409 lines
11 KiB
YAML
409 lines
11 KiB
YAML
---
|
|
# ---
|
|
# vars used by roles/network_interfaces
|
|
# ---
|
|
|
|
|
|
# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
|
|
network_manage_devices: True
|
|
|
|
# Should the interfaces be reloaded after config change?
|
|
network_interface_reload: False
|
|
|
|
network_interface_path: /etc/network/interfaces.d
|
|
network_interface_required_packages:
|
|
- vlan
|
|
- bridge-utils
|
|
- ifmetric
|
|
- ifupdown
|
|
- ifenslave
|
|
- resolvconf
|
|
|
|
network_interfaces:
|
|
|
|
- device: eth2
|
|
headline: eth2 - Uplink static line (radio) to Altenschlirf
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 172.16.111.254
|
|
netmask: 24
|
|
up:
|
|
# - For management Antennas
|
|
- /sbin/ip link add link eth2 name eth2.111 type vlan id 111
|
|
post-up:
|
|
# - Static routes to Altenschlirf (Router Ip-Address Altenschlirf: 172.16.111.253)
|
|
# -
|
|
# - Telefon Altenshlirf
|
|
- /sbin/ip route add 172.16.210.0/24 via 172.16.111.253
|
|
# User Network Altenshlirf
|
|
- /sbin/ip route add 192.168.10.0/24 via 172.16.111.253
|
|
# Management Network Altenschlirf
|
|
- /sbin/ip route add 10.10.10.0/24 via 172.16.111.253
|
|
# WLan Router (Accesspoints) Altenshlirf
|
|
- /sbin/ip route add 10.122.1.0/24 via 172.16.111.253
|
|
# # WLan Networks Altenshlirf
|
|
- /sbin/ip route add 10.123.0.0/16 via 172.16.111.253
|
|
# DSL via Fritzbox Altenschlirf
|
|
- /sbin/ip route add 172.16.10.0/24 via 172.16.111.253
|
|
# - WLAN Gemeinschaft Altenschlirf (Unifi routet Network)
|
|
- /sbin/ip route add 10.221.0.0/20 via 172.16.111.253
|
|
# VPN home Network Altenschlirf
|
|
#
|
|
- /sbin/ip route add 10.0.10.0/24 via 172.16.111.253
|
|
# private networks 'ckubu'
|
|
#
|
|
# connections from private ckubu networks ist routed through VPN Altenschlirf (gw-ckubu),
|
|
# so we route them back to that gateway..
|
|
- /sbin/ip route add 192.168.63.0/24 via 172.16.111.253
|
|
- /sbin/ip route add 192.168.64.0/24 via 172.16.111.253
|
|
|
|
|
|
- device: eth2.111
|
|
headline: eth2.111 - network 10.10.111.0 (management antennas)
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 10.10.111.254
|
|
netmask: 24
|
|
|
|
|
|
- device: eth8
|
|
headline: eth8 - holds VLAN 211 device for Network Telefons Stockhausen
|
|
auto: false
|
|
family: inet
|
|
method: manual
|
|
up:
|
|
- /sbin/ip link add link eth8 name eth8.211 type vlan id 211
|
|
|
|
|
|
- device: eth8.211
|
|
headline: eth8.211 - Network Telefons Stockhausen
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
# Note:
|
|
# !! 172.16.211.254 is reserved for LANCom Router (DSL line teleefon).
|
|
# This LANCom Router IS NOT pngable !!
|
|
address: 172.16.211.1
|
|
netmask: 24
|
|
pre-up:
|
|
- /sbin/ifconfig eth8 up
|
|
|
|
|
|
- device: eth9
|
|
headline: eth9 - Uplink DSL surf2 via (static) line to Fritz!Box 7490 (formaly Zyxel 6501)
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 172.16.11.1
|
|
netmask: 24
|
|
gateway: 172.16.11.254
|
|
|
|
|
|
- device: eth10
|
|
headline: eth10 - Uplink DSL surf3 via (static) line to Fritz!Box 7490
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 172.16.13.1
|
|
netmask: 24
|
|
gateway: 172.16.13.254
|
|
|
|
|
|
- device: eth11
|
|
headline: eth11 - Uplink DSL surf1 via (static) line to Fritz!Box 7490 (Mailserver)
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 172.16.12.1
|
|
netmask: 24
|
|
gateway: 172.16.12.254
|
|
|
|
|
|
# ----------
|
|
# Note: Install the 'ifenslave' package, necessary to enable bonding:
|
|
#
|
|
# apt-get install ifenslave
|
|
# ----------
|
|
- device: bond0
|
|
headline: bond0 - LAG (Link Aggregation) on devices eth0 and eth4
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 10.1.9.254
|
|
netmask: 24
|
|
bond:
|
|
slaves: eth0 eth4
|
|
# Mode 4 (802.3ad)
|
|
#
|
|
# also possible here:
|
|
# - Mode 5: balance-tlb
|
|
# - Mode 6: balance-alb
|
|
mode: 4
|
|
miimon: 100
|
|
lacp-rate: 1
|
|
ad-select: count
|
|
downdelay: 200
|
|
updelay: 200
|
|
post-up:
|
|
# VLAN 11 for management network Stockhausen/Schloss 10.10.11.0/24
|
|
- /sbin/ip link add link bond0 name bond0.11 type vlan id 11
|
|
# VLAN 78 for network Georgshaus 192.168.78.0/24
|
|
- /sbin/ip link add link bond0 name bond0.78 type vlan id 78
|
|
|
|
|
|
- device: bond0.11
|
|
headline: bond0.11 - VLAN 11 on interface bond0 (Management Network Stockhausen)
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 10.10.11.254
|
|
netmask: 24
|
|
|
|
|
|
- device: bond0.78
|
|
headline: bond0.78 - VLAN 78 on interface bond0 (Georgshaus ?)
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 192.168.78.254
|
|
netmask: 24
|
|
|
|
|
|
# ----------
|
|
# Note: Install the 'ifenslave' package, necessary to enable bonding:
|
|
#
|
|
# apt-get install ifenslave
|
|
# ----------
|
|
- device: bond1
|
|
headline: bond1 - LAG (Link Aggregation) on devices eth1 and eth5 - Main Network Stockhausen
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 192.168.11.254
|
|
netmask: 24
|
|
nameservers:
|
|
- 192.168.11.1
|
|
- 192.168.10.3
|
|
search: ga.netz ga.intra
|
|
bond:
|
|
slaves: eth1 eth5
|
|
# Mode 4 (802.3ad)
|
|
#
|
|
# also possible here:
|
|
# - Mode 5: balance-tlb
|
|
# - Mode 6: balance-alb
|
|
mode: 4
|
|
miimon: 100
|
|
lacp-rate: 1
|
|
ad-select: count
|
|
downdelay: 200
|
|
updelay: 200
|
|
post-up:
|
|
# VLAN 121 - for Ubiquiti UniFi Accesspoints)
|
|
- /sbin/ip link add link bond1 name bond1.121 type vlan id 121
|
|
# Route ???
|
|
- /sbin/ip route add 10.11.16.0/24 via 192.168.11.6
|
|
|
|
|
|
- device: bond1.121
|
|
headline: bond1.121 - VLAN 121 on interface bond1 for Ubiquiti UniFi Accesspoints
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 10.121.15.254
|
|
netmask: 20
|
|
|
|
|
|
- device: bond1:ns
|
|
headline: bond1:ns - Alias IP on bond1 device for Nameservice
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 192.168.11.1
|
|
netmask: 32
|
|
|
|
|
|
- device: bond1:1
|
|
headline: bond1:1 - Alias IP on bond1 device for (depricated) Management Network
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 10.10.9.254
|
|
netmask: 24
|
|
|
|
|
|
- device: bond1:ap
|
|
headline: bond1:ap - Alias IP on bond1 device for Network Accesspoints
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 10.112.1.254
|
|
netmask: 24
|
|
post-up:
|
|
# - Wireless Networks routed through appropriate Accesspoints
|
|
# -
|
|
- /sbin/ip route add 10.113.1.0/24 via 10.112.1.1
|
|
- /sbin/ip route add 10.113.2.0/24 via 10.112.1.2
|
|
- /sbin/ip route add 10.113.3.0/24 via 10.112.1.3
|
|
- /sbin/ip route add 10.113.4.0/24 via 10.112.1.4
|
|
- /sbin/ip route add 10.113.5.0/24 via 10.112.1.5
|
|
- /sbin/ip route add 10.113.6.0/24 via 10.112.1.6
|
|
- /sbin/ip route add 10.113.7.0/24 via 10.112.1.7
|
|
- /sbin/ip route add 10.113.8.0/24 via 10.112.1.8
|
|
- /sbin/ip route add 10.113.9.0/24 via 10.112.1.9
|
|
- /sbin/ip route add 10.113.10.0/24 via 10.112.1.10
|
|
- /sbin/ip route add 10.113.11.0/24 via 10.112.1.11
|
|
- /sbin/ip route add 10.113.12.0/24 via 10.112.1.12
|
|
- /sbin/ip route add 10.113.13.0/24 via 10.112.1.13
|
|
- /sbin/ip route add 10.113.14.0/24 via 10.112.1.14
|
|
- /sbin/ip route add 10.113.15.0/24 via 10.112.1.15
|
|
|
|
|
|
- device: bond1:ipmi
|
|
headline: bond1:ipmi - Alias IP on bond1 for IPMI Addresses Servr Stockhausen
|
|
auto: true
|
|
family: inet
|
|
method: static
|
|
address: 10.11.11.254
|
|
netmask: 24
|
|
|
|
|
|
# ---
|
|
# vars used by roles/ansible_dependencies
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/ansible_user
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/basic.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/sshd.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/apt.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/users.yml
|
|
# ---
|
|
|
|
insert_ssh_keypair_backup_server: false
|
|
ssh_keypair_backup_server:
|
|
- name: backup
|
|
backup_user: back
|
|
priv_key_src: root/.ssh/id_rsa.backup.oopen.de
|
|
priv_key_dest: /root/.ssh/id_rsa
|
|
pub_key_src: root/.ssh/id_rsa.backup.oopen.de.pub
|
|
pub_key_dest: /root/.ssh/id_rsa.pub
|
|
|
|
insert_keypair_backup_client: true
|
|
ssh_keypair_backup_client:
|
|
- name: backup
|
|
priv_key_src: root/.ssh/id_ed25519.oopen-server
|
|
priv_key_dest: /root/.ssh/id_ed25519
|
|
pub_key_src: root/.ssh/id_ed25519.oopen-server.pub
|
|
pub_key_dest: /root/.ssh/id_ed25519.pub
|
|
target: backup.oopen.de
|
|
|
|
default_user:
|
|
|
|
- name: chris
|
|
password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
|
|
|
|
- name: wadmin
|
|
password: $6$sLWIXKTW$i/STlSS0LijkrnGR/XMbaxJsEbrRdDYgqyCqIr.muLN5towes8yHDCXsyCYDjuaBNKPHXyFpr8lclg5DOm9OF1
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
|
|
|
|
- name: sysadm
|
|
user_id: 1050
|
|
group_id: 1050
|
|
group: sysadm
|
|
password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5GDIFA6/i6lzkr+EP/EZM9glrK0eSR0nmrEFgUJ4n8 wadmin@ga-st-lsx1'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID17MN6fUg0D1dMSgVYIBpIy+sDBBmiaHmXRXU63TXJA wadmin@ga-st-li1303'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtK8/rxHL1MKX5AHrgAzUYu0kV+1iYCmknpTQ7F0ham wadmin@wolf-debtest'
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcaDFxj0pYjOv/ohFVxVY2RKvy6ACZFPX9UkrUPHkbN wadmin@wolf-x1'
|
|
|
|
- name: back
|
|
user_id: 1060
|
|
group_id: 1060
|
|
group: back
|
|
password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
|
|
shell: /bin/bash
|
|
ssh_keys:
|
|
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
|
|
|
|
sudo_users:
|
|
- chris
|
|
- sysadm
|
|
- wadmin
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/users-systemfiles.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/webadmin-user.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/sudoers.yml
|
|
# ---
|
|
#
|
|
# see: roles/common/tasks/vars
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/caching-nameserver.yml
|
|
# ---
|
|
|
|
|
|
# ---
|
|
# vars used by roles/common/tasks/git.yml
|
|
# ---
|
|
|
|
git_firewall_repository:
|
|
name: ipt-gateway
|
|
repo: https://git.oopen.de/firewall/ipt-gateway
|
|
dest: /usr/local/src/ipt-gateway
|
|
|
|
# ==============================
|
|
|
|
|
|
# ---
|
|
# vars used by scripts/reset_root_passwd.yml
|
|
# ---
|
|
|
|
root_user:
|
|
name: root
|
|
password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.
|
|
|