--- # --- # vars used by roles/ansible_dependencies # --- apt_ansible_dependencies: - python - python3 - python3-apt - lsb-release - apt-transport-https - dbus - sudo - vim - net-tools - vlan - ca-certificates - openssl - mc - software-properties-common # --- # vars used by roles/ansible_user # --- ansible_remote_user: - name: chris password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' # --- # vars used by roles/common/tasks/basic.yml # --- time_zone: Europe/Berlin locales: - en_US.UTF-8 - de_DE.UTF-8 set_default_limit_nofile: false #copy_plain_files_systemd: [] copy_plain_files_systemd: # /etc/systemd/system.conf.d/*.conf # - name: DefaultLimitNOFILE src_path: etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNOFILE.conf - name: DefaultTasksMax src_path: etc/systemd/system.conf.d/20-DefaultTasksMax.conf dest_path: /etc/systemd/system.conf.d/20-DefaultTasksMax.conf - name: DefaultLimitCORE src_path: etc/systemd/system.conf.d/20-DefaultLimitCORE.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitCORE.conf - name: DefaultLimitNPROC src_path: etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitNPROC.conf - name: DefaultLimitRTPRIO src_path: etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTPRIO.conf - name: DefaultLimitRTTIME src_path: etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf dest_path: /etc/systemd/system.conf.d/20-DefaultLimitRTTIME.conf #copy_plain_files_sysctl: [] copy_plain_files_sysctl: # /etc/sysctl.d/*.conf # - name: dovecot src_path: etc/sysctl.d/50-dovecot.conf dest_path: /etc/sysctl.d/50-dovecot.conf - name: redis src_path: etc/sysctl.d/50-redis.conf dest_path: /etc/sysctl.d/50-redis.conf - name: swappiness src_path: etc/sysctl.d/50-swappiness.conf dest_path: /etc/sysctl.d/50-swappiness.conf - name: ddos src_path: etc/sysctl.d/10-ddos.conf dest_path: /etc/sysctl.d/10-ddos.conf # --- # vars used by apt.yml # --- apt_manage_sources_list: true apt_src_enable: true apt_backports_enable: true apt_debian_mirror: http://ftp.de.debian.org/debian/ apt_debian_contrib_nonfree_enable: true # Ubuntu mirror apt_ubuntu_mirror: http://archive.ubuntu.com/ubuntu apt_update_cache_valid_time: 3600 apt_upgrade: true apt_update: true apt_clean: true apt_autoremove: true apt_dpkg_configure: true apt_upgrade_type: dist apt_upgrade_dpkg_options: - force-confdef - force-confold apt_initial_install_stretch: - apt-transport-https - dbus - openssh-server - rssh - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - exuberant-ctags - mime-support - file - coreutils - moreutils - less - realpath - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.24 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man-db - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh apt_initial_install_buster: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - cron - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.28 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - libcroco3-dev - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh - lua5.3 - btrfs-tools - fdisk apt_initial_install_bullseye: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - cron - bc - figlet - rcconf - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - universal-ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.32 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline-dev - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - socat - zsh - lua5.4 - btrfs-progs - fdisk apt_initial_install_xenial: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.22 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - ifupdown - socat apt_initial_install_bionic: - apt-transport-https - dbus - openssh-server - rush - vim - vim-common - vim-doc - mc - screen - tmux - bc - figlet - sudo - rsync - dselect - iputils-ping - apt-utils - aptitude - zip - unzip - bzip2 - arj - locate - curl - gawk - mawk - lynx - links - w3m - ctags - mime-support - file - coreutils - moreutils - less - sipcalc - psmisc - dnsutils - rblcheck - whois - gettext - gettext-base - gettext-doc - debian-keyring - patch - patchutils - recode - recode-doc - librecode0 - librecode-dev - sharutils - perl - perl-modules-5.26 - perl-doc - libperl-dev - libterm-readline-gnu-perl - libterm-readline-perl-perl - libterm-readkey-perl - libmail-imapclient-perl - libtime-duration-perl - libtimedate-perl - libwww-perl - libpcre3 - libio-compress-perl - libreadline5 - re2c - util-linux - parted - lshw - gdisk - smartmontools - tcpdump - telnet - unhide - lsof - hdparm - groff - iproute2 - bridge-utils - vlan - ethtool - wipe - iperf - mtr - iptraf - wget - logrotate - rsyslog - haveged - rdate - ntpdate - wipe - man - groff - iptables - shellcheck - ssl-cert - ssl-cert-check - git - ftp - htop - net-tools - lsb-release - attr - acl - quota - quotatool - needrestart - ifupdown - socat apt_install_compiler_pkgs: false apt_compiler_pkgs: - g++ - g++-multilib - gcc - gcc-multilib - cpp - make - automake - autoconf - libtool - flex - bison - gettext - pkg-config - gnu-standards - libssl-dev - libreadline-dev - libncurses-dev - libsystemd-dev - libnss3-dev - python-dev apt_install_webserver_pkgs: false apt_webserver_pkgs: - libdb-dev - zlib1g - zlib1g-dev - libssl-dev - libneon27-dev - libxml2 - libxml2-dev - curl - libcurl4-openssl-dev - libqdbm-dev - libgdbm-dev - libpspell-dev - libjpeg-dev - libpng-dev - libxpm-dev - libfreetype6-dev - libwmf-dev - libtiff-dev - libpaper-dev - libmagic-dev - libgraphics-magick-perl - libgraphicsmagick++1-dev - libgraphicsmagick-q16-3 - libgraphicsmagick1-dev - libgraphviz-dev - libgsf-1-dev - libilmbase-dev - libvpx-dev - vpx-tools - libgpm-dev - libkpathsea-dev - libopenexr-dev - librsvg2-dev - libdjvulibre-dev - libatm-dev - libexpat-dev - imagemagick - graphicsmagick - exif - libexiv2-dev - re2c - netpbm - libnetpbm10-dev - libmcrypt-dev - mcrypt - default-libmysqlclient-dev - libpq-dev - postgresql-client - libreadline-dev - libncurses-dev - libdb5.3 - libdb5.3++ - libdb5.3++-dev - libdb5.3-dev - libxslt1-dev - libpcre3-dev - libc-client2007e-dev - libc-client-dev - libicu-dev - libtidy-dev - libmm-dev - libgmp-dev - libkrb5-dev - libldap-dev - libmhash-dev - libgd-dev - liblua5.3-dev - libapr1-dev - libaprutil1-dev - libsctp-dev - libcrypto++-dev - ffmpeg - libmagickwand-dev - libgeoip-dev - libaio-dev - tk-dev - tcl-dev - tclreadline - expect - expect-dev - libexpect-perl apt_install_postgresql_pkgs: false apt_postgresql_pkgs: - postgresql apt_install_bind9_packages: false apt_bind9_pkgs: - bind9 apt_install_lxc_host_pkgs: false apt_lxc_host_pkgs: - bridge-utils - lxc - ntp apt_install_extra_pkgs: false apt_extra_pkgs: [] apt_install: {} apt_install_state: latest apt_remove: - rpcbind - apt-transport-tor - tor - tor-geoipdb - torsocks apt_remove_purge: false microcode_package: - intel-microcode - amd64-microcode # --- # vars used by roles/common/tasks/users.yml # --- insert_ssh_keypair_backup_server: false ssh_keypair_backup_server: [] insert_keypair_backup_client: false ssh_keypair_backup_client: [] insert_root_ssh_keypair: false root_ssh_keypair: [] default_user: [] extra_user: [] sudo_users: [] extra_system_user: [] entries_authorized_key: [] #entries_authorized_key: # - user: root # - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcc4brtgGW0xP2KiZGq5xsyUKcNiYF72zQ49Z0lqx3iu0zj9oz79oGZY1N9jCeKG30AsbwL+4H6/l2hAekFZu6fIwuiRgCVRAwYrnnlOGDAnYOGHfks23pk2BU0/fb2VnxiK967FvpJ/xDP49t1UC5voX/O2MTkz6NROJPwIClHgnwN1bg+C09UpJNmmdROi8myhiu1/aYbAWDfQzVUnHio0q3vBM16ZUQkoIHxQT4fF8elS408n0jd9WJHyRtLB/mCMI6O3G2yHdPVciqKwgRwRtJ8hDjmFfyeLtxb4ADpa2Q/f6MuJI0elxbxjp8l2XKjVSwPJ8GKomC16HfgFMrnUNQcx9YMrXB26f+lperf9NlwbQtXZffj9M+BxTAFvh+1Q/iIHqRat2Bb/8OUY9JI2zuWUliffqb5Kbzjik4vMqZvI2ED2zphsPcpLST7u+4z40vZliBf1F4P2vDBfIRK87ldfJQQw6saMZznjZPNV7CA+K7IFCpOz0wuoVE3wOka8hdYmMIMno34Zf6P+xuTaAPXJOCubKuhicUlhtX7q72Pln5kuvbO3ZRgEK3XnyIWeAd2rkaU6XVo7W19043e9HkkbG8nZETYu7TGFhufXyloinde5XLyW295BS8fKa1AteJPDLY4ClF2PZiWbxWRjAhlRAlgXgup09rN2HHjw== root@b.ns' create_sftp_group: false # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- # --- # vars used by roles/common/tasks/webadmin-user.yml # --- insert_webadmin_ssh_keypair: false webadmin_ssh_keypair: [] webadmin_user: [] # --- # vars used by roles/common/tasks/sshd.yml # --- sshd_ports: - 22 sshd_listen_address: - '::' - '0.0.0.0' sshd_host_keys: - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key # only for debian version <= 9 # sshd_use_privilege_separation: !!str "sandbox" sshd_permit_root_login: !!str "no" sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2" sshd_pubkey_authentication: !!str "yes" sshd_password_authentication: !!str "no" sshd_use_pam: !!str "yes" sshd_print_motd: !!str "no" # sshd_kexalgorithms # # Example: # sshd_kexalgorithms: # - curve25519-sha256@libssh.org # - diffie-hellman-group-exchange-sha256 # - diffie-hellman-group14-sha1 # #sshd_kexalgorithms: {} sshd_kexalgorithms: - curve25519-sha256 - curve25519-sha256@libssh.org - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 - diffie-hellman-group-exchange-sha256 # sshd__ciphers # # Example: # sshd_ciphers: # - chacha20-poly1305@openssh.com # - aes256-gcm@openssh.com # - aes256-ctr #sshd_ciphers: {} sshd_ciphers: - chacha20-poly1305@openssh.com - aes256-gcm@openssh.com - aes128-gcm@openssh.com - aes256-ctr - aes192-ctr - aes128-ctr #sshd_macs: {} sshd_macs: - hmac-sha2-256-etm@openssh.com - hmac-sha2-512-etm@openssh.com - umac-128-etm@openssh.com #sshd_hostkeyalgorithms: {} sshd_hostkeyalgorithms: - ssh-ed25519 - ssh-ed25519-cert-v01@openssh.com - rsa-sha2-256 - rsa-sha2-512 - rsa-sha2-256-cert-v01@openssh.com - rsa-sha2-512-cert-v01@openssh.com sshd_use_dns: !!str "no" sshd_allowed_users: {} sshd_gateway_ports: !!str "no" # --- # vars used by roles/common/tasks/sudoers.yml # --- # /etc/sudoers # sudoers_defaults: - env_reset - mail_badpass - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' sudoers_host_aliases: [] sudoers_user_aliases: [] sudoers_cmnd_aliases: [] sudoers_runas_aliases: [] sudoers_user_privileges: - name: root entry: 'ALL=(ALL:ALL) ALL' sudoers_group_privileges: [] sudoers_remove_user: - back - www-data # /etc/sudoers.d/50-user # sudoers_file_defaults: [] sudoers_file_host_aliases: [] sudoers_file_user_aliases: [] sudoers_file_cmnd_aliases: [] sudoers_file_runas_aliases: [] sudoers_file_user_back_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/rsync' - 'ALL=(root) NOPASSWD: /usr/bin/find' - 'ALL=(root) NOPASSWD: /usr/bin/realpath' sudoers_file_user_back_postgres_privileges: - 'ALL=(postgres) NOPASSWD: /usr/bin/psql' - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dump' - 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dumpall' sudoers_file_user_back_svn_privileges: [] sudoers_file_user_back_disk_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/which' - 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*' - 'ALL=(root) NOPASSWD: /sbin/fdisk' - 'ALL=(root) NOPASSWD: /sbin/sgdisk' - 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*' - 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*' - 'ALL=(root) NOPASSWD: /sbin/parted' - 'ALL=(root) NOPASSWD: /sbin/gdisk' sudoers_file_user_webadmin_disk_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/mailq' - 'ALL=(root) NOPASSWD: /usr/bin/tail' - 'ALL=(root) NOPASSWD: /usr/bin/view' sudoers_file_dns_server_privileges: - name: manage-bind entry: 'ALL=(root) NOPASSWD: /usr/local/bin/bind_*' - name: manage-bind entry: 'ALL=(root) NOPASSWD: /root/bin/bind/bind_*' - name: chris entry: 'ALL=(root) NOPASSWD: /root/bin/bind/*' sudoers_file_postfixadmin_privileges: - name: www-data entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh' - name: www-data entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-domain-postdeletion.sh' sudoers_file_user_privileges: [] sudoers_file_group_privileges: [] # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- acl_caching_nameserver: {} # --- # vars used by roles/common/tasks/git.yml # --- # --- # Firewall repository # --- git_firewall_repository: {} # --- # all servers # --- git_default_repositories: # script repositories (destination /root/bin/) - name: admin-stuff repo: https://git.oopen.de/script/admin-stuff dest: /root/bin/admin-stuff - name: postfix repo: https://git.oopen.de/script/postfix dest: /root/bin/postfix # install repositories (destination: /usr/local/src/) - name: mailsystem repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem # --- # group [oopen_server] # --- git_oopen_server_repositories: # firewall - name: ipt-server repo: https://git.oopen.de/firewall/ipt-server dest: /usr/local/src/ipt-server # --- # group [warenform_server] # --- git_warenform_server_repositories: # firewall - name: ipt-server repo: https://git.oopen.de/firewall/ipt-server dest: /usr/local/src/ipt-server # --- # group [lxc_host] # --- git_lxc_host_repositories: # Monitoring - name: monitoring repo: https://git.oopen.de/script/monitoring dest: /root/bin/monitoring # LXC - name: LXC repo: https://git.oopen.de/script/LXC dest: /root/bin/LXC # --- # group [lxc_guest] # --- git_lxc_guest_repositories: # dehydrated-cron - name: dehydrated-cron repo: https://git.oopen.de/certificates/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron # Monitoring - name: monitoring repo: https://git.oopen.de/script/monitoring dest: /root/bin/monitoring # --- # group [gateway_server] # --- git_gateway_repositories: # firewall - name: ipt-gateway repo: https://git.oopen.de/firewall/ipt-gateway dest: /usr/local/src/ipt-gateway # --- # group [apache2_webserver] # --- git_apache2_repositories: # script repositories (destination /root/bin/) - name: apache2 repo: https://git.oopen.de/script/apache2 dest: /root/bin/apache2 # Monitoring - name: monitoring repo: https://git.oopen.de/script/monitoring dest: /root/bin/monitoring # install repositories (destination: /usr/local/src/) - name: apache2 repo: https://git.oopen.de/install/apache2 dest: /usr/local/src/apache2 - name: php repo: https://git.oopen.de/install/php dest: /usr/local/src/php # dehydrated-cron - name: dehydrated-cron repo: https://git.oopen.de/certificates/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron # --- # group [nginx_webserver] # --- git_nginx_repositories: - name: nginx repo: https://git.oopen.de/install/nginx dest: /usr/local/src/nginx - name: php repo: https://git.oopen.de/install/php dest: /usr/local/src/php # --- # group [mysql_server] # --- git_mysql_repositories: # script repositories (destination /root/bin/) - name: mysql repo: https://git.oopen.de/script/mysql dest: /root/bin/mysql # install repositories (destination: /usr/local/src/) - name: mysql repo: https://git.oopen.de/install/mysql dest: /usr/local/src/mysql # --- # group [postgresql_server] # --- git_postgresql_repositories: # script repositories (destination /root/bin/) - name: postgres repo: https://git.oopen.de/script/postgres dest: /root/bin/postgres # --- # group [nextcloud_server] # --- git_nextcloud_repositories: # script repositories (destination /root/bin/) - name: nextcloud repo: https://git.oopen.de/script/nextcloud dest: /root/bin/nextcloud # install repositories (destination: /usr/local/src/) - name: nextcloud repo: https://git.oopen.de/install/nextcloud dest: /usr/local/src/nextcloud # --- # group [dns_server] # --- git_dns_repositories: # script repositories (destination /root/bin/) - name: bind repo: https://git.oopen.de/script/bind dest: /root/bin/bind # --- # group [backup_server] # --- git_backup_repositories: # script repositories (destination /root/bin/) - name: backup-rcopy repo: https://git.oopen.de/backup/backup-rcopy dest: /root/crontab/backup-rcopy # --- # group [samba_server] # --- git_samba_repositories: # script repositories (destination /root/bin/) - name: samba repo: https://git.oopen.de/script/samba dest: /root/bin/samba # --- # group [mail_server] # --- git_mailserver_repositories: # script repositories (destination /root/bin/) - name: apache2 repo: https://git.oopen.de/script/apache2 dest: /root/bin/apache2 - name: postfix repo: https://git.oopen.de/script/postfix dest: /root/bin/postfix - name: monitoring repo: https://git.oopen.de/script/monitoring dest: /root/bin/monitoring # install repositories (destination: /usr/local/src/) - name: apache2 repo: https://git.oopen.de/install/apache2 dest: /usr/local/src/apache2 - name: php repo: https://git.oopen.de/install/php dest: /usr/local/src/php - name: mysql repo: https://git.oopen.de/install/mysql dest: /usr/local/src/mysql - name: mailsystem repo: https://git.oopen.de/install/mailsystem dest: /usr/local/src/mailsystem - name: fail2ban repo: https://git.oopen.de/install/fail2ban dest: /usr/local/src/fail2ban # let's encrypt - name: dehydrated-cron repo: https://git.oopen.de/certificates/dehydrated-cron.git dest: /usr/local/src/dehydrated-cron # --- # group [sympa_list_servers] # --- git_sympa_repositories: # install repositories (destination: /usr/local/src/) - name: sympa repo: https://git.oopen.de/install/sympa dest: /usr/local/src/sympa # --- # group [jitsi_meet_server] # --- git_jitsi_meet_repositories: # install repositories (destination: /usr/local/src/) - name: jitsi repo: https://git.oopen.de/install/jitsi dest: /usr/local/src/jitsi # --- # group [so36_server_dehydrated] # --- #git_so36_dehydrated_repositories: # # # install repositories (destination: /usr/local/src/) # - name: dehydrated-cron # repo: https://git.oopen.de/certificates/dehydrated-cron.git # dest: /usr/local/src/dehydrated-cron # --- # Use this for host specific repositories defined in files git-.yaml # # Leave empty here # --- git_other_repositories: [] # --- # vars used by roles/common/tasks/copy_files.yml # --- copy_plain_files: [] copy_template_files: [] # --- # vars used by roles/common/tasks/symlink_files.yml # --- symlink_files: [] # --- # vars used by roles/common/tasks/config_files_mailsystem_scripts.yml # --- hostname: ipv4_address: ipv6_address: # postfix_db_type # is_relay_host: # sasl_auth_enable: # # possible values are: # !!str "true" # !!str "false" sasl_auth_enable: sasl_user: sasl_pass: # - # install_amavis.conf # - # db_in_use: # # possible values are: # !!str "true" # !!str "false" db_in_use: # postfix_db_type # # possible values are # 'PostgreSQL' # 'MySQL' # postfix_db_type: postfix_db_name: postfix_db_user: postfix_db_host: postfix_db_pass: # mp_receipt_number # # O.OPEN/IL/Warenform: 106015125438 # mp_receipt_number: # si_authorisation_signature # # O.OPEN/IL: b0b7e94d3fcc8f3b1f128edd5830392361868cf0174723a9924ac25bf8b1b588cb974b50234e1bc1d9839dfe0ca6e1627733d90daf1399347b1046d20c2e3a89 # # Warenform: 76ed7ca6670dbee497e1a0397a7e178c4caa25888bc26d7327d1eab0195342a4cfa522dcf10382623d57dbc2a79bd37627b9a52def4d4bfe617d26e35405ce3b # si_authorisation_signature: # - # install_postfixadmin.conf # - website_name_postfixadmin: #email_welcome_message: "\n #Hallo,\n # #Ihre/Deine neue E-Mail Adresse ist eingerichtet.\n # #O.OPEN\n # #--\n #O.OPEN | Phone: +49 30 / 290 484 91\n #Erkelenzdamm 21 | Fax: +49 30 / 290 484 99\n #D-10999 Berlin | E-MAIL: oo@oopen.de\n #" email_welcome_message: # - # install_update_dovecot.conf # - dovecot_from_address: dovecot_reply_to: webmailer_address: #salutation: "O.OPEN\n # #--\n #O.OPEN | Phone: +49 30 / 290 484 91\n #Erkelenzdamm 21 | Fax: +49 30 / 290 484 99\n #D-10999 Berlin | http://oopen.de" salutation: # - # install_upgrade_roundcube-webmail.conf # - # First Webmailer webmail_site_name: autoreply_hostname: # possible values: 'pgsql' or 'mysql' roundcube_db_type: roundcube_db_name: roundcube_db_user: roundcube_db_host: roundcube_db_pass: roundcube_product_name: roundcube_support_url: roundcube_skin_logo: # 2 Webmailer webmaili_2_site_name: autoreply_2_hostname: # possible values: 'pgsql' or 'mysql' roundcube_2_db_type: roundcube_2_db_name: roundcube_2_db_user: roundcube_2_db_host: roundcube_2_db_pass: roundcube_2_product_name: roundcube_2_support_url: roundcube_2_skin_logo: # ============================== # --- # vars used by scripts/reset_root_passwd.yml # --- root_user: {}