ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ansible:8064f4a2fe45bed68bd3dd0f56af15681d05300a
Branches Tags
ansible:master
...
compare: ansible:master
Branches Tags
ansible:master

4 Commits
8064f4a2fe ... master

Author SHA1 Message Date
Christoph
d1444e1507 Add cron job to monitor web services and restart if necessary 2026-05-06 15:57:11 +02:00
Christoph
b0dd95318a Add and update host variable files for various servers 
- Created new host variable file for `iam-nd.oopen.de` with network and cron configurations.
- Created new host variable file for `test.mariadb.oopen.de` with cron environment entries.
- Updated `file-km.anw-km.netz.yml.BAK.2026-04-18-1218` with network interface configurations and DNS settings.
- Modified `gw-campus.oopen.de.yml` to change device names for network interfaces.
- Updated `nd-archiv.warenform.de.yml`, `nd-live.warenform.de.yml`, `nd.warenform.de.yml`, `web0.warenform.de.yml`, `web1.warenform.de.yml`, and `web2.warenform.de.yml` to replace `wkhtmltopdf` with `weasyprint` in the list of extra packages.
- Updated `o26.oopen.de.yml` to correct SSH key destination and change backup job script path.
- Added `iam-nd.oopen.de` to the hosts file for server management.
 2026-05-01 02:30:31 +02:00
Christoph
7d5640f3bd Refactor dpkg command task for improved clarity and reliability 2026-05-01 02:29:53 +02:00
Christoph
c6a760e26e Update conditions for checking user configuration files in webadmin-user.yml 2026-05-01 02:29:27 +02:00
27 changed files with 1409 additions and 119 deletions
Expand all files Collapse all files

1
host_vars/backup.oopen.de.yml
View File

@@ -288,6 +288,7 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqqmBWh3qmnx41NiLCn1LhVG0mn4++IUvRNC0OMh6h6 root@gitoea'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICR9o0+6jnfmXKOedKP6IZgt5lRIPFSJJ4FbMjz2SPkH root@gw-campus'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpNZFa+Jp5/8zKmSIZ3LGzuuPxj+QvfF+NYbWtblvTg root@iam-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYFe6i0UdPRyENvfaJSJVCHtmnlJmhbqGEsdIlTapsj root@initiativenserver'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ54/I+TdZUA+Xc6bixSa3f0hN5y4kWW+xl9kqSZPBYS root@keycloak-nd'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO886BNZ/o9aBwkKqHku+MjS5/GEVRBbXXSF76ry7oZR root@mail-cadus'

1
host_vars/backup.warenform.de.yml
View File

@@ -255,6 +255,7 @@ default_user:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwG3cYT1S5ttaf7OCB2dfBAg4FFA3OO3HPTkiclaVFi root@server22'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyse/Fby2JiHjM10uotVfsBYO0W1EgmtFG2q+Q1xe38 root@server24'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIH9V1aqgZSqu7vfK9e5qGKm+ICHd8VglRr0Brm4kXfu root@server25'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUZHYQRap1XPOBsbtYs1elQMMm1hU1VMr7k2OFfOoi1 root@server18'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOOYhdtNPAQP8BlgSYBaMfWl8Yv4Y9ww7SWeLOn0HXH root@web0'

7
host_vars/devel-php.wf.netz.yml
View File

@@ -29,6 +29,13 @@
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_extra_pkgs: true
apt_extra_pkgs:
- weasyprint
- pdftk
- subversion
- subversion-tools
# ---
# vars used by roles/common/tasks/systemd-resolved.yml

12
host_vars/file-ebs.ebs.netz.yml
View File

@@ -536,6 +536,18 @@ samba_shares:
guest_ok: !!str yes
vfs_object_recycle: false
# ---
# - This share contains archived data that has not been backed up
# ---
- name: Archive-no-Backup
comment: Archive - keine Sicherungen
path: /data/samba/no-backup-shares/Archive-no-Backup
group_valid_users: alle
group_write_list: alle
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: false
# ==============================

137
host_vars/file-km-neu.anw-km.netz.yml
View File

@@ -60,7 +60,7 @@ network_interfaces:
maxage: 12
# inline hook scripts
pre-up:
pre-up:
- !!str "ip link set dev eno1np0 up" # pre-up script lines
up: [] #up script lines
post-up: [] # post-up script lines (alias for up)
@@ -93,6 +93,13 @@ network_interfaces:
# vars used by roles/common/tasks/apt.yml
# ---
apt_install_extra_pkgs:
- lvm2
- kpartx
- ntfs-3g
- swtpm
- swtpm-tools
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
@@ -175,6 +182,44 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Activate ksm support"
special_time: reboot
job: "echo 1 > /sys/kernel/mm/ksm/run"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
# ---
@@ -270,9 +315,9 @@ sudoers_file_user_back_mount_privileges:
samba_server_ip: 192.168.122.210
samba_server_cidr_prefix: 24
samba_workgroup: WORKGROUP
samba_workgroup: ANW-KM
samba_netbios_name: FILE-KM
samba_netbios_name: FILE-KM-01
samba_server_min_protocol: !!str NT1
@@ -285,10 +330,12 @@ samba_groups:
group_id: 1115
- name: intern
group_id: 1120
- name: aulmann
- name: wildvang
group_id: 1130
- name: howe
group_id: 1140
#- name: aulmann
# group_id: 1130
#- name: howe
# group_id: 1140
- name: stahmann
group_id: 1150
- name: traine
@@ -318,8 +365,6 @@ samba_user:
- name: andrea
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
@@ -336,8 +381,6 @@ samba_user:
- name: aphex2
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -354,8 +397,6 @@ samba_user:
- name: beuster
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
@@ -407,11 +448,11 @@ samba_user:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- wildvang
- public
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
@@ -425,8 +466,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -436,8 +475,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -457,7 +494,6 @@ samba_user:
- name: ho-st1
groups:
- alle
- howe
- stahmann
password: '44-Ro-440'
@@ -473,8 +509,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -484,8 +518,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -504,8 +536,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -515,8 +545,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -526,8 +554,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -537,8 +563,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
password: '66koeln66'
@@ -562,8 +586,6 @@ samba_user:
- name: rolf
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -574,11 +596,11 @@ samba_user:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- wildvang
- public
password: 'Ax_GSHh5'
@@ -595,12 +617,18 @@ samba_user:
- advoware
- alle
- kanzlei
- howe
- stahmann
- traine
- public
password: 'maltzwo2'
- name: wiebke
groups:
- alle
- wildvang
- public
password: 'uJ5gF/m53p.P'
- name: winadm
groups:
- a-jur
@@ -657,27 +685,38 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_recycle: false
- name: aulmann
comment: Aulmann auf Fileserver
path: /data/samba/Aulmann
group_valid_users: aulmann
group_write_list: aulmann
- name: wildvang
comment: Wildvang auf Fileserver
path: /data/samba/Wildvang
group_valid_users: wildvang
group_write_list: wildvang
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: howe
comment: Howe auf Fileserver
path: /data/samba/Howe
group_valid_users: howe
group_write_list: howe
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
# - name: aulmann
# comment: Aulmann auf Fileserver
# path: /data/samba/Aulmann
# group_valid_users: aulmann
# group_write_list: aulmann
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true
# - name: howe
# comment: Howe auf Fileserver
# path: /data/samba/Howe
# group_valid_users: howe
# group_write_list: howe
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true
- name: stahmann
comment: Stahmann auf Fileserver

126
host_vars/file-km.anw-km.netz.yml
View File

@@ -60,7 +60,7 @@ network_interfaces:
maxage: 12
# inline hook scripts
pre-up:
pre-up:
- !!str "ip link set dev enp97s0 up" # pre-up script lines
up: [] #up script lines
post-up: [] # post-up script lines (alias for up)
@@ -175,6 +175,44 @@ cron_user_special_time_entries:
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Activate ksm support"
special_time: reboot
job: "echo 1 > /sys/kernel/mm/ksm/run"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
# ---
@@ -233,10 +271,12 @@ samba_groups:
group_id: 1110
- name: intern
group_id: 1120
- name: aulmann
- name: wildvang
group_id: 1130
- name: howe
group_id: 1140
#- name: aulmann
# group_id: 1130
#- name: howe
# group_id: 1140
- name: stahmann
group_id: 1150
- name: traine
@@ -266,8 +306,6 @@ samba_user:
- name: andrea
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
@@ -284,8 +322,6 @@ samba_user:
- name: aphex2
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -302,8 +338,6 @@ samba_user:
- name: beuster
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
@@ -355,11 +389,11 @@ samba_user:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- wildvang
- public
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
@@ -373,8 +407,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -384,8 +416,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -405,7 +435,6 @@ samba_user:
- name: ho-st1
groups:
- alle
- howe
- stahmann
password: '44-Ro-440'
@@ -421,8 +450,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -432,8 +459,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -452,8 +477,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -463,8 +486,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -474,8 +495,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -485,8 +504,6 @@ samba_user:
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
password: '66koeln66'
@@ -510,8 +527,6 @@ samba_user:
- name: rolf
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
@@ -522,11 +537,11 @@ samba_user:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- wildvang
- public
password: 'Ax_GSHh5'
@@ -543,12 +558,18 @@ samba_user:
- advoware
- alle
- kanzlei
- howe
- stahmann
- traine
- public
password: 'maltzwo2'
- name: wiebke
groups:
- alle
- wildvang
- public
password: 'uJ5gF/m53p.P'
- name: winadm
groups:
- a-jur
@@ -605,27 +626,38 @@ samba_shares:
dir_create_mask: !!str 2770
vfs_object_recycle: false
- name: aulmann
comment: Aulmann auf Fileserver
path: /data/samba/Aulmann
group_valid_users: aulmann
group_write_list: aulmann
- name: wildvang
comment: Wildvang auf Fileserver
path: /data/samba/Wildvang
group_valid_users: wildvang
group_write_list: wildvang
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: howe
comment: Howe auf Fileserver
path: /data/samba/Howe
group_valid_users: howe
group_write_list: howe
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
# - name: aulmann
# comment: Aulmann auf Fileserver
# path: /data/samba/Aulmann
# group_valid_users: aulmann
# group_write_list: aulmann
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true
# - name: howe
# comment: Howe auf Fileserver
# path: /data/samba/Howe
# group_valid_users: howe
# group_write_list: howe
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true
- name: stahmann
comment: Stahmann auf Fileserver

774
host_vars/file-km.anw-km.netz.yml.BAK.2026-04-18-1218 Normal file
View File

@@ -0,0 +1,774 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: br0
# use only once per device (for the first device entry)
headline: br0 - bridge over device enp97s0
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.122.10
netmask: 24
gateway: 192.168.122.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
# optional bridge parameters bridge: {}
# bridge:
# ports:
# stp:
# fd:
# maxwait:
# waitport:
bridge:
ports: enp97s0 # for mor devices support a blank separated list
stp: !!str off
fd: 5
hello: 2
maxage: 12
# inline hook scripts
pre-up:
- !!str "ip link set dev enp97s0 up" # pre-up script lines
up: [] #up script lines
post-up: [] # post-up script lines (alias for up)
pre-down: [] # pre-down script lines (alias for down)
down: [] # down script lines
post-down: [] # post-down script lines
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.122.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- anw-km.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 172.16.122.254
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Activate ksm support"
special_time: reboot
job: "echo 1 > /sys/kernel/mm/ksm/run"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_back_mount_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/mount'
- 'ALL=(root) NOPASSWD: /usr/bin/umount'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.122.10
samba_server_cidr_prefix: 24
samba_workgroup: WORKGROUP
samba_netbios_name: FILE-KM
samba_server_min_protocol: !!str NT1
samba_groups:
- name: kanzlei
group_id: 1100
- name: a-jur
group_id: 1110
- name: intern
group_id: 1120
- name: wildvang
group_id: 1130
#- name: aulmann
# group_id: 1130
#- name: howe
# group_id: 1140
- name: stahmann
group_id: 1150
- name: traine
group_id: 1160
- name: public
group_id: 1170
- name: alle
group_id: 1180
samba_user:
- name: advoware
groups:
- advoware
password: '9WNRbc49m3'
- name: a-jur
groups:
- a-jur
- alle
- intern
- kanzlei
password: 'a-jur'
- name: andrea
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
password: 'fXc3bmK9gj'
- name: andreas
groups:
- a-jur
- advoware
- alle
- kanzlei
password: 'YKQRa.M9-6rL'
- name: aphex2
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'J3KMRprK9H'
- name: berenice
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'berenice'
- name: beuster
groups:
- advoware
- aulmann
- howe
- stahmann
- traine
- public
- alle
password: 'zlm17Kx'
- name: buero
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero'
- name: buero2
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero2'
- name: buero3
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero3'
- name: buero4
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero4'
- name: buero7
groups:
- advoware
- kanzlei
- a-jur
- alle
password: 'buero7'
- name: chris
groups:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- public
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30383265366434633965346530666535363761396165393434643665393137353765653739636364
6330623334353763613065343336306434376335646666380a363030363335656261656236636562
63663763616630383264303039336562626537366634303636356237323630666635356130383165
3837613337343533650a663061366230353531316535656433643162353063383534323833323138
3430
- name: christina
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'qvR7zX4Lhs'
- name: federico
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'zHfj9g3NcC'
# - name: gerhard
# groups:
# - advoware
# - alle
# - aulmann
# - howe
# - stahmann
# - traine
# - public
# password: 'bHdhzWnTj9'
- name: ho-st1
groups:
- alle
- howe
- stahmann
password: '44-Ro-440'
# - name: howe-staff-1
# groups:
# - advoware
# - alle
# - aulmann
# - howe
# password: ''
- name: irina
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'W9NKv39pXW'
- name: jessica
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'bV3pjPtjkR'
# - name: laura
# groups:
# - alle
# - aulmann
# - howe
# - stahmann
# - traine
# password: '99-Hamburg-990'
- name: lenovo3
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'fndvLmrt7W'
- name: lenovo4
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'tpCMmTKj7H'
- name: lenovo5
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: 'L5Hannover51'
- name: lenovo6
groups:
- advoware
- alle
- aulmann
- howe
- stahmann
- traine
password: '66koeln66'
- name: rm-buero1
groups:
- advoware
- alle
- a-jur
- kanzlei
password: ''
- name: rm-buero2
groups:
- advoware
- alle
- a-jur
- kanzlei
password: ''
- name: rolf
groups:
- alle
- aulmann
- howe
- stahmann
- traine
- public
password: '4xNVNFXgP4'
- name: sysadm
groups:
- a-jur
- advoware
- alle
- aulmann
- intern
- kanzlei
- stahmann
- traine
- public
password: 'Ax_GSHh5'
- name: thomas
groups:
- advoware
- alle
- traine
password: '55-tho-mas-550'
- name: Tresen
groups:
- a-jur
- advoware
- alle
- kanzlei
- howe
- stahmann
- traine
- public
password: 'maltzwo2'
- name: wiebke
groups:
- alle
- wildvang
- public
password: '4xNVNFXgP4'
- name: winadm
groups:
- a-jur
- advoware
- alle
- intern
- kanzlei
- public
password: 'Ax_GSHh5'
base_home: /data/home
remove_samba_users:
- name: howe-staff-1
- name: gerhard
- name: laura
#remove_samba_users: []
#remove_samba_users:
# - name: evren
samba_shares:
- name: a-jur
comment: a-jur Dokumente
path: /data/samba/a-jur
group_valid_users: a-jur
group_write_list: a-jur
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: kanzlei
comment: Kanzlei auf Fileserver
path: /data/samba/kanzlei
group_valid_users: kanzlei
group_write_list: kanzlei
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: install
comment: Install auf Fileserver
path: /data/samba/no-backup-shares/install
group_valid_users: intern
group_write_list: intern
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: false
- name: wildvang
comment: Traine auf Fileserver
path: /data/samba/Wildvang
group_valid_users: wildvang
group_write_list: wildvang
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
# - name: aulmann
# comment: Aulmann auf Fileserver
# path: /data/samba/Aulmann
# group_valid_users: aulmann
# group_write_list: aulmann
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true
# - name: howe
# comment: Howe auf Fileserver
# path: /data/samba/Howe
# group_valid_users: howe
# group_write_list: howe
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# vfs_object_recycle_is_visible: true
- name: stahmann
comment: Stahmann auf Fileserver
path: /data/samba/Stahmann
group_valid_users: stahmann
group_write_list: stahmann
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: traine
comment: Traine auf Fileserver
path: /data/samba/Traine
group_valid_users: traine
group_write_list: traine
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: public
comment: Public auf Fileserver
path: /data/samba/public
group_valid_users: public
group_write_list: public
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: Advoware-Schriftverkehr
comment: Advoware Dokumente
path: /data/samba/Advoware-Schriftverkehr
group_valid_users: advoware
group_write_list: advoware
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
- name: Advoware-Backup
comment: Advoware Dokumente
path: /data/samba/Advoware-Backup
group_valid_users: intern
group_write_list: intern
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: false
- name: alle
comment: Alle auf Fileserver
path: /data/samba/Alle
group_valid_users: alle
group_write_list: alle
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
vfs_object_recycle_is_visible: true
# - name: web
# comment: Web auf Fileserver
# path: /data/samba/Web
# group_valid_users: web
# group_write_list: web
# file_create_mask: !!str 660
# dir_create_mask: !!str 2770
# vfs_object_recycle: true
# recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

8
host_vars/gw-campus.oopen.de.yml
View File

@@ -90,8 +90,8 @@ network_interfaces:
- /sbin/ifconfig eno4 up
- device: eno6
headline: eno6 - Management Network Campus - network 10.72.1.0/24
- device: eno6np1
headline: eno6np1 - Management Network Campus - network 10.72.1.0/24
auto: true
family: inet
method: static
@@ -99,8 +99,8 @@ network_interfaces:
netmask: 24
- device: eno7
headline: eno7 - network 192.168.11.0/24 (LAN Stockhausen)
- device: eno7np2
headline: eno7np2 - network 192.168.11.0/24 (LAN Stockhausen)
auto: true
family: inet
method: static

225
host_vars/iam-nd.oopen.de.yml Normal file
View File

@@ -0,0 +1,225 @@
---
# ---
# vars used by roles/network_interfaces
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.162.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 185.12.64.1
- 2a01:4ff:ff00::add:2
- 185.12.64.2
- 2a01:4ff:ff00::add:1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- oopen.de
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
- name: "Check if postfix mailservice is running. Restart service if needed."
special_time: reboot
job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
insertafter: PATH
cron_user_entries:
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check if cert for Keycloak service is up-to-date"
minute: '51'
hour: '05'
job: /root/bin/monitoring/check_cert_for_keycloak.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---
extra_user:
- name: nd-admin
user_id: 1045
group_id: 1045
group: nd-admin
password: $y$j9T$1YJwHY0qdLimgtdOKlTxR1$/O9QWTpr0Y41TduR2GZ0FMCiIxFqOaXWSM9hmHRnv80
shell: /bin/bash
ssh_keys:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTjd4XFBdF/V9VdSZjy9G7nupBwaMqsrtQSP4Uctkrz org@rdsgn.de'
sudo_users:
- chris
- sysadm
- nd-admin
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

56
host_vars/meet.akweb.de.yml
View File

@@ -100,6 +100,62 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_entries:
- name: "Restart Prosody Servive (used by Jitsi Meet Authentification)"
minute: 57
hour: 05
job: systemctl restart prosody.service
- name: "Check if cert for coTURN service is up-to-date"
minute: 03
hour: 05
job: /root/bin/monitoring/check_cert_for_service.sh
- name: "Check if cert(s) for Prosody service are up-to-date"
minute: 13
hour: 07
job: /root/bin/monitoring/check_cert_for_prosody.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
minute: '*/5'
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---

57
host_vars/meet.oopen.de.yml
View File

@@ -102,6 +102,63 @@ resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
insertafter: PATH
cron_user_entries:
- name: "Restart Prosody Servive (used by Jitsi Meet Authentification)"
minute: 57
hour: 05
job: systemctl restart prosody.service
- name: "Check if cert for coTURN service is up-to-date"
minute: 03
hour: 05
job: /root/bin/monitoring/check_cert_for_service.sh
- name: "Check if cert(s) for Prosody service are up-to-date"
minute: 13
hour: 07
job: /root/bin/monitoring/check_cert_for_prosody.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_ssh.sh
- name: "Check if Postfix Mailservice is up and running?"
minute: '*/15'
hour: '*'
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
minute: '*/5'
hour: '*'
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
minute: '23'
hour: '05'
job: /var/lib/dehydrated/cron/dehydrated_cron.sh
- name: "Check whether all certificates are included in the VHOST configurations"
minute: '33'
hour: '05'
job: /var/lib/dehydrated/tools/update_ssl_directives.sh
# ---
# vars used by roles/common/tasks/users.yml
# ---

2
host_vars/nd-archiv.warenform.de.yml
View File

@@ -26,7 +26,7 @@
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
- weasyprint
- pdftk
- subversion
- subversion-tools

3
host_vars/nd-live.warenform.de.yml
View File

@@ -26,7 +26,8 @@
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
- weasyprint
- pdftk
- subversion
- subversion-tools

2
host_vars/nd.warenform.de.yml
View File

@@ -26,7 +26,7 @@
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
- weasyprint
- pdftk
- subversion
- subversion-tools

5
host_vars/o12.oopen.de.yml
View File

@@ -243,6 +243,11 @@ cron_user_special_time_entries:
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'

5
host_vars/o13.oopen.de.yml
View File

@@ -145,6 +145,11 @@ cron_user_special_time_entries:
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'

5
host_vars/o22.oopen.de.yml
View File

@@ -257,6 +257,11 @@ cron_user_special_time_entries:
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'

4
host_vars/o26.oopen.de.yml
View File

@@ -262,7 +262,7 @@ root_ssh_keypair:
priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup
priv_key_dest: /root/.ssh/id_ed25519-backup
pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup.pub
pub_key_dest: /root/.ssh/id_ed25519-backup
pub_key_dest: /root/.ssh/id_ed25519-backup.pub
# ---
@@ -386,7 +386,7 @@ cron_user_entries:
- name: "Remote Borg Backup"
minute: '04'
hour: '00'
job: /root/crontab/backup-rborg/rborg.sh
job: /root/crontab/backup-rborg2/rborg2.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'

5
host_vars/o36.oopen.de.yml
View File

@@ -248,6 +248,11 @@ cron_user_special_time_entries:
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'

5
host_vars/o39.oopen.de.yml
View File

@@ -250,6 +250,11 @@ cron_user_special_time_entries:
cron_user_entries:
- name: "Check if webservices sre running. Restart if necessary"
minute: '*/5'
hour: '*'
job: /root/bin/monitoring/check_webservice_load.sh
- name: "Check if SSH service is running. Restart service if needed."
minute: '*/5'
hour: '*'

56
host_vars/test.mariadb.oopen.de.yml Normal file
View File

@@ -0,0 +1,56 @@
---
# ---
# vars used by role 'firewall'
# ---
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by cron.yml
# ---
#cron_env_entries: []
cron_env_entries:
- name: PATH
job: /root/bin/admin-stuff:/root/bin:/usr/local/php/bin:/usr/local/apache2/bin:/sbin:/bin:/usr/local/dovecot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: SHELL
job: /bin/bash
# ---
# vars used by apt.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---

2
host_vars/web0.warenform.de.yml
View File

@@ -26,7 +26,7 @@
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
- weasyprint
- pdftk
- subversion
- subversion-tools

3
host_vars/web1.warenform.de.yml
View File

@@ -26,7 +26,8 @@
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
- weasyprint
- pdftk
- subversion
- subversion-tools

3
host_vars/web2.warenform.de.yml
View File

@@ -26,7 +26,8 @@
apt_install_extra_pkgs: true
apt_extra_pkgs:
- wkhtmltopdf
- weasyprint
- pdftk
- subversion
- subversion-tools

7
hosts
View File

@@ -163,6 +163,7 @@ o15.oopen.de
o17.oopen.de
test.mx.oopen.de
test.mariadb.oopen.de
# Exil e.V.
o18.oopen.de
@@ -283,6 +284,7 @@ mm-rav.oopen.de
o43.oopen.de
formbricks-nd.oopen.de
keycloak-nd.oopen.de
iam-nd.oopen.de
prometheus-nd.oopen.de
web-nd.oopen.de
test-nd.oopen.de
@@ -500,6 +502,7 @@ mm-rav.oopen.de
o43.oopen.de
formbricks-nd.oopen.de
keycloak-nd.oopen.de
iam-nd.oopen.de
prometheus-nd.oopen.de
web-nd.oopen.de
test-nd.oopen.de
@@ -940,6 +943,7 @@ mm-rav.oopen.de
# o43 - ND prometheus, web
keycloak-nd.oopen.de
iam-nd.oopen.de
prometheus-nd.oopen.de
web-nd.oopen.de
@@ -1081,6 +1085,7 @@ mm-rav.oopen.de
# o43 - ND app
keycloak-nd.oopen.de
iam-nd.oopen.de
prometheus-nd.oopen.de
@@ -1701,6 +1706,7 @@ mm-rav.oopen.de
# o43 - ND
keycloak-nd.oopen.de
iam-nd.oopen.de
prometheus-nd.oopen.de
web-nd.oopen.de
test-nd.oopen.de
@@ -1942,6 +1948,7 @@ mm-rav.oopen.de
o43.oopen.de
formbricks-nd.oopen.de
keycloak-nd.oopen.de
iam-nd.oopen.de
prometheus-nd.oopen.de
web-nd.oopen.de
test-nd.oopen.de

8
roles/ansible_dependencies-bookworm/tasks/main.yml
View File

@@ -19,11 +19,8 @@
raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
- name: dpkg --configure -a
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
ansible.builtin.command: dpkg --configure -a
changed_when: (_dpkg_configure.stdout | default('')) | length > 0
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
@@ -44,4 +41,3 @@
state: "{{ apt_install_state }}"
tags:
- ansible-dependencies

9
roles/common/tasks/webadmin-user.yml
View File

@@ -196,8 +196,8 @@
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') != ''
tags:
- webadmin
- bash
@@ -240,7 +240,7 @@
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') != ''
tags:
- webadmin
- profile
@@ -261,7 +261,7 @@
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') != ''
tags:
- webadmin
- vim
@@ -288,4 +288,3 @@
tags:
- webadmin
- vim