--- # --- # vars used by roles/network_interfaces # --- # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted network_manage_devices: True # Should the interfaces be reloaded after config change? network_interface_reload: False network_interface_path: /etc/network/interfaces.d network_interface_required_packages: - vlan - bridge-utils - ifmetric - ifupdown - ifenslave network_interfaces: - device: br0 # use only once per device (for the first device entry) headline: br0 - bridge over device enp97s0 # auto & allow are only used for the first device entry allow: [] # array of allow-[stanzas] eg. allow-hotplug auto: true family: inet method: static description: address: 192.168.122.10 netmask: 24 gateway: 192.168.122.254 # optional dns settings nameservers: [] # # nameservers: # - 194.150.168.168 # dns.as250.net # - 91.239.100.100 # anycast.censurfridns.dk # search: warenform.de # # optional bridge parameters bridge: {} # bridge: # ports: # stp: # fd: # maxwait: # waitport: bridge: ports: enp97s0 # for mor devices support a blank separated list stp: !!str off fd: 5 hello: 2 maxage: 12 # inline hook scripts pre-up: - !!str "ip link set dev enp97s0 up" # pre-up script lines up: [] #up script lines post-up: [] # post-up script lines (alias for up) pre-down: [] # pre-down script lines (alias for down) down: [] # down script lines post-down: [] # post-down script lines # --- # vars used by roles/ansible_dependencies # --- # --- # vars used by roles/ansible_user # --- # --- # vars used by roles/common/tasks/basic.yml # --- # --- # vars used by roles/common/tasks/sshd.yml # --- # --- # vars used by roles/common/tasks/apt.yml # --- # --- # vars used by roles/common/tasks/systemd-resolved.yml # --- systemd_resolved: true # CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie # Primäre DNS-Adresse: 38.132.106.139 # Sekundäre DNS-Adresse: 194.187.251.67 # # Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen # primäre DNS-Adresse # IPv4: 1.1.1.1 # IPv6: 2606:4700:4700::1111 # sekundäre DNS-Adresse # IPv4: 1.0.0.1 # IPv6: 2606:4700:4700::1001 # # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit # primäre DNS-Adresse # IPv4: 8.8.8.8 # IPv6: 2001:4860:4860::8888 # sekundäre DNS-Adresse # IPv4: 8.8.4.4 # IPv6: 2001:4860:4860::8844 # # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug # primäre DNS-Adresse # IPv4: 9.9.9.9 # IPv6: 2620:fe::fe # sekundäre DNS-Adresse # IPv4: 149.112.112.112 # IPv6: 2620:fe::9 # # OpenNIC - https://www.opennic.org/ # IPv4: 195.10.195.195 - ns31.de # IPv4: 94.16.114.254 - ns28.de # IPv4: 51.254.162.59 - ns9.de # IPv4: 194.36.144.87 - ns29.de # IPv6: 2a00:f826:8:2::195 - ns31.de # # Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) # IPv4: 5.1.66.255 # IPv6: 2001:678:e68:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # IPv4: 185.150.99.255 # IPv6: 2001:678:ed0:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) resolved_nameserver: - 192.168.122.1 # search domains # # If there are more than one search domains, then specify them here in the order in which # the resolver should also search them # #resolved_domains: [] resolved_domains: - ~. - anw-km.netz resolved_dnssec: false # dns.as250.net: 194.150.168.168 # resolved_fallback_nameserver: - 172.16.122.254 # --- # vars used by roles/common/tasks/cron.yml # --- cron_user_special_time_entries: - name: "Restart DNS Cache service 'systemd-resolved'" special_time: reboot job: "sleep 10 ; /bin/systemctl restart systemd-resolved" insertafter: PATH # --- # vars used by roles/common/tasks/users.yml # --- # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- # --- # vars used by roles/common/tasks/webadmin-user.yml # --- # --- # vars used by roles/common/tasks/sudoers.yml # --- # # see: roles/common/tasks/vars sudoers_file_user_back_mount_privileges: - 'ALL=(root) NOPASSWD: /usr/bin/mount' - 'ALL=(root) NOPASSWD: /usr/bin/umount' # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- # --- # vars used by roles/common/tasks/git.yml # --- # --- # vars used by roles/common/tasks/samba-config-server.yml # vars used by roles/common/tasks/samba-user.yml # --- samba_server_ip: 192.168.122.10 samba_server_cidr_prefix: 24 samba_workgroup: WORKGROUP samba_netbios_name: FILE-KM samba_server_min_protocol: !!str NT1 samba_groups: - name: kanzlei group_id: 1100 - name: a-jur group_id: 1110 - name: intern group_id: 1120 - name: aulmann group_id: 1130 - name: howe group_id: 1140 - name: stahmann group_id: 1150 - name: traine group_id: 1160 - name: public group_id: 1170 - name: alle group_id: 1180 samba_user: - name: advoware groups: - advoware password: '9WNRbc49m3' - name: a-jur groups: - a-jur - alle - intern - kanzlei password: 'a-jur' - name: andrea groups: - advoware - aulmann - howe - stahmann - traine - public password: 'fXc3bmK9gj' - name: andreas groups: - a-jur - advoware - alle - kanzlei password: '' - name: aphex2 groups: - alle - aulmann - howe - stahmann - traine - public password: 'J3KMRprK9H' - name: berenice groups: - kanzlei - a-jur - alle password: 'berenice' - name: beuster groups: - advoware - aulmann - howe - stahmann - traine - public - alle password: 'zlm17Kx' - name: buero groups: - kanzlei - a-jur - alle password: 'buero' - name: buero2 groups: - kanzlei - a-jur - alle password: 'buero2' - name: buero3 groups: - kanzlei - a-jur - alle password: 'buero3' - name: buero4 groups: - kanzlei - a-jur - alle password: 'buero4' - name: buero7 groups: - kanzlei - a-jur - alle password: 'buero7' - name: chris groups: - a-jur - advoware - alle - aulmann - intern - kanzlei - stahmann - traine - public password: !vault | $ANSIBLE_VAULT;1.1;AES256 30383265366434633965346530666535363761396165393434643665393137353765653739636364 6330623334353763613065343336306434376335646666380a363030363335656261656236636562 63663763616630383264303039336562626537366634303636356237323630666635356130383165 3837613337343533650a663061366230353531316535656433643162353063383534323833323138 3430 - name: christina groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'qvR7zX4Lhs' - name: federico groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'zHfj9g3NcC' - name: gerhard groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'bHdhzWnTj9' - name: ho-st1 groups: - alle - howe - stahmann password: '44-Ro-440' - name: howe-staff-1 groups: - advoware - alle - aulmann - howe password: '' - name: irina groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'W9NKv39pXW' - name: jessica groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'bV3pjPtjkR' - name: laura groups: - alle - aulmann - howe - stahmann - traine password: '99-Hamburg-990' - name: lenovo3 groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'fndvLmrt7W' - name: lenovo4 groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'tpCMmTKj7H' - name: lenovo5 groups: - advoware - alle - aulmann - howe - stahmann - traine - public password: 'L5Hannover51' - name: lenovo6 groups: - advoware - alle - aulmann - howe - stahmann - traine password: '66koeln66' - name: rm-buero1 groups: - alle - a-jur - kanzlei password: '' - name: rm-buero2 groups: - alle - a-jur - kanzlei password: '' - name: rolf groups: - alle - aulmann - howe - stahmann - traine - public password: '4xNVNFXgP4' - name: sysadm groups: - a-jur - advoware - alle - aulmann - intern - kanzlei - stahmann - traine - public password: 'Ax_GSHh5' - name: thomas groups: - advoware - alle - traine password: '55-tho-mas-550' - name: Tresen groups: - a-jur - advoware - alle - kanzlei - howe - stahmann - traine - public password: 'maltzwo2' - name: winadm groups: - a-jur - advoware - alle - intern - kanzlei - public password: 'Ax_GSHh5' base_home: /data/home # remove_samba_users: # - name: name1 # - name: name2 # remove_samba_users: [] #remove_samba_users: # - name: evren samba_shares: - name: a-jur comment: a-jur Dokumente path: /data/samba/a-jur group_valid_users: a-jur group_write_list: a-jur file_create_mask: !!str 664 dir_create_mask: !!str 2775 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: kanzlei comment: Kanzlei auf Fileserver path: /data/samba/kanzlei group_valid_users: kanzlei group_write_list: kanzlei file_create_mask: !!str 664 dir_create_mask: !!str 2775 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: install comment: Install auf Fileserver path: /data/samba/no-backup-shares/install group_valid_users: intern group_write_list: intern file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: false - name: aulmann comment: Aulmann auf Fileserver path: /data/samba/Aulmann group_valid_users: aulmann group_write_list: aulmann file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: howe comment: Howe auf Fileserver path: /data/samba/Howe group_valid_users: howe group_write_list: howe file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: stahmann comment: Stahmann auf Fileserver path: /data/samba/Stahmann group_valid_users: stahmann group_write_list: stahmann file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: traine comment: Traine auf Fileserver path: /data/samba/Traine group_valid_users: traine group_write_list: traine file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: public comment: Public auf Fileserver path: /data/samba/public group_valid_users: public group_write_list: public file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: Advoware-Schriftverkehr comment: Advoware Dokumente path: /data/samba/Advoware-Schriftverkehr group_valid_users: advoware group_write_list: advoware file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true - name: Advoware-Backup comment: Advoware Dokumente path: /data/samba/Advoware-Backup group_valid_users: intern group_write_list: intern file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: false - name: alle comment: Alle auf Fileserver path: /data/samba/Alle group_valid_users: alle group_write_list: alle file_create_mask: !!str 660 dir_create_mask: !!str 2770 vfs_object_recycle: true recycle_path: '@Recycle' vfs_object_recycle_is_visible: true # - name: web # comment: Web auf Fileserver # path: /data/samba/Web # group_valid_users: web # group_write_list: web # file_create_mask: !!str 660 # dir_create_mask: !!str 2770 # vfs_object_recycle: true # recycle_path: '@Recycle' # ============================== # --- # vars used by scripts/reset_root_passwd.yml # --- root_user: name: root password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.