ansible/vdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Tim Dittler
2020-01-13 14:51:16 +01:00
commit 7c454c1ed4
127 changed files with 7674 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
roles/common/files/etc/nsswitch.conf Executable file
View File

@ -0,0 +1,20 @@
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat systemd nis
group: compat systemd nis
shadow: compat nis
gshadow: files
hosts: files nis mdns4_minimal [NOTFOUND=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

4
roles/common/files/etc/systemd/system/rpcbind.socket.d/override.conf Executable file
View File

@ -0,0 +1,4 @@
[Unit]
DefaultDependencies=no
Wants=rpcbind.target
Before=rpcbind.target

3
roles/common/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf Executable file
View File

@ -0,0 +1,3 @@
[Service]
IPAddressAllow=192.168.0.0/16

26
roles/common/handlers/main.yml Executable file
View File

@ -0,0 +1,26 @@
---
- name: Renew nis databases
shell: make -C /var/yp
when:
- "groups['nis_server']|string is search(inventory_hostname)"
- name: Reload nfs
service:
name: nfs-kernel-server
state: reloaded
enabled: yes
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Restart systemd-logind.service
service:
name: systemd-logind
daemon_reload: yes
state: restarted
- name: Restart rpcbind
service:
name: rpcbind
daemon_reload: yes
state: restarted

9
roles/common/tasks/main.yml Executable file
View File

@ -0,0 +1,9 @@
---
- import_tasks: nfs.yml
tags:
- nfs
- import_tasks: nis-install-client.yml
# when: "groups['nis_client']|string is search(inventory_hostname)"
tags:
- nis-install

26
roles/common/tasks/nfs.yml Executable file
View File

@ -0,0 +1,26 @@
---
- name: (nfs.yml) Ensure NFS utilities (clients) are installed.
apt:
pkg: nfs-common
state: present
when:
- ansible_os_family == "Debian"
tags:
- nfs-client
- name: (nfs.yml) NFS Mount exports from nfs server
mount:
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: nfs
opts: "{{ item.mount_opts }}"
dump: "{{ item.dump | default(omit) }}"
passno: "{{ item.passno | default(omit) }}"
state: mounted
loop: "{{ nfs_exports }}"
loop_control:
label: '{{ item.src }}'
tags:
- nfs-client

310
roles/common/tasks/nis-install-client.yml Executable file
View File

@ -0,0 +1,310 @@
---
# ---
# Install nis
# ---
- name: (nis-install-client.yml) Set (nis) default domain (/etc/defaultdomain)
template:
dest: /etc/defaultdomain
src: etc/defaultdomain.j2
owner: root
group: root
mode: 0644
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Create preconfigured /etc/yp.conf on nis clients
template:
dest: /etc/yp.conf
src: etc/yp.conf.j2
owner: root
group: root
mode: 0644
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Install nis common packages
package:
name: "{{ item }}"
state: present
with_items: "{{ nis_common_packages }}"
tags:
- nis-install
- nis-install-client
# ---
# /etc/default/nis
# ---
- name: (nis-install-client.yml) Check if file '/etc/default/nis.ORIG' exists
stat:
path: /etc/default/nis.ORIG
register: default_nis_exists
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Backup existing file /etc/default/nis
command: cp -a /etc/default/nis /etc/default/nis.ORIG
when:
- default_nis_exists.stat.exists == False
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISSERVER' (client)
replace:
path: /etc/default/nis
regexp: '^NISSERVER=.*'
replace: 'NISSERVER=false'
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (client)
replace:
path: /etc/default/nis
regexp: '^NISCLIENT=.*'
replace: 'NISCLIENT=true'
tags:
- nis-install
- nis-install-client
# ---
# /etc/{passwd,group,shadow}
# ---
- name: (nis-install-client.yml) Add '+::::::' to file /etc/passwd
lineinfile:
path: /etc/passwd
line: '+::::::'
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
when: "ansible_distribution_major_version|int < 18"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Add '+:::' to file /etc/group
lineinfile:
path: /etc/group
line: '+:::'
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
when: "ansible_distribution_major_version|int < 18"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Add '+::::::::' to file /etc/shadow
lineinfile:
path: /etc/shadow
line: '+::::::::'
insertafter: EOF
state: present
owner: root
group: shadow
mode: '0640'
when: "ansible_distribution_major_version|int < 18"
tags:
- nis-install
- nis-install-client
# ---
# /etc/hosts
# ---
- name: (nis-install-client.yml) Check if file '/etc/hosts.ORIG' exists
stat:
path: /etc/hosts.ORIG
register: etc_hosts_orig_exists
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Backup existing file /etc/hosts
command: cp -a /etc/hosts /etc/hosts.ORIG
when:
- etc_hosts_orig_exists.stat.exists == False
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Add nis-server to file /etc/hosts
lineinfile:
path: /etc/hosts
line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[1] }}'
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
tags:
- nis-install
- nis-install-client
# ---
# /etc/nsswitch.conf
# ---
#- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
# stat:
# path: /etc/nsswitch.conf.ORIG
# register: nsswitch_conf_orig_exists
# tags:
# - nis-install
# - nis-install-client
#
#- name: (nis.yml) Backup existing file /etc/nsswitch.conf
# command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
# when:
# - nsswitch_conf_orig_exists.stat.exists == False
# tags:
# - nis-install
# - nis-install-client
#
#- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set hosts)
# replace:
# path: /etc/nsswitch.conf
# regexp: '(hosts:\s+files)\s+([^nis].*)'
# replace: '\1 nis \2'
# tags:
# - nis-install
# - nis-install-client
#
#- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set passwd/group/shadow)
# replace:
# path: /etc/nsswitch.conf
# regexp: '^({{ item }}:\s+.*(?!nis).*)'
# replace: '\1 nis'
# with_items:
# - passwd
# - group
# - shadow
# tags:
# - nis-install
# - nis-install-client
- name: Copy /etc/nsswitch.conf
copy:
src: etc/nsswitch.conf
dest: /etc/nsswitch.conf
owner: root
group: root
mode: 0644
# ---
# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
# ---
# - !! Using NIS client in Ubuntu 18.04 crashes both Gnome and Unity !!
# - ===================================================================
#
# - Unter NIS in Ubuntu 18.04 stütrzt Gnome und Unity ab
# -
# - Abhilfe schafft:
# -
#
# - Create a new directory in /etc/systemd/system/ named exactly after the
# - service you want to extend including a '.d', here this would be:
# - systemd-logind.service.d
# -
# - mkdir /etc/systemd/system/systemd-logind.service.d
#
# - Create a new file choose_an_appropriate_name.conf (e.g. nis_allow_network.conf)
# - inside the newly created directory with the following content, which specifies
# - the IP or IP range you want to be allowed:
# -
# - cat <<EOF > /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
# - [Service]
# - IPAddressAllow=192.168.0.0/16
# - EOF
# -
# - systemctl daemon-reload
# - systemctl restart systemd-logind.service
- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/systemd-logind.service.d exists
file:
path: /etc/systemd/system/systemd-logind.service.d
owner: root
group: root
mode: '0755'
state: directory
when: "ansible_distribution_major_version|int >= 18"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf exists
copy:
src: "{{ role_path + '/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf' }}"
dest: /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
owner: root
group: root
mode: '0755'
when: "ansible_distribution_major_version|int >= 18"
# XXX: killt meine Xsession (Tim)
# notify:
# - Restart systemd-logind.service
tags:
- nis-install
- nis-install-client
# - Seit Ubuntu 16.04 startet nis vor dem portmapper (rpcbind). Das Starten
# - schlägt deshalb fehl und nis steht nicht zur Verfügung.
# -
# - Abhilfe:
# -
# - Run "systemctl edit rpcbind.socket" and add the following:
# -
# - [Unit]
# - DefaultDependencies=no
# - Wants=rpcbind.target
# - Before=rpcbind.target
# -
# - You can see your changes:
# - cat /etc/systemd/system/rpcbind.socket.d/override.conf
- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/rpcbind.socket.d exists
file:
path: /etc/systemd/system/rpcbind.socket.d
owner: root
group: root
mode: '0755'
state: directory
when: "ansible_distribution_major_version|int >= 16"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/rpcbind.socket.d/override.conf exists
copy:
src: "{{ role_path + '/files/etc/systemd/system/rpcbind.socket.d/override.conf' }}"
dest: /etc/systemd/system/rpcbind.socket.d/override.conf
owner: root
group: root
mode: '0755'
when: "ansible_distribution_major_version|int >= 16"
notify:
- Restart rpcbind
tags:
- nis-install
- nis-install-client
# TODO:
# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
# /etc/systemd/system/rpcbind.socket.d/override.conf

1
roles/common/templates/etc/defaultdomain.j2 Executable file
View File

@ -0,0 +1 @@
{{ nis_domain }}

31
roles/common/templates/etc/exports.j2 Executable file
View File

@ -0,0 +1,31 @@
# {{ ansible_managed }}
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
{% set count = namespace(nfs_exports=100) %}
{% for export in nfs_exports %}
{% set export_str= namespace(nfs_exports = export.src.split(":")[1]) %}
{% set count.nfs_exports = count.nfs_exports + 10 %}
{% for network in export.export_networks %}
{% if export.fs_encrypted is defined and export.fs_encrypted is sameas true %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
{% else %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }})
{% endif %}
{% endfor %}
{{ export_str.nfs_exports }}
{% endfor %}

34
roles/common/templates/etc/sudoers.d/50-user.j2 Executable file
View File

@ -0,0 +1,34 @@
# {{ ansible_managed }}
{% for item in sudoers_file_defaults | default([]) %}
Defaults {{ item }}
{% endfor %}
# Host alias specification
{% for item in sudoers_file_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User alias specification
{% for item in sudoers_file_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Cmnd alias specification
{% for item in sudoers_file_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Runas alias specification
{% for item in sudoers_file_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User privilege specification
{# rules for nis users #}
{% for item in nis_user | default([]) %}
{{ item.name }} ALL=(root)NOPASSWD: MOUNT
{% endfor %}
# Group privilege specification

56
roles/common/templates/etc/sudoers.j2 Executable file
View File

@ -0,0 +1,56 @@
# {{ ansible_managed }}
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
{% for item in sudoers_defaults %}
{% if item != '' %}
Defaults {{ item }}
{% endif %}
{% endfor %}
# Host alias specification
{% for item in sudoers_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User alias specification
{% for item in sudoers_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Cmnd alias specification
{% for item in sudoers_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Runas alias specification
{% for item in sudoers_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User privilege specification
{% for item in sudoers_user_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Group privilege specification
{% for item in sudoers_group_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

24
roles/common/templates/etc/yp.conf.j2 Executable file
View File

@ -0,0 +1,24 @@
# {{ ansible_managed }}
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
domain {{ nis_domain }} server {{ nis_server_address }}

779
roles/common/vars/main.yml Executable file
View File

@ -0,0 +1,779 @@
---
# ---
# NFS
# ---
nfs_server: 192.168.112.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
nfs_exports:
- src: 192.168.112.10:/data/home
path: /data/home
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.112.0/24
- 10.0.112.0/24
- 10.1.112.0/24
- 192.168.63.0/24
fs_encrypted: false
- src: 192.168.112.10:/data/shares
path: /data/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.112.0/24
- 10.0.112.0/24
- 10.1.112.0/24
- 192.168.63.0/24
fs_encrypted: false
# ---
# Samba / NIS
# ---
samba_server: file-mbr.mbr-bln.netz
samba_shares:
- name: Arbeitsrechtliches
user:
- anne
- bianca
- birgit.erhardt
- christina.wendt
- chris
- sysadm
- name: Ausschreibungen
user:
- anne
- bianca
- chris
- matthias.mueller
- sysadm
- name: BGN-Finanzen-Personal
user:
- anne
- bianca
- carolin
- christina.wendt
- chris
- sysadm
- ulf.balmer
- name: BVV-Projekt
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: Finanzen
user:
- anne
- bianca
- birgit.erhardt
- christina.wendt
- chris
- sysadm
- name: Install
user:
- chris
- sysadm
- lokaladmin
- name: Kamera
user:
- anne
- axis
- bianca
- chris
- sysadm
- name: MBR
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: Mobilisierungsplattform
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: RIAS
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: RIAS-Finanzen-Personal
user:
- anne
- bianca
- benjamin
- birgit.erhardt
- christina.wendt
- chris
- sysadm
- name: SCAN
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: VDK
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: Video
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
nis_domain: mbr-bln.netz
#nis_domain: local.netz
nis_server_address: 192.168.112.10
nis_server_name: file-mbr.mbr-bln.netz
#nis_server_name: luna.local.netz
nis_common_packages:
- nis
- nscd
nis_deleted_user: []
nis_base_home: /data/home
nis_groups:
- name: mbr-buero
group_id: 1200
- name: mbr-finanzen
group_id: 1210
- name: mbr-personal
group_id: 1220
- name: mbr-kamera
group_id: 1250
- name: mbr-admins
group_id: 1260
- name: vdk
group_id: 1300
- name: rias
group_id: 1400
- name: rias-finanzen-personal
group_id: 1410
- name: bgn
group_id: 1500
- name: bgn-finanzen-personal
group_id: 1510
nis_user:
- name: chris
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
38643435653764393333613564393733666139656264343833333632373938323230393036303234
3633303562636465643930643961663165646237386664370a386362346162313037353163383365
61343263386239316164613935633062343165363863376462653165306464633136313839343962
3865353333373661390a643564386432643532396632323664383330646430613033643130626430
6139
- name: lokaladmin
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'd4r1usz'
- name: sysadm
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'KPk_Wf2F'
- name: alexander.rasumny
groups:
- mbr-buero
is_samba_user: true
password: 'twT9Rjbv9mjq'
- name: anna.mueller1
groups:
- mbr-buero
is_samba_user: true
password: '5xp5ll9ar13us!'
- name: anne
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'YA!LiLiC0MP5'
- name: axis
groups:
- mbr-buero
is_samba_user: true
password: '20_axis_16'
- name: benjamin
groups:
- mbr-buero
- vdk
- rias
- rias-finanzen-personal
is_samba_user: true
password: 'C2-0U#ch'
- name: bianca
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: '73_BiBole_29'
- name: birgit.erhardt
groups:
- mbr-buero
- mbr-finanzen
- vdk
is_samba_user: true
password: '20_purpel!rain_17'
- name: bjoern.renkewitz
groups:
- mbr-buero
is_samba_user: true
password: 'Tz9-Wq-51'
- name: carolin
groups:
- mbr-buero
- bgn-finanzen-personal
is_samba_user: true
password: '20_carol1n_14'
- name: christina.wendt
groups:
- mbr-buero
- mbr-finanzen
- vdk
- rias-finanzen-personal
- bgn-finanzen-personal
is_samba_user: true
password: '8!Varianten'
- name: daniel.poensgen
groups:
- mbr-buero
is_samba_user: true
password: 'rcMRCm7jcpbp'
- name: doku_4
groups:
- mbr-buero
is_samba_user: true
password: 'PwmNvPh9KM4T'
- name: doku_7
groups:
- mbr-buero
is_samba_user: true
password: 'TFhCW9J4Vn4F'
- name: dorina.feldmann
groups:
- mbr-buero
is_samba_user: true
password: '17?4XPQ_!abc'
- name: franziska
groups:
- mbr-buero
is_samba_user: true
password: 'f49mCjbj3Jh7'
- name: frederick.kannenberg
groups:
- mbr-buero
is_samba_user: true
password: 'riasFK2019!#'
- name: doku2
groups:
- mbr-buero
is_samba_user: true
password: '*M0ss4d*'
- name: johannes.radke
groups:
- mbr-buero
is_samba_user: true
password: 'Furzf4brik!'
- name: judith.heinmueller
groups:
- mbr-buero
is_samba_user: true
password: 't32_aHxV.'
- name: kristina.holzapfel
groups:
- mbr-buero
is_samba_user: true
password: 'c7PvX_39.'
- name: lavinia.schwedersky
groups:
- mbr-buero
is_samba_user: true
password: 'xJw.3R9vKf/N'
- name: manja.kasten
groups:
- mbr-buero
is_samba_user: true
password: 'Rasili_&n'
- name: mathias
groups:
- mbr-buero
is_samba_user: true
password: 'p3r*45p3r4*4d*45tr4m'
- name: matthias.mueller
groups:
- mbr-buero
- mbr-personal
is_samba_user: true
password: 'V1v@H@f3rdr1nk'
- name: michael.sulies
groups:
- mbr-buero
is_samba_user: true
password: 'Cryst4lp4l4c3'
- name: michael.trube
groups:
- mbr-buero
- mbr-kamera
is_samba_user: true
password: '*R13sl1ng*'
- name: pia.lamberty
groups:
- mbr-buero
is_samba_user: true
password: 'oasd31*as+Q%'
- name: praktikum
groups:
- mbr-buero
is_samba_user: true
password: '_F313r4b3nd*'
- name: praktikum_rias
groups:
- mbr-buero
is_samba_user: true
password: '7z7F%d3cv_dfjz'
- name: praktikum2
groups:
- mbr-buero
is_samba_user: true
password: '20praktikum213'
- name: praktikum2_rias
groups:
- mbr-buero
is_samba_user: true
password: 'ctnrk3CczcJ9'
- name: praktikum3
groups:
- mbr-buero
is_samba_user: true
password: 'Q56V.6kf/JLQ'
- name: praktikum4
groups:
- mbr-buero
is_samba_user: true
password: '6jA,nmD,fdK!'
- name: sabine.kritter
groups:
- mbr-buero
is_samba_user: true
password: '#17_abc_?!'
- name: samuel.signer
groups:
- mbr-buero
is_samba_user: true
password: 'S4mmyC0mput3r!'
- name: scan
groups:
- mbr-buero
is_samba_user: true
password: '20scan13'
- name: simon
groups:
- mbr-buero
is_samba_user: true
password: 'S4u3rkr4ut!'
- name: ulf.balmer
groups:
- mbr-buero
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'ALL3_e6ene#'
# ---
# vars used by roles/ansible_dependencies
# ---
apt_ansible_dependencies:
- python
- python-apt
- python3
- python3-apt
- lsb-release
- apt-transport-https
- dbus
- sudo
- vim
- net-tools
- vlan
# ---
# vars used by roles/ansible_user
# ---
ssh_keys_admin:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
ansible_remote_user:
- name: lokaladmin
password: $6$KLQUDbiw$qvsGUndXr2G3DxhML6maD/nsJtXfElSLQ7ufkMuJu2vACbYX7kqNXdiU17oX6CyN5L1xARZ.TiES/w7zfh0Cu/
shell: /bin/bash
# ---
# vars used by roles/common/tasks/basic.yml
# ---
time_zone: Europe/Berlin
locales:
- en_US.UTF-8
- de_DE.UTF-8
set_default_limit_nofile: false
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
sudo_users:
- lokaladmin
# /etc/sudoers
#
sudoers_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_host_aliases: []
sudoers_user_aliases: []
sudoers_cmnd_aliases: []
sudoers_runas_aliases: []
sudoers_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_group_privileges: []
# /etc/sudoers.d/50-user
#
sudoers_file_defaults: []
sudoers_file_host_aliases: []
sudoers_file_user_aliases: []
sudoers_file_cmnd_aliases:
- name: MOUNT
entry: '/bin/mount,/bin/umount'
sudoers_file_runas_aliases: []