276 lines
9.8 KiB
YAML
276 lines
9.8 KiB
YAML
---
|
|
|
|
# ---
|
|
# vars used by role firewall
|
|
# --
|
|
|
|
is_web_server: true
|
|
|
|
# ---
|
|
# vars used by roles/ansible_dependencies
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/ansible_user
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/basic.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/sshd.yml
|
|
# ---
|
|
|
|
sshd_ports:
|
|
- 22
|
|
- 1036
|
|
|
|
sshd_listen_address:
|
|
- '::'
|
|
- '0.0.0.0'
|
|
|
|
sshd_host_keys:
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
|
|
# only for debian version <= 9
|
|
#
|
|
sshd_use_privilege_separation: !!str "sandbox"
|
|
|
|
sshd_permit_root_login: !!str "no"
|
|
|
|
sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2"
|
|
|
|
sshd_pubkey_authentication: !!str "yes"
|
|
|
|
sshd_password_authentication: !!str "no"
|
|
|
|
sshd_use_pam: !!str "yes"
|
|
|
|
sshd_allowed_users:
|
|
- back
|
|
- alex
|
|
- alis
|
|
- ckubu
|
|
- defa
|
|
- init
|
|
- sysadm
|
|
|
|
# sshd_kexalgorithms
|
|
#
|
|
# Example:
|
|
# sshd_kexalgorithms:
|
|
# - curve25519-sha256@libssh.org
|
|
# - diffie-hellman-group-exchange-sha256
|
|
# - diffie-hellman-group14-sha1
|
|
#
|
|
#sshd_kexalgorithms: {}
|
|
sshd_kexalgorithms:
|
|
- curve25519-sha256
|
|
- curve25519-sha256@libssh.org
|
|
- diffie-hellman-group16-sha512
|
|
- diffie-hellman-group18-sha512
|
|
- diffie-hellman-group-exchange-sha256
|
|
|
|
# sshd__ciphers
|
|
#
|
|
# Example:
|
|
# sshd_ciphers:
|
|
# - chacha20-poly1305@openssh.com
|
|
# - aes256-gcm@openssh.com
|
|
# - aes256-ctr
|
|
#sshd_ciphers: {}
|
|
sshd_ciphers:
|
|
- chacha20-poly1305@openssh.com
|
|
- aes256-gcm@openssh.com
|
|
- aes128-gcm@openssh.com
|
|
- aes256-ctr
|
|
- aes192-ctr
|
|
- aes128-ctr
|
|
|
|
#sshd_macs: {}
|
|
sshd_macs:
|
|
- hmac-sha2-256-etm@openssh.com
|
|
- hmac-sha2-512-etm@openssh.com
|
|
- umac-128-etm@openssh.com
|
|
|
|
#sshd_hostkeyalgorithms: {}
|
|
sshd_hostkeyalgorithms:
|
|
- ssh-ed25519
|
|
- ssh-ed25519-cert-v01@openssh.com
|
|
- rsa-sha2-256
|
|
- rsa-sha2-512
|
|
- rsa-sha2-256-cert-v01@openssh.com
|
|
- rsa-sha2-512-cert-v01@openssh.com
|
|
|
|
#sshd_kexalgorithms:
|
|
# - curve25519-sha256@libssh.org
|
|
# - diffie-hellman-group-exchange-sha256
|
|
# - diffie-hellman-group14-sha1
|
|
|
|
#sshd_ciphers:
|
|
# - chacha20-poly1305@openssh.com
|
|
# - aes256-gcm@openssh.com
|
|
# - aes256-ctr
|
|
|
|
sshd_print_motd: !!str "no"
|
|
|
|
sshd_use_dns: !!str "no"
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/apt.yml
|
|
# ---
|
|
|
|
|
|
apt_manage_sources_list: true
|
|
|
|
apt_src_enable: false
|
|
apt_backports_enable: true
|
|
|
|
apt_debian_mirror: http://ftp.de.debian.org/debian/
|
|
apt_debian_contrib_nonfree_enable: true
|
|
|
|
apt_update_cache_valid_time: 3600
|
|
|
|
apt_upgrade: true
|
|
apt_update: true
|
|
|
|
apt_clean: true
|
|
apt_autoremove: true
|
|
|
|
apt_dpkg_configure: true
|
|
apt_upgrade_type: dist
|
|
apt_upgrade_dpkg_options:
|
|
- force-confdef
|
|
- force-confold
|
|
|
|
apt_install_state: latest
|
|
|
|
apt_remove:
|
|
- rpcbind
|
|
|
|
apt_remove_purge: false
|
|
|
|
microcode_package:
|
|
- intel-microcode
|
|
- amd64-microcode
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/users.yml
|
|
# ---
|
|
|
|
|
|
default_user:
|
|
|
|
- name: alex
|
|
password: $6$GTP91Vzk$HBBq323cWk5NXqmIaFXAoHBavJWMO9KZdpdORvwaPtnQTT/ZxsHSlMrlI4W2mPWnDwa8IRy6.ZYL1FAMS9do21
|
|
shell: /usr/bin/zsh
|
|
ssh_keys:
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMyXy0+TVREnROtJOzuFFrFW18UXaRyWWLm4Z1vCOXU home'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKb9VsHdwzIW8MpEtOKzWPJW+toe1UL1odj4k0mtYPac work'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJywUxxa2hNC8DNGmiyyLDaY0BP8muqqR1upMS8vBx6O laptop'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPKDhjGkGJNO9pmc3CDp0fi4TXmkXP1hm6wzAdqiMphE netbook'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk3tyHir3go59oZnp98WhauGJNwf6KTRYcBvfFMs8fY mobile'
|
|
|
|
- name: alis
|
|
password: $6$a/PWqRoP$bQs3qmthLdL6nVVt65ml6XcZqfVxQ9nQg0/VcUjuh44vuVlJ7lGgvb6Zv1MM.Ryu1Qis1a3GFuKIRww3p7RVJ.
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEXvi4aBvd8777iALbpxMvzXdX+LnFYEOzHPuBEMjFt7+LArqqpfqU4rSCtfMD3QExAYbstIj0K/eyQ3S+Oe+Ry4Fr3hkZOtkpZF+MW1yvO2m1QuEzj+/2C9SU+yhGLo4cyIZN59wJOodWmLNy4u/vIQw305AHVwBdyE0zdq/5WRngk5nJmyjZHw7/rX5DPRgxOWk1zjruXt6mWoImRPk0Cy4jpouIl6DQ9gawryryX9+9E6aSI6Ona7ngUxKGcwe3ec3CM66c83J7xfC17EiZccjrJ+u9UPIlsXNs/ka3W/625wHTHCIaj2uOL2JZOj/TboZETPti5LO1fA5iLww+Iu1eGVPncdxojSgAcv4fcDKIG+IrEf8RyP7z7kABQH0jB+4jrnpptkOulrxccAYBxKp9AA0fp0dRo1IdSZ8IEnXluJ5pg2N73SFi/1MyC67urWC/qqhK5C32WjezDoXUx/n9DE9gKsFID6vEHmIZsuD1ohsIbksLkLq0Guh8goLfFxATJEdj1CpL+FtpaCcMLFSYYgSZwVsoCeEXz8h4nlYy8w7+kcweJIEJstjLHziZ0oIwmmRxqGLIeLrfQRF7miFUJzgIVmj+wIHrhk11ZdceP9RNT/TpnYFQvICRFJp7tYS4+uYS4rdNgJ0o9VtyHEoFrCKtB7mHvl1/MFGoYw== alis@mail36.net'
|
|
|
|
- name: ckubu
|
|
password: $6$nmAWOQHZ$PRx3FAGI4.X4ah7nmuTFJi0iFMwlWwTz.iM9B4yjLGcnQ/hg3K0O0lSDXOOn7yRJlhwRejVq2XSNvrmSGwJw//
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
|
|
|
|
- name: defa
|
|
password: $6$LMelojO.$TY0vb.xSBparEY5O7p86YT.E4RXKVH0bDfwGsszuFS6EAl3oh.s6V.jIZYg56P1RTDiVUh4A0BOwk87Q/utaS1
|
|
shell: /bin/zsh
|
|
ssh_keys:
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAmPpPUHYmhTlN97lPAIdDjmkvM4xbCrWHiAjJJ7RdM8lW6hLbBaiMgbUwULOB86FB49V2YSoaVX09UkxJOCf15TYbq79P7W2x2UtFzYxVEVgpr/HVhJjytEDzmFYbsNN3VDK/2JEFqYqtLpTXOqf/TFihmqbvfbkUQOK/NMbE8udxj/RHnwRDMaJJ0IP7L6Z/v5s654H75nv7/IRm8Ov5DmcJyz9BcEL7fpow2HYexUzUozWN9zMXabrQ5AtEeJ0FYuBFIkYPLaUQ+WJ5bLCmoeE81+SIl+fw0UG5Zeb6SMo+NFFaMBIvwyEsNVyz9Gf2SUq/9weTr0JxVdCGKmEZLj9imcr2WtQxcXRhjTzAyq4m8F/2uA9GkisFUM2VybfZxNtkTZdIEHYE1X/36PYNI7P8Cp98cM7EKNLaPniDuQRh7IBixVt9oxxwxVFjZrG21ySanvg6GnpHHAkhM2nlwA0zcDMYd2h5rJt9JB8s8UQplTJzmo+lAbGBc47pZr4J0BKywjTsfQtQed1kClm/oEjO19mvRIC5DBznBtWJ4jWeTsjs91tEARE7LforRCy2VkA2rNxPsWz6Iks/towoySuWz8oUmA0FdfE5ULUavuv4uFZQXurIX0AvyWp3dg8dG2srnoZqqagr3VdZT7jV5nlNICeaEFbb5iShaxDBoBk= defa@walther'
|
|
|
|
- name: init
|
|
password: $6$NcRlPYtm$1YiBoiJUcEwB1ovXYLpQ.OM/ehceh46/G2K4jz0I/PK7tJzD/HDoKhaKVYEIe.uWld6zC63GrgEhq.UMJzFuS1
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcOAGa9XHPVGx7k5YWptABoMs2f1+OeqRr6UFXveCWtjdDuk+YUAWl1W8TlDaFmw0+kLGk4Sg5TEcDzlVL+9L1Du044mwieeGQx5WRnz2vtg9XP/AP19jmpn1gTUPt5HGvFWVCeCDkMnc2aEz+fbW1MGN3ZxRNXhoNZfSS/jC7B0RANu1o3nPDQ3fGxFee02bAWi76To+0dJJppH02qSmlkOSUExOI+9i5WSog5KuCim25isLTIwv/GJNWAASL2/OUMuH82mX1EIS6qRdvcRufWH8qxTAkSeNrLUjiJOtCcE9dchS566KDs8p0U02PBN/92VB9aS/ErQ23l7llVr4jr776qBlUQn4vMxv1MG9ETM+/tUErYNDYazx+FV4NT90sxvepc+8I/q0AZjD2HNp6P25LgPNIhegNznnF/Twy9wW4Jn50FB4GMf8tHCeD9clXOMA1gSGGQiyeyly+wzZ5eLduwWAtzzYJ7MpOfncPYq2kKqs/29p77/0fvdbH2zzJQDbR2A0kHK1z3K6A7I8c+dBdcf2Kb5pvmglHjjSS06rD3oJtl3EvTfBe7AFhCou+zaaIf9fjMyM5upOu/ik23gRcDD32pX6Y0ltixfIWm6PV+Rgl88q6mOeLMwnItKtXID/O2908JE4dyLao2JeauzhXBJjMY2yzbcPLSlz2xw== so_init_03'
|
|
|
|
- name: sysadm
|
|
|
|
user_id: 1050
|
|
group_id: 1050
|
|
group: sysadm
|
|
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
|
|
|
|
- name: back
|
|
user_id: 1060
|
|
group_id: 1060
|
|
group: back
|
|
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
|
|
|
|
sudo_users:
|
|
- alex
|
|
- alis
|
|
- ckubu
|
|
- defa
|
|
- init
|
|
- sysadm
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/users-systemfiles.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/webadmin-user.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/sudoers.yml
|
|
# ---
|
|
#
|
|
# see: roles/common/tasks/vars
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/caching-nameserver.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/git.yml
|
|
# ---
|
|
|
|
git_firewall_repository:
|
|
name: ipt-server
|
|
repo: https://git.oopen.de/firewall/ipt-server
|
|
dest: /usr/local/src/ipt-server
|
|
|
|
# ==============================
|
|
|
|
|
|
# ---
|
|
# vars used by scripts/reset_root_passwd.yml
|
|
# ---
|
|
|
|
root_user:
|
|
name: root
|
|
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
|
|
|