--- # --- # vars used by roles/ansible_dependencies # --- apt_ansible_dependencies: - apt-transport-https - ca-certificates - dbus - lsb-release - mc - net-tools - openssl - python-apt-common - python3 - python3-apt - software-properties-common - sudo - vim - vlan # --- # vars used by roles/ansible_user # --- ansible_remote_user: - name: chris password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' # --- # vars used by roles/common/tasks/basic.yml # --- time_zone: Europe/Berlin locales: - en_US.UTF-8 - de_DE.UTF-8 #copy_plain_files_security_limits: [] copy_plain_files_security_limits: # /etc/security/limits.d/*.conf # - name: 90-user-NOFILE.conf src_path: etc/security/limits.d/90-user-NOFILE.conf dest_path: /etc/security/limits.d/90-user-NOFILE.conf #copy_plain_files_systemd: [] copy_plain_files_systemd: # /etc/systemd/system.conf.d/*.conf # - name: DefaultLimitNOFILE src_path: etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf - name: DefaultTasksMax src_path: etc/systemd/system.conf.d/20-DefaultTasksMax.conf dest_path: /etc/systemd/system.conf.d/20-DefaultTasksMax.conf - name: DefaultLimitCORE src_path: etc/systemd/system.conf.d/20-DefaultLimitCORE.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitCORE.conf - name: DefaultLimitNPROC src_path: etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf - name: DefaultLimitRTPRIO src_path: etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf - name: DefaultLimitRTTIME src_path: etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf #copy_plain_files_journald: [] copy_plain_files_journald: - name: SystemMaxUse src_path: etc/systemd/journald.conf.d/50-SystemMaxUse.conf dest_path: /etc/systemd/journald.conf.d/50-SystemMaxUse.conf - name: SystemMaxFileSize src_path: etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf dest_path: /etc/systemd/journald.conf.d/50-SystemMaxFileSize.conf - name: MaxFileSec src_path: etc/systemd/journald.conf.d/50-MaxFileSec.conf dest_path: /etc/systemd/journald.conf.d/50-MaxFileSec.conf #copy_plain_files_sysctl: [] copy_plain_files_sysctl: # /etc/sysctl.d/*.conf # - name: dovecot src_path: etc/sysctl.d/50-dovecot.conf dest_path: /etc/sysctl.d/50-dovecot.conf - name: redis src_path: etc/sysctl.d/50-redis.conf dest_path: /etc/sysctl.d/50-redis.conf - name: swappiness src_path: etc/sysctl.d/50-swappiness.conf dest_path: /etc/sysctl.d/50-swappiness.conf - name: ddos src_path: etc/sysctl.d/10-ddos.conf dest_path: /etc/sysctl.d/10-ddos.conf copy_additional_plain_files_sysctl: [] # --- # vars used by apt.yml # --- apt_manage_sources_list: true apt_src_enable: true apt_backports_enable: true apt_debian_mirror: http://ftp.de.debian.org/debian/ apt_debian_contrib_nonfree_enable: true # Ubuntu mirror apt_ubuntu_mirror: http://archive.ubuntu.com/ubuntu apt_update_cache_valid_time: 3600 apt_upgrade: true apt_update: true apt_clean: true apt_autoremove: true apt_dpkg_configure: true apt_upgrade_type: dist apt_upgrade_dpkg_options: - force-confdef - force-confold apt_initial_install_stretch: - apt-transport-https - cryptsetup - dbus - openssh-server - rssh - bash - bash-completion - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - exuberant-ctags - mime-support - file - coreutils - moreutils - less - realpath - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.24 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man-db - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh apt_initial_install_buster: - apt-transport-https - cryptsetup - gnupg - gpgv - deborphan - dbus - openssh-server - rush - bash - bash-completion - vim - vim-common - vim-doc - mc - screen - tmux - cron - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.28 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - libcroco3-dev - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh - lua5.3 - btrfs-tools - fdisk apt_initial_install_bullseye: - apt-transport-https - cryptsetup - gnupg - gpgv - deborphan - zstd - dbus - openssh-server - rush - bash - bash-completion - vim - vim-common - vim-doc - mc - screen - tmux - cron - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - universal-ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.32 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline-dev - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh - lua5.4 - btrfs-progs - fdisk apt_initial_install_bookworm: - cryptsetup - dbus - openssh-server - rush - bash - bash-completion - vim - vim-common - vim-doc - mc - screen - tmux - cron - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - universal-ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.36 - perl-doc - libperl-dev - libreadline-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh - lua5.4 - btrfs-progs - fdisk apt_initial_install_xenial: - apt-transport-https - cryptsetup - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.22 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - ifupdown - socat apt_initial_install_bionic: - apt-transport-https - cryptsetup - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.26 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - ifupdown - socat apt_initial_install_jammy: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - exuberant-ctags - universal-ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - ifupdown - socat install_compiler_pkgs: false apt_compiler_pkgs: - g++ - g++-multilib - gcc - gcc-multilib - cpp - make - automake - autoconf - libtool - flex - bison - gettext - pkg-config - gnu-standards - libssl-dev - libreadline-dev - libncurses-dev - libsystemd-dev - libnss3-dev #- python-dev yum_compiler_pkgs_centos: - gcc-c++ - cpp - make - cmake - automake - autoconf - libtool - flex - bison - gettext - pkgconfig - openssl-devel - openssl-static - readline-devel - readline-static - ncurses - ncurses-devel - ncurses-static - systemd-devel - nss-devel yum_compiler_pkgs_fedora: - gcc-c++ - cpp - make - cmake - automake - autoconf - libtool - flex - bison - gettext - pkgconfig - openssl-devel - readline-devel - readline-static - ncurses - ncurses-devel - ncurses-static - systemd-devel - nss-devel install_webserver_pkgs: false yum_webserver_pkgs_centos: - libdb-devel - zlib - zlib-devel - zlib-static - openssl-devel - openssl-static - neon - neon-devel - libxml2 - libxml2-devel - libxml2-static - curl - libcurl - libcurl-devel - gdbm - gdbm-devel - aspell - aspell-devel - libjpeg-turbo - libjpeg-turbo-devel - libjpeg-turbo-static - libXpm - libXpm-devel - freetype - freetype-devel - libwmf - libwmf-devel - libtiff - libtiff-devel - libtiff-static - libpaper-devel - libpaper-devel - file-libs - file-devel - file-static - GraphicsMagick - GraphicsMagick-perl - GraphicsMagick-devel - GraphicsMagick-doc - GraphicsMagick-c++ - GraphicsMagick-c++-devel - graphviz - graphviz-devel - libgsf - libgsf-devel - ilmbase - ilmbase-devel - libvpx - libvpx-devel - libvpx-utils - gpm - gpm-devel - gpm-static - texlive-kpathsea - texlive-kpathsea-bin - texlive-kpathsea-lib - texlive-kpathsea-lib-devel - OpenEXR - OpenEXR-libs - OpenEXR-devel - librsvg2 - librsvg2-devel - librsvg2-tools - djvulibre - djvulibre-libs - djvulibre-devel - expat - expat-devel - expat-static - ImageMagick - ImageMagick-devel - libexif - libexif-devel - exiv2 - exiv2-libs - exiv2-devel - re2c - netpbm - netpbm-devel - netpbm-progs - mcrypt - libmcrypt - libmcrypt-devel - mariadb-libs - mariadb-devel - postgresql-libs - postgresql-devel - postgresql-static - libdbi - libdbi-devel - libdbi-dbd-mysql - libdbi-dbd-pgsql - libdbi-dbd-sqlite - libdbi-devel - libdbi-drivers - readline - readline-devel - ncurses - ncurses-devel - ncurses-static - libdb - libdb-devel - libdb-cxx - libdb-cxx-devel - libxslt - libxslt-devel - pcre - pcre-devel - pcre-static - libc-client - libicu - libicu-devel - libtidy - libtidy-devel - ModemManager - ModemManager-glib - gmp - gmp-devel - gmp-static - krb5-libs - krb5-devel - openldap - openldap-devel - mhash - mhash-devel.x86_64 - gd - gd-devel - lua - lua-static - lua-devel - apr - apr-devel.i686 - apr-util - apr-util-devel - apr-util-ldap - apr-util-mysql - apr-util-nss - apr-util-odbc - apr-util-openssl - apr-util-pgsql - apr-util-sqlite - lksctp-tools - lksctp-tools-devel - openssl - openssl-libs - openssl-devel - openssl-static - cryptopp - cryptopp-devel - GeoIP - GeoIP-devel - libaio - libaio-devel - tk - tk-devel - tcl - tcl-devel - tcl-tclreadline - tcl-tclreadline-devel - expect - expect-devel - perl-Expect - poppler-utils # - libqdbm-dev #- libatm-dev #- libc-client2007e-dev #- libc-client-dev #- ffmpeg yum_webserver_pkgs_fedora: - libdb-devel - zlib - zlib-devel - zlib-static - openssl-devel - neon - neon-devel - libxml2 - libxml2-devel - libxml2-static - curl - libcurl - libcurl-devel - gdbm - gdbm-devel - aspell - aspell-devel - libjpeg-turbo - libjpeg-turbo-devel - libjpeg-turbo-static - libXpm - libXpm-devel - freetype - freetype-devel - libwmf - libwmf-devel - libtiff - libtiff-devel - libtiff-static - libpaper-devel - libpaper-devel - file-libs - file-devel - file-static - GraphicsMagick - GraphicsMagick-perl - GraphicsMagick-devel - GraphicsMagick-doc - GraphicsMagick-c++ - GraphicsMagick-c++-devel - graphviz - graphviz-devel - libgsf - libgsf-devel - ilmbase - ilmbase-devel - libvpx - libvpx-devel - libvpx-utils - gpm - gpm-devel - gpm-static - texlive-kpathsea - texlive-kpathsea-bin - texlive-kpathsea-lib - texlive-kpathsea-lib-devel - OpenEXR - OpenEXR-libs - OpenEXR-devel - librsvg2 - librsvg2-devel - librsvg2-tools - djvulibre - djvulibre-libs - djvulibre-devel - expat - expat-devel - expat-static - ImageMagick - ImageMagick-devel - libexif - libexif-devel - exiv2 - exiv2-libs - exiv2-devel - re2c - netpbm - netpbm-devel - netpbm-progs - mcrypt - libmcrypt - libmcrypt-devel - mariadb-devel - postgresql-libs - postgresql-private-devel - postgresql-static - libdbi - libdbi-devel - libdbi-dbd-mysql - libdbi-dbd-pgsql - libdbi-dbd-sqlite - libdbi-devel - libdbi-drivers - readline - readline-devel - ncurses - ncurses-devel - ncurses-static - libdb - libdb-devel - libdb-cxx - libdb-cxx-devel - libxslt - libxslt-devel - pcre - pcre-devel - pcre-static - libicu - libicu-devel - libtidy - libtidy-devel - ModemManager - ModemManager-glib - gmp - gmp-devel - gmp-static - krb5-libs - krb5-devel - openldap - openldap-devel - mhash - mhash-devel.x86_64 - gd - gd-devel - lua - lua-static - lua-devel - apr - apr-devel.i686 - apr-util - apr-util-devel - apr-util-ldap - apr-util-mysql - apr-util-odbc - apr-util-openssl - apr-util-pgsql - apr-util-sqlite - lksctp-tools - lksctp-tools-devel - openssl - openssl-libs - openssl-devel - cryptopp - cryptopp-devel - GeoIP - GeoIP-devel - libaio - libaio-devel - tk - tk-devel - tcl - tcl-devel - tcl-tclreadline - tcl-tclreadline-devel - expect - expect-devel - perl-Expect - poppler-utils apt_webserver_pkgs: - libdb-dev - zlib1g - zlib1g-dev - libssl-dev - libneon27-dev - libxml2 - libxml2-dev - curl - libcurl4-openssl-dev - libqdbm-dev - libgdbm-dev - libpspell-dev - libjpeg-dev - libpng-dev - libxpm-dev - libfreetype6-dev - libwmf-dev - libtiff-dev - libpaper-dev - libmagic-dev - libgraphics-magick-perl - libgraphicsmagick++1-dev - libgraphicsmagick-q16-3 - libgraphicsmagick1-dev - libgraphviz-dev - libgsf-1-dev - libilmbase-dev - libvpx-dev - vpx-tools - libgpm-dev - libkpathsea-dev - libopenexr-dev - librsvg2-dev - libdjvulibre-dev - libatm-dev - libexpat-dev - imagemagick - graphicsmagick - exif - libexiv2-dev - re2c - netpbm - libnetpbm10-dev - libmcrypt-dev - mcrypt - default-libmysqlclient-dev - libpq-dev - postgresql-client - libreadline-dev - libncurses-dev - libdb5.3 - libdb5.3++ - libdb5.3++-dev - libdb5.3-dev - libxslt1-dev - libpcre3-dev - libc-client2007e-dev - libc-client-dev - libicu-dev - libtidy-dev - libmm-dev - libgmp-dev - libkrb5-dev - libldap-dev - libmhash-dev - libgd-dev - liblua5.3-dev - libapr1-dev - libaprutil1-dev - libsctp-dev - libcrypto++-dev - ffmpeg - libmagickwand-dev - libgeoip-dev - libaio-dev - tk-dev - tcl-dev - tclreadline - expect - expect-dev - libexpect-perl - poppler-utils install_postgresql_pkgs: false apt_postgresql_pkgs: - postgresql yum_postgresql_pkgs_centos: - postgresql - postgresql-server - postgresql-libs - postgresql-devel - postgresql-static - postgresql-plperl - perl-DBD-Pg - perl-DateTime-Format-Pg - check_postgres yum_postgresql_pkgs_fedora: - postgresql - postgresql-server - postgresql-libs - postgresql-private-devel - postgresql-static - postgresql-plperl - perl-DBD-Pg - perl-DateTime-Format-Pg - check_postgres install_bind_packages: false apt_bind_pkgs: - bind9 yum_bind_pks: - bind install_lxc_host_pkgs: false apt_lxc_host_pkgs: - bridge-utils - lxc - lxc-templates - lxcfs - python3-lxc - debootstrap - ntpsec yum_lxc_host_pkgs_centos: - bridge-utils - lxc - lxc-templates - python36-lxc - debootstrap - ntp yum_lxc_host_pkgs_fedora: - bridge-utils - lxc - lxc-templates - python3-lxc - debootstrap - ntpsec install_kvm_host_pkgs: false apt_kvm_host_pkgs: - lvm2 - bridge-utils - ntfs-3g - qemu-system - qemu-kvm - libvirt-clients - libvirt-daemon-system - libosinfo-bin - virtinst - libguestfs-tools - kpartx - debootstrap - ntpsec apt_gateway_host_pkgs: - iptraf - speedtest-cli # available in debian 10 (buster) but not in debian 11 (bullseye) # apt_kvm_host_buster_pkgs: - virt-top apt_install_extra_pkgs: false apt_extra_pkgs: [] apt_install: {} apt_install_state: latest apt_remove: - rpcbind - apt-transport-tor - tor - tor-geoipdb - torsocks apt_remove_purge: false microcode_package: - intel-microcode - amd64-microcode # --- # vars used by yum.yml # --- yum_install_state: latest yum_ansible_dependencies: - ca-certificates - dbus - redhat-lsb-core - mc - net-tools - openssl - python3 - sudo - vim yum_base_install_centos_7: - redhat-lsb-core - ca-certificates - git - iproute - mc - net-tools - bind-utils - openssl - python2 - python3 - sudo - vim - yum-utils yum_initial_install_centos_7: - cryptsetup - dbus - openssh-server - bash - bash-completion - vim - vim-common - mc - screen - tmux - cronie - bc - figlet - sudo - rsync - dselect - iputils - zip - unzip - bzip2 - arj - mlocate - curl - gawk - mawk - lynx - links - w3m - ctags - file - coreutils - moreutils - less - sipcalc - psmisc - whois - gettext - gettext-devel - debian-keyring - patch - patchutils - recode - recode-devel - sharutils - perl - perl-devel - readline - readline-devel - libtermkey - libtermkey-devel - perl-Time-Duration-Parse - perl-DateTime - perl-libwww-perl - pcre - pcre2 - perl-IO-Compress - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - bridge-utils - ethtool - nwipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - man - groff - iptables - ShellCheck - ftp - htop - net-tools - attr - acl - quota - quotatool - needrestart - socat - zsh - lua - btrfs-progs yum_base_install_fedora_38: - redhat-lsb-core - ca-certificates - git - iproute - mc - net-tools - bind-utils - openssl - python2 - python3 - sudo - vim - yum-utils yum_initial_install_fedora_38: - cryptsetup - dbus - openssh-server - bash - bash-completion - vim - vim-common - mc - screen - tmux - cronie - bc - figlet - sudo - rsync - dselect - iputils - zip - unzip - bzip2 - arj - mlocate - curl - gawk - mawk - lynx - links - w3m - ctags - file - coreutils - moreutils - less - sipcalc - psmisc - whois - gettext - gettext-devel - debian-keyring - patch - patchutils - recode - recode-devel - sharutils - perl - perl-devel - readline - readline-devel - libtermkey - libtermkey-devel - perl-Time-Duration-Parse - perl-DateTime - perl-libwww-perl - pcre - pcre2 - perl-IO-Compress - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - bridge-utils - ethtool - nwipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - man - groff - iptables - ShellCheck - ftp - htop - net-tools - attr - acl - quota - quotatool - needrestart - socat - zsh - lua - btrfs-progs #- ntpdate # --- # vars used by roles/common/tasks/systemd-resolved.yml # --- systemd_resolved: false # CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie # Primäre DNS-Adresse: 38.132.106.139 # Sekundäre DNS-Adresse: 194.187.251.67 # # Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen # primäre DNS-Adresse # IPv4: 1.1.1.1 # IPv6: 2606:4700:4700::1111 # sekundäre DNS-Adresse # IPv4: 1.0.0.1 # IPv6: 2606:4700:4700::1001 # # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit # primäre DNS-Adresse # IPv4: 8.8.8.8 # IPv6: 2001:4860:4860::8888 # sekundäre DNS-Adresse # IPv4: 8.8.4.4 # IPv6: 2001:4860:4860::8844 # # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug # primäre DNS-Adresse # IPv4: 9.9.9.9 # IPv6: 2620:fe::fe # sekundäre DNS-Adresse # IPv4: 149.112.112.112 # IPv6: 2620:fe::9 # # OpenNIC - https://www.opennic.org/ # IPv4: 195.10.195.195 - ns31.de # IPv4: 94.16.114.254 - ns28.de # IPv4: 51.254.162.59 - ns9.de # IPv4: 194.36.144.87 - ns29.de # IPv6: 2a00:f826:8:2::195 - ns31.de # # Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) # IPv4: 5.1.66.255 # IPv6: 2001:678:e68:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # IPv4: 185.150.99.255 # IPv6: 2001:678:ed0:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) resolved_nameserver: - 195.10.195.195 - 1.1.1.1 # search domains # # If there are more than one search domains, then specify them here in the order in which # the resolver should also search them # #resolved_domains: [] resolved_domains: - oopen.de resolved_dnssec: true # dns.as250.net: 194.150.168.168 # resolved_fallback_nameserver: - 194.150.168.168 # --- # vars used by tor.yml # --- torrc_path: /etc/tor/torrc tordir: /var/lib/tor/ tor_hidden_service_dir: /var/lib/tor/hidden_service/ tor_hidden_service_port: - 25 127.0.0.25:25 - 80 127.0.0.1:80 - 465 127.0.0.25:465 - 587 127.0.0.25:587 - 993 127.0.0.1:993 - 995 127.0.0.1:995 # --- # vars used by modify-munin-ip.yml # --- munin_remote_ipv4: 37.27.121.227 munin_remote_ipv6: 2a01:4f9:3070:2bda::22 munin_remote_ipv4_old: 135.181.136.84 munin_remote_ipv6_old: 2a01:4f9:3a:1051::84 # --- # vars used by cron.yml # --- cron_env_entries: [] #cron_env_entries: # - name: PATH # job: /root/bin/admin-stuff:/root/bin:usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin # # - name: SHELLforwarding # job: /bin/bash cron_user_entries: [] #cron_user_entries: # # - name: "Check if Postfix Mailservice is up and running?" # minute: "*/15" # job: /root/bin/monitoring/check_postfix.sh # # - name: "Check if SSH service is up and running?" # minute: "*/15" # job: /root/bin/monitoring/check_ssh.sh cron_user_special_time_entries: [] #cron_user_special_time_entries: # # - name: "Check if Postfix Service is running at boot time" # special_time: reboot # job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" # insertafter: PATH # --- # vars used by roles/common/tasks/users.yml # --- insert_ssh_keypair_backup_server: false ssh_keypair_backup_server: [] insert_keypair_backup_client: false ssh_keypair_backup_client: [] insert_root_ssh_keypair: false root_ssh_keypair: [] default_user: - name: chris password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: sysadm user_id: 1050 group_id: 1050 group: sysadm password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: localadmin user_id: 1051 group_id: 1051 group: localadmin password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: back user_id: 1060 group_id: 1060 group: back password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' extra_user: [] sudo_users: [] extra_system_user: [] entries_authorized_key: [] #entries_authorized_key: # - user: root # - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcc4brtgGW0xP2KiZGq5xsyUKcNiYF72zQ49Z0lqx3iu0zj9oz79oGZY1N9jCeKG30AsbwL+4H6/l2hAekFZu6fIwuiRgCVRAwYrnnlOGDAnYOGHfks23pk2BU0/fb2VnxiK967FvpJ/xDP49t1UC5voX/O2MTkz6NROJPwIClHgnwN1bg+C09UpJNmmdROi8myhiu1/aYbAWDfQzVUnHio0q3vBM16ZUQkoIHxQT4fF8elS408n0jd9WJHyRtLB/mCMI6O3G2yHdPVciqKwgRwRtJ8hDjmFfyeLtxb4ADpa2Q/f6MuJI0elxbxjp8l2XKjVSwPJ8GKomC16HfgFMrnUNQcx9YMrXB26f+lperf9NlwbQtXZffj9M+BxTAFvh+1Q/iIHqRat2Bb/8OUY9JI2zuWUliffqb5Kbzjik4vMqZvI2ED2zphsPcpLST7u+4z40vZliBf1F4P2vDBfIRK87ldfJQQw6saMZznjZPNV7CA+K7IFCpOz0wuoVE3wOka8hdYmMIMno34Zf6P+xuTaAPXJOCubKuhicUlhtX7q72Pln5kuvbO3ZRgEK3XnyIWeAd2rkaU6XVo7W19043e9HkkbG8nZETYu7TGFhufXyloinde5XLyW295BS8fKa1AteJPDLY4ClF2PZiWbxWRjAhlRAlgXgup09rN2HHjw== root@b.ns' create_sftp_group: false # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- # --- # vars used by roles/common/tasks/webadmin-user.yml # --- insert_webadmin_ssh_keypair: false webadmin_ssh_keypair: [] webadmin_user: [] # --- # vars used by roles/common/tasks/sshd.yml # --- sshd_ports: - 22 sshd_listen_address: - '::' - '0.0.0.0' sshd_host_keys: - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key sshd_max_startups: !!str "10:30:100" sshd_max_auth_tries: 6 sshd_max_sessions: 10 # only for debian version <= 9 # sshd_use_privilege_separation: !!str "sandbox" sshd_permit_root_login: !!str "prohibit-password" sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2" sshd_pubkey_authentication: !!str "yes" sshd_password_authentication: !!str "no" sshd_use_pam: !!str "yes" #sshd_allowed_users: # - chris # - sysadm sshd_allowed_users: {} sshd_print_motd: !!str "no" sshd_use_dns: !!str "no" sshd_gateway_ports: !!str "no" # sshd_kexalgorithms # # Example: # sshd_kexalgorithms: # - curve25519-sha256@libssh.org # - diffie-hellman-group-exchange-sha256 # - diffie-hellman-group14-sha1 # #sshd_kexalgorithms: {} sshd_hostkeyalgorithms: - ssh-ed25519 - ssh-ed25519-cert-v01@openssh.com - rsa-sha2-256 - rsa-sha2-512 - rsa-sha2-256-cert-v01@openssh.com - rsa-sha2-512-cert-v01@openssh.com # sshd_kexalgorithms # # Example: # sshd_ciphers: # - chacha20-poly1305@openssh.com # - aes256-gcm@openssh.com # - aes256-ctr #sshd_ciphers: {} sshd_ciphers: - chacha20-poly1305@openssh.com - aes256-gcm@openssh.com - aes128-gcm@openssh.com - aes256-ctr - aes192-ctr - aes128-ctr #sshd_macs: {} sshd_macs: - hmac-sha2-256-etm@openssh.com - hmac-sha2-512-etm@openssh.com - umac-128-etm@openssh.com # This users are allowed to use password authentification # sshd_pasword_auth_user: # This IP-Addresses are allowed to use password authentification # sshd_pasword_auth_ip: # --- # vars used by roles/common/tasks/sudoers.yml # --- # /etc/sudoers # sudoers_defaults: - env_reset - mail_badpass - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' sudoers_host_aliases: [] sudoers_user_aliases: [] sudoers_cmnd_aliases: [] sudoers_runas_aliases: [] sudoers_user_privileges: - name: root entry: 'ALL=(ALL:ALL) ALL' sudoers_group_privileges: [] sudoers_remove_user: - back - www-data # /etc/sudoers.d/50-user # sudoers_file_defaults: [] sudoers_file_host_aliases: [] sudoers_file_user_aliases: [] sudoers_file_cmnd_aliases: [] sudoers_file_runas_aliases: [] sudoers_file_user_back_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/rsync' - 'ALL=(root) NOPASSWD: /usr/bin/find' - 'ALL=(root) NOPASSWD: /usr/bin/realpath' sudoers_file_user_back_postgres_privileges: - 'ALL=(postgres) NOPASSWD: /usr/bin/psql' - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dump' - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dumpall' sudoers_file_user_back_svn_privileges: [] sudoers_file_user_back_disk_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/which' - 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*' - 'ALL=(root) NOPASSWD: /sbin/fdisk' - 'ALL=(root) NOPASSWD: /sbin/sgdisk' - 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*' - 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*' - 'ALL=(root) NOPASSWD: /sbin/parted' - 'ALL=(root) NOPASSWD: /sbin/gdisk' sudoers_file_user_webadmin_disk_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/mailq' - 'ALL=(root) NOPASSWD: /usr/bin/tail' - 'ALL=(root) NOPASSWD: /usr/bin/view' sudoers_file_dns_server_privileges: - name: manage-bind entry: 'ALL=(root) NOPASSWD: /usr/local/bin/bind_*' - name: manage-bind entry: 'ALL=(root) NOPASSWD: /root/bin/bind/bind_*' - name: chris entry: 'ALL=(root) NOPASSWD: /root/bin/bind/*' sudoers_file_postfixadmin_privileges: - name: www-data entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh' - name: www-data entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-domain-postdeletion.sh' sudoers_file_user_privileges: [] sudoers_file_group_privileges: [] # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- acl_caching_nameserver: {} bind9_gateway_acl: - local-net: name: local-net entries: - 127.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - 10.0.0.0/8 - fc00::/7 - fe80::/10 - ::1/128 bind9_gateway_listen_on_v6: - none bind9_gateway_listen_on: - any #bind9_gateway_allow_transfer: {} bind9_gateway_allow_transfer: - none #bind9_transfer_source: !!str "192.168.182.1" bind9_transfer_source: {} #bind9_notify_source: !!str "192.168.182.1" bind9_notify_source: {} #bind9_gateway_allow_query: {} bind9_gateway_allow_query: - local-net #bind9_gateway_allow_query_cache: {} bind9_gateway_allow_query_cache: - local-net bind9_gateway_recursion: !!str "yes" #bind9_gateway_allow_recursion: {} bind9_gateway_allow_recursion: - local-net # --- # vars used by roles/common/tasks/git.yml # --- # --- # Firewall repository # --- git_firewall_repository: {} # --- # all servers # --- git_default_repositories: # script repositories (destination /root/bin/) - name: admin-stuff repo: https://git.oopen.de/script/admin-stuff dest: /root/bin/admin-stuff - name: postfix repo: https://git.oopen.de/script/postfix dest: /root/bin/postfix # install repositories (destination: /usr/local/src/) - name: mailsystem repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem # Monitoring - name: monitoring repo: https://git.oopen.de/script/monitoring dest: /root/bin/monitoring # --- # group [oopen_server] # --- git_oopen_server_repositories: # firewall - name: ipt-server repo: https://git.oopen.de/firewall/ipt-server dest: /usr/local/src/ipt-server # --- # group [warenform_server] # --- git_warenform_server_repositories: # firewall - name: ipt-server repo: https://git.oopen.de/firewall/ipt-server dest: /usr/local/src/ipt-server # --- # group [lxc_host] # --- git_lxc_host_repositories: # LXC - name: LXC repo: https://git.oopen.de/script/LXC dest: /root/bin/LXC # --- # group [lxc_guest] # --- git_lxc_guest_repositories: # dehydrated-cron - name: dehydrated-cron repo: https://git.oopen.de/certificates/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron # --- # group [gateway_server] # --- git_gateway_repositories: # install repositories (destination: /usr/local/src/) # mailsystem - name: mailsystem repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem # firewall - name: ipt-gateway repo: https://git.oopen.de/firewall/ipt-gateway dest: /usr/local/src/ipt-gateway - name: manage-gw-config repo: https://git.oopen.de/script/manage-gw-config dest: /root/bin/manage-gw-config # --- # group [apache2_webserver] # --- git_apache2_repositories: # script repositories (destination /root/bin/) - name: apache2 repo: https://git.oopen.de/script/apache2 dest: /root/bin/apache2 # install repositories (destination: /usr/local/src/) - name: apache2 repo: https://git.oopen.de/install/apache2 dest: /usr/local/src/apache2 - name: php repo: https://git.oopen.de/install/php dest: /usr/local/src/php # dehydrated-cron - name: dehydrated-cron repo: https://git.oopen.de/certificates/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron # --- # group [nginx_webserver] # --- git_nginx_repositories: - name: nginx repo: https://git.oopen.de/install/nginx dest: /usr/local/src/nginx - name: php repo: https://git.oopen.de/install/php dest: /usr/local/src/php # --- # group [mysql_server] # --- git_mysql_repositories: # script repositories (destination /root/bin/) - name: mysql repo: https://git.oopen.de/script/mysql dest: /root/bin/mysql # install repositories (destination: /usr/local/src/) - name: mysql repo: https://git.oopen.de/install/mysql dest: /usr/local/src/mysql # --- # group [postgresql_server] # --- git_postgresql_repositories: # script repositories (destination /root/bin/) - name: postgres repo: https://git.oopen.de/script/postgres dest: /root/bin/postgres # --- # group [nextcloud_server] # --- git_nextcloud_repositories: # script repositories (destination /root/bin/) - name: nextcloud repo: https://git.oopen.de/script/nextcloud dest: /root/bin/nextcloud # install repositories (destination: /usr/local/src/) - name: nextcloud repo: https://git.oopen.de/install/nextcloud dest: /usr/local/src/nextcloud # --- # group [dns_server] # --- git_dns_repositories: # script repositories (destination /root/bin/) - name: bind repo: https://git.oopen.de/script/bind dest: /root/bin/bind # --- # group [backup_server] # --- git_backup_repositories: # script repositories (destination /root/bin/) - name: backup-rcopy repo: https://git.oopen.de/backup/backup-rcopy dest: /root/crontab/backup-rcopy # --- # group [samba_server] # --- git_samba_repositories: # script repositories (destination /root/bin/) - name: samba repo: https://git.oopen.de/script/samba dest: /root/bin/samba # --- # group [mail_server] # --- git_mailserver_repositories: # script repositories (destination /root/bin/) - name: apache2 repo: https://git.oopen.de/script/apache2 dest: /root/bin/apache2 - name: postfix repo: https://git.oopen.de/script/postfix dest: /root/bin/postfix # install repositories (destination: /usr/local/src/) - name: apache2 repo: https://git.oopen.de/install/apache2 dest: /usr/local/src/apache2 - name: php repo: https://git.oopen.de/install/php dest: /usr/local/src/php - name: mysql repo: https://git.oopen.de/install/mysql dest: /usr/local/src/mysql - name: mailsystem repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem - name: fail2ban repo: https://git.oopen.de/install/fail2ban dest: /usr/local/src/fail2ban # let's encrypt - name: dehydrated-cron repo: https://git.oopen.de/certificates/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron # --- # group [sympa_list_servers] # --- git_sympa_repositories: # install repositories (destination: /usr/local/src/) - name: sympa repo: https://git.oopen.de/install/sympa dest: /usr/local/src/sympa # --- # group [jitsi_meet_server] # --- git_jitsi_meet_repositories: # install repositories (destination: /usr/local/src/) - name: jitsi repo: https://git.oopen.de/install/jitsi dest: /usr/local/src/jitsi # --- # group [so36_server_dehydrated] # --- #git_so36_dehydrated_repositories: # # # install repositories (destination: /usr/local/src/) # - name: dehydrated-cron # repo: https://git.oopen.de/certificates/dehydrated-cron.git # dest: /usr/local/src/dehydrated-cron # --- # Use this for host specific repositories defined in files git-.yaml # # Leave empty here # --- git_other_repositories: [] # ========== # vars used by roles/common/tasks/nfs.yml # ========== nfs_server: {} # Set 'fs_encrypted' to true if filesystem lives on an encrypted # partition. # # NOTE !! # Take car to increase 'fsid' in case of more than one export # #nfs_exports: # - src: 192.168.112.10:/data/home # path: /data/home # mount_opts: users,rsize=8192,wsize=8192,hard,intr # export_opt: rw,root_squash,sync,subtree_check # export_networks: # - 192.168.112.0/24 # - 10.0.112.0/24 # - 10.1.112.0/24 # - 192.168.63.0/24 # use_fsid_option: true # nfs_exports: [] # --- # vars used by roles/common/tasks/copy_files.yml # --- copy_plain_files: [] copy_plain_files_postfix_host_specific: [] copy_plain_files_postfwd_host_specific: [] copy_plain_files_postfix: - name: header_checks.pcre src_path: mailserver/etc/postfix/header_checks.pcre dest_path: /etc/postfix/header_checks.pcre - name: body_check.pcre src_path: mailserver/etc/postfix/body_check.pcre dest_path: /etc/postfix/body_check.pcre copy_plain_files_postfwd: # Postfix Firewall postfwd # - name: postfwd.cf src_path: mailserver/etc/postfix/postfwd.cf dest_path: /etc/postfix/postfwd.cf - name: postfwd.bl-hosts src_path: mailserver/etc/postfix/postfwd.bl-hosts dest_path: /etc/postfix/postfwd.bl-hosts - name: postfwd.bl-nets src_path: mailserver/etc/postfix/postfwd.bl-nets dest_path: /etc/postfix/postfwd.bl-nets - name: postfwd.bl-sender src_path: mailserver/etc/postfix/postfwd.bl-sender dest_path: /etc/postfix/postfwd.bl-sender - name: postfwd.bl-user src_path: mailserver/etc/postfix/postfwd.bl-user dest_path: /etc/postfix/postfwd.bl-user - name: postfwd.wl-hosts src_path: mailserver/etc/postfix/postfwd.wl-hosts dest_path: /etc/postfix/postfwd.wl-hosts - name: postfwd.wl-nets src_path: mailserver/etc/postfix/postfwd.wl-nets dest_path: /etc/postfix/postfwd.wl-nets - name: postfwd.wl-sender src_path: mailserver/etc/postfix/postfwd.wl-sender dest_path: /etc/postfix/postfwd.wl-sender - name: postfwd.wl-user src_path: mailserver/etc/postfix/postfwd.wl-user dest_path: /etc/postfix/postfwd.wl-user copy_template_files: [] # --- # vars used by roles/common/tasks/symlink_files.yml # --- symlink_files: [] # --- # vars used by roles/common/tasks/config_files_mailsystem_scripts.yml # --- hostname: ipv4_address: ipv6_address: # postfix_db_type # is_relay_host: # sasl_auth_enable: # # possible values are: # !!str "true" # !!str "false" sasl_auth_enable: sasl_user: sasl_pass: # - # install_amavis.conf # - # db_in_use: # # possible values are: # !!str "true" # !!str "false" db_in_use: # postfix_db_type # # possible values are # 'PostgreSQL' # 'MySQL' # postfix_db_type: postfix_db_name: postfix_db_user: postfix_db_host: postfix_db_pass: # mp_receipt_number # # O.OPEN/IL/Warenform: 106015125438 # mp_receipt_number: # si_authorisation_signature # # O.OPEN/IL: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89 # # Warenform: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b # si_authorisation_signature: # - # install_postfixadmin.conf # - website_name_postfixadmin: #email_welcome_message: "\n #Hallo,\n # #Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n # #O.OPEN\n # #--\n #O.OPEN | Phone: +49 30 / 290 484 91\n #Erkelenzdamm 21 | Fax: +49 30 / 290 484 99\n #D-10999 Berlin | E-MAIL: oo@oopen.de\n #" email_welcome_message: # - # install_update_dovecot.conf # - dovecot_from_address: dovecot_reply_to: webmailer_address: #salutation: "O.OPEN\n # #--\n #O.OPEN | Phone: +49 30 / 290 484 91\n #Erkelenzdamm 21 | Fax: +49 30 / 290 484 99\n #D-10999 Berlin | http://oopen.de" salutation: # - # install_upgrade_roundcube-webmail.conf # - # First Webmailer webmail_site_name: autoreply_hostname: # possible values: 'pgsql' or 'mysql' roundcube_db_type: roundcube_db_name: roundcube_db_user: roundcube_db_host: roundcube_db_pass: roundcube_product_name: roundcube_support_url: roundcube_skin_logo: # 2 Webmailer webmaili_2_site_name: autoreply_2_hostname: # possible values: 'pgsql' or 'mysql' roundcube_2_db_type: roundcube_2_db_name: roundcube_2_db_user: roundcube_2_db_host: roundcube_2_db_pass: roundcube_2_product_name: roundcube_2_support_url: roundcube_2_skin_logo: # ========== # vars used by roles/common/tasks/samba-config-server.yml # vars used by roles/common/tasks/samba-user.yml # ========== samba_server_ip: samba_server_cidr_prefix: 24 apt_install_server_samba: - samba - nscd # samba_workgroup # # example: # samba_workgroup: MBR # samba_workgroup: # samba_netbios_name # # example: # samba_netbios_name: FILE-MBR # samba_netbios_name: # samba_server_min_protocol # samba_server_min_protocol: [] samba_groups: [] # samba_user: # - name: chris # groups: # - group1 # - group2 # password: 'H-.T/TvN5S9J' # samba_user: [] base_home: /home # remove_samba_users: # - name: name1 # - name: name2 # remove_samba_users: [] # samba_shares # # samba_shares: # - name: Arbeitsrechtliches # comment: # path: /data/shares/Arbeitsrechtliches # browseable: !!str yes # read_only: !!str no # writeable: !!str yes # guest_ok: !!str no # file_create_mask: !!str 0660 # dir_create_mask: !!str 2770 # valid_users: '%S' # group_valid_users: mbr-finanzen # group_write_list: mbr-finanzen # vfs_object_recycle: true # recycle_path: '@Recycle.Bin' # vfs_object_recycle_is_visible: false # samba_shares: [] samba_cronjob_trash_dirs: name: Clean up Samba Trash Dirs minute: "02" hour: "23" day: "*" month: "*" weekday: '*' user: root job: "/root/bin/samba/clean_samba_trash.sh" samba_cronjob_permissions: name: Set (group and access) Permissons for Samba shares minute: "14" hour: "23" day: "*" month: "*" weekday: '*' user: root job: "/root/bin/samba/set_permissions_samba_shares.sh" # ========== # vars used by roles/common/tasks/systemd-services.yml # ========== # Take care that if these services are installed, they are running and # start automatically after boot. # debian_services_active_and_started: - bind - cron - haveged - ntp - redis-server - ssh - tor redhat_services_active_and_started: - crond - haveged - named - ntpd - redis - sshd - tor # ============================== # --- # vars used by scripts/reset_root_passwd.yml # --- root_user: {}