ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
oopen-server/host_vars/file-dissens.dissens.netz.yml
Christoph 7ca6f6a2ab update
2025-04-21 11:04:04 +02:00

517 lines
11 KiB
YAML
Raw Permalink Blame History

---
# ---
# vars used by roles/network_interfaces
# ---
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
network_manage_devices: True
# Should the interfaces be reloaded after config change?
network_interface_reload: False
network_interface_path: /etc/network/interfaces.d
network_interface_required_packages:
- vlan
- bridge-utils
- ifmetric
- ifupdown
- ifenslave
network_interfaces:
- device: eno1np0
# use only once per device (for the first device entry)
headline: eno1 - LAN
# auto & allow are only used for the first device entry
allow: [] # array of allow-[stanzas] eg. allow-hotplug
auto: true
family: inet
method: static
description:
address: 192.168.132.10
netmask: 24
gateway: 192.168.132.254
# optional dns settings nameservers: []
#
# nameservers:
# - 194.150.168.168 # dns.as250.net
# - 91.239.100.100 # anycast.censurfridns.dk
# search: warenform.de
#
#nameservers:
# - 192.168.132.1
#search: blkr.netz
# ---
# vars used by roles/ansible_dependencies
# ---
# ---
# vars used by roles/ansible_user
# ---
# ---
# vars used by roles/common/tasks/basic.yml
# ---
# ---
# vars used by roles/common/tasks/sshd.yml
# ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
# ---
# vars used by roles/common/tasks/systemd-resolved.yml
# ---
systemd_resolved: true
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
# Primäre DNS-Adresse: 38.132.106.139
# Sekundäre DNS-Adresse: 194.187.251.67
#
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
# primäre DNS-Adresse
# IPv4: 1.1.1.1
# IPv6: 2606:4700:4700::1111
# sekundäre DNS-Adresse
# IPv4: 1.0.0.1
# IPv6: 2606:4700:4700::1001
#
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
# primäre DNS-Adresse
# IPv4: 8.8.8.8
# IPv6: 2001:4860:4860::8888
# sekundäre DNS-Adresse
# IPv4: 8.8.4.4
# IPv6: 2001:4860:4860::8844
#
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
# primäre DNS-Adresse
# IPv4: 9.9.9.9
# IPv6: 2620:fe::fe
# sekundäre DNS-Adresse
# IPv4: 149.112.112.112
# IPv6: 2620:fe::9
#
# OpenNIC - https://www.opennic.org/
# IPv4: 195.10.195.195 - ns31.de
# IPv4: 94.16.114.254 - ns28.de
# IPv4: 51.254.132.59 - ns9.de
# IPv4: 194.36.144.87 - ns29.de
# IPv6: 2a00:f826:8:2::195 - ns31.de
#
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
# IPv4: 5.1.66.255
# IPv6: 2001:678:e68:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# IPv4: 185.150.99.255
# IPv6: 2001:678:ed0:f000::
# Servername für DNS-over-TLS: dot.ffmuc.net
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
resolved_nameserver:
- 192.168.132.1
# search domains
#
# If there are more than one search domains, then specify them here in the order in which
# the resolver should also search them
#
#resolved_domains: []
resolved_domains:
- ~.
- dissens.netz
resolved_dnssec: false
# dns.as250.net: 194.150.168.168
#
resolved_fallback_nameserver:
- 194.150.168.168
# ---
# vars used by roles/common/tasks/cron.yml
# ---
cron_user_entries:
- name: "Daily Backup "
minute: "03"
hour: "00"
job: /root/crontab/backup-rborg2/rborg2.sh
- name: "Check if postfix mailservice is running. Restart service if needed."
minute: "*/5"
hour: "*"
job: /root/bin/monitoring/check_postfix.sh
- name: "Check Postfix E-Mail LOG file for 'fatal' errors."
minute: "*/30"
hour: "*"
job: /root/bin/postfix/check-postfix-fatal-errors.sh
- name: "Clean up Samba Trash Dirs"
minute: "02"
hour: "23"
job: /root/bin/samba/clean_samba_trash.sh
- name: "Set (group and access) Permissons for Samba shares"
minute: "14"
hour: "23"
job: /root/bin/samba/set_permissions_samba_shares.sh
- name: "Check if ntpsec is running. Restart service if needed."
minute: "*/6"
hour: "*"
job: /root/bin/monitoring/check_ntpsec_service.sh
cron_user_special_time_entries:
- name: "Restart DNS Cache service 'systemd-resolved'"
special_time: reboot
job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
insertafter: PATH
# ---
# vars used by roles/common/tasks/users.yml
# ---
# ---
# vars used by roles/common/tasks/users-systemfiles.yml
# ---
# ---
# vars used by roles/common/tasks/webadmin-user.yml
# ---
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
#
# see: roles/common/tasks/vars
sudoers_file_user_aliases:
- name: MAIN_USER
entry: 'malte.taeubrich, ulla.wittenzellner, sarah.klemm, bernard.koennecke, elenor.faellgren, mario.freidank '
sudoers_file_cmnd_aliases:
- name: REBOOT
entry: '/sbin/reboot'
- name: MANAGE_SERVICE
entry: '/usr/bin/systemctl'
sudoers_file_user_privileges:
- name: MAIN_USER
entry: ALL = REBOOT
- name: MAIN_USER
entry: ALL = MANAGE_SERVICE
# - name: julius
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: josephine
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: sebastian
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# - name: julius-e
# entry: 'ALL=(root) NOPASSWD: /sbin/reboot'
# ---
# vars used by roles/common/tasks/caching-nameserver.yml
# ---
# ---
# vars used by roles/common/tasks/git.yml
# ---
# ---
# vars used by roles/common/tasks/ntp.yml
# ---
local_ntp_service: true
ntp_server: gw-dissens.dissens.netz
# ---
# vars used by roles/common/tasks/nfs.yml
# ---
nfs_server: 192.168.132.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
# NOTE !!
# Take car to increase 'fsid' in case of more than one export
#
nfs_exports:
- src: 192.168.132.10:/data/samba/shares
path: /data/samba/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.132.0/24
- 10.0.192.0/24
- 10.1.192.0/24
- 192.168.63.0/24
use_fsid_option: true
# ---
# vars used by roles/common/tasks/samba-config-server.yml
# vars used by roles/common/tasks/samba-user.yml
# ---
samba_server_ip: 192.168.132.10
samba_server_cidr_prefix: 24
samba_workgroup: DISSENS
samba_netbios_name: FILE-DISSENS
samba_server_min_protocol: !!str NT1
samba_groups:
- name: team
group_id: 1100
- name: projekte
group_id: 1110
- name: verwaltung
group_id: 1200
- name: gf
group_id: 1300
samba_user:
- name: bernard.koennecke
groups:
- gf
- projekte
- team
- verwaltung
password: '20.ber-n4rd.ko3n-3cke-24!'
- name: chris
groups:
- gf
- projekte
- team
- verwaltung
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63643330373231636537366333326630333265303265653933613835656262323863363038653234
3462653135633266373439626263356636646637643035340a653466356235346663626163306363
61313164643061306433643738643563303036646334376536626531383965303036386162393832
6631333038306462610a356535633265633563633962333137326533633834636331343562633765
3631
- name: david.gelhaar
groups:
- projekte
- team
- verwaltung
password: '20-dav1d.g3lh44r_24%'
- name: elenor.faellgren
groups:
- projekte
- team
- verwaltung
password: '20/3l3n0r-fa3llg3em/24?'
- name: johanna.hess
groups:
- projekte
- team
password: '20_j0h4nn4_h3ss-24+'
- name: johanna.ruekgauer
groups:
- projekte
password: '20.j0hanna.ru3kgau3r+24!'
- name: laura.sasse
groups:
- projekte
- team
password: '20/l4ur4-s4sse-24?'
- name: lino.koehler
groups:
- projekte
password: '20.l1no-ko3hl3r_25/'
- name: maite.gabriel
groups:
- projekte
password: '20+m4ite.g4briel-24+'
- name: malte.taeubrich
groups:
- gf
- projekte
- team
- verwaltung
password: '20%m4lt3-t3ubrich+24!'
- name: mario.freidank
groups:
- projekte
- team
- verwaltung
password: '20-mar1o.fr31dank-24+'
- name: olaf.stuve
groups:
- projekte
password: '20-0l4f_stuve_24?"'
- name: ralph.klesch
groups:
- projekte
- team
- verwaltung
password: '20/r4lph-kl3sch.24-'
- name: rositsa.mahdi
groups:
- projekte
password: '20.ros1tsa-mahd1+24+'
- name: sarah.klemm
groups:
- gf
- projekte
- team
- verwaltung
password: '20.s4r4h_kl3mm-24!'
- name: scan
groups:
- team
password: '20-sc4n.25!'
- name: sebastian.scheele
groups:
- projekte
- team
password: '20/s3-bast1an+sch33l3_24-'
- name: simon.krugmann
groups:
- projekte
password: '20%sim0n.krugm4nn.24?'
- name: tabea.koepp
groups:
- projekte
- team
password: '20?tab3a/ko3pp.24/'
- name: till.dahlmueller
groups:
- projekte
- team
password: '20.t1ll/d4hlmueller-24!'
- name: ulla.wittenzellner
groups:
- gf
- projekte
- team
- verwaltung
password: '20+ull4_w1tt3nz3lln3r_24-'
- name: yannik.markhof
groups:
- projekte
- team
password: '20.y4nnik/m4rkhof_24/'
base_home: /data/home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
#remove_samba_users:
# - name: elenor.faellgrem
# - name: maiken.schiele
samba_shares:
- name: GF
comment: GF auf Fileserver
path: /data/samba/shares/GF
group_valid_users: gf
group_write_list: gf
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Projekte
comment: verwaltung auf Fileserver
path: /data/samba/shares/Projekte
group_valid_users: projekte
group_write_list: projekte
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Team
comment: verwaltung auf Fileserver
path: /data/samba/shares/Team
group_valid_users: team
group_write_list: team
file_create_mask: !!str 664
dir_create_mask: !!str 2775
vfs_object_recycle: true
recycle_path: '@Recycle'
- name: Verwaltung
comment: verwaltung auf Fileserver
path: /data/samba/shares/Verwaltung
group_valid_users: verwaltung
group_write_list: verwaltung
file_create_mask: !!str 660
dir_create_mask: !!str 2770
vfs_object_recycle: true
recycle_path: '@Recycle'
# ==============================
# ---
# vars used by scripts/reset_root_passwd.yml
# ---
root_user:
name: root
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
Reference in New Issue View Git Blame Copy Permalink