update..

ansible.cfg

@@ -10,7 +10,16 @@
 
 
 [defaults]
-ansible_managed = *** [ Ansible managed file: DO NOT EDIT DIRECTLY ] ***
+# [DEPRECATION WARNING] 'ansible_managed' used in ansible.cfg
+#
+# The `ansible_managed` variable can be set just like any other variable, or a different 
+# variable can be used.
+#
+# Alternatives: Set the `ansible_managed` variable, or use any custom variable in templates.
+#
+# This feature will be removed from ansible-core version 2.23.
+#
+#ansible_managed = *** [ Ansible managed file: DO NOT EDIT DIRECTLY ] ***
 
 # Use of 'ansible_managed' 
 # 

group_vars/all/main.yml

@@ -1,5 +1,11 @@
 ---
 
+
+ansible_managed: >
+  *** ANSIBLE MANAGED FILE - DO NOT EDIT ***
+  This file was generated by {{ ansible_user_id }} on {{ ansible_date_time.iso8601 }}
+
+
 # ---
 # vars used by roles/ansible_dependencies
 # ---

host_vars/file-ah-neu.kanzlei-kiel.netz.yml

@@ -238,6 +238,41 @@ default_user:
 # vars used by roles/common/tasks/cron.yml
 # ---
 
+cron_user_entries:
+
+  - name: "Check if postfix mailservice is running. Restart service if needed."
+    minute: "*/5"
+    hour: "*"
+    job: /root/bin/monitoring/check_postfix.sh
+
+  - name: "Check Postfix E-Mail LOG file for 'fatal' errors."
+    minute: "*/30"
+    hour: "*"
+    job: /root/bin/postfix/check-postfix-fatal-errors.sh
+
+  - name: "Clean up Samba Trash Dirs"
+    minute: "02"
+    hour: "23"
+    job: /root/bin/samba/clean_samba_trash.sh
+
+  - name: "Set (group and access) Permissons for Samba shares"
+    minute: "14"
+    hour: "23"
+    job: /root/bin/samba/set_permissions_samba_shares.sh
+
+  - name: "Check if ntpsec is running. Restart service if needed."
+    minute: "*/6"
+    hour: "*"
+    job: /root/bin/monitoring/check_ntpsec_service.sh
+
+
+cron_user_special_time_entries:
+
+  - name: "Restart DNS Cache service 'systemd-resolved'"
+    special_time: reboot
+    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
+    insertafter: PATH
+
 #cron_user_special_time_entries:
 #
 #  - name: "Restart DNS Cache service 'systemd-resolved'"
@@ -347,6 +382,7 @@ samba_user:
     groups:
       - verwaltung
       - intern
+      - hoffmann-elberling
     password: 'buero2011'
 
   - name: axel

host_vars/file-ah.kanzlei-kiel.netz.yml

@@ -347,6 +347,8 @@ samba_user:
     groups:
       - verwaltung
       - intern
+      - hoffmann-elberling
+      - gubitz-partner
     password: 'buero2011'
 
   - name: axel

host_vars/file-blkr.blkr.netz.yml

@@ -364,6 +364,12 @@ samba_user:
     groups:
       - buero
     password: 'X_2yYs2AIo.E'
+
+  - name: clara
+    groups:
+      - buero
+    password: '52uT-/vP.ZpX'
+
 #  - name: lap-02
 #    groups:
 #      - buero

host_vars/file-dissens.dissens.netz.yml

@@ -423,6 +423,7 @@ samba_user:
   - name: lino.koehler
     groups:
       - projekte
+      - team
     password: '20.l1no-ko3hl3r_25/'
 
   - name: maite.gabriel

host_vars/zapata.opp.netz.yml

@@ -161,6 +161,20 @@ cron_user_special_time_entries:
 # vars used by roles/common/tasks/users.yml
 # ---
 
+extra_user:
+
+  - name: caracola
+    user_id: 1075
+    group_id: 1075
+    group: carola
+    # hS-a-6UC5.spCgNS
+    password: $y$j9T$TKCuCPZsnS.g3M8sPPFvo0$lxoGMooCH.Jyo5tXYEVAXNAlDV73Cj2haNFnrhjmAo6
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnap6I+g8xQvSZReP3CjwQ+O7okDhgCkrHaUCveOH8I marcus@caracola'
+
 
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml

roles/common/tasks/apt.yml

@@ -27,13 +27,11 @@
     - apt-webserver-pkgs
 
 
-- name: (apt.yml) dpkg --configure
+- name: (apt.yml) Configure any half-installed packages 'dpkg --configure -a'
-  command: >
+  ansible.builtin.command: dpkg --configure -a
-    dpkg --configure -a
-  args:
-    warn: false
-  changed_when: _dpkg_configure.stdout_lines | length
   register: _dpkg_configure
+  changed_when: (_dpkg_configure.stdout | default('')) | length > 0
+  failed_when: _dpkg_configure.rc != 0
   when: apt_dpkg_configure|bool
   tags:
     - apt-dpkg-configure
@@ -330,12 +328,24 @@
     - apt-compiler-pkgs
     - apt-webserver-pkgs
 
-- name: (apt.yml) clean
+#- name: (apt.yml) clean
-  command: apt-get -y clean
+#  command: apt-get -y clean
-  args:
+#  args:
-    warn: false
+#    warn: false
-  changed_when: false
+#  changed_when: false
-  when: apt_clean|bool
+#  when: apt_clean|bool
+#  tags:
+#    - apt-clean
+#    - apt-initial-install
+#    - apt-microcode
+#    - apt-compiler-pkgs
+#    - apt-mysql-server-pkgs
+#    - apt-webserver-pkgs
+
+- name: (apt.yml) autoclean cache
+  ansible.builtin.apt:
+    autoclean: yes
+  when: apt_clean | bool
   tags:
     - apt-clean
     - apt-initial-install

roles/common/tasks/caching-nameserver.yml

@@ -15,14 +15,11 @@
   tags:
     - apt-caching-nameserver
 
-
+- name: (caching-nameserver.yml) Configure any half-installed packages 'dpkg --configure -a'
-- name: (caching-nameserver.yml) dpkg --configure
+  ansible.builtin.command: dpkg --configure -a
-  command: >
-    dpkg --configure -a
-  args:
-    warn: false
-  changed_when: _dpkg_configure.stdout_lines | length
   register: _dpkg_configure
+  changed_when: (_dpkg_configure.stdout | default('')) | length > 0
+  failed_when: _dpkg_configure.rc != 0
   when:
     - ansible_distribution == "Debian"
     - apt_update|bool

roles/common/tasks/redis-server.yml

@@ -15,17 +15,14 @@
   tags:
     - redis-server
 
-
+- name: (redis-server.yml) Configure any half-installed packages 'dpkg --configure -a'
-- name: (redis-server.yml) dpkg --configure
+  ansible.builtin.command: dpkg --configure -a
-  command: >
-    dpkg --configure -a
-  args:
-    warn: false
-  changed_when: _dpkg_configure.stdout_lines | length
   register: _dpkg_configure
+  changed_when: (_dpkg_configure.stdout | default('')) | length > 0
+  failed_when: _dpkg_configure.rc != 0
   when:
     - ansible_facts['distribution'] == "Debian"
-    - apt_update|bool
+    - apt_dpkg_configure|bool
   tags:
     - redis-server
 

roles/common/tasks/samba-config-server.yml

@@ -92,14 +92,13 @@
 # ---
 
 - name: (samba-config-server.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists
-  stat:
+  ansible.builtin.stat:
     path: /root/bin/samba/clean_samba_trash.sh
   register: clean_samba_trash_exists
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
+
-    - samba-cron
 
 - name: (samba-config-server.yml) Adjust configuration for script 'clean_samba_trash.sh'
   template: 
@@ -114,36 +113,33 @@
 
 
 - name: (samba-config-server.yml) Check if cleaning up trash dirs is configured
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /root/bin/samba/conf/clean_samba_trash.conf
-    regexp: "^trash_dirs=*"
+    regexp: '^trash_dirs=*'
     state: absent
-  check_mode: yes
+  check_mode: true
   changed_when: false
   register: clean_samba_trash_dirs
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
-    - samba-cron
 
 
 - name: (samba-config-server.yml) Creates a cron job for cleaning up samba trash dirs
-  cron:
+  ansible.builtin.cron:
-    name: '{{ samba_cronjob_trash_dirs.name }}'
+    name: "{{ samba_cronjob_trash_dirs.name }}"
-    minute: '{{ samba_cronjob_trash_dirs.minute }}'
+    minute: "{{ samba_cronjob_trash_dirs.minute }}"
     hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}"
-    day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}"
+    day: "{{ samba_cronjob_trash_dirs.day | default('*') }}"
-    month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}"
+    month: "{{ samba_cronjob_trash_dirs.month | default('*') }}"
-    weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}"
+    weekday: "{{ samba_cronjob_trash_dirs.weekday | default('*') }}"
     user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
     job: "{{ samba_cronjob_trash_dirs.job }}"
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-    - clean_samba_trash_exists.stat.exists|bool and clean_samba_trash_dirs.found 
+    - clean_samba_trash_exists.stat.exists | bool
-  tags:
+    - (clean_samba_trash_dirs.found | int) > 0
-    - samba-server
+  tags: [samba-server, samba-cron]
-    - samba-cron
 
 
 # ---
@@ -151,41 +147,37 @@
 # ---
 
 - name: (samba-config-server.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
-  stat:
+  ansible.builtin.stat:
     path: /root/bin/samba/set_permissions_samba_shares.sh
   register: set_permissions_on_samba_shares_exists
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
+
-    - samba-cron
 
 - name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
-  template: 
+  ansible.builtin.template:
     dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
     src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-    - set_permissions_on_samba_shares_exists.stat.exists|bool
+    - set_permissions_on_samba_shares_exists.stat.exists | bool
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
-    - samba-cron
 
 
-- name: (samba-config-server.yml) Creates a cron job for cleaning up samba trash dirs
+- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs
-  cron:
+  ansible.builtin.cron:
-    name: '{{ samba_cronjob_permissions.name }}'
+    name: "{{ samba_cronjob_permissions.name }}"
-    minute: '{{ samba_cronjob_permissions.minute }}'
+    minute: "{{ samba_cronjob_permissions.minute }}"
     hour: "{{ samba_cronjob_permissions.hour | default('*') }}"
     day: "{{ samba_cronjob_permissions.day | default('*') }}"
-    month: "{{ samba_cronjob_permissions.month| default('*') }}"
+    month: "{{ samba_cronjob_permissions.month | default('*') }}"
-    weekday: "{{ samba_cronjob_permissions.weekday| default('*') }}"
+    weekday: "{{ samba_cronjob_permissions.weekday | default('*') }}"
     user: "{{ samba_cronjob_permissions.user | default('root') }}"
     job: "{{ samba_cronjob_permissions.job }}"
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-    - clean_samba_trash_dirs.found
+    - (clean_samba_trash_dirs.found | int) > 0     # << int -> bool
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
+
-    - samba-cron
 

roles/common/tasks/users-systemfiles.yml

@@ -17,6 +17,7 @@
   local_action: stat path={{ inventory_dir }}/files/homedirs/root
   register: local_template_dir_root
 
+
 # --
 # Copy .bashrc
 # ---
@@ -40,22 +41,40 @@
   tags:
     - bash
 
-- name: (users-systemfiles.yml) copy .bashrc if it exists
+# 1. Prüfen, ob für jeden User ein lokales _bashrc existiert
-  copy: 
+- name: (users-systemfiles.yml) stat user _bashrc
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
+  ansible.builtin.stat:
-    dest: "~{{ item.item.name }}/.bashrc"
+    path: "{{ inventory_dir }}/files/homedirs/{{ item.name }}/_bashrc"
-    owner: "{{ item.item.name }}"
+  delegate_to: localhost
-    group: "{{ item.item.name }}"
+  become: false
-    mode: 0644
+  loop: "{{ default_user }}"
-  loop: "{{ local_template_dir_default_user.results }}"
+  register: bashrc_stats
   loop_control:
-    label: '{{ item.item.name }}'
+    label: '{{ item.name }}'
+
+# 2. Falls vorhanden, Datei kopieren
+- name: (users-systemfiles.yml) copy .bashrc if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/homedirs/{{ user.name }}/_bashrc"
+    dest: "~{{ user.name }}/.bashrc"
+    owner: "{{ user.name }}"
+    group: "{{ user.name }}"
+    mode: '0644'
+  loop: "{{ default_user | zip(bashrc_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists
+    - stat_result.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
   tags:
     - bash
 
+# --
+# -- root user
+# --
+
 - name: (users-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
   stat:
     path: /root/.bashrc.ORIG
@@ -69,19 +88,28 @@
   tags:
     - bash
 
-- name: (users-systemfiles.yml) copy .bashrc for user root
+# 1) Prüfen ob die _bashrc für root auf dem Control-Node existiert
-  copy: 
+- name: stat root _bashrc on control node
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
+  ansible.builtin.stat:
-    dest: "/root/.bashrc"
+    path: "{{ inventory_dir }}/files/homedirs/root/_bashrc"
+  delegate_to: localhost
+  become: false
+  register: bashrc_root_stat
+
+# 2) Wenn vorhanden, kopieren wir sie nach /root/.bashrc auf dem Zielhost
+- name: copy root .bashrc if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/homedirs/root/_bashrc"
+    dest: /root/.bashrc
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
-  when: 
+  become: true
-    - local_template_dir_root.stat.exists
+  when: bashrc_root_stat.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
   tags:
     - bash
 
+
 # --
 # Copy .profile (Debian System)
 # ---
@@ -108,23 +136,41 @@
     - item.stat.exists == False
   tags:
     - profile
-    
+
-- name: (users-systemfiles.yml) copy .profile if it exists
+
-  copy: 
+# 1. Prüfen, ob für jeden User ein lokales _profile existiert
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
+- name: (users-systemfiles.yml) stat user _profile
-    dest: "~{{ item.item.name }}/.profile"
+  ansible.builtin.stat:
-    owner: "{{ item.item.name }}"
+    path: "{{ inventory_dir }}/files/homedirs/{{ item.name }}/_profile"
-    group: "{{ item.item.name }}"
+  delegate_to: localhost
-    mode: 0644
+  become: false
-  loop: "{{  local_template_dir_default_user.results }}"
+  loop: "{{ default_user }}"
+  register: profile_stats
   loop_control:
-    label: '{{ item.item.name }}'
+    label: '{{ item.name }}'
+
+# 2. Falls vorhanden, Datei kopieren
+- name: (users-systemfiles.yml) copy .profile if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/homedirs/{{ user.name }}/_profile"
+    dest: "~{{ user.name }}/.profile"
+    owner: "{{ user.name }}"
+    group: "{{ user.name }}"
+    mode: '0644'
+  loop: "{{ default_user | zip(profile_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
   when:
-    - ansible_facts['distribution'] == "Debian"
+    - stat_result.stat.exists
-    - item.stat.exists
+  vars:
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
   tags:
-    - profile
+    - bash
+
+# --
+# -- root user
+# --
 
 - name: (users-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
   stat:
@@ -143,19 +189,27 @@
   tags:
     - profile
 
-- name: (users-systemfiles.yml) copy .profile for user root
+
-  copy: 
+# 1) Prüfen ob die _profile für root auf dem Control-Node existiert
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
+- name: stat root _profile on control node
-    dest: "/root/.profile"
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/homedirs/root/_profile"
+  delegate_to: localhost
+  become: false
+  register: profile_root_stat
+
+# 2) Wenn vorhanden, kopieren wir sie nach /root/.profile auf dem Zielhost
+- name: copy root .profile if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/homedirs/root/_profile"
+    dest: /root/.profile
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
-  when: 
+  become: true
-    - ansible_facts['distribution'] == "Debian"
+  when: profile_root_stat.stat.exists
-    - local_template_dir_root.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
   tags:
-    - profile
+    - bash
 
 # --
 # Copy .bash_profile (CentOS/Fedora?/RedHat? System)
@@ -184,23 +238,43 @@
   tags:
     - profile
     
-- name: (users-systemfiles.yml) copy .bash_profile if it exists
+
-  copy: 
+# 1. Prüfen, ob für jeden User ein lokales _bash_profile existiert
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile') }}"
+- name: (users-systemfiles.yml) stat user _bash_profile
-    dest: "~{{ item.item.name }}/.bash_profile"
+  ansible.builtin.stat:
-    owner: "{{ item.item.name }}"
+    path: "{{ inventory_dir }}/files/homedirs/{{ item.name }}/_bash_profile"
-    group: "{{ item.item.name }}"
+  delegate_to: localhost
-    mode: 0644
+  become: false
-  loop: "{{  local_template_dir_default_user.results }}"
+  loop: "{{ default_user }}"
+  register: bash_profile_stats
   loop_control:
-    label: '{{ item.item.name }}'
+    label: '{{ item.name }}'
   when:
     - ansible_facts['distribution'] == "CentOS"
-    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile')
-  tags:
-    - profile
 
+# 2. Falls vorhanden, Datei kopieren
+- name: (users-systemfiles.yml) copy .bash_profile if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/homedirs/{{ user.name }}/_bash_profile"
+    dest: "~{{ user.name }}/.bash_profile"
+    owner: "{{ user.name }}"
+    group: "{{ user.name }}"
+    mode: '0644'
+  loop: "{{ default_user | zip(bash_profile_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+    - stat_result.stat.exists
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags:
+    - bash
+
+# --
+# -- root user
+# --
 
 - name: (users-systemfiles.yml) Check if file '/root/.bash_profile.ORIG' exists
   stat:
@@ -219,94 +293,171 @@
   tags:
     - profile
 
-- name: (users-systemfiles.yml) copy .bash_profile for user root
+
-  copy: 
+# 1) Prüfen ob die _bash_profile für root auf dem Control-Node existiert
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile') }}"
+- name: stat root _bash_profile on control node
-    dest: "/root/.bash_profile"
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/homedirs/root/_bash_profile"
+  delegate_to: localhost
+  become: false
+  register: bash_profile_root_stat
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+
+# 2) Wenn vorhanden, kopieren wir sie nach /root/.bash_profile auf dem Zielhost
+- name: copy root .bash_profile if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/homedirs/root/_bash_profile"
+    dest: /root/.bash_profile
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
-  when: 
+  become: true
+  when:
     - ansible_facts['distribution'] == "CentOS"
-    - local_template_dir_root.stat.exists
+    - bash_profile_root_stat.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile')
   tags:
-    - profile
+    - bash
     
+
 # --
 # Copy .vimrc
 # ---
 
-- name: (users-systemfiles.yml) copy .vimrc if it exists
+# 1. Prüfen, ob für jeden User ein lokales _vimrc existiert
-  copy: 
+- name: (users-systemfiles.yml) stat user _vimrc
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
+  ansible.builtin.stat:
-    dest: "~{{ item.item.name }}/.vimrc"
+    path: "{{ inventory_dir }}/files/homedirs/{{ item.name }}/_vimrc"
-    owner: "{{ item.item.name }}"
+  delegate_to: localhost
-    group: "{{ item.item.name }}"
+  become: false
-    mode: 0644
+  loop: "{{ default_user }}"
-  loop: "{{  local_template_dir_default_user.results }}"
+  register: vimrc_stats
-  loop_control:
-    label: '{{ item.item.name }}'
-  when:
-    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
-  tags:
-    - vim
-
-- name: (users-systemfiles.yml) Check if .vim directory exists for default users
-  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
-  with_items: "{{ default_user }}"
   loop_control:
     label: '{{ item.name }}'
-  register: local_template_dir_dotvim_default_user
 
-- name: (users-systemfiles.yml) copy .vim directory if it exists
+# 2. Falls vorhanden, Datei kopieren
-  copy: 
+- name: (users-systemfiles.yml) copy .vimrc if it exists
-    src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
+  ansible.builtin.copy:
-    dest: "~{{ item.item.name }}"
+    src: "{{ inventory_dir }}/files/homedirs/{{ user.name }}/_vimrc"
-    owner: "{{ item.item.name }}"
+    dest: "~{{ user.name }}/.vimrc"
-    group: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    mode: 0644
+    group: "{{ user.name }}"
-  with_items: "{{ local_template_dir_dotvim_default_user.results }}"
+    mode: '0644'
+  loop: "{{ default_user | zip(vimrc_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists
+    - stat_result.stat.exists
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
   tags:
-    - vim
+    - bash
 
-- name: (users-systemfiles.yml) copy .vimrc for user root
+# 1) Lokal prüfen, ob ~/.vim existiert
-  copy: 
+- name: (users-systemfiles.yml) stat local .vim for each user
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
+  ansible.builtin.stat:
-    dest: "/root/.vimrc"
+    path: "{{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim"
+  delegate_to: localhost
+  become: false
+  loop: "{{ default_user }}"
+  register: dotvim_stats
+  loop_control:
+    label: "{{ item.name }}"
+
+# 2) Wenn vorhanden, .vim-Verzeichnis ins Home des Users kopieren
+- name: (users-systemfiles.yml) copy .vim directory if it exists
+  ansible.builtin.copy:
+    # Wichtig: KEINE verschachtelten {{ ... }} im String
+    src: "{{ inventory_dir }}/files/homedirs/{{ user.name }}/.vim"
+    dest: "~{{ user.name }}/"
+    mode: preserve           # oder weglassen; 0644 wäre für Verzeichnisse falsch
+  become: true
+  loop: "{{ default_user | zip(dotvim_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
+  when:
+    - stat_result.stat.exists | bool
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [vim]
+
+
+# 3) Ownership/Gruppe rekursiv korrigieren (falls gewünscht/erforderlich)
+- name: (users-systemfiles.yml) ensure ownership on ~/.vim recursively
+  ansible.builtin.file:
+    path: "~{{ user.name }}/.vim"
+    owner: "{{ user.name }}"
+    group: "{{ user.name }}"
+    recurse: true
+    state: directory
+  become: true
+  loop: "{{ default_user | zip(dotvim_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
+  when:
+    - stat_result.stat.exists | bool
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [vim]
+
+# --
+# -- root user
+# --
+
+# 1) Prüfen ob die _vimrc für root auf dem Control-Node existiert
+- name: stat root _vimrc on control node
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/homedirs/root/_vimrc"
+  delegate_to: localhost
+  become: false
+  register: vimrc_root_stat
+
+# 2) Wenn vorhanden, kopieren wir sie nach /root/.vimrc auf dem Zielhost
+- name: copy root .vimrc if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/homedirs/root/_vimrc"
+    dest: /root/.vimrc
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
+  become: true
   when:
-    - local_template_dir_root.stat.exists
+    - vimrc_root_stat.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
   tags:
-    - vim
+    - bash
 
+# 1) Lokal prüfen, ob ./files/homedirs/root/.vim existiert
+- name: (users-systemfiles.yml) stat local .vim for root
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/homedirs/root/.vim"
+  delegate_to: localhost
+  become: false
+  register: root_dotvim_stat
+  tags: [vim]
 
-- name: (users-systemfiles.yml) Check if local template directory .vim  exists for user root
+# 2) Wenn vorhanden, nach /root/ kopieren
-  local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
+- name: (users-systemfiles.yml) copy root .vim directory if it exists
-  register: local_template_dir_vim_root
+  ansible.builtin.copy:
-  with_items: 'root'
+    src: "{{ inventory_dir }}/files/homedirs/root/.vim"
-  loop_control:
+    dest: "/root/"
-    label: 'root'
+    mode: preserve         # oder weglassen; nicht 0644 bei Verzeichnissen
+  become: true
+  when:
+    - root_dotvim_stat.stat.exists | bool
+  tags: [vim]
 
-- name: (users-systemfiles.yml) copy .vim directory for user root if it exists
+# 3) Ownership sicherstellen (rekursiv)
-  copy: 
+- name: (users-systemfiles.yml) ensure ownership on /root/.vim recursively
-    src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
+  ansible.builtin.file:
-    dest: "/root"
+    path: "/root/.vim"
     owner: "root"
     group: "root"
-    mode: 0644
+    recurse: true
-  with_items: "{{ local_template_dir_vim_root.results }}"
+    state: directory
-  loop_control:
+  become: true
-    label: 'root'
   when:
-    - item.stat.exists
+    - root_dotvim_stat.stat.exists | bool
-  tags:
+  tags: [vim]
-    - vim