.129 dev br0" # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
@ -119,7 +119,7 @@ network_interfaces:
- device: br0
family: inet6
method: static
address: 2a01:4f8:242:1822::2
address: 2a01:4f8:2220:37c3::2
netmask: 64
gateway: fe80::1
@ -200,9 +200,9 @@ systemd_resolved: true
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 2a01:4ff:ff00::add:1
# search domains
#
@ -265,10 +265,10 @@ cron_user_entries:
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check connectifity - reboot if needed"
minute: '*/10'
hour: '*'
job: /root/bin/admin-stuff/check-connectivity.sh
# - name: "Check connectifity - reboot if needed"
# minute: '*/10'
# hour: '*'
# job: /root/bin/admin-stuff/check-connectivity.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'

80
host_vars/o26.oopen.de.yml
View File

@ -240,6 +240,30 @@ network_interfaces:
# vars used by roles/ansible_user
# ---
insert_root_ssh_keypair: true
root_ssh_keypair:
- name: borg-client_key
priv_key_src: o26.oopen.de/root/.ssh/borg-client_key
priv_key_dest: /root/.ssh/borg-client_key
pub_key_src: o26.oopen.de/root/.ssh/borg-client_key.pub
pub_key_dest: /root/.ssh/borg-client_key.pub
- name: id_ed25519-borg-backup
priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-borg-backup
priv_key_dest: /root/.ssh/id_ed25519-borg-backup
pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-borg-backup.pub
pub_key_dest: /root/.ssh/id_ed25519-borg-backup.pub
- name: id_ed25519-gitea
priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-gitea
priv_key_dest: /root/.ssh/id_ed25519-gitea
pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-gitea.pub
pub_key_dest: /root/.ssh/id_ed25519-gitea.pub
- name: id_ed25519-backup
priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup
priv_key_dest: /root/.ssh/id_ed25519-backup
pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup.pub
pub_key_dest: /root/.ssh/id_ed25519-backup
# ---
# vars used by roles/common/tasks/basic.yml
@ -416,7 +440,61 @@ cron_user_entries:
# vars used by roles/common/tasks/users.yml
# ---
create_sftp_group: true
default_user:
- name: chris
password: $y$j9T$t0OK33lTuB/3TME5h/GHn.$4EjhvjhelkpUB2vqWPBdDCV3xCwBcJHpDobTkkuHxy.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: sysadm
user_id: 1050
group_id: 1050
group: sysadm
password: $y$j9T$LIF1RrShGDGdCXkUubRPR/$N8M5c/dhBdJkJrLP3/Lchyosjg0FxaQ2M4epvuzTI78
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: localadmin
user_id: 1051
group_id: 1051
password: $y$j9T$bqr.c39mSZOjjhVo/qmM2.$riPJ81SHLqfJMQ6/ZdeWNP7ma8R5nehI9mo5K8oUkw1
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: back
user_id: 1060
group_id: 1060
group: back
password: $y$j9T$uYqbl2A6vQ6WsLinzhUfG0$/w02iPud/LURbhY19DGtKWgKNFTpNEP7J.jOu5CZPh.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd0AwTHbDBK4Dgs+IZWmtnDBjoVIogOUvkLIYvsff1y root@backup.open.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINj0nCdFOZm51AVCfPbZ22QROIEiboXZ7RamHvM2E9IM root@backup.warenform.de'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQMCGCyIvs5hoNDoTIkKvKmEbxLf+uCYI1vx//ZQYY root@o26-backup'
- name: borg
user_id: 1065
group_id: 1065
group: borg
password: $y$j9T$JPKlR6kIk7GJStSdmAQWq/$e1vJER6KL/dk1diFNtC.COw9lu2uT6ZdrUgGcNVb912
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRaUsGqBvZBDzyh1kuldC/jdbtuoXFgBZ7PbgSqytSn root@cl-fm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsPJQGHl1GVZ3yPl3Oi3xlH+EUsN1/EWDY2XAohag/P root@mail-fm'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC85aj16Ow1ZPutkp5TmZdxjMsECkhnO64ktc3OYZJHc root@o25-board'
extra_system_user:

14
host_vars/o29.oopen.de.yml
View File

@ -23,7 +23,7 @@ network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp35s0
headline: br0 - bridge over device enp8s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -31,11 +31,11 @@ network_interfaces:
family: inet
method: static
hwaddress: a8:a1:59:3e:bd:b8
hwaddress: 9c:6b:00:6d:f5:a1
description:
address: 135.181.136.120
address: 65.21.220.154
netmask: 26
gateway: 135.181.136.65
gateway: 65.21.220.129
metric:
pointopoint:
mtu:
@ -80,7 +80,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: enp35s0 # for mor devices support a blank separated list
ports: enp8s0 # for mor devices support a blank separated list
stp: !!str off
fd: 1
hello: 2
@ -107,7 +107,7 @@ network_interfaces:
# inline hook scripts
pre-up: [] # pre-up script lines
up:
- !!str "route add -net 135.181.136.64 netmask 255.255.255.192 gw 135.181.136.65 dev br0" # up script lines
- !!str "route add -net 65.21.220.128 netmask 255.255.255.192 gw 65.21.220.129 dev br0" # up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
@ -118,7 +118,7 @@ network_interfaces:
- device: br0
family: inet6
method: static
address: 2a01:4f9:3a:1051::2
address: 2a01:4f9:3080:318c::2
netmask: 64
gateway: fe80::1

2
host_vars/o34.oopen.de.yml
View File

@ -345,6 +345,8 @@ cron_user_entries:
sudoers_file_user_privileges:
- name: back
entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
- name: www-data
entry: 'ALL=(root) NOPASSWD: /root/bin/nextcloud/add-new-account.sh'
# ---

6
host_vars/o40.oopen.de.yml
View File

@ -24,7 +24,7 @@ network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp5s0
headline: br0 - bridge over device enp6s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
@ -32,7 +32,7 @@ network_interfaces:
family: inet
method: static
hwaddress: 9c:6b:00:0b:fe:2f
hwaddress: 9c:6b:00:08:9a:30
description:
address: 176.9.125.12
netmask: 27
@ -76,7 +76,7 @@ network_interfaces:
# maxwait:
# waitport:
bridge:
ports: enp5s0 # for mor devices support a blank separated list
ports: enp6s0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2

2
host_vars/o43.oopen.de.yml
View File

@ -249,7 +249,7 @@ cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
job: "sleep 2 ; /bin/systemctl restart ntpsec > /dev/null 2>&1"
insertafter: PATH

18
host_vars/prometheus-nd.oopen.de.yml
View File

@ -147,6 +147,24 @@ cron_user_entries:
# vars used by roles/common/tasks/users.yml
# ---
extra_user:
- name: nd-admin
user_id: 1045
group_id: 1045
group: nd-admin
password: $y$j9T$1YJwHY0qdLimgtdOKlTxR1$/O9QWTpr0Y41TduR2GZ0FMCiIxFqOaXWSM9hmHRnv80
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTjd4XFBdF/V9VdSZjy9G7nupBwaMqsrtQSP4Uctkrz org@rdsgn.de'
sudo_users:
- chris
- sysadm
- nd-admin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

77
host_vars/server28.warenform.de.yml
View File

@ -235,11 +235,6 @@ cron_env_entries:
cron_user_special_time_entries:
- name: "Restart NTP service 'ntpsec'"
special_time: reboot
job: "sleep 2 ; /bin/systemctl restart ntpsec"
insertafter: PATH
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
@ -309,78 +304,6 @@ cron_user_entries:
# vars used by roles/common/tasks/users.yml
# ---
insert_ssh_keypair_backup_server: false
ssh_keypair_backup_server:
- name: backup
backup_user: back
priv_key_src: root/.ssh/id_rsa.backup.warenform.de
priv_key_dest: /root/.ssh/id_rsa
pub_key_src: root/.ssh/id_rsa.backup.warenform.de.pub
pub_key_dest: /root/.ssh/id_rsa.pub
insert_keypair_backup_client: true
ssh_keypair_backup_client:
- name: backup
priv_key_src: root/.ssh/id_ed25519.warenform-server
priv_key_dest: /root/.ssh/id_ed25519
pub_key_src: root/.ssh/id_ed25519.warenform-server.pub
pub_key_dest: /root/.ssh/id_ed25519.pub
target: backup.warenform.de
default_user:
- name: chris
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- name: axel
password: $6$zUWC465e$XblctxwnBIOa7mPcN6foEQrwChjpwoY7lLtacXJrSsvjZS3I6Ox1mYUtN3/gzkvpbzOPx/9PlRJV.mbl939mD.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz'
- name: sysadm
user_id: 1050
group_id: 1050
password: $6$vvccwrTc$Sz1HaSb3ujObprltiG7D6U1Rr3fpgfjkKuDDWYdHzPkPx/0pEofCWC.vyTn78hcemkntl.6wVUOnJnNloKt/E/
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOPnP788dlfeFi9oo8UkS0Chi/jcxUGjsOuQnxW/GR+ axel@wf.netz'
- name: localadmin
user_id: 1051
group_id: 1051
password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFkl+5aVg4l40bxmf6k2dpopV8oAXyLhGGmKfzspW3GTfD29WjhuGS/mefrqr3tZRYrybPA5GDQ1QdwwRL16+6xfjAt/B62p3dMXnjsHalk74DTcQCZDlsj0UxTV1+gfOYzcB/CAqRd2wtB+vqGWRP+oGP3E7AIgoBlE44MaEDDuMP0Vvm8hNQ5N+/3zcrE626yDHAa4qmOd5d+J/HWrHLeJ4915g9VcCYCNGCgepb//4RdCpzEqUJiBGwihb/iJk3RoHcAv3L+tht8vmBF7Wz0iJ9BtLRTsJGFCkET0i50E18mU3bfaa7ov/PY/+UcE8FZSWZcoZ6AtmoBy0Zg2mp6/F9serfe67qtILNAbWD+qNRC7GjW3c5UvF5GJM6WvG8OZRvwarovZOU8uw1NLL3unY8O1bdihXmCXatXz+MvHCOvmZekUolKMBu7mziH5wificprUY9YeGX1FHVh4/hsL04zZdu/Q8Rr/BxM8+mJCCPsrkEoNnZNJfxCSwynd3jjqkhBpzZkEW9EGDBG5qnx4f6QPtcf/sv7eoNjzhEUs5k9GstbgW0ZD6381Ws/EpIdRbZUl52wFXalE8N/Z9hU6vfBC1xk0DIardUkZk+6lTsS8orBZkmPDNhX5hT8nmwNszQI0WgHPs+xDAdFskMcB/j20G5NupZm+2QgNXoww== jonas@meurer.it'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCzd5rFYvV5/V2NZE4jxL09qZ4TTsgmhbfSHpsj9wX89+j7ZrfTAkAkAFxyrWs8FR3CQ11DGkrXW059a0ppRQ7R8bUW9CniXS/RaRAvqX9AMM9Xo/lmL4pXNM0sV4nHJWphi5Bc+zTIM2I4PSbHYw+5dDnj8ZIQ8ucBff+k29Zd90JRuKx72tk0pQNf7sQbWVKNCT/B4g4MJV84NvnO+ExCWvGM95Cy5NCTnQfO94/OSkN72R//tIR7Nd/aK7hEj69MoVJZrFy4qzE9KskLhKeUYCqoz86XOQ6Dfag/B2adTeG3r9DEacG3ao/ACZKQChj0X12LEV/PZUHLORqYpWIwMuIx54vhbxarSwlKhoOCv1XQJwo9BTavMhFNsMtZpAJYdvAakRCbf18bDrHyqYYqjAyYOp+L+G+wlSh3tz0qQL8aAnaV3RPN0fDd7Zu1dpMGAM2gMnBEMJ+k82V7EtACp1jf37LW11Lbv2o+dRUJEgsrU9TNGxaGSTWqGc65TuP9PUfDXq1ZNOPQWSK/KseqB0WUx6ePfZzkgkr7kGXT/d9hUSCq2+iprhfwQpYLcXE9XtCdo1aivIKQ8zCuR44q11HePyNtEMaJfq33p4uDTVOy7UOtuACzSbk6vs7h6h8CUGPwU9aw+PRiWY4Jdm0caJ8trFfH1R8XaIe3SaUEw== t@NB-003258-RLS'
- name: back
user_id: 1060
group_id: 1060
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
sudo_users:
- chris
- axel
- sysadm
- localadmin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml

207
host_vars/shop-dev.aufstehen-gegen-rassismus.de.yml Normal file
View File

@ -0,0 +1,207 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: false
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 2a01:4ff:ff00::add:2
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
#cron_user_special_time_entries:
#
# - name: "Restart DNS Cache service 'systemd-resolved'"
# special_time: reboot
# job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
# insertafter: PATH
#
# - name: "Check if postfix mailservice is running. Restart service if needed."
# special_time: reboot
# job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
# insertafter: PATH
#
# - name: "Check if Check if all autostart LX-Container are running."
# special_time: reboot
# job: "sleep 120 ; /root/bin/LXC/boot-autostart-lx-container.sh"
# insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
# - name: "Check connectifity - reboot if needed"
# minute: '*/10'
# hour: '*'
# job: /root/bin/admin-stuff/check-connectivity.sh
#
# - name: "Check if Postfix Mailservice is up and running?"
# minute: '*/15'
# hour: '*'
# job: /root/bin/monitoring/check_postfix.sh
#
# - name: "Check if NTP service 'ntpsec' is up and running?"
# minute: '*/30'
# hour: '*'
# job: /root/bin/monitoring/check_ntpsec_service.sh > /dev/null 2>&1
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

165
host_vars/verdi-django.warenform.de.yml Normal file
View File

@ -0,0 +1,165 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_extra_pkgs: true
apt_extra_pkgs:
- subversion
- subversion-tools
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 213.133.100.100
- 2a01:4f8:0:1::add:9898
- 213.133.99.99
- 2a01:4f8:0:1::add:1010
- 213.133.98.98
- 2a01:4f8:0:1::add:9999
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- warenform.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/copy_files.yml
# ---
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

22
host_vars/web0.warenform.de.yml
View File

@ -142,6 +142,28 @@ ssh_keypair_backup_client:
#
# see: roles/common/tasks/vars
sudoers_file_user_aliases:
- name: WEB_USER
entry: 'webadmin, axel, chris'
- name: MAIN_USER
entry: 'sysadm, axel, chris'
sudoers_file_cmnd_aliases:
- name: REBOOT
entry: '/sbin/reboot'
- name: MANAGE_SERVICE
entry: '/usr/bin/systemctl'
sudoers_file_user_privileges:
- name: MAIN_USER
entry: ALL = REBOOT, MANAGE_SERVICE
- name: WEB_USER
entry: ALL = MANAGE_SERVICE
# ---
# vars used by roles/common/tasks/caching-nameserver.yml

952
host_vars/zapata.opp.netz.yml
View File

@ -1,490 +1,462 @@
$ANSIBLE_VAULT;1.1;AES256
64366536353433366261373236626231393366396638636237366532343030386466336166303066
3639623261623864336433363462363837313931383664360a393865306161326230316234613065
39316331653061353730383966363830356534666439316664656665366366366630383863393430
6233323630386232650a636439663639383835633736363330343563393932346261363533643830
33393561383463636561636662643535643131613065396562333837313661613031626136383936
61633634313535656565633139623531623635343863363962326235363464343634653231383634
37343063366264396538393737613964396562343335323066666561666633653733346238373937
36333439393264386263376535373136363934623439303231373633633962353062636362363531
65336433363930383137613531316431316332353235363133663631393961316565353531346431
37363331373463356431353464323466393035666666303936323032653130666133373761303463
39653866626138323430616637633262303232343464363265343361346161616362363865393831
30613466663865376432633536666239343464383061633937393938386239386237646563333465
66616639366265643130346161643530653433633665656362656264363136666138306332356136
64363962623232353437613265663031656464346434623661623465636430383463353566393430
39303233376430323535616134323532636339383265346433613139333137663730323962613338
63396633613130626536316364386337343732333736343861646164356366663561356135646566
36313834393663366364633733366639383439666434636163373163623037643035303839336138
65383063383535653665303061383964336662376266393539646630626266613134343262633965
35313464633361393863393836363134366639383731316531333566356461333061343730356361
38316638303562373866616237393839366263653735643136303637376461346664303739656332
61393531396464316434353139393763663161666162623934636336653132336533396138356363
32663665623130383635653338303061663138343334396238643935613431613238323536643433
30323834393731633363313636623435363835383865383139366137386238393737363231393736
62333933306639326465303538333366666339623238626231633630663134346533646338633038
35623336373463363763336566623731366337666361353034383939306338386635343133623666
35353363323237616136653362636335366436653865653237626536626161623138323565633138
36633039316135363466323165356561633536613334656362633036313738313239303164303830
64643231346630653234396638663533316663396236353233656238396663323531613536356538
66633564393430656533653537666465346532363861653531666336393462333635393731326461
65633861373262666238633464646330656438623132366531346338333335663735646666393830
33316163646665333739366231383630303230346161373833373965653164396230306639333039
37323363393931323037396639646462336231636265356435643031386338366435366638353834
30666637383461303539306463393565383330636264626463616135636239373433323363656136
30316632613635633566613266363463636533646162333031356365396134343336393232626432
33666535633736383238343836383765356439373039363634303836643163316137313933613738
30303765323937316233303031666238396333666636356434356565323536313633376633393430
64383532613866383537356136326465326366366139626165393438656536373862663064383038
66363937323833373563396565353634323738626131336562613531383532383462353063386634
66343861666130386337393364383566373637383564613031336564623664613039633661643061
35633665663763336533386532666630613031306433623930643638663364393138363362396466
33343433306264363566636237656565303737376436633365623030333532623534376532656662
65323339316336633436353633626537326631393066663865666235306237386537306330643064
34656463653639336332363639666565636663623765303338626263306337653638383866613034
33643461613030323134616562336261326236373064393562623761666439316230333130323737
63313932383931313231623633646365373961666234393164346634306231326264343666643564
33333961653935343663623333366439656263663465383937663938656262333930393932303839
36303138303239356338326139626131343161643561383663656463346237623834313265326666
35333036353263393931636535353534383362613739383264373366393162613763623064643762
30346437323662303130306239316563336437376463303233623737653036376636636536616335
32383233366634663037353432393830363236623930663065383866663233356634656639663734
30303337663864646564386334343232303061373539653138366561343232643338623465333039
65636661393765343831336161373762616433623763636135646364623239393261393337323033
38313461323764303135613035343630653231393863386439303639623666613162346338323030
30333364393232393962663663646530306330373836633364333039333533393636303761366130
63303063326162336330346535323162303766386133373131326237333137626332626533303265
64666131303730613638323862336132636535306335383761666466626265333865393532333036
36346531366138376537656666626530623632623233336438623465363965633033636563636639
30353130333263626237396130626336353330643162393338323236366230663838326263633330
33373764316132323834633138333265333831363561656336316436313639306264323239366235
66313835366665326637363138643133633833346130656432613932373730336531396564613362
35363539643337303436663032383061626337363965383462363633363433326638666333336132
35643637643132623739613133373963393663633566323632643939383966316531333535386264
31623061656264326565346238613533313961313536653766356333316231363638386264386666
65353931366166396439303331363133353036343032346130393236626338323530363639616266
32643234653830323436363737393934653362366537363639376661336634356165323166653030
37316435656239396438663566313636653563383631636463343866616230666363333466393935
31396537316166393162653435636637303962626433386137623662623833363531373362613736
63636635386233613162313837356535346466363631323731386262396638373665306638373639
30333332653663313961656331333063643562343265306433356631653064373833373731356434
31616336353533343734326661353434343930383231613138383663323365373066326538386361
31396661376464306436633537383535303338313062333132336133363233363134613230653861
32666636626132383261333339303766336662373132393331333333376533396263326432353238
33643265613738366533656666333535616130303862323131343965303231326465303630383363
61316161633938666135643461373161376462643434323839333932393031353533303030616139
64623434363530373962636538356361333235366463353364383033623565303832646461366332
37373263383433656630653430653361313062386230393438633739336531633165313632316635
34646637316135393065653832623836643534363064663638343065343732646436656366376433
33613134386531646166633062396338663765373239633330643238356136373164306330383631
39336364633664383333336232646564633366313332303733623239363131643738316262633164
39346330366161336532366461646338306239333162633961363233353636623835616630363235
35633161336632353764613065646539646336663937343036383438396231366636653433626565
39326131323561643537376337656165353836336235333037393564616339666530343533396365
63653465383438353133663163663835623763353361653637383738666538646364363135356537
66653162343537316438663937643337396361393764373131313463393730616265376136343337
31313331326139306132633833363065326363656332306363303561623736663462343537663832
62383634656532346135336266633865303036326430366562666562336237333262613034386264
61616334653262316631356332363038356561333031633865613331366237643730626339626563
66646139386566646263343734643832333032393639343266373236353832666630646338623839
62346465616634663363356139363033313535333139656164323738653130323061623932303363
66613235373037653639356465373366316263383835313462326631663565343334363930616330
31343533643839386462343463326334343631626238383464393362303538393637626333633366
64666534316131626633386436373862316539363735633561613736653363303935633736386135
63616632303663636335643063343133393237343965626163333864386533376266386630326338
39363363373366323237656265353663656562646538373234623034376339393564376638663730
61356263303738373366663064346536633735633062383838623231363836656439646661313232
35616230376538623531663336663632336330656531623561323236326164333266316563306462
65353466636136646164646531336530313139303761636437393565323861333933393834316130
65636362323933373934313332626338343837613464343134626364633762363231333939316162
36353036386130636339396561353262396261303865363734386261336261626563613735393734
37323839333465613037313664623539396537393036366665316535613939323438306138666262
35636362613263626237396138366461303261316266326230373364653234653438623933663437
63303135326331373139633462333832393935383062363362643935313431313263626265343630
34623266643261306635646233653235336462323465393837346164353734633766353538373031
63623061653063316636313135363734353865623439333035633035316130393233653563383137
62653430326131333636333635343964376333653231623332623235316466626533656266616137
62363662376532316261303533383231363066383666643033323730666630613165323634343530
31373863663662643038633933366231383933323634346665343161366363396165656338363034
66643439626666303834656466663637306439313030613834636461656365316237316334343162
38323563656636313465333231643663343034396631663639336334646564613133343365343936
35363565353232616161626565363666666237396163326231363661346166343236393863353763
32356138393236366131633833623561643630336465393539323766643861633437323961663939
66393530393962366263616437336164343864306532613833646336646332383863663733343666
39353935373566306561313932663531656530343732383664393831383035313831643331363664
37323739616365623138333863323635653164323637653731666233613932363536613833393938
30663962353561303966346637333734386265653038323530316234623935656133383537633339
62366435383530336231373265316337326666663235613038313766653334346538333931363739
39333663376161373864326232333436666335376366303435303361343237666564633439373434
37356263353761393732363635396233613830376561363739323132343038303564386634636462
36343930393334623937666563333132303839313862383336383034623931383238383835356261
36376433346565623832663535633633613431326333386332316236656264306137663736633063
30636231636432306165313165316432323365313864383961663831306233343739623232653361
39303531363338303136386338393232656664303137353961663463323434343233353465646136
37363333376361653937623462313061363562333662373737346163623033323339373162633639
38343634386464623931383063366264616661303234643064616338666230336436666633623235
63653164633366383930333232636139353838373062326663643231346237343930653032306433
30653037613834643036633934373433613561363461383934666433303163613062353138323737
62343363353664626565313835353865663566376339626561343162623066396537333930313738
64376463653062373365343739346538396331346466633163393961646265613436383133373465
61623239643566316566623134653733343861353138613165363265393636633265623463323439
37396636383737616132313363333336666339643761653561373062393232326262303639316636
39646630336334656334626439613966303738396665666635346239633338373738613066343332
65613733623335333334303862643964383265333334343037353363616537633932643635643037
34373937356133333936663239373066663465343537653562626266383630336662336463366130
66383766646663383539663762643330346466316539363438653465316366386462376365646266
36333363333334373262353865633462346136303338323334386163316336373333386538363134
31666536656164313032343262396662333464363230376430653831366632623433376534623737
37643863666133653165366535653837303035356235353764393936646234376362643231323530
35663761623836376161303334653734366634303462393236396165353830366631663366343765
33666664623239353261323738333366396136316231663034303965663861333534653563656162
65613133633834376238663263653531343237323666333466643937336138303166346331353861
36383662653666376662336135383032633833653663303562653064616338643437646635623562
36353430396230646439623831383161646464333865333565393933623735353938313462306465
62653063653332323532646161623164666231356535643431656638363531626666396536326639
38383934316638353032363434613531626530383261666135383034386432633531373130306630
33646334656365616437353935396633633763336166373239326431626130646238316361363931
32366331333664316238333239653165653561653763346561333631616137366265333064653861
36323333613032643234316638346439376131636235376435393632393162323066383730313135
64306661343137363233633335653034356334656530636132393665303236656566313361656135
62303661623333383330303538376462336633616533343137633735353935336431646563373833
35313736316333353738336163333464633839663030613264373066633135306561643865333830
36393238636138326337663961626433363863663939653338353231316435333139366566346662
39626337396238346633343561666463303135323065306631646666353566616461613666356161
30396232386661316430643730623631333034323835323736623534396335343437356464326538
62653461663438643337333964313763346637386231663736313437323030653034303534336231
64303261323934666431306661323730343238383362636436373336626464343063613562343135
33636663323834663438643430383433326133306339653934313730323037623737383331363363
32643064323433383735346435353136313631363933356530333839366435326633623835613636
61306661663036636639303138613861383737376361343365643362303634326666333261613234
62393839616136366330303466353962396539386464376439363564313062356266383634393565
32376565366636643238613036333032623533313766613633393933666432326363333737333732
37313237383231336639353061626438393861363535633765386534313631353964663630613137
65316638383835363038363261643930613361313637626261646561623038343735333437636333
65323032396463363666313837366165653131623132323331343364386238376334663837623032
32386432376165336162303366306238316334303761303431333533306261396534383539336132
64666631636334396430663364313565666466336662316263366662333434353461623232306634
36356361613533656163666236366662326563353232326537646137636164333662653464363333
36393761653435353132643631623863363535633335663965343965363962353136373134626537
38396161343364616163303063346364636466643965623934613338383839626637663932373465
65343930633232373133366162386235373265653934386530666532343734356462613264356336
33393264613336316135616161653831373730306161393337333061643064623464393162623733
39363166366236356463373531616663333061653236356564653735653034663662343335636435
66643162386130393139653839376331326338393933376663346330346333636237393365363064
64663437326630663334663866366664663933633263323434353737306333633530313331383162
34326635616236636532616131323262653364333565613062396366613239353863326261356566
61333364396238363563363366336534346662353862343864393435633430666235323939333435
30626535363232333130396362653961616137313531616534373261643737323336313232656539
39363439323134616133336363653237363437663563306138646565326633393362623165393237
65616436346338343562376334363030646563363063663934656539613363666533383365656661
35353733313337356430356262353237376137393930386331373333326262336334653032666134
32636564366435666632656361663132333438616234333733393536346635666363303561353664
33343166346261623933663461393032396434633436336462396163313733386563626539656262
39333539336239646562326166353837616139323733626632656464613762656662373566303466
35626436303733343939333038373634346330613366303761376131386565643932313037343237
37666239336434313336626365343535306662356663303964353933333561653335626330393431
62613136633738633639333530303431636235376135636231316565336539313662303232313562
36363433626331336236396565656238363737303535313964326162333565623538393261626465
61373130346564346535633430303334663330356537643161326661613231643732613534303339
61636232666433633863393134613335653863393232333336333664353737386663636633383737
36623831326162313437643038376536353138383732303838353138303832663334313631636138
39366564363130373165353830393434346632323437366636643466316633366130613866633136
63366239653631343235356361313930336563356266356636353866306265376566666562653031
37626561306236613635643439646535303739323363653934393464643736356639353033383366
64613038356337326639376566316634663137386461303234633433313366316264323136373830
61306236376635663331343237373531356439633137636231616234666565356364643566646163
30613137316438393436363935616666313838353464383364363165303330353563626537623766
64353539383266323333343339366336366632356534393663346636633934306534383239626666
64396432343366663130373063366632313633653865646331323764303734356462363637653463
62353831633235323963613063646462383763323836323631623339636635663732383561646661
32343965643638303532373366323965363430636566333462653633653361393762366135613465
38353566373565616239363266656162373034343063326366316231643233356262386433376139
62336566396431393937323461373063646539643530626334636237323365303162383534666137
30303062396464393266353338363033623638356561353730643735663263323366383233316230
32636139636535356566643737383434386139326163383236323535623466393436656230643165
64643130303063393064626435396161356664626136393863653436653833386539373033353364
66313030663332333763323166313665373663363535613263343939663631666434323433303939
31303334383135653561613032366266653863663164303731653765663062353838653263383730
63306162643666646536373139663335656633666539386230356632346664316365376232333538
39383932346561623664633465333566366363396666353539383264643937353637396462306161
36643434326566666133356336303266656232313634616234613135613437333538666335373663
34343562353561373663643536383933613337343161636638373964643661376466373937666531
38316335386331633263663330363532303464343062303738383964343838373565646137363634
34386636346433323666366635643936663630373030653637316663653265363035383639353334
36626138366461616638623466643734663364366633653662636537623565373033646361353534
34613362626665636465393465306265343435333262363066303562663233343066333463383962
31303738663130326536336230343661336431306430333763303064313465393363393063386264
65643835343338633237306462346638313462666139353861636634656533313336626537313466
62653031343264323462326232623535316130326332316639653965373363306334313534373239
37623636313630316136656639316665343833383036333465326639386534653133353964366133
61633433366664306564613162376662393863326266633965633235353331363031333963373162
34376531373030373937366566343735643638633237666562383965643335653662383333303863
64373432383232353966353534386461663030393764373763313837613238623537393862393065
61323864303935373065303932643238646564316239353964313038336362356563613239346631
31326634383463373633303030623833353931616533303630303233616633646530356337366561
66306263376437303361613563313663313062363863386432646365643531333161656464643766
63666637386238373533316130366532366537393062323962653032316136393162346430366262
38373138343261626637363266313262353432396331646430386131636233613730343965656664
38663166396236363235383966633565666235376639353264303335346662363935373431316635
37376161376566313935306130623434376462336131313638333065653735353034343630373433
66353166653033323139363336633966303633383239363963356336356435353065303735666531
33393261666632643162356366323236373636306131386638393662373131366135633838353832
35653130303862656563343937386434643632336562663431363264383932363635366562633735
64636365646162316137386461646431633135363937336236326666653466323865666132613931
35643533336435313037363436346662323764623039326464356338383136343864383662656166
62356563633339313539663661353531323365333166396233383963353132653364366433663235
35306631616265346662326363633135623132323331336366346334356536373535666236306230
33393731646561653164373836303663396334623266666566666137336537356366323062663531
38323638363763376264663633613634343537353038393632333031316635393161323733383839
31613833616233356266326135626136336464376332633837363937633535313466363063633737
31343364306631303763306637393565613831316465316531633032623932383365346232663735
64313434373832313733633463383831383630643338643934653064626265343766656237396530
30366237616330323935653832323031653437376630643239353962393537363236633166663062
39313664656134363032363832346132386266366430396130356166376539636237393862656130
62643338363635633664356233643630313263643066346561626434656639336133326665306231
35323963343835333365353931626430373564396539636439633732386432623337353332666163
34353861363165653235363938346238303361646534303138323261666335363639623066393163
64653330646437663831653134373534623736343631323063323133383564326631666263653063
37306162373639666266633262643034666134643066633638353338666662643437366365386466
35323665663863633862633361666234383465663634326634393232303761333336376637633262
38303238393564396566653031626266373963356361626537356236303264623636373062373561
37623935313738633962366661636537313064306362393234643039636634623838303737383930
38626561636361393965306338346333383264343064343137396232313463356662613530346638
37353936356664373934623866623266373030623839376630323564383362373236663630626230
31326230613530363838633765353337383762373966616161666261626462643663653333663332
66336539643537316234303465393234616539313036356163666661663531376633316331643931
32353763313865643166326632323034653039646436356261356163373961336435323866653631
61316662383566356561666435653232623233363637343438396335653530666335666163323663
65613664376433313234316333333833323731643861323533326264326331653165313830643030
61663933346365646636316262336235656130393731363138666331623062383531623030306136
36333035356630316234343836363362633632393831383233346463393634353734363066643865
63613436646463653165616335653262346535666361646439383963363162363936646165633035
66316337313736313963626661313062623638666637376135383164303633303864653138356130
66363730386130326638353438356138393131333564633664336363653438336131646164396233
37666330623833646464663762396362373931323063656631303338323730373662333436653163
63626134323563633034353361616333343634643034356362346533663532306662366539303032
33313038663466623433343565386235383835643630373161356138656664393766303364666430
30646436343338363433343438363466646361346532326230613931393335636632333430653363
35613639336465613239353539356266653139313962663137326135393033393935393861636466
34333732333633363230343664613036336137353231336261623733396434363930353834393434
30303263386362393935653636356333613166333937306333353131636533333664386363616264
31616231343663623965303366366237663437346630363532396332336338613764623661363731
34303033383566666230343235393736326137343437313337366534383331643038646364323264
65363365633164313636343331653363643766316564353732636638386361333565306139303865
31663632393531623939613533666261646530346139363631383533636465343261666630363430
39376137313062303935373964363962663732663734646538393135636537663739363030396462
63343363323462383433366433346564383138643263613637623430663733343566666133353938
38666239366162383562363863626562366531383538626465303062343036383732643361303533
34386339383531613233336538356235373731323634646438376462656135306337366434343665
61306661666461366336613134616264333535356130366337663439333033366332643834383331
62366662616338363363656662303466316436393661373939386661393864343831316632376433
62353636616632353865393333663238353834623338393266346330386164613334343834396661
35663561613864616337353134383435393334373863643931323637323964306165643233353531
37343166306134393462396437393031303766663631396466616465386538653364663961643331
31343133366664363135613763316362613862623235626531313332376233633864346538663534
32623336313639333436373035326439633635653730353137666233343065373238356262313833
36643566313630626332366631363639323039313630643234363837383431646262356264396439
61383866646137306263623534666532393862393330323630663534633061306263383065323565
33303635323363353138613361353666396464333862336162623165343932383731646439343830
34343939383933376431306563643733626234663534636634636238363535653762393364373061
63356339663566366661653433393463653837633166386438336230373666386165623362316439
33313266373932633735333837333233303035656130303330366239643665613533613330666134
30666134353532626338356565373338346461383234666264363332313933623933383130623062
37373165386630613239323632326365383663316130356132656332656633643738353062313665
33646263353433303233336334393735383661633633653033393863353865383238373632666135
65643362313539333031663263333366643432373634326638353465366438373833376365373838
35353861623539386339626564626637323062333936376539656238333764353362663465373162
34636363653135653634353163643765306463376439383866373335353035356662346433303266
62313963363237636665333766353463383765626364306131376630386465393666616139613631
64363739363032386231646537356239313866613337623466373566306461323433666466666566
65303938386161663433663538613630393734363266303931396463663265373163383439383766
31613737303665373666323432646537366235386434316361636439323034303735623865626566
66303865633733663132663862646135656161663463323830633337353830326466336263393832
62393739356332623562653037663739313963623832356563356363633264353834353037666266
61336233666565356235636332613439363138333632383163366566646438326437376234663234
62663461393434326338623561653761306665336130666431393334383034616535383666653034
33346538316138396164346238383330376635353337646232623862393262636466336530353334
33393961396430363134306337386630363737643962353739346231313734306339376430393332
34373431326631623034613761353832343431376334323130633764396532653465663835376539
62343435623863396564366564333739343733333438343538396433383164633835613730383466
37646239626566656364663432303433616366316462396664366666623662373162666234373138
38383864346439653862373862376165613037643833396664346633623534376635356333386334
35333930306437663462643065623861643365306336306132313663336637313036666637626339
33353733646135373038626230366464396463306538326461313339626130616361373261643535
37363134653438343734653030363537316364666535653833643563346230636438646665363536
62386266353133356337653630383435616230383963343464656661663637373538616162313430
38613562343634386637313632633135323537356338353836633762336337616136613639383662
32393533346538396137653139373632643935396563663262353866373731316334383238323932
31643833376533353262373030666236626361376364613332623464643432313364303033373634
65613638356361373161383530636338346465613031363464613731303566383862643864326462
64303632383866383966646563643334623337353661393833356536616161353134623530373333
32313965313265643862633530333133333238643562356465336466363761633965373636656161
66336531313137303865323763366238326530353233323432623037386637646230643437636530
65333832323162623531643339346665396566646232383730383930623665323338383363643534
32653235343066353439616337373764613735353231366636623730336235343434306138376663
38356333636233313262333131613537316632356236383833353362393062366461616236663633
36376463343837373464366635333038373866303530626263393632363264346233306266343164
35313332343165616630393334353462393638636366343633353263643935653033386639636334
33633034336533646366333766306634323830383337333765616232623466613635396430633131
34633366323136663837643435363765346437323430326532613063633939306463616531663164
31323862613436613632326530343835353165313334636562346263343335393631636563323330
33623132363630626431363230623263353032366534316665623731626438613063666331613266
64666536366263663235366631353633326562626663366561326430643238383832313461636332
37636537363933366262626264393638343835663962363161333139633764653133366565336439
35626462653936626138326637646464646561666333626263356465326663343366343833653234
30663234653262303363613865323862303938666435323965616631616334393134353733333438
30336631643738313035373766663638343931636338376366383632613961666439623834323865
66646363363831303265616639393739323166333761333232613336383465356361306564613864
37366237353436326166376235383535336366623062333465633636396665646531393465363133
31376663633238633733633861663666633466633430373732306463666261333930343162346563
61363030656465643836633261646663373236336561356564326465313531353263396335363362
37303331376564386266303336623962333963663531326165623161353930626132663038366164
62396266303939333335643165393539386236326235353961633438316238633330376432333465
64663030303135313962353633366535333139396234633066643637626163353464613261316563
66653465613863393963383639646262383364633966653862636238393932653962373336623932
36393963303961323431656139373961303966626165636231663637353033303262653432363930
31633235336164376232376535653064333733303063366535663939356664626639363037653061
33663435303231353432303464643330366562366162346462643861356562623763373737326330
63363038346365366132643662363262646266373530383238306232663236323862326135653565
36383361623238313363333033366562396461616135643639616135343662386531383539663436
62633139333937316563366565353066393866613065353035346665333265383530666566363035
34396533643030653561626164646233613931353434636236353837316463663066313532393865
66303938623730666236333138393362356265363430623232383137313934633935623939336232
31346338363632333538613464613936326333323537333635633562666661343330633839623763
63343663633562366464343765643864613366323630323533653330326132656465373139336431
33393335633530363666353031626566393861363166323839373766303639383262626664313137
32666632643864653133333862333035386261356436666535633939636666613637393330643664
66386362316135636437303936616435343866663331343533643139333034323261666164333334
64323865333232383033306566303732306536653534656530353237653434336362616337346530
33383766383135653265623034613134306336323939386433363039643462363834636537613562
39376663623865643435326431323836366437623536656437656562363931343232636633376137
39353363396638323733653236313563383232386366643237333131353634383736363662313264
64353431623763313433623138303033643338353134346234343430633431353634363961386465
66373861306362653533316332666461336662636330393162326633663838383738383939343834
39336231653230663334353765336333333234383464326432363235346639376637303932396131
38363639353465313336633238303734333332376162303831653734653830386338356164383762
37343534396234623862613365613239376463326365386238336638303337313263623835643731
33323832306232656337633038306538623730656263623861663965363533643066356562636661
35343166326235633861366362346262626137373864386164303365336266323865303163643730
36303538323066643164666638383461653738653530356235376165663939653061393435623732
31333132396566346432633265343261313666323363653761643534653661636166303330646163
36343361623631353132323232613237653633643332396533313965653463663030316331326233
36323237613831303266353736653564636437313862653836643135613331623532356133666637
35656333643661623438353830343337613632373466616530373261613135393261656661316639
64343866616337393538326139373037653536393538343432643233363635383363616436646331
35363730643562356532353336646635656566376339353639646133353132623037353932353137
35363239633637326637363662323164353737626330306262633339656464363230353439313632
31343736323336636662666638666530346537316364373363333538393963326235313564643133
38346138653332663836383835366633346263333330666563313763366532613631396330333232
63333364333234663731323734323062663839646433333438343465303933326366353938316135
30643935393539346239383034353333353563333135333561356434643965303136656135643263
33626536626430316533643230326162313535323038663566383836333933633965373466343339
31356637316132613431376661663839343635646636353238313162343265616530623538666662
31336534626633643964666238383730323537333462656632633233326631643235333630313261
39383735636366346266303836616437626236396634656661663866643730613133643639663665
61363965383963313564393937656164386539373062323665653333313033353165653535663137
30326562626434396261383830616333383335363436656536376330383662656663376538396638
64346434636162356262666362626135636436653539623561323239656137383339616338373561
63386438616636333663666565376566386264376234623935343065386235336564633336653730
34366332366166313736353561613963633065653362376465313634316239303565613635313966
63396264623932353531316239613839396138353434396162363638353361633638663766653365
61303462633762376133303337633235616462616530626666666662383032656532323139656237
61393765396139666634366635326566646431303863356130366232663432363139393465376463
31363464393166653633353439663466393335626331383630613564633365393037626437663232
32313261313736386638333032633665636339353939656434656365656466393734363035356532
33313262636561353035353534303037303331323262656435376431613662313232623035356235
38653436646161376636306338376538633064353830396137616239333638663536373935333762
31653738323539323639303130643935303663363365613731383166306532626334343132663033
61363861386631396463393539633639353738313365336630376265633765323632373364643739
30346531653636363030323136633464373438336563363962383339656535306234306133623362
63323931656534303837343436613865393730363632343364336137633564336531336665393161
36623366653062396666643838356432353835363165386432653063343533386361353861656135
66313733386238623337303261356433346632336263396463326232306234643431663232303633
65653264623134346237346630386138333864646234333164353032383139663564663237666361
62366233633536373661383731376333353363366531653033613866366665303066376663643831
65343634313431626136353937613535346536643363386536353064376133643036303961383465
33366136303866626165666465313836333031396439363734323365363134353531346262376464
66616464333863663134383865383165376630373366303036356661326336343730633130643333
37383765313533366161653837623731343736323662396666356537626661396532633939353730
66636465613537663966626338626234343439656536616335653063653933303636623032383135
32316334633631663637643961363264303139373663386239313233646632633139666330383965
38626564336566633965346562663733303338333662663735313365393130306264313633636466
39656535656139646632303132316532396632386532643034393034343761653237626138646334
32623034346630383336626662366364343736373663643661313039663937396263653661366232
64613863343962363235616537343265366531343761666337616435353330643662313039636339
39393830363033363465396138646366353236336638643061346362633665326261653133316532
66333831303962336263393064336332363662333232303536326337303261303637323963333931
39666433343532623837376530386431646561326134633930613534323139663034346162363836
36396361613666366232646334626365366230653332656364616436363631643438383966306364
62363732623363353239333830633161626465313734323633346161633937366137336239373633
36323562383339666364643232323532376135613631326639626135353231396464643761393762
63383139666531336133393161656465323831383835393665353862633437616666616464363834
34646239306664333735313861346236396235653238343238316161633966396630393238376136
34313164366664343734666535373964636539336164316135633262346439353433363065363264
66633166383332613233306438343633656235636236623730613764623639363362353263623637
33346533316561376537346132633836376339356430623731626334376335396464396130366332
35363664653765326166353930656663616666346339386138336631376235613531333138653062
37643336396137303336346665313062626436653039363838623061363961616531636464633531
63306138316362303339333434653563626136376331393132376539356239393834656633616531
65326531306633626464353765323464373831363133643431363061316563633034353038306135
65666130333930646332313331666139303231316461623039626462333061343965393830353230
38613634613534633362353866303366376230373763376366666339313431393766323065353463
32646261663038636333336562623239666465653666366336666133626666623236326333643734
34356636343265366165363034376436623837363336306132373131643634353134646462383738
35393239303637663766373535383931383632373963666532626632323433333538643430383134
38303964656139626465353736393236626438376565363032363065666164636662393537386364
66303164343531343237356439323966643465396136323362313266363362303766613831336565
35623335393239643031386138643464623466643536393262643965353336303433656436306333
30363134343830396133666263363935383033396237623237313264336436393061336662393435
63356463626431616461663533666333646434363735353661363364343030346639326432303335
64663865366430323534366165336132613636373330636331383032353961323939613265346566
64353266666531316562313233646337663434363039633966633830626665333134323932363030
65393336306136303264326363633037613935383261396532663762396361666534636332343235
61646535643365376362666233623066323238633039333737663162386638333739353239363632
31396230303636386433353166396534303164313238333666326566376233393533666134303438
33333164313763663932343339343534356131383963643862623862663063383366343639383161
32376235363161633431306162333962646235653064353835616134306431336134343837383035
66306439633462323064313931386235616338346431386434626433356263316337376234356330
66623364356135623262376138643861656364353438646235363164356438623537323232306533
39636134383631363137333635633635626234366666656433383933623863376534343565663061
65303062643038653763646461333461623864376237333231336238333639366439643861383837
35666235356461373861393764613239363563336137653233313835626465333635663735653564
63303264343132376530346364343465653238633936383735613237623835333935366139663638
30396237663635353065653162313839633433663665346566376439663565313338373961643630
30363133343839656335313632636635613534646339356235346661313863373665623564333638
37313237316364366532356236346638353234383733313039316234333461666666306164363632
66653765306366623331376332326134333137653863626164623238326135396266353534616464
62393438353538303438653636363634343161303665366635626135613433333466303166313566
66333738356135383664313435386338363139353835306465386334333430383164353832636633
65326333643966376263326636313430646164353737663863333162353266383433643430366638
62336139313436366138303230383934323361373339663133306439393839356165616163326231
61623038653264653135613266373139636366653936376561313664623432363163323035646238
38366335376666633831646338323662633366313866333366333239656665313338376230386564
36643430333665383535313836336364333161613364363761633564633134366331343734623764
39366266316330653830313335336335366537623963396262373334303663626532656535353538
65366664306132376462636634623135373865373237313762666637316332613930336430623233
66663335353037623730616632396135316365316639316234316530626431376233363162633663
39346138343732666435623832613737366530623031626164643163643937376465633636373038
31663732383139376338356238386435373063343831653265623633633139323464636131323632
36396237643465646132393237343366323233636134633564313966633734333435386266653566
37643137333239643939613030346630386135326237383563666533383562393637373336656362
30616135313536623234643431316231386362373434313334646435356132313866613762356263
34346330643430333332393664346339393762656437396539303137633163333836386131356637
30623637636365646532366530323632333430326334323134396464303730656337363565386130
30666532666166616637383735366538393331633933323763346362346664306630633935313336
66363037663865356432393365626132633766613262616334313131386238643431313762366237
32303436346463393462646332613432616134663530346433633866373833633439646634663061
36383737663065643533663532353131336336613965666530636432303735373632643637336333
62623361383263363866333637663365306231353035643264333833383233326662343137316462
66373539306664393034303937353333333662393562663935356134363030613131376265396166
33363162383533313766366238313333343266663865306531323835323232383438663131646133
34613634396437663132356232326431303165303236623465326664333164373330373733363238
61376432303130623964393232303731343463343664326238326666376238343139616331303936
35393463396166353235656565636363333238363661393734333964323632336565363562396138
35383864376334313735336364343865313732383162303233366332343964393634643064343636
38663632306239353039313663326634653932626533376233346662326664613536383365383233
35326661656165666536373561616464383935396361663437316636616363333363656438313562
32653433623061363232396432396165653432336637393839393364633862343734323062623735
31306631356562653364316233663831383762363362623736666435353636323965366532643631
65613836663061643638313461346462636638653230666262306334386264313430653333336437
3137
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1
# use only once per device (for the first device entry)
headline: eno1 - The primary network interface
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.62.10
netmask: 24
gateway: 192.168.62.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
nameservers:
- 192.168.62.1
search: opp.netz
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.62.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- opp.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 172.16.62.254
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.62.10
samba_server_cidr_prefix: 24
samba_workgroup: OPP
samba_netbios_name: ZAPATA
samba_server_min_protocol: !!str NT1
samba_allow_insecure_wide_links: !!str yes
samba_groups:
- name: buero
group_id: 1100
- name: beratung
group_id: 1110
- name: verwaltung
group_id: 1120
samba_user:
- name: alba
groups:
- buero
- beratung
password: '4l#3a=behandlg'
- name: almut
groups:
- buero
- beratung
- verwaltung
password: 'Tax!ko11ekt!v'
- name: anika
groups:
- buero
- beratung
password: '4n1k4*adb_23'
- name: anne
groups:
- buero
- beratung
password: 'antilottka110'
- name: birgit
groups:
- buero
- beratung
password: '6/shd9c2.cHE'
# passwort unbekannt
- name: chris
groups:
- buero
- verwaltung
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: cristina
groups:
- buero
- beratung
password: '20_cristina_18!'
- name: dori
groups:
- buero
- beratung
password: 'K4lt3r_hUnD'
- name: drucker
groups:
- buero
password: '20-printer-18'
- name: hannes
groups:
- buero
- beratung
password: 'U24Pdm-2'
- name: joschka
groups:
- buero
- beratung
password: '20_joschka_15'
- name: judith
groups:
- buero
- beratung
- verwaltung
password: '20judith14'
- name: julian
groups:
- buero
- beratung
password: 'Jul14n_2018'
- name: juliana
groups:
- buero
- beratung
password: '24-Jul!ana#OPP'
- name: lavinia
groups:
- buero
- beratung
password: '20!lavinia*20'
- name: luise
groups:
- buero
- beratung
password: '24_s.l.h._adb'
- name: magdalena
groups:
- buero
- beratung
password: 'magdalena_23'
- name: marcus
groups:
- buero
- beratung
- verwaltung
password: ''
- name: maria
groups:
- buero
- beratung
password: 'm4ri4+adb22'
- name: martin
groups:
- buero
- beratung
password: '20_martin_18'
- name: opp
groups:
- buero
- beratung
- verwaltung
password: 'DaWirdIhnenGeholfen!'
- name: opp7
groups:
- buero
- beratung
- verwaltung
password: '20_opp6_19!'
- name: paul
groups:
- buero
- beratung
password: '#polsfuss*adb24'
- name: praktikum
groups:
- buero
password: 'praktikant*in_00p'
- name: robin
groups:
- buero
- beratung
password: 'Schattenber!cht#53'
- name: samantha
groups:
- buero
- beratung
password: 'art_12*lvbbg+adb'
- name: simon
groups:
- buero
- beratung
- verwaltung
password: '20_simon_18!'
- name: ute
groups:
- buero
- beratung
password: '23_ut3*obs'
base_home: /home
# remove_samba_users:
# - name: name1
# - name: name2
#
# remove_samba_users: []
remove_samba_users:
- name: unknown
samba_shares:
- name: buero
comment: Büro auf Fileserver
path: /data/samba/OPP/buero
group_valid_users: buero
group_write_list: buero
file_create_mask: !!str 660
dir_create_mask: !!str 2770
wide_links: !!str yes
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: beratung
comment: Beratung auf Fileserver
path: /data/samba/OPP/beratung
group_valid_users: beratung
group_write_list: beratung
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: verwaltung
comment: Verwaltung auf Fileserver
path: /data/samba/OPP/verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 0660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: backup
comment: Sicherungen User
path: /data/backup
browseable: !!str yes
read_only: !!str yes
writeable: !!str no
guest_ok: !!str no
file_create_mask: !!str 0664
dir_create_mask: !!str 0755
vfs_object_recycle: false
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

3308
hosts
View File

File diff suppressed because it is too large Load Diff

8
main.yml
View File

@ -1908,11 +1908,11 @@ tor_hidden_service_port:
# vars used by modify-munin-ip.yml
# ---
munin_remote_ipv4: 135.181.136.84
munin_remote_ipv6: 2a01:4f9:3a:1051::84
munin_remote_ipv4: 37.27.121.227
munin_remote_ipv6: 2a01:4f9:3070:2bda::22
munin_remote_ipv4_old: 95.217.64.122
munin_remote_ipv6_old: 2a01:4f9:4a:2b57::122
munin_remote_ipv4_old: 135.181.136.84
munin_remote_ipv6_old: 2a01:4f9:3a:1051::84
# ---

147
mm-irights-migration.oopen.de.yml Normal file
View File

@ -0,0 +1,147 @@
---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 185.12.64.1
- 2a01:4ff:ff00::add:2
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

58
playbook.yml Normal file
View File

@ -0,0 +1,58 @@
---
# Intended to be run once for every new server to secure the ssh connection allowing the team access
# with their public keys. This script will lock itself out from every server it is run on.
# Further playbooks are intended to be run by logging in as one of the created users.
# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
# the time of this writing.
# The used login data depends on the used server provider. In most cases the ansible_user will be
# root, but we can't safely assume anything.
# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
# For real providers it could look like:
# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
# If you don't have a ssh-key on the server and the server expects password authentication use:
# ansible-playbook first_run.yml -i hosts -u root --ask-pass
#- hosts: all
# strategy: free
#
## vars_prompt:
##
## - name: ansible_become_password
## prompt: "Give your local Password here:"
#
# roles:
# - common
- hosts: ansible_dependencies
strategy: free
gather_facts: false
roles:
- ansible_dependencies-ubuntu-noble
- ansible_user_debian
- hosts: initial_setup
strategy: free
# vars_prompt:
#
# - name: ansible_become_password
# prompt: "Give your local Password here:"
roles:
- ubuntu-server
#- hosts: debian-server
# strategy: free
#
## vars_prompt:
##
## - name: ansible_become_password
## prompt: "Give your local Password here:"
#
# roles:
# - common

47
roles/ansible_dependencies-ubuntu-noble/tasks/main.yml Normal file
View File

@ -0,0 +1,47 @@
---
- name: re-synchronize the package index files from their sources
raw: apt-get update
- name: Ensure aptitude is present
raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
- name: Ensure python3 is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
- name: Ensure python-is-python3 is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python3 && (apt -y update && apt install -y python-is-python3)
- name: Ensure python-apt-common is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python && (apt -y update && apt install -y python-apt-common)
- name: Ensure python-apt is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
- name: dpkg --configure -a
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- ansible-dependencies
- name: apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- ansible-dependencies
- name: apt install ansible dependencies
apt:
name: "{{ apt_ansible_dependencies }}"
state: "{{ apt_install_state }}"
tags:
- ansible-dependencies

7
roles/common/files/backup.oopen.de/root/.ssh/borg-client_key Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCekq2tQ/CVNgOvBuK0p8uw9LpGCsvPTVTF23ca7XWcKwAAAJB+N5OOfjeT
jgAAAAtzc2gtZWQyNTUxOQAAACCekq2tQ/CVNgOvBuK0p8uw9LpGCsvPTVTF23ca7XWcKw
AAAEDzRrhvwSGOGAPpt5iTDVDO6RA8Y4id7ssuM2UHyx/Qw56Sra1D8JU2A68G4rSny7D0
ukYKy89NVMXbdxrtdZwrAAAACHJvb3RAbzI2AQIDBAU=
-----END OPENSSH PRIVATE KEY-----

1
roles/common/files/backup.oopen.de/root/.ssh/borg-client_key.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6Sra1D8JU2A68G4rSny7D0ukYKy89NVMXbdxrtdZwr root@borg-client-key-oopen

7
roles/common/files/backup.oopen.de/root/.ssh/id_ed25519 Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCHBD3fjAySs1qlkrbd16SVNTqSdLsZoqWnCBpJupNzEgAAAJDPLbb2zy22
9gAAAAtzc2gtZWQyNTUxOQAAACCHBD3fjAySs1qlkrbd16SVNTqSdLsZoqWnCBpJupNzEg
AAAEBJe9jEXHRRNKsWRZnEC6gkT+68rSus6TQsWoCIo1f+S4cEPd+MDJKzWqWStt3XpJU1
OpJ0uxmipacIGkm6k3MSAAAACmNocmlzQGx1bmEBAgM=
-----END OPENSSH PRIVATE KEY-----

7
roles/common/files/backup.oopen.de/root/.ssh/id_ed25519-backup Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCndAMEx2wwSuA4LPiGVprZwwY6FSKIDlL5CyGL7H39cgAAAJCPEfpPjxH6
TwAAAAtzc2gtZWQyNTUxOQAAACCndAMEx2wwSuA4LPiGVprZwwY6FSKIDlL5CyGL7H39cg
AAAEAU6QJe7XCLoBUkLQQfUIO6lqRS8eG0Aya2mMuIfU9Vo6d0AwTHbDBK4Dgs+IZWmtnD
BjoVIogOUvkLIYvsff1yAAAAC3Jvb3RAYmFja3VwAQI=
-----END OPENSSH PRIVATE KEY-----

Some files were not shown because too many files have changed in this diff Show More