--- # --- # vars used by roles/network_interfaces # --- # If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted network_manage_devices: True # Should the interfaces be reloaded after config change? network_interface_reload: False network_interface_path: /etc/network/interfaces.d network_interface_required_packages: - vlan - bridge-utils - ifmetric - ifupdown network_interfaces: - device: br0 # use only once per device (for the first device entry) headline: br0 - bridge over device enp195s0 # auto & allow are only used for the first device entry allow: [] # array of allow-[stanzas] eg. allow-hotplug auto: true family: inet method: static hwaddress: f0:2f:74:97:4a:c4 description: address: 142.132.147.171 netmask: 26 gateway: 142.132.147.129 metric: pointopoint: mtu: scope: # additional user by dhcp method # hostname: leasehours: leasetime: vendor: client: # additional used by bootp method # bootfile: server: hwaddr: # optional dns settings nameservers: [] # # nameservers: # - 194.150.168.168 # dns.as250.net # - 91.239.100.100 # anycast.censurfridns.dk # search: warenform.de # #nameservers: # - 185.12.64.1 # - 2a01:4ff:ff00::add:2 # - 185.12.64.2 # - 2a01:4ff:ff00::add:1 #search: # optional additional subnets/ips subnets: [] # subnets: # - '192.168.123.0/24' # - '192.168.124.11/32' # optional bridge parameters bridge: {} # bridge: # ports: # stp: # fd: # maxwait: # waitport: bridge: ports: enp195s0 # for mor devices support a blank separated list stp: !!str off fd: 5 hello: 2 maxage: 12 # optional bonding parameters bond: {} # bond: # master # primary # slave # method: # miimon: # lacp-rate: # ad-select-rate: # master: # slaves: bond: {} # optional vlan settings | vlan: {} # vlan: {} # raw-device: 'eth0' vlan: {} # inline hook scripts pre-up: [] # pre-up script lines up: [] # up script lines post-up: [] # post-up script lines (alias for up) pre-down: [] # pre-down script lines (alias for down) down: [] # down script lines post-down: [] # post-down script lines - device: br0 family: inet6 method: static address: 2a01:4f8:261:1994::2 netmask: 64 gateway: fe80::1 # --- # vars used by roles/ansible_dependencies # --- # --- # vars used by roles/ansible_user # --- # --- # vars used by roles/common/tasks/basic.yml # --- # --- # vars used by roles/common/tasks/sshd.yml # --- # --- # vars used by roles/common/tasks/apt.yml # --- # --- # vars used by roles/common/tasks/systemd-resolved.yml # --- systemd_resolved: true # CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie # Primäre DNS-Adresse: 38.132.106.139 # Sekundäre DNS-Adresse: 194.187.251.67 # # Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen # primäre DNS-Adresse # IPv4: 1.1.1.1 # IPv6: 2606:4700:4700::1111 # sekundäre DNS-Adresse # IPv4: 1.0.0.1 # IPv6: 2606:4700:4700::1001 # # Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit # primäre DNS-Adresse # IPv4: 8.8.8.8 # IPv6: 2001:4860:4860::8888 # sekundäre DNS-Adresse # IPv4: 8.8.4.4 # IPv6: 2001:4860:4860::8844 # # Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug # primäre DNS-Adresse # IPv4: 9.9.9.9 # IPv6: 2620:fe::fe # sekundäre DNS-Adresse # IPv4: 149.112.112.112 # IPv6: 2620:fe::9 # # OpenNIC - https://www.opennic.org/ # IPv4: 195.10.195.195 - ns31.de # IPv4: 94.16.114.254 - ns28.de # IPv4: 51.254.162.59 - ns9.de # IPv4: 194.36.144.87 - ns29.de # IPv6: 2a00:f826:8:2::195 - ns31.de # # Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) # IPv4: 5.1.66.255 # IPv6: 2001:678:e68:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # IPv4: 185.150.99.255 # IPv6: 2001:678:ed0:f000:: # Servername für DNS-over-TLS: dot.ffmuc.net # für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) resolved_nameserver: - 185.12.64.1 - 2a01:4ff:ff00::add:2 - 185.12.64.2 - 2a01:4ff:ff00::add:1 # search domains # # If there are more than one search domains, then specify them here in the order in which # the resolver should also search them # #resolved_domains: [] resolved_domains: - ~. - oopen.de resolved_dnssec: true # dns.as250.net: 194.150.168.168 # resolved_fallback_nameserver: - 194.150.168.168 # --- # vars used by roles/common/tasks/users.yml # --- default_user: - name: chris password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: sysadm user_id: 1050 group_id: 1050 group: sysadm password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: localadmin user_id: 1051 group_id: 1051 password: $6$flo5afeu$1Dn/tqIOJIFQbymCzpJk9BgGflQdy2Eg0nTiMBF7VefN7uY/Md1pV2yU0S47kZuH5aDjSdPfKzhHp8Aul/xx90 shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' - name: back user_id: 1060 group_id: 1060 group: back password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. shell: /bin/bash ssh_keys: - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' sudo_users: - chris - sysadm - localadmin # --- # vars used by roles/common/tasks/users-systemfiles.yml # --- # --- # vars used by roles/common/tasks/webadmin-user.yml # --- # --- # vars used by roles/common/tasks/sudoers.yml # --- # # see: roles/common/tasks/vars # --- # vars used by roles/common/tasks/caching-nameserver.yml # --- # --- # vars used by roles/common/tasks/git.yml # --- git_firewall_repository: name: ipt-server repo: https://git.oopen.de/firewall/ipt-server dest: /usr/local/src/ipt-server # ============================== # --- # vars used by scripts/reset_root_passwd.yml # --- root_user: name: root password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.