Add cron job to monitor web services and restart if necessary

Add and update host variable files for various servers
- Created new host variable file for `iam-nd.oopen.de` with network and cron configurations. - Created new host variable file for `test.mariadb.oopen.de` with cron environment entries. - Updated `file-km.anw-km.netz.yml.BAK.2026-04-18-1218` with network interface configurations and DNS settings. - Modified `gw-campus.oopen.de.yml` to change device names for network interfaces. - Updated `nd-archiv.warenform.de.yml`, `nd-live.warenform.de.yml`, `nd.warenform.de.yml`, `web0.warenform.de.yml`, `web1.warenform.de.yml`, and `web2.warenform.de.yml` to replace `wkhtmltopdf` with `weasyprint` in the list of extra packages. - Updated `o26.oopen.de.yml` to correct SSH key destination and change backup job script path. - Added `iam-nd.oopen.de` to the hosts file for server management.
2026-05-06 15:57:11 +02:00 · 2026-05-01 02:30:31 +02:00 · 2026-05-01 02:29:53 +02:00 · 2026-05-01 02:29:27 +02:00
27 changed files with 1409 additions and 119 deletions
--- a/host_vars/backup.oopen.de.yml
+++ b/host_vars/backup.oopen.de.yml
@@ -288,6 +288,7 @@ default_user:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqqmBWh3qmnx41NiLCn1LhVG0mn4++IUvRNC0OMh6h6 root@gitoea'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICR9o0+6jnfmXKOedKP6IZgt5lRIPFSJJ4FbMjz2SPkH root@gw-campus'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEm1P7Pg3Tlm02bxkropKf3CcyTCAB3YCMxPSjai2lc root@gw-dissens'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpNZFa+Jp5/8zKmSIZ3LGzuuPxj+QvfF+NYbWtblvTg root@iam-nd'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYFe6i0UdPRyENvfaJSJVCHtmnlJmhbqGEsdIlTapsj root@initiativenserver'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ54/I+TdZUA+Xc6bixSa3f0hN5y4kWW+xl9kqSZPBYS root@keycloak-nd'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO886BNZ/o9aBwkKqHku+MjS5/GEVRBbXXSF76ry7oZR root@mail-cadus'
--- a/host_vars/backup.warenform.de.yml
+++ b/host_vars/backup.warenform.de.yml
@@ -255,6 +255,7 @@ default_user:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwG3cYT1S5ttaf7OCB2dfBAg4FFA3OO3HPTkiclaVFi root@server22'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyse/Fby2JiHjM10uotVfsBYO0W1EgmtFG2q+Q1xe38 root@server24'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIH9V1aqgZSqu7vfK9e5qGKm+ICHd8VglRr0Brm4kXfu root@server25'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUZHYQRap1XPOBsbtYs1elQMMm1hU1VMr7k2OFfOoi1 root@server18'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOOYhdtNPAQP8BlgSYBaMfWl8Yv4Y9ww7SWeLOn0HXH root@web0'
--- a/host_vars/devel-php.wf.netz.yml
+++ b/host_vars/devel-php.wf.netz.yml
@@ -29,6 +29,13 @@
 # vars used by roles/common/tasks/apt.yml
 # ---
 apt_install_extra_pkgs: true
 apt_extra_pkgs:
  - weasyprint
  - pdftk
  - subversion
  - subversion-tools
 # ---
 # vars used by roles/common/tasks/systemd-resolved.yml
--- a/host_vars/file-ebs.ebs.netz.yml
+++ b/host_vars/file-ebs.ebs.netz.yml
@@ -536,6 +536,18 @@ samba_shares:
    guest_ok: !!str yes
    vfs_object_recycle: false
    # ---
    # - This share contains archived data that has not been backed up
    # ---
  - name: Archive-no-Backup
    comment: Archive - keine Sicherungen
    path: /data/samba/no-backup-shares/Archive-no-Backup
    group_valid_users: alle
    group_write_list: alle
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: false
 # ==============================
--- a/host_vars/file-km-neu.anw-km.netz.yml
+++ b/host_vars/file-km-neu.anw-km.netz.yml
@@ -93,6 +93,13 @@ network_interfaces:
 # vars used by roles/common/tasks/apt.yml
 # ---
 apt_install_extra_pkgs:
  - lvm2
  - kpartx
  - ntfs-3g
  - swtpm
  - swtpm-tools
 # ---
 # vars used by roles/common/tasks/systemd-resolved.yml
@@ -175,6 +182,44 @@ cron_user_special_time_entries:
    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
    insertafter: PATH
  - name: "Activate ksm support"
    special_time: reboot
    job: "echo 1 > /sys/kernel/mm/ksm/run"
    insertafter: PATH
 cron_user_entries:
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh
  - name: "Check if postfix mailservice is running. Restart service if needed."
    minute: "*/5"
    hour: "*"
    job: /root/bin/monitoring/check_postfix.sh
  - name: "Check Postfix E-Mail LOG file for 'fatal' errors."
    minute: "*/30"
    hour: "*"
    job: /root/bin/postfix/check-postfix-fatal-errors.sh
  - name: "Clean up Samba Trash Dirs"
    minute: "02"
    hour: "23"
    job: /root/bin/samba/clean_samba_trash.sh
  - name: "Set (group and access) Permissons for Samba shares"
    minute: "14"
    hour: "23"
    job: /root/bin/samba/set_permissions_samba_shares.sh
  - name: "Check if ntpsec is running. Restart service if needed."
    minute: "*/6"
    hour: "*"
    job: /root/bin/monitoring/check_ntpsec_service.sh
 # ---
@@ -270,9 +315,9 @@ sudoers_file_user_back_mount_privileges:
 samba_server_ip: 192.168.122.210
 samba_server_cidr_prefix: 24
-samba_workgroup: WORKGROUP
+samba_workgroup: ANW-KM
-samba_netbios_name: FILE-KM
+samba_netbios_name: FILE-KM-01
 samba_server_min_protocol: !!str NT1
@@ -285,10 +330,12 @@ samba_groups:
    group_id: 1115
  - name: intern
    group_id: 1120
-  - name: aulmann
+  - name: wildvang
    group_id: 1130
-  - name: howe
+  #- name: aulmann
-    group_id: 1140
+  #  group_id: 1130
  #- name: howe
  #  group_id: 1140
  - name: stahmann
    group_id: 1150
  - name: traine
@@ -318,8 +365,6 @@ samba_user:
  - name: andrea
    groups:
      - advoware
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -336,8 +381,6 @@ samba_user:
  - name: aphex2
    groups:
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -354,8 +397,6 @@ samba_user:
  - name: beuster
    groups:
      - advoware
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -407,11 +448,11 @@ samba_user:
      - a-jur
      - advoware
      - alle
      - aulmann
      - intern
      - kanzlei
      - stahmann
      - traine
      - wildvang
      - public
    password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
@@ -425,8 +466,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -436,8 +475,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -457,7 +494,6 @@ samba_user:
  - name: ho-st1
    groups:
      - alle
      - howe
      - stahmann
    password: '44-Ro-440'
@@ -473,8 +509,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -484,8 +518,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -504,8 +536,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -515,8 +545,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -526,8 +554,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -537,8 +563,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
    password: '66koeln66'
@@ -562,8 +586,6 @@ samba_user:
  - name: rolf
    groups:
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -574,11 +596,11 @@ samba_user:
      - a-jur
      - advoware
      - alle
      - aulmann
      - intern
      - kanzlei
      - stahmann
      - traine
      - wildvang
      - public
    password: 'Ax_GSHh5'
@@ -595,12 +617,18 @@ samba_user:
      - advoware
      - alle
      - kanzlei
      - howe
      - stahmann
      - traine
      - public
    password: 'maltzwo2'
  - name: wiebke
    groups:
      - alle
      - wildvang
      - public
    password: 'uJ5gF/m53p.P'
  - name: winadm
    groups:
      - a-jur
@@ -657,27 +685,38 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_recycle: false
-  - name: aulmann
+  - name: wildvang
-    comment: Aulmann auf Fileserver
+    comment: Wildvang auf Fileserver
-    path: /data/samba/Aulmann
+    path: /data/samba/Wildvang
-    group_valid_users: aulmann
+    group_valid_users: wildvang
-    group_write_list: aulmann
+    group_write_list: wildvang
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
-  - name: howe
+#  - name: aulmann
-    comment: Howe auf Fileserver
+#    comment: Aulmann auf Fileserver
-    path: /data/samba/Howe
+#    path: /data/samba/Aulmann
-    group_valid_users: howe
+#    group_valid_users: aulmann
-    group_write_list: howe
+#    group_write_list: aulmann
-    file_create_mask: !!str 660
+#    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
+#    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
+#    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+#    recycle_path: '@Recycle'
-    vfs_object_recycle_is_visible: true
+#    vfs_object_recycle_is_visible: true
 #  - name: howe
 #    comment: Howe auf Fileserver
 #    path: /data/samba/Howe
 #    group_valid_users: howe
 #    group_write_list: howe
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 #    vfs_object_recycle_is_visible: true
  - name: stahmann
    comment: Stahmann auf Fileserver
--- a/host_vars/file-km.anw-km.netz.yml
+++ b/host_vars/file-km.anw-km.netz.yml
@@ -175,6 +175,44 @@ cron_user_special_time_entries:
    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
    insertafter: PATH
  - name: "Activate ksm support"
    special_time: reboot
    job: "echo 1 > /sys/kernel/mm/ksm/run"
    insertafter: PATH
 cron_user_entries:
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh
  - name: "Check if postfix mailservice is running. Restart service if needed."
    minute: "*/5"
    hour: "*"
    job: /root/bin/monitoring/check_postfix.sh
  - name: "Check Postfix E-Mail LOG file for 'fatal' errors."
    minute: "*/30"
    hour: "*"
    job: /root/bin/postfix/check-postfix-fatal-errors.sh
  - name: "Clean up Samba Trash Dirs"
    minute: "02"
    hour: "23"
    job: /root/bin/samba/clean_samba_trash.sh
  - name: "Set (group and access) Permissons for Samba shares"
    minute: "14"
    hour: "23"
    job: /root/bin/samba/set_permissions_samba_shares.sh
  - name: "Check if ntpsec is running. Restart service if needed."
    minute: "*/6"
    hour: "*"
    job: /root/bin/monitoring/check_ntpsec_service.sh
 # ---
@@ -233,10 +271,12 @@ samba_groups:
    group_id: 1110
  - name: intern
    group_id: 1120
-  - name: aulmann
+  - name: wildvang
    group_id: 1130
-  - name: howe
+  #- name: aulmann
-    group_id: 1140
+  #  group_id: 1130
  #- name: howe
  #  group_id: 1140
  - name: stahmann
    group_id: 1150
  - name: traine
@@ -266,8 +306,6 @@ samba_user:
  - name: andrea
    groups:
      - advoware
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -284,8 +322,6 @@ samba_user:
  - name: aphex2
    groups:
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -302,8 +338,6 @@ samba_user:
  - name: beuster
    groups:
      - advoware
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -355,11 +389,11 @@ samba_user:
      - a-jur
      - advoware
      - alle
      - aulmann
      - intern
      - kanzlei
      - stahmann
      - traine
      - wildvang
      - public
    password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
@@ -373,8 +407,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -384,8 +416,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -405,7 +435,6 @@ samba_user:
  - name: ho-st1
    groups:
      - alle
      - howe
      - stahmann
    password: '44-Ro-440'
@@ -421,8 +450,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -432,8 +459,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -452,8 +477,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -463,8 +486,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -474,8 +495,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -485,8 +504,6 @@ samba_user:
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
    password: '66koeln66'
@@ -510,8 +527,6 @@ samba_user:
  - name: rolf
    groups:
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
@@ -522,11 +537,11 @@ samba_user:
      - a-jur
      - advoware
      - alle
      - aulmann
      - intern
      - kanzlei
      - stahmann
      - traine
      - wildvang
      - public
    password: 'Ax_GSHh5'
@@ -543,12 +558,18 @@ samba_user:
      - advoware
      - alle
      - kanzlei
      - howe
      - stahmann
      - traine
      - public
    password: 'maltzwo2'
  - name: wiebke
    groups:
      - alle
      - wildvang
      - public
    password: 'uJ5gF/m53p.P'
  - name: winadm
    groups:
      - a-jur
@@ -605,27 +626,38 @@ samba_shares:
    dir_create_mask: !!str 2770
    vfs_object_recycle: false
-  - name: aulmann
+  - name: wildvang
-    comment: Aulmann auf Fileserver
+    comment: Wildvang auf Fileserver
-    path: /data/samba/Aulmann
+    path: /data/samba/Wildvang
-    group_valid_users: aulmann
+    group_valid_users: wildvang
-    group_write_list: aulmann
+    group_write_list: wildvang
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
-  - name: howe
+#  - name: aulmann
-    comment: Howe auf Fileserver
+#    comment: Aulmann auf Fileserver
-    path: /data/samba/Howe
+#    path: /data/samba/Aulmann
-    group_valid_users: howe
+#    group_valid_users: aulmann
-    group_write_list: howe
+#    group_write_list: aulmann
-    file_create_mask: !!str 660
+#    file_create_mask: !!str 660
-    dir_create_mask: !!str 2770
+#    dir_create_mask: !!str 2770
-    vfs_object_recycle: true
+#    vfs_object_recycle: true
-    recycle_path: '@Recycle'
+#    recycle_path: '@Recycle'
-    vfs_object_recycle_is_visible: true
+#    vfs_object_recycle_is_visible: true
 #  - name: howe
 #    comment: Howe auf Fileserver
 #    path: /data/samba/Howe
 #    group_valid_users: howe
 #    group_write_list: howe
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 #    vfs_object_recycle_is_visible: true
  - name: stahmann
    comment: Stahmann auf Fileserver
--- a/host_vars/file-km.anw-km.netz.yml.BAK.2026-04-18-1218
+++ b/host_vars/file-km.anw-km.netz.yml.BAK.2026-04-18-1218
@@ -0,0 +1,774 @@
 ---
 # ---
 # vars used by roles/network_interfaces
 # ---
 # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
 network_manage_devices: True
 # Should the interfaces be reloaded after config change?
 network_interface_reload: False
 network_interface_path: /etc/network/interfaces.d
 network_interface_required_packages:
  - vlan
  - bridge-utils
  - ifmetric
  - ifupdown
  - ifenslave
 network_interfaces:
  - device: br0
    # use only once per device (for the first device entry)
    headline: br0 - bridge over device enp97s0
    # auto & allow are only used for the first device entry
    allow: [] # array of allow-[stanzas] eg. allow-hotplug
    auto: true
    family: inet
    method: static
    description:
    address: 192.168.122.10
    netmask: 24
    gateway: 192.168.122.254
    # optional dns settings nameservers: []
    #
    #    nameservers:
    #      - 194.150.168.168  # dns.as250.net
    #      - 91.239.100.100   # anycast.censurfridns.dk
    #    search: warenform.de
    #
    # optional bridge parameters bridge: {}
    # bridge:
    #   ports:
    #   stp:
    #   fd:
    #   maxwait:
    #   waitport:
    bridge:
      ports: enp97s0 # for mor devices support a blank separated list
      stp: !!str off
      fd: 5
      hello: 2
      maxage: 12
    # inline hook scripts
    pre-up:
      - !!str "ip link set dev enp97s0 up" # pre-up script lines
    up: [] #up script lines
    post-up: [] # post-up script lines (alias for up)
    pre-down: [] # pre-down script lines (alias for down)
    down: [] # down script lines
    post-down: [] # post-down script lines
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/systemd-resolved.yml
 # ---
 systemd_resolved: true
 # CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
 #   Primäre DNS-Adresse: 38.132.106.139
 #   Sekundäre DNS-Adresse: 194.187.251.67
 #
 # Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
 #   primäre DNS-Adresse
 #      IPv4: 1.1.1.1
 #      IPv6: 2606:4700:4700::1111
 #   sekundäre DNS-Adresse
 #      IPv4: 1.0.0.1
 #      IPv6: 2606:4700:4700::1001
 #
 # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
 #   primäre DNS-Adresse
 #      IPv4: 8.8.8.8
 #      IPv6: 2001:4860:4860::8888
 #   sekundäre DNS-Adresse
 #      IPv4: 8.8.4.4
 #      IPv6: 2001:4860:4860::8844
 #
 # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
 #   primäre DNS-Adresse
 #      IPv4: 9.9.9.9
 #      IPv6: 2620:fe::fe
 #   sekundäre DNS-Adresse
 #      IPv4: 149.112.112.112
 #      IPv6: 2620:fe::9
 #
 # OpenNIC - https://www.opennic.org/
 #      IPv4: 195.10.195.195 - ns31.de
 #      IPv4: 94.16.114.254  - ns28.de
 #      IPv4: 51.254.162.59  - ns9.de
 #      IPv4: 194.36.144.87  - ns29.de
 #      IPv6: 2a00:f826:8:2::195 - ns31.de
 #
 # Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
 #    IPv4: 5.1.66.255
 #    IPv6: 2001:678:e68:f000::
 #    Servername für DNS-over-TLS: dot.ffmuc.net
 #    IPv4: 185.150.99.255
 #    IPv6: 2001:678:ed0:f000::
 #    Servername für DNS-over-TLS: dot.ffmuc.net
 #    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
 resolved_nameserver:
  - 192.168.122.1
 # search domains
 #
 # If there are more than one search domains, then specify them here in the order in which
 # the resolver should also search them
 #
 #resolved_domains: []
 resolved_domains:
  - ~.
  - anw-km.netz
 resolved_dnssec: false
 # dns.as250.net: 194.150.168.168
 #
 resolved_fallback_nameserver:
   - 172.16.122.254
 # ---
 # vars used by roles/common/tasks/cron.yml
 # ---
 cron_user_special_time_entries:
  - name: "Restart DNS Cache service 'systemd-resolved'"
    special_time: reboot
    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
    insertafter: PATH
  - name: "Activate ksm support"
    special_time: reboot
    job: "echo 1 > /sys/kernel/mm/ksm/run"
    insertafter: PATH
 cron_user_entries:
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh
  - name: "Check if postfix mailservice is running. Restart service if needed."
    minute: "*/5"
    hour: "*"
    job: /root/bin/monitoring/check_postfix.sh
  - name: "Check Postfix E-Mail LOG file for 'fatal' errors."
    minute: "*/30"
    hour: "*"
    job: /root/bin/postfix/check-postfix-fatal-errors.sh
  - name: "Clean up Samba Trash Dirs"
    minute: "02"
    hour: "23"
    job: /root/bin/samba/clean_samba_trash.sh
  - name: "Set (group and access) Permissons for Samba shares"
    minute: "14"
    hour: "23"
    job: /root/bin/samba/set_permissions_samba_shares.sh
  - name: "Check if ntpsec is running. Restart service if needed."
    minute: "*/6"
    hour: "*"
    job: /root/bin/monitoring/check_ntpsec_service.sh
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 sudoers_file_user_back_mount_privileges:
  - 'ALL=(root) NOPASSWD: /usr/bin/mount'
  - 'ALL=(root) NOPASSWD: /usr/bin/umount'
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 # ---
 # vars used by roles/common/tasks/samba-config-server.yml
 # vars used by roles/common/tasks/samba-user.yml
 # ---
 samba_server_ip: 192.168.122.10
 samba_server_cidr_prefix: 24
 samba_workgroup: WORKGROUP
 samba_netbios_name: FILE-KM
 samba_server_min_protocol: !!str NT1
 samba_groups:
  - name: kanzlei
    group_id: 1100
  - name: a-jur
    group_id: 1110
  - name: intern
    group_id: 1120
  - name: wildvang
    group_id: 1130
  #- name: aulmann
  #  group_id: 1130
  #- name: howe
  #  group_id: 1140
  - name: stahmann
    group_id: 1150
  - name: traine
    group_id: 1160
  - name: public
    group_id: 1170
  - name: alle
    group_id: 1180
 samba_user:
  - name: advoware
    groups:
      - advoware
    password: '9WNRbc49m3'
  - name: a-jur
    groups:
      - a-jur
      - alle
      - intern
      - kanzlei
    password: 'a-jur'
  - name: andrea
    groups:
      - advoware
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'fXc3bmK9gj'
  - name: andreas
    groups:
      - a-jur
      - advoware
      - alle
      - kanzlei
    password: 'YKQRa.M9-6rL'
  - name: aphex2
    groups:
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'J3KMRprK9H'
  - name: berenice
    groups:
      - advoware
      - kanzlei
      - a-jur
      - alle
    password: 'berenice'
  - name: beuster
    groups:
      - advoware
      - aulmann
      - howe
      - stahmann
      - traine
      - public
      - alle
    password: 'zlm17Kx'
  - name: buero
    groups:
      - advoware
      - kanzlei
      - a-jur
      - alle
    password: 'buero'
  - name: buero2
    groups:
      - advoware
      - kanzlei
      - a-jur
      - alle
    password: 'buero2'
  - name: buero3
    groups:
      - advoware
      - kanzlei
      - a-jur
      - alle
    password: 'buero3'
  - name: buero4
    groups:
      - advoware
      - kanzlei
      - a-jur
      - alle
    password: 'buero4'
  - name: buero7
    groups:
      - advoware
      - kanzlei
      - a-jur
      - alle
    password: 'buero7'
  - name: chris
    groups:
      - a-jur
      - advoware
      - alle
      - aulmann
      - intern
      - kanzlei
      - stahmann
      - traine
      - public
    password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          30383265366434633965346530666535363761396165393434643665393137353765653739636364
          6330623334353763613065343336306434376335646666380a363030363335656261656236636562
          63663763616630383264303039336562626537366634303636356237323630666635356130383165
          3837613337343533650a663061366230353531316535656433643162353063383534323833323138
          3430
  - name: christina
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'qvR7zX4Lhs'
  - name: federico
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'zHfj9g3NcC'
 #  - name: gerhard
 #    groups:
 #      - advoware
 #      - alle
 #      - aulmann
 #      - howe
 #      - stahmann
 #      - traine
 #      - public
 #    password: 'bHdhzWnTj9'
  - name: ho-st1
    groups:
      - alle
      - howe
      - stahmann
    password: '44-Ro-440'
 #  - name: howe-staff-1
 #    groups:
 #      - advoware
 #      - alle
 #      - aulmann
 #      - howe
 #    password: ''
  - name: irina
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'W9NKv39pXW'
  - name: jessica
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'bV3pjPtjkR'
 #  - name: laura
 #    groups:
 #      - alle
 #      - aulmann
 #      - howe
 #      - stahmann
 #      - traine
 #    password: '99-Hamburg-990'
  - name: lenovo3
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'fndvLmrt7W'
  - name: lenovo4
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'tpCMmTKj7H'
  - name: lenovo5
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: 'L5Hannover51'
  - name: lenovo6
    groups:
      - advoware
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
    password: '66koeln66'
  - name: rm-buero1
    groups:
      - advoware
      - alle
      - a-jur
      - kanzlei
    password: ''
  - name: rm-buero2
    groups:
      - advoware
      - alle
      - a-jur
      - kanzlei
    password: ''
  - name: rolf
    groups:
      - alle
      - aulmann
      - howe
      - stahmann
      - traine
      - public
    password: '4xNVNFXgP4'
  - name: sysadm
    groups:
      - a-jur
      - advoware
      - alle
      - aulmann
      - intern
      - kanzlei
      - stahmann
      - traine
      - public
    password: 'Ax_GSHh5'
  - name: thomas
    groups:
      - advoware
      - alle
      - traine
    password: '55-tho-mas-550'
  - name: Tresen
    groups:
      - a-jur
      - advoware
      - alle
      - kanzlei
      - howe
      - stahmann
      - traine
      - public
    password: 'maltzwo2'
  - name: wiebke
    groups:
      - alle
      - wildvang
      - public
    password: '4xNVNFXgP4'
  - name: winadm
    groups:
      - a-jur
      - advoware
      - alle
      - intern
      - kanzlei
      - public
    password: 'Ax_GSHh5'
 base_home: /data/home
 remove_samba_users:
  - name: howe-staff-1
  - name: gerhard
  - name: laura
 #remove_samba_users: []
 #remove_samba_users:
 #  - name: evren
 samba_shares:
  - name: a-jur
    comment: a-jur Dokumente
    path: /data/samba/a-jur
    group_valid_users: a-jur
    group_write_list: a-jur
    file_create_mask: !!str 664
    dir_create_mask: !!str 2775
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
  - name: kanzlei
    comment: Kanzlei auf Fileserver
    path: /data/samba/kanzlei
    group_valid_users: kanzlei
    group_write_list: kanzlei
    file_create_mask: !!str 664
    dir_create_mask: !!str 2775
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
  - name: install
    comment: Install auf Fileserver
    path: /data/samba/no-backup-shares/install
    group_valid_users: intern
    group_write_list: intern
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: false
  - name: wildvang
    comment: Traine auf Fileserver
    path: /data/samba/Wildvang
    group_valid_users: wildvang
    group_write_list: wildvang
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
 #  - name: aulmann
 #    comment: Aulmann auf Fileserver
 #    path: /data/samba/Aulmann
 #    group_valid_users: aulmann
 #    group_write_list: aulmann
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 #    vfs_object_recycle_is_visible: true
 #  - name: howe
 #    comment: Howe auf Fileserver
 #    path: /data/samba/Howe
 #    group_valid_users: howe
 #    group_write_list: howe
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 #    vfs_object_recycle_is_visible: true
  - name: stahmann
    comment: Stahmann auf Fileserver
    path: /data/samba/Stahmann
    group_valid_users: stahmann
    group_write_list: stahmann
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
  - name: traine
    comment: Traine auf Fileserver
    path: /data/samba/Traine
    group_valid_users: traine
    group_write_list: traine
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
  - name: public
    comment: Public auf Fileserver
    path: /data/samba/public
    group_valid_users: public
    group_write_list: public
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
  - name: Advoware-Schriftverkehr
    comment: Advoware Dokumente
    path: /data/samba/Advoware-Schriftverkehr
    group_valid_users: advoware
    group_write_list: advoware
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
  - name: Advoware-Backup
    comment: Advoware Dokumente
    path: /data/samba/Advoware-Backup
    group_valid_users: intern
    group_write_list: intern
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: false
  - name: alle
    comment: Alle auf Fileserver
    path: /data/samba/Alle
    group_valid_users: alle
    group_write_list: alle
    file_create_mask: !!str 660
    dir_create_mask: !!str 2770
    vfs_object_recycle: true
    recycle_path: '@Recycle'
    vfs_object_recycle_is_visible: true
 #  - name: web
 #    comment: Web auf Fileserver
 #    path: /data/samba/Web
 #    group_valid_users: web
 #    group_write_list: web
 #    file_create_mask: !!str 660
 #    dir_create_mask: !!str 2770
 #    vfs_object_recycle: true
 #    recycle_path: '@Recycle'
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
 root_user:
  name: root
  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/gw-campus.oopen.de.yml
+++ b/host_vars/gw-campus.oopen.de.yml
@@ -90,8 +90,8 @@ network_interfaces:
      - /sbin/ifconfig eno4 up
-  - device: eno6
+  - device: eno6np1
-    headline: eno6 -  Management Network Campus - network 10.72.1.0/24
+    headline: eno6np1 -  Management Network Campus - network 10.72.1.0/24
    auto: true
    family: inet
    method: static
@@ -99,8 +99,8 @@ network_interfaces:
    netmask: 24
-  - device: eno7
+  - device: eno7np2
-    headline: eno7 - network 192.168.11.0/24 (LAN Stockhausen)
+    headline: eno7np2 - network 192.168.11.0/24 (LAN Stockhausen)
    auto: true
    family: inet
    method: static
--- a/host_vars/iam-nd.oopen.de.yml
+++ b/host_vars/iam-nd.oopen.de.yml
@@ -0,0 +1,225 @@
 ---
 # ---
 # vars used by roles/network_interfaces
 # ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/ansible_user
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/systemd-resolved.yml
 # ---
 systemd_resolved: true
 # CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
 #   Primäre DNS-Adresse: 38.132.106.139
 #   Sekundäre DNS-Adresse: 194.187.251.67
 #
 # Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
 #   primäre DNS-Adresse
 #      IPv4: 1.1.1.1
 #      IPv6: 2606:4700:4700::1111
 #   sekundäre DNS-Adresse
 #      IPv4: 1.0.0.1
 #      IPv6: 2606:4700:4700::1001 
 # 
 # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
 #   primäre DNS-Adresse
 #      IPv4: 8.8.8.8
 #      IPv6: 2001:4860:4860::8888
 #   sekundäre DNS-Adresse
 #      IPv4: 8.8.4.4
 #      IPv6: 2001:4860:4860::8844
 #
 # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
 #   primäre DNS-Adresse
 #      IPv4: 9.9.9.9  
 #      IPv6: 2620:fe::fe 
 #   sekundäre DNS-Adresse
 #      IPv4: 149.112.112.112
 #      IPv6: 2620:fe::9
 #
 # OpenNIC - https://www.opennic.org/
 #      IPv4: 195.10.195.195 - ns31.de 
 #      IPv4: 94.16.114.254  - ns28.de 
 #      IPv4: 51.254.162.59  - ns9.de   
 #      IPv4: 194.36.144.87  - ns29.de
 #      IPv6: 2a00:f826:8:2::195 - ns31.de
 # 
 # Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) 
 #    IPv4: 5.1.66.255
 #    IPv6: 2001:678:e68:f000::
 #    Servername für DNS-over-TLS: dot.ffmuc.net
 #    IPv4: 185.150.99.255
 #    IPv6: 2001:678:ed0:f000::
 #    Servername für DNS-over-TLS: dot.ffmuc.net
 #    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
 resolved_nameserver:
  - 185.12.64.1
  - 2a01:4ff:ff00::add:2
  - 185.12.64.2
  - 2a01:4ff:ff00::add:1
 # search domains
 #
 # If there are more than one search domains, then specify them here in the order in which 
 # the resolver should also search them
 #
 #resolved_domains: []
 resolved_domains:
  - ~.
  - oopen.de
 resolved_dnssec: false
 # dns.as250.net: 194.150.168.168
 #
 resolved_fallback_nameserver:
   - 194.150.168.168
 # ---
 # vars used by roles/common/tasks/cron.yml
 # ---
 cron_env_entries:
  - name: PATH
    job: /root/bin/admin-stuff;/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  - name: SHELL
    job: /bin/bash
    insertafter: PATH
 cron_user_special_time_entries:
  - name: "Restart DNS Cache service 'systemd-resolved'"
    special_time: reboot
    job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
    insertafter: PATH
  - name: "Check if postfix mailservice is running. Restart service if needed."
    special_time: reboot
    job: "sleep 10 ; /root/bin/monitoring/check_postfix.sh > /dev/null 2>&1"
    insertafter: PATH
 cron_user_entries:
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh
  - name: "Check if Postfix Mailservice is up and running?"
    minute: '*/15'
    hour: '*'
    job: /root/bin/monitoring/check_postfix.sh
  - name: "Check if cert for Keycloak service is up-to-date"
    minute: '51'
    hour: '05'
    job: /root/bin/monitoring/check_cert_for_keycloak.sh
  - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
    minute: '23'
    hour: '05'
    job: /var/lib/dehydrated/cron/dehydrated_cron.sh
  - name: "Check whether all certificates are included in the VHOST configurations"
    minute: '33'
    hour: '05'
    job: /var/lib/dehydrated/tools/update_ssl_directives.sh
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 extra_user:
  - name: nd-admin
    user_id: 1045
    group_id: 1045
    group: nd-admin
    password: $y$j9T$1YJwHY0qdLimgtdOKlTxR1$/O9QWTpr0Y41TduR2GZ0FMCiIxFqOaXWSM9hmHRnv80
    shell: /bin/bash
    ssh_keys:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTjd4XFBdF/V9VdSZjy9G7nupBwaMqsrtQSP4Uctkrz org@rdsgn.de'
 sudo_users:
  - chris
  - sysadm
  - nd-admin
 # ---
 # vars used by roles/common/tasks/users-systemfiles.yml
 # ---
 # ---
 # vars used by roles/common/tasks/webadmin-user.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 #
 # see: roles/common/tasks/vars
 # ---
 # vars used by roles/common/tasks/caching-nameserver.yml
 # ---
 # ---
 # vars used by roles/common/tasks/git.yml
 # ---
 git_firewall_repository:
  name: ipt-server
  repo: https://git.oopen.de/firewall/ipt-server
  dest: /usr/local/src/ipt-server
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
 root_user:
  name: root
  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
--- a/host_vars/meet.akweb.de.yml
+++ b/host_vars/meet.akweb.de.yml
@@ -100,6 +100,62 @@ resolved_fallback_nameserver:
   - 194.150.168.168
 # ---
 # vars used by roles/common/tasks/cron.yml
 # ---
 cron_env_entries:
  - name: PATH
    job: /root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  - name: SHELL
    job: /bin/bash
    insertafter: PATH
 cron_user_entries:
  - name: "Restart Prosody Servive (used by Jitsi Meet Authentification)"
    minute: 57
    hour: 05
    job: systemctl restart prosody.service
  - name: "Check if cert for coTURN service is up-to-date"
    minute: 03
    hour: 05
    job: /root/bin/monitoring/check_cert_for_service.sh
  - name: "Check if cert(s) for Prosody service are up-to-date"
    minute: 13
    hour: 07
    job: /root/bin/monitoring/check_cert_for_prosody.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh
  - name: "Check if Postfix Mailservice is up and running?"
    minute: '*/15'
    hour: '*'
    job: /root/bin/monitoring/check_postfix.sh
  - name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
    minute: '*/5'
    hour: '*'
    job: /root/bin/postfix/check-postfix-fatal-errors.sh
  - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
    minute: '23'
    hour: '05'
    job: /var/lib/dehydrated/cron/dehydrated_cron.sh
  - name: "Check whether all certificates are included in the VHOST configurations"
    minute: '33'
    hour: '05'
    job: /var/lib/dehydrated/tools/update_ssl_directives.sh
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
--- a/host_vars/meet.oopen.de.yml
+++ b/host_vars/meet.oopen.de.yml
@@ -102,6 +102,63 @@ resolved_fallback_nameserver:
   - 194.150.168.168
 # ---
 # vars used by roles/common/tasks/cron.yml
 # ---
 cron_env_entries:
  - name: PATH
    job: /root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  - name: SHELL
    job: /bin/bash
    insertafter: PATH
 cron_user_entries:
  - name: "Restart Prosody Servive (used by Jitsi Meet Authentification)"
    minute: 57
    hour: 05
    job: systemctl restart prosody.service
  - name: "Check if cert for coTURN service is up-to-date"
    minute: 03
    hour: 05
    job: /root/bin/monitoring/check_cert_for_service.sh
  - name: "Check if cert(s) for Prosody service are up-to-date"
    minute: 13
    hour: 07
    job: /root/bin/monitoring/check_cert_for_prosody.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_ssh.sh
  - name: "Check if Postfix Mailservice is up and running?"
    minute: '*/15'
    hour: '*'
    job: /root/bin/monitoring/check_postfix.sh
  - name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
    minute: '*/5'
    hour: '*'
    job: /root/bin/postfix/check-postfix-fatal-errors.sh
  - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
    minute: '23'
    hour: '05'
    job: /var/lib/dehydrated/cron/dehydrated_cron.sh
  - name: "Check whether all certificates are included in the VHOST configurations"
    minute: '33'
    hour: '05'
    job: /var/lib/dehydrated/tools/update_ssl_directives.sh
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
--- a/host_vars/nd-archiv.warenform.de.yml
+++ b/host_vars/nd-archiv.warenform.de.yml
@@ -26,7 +26,7 @@
 apt_install_extra_pkgs: true
 apt_extra_pkgs:
-  - wkhtmltopdf
+  - weasyprint
  - pdftk
  - subversion
  - subversion-tools
--- a/host_vars/nd-live.warenform.de.yml
+++ b/host_vars/nd-live.warenform.de.yml
@@ -26,7 +26,8 @@
 apt_install_extra_pkgs: true
 apt_extra_pkgs:
-  - wkhtmltopdf
+  - weasyprint
  - pdftk
  - subversion
  - subversion-tools
--- a/host_vars/nd.warenform.de.yml
+++ b/host_vars/nd.warenform.de.yml
@@ -26,7 +26,7 @@
 apt_install_extra_pkgs: true
 apt_extra_pkgs:
-  - wkhtmltopdf
+  - weasyprint
  - pdftk
  - subversion
  - subversion-tools
--- a/host_vars/o12.oopen.de.yml
+++ b/host_vars/o12.oopen.de.yml
@@ -243,6 +243,11 @@ cron_user_special_time_entries:
 cron_user_entries:
  - name: "Check if webservices sre running. Restart if necessary"
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_webservice_load.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
--- a/host_vars/o13.oopen.de.yml
+++ b/host_vars/o13.oopen.de.yml
@@ -145,6 +145,11 @@ cron_user_special_time_entries:
 cron_user_entries:
  - name: "Check if webservices sre running. Restart if necessary"
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_webservice_load.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
--- a/host_vars/o22.oopen.de.yml
+++ b/host_vars/o22.oopen.de.yml
@@ -257,6 +257,11 @@ cron_user_special_time_entries:
 cron_user_entries:
  - name: "Check if webservices sre running. Restart if necessary"
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_webservice_load.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
--- a/host_vars/o26.oopen.de.yml
+++ b/host_vars/o26.oopen.de.yml
@@ -262,7 +262,7 @@ root_ssh_keypair:
    priv_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup
    priv_key_dest: /root/.ssh/id_ed25519-backup
    pub_key_src: o26.oopen.de/root/.ssh/id_ed25519-backup.pub
-    pub_key_dest: /root/.ssh/id_ed25519-backup
+    pub_key_dest: /root/.ssh/id_ed25519-backup.pub
 # ---
@@ -386,7 +386,7 @@ cron_user_entries:
  - name: "Remote Borg Backup"
    minute: '04'
    hour: '00'
-    job: /root/crontab/backup-rborg/rborg.sh
+    job: /root/crontab/backup-rborg2/rborg2.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
--- a/host_vars/o36.oopen.de.yml
+++ b/host_vars/o36.oopen.de.yml
@@ -248,6 +248,11 @@ cron_user_special_time_entries:
 cron_user_entries:
  - name: "Check if webservices sre running. Restart if necessary"
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_webservice_load.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
--- a/host_vars/o39.oopen.de.yml
+++ b/host_vars/o39.oopen.de.yml
@@ -250,6 +250,11 @@ cron_user_special_time_entries:
 cron_user_entries:
  - name: "Check if webservices sre running. Restart if necessary"
    minute: '*/5'
    hour: '*'
    job: /root/bin/monitoring/check_webservice_load.sh
  - name: "Check if SSH service is running. Restart service if needed."
    minute: '*/5'
    hour: '*'
--- a/host_vars/test.mariadb.oopen.de.yml
+++ b/host_vars/test.mariadb.oopen.de.yml
@@ -0,0 +1,56 @@
 ---
 # ---
 # vars used by role 'firewall'
 # ---
 # ---
 # vars used by roles/ansible_dependencies
 # ---
 # ---
 # vars used by roles/common/tasks/basic.yml
 # ---
 # ---
 # vars used by cron.yml
 # ---
 #cron_env_entries: []
 cron_env_entries:
  - name: PATH
    job: /root/bin/admin-stuff:/root/bin:/usr/local/php/bin:/usr/local/apache2/bin:/sbin:/bin:/usr/local/dovecot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  - name: SHELL
    job: /bin/bash
 # ---
 # vars used by apt.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sshd.yml
 # ---
 # ---
 # vars used by roles/common/tasks/users.yml
 # ---
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---
 # ==============================
 # ---
 # vars used by scripts/reset_root_passwd.yml
 # ---
--- a/host_vars/web0.warenform.de.yml
+++ b/host_vars/web0.warenform.de.yml
@@ -26,7 +26,7 @@
 apt_install_extra_pkgs: true
 apt_extra_pkgs:
-  - wkhtmltopdf
+  - weasyprint
  - pdftk
  - subversion
  - subversion-tools
--- a/host_vars/web1.warenform.de.yml
+++ b/host_vars/web1.warenform.de.yml
@@ -26,7 +26,8 @@
 apt_install_extra_pkgs: true
 apt_extra_pkgs:
-  - wkhtmltopdf
+  - weasyprint
  - pdftk
  - subversion
  - subversion-tools
--- a/host_vars/web2.warenform.de.yml
+++ b/host_vars/web2.warenform.de.yml
@@ -26,7 +26,8 @@
 apt_install_extra_pkgs: true
 apt_extra_pkgs:
-  - wkhtmltopdf
+  - weasyprint
  - pdftk
  - subversion
  - subversion-tools
--- a/7
+++ b/7
@@ -163,6 +163,7 @@ o15.oopen.de
 o17.oopen.de
 test.mx.oopen.de
 test.mariadb.oopen.de
 # Exil e.V.
 o18.oopen.de
@@ -283,6 +284,7 @@ mm-rav.oopen.de
 o43.oopen.de
 formbricks-nd.oopen.de
 keycloak-nd.oopen.de
 iam-nd.oopen.de
 prometheus-nd.oopen.de
 web-nd.oopen.de
 test-nd.oopen.de
@@ -500,6 +502,7 @@ mm-rav.oopen.de
 o43.oopen.de
 formbricks-nd.oopen.de
 keycloak-nd.oopen.de
 iam-nd.oopen.de
 prometheus-nd.oopen.de
 web-nd.oopen.de
 test-nd.oopen.de
@@ -940,6 +943,7 @@ mm-rav.oopen.de
 # o43 - ND prometheus, web
 keycloak-nd.oopen.de
 iam-nd.oopen.de
 prometheus-nd.oopen.de
 web-nd.oopen.de
@@ -1081,6 +1085,7 @@ mm-rav.oopen.de
 # o43 - ND app
 keycloak-nd.oopen.de
 iam-nd.oopen.de
 prometheus-nd.oopen.de
@@ -1701,6 +1706,7 @@ mm-rav.oopen.de
 # o43 - ND 
 keycloak-nd.oopen.de
 iam-nd.oopen.de
 prometheus-nd.oopen.de
 web-nd.oopen.de
 test-nd.oopen.de
@@ -1942,6 +1948,7 @@ mm-rav.oopen.de
 o43.oopen.de
 formbricks-nd.oopen.de
 keycloak-nd.oopen.de
 iam-nd.oopen.de
 prometheus-nd.oopen.de
 web-nd.oopen.de
 test-nd.oopen.de
--- a/roles/ansible_dependencies-bookworm/tasks/main.yml
+++ b/roles/ansible_dependencies-bookworm/tasks/main.yml
@@ -19,11 +19,8 @@
  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
 - name: dpkg --configure -a
-  command: >
+  ansible.builtin.command: dpkg --configure -a
-    dpkg --configure -a
+  changed_when: (_dpkg_configure.stdout | default('')) | length > 0
  args:
    warn: false
  changed_when: _dpkg_configure.stdout_lines | length
  register: _dpkg_configure
  when: apt_dpkg_configure|bool
  tags:
@@ -44,4 +41,3 @@
    state: "{{ apt_install_state }}"
  tags:
    - ansible-dependencies
--- a/roles/common/tasks/webadmin-user.yml
+++ b/roles/common/tasks/webadmin-user.yml
@@ -197,7 +197,7 @@
    label: '{{ item.item.name }}'
  when:
    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') != ''
  tags:
    - webadmin
    - bash
@@ -240,7 +240,7 @@
    label: '{{ item.item.name }}'
  when:
    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') != ''
  tags:
    - webadmin
    - profile
@@ -261,7 +261,7 @@
    label: '{{ item.item.name }}'
  when:
    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') != ''
  tags:
    - webadmin
    - vim
@@ -288,4 +288,3 @@
  tags:
    - webadmin
    - vim
Author	SHA1	Message	Date
Christoph	d1444e1507	Add cron job to monitor web services and restart if necessary	2026-05-06 15:57:11 +02:00
Christoph	b0dd95318a	Add and update host variable files for various servers - Created new host variable file for `iam-nd.oopen.de` with network and cron configurations. - Created new host variable file for `test.mariadb.oopen.de` with cron environment entries. - Updated `file-km.anw-km.netz.yml.BAK.2026-04-18-1218` with network interface configurations and DNS settings. - Modified `gw-campus.oopen.de.yml` to change device names for network interfaces. - Updated `nd-archiv.warenform.de.yml`, `nd-live.warenform.de.yml`, `nd.warenform.de.yml`, `web0.warenform.de.yml`, `web1.warenform.de.yml`, and `web2.warenform.de.yml` to replace `wkhtmltopdf` with `weasyprint` in the list of extra packages. - Updated `o26.oopen.de.yml` to correct SSH key destination and change backup job script path. - Added `iam-nd.oopen.de` to the hosts file for server management.	2026-05-01 02:30:31 +02:00
Christoph	7d5640f3bd	Refactor dpkg command task for improved clarity and reliability	2026-05-01 02:29:53 +02:00
Christoph	c6a760e26e	Update conditions for checking user configuration files in webadmin-user.yml	2026-05-01 02:29:27 +02:00