--- # --- # vars used by roles/network_interfaces # --- # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted network_manage_devices: True # Should the interfaces be reloaded after config change? network_interface_reload: False network_interface_path: /etc/network/interfaces.d network_interface_required_packages: - vlan - bridge-utils - ifmetric - ifupdown - ifenslave - resolvconf network_interfaces: - device: eno1 headline: eno1 - Uplink DSL via Fritz!Box auto: true family: inet method: static address: 172.16.162.2 netmask: 24 gateway: 172.16.162.254 nameservers: - 127.0.0.1 search: blkr.netz - device: eno2 headline: eno2 - LAN auto: true family: inet method: static address: 192.168.162.253 netmask: 24 #- device: eno2:ns # headline: eno2:ns - Alias on eno2 (Nameserver) # auto: true # family: inet # method: static # address: 192.168.162.1 # netmask: 32 - device: eno3 headline: eno3 - WLAN auto: true family: inet method: static address: 192.168.163.254 netmask: 24 # --- # vars used by roles/ansible_dependencies # --- # --- # vars used by roles/ansible_user # --- # --- # vars used by roles/common/tasks/basic.yml # --- cron_user_entries: - name: "Check if Postfix Mailservice is up and running?" minute: '*/15' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check Postfix E-Mail LOG file for 'fatal' errors" minute: '17' hour: '*' job: /root/bin/monitoring/check_postfix.sh - name: "Check if SSH service is up and running?" minute: '*/15' hour: '*' job: /root/bin/monitoring/check_ssh.sh - name: "Check if OpenVPN service is up and running?" minute: '*/30' hour: '*' job: /root/bin/monitoring/check_vpn.sh - name: "Check if nameservice (bind) is running?" minute: '*/10' hour: '*' job: /root/bin/monitoring/check_dns.sh - name: "Check forwarding ( /proc/sys/net/ipv4/ip_forward contains \"1\" )" minute: '0-59/2' hour: '*' job: /root/bin/monitoring/check_forwarding.sh - name: "Copy gateway configuration" minute: '09' hour: '3' job: /root/bin/manage-gw-config/copy_gateway-config.sh BLKR #cron_user_special_time_entries: [] cron_user_special_time_entries: - name: "Check if Postfix Service is running at boot time" special_time: reboot job: "sleep 7 ; /root/bin/monitoring/check_postfix.sh" insertafter: PATH - name: "Restart Systemd's resolved at boottime." special_time: reboot job: "sleep 10 ; /bin/systemctl restart systemd-resolved" insertafter: PATH # --- # vars used by roles/common/tasks/sshd.yml # --- sshd_hostkeyalgorithms: - ssh-ed25519 - ssh-ed25519-cert-v01@openssh.com - rsa-sha2-256 - rsa-sha2-512 - ecdsa-sha2-nistp256 - rsa-sha2-256-cert-v01@openssh.com - rsa-sha2-512-cert-v01@openssh.com # --- # vars used by roles/common/tasks/apt.yml # --- # --- # vars used by roles/common/tasks/users.yml # --- insert_ssh_keypair_backup_server: false ssh_keypair_backup_server: - name: backup backup_user: back priv_key_src: root/.ssh/id_rsa.backup.oopen.de priv_key_dest: /root/.ssh/id_rsa pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub pub_key_dest: /root/.ssh/id_rsa.pub insert_keypair_backup_client: true ssh_keypair_backup_client: - name: backup priv_key_src: root/.ssh/id_ed25519.oopen-server priv_key_dest: /root/.ssh/id_ed25519 pub_key_src: root/.ssh/id_ed25519.oopen-server.pub pub_key_dest: /root/.ssh/id_ed25519.pub target: backup.oopen.de default_user: - name: chris password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: sysadm user_id: 1050 group_id: 1050 group: sysadm password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: back user_id: 1060 group_id: 1060 group: back password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' sudo_users: - chris - sysadm # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- # --- # vars used by roles/common/tasks/webadmin-user.yml # --- # --- # vars used by roles/common/tasks/sudoers.yml # --- # # see: roles/common/tasks/vars # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- install_bind_packages: true bind9_gateway_acl: - local-net: name: local-net entries: - 127.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - 10.0.0.0/8 - fc00::/7 - fe80::/10 - ::1/128 - internaldns: name: internaldns entries: - '// Nameserver Kanzlei EBS' - 192.168.182.1 bind9_gateway_listen_on_v6: - none bind9_gateway_listen_on: - any #bind9_gateway_allow_transfer: {} bind9_gateway_allow_transfer: - internaldns bind9_transfer_source: !!str "192.168.162.1" bind9_notify_source: !!str "192.168.162.1" #bind9_gateway_allow_query: {} bind9_gateway_allow_query: - local-net #bind9_gateway_allow_query_cache: {} bind9_gateway_allow_query_cache: - local-net bind9_gateway_recursion: !!str "yes" #bind9_gateway_allow_recursion: {} bind9_gateway_allow_recursion: - local-net # --- # vars used by roles/common/tasks/git.yml # --- git_firewall_repository: name: ipt-gateway repo: https://git.oopen.de/firewall/ipt-gateway dest: /usr/local/src/ipt-gateway # ============================== # --- # vars used by scripts/reset_root_passwd.yml # --- root_user: name: root password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.