From 18411cd9753187e9a83677837c04b044e9b3263b Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 18 Apr 2024 09:59:34 +0200 Subject: [PATCH 01/82] Only send ansible output if something failes --- update.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update.yml b/update.yml index 18b17b9..4e19ffe 100644 --- a/update.yml +++ b/update.yml @@ -23,7 +23,7 @@ cron: name: "ansible provision" user: "{{ ansible_user_id }}" - job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master' + job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_update.log || cat /var/log/ansible_update.log' state: present minute: 0 hour: 1 @@ -33,7 +33,7 @@ cron: name: "ansible provision" user: "{{ ansible_user_id }}" - job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master' + job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_update.log || cat /var/log/ansible_update.log' state: present minute: 0 hour: 1 From 4a2ee7f8ab48eefe7f04e4caa5e3e7cb01ad82ec Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 3 Jul 2024 11:43:24 +0200 Subject: [PATCH 02/82] added installation of wazuh-agent --- roles/base/tasks/main.yml | 2 ++ roles/base/tasks/software/wazuh-agent.yml | 15 +++++++++++++++ roles/base/vars/main.yml | 3 ++- 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 roles/base/tasks/software/wazuh-agent.yml diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 948cb47..39321a8 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -34,6 +34,8 @@ # - import_tasks: system_setup/microcode.yml - import_tasks: system_setup/openssh.yml - import_tasks: system_setup/scripts.yml + - import_tasks: software/wazuh-agent.yml + when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"] # Set up the ansible environment diff --git a/roles/base/tasks/software/wazuh-agent.yml b/roles/base/tasks/software/wazuh-agent.yml new file mode 100644 index 0000000..8c31888 --- /dev/null +++ b/roles/base/tasks/software/wazuh-agent.yml @@ -0,0 +1,15 @@ +- name: install wazuh agent + apt: + deb: https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.8.0-1_amd64.deb + environment: + WAZUH_MANAGER: "{{ wazuh_manager }}" + +- name: systemctl daemon-reload + systemd: + daemon-reload: yes + +- name: Start Wazuh agent + systemd: + name: "wazuh-agent" + state: started + enabled: yes \ No newline at end of file diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml index 533bad8..7601689 100644 --- a/roles/base/vars/main.yml +++ b/roles/base/vars/main.yml @@ -1 +1,2 @@ -root_home: "{{ lookup('env','HOME') }}" \ No newline at end of file +root_home: "{{ lookup('env','HOME') }}" +wazuh_manager: "wazuh.universe.local" \ No newline at end of file From 5c3cdfd812639c287ad262731f1e0533935c78c8 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 3 Jul 2024 14:46:16 +0200 Subject: [PATCH 03/82] added new host --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index b03407e..c8c81cd 100644 --- a/hosts +++ b/hosts @@ -25,6 +25,7 @@ samba-ad-dc1.universe.local samba-ad-dc2.universe.local shinobi.universe.local step-ca.universe.local +wazuh.universe.local zoneminder.universe.local [server:children] From 11a60747ed98bf79fe1d9e516c33e6dba0218912 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 14:50:19 +0200 Subject: [PATCH 04/82] added new vars to host --- host_vars/mewitoot.de.yml | 61 ++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml index 4d9252d..ad0c2f1 100644 --- a/host_vars/mewitoot.de.yml +++ b/host_vars/mewitoot.de.yml @@ -1,30 +1,33 @@ $ANSIBLE_VAULT;1.1;AES256 -31623635633237366334346365666362313264623266396336333563633464353135353133343534 -6430633566376538353834343032316331663136613462350a353233643534346161653830333835 -37653966323633616463323063333431623265343861383366623962336531306232656534323563 -3534363537656131300a323137666330313738323035316662663562623964343732383464353537 -33313561333165373764373538623963353737316631663837306235366531303263613035383832 -66383663653038623639663461636562316661313033393237323836373263373933623733313033 -66316636386462363038353330626239653431313230666464366635666235333239336530636633 -30356365636366333735333237623638626364613937636437363030623566303264336339316434 -39303535386332663230386163333762656432613038653838326230393162663066373331396264 -32373831663433333266306434346466366532363134666464633739396539356536616435376164 -63303934663632376235643431666163626333396232323563663866373537633330323238616666 -34393931373762326334373830656233383765303234363830616365623530333730306665656537 -37633263636263353830323766663066656466653833383333373966303734656333623364346264 -33343664653865336430343935343765303238333434333937316338346234663432643835653864 -64623864633130626335313034613665316261376130353530373330636165313538396262343031 -32663362326536623436623835333132616664643964636266643661313832323338316532333133 -31636263383266333632633031656463653462363630313362663036313637643031366534323837 -63363561626431663965323763343866383837393866626132363735363739633566663530643733 -33326633613866343534643739313539346234373366303564356665646232373835643064633332 -32373938323162396232306331323137336563636139383535336334306638333532313138323831 -66323635613239663230666430323031396163336564343732613633613361333436393564306262 -65636264643562633365383733363834303266343735393234363538303138633964633536656231 -61373931643931316265666566366532336634393866643530616334386661336439646135626665 -33326430326461303861323335643962366561613062666232623236373137343430396337343237 -62386135616463386333306133353365396438656366393135393065383038323337613730353434 -37383666336464646538336361613239303932356637623132663030666432616163393964646437 -64613663653635383530313238313938663337626539633265656630663833623238383334343661 -65383537383036323865356434343639343839636365613139626337616631363131653833383333 -32613566633334323466653134656638326238383135363638616430346230623236 +66656162396233636265336433633133656161653133313661623434613831383136376662333430 +6233613039373666323039326165336262383630306131340a656566306434623461303733386135 +63613530316237623933633563386537326531303764313032353132323135383138326461346565 +6666616461373663620a623863373062366534323232346462323064346639626362656566393631 +32656634623238386331646235316532393537616364653366303366666262383863326534386631 +62643435353365313738333738336465346132323937666635646236646432336665396335346531 +38386230383530633434383533356137393134303566363564376163653065396633393761386437 +35323964363039383637313436353563376163356166346233633139316634323635393261633431 +37656266393064306666383861326630313764306265623738313938613936313563633866303063 +61643462383234663538336431386434306130366561613539613166353762663938346665653062 +39366435356466653939383965326535373430303837386136623331393934373633343937623264 +39316138326231356538613830396239656539636439663731383466343464386561613336353234 +65393636373366383764353037623930616430623237303661383532663333386335376562653538 +33376131343138653234636362376539613133383936383336376237383664643262353138366139 +31636631343561336137653337383664633839633335643838356530336633666234393037376133 +35343563376234363866333335383865346263396361343565306466393231343535393138303231 +36336639643931333966323135313837343062373639613232383061363764356462376434346564 +31336433303033333661613130663864653930643865663835663039313666346139613335626562 +35316238303630316431633933646533363761343963333938386131323564646234333263313661 +32323536653736656432643562393965633565343534653763633561376432316535393732353933 +65323631373631326130646363333137383732343037383931386564333636656136623635323866 +62303730653164353938346637653762333762366535373234323762366438386332343232366334 +64643265333064346466663564666438623466663439396231663265306462303837623666373761 +30613234393766346331613737333366386136356630613638396530656238663130333862383265 +61663030363633316564386338316237336231366335363565633037373266353339333362653834 +64383961636637383965656662316135373134656533313433366265373864656562663035656234 +35613637383363653132303664343739656366633731636431393931623635643762373139383463 +30313932643530653963623130323734663335333365353136316335636438333738386437643163 +66613466306137373161333336643533336633313164306365353364643038336665613264613862 +61303063306538643564333033613935346136396262663238343235323930353163363836333362 +61643034396230366336643230616236383736373165623033613332313565373337373031623863 +38346462386131346364 From 0dc18712680a37b6d36a7d06091a1ffe1273f1d1 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 14:51:30 +0200 Subject: [PATCH 05/82] added DNS resolver option powerdns-recursor --- .../configure_powerdns_recursor_snmpd.yml | 27 +++++++++++++++++++ .../tasks/configure_unbound_snmpd.yml | 18 ++++++++++--- .../tasks/install_powerdns_recursor.yml | 25 +++++++++++++++++ roles/nameserver/tasks/install_unbound.yml | 6 +++++ roles/nameserver/tasks/main.yml | 12 ++++----- .../powerdns-recursor-custom-config.j2 | 4 +++ roles/nameserver/vars/debian.yml | 6 ++--- 7 files changed, 86 insertions(+), 12 deletions(-) create mode 100644 roles/nameserver/tasks/configure_powerdns_recursor_snmpd.yml create mode 100644 roles/nameserver/tasks/install_powerdns_recursor.yml create mode 100644 roles/nameserver/templates/powerdns-recursor-custom-config.j2 diff --git a/roles/nameserver/tasks/configure_powerdns_recursor_snmpd.yml b/roles/nameserver/tasks/configure_powerdns_recursor_snmpd.yml new file mode 100644 index 0000000..7e206d3 --- /dev/null +++ b/roles/nameserver/tasks/configure_powerdns_recursor_snmpd.yml @@ -0,0 +1,27 @@ +- name: "Nameserver: powerdns-recursor | snmpd | get script" + get_url: + url: "https://github.com/librenms/librenms-agent/raw/master/snmp/powerdns-recursor" + dest: "/etc/snmp/powerdns-recursor" + mode: "0755" + owner: "root" + group: "root" + +- name: "Nameserver: powerdns-recursor | snmpd | remove unbound script" + file: + path: "/etc/snmp/unbound" + state: absent + +- name: "Nameserver: powerdns-recursor | snmpd | configure extend" + lineinfile: + path: "{{ snmpd_conf }}" + state: present + line: "extend powerdns-recursor {{ sudo }} /etc/snmp/powerdns-recursor" + insertafter: "# SECTION: Extends" + notify: restart_snmpd + +- name: "Nameserver: powerdns-recursor | snmpd | remove unbound extend" + lineinfile: + path: "{{ snmpd_conf }}" + state: absent # not required. choices: absent;present. Whether the line should be there or not. + line: "extend unbound {{ sudo }} /etc/snmp/unbound" + notify: restart_snmpd diff --git a/roles/nameserver/tasks/configure_unbound_snmpd.yml b/roles/nameserver/tasks/configure_unbound_snmpd.yml index 85e2a64..41acc53 100644 --- a/roles/nameserver/tasks/configure_unbound_snmpd.yml +++ b/roles/nameserver/tasks/configure_unbound_snmpd.yml @@ -1,4 +1,4 @@ -- name: nameserver | snmpd | get script +- name: "Nameserver: unbound | snmpd | get script" get_url: url: "https://github.com/librenms/librenms-agent/raw/master/snmp/unbound" dest: "/etc/snmp/unbound" @@ -6,10 +6,22 @@ owner: "root" group: "root" -- name: nameserver | snmpd | configure extend +- name: "Nameserver: unbound | snmpd | remove powerdns-recursor script" + file: + path: "/etc/snmp/powerdns-recursor" + state: absent + +- name: "Nameserver: unbound | snmpd | configure extend" lineinfile: path: "{{ snmpd_conf }}" state: present line: "extend unbound {{ sudo }} /etc/snmp/unbound" insertafter: "# SECTION: Extends" - notify: restart_snmpd \ No newline at end of file + notify: restart_snmpd + +- name: "Nameserver: unbound | snmpd | remove powerdns-recursor extend" + lineinfile: + path: "{{ snmpd_conf }}" + state: absent + line: "extend powerdns-recursor {{ sudo }} /etc/snmp/powerdns-recursor" + notify: restart_snmpd diff --git a/roles/nameserver/tasks/install_powerdns_recursor.yml b/roles/nameserver/tasks/install_powerdns_recursor.yml new file mode 100644 index 0000000..18d164d --- /dev/null +++ b/roles/nameserver/tasks/install_powerdns_recursor.yml @@ -0,0 +1,25 @@ +- name: nameserver | powerdns-recursor | install packages + package: + name: "{{ powerdns-recursor_package }}" + state: present + +- name: nameserver | powerdns-recursor | copy config + template: + src: "powerdns-recursor_network.conf.j2" + dest: "/etc/powerdns/recursor.d/override.conf" + mode: "0644" + owner: "root" + group: "root" + validate: "pdns_recursor --config=check" + +- name: nameserver | powerdns-recursor | disable unbound + service: + name: "unbound" + state: stopped + enabled: False + +- name: nameserver | powerdns-recursor | enable service + service: + name: "powerdns-recursor" + state: started + enabled: True \ No newline at end of file diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index be1afd6..e97a060 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -12,6 +12,12 @@ group: "root" validate: "unbound-checkconf %s" + name: nameserver | unbound | disable service pdns-resolver + service: + name: "powerdns-resolver" + state: stopped + enabled: False + - name: nameserver | unbound | enable service service: name: "unbound" diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index c8c86f2..a277684 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -6,21 +6,21 @@ - block: - include_tasks: install_unbound.yml - include_tasks: configure_unbound_snmpd.yml - when: unbound == true + when: unbound == true and powerdns_recursor != true - name: nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml - when: bind == true or unbound == true or powerdns == true + when: bind == true or unbound == true or powerdns_recursor == true - block: - include_tasks: install_bind.yml - include_tasks: configure_bind_snmpd.yml - when: bind == true + when: bind == true and powerdns_auth != true - block: - - include_tasks: install_powerdns.yml - - include_tasks: configure_powerdns_snmpd.yml - when: powerdns == true + - include_tasks: install_powerdns_recursor.yml + - include_tasks: configure_powerdns_recursor_snmpd.yml + when: powerdns_recursor == true and unbound != true rescue: - set_fact: task_failed=true \ No newline at end of file diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 new file mode 100644 index 0000000..70ad75c --- /dev/null +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -0,0 +1,4 @@ +allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8 +local-address += {{ ansible_default_ipv4.address }} {% if wg_local_ip is defined %}, {{ wg_local_ip | ipaddr('address') }} {% else %} +local-port = {{ pdns-recursor-lport | default("53") }} +query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }} {% else %} \ No newline at end of file diff --git a/roles/nameserver/vars/debian.yml b/roles/nameserver/vars/debian.yml index 1007f7b..55480eb 100644 --- a/roles/nameserver/vars/debian.yml +++ b/roles/nameserver/vars/debian.yml @@ -1,9 +1,9 @@ bind_package: bind9 unbound_package: unbound perl_readbackwards: libfile-readbackwards-perl -powerdns_server: pdns-server -powerdns_recursor: pdns-recursor -powerdns_tools: pdns-tools +powerdns_server_package: pdns-server +powerdns_recursor_package: pdns-recursor +powerdns_tools_package: pdns-tools powerdns_backends: - package: pdns-backend-bind From 1ff7c890b03c23ec09d5774bf91c337337490f84 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:06:26 +0200 Subject: [PATCH 06/82] unified syntax --- roles/base/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 39321a8..a926707 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -8,14 +8,14 @@ msg: Debug # basics - import_tasks: system_setup/hostname.yml - - include_tasks: system_setup/hosts.yml + - import_tasks: system_setup/hosts.yml - import_tasks: system_setup/clock.yml - import_tasks: system_setup/locale.yml - - include_tasks: system_setup/wireguard.yml + - import_tasks: system_setup/wireguard.yml when: - wireguard is defined - wireguard == true - - ansible_default_ipv4.address | ipaddr('public') + - ansible_default_ipv4.address | ansible.utils.ipaddr('public') ignore_errors: True - import_tasks: system_setup/git.yml # install software From 14e7b08efe60edc8bd8b456b20b2530f23aba5e3 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:06:47 +0200 Subject: [PATCH 07/82] added definition for wireguard package --- roles/base/vars/debian.yml | 3 ++- roles/base/vars/ubuntu.yml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/base/vars/debian.yml b/roles/base/vars/debian.yml index 4abd322..d44c5cf 100644 --- a/roles/base/vars/debian.yml +++ b/roles/base/vars/debian.yml @@ -19,4 +19,5 @@ rename_package: rename ruby_rake_package: rake sftp_path: /usr/lib/openssh/sftp-server sudo_group: sudo -vim_package: vim \ No newline at end of file +vim_package: vim +wireguard_package: wireguard diff --git a/roles/base/vars/ubuntu.yml b/roles/base/vars/ubuntu.yml index 5f751f2..57251a2 100644 --- a/roles/base/vars/ubuntu.yml +++ b/roles/base/vars/ubuntu.yml @@ -18,3 +18,4 @@ ruby_rake_package: rake sftp_path: /usr/lib/openssh/sftp-server sudo_group: sudo vim_package: vim +wireguard_package: wireguard From 82e1ce04da07317ad0ece075f5f2706152800054 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:10:21 +0200 Subject: [PATCH 08/82] new syntax --- roles/server/tasks/utilities/snmpd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 2a816f5..951b98f 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -53,7 +53,7 @@ path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" state: present - line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]" + line: "agentaddress 127.0.0.1,{{ wg_local_ip | ansible.utils.ipaddr('address') }},[::1]" when: wg_local_ip is defined - name: server | snmpd | set sysLocation From 54e77e73cf667239a42ee4fb08cc6dfb4e681c6f Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:17:21 +0200 Subject: [PATCH 09/82] new syntax --- roles/nameserver/templates/powerdns-recursor-custom-config.j2 | 2 +- roles/nameserver/templates/unbound_network.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 index 70ad75c..07d326a 100644 --- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -1,4 +1,4 @@ allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8 -local-address += {{ ansible_default_ipv4.address }} {% if wg_local_ip is defined %}, {{ wg_local_ip | ipaddr('address') }} {% else %} +local-address += {{ ansible_default_ipv4.address }} {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }} {% else %} local-port = {{ pdns-recursor-lport | default("53") }} query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }} {% else %} \ No newline at end of file diff --git a/roles/nameserver/templates/unbound_network.conf.j2 b/roles/nameserver/templates/unbound_network.conf.j2 index 0f349bf..58de5f1 100644 --- a/roles/nameserver/templates/unbound_network.conf.j2 +++ b/roles/nameserver/templates/unbound_network.conf.j2 @@ -1,7 +1,7 @@ server: ip-freebind: yes {% if wg_local_ip is defined %} - interface: {{ wg_local_ip | ipaddr('address') }} + interface: {{ wg_local_ip | ansible.utils.ipaddr('address') }} {% else %} interface: {{ ansible_default_ipv4.address }} {% endif %} From da62be0187d47d07778a419630eee1825ecd7993 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:24:13 +0200 Subject: [PATCH 10/82] changed vars --- host_vars/mewimeet.de.yml | 57 +++++++++++++++++----------------- host_vars/mewitoot.de.yml | 64 +++++++++++++++++++-------------------- 2 files changed, 61 insertions(+), 60 deletions(-) diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index 87f1e4c..3fe2574 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -1,29 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -30643432616463333266316532363536633931383635313035333535313466656335643666613566 -3464343062303663313631653663633639373266316235360a633132383463643537663231356464 -38373266653063303761386237323064386135646539666263363762656265663938356263613039 -3835613138346339660a666630313439333536303233633433373831313566663866346261363030 -62633438333465343039323139316535356435393839613630363366386565396464353538393839 -38633939313334383865326533353137616430323533623564363131656334306530393434336563 -32303166303862643630643561666638306363303133333562656630666463323265336235383161 -36333138326237623761353065336631663938333138626164623734663435636337646435653361 -64303663613634313464666261626565323265363932333465623066336634323731666539636331 -31326633383438626263643932363564353533346437363464303265623038366134313164666161 -61363334626337633036623737653830666233646337356236623133393233333061623735663565 -63353061323734613263376665613239623662313331306630313563616137363832653137356234 -38333633333861353131393766656433353833303332383966386465393465333935333237653832 -33613935386134373364306362643933663535313661333661353466393737306235313030656162 -37343330376463323035353331623766636233306232323461383337336437623735383265376139 -36383139396230323833663766643936633863383664623565373434393235626137363663326630 -30303266356234646362643732323032393432653034353364376566383234633363393736306331 -66316139343337316133366330633439356434326335393138666436626631363635306363633739 -61663038383932316163313365666634323865623232643733373838353732353662333965353437 -61613463613330326265353834656666303436616434633138623438646335613963663139346630 -62396465393132633330353230666236356663363438336431353633626464636536363261316164 -63356439393333616564643531643739373161393030386564376530363631636537653866383734 -32343833643133356562333431656338313463376365333839626339643631616336663564616339 -31353635653232303631376439323836613232643332363032646666646334363262396466393638 -35353761653865373734653033313032393765363139623733323533626433393661386231326265 -64343238663434356338346136616464323037623138313032343662316334323233363662393464 -63353239633437633038313566303631366238366665623838666136383464363531623634643531 -61316537343439383364 +63623537366134333235623561343838656262313362323334383262376434393961376537366663 +3635393262303661323865343339356336386561656663310a396266363937626639616435313330 +33303739666631653531373839656432313237646464353132623830623334323633616335383338 +3765313065396464330a343031613638633333363762623234643738343866643438336563343636 +37653039663461373062326662623532313330323233666531613865656537373235303965333763 +62353032356466336634313438326432303762383362303061666561363130646335323138393334 +61623230323030656437663732353739313566363135306436653961373733333262356435666236 +32353334663439386434613661373965356338376536326265323235616537306536613737613163 +33336462353539636563306564323865386639326231303035323533366336383239326538643030 +63363930336635653463663938343737646335353732323135313962623730613737663136636530 +65653033666637343138356463393566373733363933376430656532383861663862356663326364 +63306235636361323731323434383230303664383636383937666136326666356238323264643264 +31373364393430616666326365646461323233653032303662323266333463333535386634643039 +36643932623335366663646664383739323861666632376564383238336335663931313937663036 +30643435383263333131373861343538313166626338346236636265396163353537376334386662 +64343161336561383638323963393839303432316666363364353062623463623331383130343463 +61333935636438633864396261666238393864366137393638643237323966616634303334613837 +39303464323234313261373462343932313038353132653933393135393365656465316236336164 +33633033653465346335366161316566396634386261626165303437656536326533396539373134 +33366233313532613338336130616339323866646639313964636534313330373762336262333736 +35663463353864326362383361623066333864333839363736383733643838623539383564653266 +32623637316134393834643866396162326535306333346632643833373364666263343332363631 +30303330383562313838386565313837396362646535353831356634633635336337643034623432 +38653639613433663361373233363164656239653237323362303962613231623132333432353335 +66373466316664383937383139613462333064356337303064363965633261303661333534306232 +38356633313564393962646262336238623864636161346363326535353664386335336334383134 +65386165316539616230626161393864623832346438616539353365316633393734616566386634 +38353636346536653733623464613534303036343838643536633262306162313161356364356361 +35626136633762303139326334663730396138383938363832653261333930386662 diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml index ad0c2f1..ebbacf2 100644 --- a/host_vars/mewitoot.de.yml +++ b/host_vars/mewitoot.de.yml @@ -1,33 +1,33 @@ $ANSIBLE_VAULT;1.1;AES256 -66656162396233636265336433633133656161653133313661623434613831383136376662333430 -6233613039373666323039326165336262383630306131340a656566306434623461303733386135 -63613530316237623933633563386537326531303764313032353132323135383138326461346565 -6666616461373663620a623863373062366534323232346462323064346639626362656566393631 -32656634623238386331646235316532393537616364653366303366666262383863326534386631 -62643435353365313738333738336465346132323937666635646236646432336665396335346531 -38386230383530633434383533356137393134303566363564376163653065396633393761386437 -35323964363039383637313436353563376163356166346233633139316634323635393261633431 -37656266393064306666383861326630313764306265623738313938613936313563633866303063 -61643462383234663538336431386434306130366561613539613166353762663938346665653062 -39366435356466653939383965326535373430303837386136623331393934373633343937623264 -39316138326231356538613830396239656539636439663731383466343464386561613336353234 -65393636373366383764353037623930616430623237303661383532663333386335376562653538 -33376131343138653234636362376539613133383936383336376237383664643262353138366139 -31636631343561336137653337383664633839633335643838356530336633666234393037376133 -35343563376234363866333335383865346263396361343565306466393231343535393138303231 -36336639643931333966323135313837343062373639613232383061363764356462376434346564 -31336433303033333661613130663864653930643865663835663039313666346139613335626562 -35316238303630316431633933646533363761343963333938386131323564646234333263313661 -32323536653736656432643562393965633565343534653763633561376432316535393732353933 -65323631373631326130646363333137383732343037383931386564333636656136623635323866 -62303730653164353938346637653762333762366535373234323762366438386332343232366334 -64643265333064346466663564666438623466663439396231663265306462303837623666373761 -30613234393766346331613737333366386136356630613638396530656238663130333862383265 -61663030363633316564386338316237336231366335363565633037373266353339333362653834 -64383961636637383965656662316135373134656533313433366265373864656562663035656234 -35613637383363653132303664343739656366633731636431393931623635643762373139383463 -30313932643530653963623130323734663335333365353136316335636438333738386437643163 -66613466306137373161333336643533336633313164306365353364643038336665613264613862 -61303063306538643564333033613935346136396262663238343235323930353163363836333362 -61643034396230366336643230616236383736373165623033613332313565373337373031623863 -38346462386131346364 +64326663633364613135393135646335643134386436356266643861356266366465623832373036 +6236333866343239343438666634343661303835613333350a346233636630333862393564313034 +39386538663066626334346239313563633161386565306630343530663238633563313234376535 +3063623233346663370a393139383635643939313834353562663130613537653233383930336537 +38653861386564376664346332653961633331376431376436663734616335666131393961663833 +34373936366166643734393638313163323261383638306531663766626139383837333466383463 +34313334333636336333623337303438316239653666633664366533313961663061343863376139 +38366233386164373366656234613339326664366462633930316264613732363962306634323162 +66663730303635336564646531356233363135353762666136646564386230613466613539396163 +38363464346266633738666461353161336366323265633964396331656630373536626334346130 +63333661306237666230363138646332346137396334643430663864316334633564633161353161 +66396531306562383363383861613532306264363266356431613631323836306232383962316161 +61353632396364396230346136616135626330303961363765333633663038356631396463663230 +38363739663066366535313230653930393863303634656637373531663436376630626633373961 +37323533613632383162386666343735646237396265613638316637336664373730396661363564 +35323837323862663435643536303332313734666235646532643962366163663839666431643036 +34643535343666636532313730656330623266633531633231323466383233613466306566393365 +39636231336437303638613538636334356535333662346664636234376463633065333439393661 +31653330633665373366316338353733323862623735396336396334316435616233613363363139 +33313462623564313734633233396132646635386663646631346663373435363836656434653133 +32643530363761346561616631653334653665386361353965386363383238666232613766323463 +33663666633736623831643632386132626661326434633435633735383035663232363931313563 +66353030653833376437313437386432393664326338316332623662613739386161323837636331 +34306338396261623332663432303330396639366634326130323234323537633662343237333930 +64393165643365336263373061396538643037636662653338383832656234653535386566633132 +31633266613631613162306663613130313536346537663061346266326266353738353933356137 +63643864336461383132636434646330616164373165343665363738653966363563323435666466 +61363736663733313531333364313331393437363265323466633635336238646436363730623861 +39653766646136323464653666643831623066346366356130666333643032333762363130376261 +31386232386333346439613130363138343965643435366363636636346364623235393861643865 +64313263303735353431616534303463616634323737633566323637656166653461393938356166 +34373639383231343032 From 4cfcc906d6d3d1ee34b2781141f0b1fae8ae15b8 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:41:56 +0200 Subject: [PATCH 11/82] move wireguard installation to base role --- roles/base/templates/client_VPN.conf.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 roles/base/templates/client_VPN.conf.j2 diff --git a/roles/base/templates/client_VPN.conf.j2 b/roles/base/templates/client_VPN.conf.j2 new file mode 100644 index 0000000..866df15 --- /dev/null +++ b/roles/base/templates/client_VPN.conf.j2 @@ -0,0 +1,10 @@ +[Interface] +Address = {{ wg_local_ip }} +ListenPort = 41475 +PostUp = wg set %i private-key /etc/wireguard/privatekey + +[Peer] +PublicKey = {{ wg_server_pubkey }} +Endpoint = {{ wg_endpoint }} +AllowedIPs = 192.168.3.0/24, 192.168.1.0/24 +PersistentKeepalive = 25 \ No newline at end of file From 4ca9881b947928c604c6e1553603ec2faddee818 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:44:26 +0200 Subject: [PATCH 12/82] move wireguard installation to base role --- roles/server/templates/client_VPN.conf.j2 | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 roles/server/templates/client_VPN.conf.j2 diff --git a/roles/server/templates/client_VPN.conf.j2 b/roles/server/templates/client_VPN.conf.j2 deleted file mode 100644 index 866df15..0000000 --- a/roles/server/templates/client_VPN.conf.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[Interface] -Address = {{ wg_local_ip }} -ListenPort = 41475 -PostUp = wg set %i private-key /etc/wireguard/privatekey - -[Peer] -PublicKey = {{ wg_server_pubkey }} -Endpoint = {{ wg_endpoint }} -AllowedIPs = 192.168.3.0/24, 192.168.1.0/24 -PersistentKeepalive = 25 \ No newline at end of file From 7bcc2f2ff656f0fc2142f9a54db9f41c6a48a809 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:44:37 +0200 Subject: [PATCH 13/82] added package --- roles/base/vars/ubuntu.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/vars/ubuntu.yml b/roles/base/vars/ubuntu.yml index 57251a2..ce1210f 100644 --- a/roles/base/vars/ubuntu.yml +++ b/roles/base/vars/ubuntu.yml @@ -13,6 +13,7 @@ python_pip_package: python3-pip python_psutil_package: python3-psutil python_pyflakes_package: python3-pyflakes python_virtualenv_package: python3-virtualenv +python_netaddr_package: python3-netaddr rename_package: rename ruby_rake_package: rake sftp_path: /usr/lib/openssh/sftp-server From bff17f9de40dff44f6146f7a788408667d5a2e9a Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:51:13 +0200 Subject: [PATCH 14/82] make sure variables are defined before parsing value --- roles/database/tasks/main.yml | 8 ++++++-- roles/nameserver/tasks/main.yml | 15 ++++++++++++--- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 0b6d41c..3b3dd04 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -12,6 +12,10 @@ - mysql is defined - mysql == true - import_tasks: install_postgres.yml - when: postgres == true + when: + - postgres is defined + - postgres == true - import_tasks: install_redis.yml - when: redis == true \ No newline at end of file + when: + - redis is defined + - redis == true \ No newline at end of file diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index a277684..09ec9eb 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -6,7 +6,10 @@ - block: - include_tasks: install_unbound.yml - include_tasks: configure_unbound_snmpd.yml - when: unbound == true and powerdns_recursor != true + when: + - unbound is defined + - unbound == true + - powerdns is not defined or powerdns_recursor != true - name: nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml @@ -15,12 +18,18 @@ - block: - include_tasks: install_bind.yml - include_tasks: configure_bind_snmpd.yml - when: bind == true and powerdns_auth != true + when: + - bind is defined + - bind == true + - powerdns_auth is not defined or powerdns_auth != true - block: - include_tasks: install_powerdns_recursor.yml - include_tasks: configure_powerdns_recursor_snmpd.yml - when: powerdns_recursor == true and unbound != true + when: + - powerdns_recursor is defined + - powerdns_recursor == true + - unbound is not defined or unbound != true rescue: - set_fact: task_failed=true \ No newline at end of file From 4cfaf05b966b5d67bdb1529a50a44ca2eff5f0ef Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 15:54:59 +0200 Subject: [PATCH 15/82] typo --- roles/nameserver/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 09ec9eb..fa1e170 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -9,7 +9,7 @@ when: - unbound is defined - unbound == true - - powerdns is not defined or powerdns_recursor != true + - powerdns_recursor is not defined or powerdns_recursor != true - name: nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml From 2ace5bb3f3630770eb90daee71207f75a824df35 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 16:04:07 +0200 Subject: [PATCH 16/82] moved and corrected some vars --- host_vars/mewimeet.com.yml | 50 ++++++++++++++++---------------- roles/base/vars/ubuntu.yml | 1 + roles/database/vars/main.yml | 2 ++ roles/nameserver/vars/ubuntu.yml | 2 +- roles/server/vars/main.yml | 4 +-- 5 files changed, 30 insertions(+), 29 deletions(-) create mode 100644 roles/database/vars/main.yml diff --git a/host_vars/mewimeet.com.yml b/host_vars/mewimeet.com.yml index a2b2604..acb0606 100644 --- a/host_vars/mewimeet.com.yml +++ b/host_vars/mewimeet.com.yml @@ -1,26 +1,26 @@ $ANSIBLE_VAULT;1.1;AES256 -38393561313433393733303164636531313537393539376662666138373938363338653161336164 -6366363537333431396636346563393437303766313031610a393864316134373963306134373035 -38376139366234366366616664343630323931656131336130383861633665656662663761646161 -6161333662386636340a393036656239396636353336626363356435333837383632333633363630 -30643662376530643534663537363135613238353333653263353966346135336137303364303463 -66346266356530363631363261323736663164393530356537326635616230323430623564303465 -32383936376461383634636235393661303164633334653434393031653661326261363562346136 -34383866346362623539376333626266396535366464336631343034386263643265366338633163 -33383231323765376636613033303335353466646639373031313565653337343836346632393732 -66376261366334303735666531646636613237613437623136643037346261323162643934386366 -66396635393064363933333035623431613065623534646233313834396265336335613134613431 -61366366656165383133633063326539373732373539656131313237653832653738323238326237 -31623634623236366161383731366630653636393831643538376361333264363938396431653065 -62623631343663646335666639396264353731333534373162393430643737306636336661353535 -32353237396130663434373666313038343237373339323435616131333631616532376165303461 -65353861653038373531613936363132353034306561383764303637323963616131646265643330 -33313061323631346561343030323062386566633361663965356431623535343861623938646232 -65656639613562663333393138653664383038336436326365656461613937343939396430383534 -63616239656132356138313065623864313166653864653364313631383138346333343864353132 -30653163386630366336323139396333623663376235653763653934643134313461306565373563 -64326136636364303664666233663765626361333534353762613036336339386638663063633062 -64393932363033353864636135393637316666333838643132633432396161393266656563313337 -37633939356263306335363764333365336139623738333862313264393634313633353535663638 -65323539343032333361633961363036326662396663663333363233663137326532643036316131 -6666 +61306233663762613238316535386561663239336432623063636665373333373834376462323062 +3262653861663137323539363633333263343132396564320a393939356234303136353832343266 +33336563613932646332356663386537633132323062643838363763616533396332666238323435 +6430633233333631300a313637636265303831613363333330336265336330636231643666643634 +31346662646634346138353231326534656438343033333363313132326165376536393264653335 +34363835303430353838366538626363636336323831306334373933303164633466613862333936 +30396238356438373235316137333439346238643939393330313236353666656635356632343561 +37316537663466653234363938313138353235356466386230323735646234653465393130636531 +38396631333365373632366563336538353163636235346638363439366338636266373836316236 +30373165643236306630323432643363613662376637353537633230356537343666656639616432 +30346539393034626538623362636665643630643666636135336463616130383530616135393366 +31356535313932313264386631313062353436653764653330353837326663353137386236386234 +63363331373736336538353331326531663262313330626636643061666561333566623635313836 +63306462363961396639326435666633633532326635356430386436336666343766626530333232 +36366466303666393262336334353935346433336633373035663433356561303766353930643736 +32633762393136393039653365626165636233323838303364666436393663656362343033363534 +38653832333063323765383036626563316637383636633339366235613439616138366633323636 +31356333363931613230393934356261633965393464336135333238616131333564343235633233 +34643863393962336461386439343333383763613730346661346430336133316262643939383065 +39633261313732653063336161383033323231626337663237323063656230366663366538306534 +36643665386234643138646636663537623262373839383731353866383562643363666561646630 +38313331653962613864323737613530353938663962636663396563356166643766626335396361 +66323230336333303730323730393532353562303636626330616336646635623662656462666430 +30613664346135653065623537646130323238333463393535343136373461653637613637663736 +3837 diff --git a/roles/base/vars/ubuntu.yml b/roles/base/vars/ubuntu.yml index ce1210f..12c8fdb 100644 --- a/roles/base/vars/ubuntu.yml +++ b/roles/base/vars/ubuntu.yml @@ -14,6 +14,7 @@ python_psutil_package: python3-psutil python_pyflakes_package: python3-pyflakes python_virtualenv_package: python3-virtualenv python_netaddr_package: python3-netaddr +vim_python_jedi_package: vim-python-jedi rename_package: rename ruby_rake_package: rake sftp_path: /usr/lib/openssh/sftp-server diff --git a/roles/database/vars/main.yml b/roles/database/vars/main.yml new file mode 100644 index 0000000..f906d9a --- /dev/null +++ b/roles/database/vars/main.yml @@ -0,0 +1,2 @@ +wg_endpoint: tantooine.myfirewall.org:51820 +wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w= \ No newline at end of file diff --git a/roles/nameserver/vars/ubuntu.yml b/roles/nameserver/vars/ubuntu.yml index 1007f7b..912aef1 100644 --- a/roles/nameserver/vars/ubuntu.yml +++ b/roles/nameserver/vars/ubuntu.yml @@ -13,4 +13,4 @@ powerdns_backends: named_conf_zones: /etc/bind/named.conf.default-zones named_conf_options: /etc/bind/named.conf.options named_conf_local: /etc/bind/named.conf.local -named_checkconf: /usr/sbin/named-checkconf \ No newline at end of file +named_checkconf: /usr/bin/named-checkconf \ No newline at end of file diff --git a/roles/server/vars/main.yml b/roles/server/vars/main.yml index 87cf923..99d7b90 100644 --- a/roles/server/vars/main.yml +++ b/roles/server/vars/main.yml @@ -1,3 +1 @@ -swappiness_value: 5 -wg_endpoint: tantooine.myfirewall.org:51820 -wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w= \ No newline at end of file +swappiness_value: 5 \ No newline at end of file From 4a44e18c24e0c434eb5f7f21b112851385fde9c3 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 16:08:07 +0200 Subject: [PATCH 17/82] corrected vars --- host_vars/mewimeet.de.yml | 58 +++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index 3fe2574..a12a169 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -1,30 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -63623537366134333235623561343838656262313362323334383262376434393961376537366663 -3635393262303661323865343339356336386561656663310a396266363937626639616435313330 -33303739666631653531373839656432313237646464353132623830623334323633616335383338 -3765313065396464330a343031613638633333363762623234643738343866643438336563343636 -37653039663461373062326662623532313330323233666531613865656537373235303965333763 -62353032356466336634313438326432303762383362303061666561363130646335323138393334 -61623230323030656437663732353739313566363135306436653961373733333262356435666236 -32353334663439386434613661373965356338376536326265323235616537306536613737613163 -33336462353539636563306564323865386639326231303035323533366336383239326538643030 -63363930336635653463663938343737646335353732323135313962623730613737663136636530 -65653033666637343138356463393566373733363933376430656532383861663862356663326364 -63306235636361323731323434383230303664383636383937666136326666356238323264643264 -31373364393430616666326365646461323233653032303662323266333463333535386634643039 -36643932623335366663646664383739323861666632376564383238336335663931313937663036 -30643435383263333131373861343538313166626338346236636265396163353537376334386662 -64343161336561383638323963393839303432316666363364353062623463623331383130343463 -61333935636438633864396261666238393864366137393638643237323966616634303334613837 -39303464323234313261373462343932313038353132653933393135393365656465316236336164 -33633033653465346335366161316566396634386261626165303437656536326533396539373134 -33366233313532613338336130616339323866646639313964636534313330373762336262333736 -35663463353864326362383361623066333864333839363736383733643838623539383564653266 -32623637316134393834643866396162326535306333346632643833373364666263343332363631 -30303330383562313838386565313837396362646535353831356634633635336337643034623432 -38653639613433663361373233363164656239653237323362303962613231623132333432353335 -66373466316664383937383139613462333064356337303064363965633261303661333534306232 -38356633313564393962646262336238623864636161346363326535353664386335336334383134 -65386165316539616230626161393864623832346438616539353365316633393734616566386634 -38353636346536653733623464613534303036343838643536633262306162313161356364356361 -35626136633762303139326334663730396138383938363832653261333930386662 +38386333343337363162353431393031643736393538636335386534336331386364373566623031 +3239303137333833393232653639633033306533646536630a366166386339323333666536663035 +35383661393432666133326631306334353235393836326631383437663466356239383336363764 +3431666136613965320a656639376633666239316565343337633437383665366664663836666261 +33343431353861616563633566383338623334313936373534343963326130623865613539323934 +34323965653762623634393465376430343065643937626534373536626161333834363936363233 +61623334613732303164333432386638373031636235623063316635346465393863333830306666 +66663264623136653839613530636237646265383531316236636333323263623435623333633135 +39653763636563303130653265656239643732636633646237646435623232343534333833353032 +64313133396430653137373837313066346539306133313461653338393132656265343736333965 +63626663353035303762343161616161633439643739323033666134306366396137663336316665 +34383838306530326336666636353530613766633661393738313934373161386232613736666365 +30613033376538363261646435313539303433313737343763303136366237343665336335626436 +61626438366561303938613861343263646336313937373563323334333932616430666462663234 +35646263636631353334323962376634303863366236633234333439613838623537656564646362 +37623732653738353165396634356363343563303232636536656361653937333436643736366439 +64616464373932393937323031346166343835656435653938356262336230383962303962336331 +37363031633136363831656132623234376462643834343764636330366537373661663730376530 +31663332646362313034313036306465666334633231633738386337656230363934343565376337 +64343636393034383336393530633665383666333239383535386131616466646564336232306664 +65373834353736376136613433373566323231613236386138336232653063653932663237376539 +33373835363265333162306336386166613065656263383966623037373463623631383834316466 +37626665626361396263343162356538376634366439663064366239646239343638353632353432 +30366364396564383565613037326630636632613364303630313335636130306234653939656336 +65613966643334303466653066343338313733396537366236636138383239373461666636373530 +34346462633465383434663662326566336231663966306433616364353135353238653335636432 +39396663336364636333303365346631666232333433633861306134353361383934323338663538 +34643232313662383431373265376462656464663661613665373331353331396136633264623961 +31633761316165633332363165393261343838663534363537363933636337326230 From 995a13ae82cfd8f0aec6573ebf85a66b913e8911 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 16:10:40 +0200 Subject: [PATCH 18/82] moved and corrected some vars --- roles/base/vars/main.yml | 4 +++- roles/database/vars/main.yml | 2 -- 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 roles/database/vars/main.yml diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml index 7601689..7461fd2 100644 --- a/roles/base/vars/main.yml +++ b/roles/base/vars/main.yml @@ -1,2 +1,4 @@ root_home: "{{ lookup('env','HOME') }}" -wazuh_manager: "wazuh.universe.local" \ No newline at end of file +wazuh_manager: "wazuh.universe.local" +wg_endpoint: tantooine.myfirewall.org:51820 +wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w= \ No newline at end of file diff --git a/roles/database/vars/main.yml b/roles/database/vars/main.yml deleted file mode 100644 index f906d9a..0000000 --- a/roles/database/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -wg_endpoint: tantooine.myfirewall.org:51820 -wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w= \ No newline at end of file From 863b7ec9dc12b5137d4df922f58451ee78e8f595 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 16:24:10 +0200 Subject: [PATCH 19/82] corrected vars --- host_vars/mail.mewissen.site.yml | 42 ++++++------ host_vars/mewimeet.de.yml | 58 ++++++++--------- host_vars/mewitoot.de.yml | 64 +++++++++---------- .../nameserver/tasks/configure_bind_snmpd.yml | 2 +- .../tasks/install_powerdns_recursor.yml | 4 +- roles/nameserver/tasks/install_unbound.yml | 2 +- roles/nameserver/vars/ubuntu.yml | 6 +- 7 files changed, 89 insertions(+), 89 deletions(-) diff --git a/host_vars/mail.mewissen.site.yml b/host_vars/mail.mewissen.site.yml index f85a707..8697bb0 100644 --- a/host_vars/mail.mewissen.site.yml +++ b/host_vars/mail.mewissen.site.yml @@ -1,22 +1,22 @@ $ANSIBLE_VAULT;1.1;AES256 -66336161613662376338633932666436363931663965656365306530336262656432326232633431 -3336393334363166323539653565323035316430646534630a323664306431633966323636393532 -31313261653262363931336633613334373464653330393464376533343139393431396439656365 -3336326338393564360a393232313161396137636266633462633731386466383331353266666263 -61663961396666623130303530613437376264663161306165343634383938353663326130643338 -63653062633666356663656165373362323237346162643163656631376238656531303063363766 -36623939346439646363653832656532623633633039643462373339313563313537396534663234 -63646338333762326632306435343562653538633563333961303430303462636332353535616562 -65333232313939356333623065613238313033613433643665363932363637316466633566396562 -36373734643830343434386661636638366266336431336362626365313137303431663635383837 -30313361323638653239666261623434633165323266303334303039303864313834356531623633 -32313834306434366637613964656637623633343461623166323134393232373933353664326265 -64323036666163643139336166363333343336343632396563373161623532316337373933353564 -64323733356335383331643965316131303831623862633230316334356530623861366239643230 -36663465303965656330396330336636623466303033313733633965656266613366393439316263 -61326436343364623132613036366133613961343438336136393166366330306364343331326663 -33393834306663376164333163316261343863313037386532653066346662343837323564363032 -66343964656463333538626639656339363330376462393533653265303035623439373362343833 -65386235326465666136303136613536333435393038306332613534383036396533323934366632 -61313233393062326339646238313238383630346463343463613339396238346434656561616131 -3136 +30633034623438666463383865346539376431343335613165316666363764356132343830656462 +6665623239646539363535623031393266643263663530620a353835653339363661313461343834 +64633039323331326533623036363063363938346337373134333933666463313332386631643637 +3564633538643135610a386138613665653664613635393234326439376662353231333034383264 +34306135323730363861383962346239373561343234633438653036396336373239656264653262 +65313963653532356266643933613534373631326134663732373864303465383637633531363732 +32323464393139653138313530363633326335356336653664633039306433636238343762333361 +30663861373164303366623031613966376439373939623365363638653866306634623435386536 +62353533333762343939366339373962356162613333386131353465303632626131333437616635 +36303034636564313934313238623863616662613666633339336336656561363031313437626638 +33613537356331393134313464643533323038623038383364363536383438303236353736333662 +31336263336463633034613365613864383536326662353431393837633863333564376236396634 +65623536663733376535643832363938613762656265376136653135343832353565653261396633 +30373832663937656362643164376333653633383566386534613166393133376530333938323261 +32336533663663383366363433366131653838343261383133323136396666313164663236393632 +31393235313738373732343530376635633131333161346561666161646266353834636138616463 +32353130313164333662333766326531653262316235383837376232333738613764393232623661 +63363334363363396664666633316136643134326236363936643465386531653064333837633465 +64666231633363666261343834623766633164316334383864326535383932326164653761336262 +32323364623538333435393833363233333765343534306565303565326239386334626331393963 +6536 diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index a12a169..1548ae4 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -1,30 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -38386333343337363162353431393031643736393538636335386534336331386364373566623031 -3239303137333833393232653639633033306533646536630a366166386339323333666536663035 -35383661393432666133326631306334353235393836326631383437663466356239383336363764 -3431666136613965320a656639376633666239316565343337633437383665366664663836666261 -33343431353861616563633566383338623334313936373534343963326130623865613539323934 -34323965653762623634393465376430343065643937626534373536626161333834363936363233 -61623334613732303164333432386638373031636235623063316635346465393863333830306666 -66663264623136653839613530636237646265383531316236636333323263623435623333633135 -39653763636563303130653265656239643732636633646237646435623232343534333833353032 -64313133396430653137373837313066346539306133313461653338393132656265343736333965 -63626663353035303762343161616161633439643739323033666134306366396137663336316665 -34383838306530326336666636353530613766633661393738313934373161386232613736666365 -30613033376538363261646435313539303433313737343763303136366237343665336335626436 -61626438366561303938613861343263646336313937373563323334333932616430666462663234 -35646263636631353334323962376634303863366236633234333439613838623537656564646362 -37623732653738353165396634356363343563303232636536656361653937333436643736366439 -64616464373932393937323031346166343835656435653938356262336230383962303962336331 -37363031633136363831656132623234376462643834343764636330366537373661663730376530 -31663332646362313034313036306465666334633231633738386337656230363934343565376337 -64343636393034383336393530633665383666333239383535386131616466646564336232306664 -65373834353736376136613433373566323231613236386138336232653063653932663237376539 -33373835363265333162306336386166613065656263383966623037373463623631383834316466 -37626665626361396263343162356538376634366439663064366239646239343638353632353432 -30366364396564383565613037326630636632613364303630313335636130306234653939656336 -65613966643334303466653066343338313733396537366236636138383239373461666636373530 -34346462633465383434663662326566336231663966306433616364353135353238653335636432 -39396663336364636333303365346631666232333433633861306134353361383934323338663538 -34643232313662383431373265376462656464663661613665373331353331396136633264623961 -31633761316165633332363165393261343838663534363537363933636337326230 +37383534363833313365646162356162393162353533633465653562333966393639343563386263 +3237356238656534663930306564386261653834393066320a346332353634393530376465326633 +32343030636166616166346136613537656531363435393738663735393133653735383066656639 +3830393366306231640a343563633261666566303161393064373536353265626435303763653164 +65656436383361623132323963613235323761636263323361666664653037393935613037323666 +30633738363464373535313433376337633066383034653233393963393364343535303532386265 +37366431646266326238336133656332363961366436636462363031316361303831363739373435 +39396436323962373139613239316339633835373063626361396231386461643163656166313731 +64316434386332313639626431323835323231643135346465663839646666613536633335623532 +61356565343737396436326135663336613834386561343031623665666533303837643261323930 +61386563326139616165616263613537623635666633363563386633653737663966313732396263 +36653837316665623937323663396336303237323935383436353234666636666135383361663063 +62633964343264336236616130396164613731636135653833623536396164353439313934626439 +34633236356261336538653732643431346137333761303132353233386531613839393839633335 +33323230326133323766346366356266333834306366663434643339653033363036316665313261 +33646432373837656135343935383635363434306432643832373966393166303162656134346338 +35343430333439346462636634356132373262313535646164306133396662373262333732303965 +35363734616333333364636463323761353537643766366362653936653266343138663730373261 +31376561633830653239383064613062306430316331333763613762336664376436646232343134 +33353464613262356362346339393865383565626462623735393862663361656437316530363439 +39626438623732613265663639376366663635666436316237373330383264643538323563663334 +30333135326666376161383462333763326666646536386334303631623534653533383537666166 +35373538303038393932646261653762353465636235393065343636353439303566383735626131 +61316236313562326636343563333034643461373136363763316263346464396561626664363765 +37343036333062323735336136306230373030313762336231623863343830316365356135636438 +62333262616563383332646232356463343031383135356166383137373230336461613161313339 +65666538643632326239316532346563353137323564383834333730616335373166393138376432 +61316135313435323165653762653435616463643066353739323861666532626263353364306330 +66613934383138643230653736316166626463363963333933313731623063303939 diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml index ebbacf2..f0ccc1b 100644 --- a/host_vars/mewitoot.de.yml +++ b/host_vars/mewitoot.de.yml @@ -1,33 +1,33 @@ $ANSIBLE_VAULT;1.1;AES256 -64326663633364613135393135646335643134386436356266643861356266366465623832373036 -6236333866343239343438666634343661303835613333350a346233636630333862393564313034 -39386538663066626334346239313563633161386565306630343530663238633563313234376535 -3063623233346663370a393139383635643939313834353562663130613537653233383930336537 -38653861386564376664346332653961633331376431376436663734616335666131393961663833 -34373936366166643734393638313163323261383638306531663766626139383837333466383463 -34313334333636336333623337303438316239653666633664366533313961663061343863376139 -38366233386164373366656234613339326664366462633930316264613732363962306634323162 -66663730303635336564646531356233363135353762666136646564386230613466613539396163 -38363464346266633738666461353161336366323265633964396331656630373536626334346130 -63333661306237666230363138646332346137396334643430663864316334633564633161353161 -66396531306562383363383861613532306264363266356431613631323836306232383962316161 -61353632396364396230346136616135626330303961363765333633663038356631396463663230 -38363739663066366535313230653930393863303634656637373531663436376630626633373961 -37323533613632383162386666343735646237396265613638316637336664373730396661363564 -35323837323862663435643536303332313734666235646532643962366163663839666431643036 -34643535343666636532313730656330623266633531633231323466383233613466306566393365 -39636231336437303638613538636334356535333662346664636234376463633065333439393661 -31653330633665373366316338353733323862623735396336396334316435616233613363363139 -33313462623564313734633233396132646635386663646631346663373435363836656434653133 -32643530363761346561616631653334653665386361353965386363383238666232613766323463 -33663666633736623831643632386132626661326434633435633735383035663232363931313563 -66353030653833376437313437386432393664326338316332623662613739386161323837636331 -34306338396261623332663432303330396639366634326130323234323537633662343237333930 -64393165643365336263373061396538643037636662653338383832656234653535386566633132 -31633266613631613162306663613130313536346537663061346266326266353738353933356137 -63643864336461383132636434646330616164373165343665363738653966363563323435666466 -61363736663733313531333364313331393437363265323466633635336238646436363730623861 -39653766646136323464653666643831623066346366356130666333643032333762363130376261 -31386232386333346439613130363138343965643435366363636636346364623235393861643865 -64313263303735353431616534303463616634323737633566323637656166653461393938356166 -34373639383231343032 +62323839346437303139383462663139656364313338613538633437373435396236373136623263 +6437346531383362343935343961333363363535633036610a383637333263633664373362333761 +39316266633863613738623933383632333932393738326263363936303933333934626332633834 +6130636638356539620a393662353261633534333861336130383964643963383136653365346362 +66313565333636323833636666623135643935636161323561323561643233343735636236633038 +62393630303165636135626331656165633032613333373233343838363437373561353230333138 +37386664666638663361333931343366383536653631666332643237336139303037313139303832 +66343565363837306133373565623661636133323134316333346130666335313761363766356130 +39376664646438333466646437656466643836333032363535346133373330663437376465396130 +39316639316435613737393261353737663236333764353461636437396132643939313233363962 +35633763313838613364313464623130636465626263363437353635373664323131636138313538 +31616634383938623538393337306662663632663337613432333336313831666163623738663435 +62656334653563613534643161356662333963633235363033366233303766376535363038353132 +30646638643133343638326364663363633030633562363032646331323136633063643132386130 +61343661353065363362393530306365613462333439386639613031656266373436623261616362 +66306238316639363433366231313131633764633666626562646635356365386662623262343437 +66616163353133666234323435343938653632316530393064663864633064366232396666363036 +30373664313731626434663561353566626639646235333765383132626665663165386535646665 +38303138626630333132356339356630636665643461666565316635323639346632633564343639 +36316461396230323863323163366534666664306434306234663830626239333535386630643039 +64636130646666363934343933343364366332373438616261333934396637393865313238343064 +33376230353533633233613934323532356535373137626635303438336161346333386438383531 +34343265373830353664376435303634366535356638633633353865643965346438323735383039 +39396137616164626462376561393161346663303133343262323838663366343463323337373564 +34363232363830383464303661633232613664326634373665373234353637633166323430396366 +62633364623463623831336661383139373563363461343538363363383364376532323839323965 +66346230313234653638373237353065656236306131383638386463613032653631663232323237 +30306632633864336336613437636336313864643366653932306338653366333032623532376436 +66636431323563323830633130613834633231313161326630343232353734353766653638386466 +62363839616131306463346464393765633362613638616462323961613437333361376132396130 +32653235643066626137633061616463363066313763643137396433353230383666333037633464 +66363330366339323366 diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index 18c3e3d..8660312 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -32,7 +32,7 @@ state: present line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;' insertafter: "options {" - validate: "/usr/sbin/named-checkconf %s" + validate: "{{ named_checkconf }} %s" notify: restart_named - name: nameserver | snmpd | configure extend diff --git a/roles/nameserver/tasks/install_powerdns_recursor.yml b/roles/nameserver/tasks/install_powerdns_recursor.yml index 18d164d..1d3966f 100644 --- a/roles/nameserver/tasks/install_powerdns_recursor.yml +++ b/roles/nameserver/tasks/install_powerdns_recursor.yml @@ -1,11 +1,11 @@ - name: nameserver | powerdns-recursor | install packages package: - name: "{{ powerdns-recursor_package }}" + name: "{{ powerdns_recursor_package }}" state: present - name: nameserver | powerdns-recursor | copy config template: - src: "powerdns-recursor_network.conf.j2" + src: "powerdns-recursorcustom-config.j2" dest: "/etc/powerdns/recursor.d/override.conf" mode: "0644" owner: "root" diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index e97a060..0baedbe 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -12,7 +12,7 @@ group: "root" validate: "unbound-checkconf %s" - name: nameserver | unbound | disable service pdns-resolver +- name: nameserver | unbound | disable service pdns-resolver service: name: "powerdns-resolver" state: stopped diff --git a/roles/nameserver/vars/ubuntu.yml b/roles/nameserver/vars/ubuntu.yml index 912aef1..92b7d07 100644 --- a/roles/nameserver/vars/ubuntu.yml +++ b/roles/nameserver/vars/ubuntu.yml @@ -1,9 +1,9 @@ bind_package: bind9 unbound_package: unbound perl_readbackwards: libfile-readbackwards-perl -powerdns_server: pdns-server -powerdns_recursor: pdns-recursor -powerdns_tools: pdns-tools +powerdns_server_package: pdns-server +powerdns_recursor_package: pdns-recursor +powerdns_tools_package: pdns-tools powerdns_backends: - package: pdns-backend-bind From a8b67bf4ad85c19765c3ed110d1c00a5f8df7f0d Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 16:47:54 +0200 Subject: [PATCH 20/82] added names to blocks --- .../nameserver/tasks/configure_bind_snmpd.yml | 2 +- roles/nameserver/tasks/main.yml | 41 ++++++++++--------- 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index 8660312..ef715a8 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -41,4 +41,4 @@ state: present line: "extend bind /etc/snmp/bind" insertafter: "# SECTION: Extends" - notify: restart_snmpd \ No newline at end of file + notify: restart_snmpd diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index fa1e170..26574d5 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -4,32 +4,35 @@ - block: - block: - - include_tasks: install_unbound.yml - - include_tasks: configure_unbound_snmpd.yml - when: - - unbound is defined - - unbound == true - - powerdns_recursor is not defined or powerdns_recursor != true + - name: nameserver | unbound | install and configure + include_tasks: install_unbound.yml + include_tasks: configure_unbound_snmpd.yml + when: + - unbound is defined + - unbound == true + - powerdns_recursor is not defined or powerdns_recursor == false - name: nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml when: bind == true or unbound == true or powerdns_recursor == true - block: - - include_tasks: install_bind.yml - - include_tasks: configure_bind_snmpd.yml - when: - - bind is defined - - bind == true - - powerdns_auth is not defined or powerdns_auth != true + - name: nameserver | bind | install and configure + include_tasks: install_bind.yml + include_tasks: configure_bind_snmpd.yml + when: + - bind is defined + - bind == true + - powerdns_auth is not defined or powerdns_auth == false - block: - - include_tasks: install_powerdns_recursor.yml - - include_tasks: configure_powerdns_recursor_snmpd.yml - when: - - powerdns_recursor is defined - - powerdns_recursor == true - - unbound is not defined or unbound != true + - name: nameserver | powerdns-recursor | install and configure + include_tasks: install_powerdns_recursor.yml + include_tasks: configure_powerdns_recursor_snmpd.yml + when: + - powerdns_recursor is defined + - powerdns_recursor == true + - unbound is not defined or unbound == false rescue: - - set_fact: task_failed=true \ No newline at end of file + - set_fact: task_failed=true From eb64bb5296c2c8b1a99f103a04e402d29951feee Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 16:56:00 +0200 Subject: [PATCH 21/82] reordered block --- host_vars/mewimeet.de.yml | 58 +++++++++---------- .../tasks/install_powerdns_recursor.yml | 2 +- roles/nameserver/tasks/install_unbound.yml | 2 +- roles/nameserver/tasks/main.yml | 48 +++++++-------- 4 files changed, 55 insertions(+), 55 deletions(-) diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index 1548ae4..66813f4 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -1,30 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -37383534363833313365646162356162393162353533633465653562333966393639343563386263 -3237356238656534663930306564386261653834393066320a346332353634393530376465326633 -32343030636166616166346136613537656531363435393738663735393133653735383066656639 -3830393366306231640a343563633261666566303161393064373536353265626435303763653164 -65656436383361623132323963613235323761636263323361666664653037393935613037323666 -30633738363464373535313433376337633066383034653233393963393364343535303532386265 -37366431646266326238336133656332363961366436636462363031316361303831363739373435 -39396436323962373139613239316339633835373063626361396231386461643163656166313731 -64316434386332313639626431323835323231643135346465663839646666613536633335623532 -61356565343737396436326135663336613834386561343031623665666533303837643261323930 -61386563326139616165616263613537623635666633363563386633653737663966313732396263 -36653837316665623937323663396336303237323935383436353234666636666135383361663063 -62633964343264336236616130396164613731636135653833623536396164353439313934626439 -34633236356261336538653732643431346137333761303132353233386531613839393839633335 -33323230326133323766346366356266333834306366663434643339653033363036316665313261 -33646432373837656135343935383635363434306432643832373966393166303162656134346338 -35343430333439346462636634356132373262313535646164306133396662373262333732303965 -35363734616333333364636463323761353537643766366362653936653266343138663730373261 -31376561633830653239383064613062306430316331333763613762336664376436646232343134 -33353464613262356362346339393865383565626462623735393862663361656437316530363439 -39626438623732613265663639376366663635666436316237373330383264643538323563663334 -30333135326666376161383462333763326666646536386334303631623534653533383537666166 -35373538303038393932646261653762353465636235393065343636353439303566383735626131 -61316236313562326636343563333034643461373136363763316263346464396561626664363765 -37343036333062323735336136306230373030313762336231623863343830316365356135636438 -62333262616563383332646232356463343031383135356166383137373230336461613161313339 -65666538643632326239316532346563353137323564383834333730616335373166393138376432 -61316135313435323165653762653435616463643066353739323861666532626263353364306330 -66613934383138643230653736316166626463363963333933313731623063303939 +37623231323337643262313535353365666336346530326262633831333230303838343639623239 +6236376565363635633362626465383334323966303930340a363162386161653035363264313861 +31616565633638633531623932303264386638363161363366386265333661373965666564306461 +6565613533343734350a393330306162626633666531326334613764313162323833646235396361 +66386564373561366364663239613566303238333735633362663936636566643033656331646266 +35636462393831663933353535373732373862383739613930393665616138313263383766343738 +38383431636461636139363436663962656131363239303134396632323838653362353738653733 +30643435346565303463653035656637653030636564303736393962333230633935306237366231 +30653331346335373931666632346466643266633561663830643739353530633131393163656138 +31613061633633646130646339386561386539356533393966316433353030626463363532663764 +65363965303538303161306666373462356336643832343138636663616436356635653464333233 +38303938393665353562343436626338333934303162643063623862323534393262343432336634 +39353639626337373331616261303762333938386366633634393961626135613837303435313164 +37333230313466373831373738313131666631613234383165333931336565646635306136363238 +33386433323561353838353063653034613933636665333734343133623261626263313631336434 +35386262623733666364633366626630353835376131663535316666633363346565303433623061 +36663165633039326230356538336265666336346132383935663963633661336431313830316666 +32623430333433633266323437626630613461313764383230666230343963306266306138333436 +38656631336232356461343362663533386165633763366136376330316330303530336538643739 +65336333383363343839366536643835353235613665636530393565633234633930653030313830 +66656439636166656364356130333761333634386130353636646464346464373239616637623963 +32316330393330346133613763636237656463656363386439623964633564356564663132346233 +34373138663065303363666466333638376561613838646164373334383630323032386165613234 +62636530356665336333376263346130653637373665303136333437363062633831323433643432 +33643238383230373461333735623833336134383233663630363431613366306533393164626666 +37643334313965333461636433343331366639353838386630623533383864353663646433363430 +65393437353031393235613933393236356637646334656261616135323533313238306536366561 +35346531346431643038383431336463653165656230346265373463383462396437623563626438 +65653432336538346237383461386336636665303866613664653765393539656134 diff --git a/roles/nameserver/tasks/install_powerdns_recursor.yml b/roles/nameserver/tasks/install_powerdns_recursor.yml index 1d3966f..27a1e6e 100644 --- a/roles/nameserver/tasks/install_powerdns_recursor.yml +++ b/roles/nameserver/tasks/install_powerdns_recursor.yml @@ -22,4 +22,4 @@ service: name: "powerdns-recursor" state: started - enabled: True \ No newline at end of file + enabled: True diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index 0baedbe..3e3061c 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -22,4 +22,4 @@ service: name: "unbound" state: started - enabled: True \ No newline at end of file + enabled: True diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 26574d5..92c73ce 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -3,36 +3,36 @@ tags: always - block: - - block: - - name: nameserver | unbound | install and configure - include_tasks: install_unbound.yml - include_tasks: configure_unbound_snmpd.yml - when: - - unbound is defined - - unbound == true - - powerdns_recursor is not defined or powerdns_recursor == false + - name: nameserver | unbound | install and configure + block: + - include_tasks: install_unbound.yml + - include_tasks: configure_unbound_snmpd.yml + when: + - unbound is defined + - unbound == true + - powerdns_recursor is not defined or powerdns_recursor == false - name: nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml when: bind == true or unbound == true or powerdns_recursor == true - - block: - - name: nameserver | bind | install and configure - include_tasks: install_bind.yml - include_tasks: configure_bind_snmpd.yml - when: - - bind is defined - - bind == true - - powerdns_auth is not defined or powerdns_auth == false + - name: nameserver | bind | install and configure + block: + - include_tasks: install_bind.yml + - include_tasks: configure_bind_snmpd.yml + when: + - bind is defined + - bind == true + - powerdns_auth is not defined or powerdns_auth == false - - block: - - name: nameserver | powerdns-recursor | install and configure - include_tasks: install_powerdns_recursor.yml - include_tasks: configure_powerdns_recursor_snmpd.yml - when: - - powerdns_recursor is defined - - powerdns_recursor == true - - unbound is not defined or unbound == false + - name: nameserver | powerdns-recursor | install and configure + block: + - include_tasks: install_powerdns_recursor.yml + - include_tasks: configure_powerdns_recursor_snmpd.yml + when: + - powerdns_recursor is defined + - powerdns_recursor == true + - unbound is not defined or unbound == false rescue: - set_fact: task_failed=true From a681febfed8e8de3505434e4a6851790557ac0ad Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 17:04:21 +0200 Subject: [PATCH 22/82] gave each task a name --- roles/nameserver/tasks/main.yml | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 92c73ce..7d382ac 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -5,34 +5,40 @@ - block: - name: nameserver | unbound | install and configure block: - - include_tasks: install_unbound.yml - - include_tasks: configure_unbound_snmpd.yml + - name: nameserver | unbound | install + include_tasks: install_unbound.yml + - name: nameserver | unbound | configure + include_tasks: configure_unbound_snmpd.yml when: - unbound is defined - - unbound == true - - powerdns_recursor is not defined or powerdns_recursor == false + - unbound is true + - powerdns_recursor is not defined or powerdns_recursor is false - name: nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml - when: bind == true or unbound == true or powerdns_recursor == true + when: bind is true or unbound is true or powerdns_recursor is true - name: nameserver | bind | install and configure block: - - include_tasks: install_bind.yml - - include_tasks: configure_bind_snmpd.yml + - name: nameserver | bind | install + include_tasks: install_bind.yml + - name: nameserver | bind | configure + include_tasks: configure_bind_snmpd.yml when: - bind is defined - - bind == true - - powerdns_auth is not defined or powerdns_auth == false + - bind is true + - powerdns_auth is not defined or powerdns_auth is false - name: nameserver | powerdns-recursor | install and configure block: - - include_tasks: install_powerdns_recursor.yml - - include_tasks: configure_powerdns_recursor_snmpd.yml + - name: nameserver| powerdns-recursor | install + include_tasks: install_powerdns_recursor.yml + - name: nameserver | powerdns-recursor | configure + include_tasks: configure_powerdns_recursor_snmpd.yml when: - powerdns_recursor is defined - - powerdns_recursor == true - - unbound is not defined or unbound == false + - powerdns_recursor is true + - unbound is not defined or unbound is false rescue: - set_fact: task_failed=true From ffbaf250ee71f23e163ae90127acd6e7091906de Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 17:15:18 +0200 Subject: [PATCH 23/82] timeout for pause --- roles/base/tasks/system_setup/wireguard.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/system_setup/wireguard.yml b/roles/base/tasks/system_setup/wireguard.yml index c9e67a8..f5a094d 100644 --- a/roles/base/tasks/system_setup/wireguard.yml +++ b/roles/base/tasks/system_setup/wireguard.yml @@ -26,6 +26,7 @@ - name: base | system setup | wireguard pause pause: + seconds: 120 prompt: please copy pubkey to your wireguard server when: - wg_pubkey is not defined From e368d641977a6e2aa23c5830252feea3607c553e Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 17:15:37 +0200 Subject: [PATCH 24/82] use separated named config files --- roles/nameserver/tasks/configure_bind_snmpd.yml | 2 +- roles/nameserver/vars/ubuntu.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index ef715a8..a1dac1f 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -32,7 +32,7 @@ state: present line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;' insertafter: "options {" - validate: "{{ named_checkconf }} %s" + validate: "{{ named_checkconf }} {{ named_conf }}" notify: restart_named - name: nameserver | snmpd | configure extend diff --git a/roles/nameserver/vars/ubuntu.yml b/roles/nameserver/vars/ubuntu.yml index 92b7d07..af57f9a 100644 --- a/roles/nameserver/vars/ubuntu.yml +++ b/roles/nameserver/vars/ubuntu.yml @@ -10,6 +10,7 @@ powerdns_backends: - package: pdns-backend-mysql # named / bind specific +named_conf: /etc/bind/named.conf named_conf_zones: /etc/bind/named.conf.default-zones named_conf_options: /etc/bind/named.conf.options named_conf_local: /etc/bind/named.conf.local From cedbeaf5efbf73dd1356b080f0b3116f369c5238 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 17:16:52 +0200 Subject: [PATCH 25/82] reordered tasks --- roles/nameserver/tasks/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 7d382ac..3b42e7c 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -18,17 +18,6 @@ include_tasks: disable-systemd-resolved.yml when: bind is true or unbound is true or powerdns_recursor is true - - name: nameserver | bind | install and configure - block: - - name: nameserver | bind | install - include_tasks: install_bind.yml - - name: nameserver | bind | configure - include_tasks: configure_bind_snmpd.yml - when: - - bind is defined - - bind is true - - powerdns_auth is not defined or powerdns_auth is false - - name: nameserver | powerdns-recursor | install and configure block: - name: nameserver| powerdns-recursor | install @@ -40,5 +29,16 @@ - powerdns_recursor is true - unbound is not defined or unbound is false + - name: nameserver | bind | install and configure + block: + - name: nameserver | bind | install + include_tasks: install_bind.yml + - name: nameserver | bind | configure + include_tasks: configure_bind_snmpd.yml + when: + - bind is defined + - bind is true + - powerdns_auth is not defined or powerdns_auth is false + rescue: - set_fact: task_failed=true From 2b0c58291cbf433165915055eca753c37ed0a7f3 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 17:23:56 +0200 Subject: [PATCH 26/82] type and new destination --- roles/nameserver/tasks/install_powerdns_recursor.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_recursor.yml b/roles/nameserver/tasks/install_powerdns_recursor.yml index 27a1e6e..0564aa6 100644 --- a/roles/nameserver/tasks/install_powerdns_recursor.yml +++ b/roles/nameserver/tasks/install_powerdns_recursor.yml @@ -5,8 +5,8 @@ - name: nameserver | powerdns-recursor | copy config template: - src: "powerdns-recursorcustom-config.j2" - dest: "/etc/powerdns/recursor.d/override.conf" + src: "powerdns-recursor-custom-config.j2" + dest: "/etc/powerdns/recursor.d/010-custom.conf" mode: "0644" owner: "root" group: "root" From 99d3e1691002a69e2135aa9f233c01b1951c9eb9 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 17:32:21 +0200 Subject: [PATCH 27/82] syntax error --- roles/nameserver/templates/powerdns-recursor-custom-config.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 index 07d326a..3aa8b99 100644 --- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -1,4 +1,4 @@ allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8 -local-address += {{ ansible_default_ipv4.address }} {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }} {% else %} +local-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }} {% else %} {{ ansible_default_ipv4.address }} {% endif %} local-port = {{ pdns-recursor-lport | default("53") }} -query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }} {% else %} \ No newline at end of file +query-local-address = {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }} {% else %} {{ ansible_default_ipv4.address }} {% endif %} \ No newline at end of file From 766bfec3f6a961720a2eae296ae88c8368c2f896 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 17:52:48 +0200 Subject: [PATCH 28/82] validation not possible yet --- roles/nameserver/tasks/install_powerdns_recursor.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/nameserver/tasks/install_powerdns_recursor.yml b/roles/nameserver/tasks/install_powerdns_recursor.yml index 0564aa6..cc34643 100644 --- a/roles/nameserver/tasks/install_powerdns_recursor.yml +++ b/roles/nameserver/tasks/install_powerdns_recursor.yml @@ -10,7 +10,6 @@ mode: "0644" owner: "root" group: "root" - validate: "pdns_recursor --config=check" - name: nameserver | powerdns-recursor | disable unbound service: From e85a028927bcd05e3a7470e2679cb8de0b0f96c8 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 18:05:21 +0200 Subject: [PATCH 29/82] syntax --- roles/nameserver/templates/powerdns-recursor-custom-config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 index 3aa8b99..248b8ad 100644 --- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -1,4 +1,4 @@ allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8 local-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }} {% else %} {{ ansible_default_ipv4.address }} {% endif %} -local-port = {{ pdns-recursor-lport | default("53") }} +local-port = {% if pdns_recursor_lport is defined %} {{ pdns_recursor_lport }} {% else %} 53 {% endif %} query-local-address = {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }} {% else %} {{ ansible_default_ipv4.address }} {% endif %} \ No newline at end of file From 8be0840799ac928acf73e1bc25cbddda8cab4edd Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 18:15:31 +0200 Subject: [PATCH 30/82] used correct service name --- roles/nameserver/tasks/install_powerdns_recursor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_powerdns_recursor.yml b/roles/nameserver/tasks/install_powerdns_recursor.yml index cc34643..4a414bc 100644 --- a/roles/nameserver/tasks/install_powerdns_recursor.yml +++ b/roles/nameserver/tasks/install_powerdns_recursor.yml @@ -19,6 +19,6 @@ - name: nameserver | powerdns-recursor | enable service service: - name: "powerdns-recursor" + name: "pdns-recursor" state: started enabled: True From 0d480308d8237635fe16681f5309cb9be158592a Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 18:15:43 +0200 Subject: [PATCH 31/82] syntax --- .../templates/powerdns-recursor-custom-config.j2 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 index 248b8ad..b4a0b42 100644 --- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -1,4 +1,6 @@ allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8 -local-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }} {% else %} {{ ansible_default_ipv4.address }} {% endif %} -local-port = {% if pdns_recursor_lport is defined %} {{ pdns_recursor_lport }} {% else %} 53 {% endif %} -query-local-address = {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }} {% else %} {{ ansible_default_ipv4.address }} {% endif %} \ No newline at end of file +local-address = {% if wg_local_ip is defined %}{{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} + +local-port = {% if pdns_recursor_lport is defined %}{{ pdns_recursor_lport }}{% else %}53{% endif %} + +query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }}{% endif %} \ No newline at end of file From 99e9e9cf2ea48351fd3ec0b09b5b09ede9b6958e Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 18:22:59 +0200 Subject: [PATCH 32/82] of course recursor needs to listen on localhost --- roles/nameserver/templates/powerdns-recursor-custom-config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 index b4a0b42..0bc5fc6 100644 --- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -1,5 +1,5 @@ allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8 -local-address = {% if wg_local_ip is defined %}{{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} +local-address = 127.0.0.1 {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} local-port = {% if pdns_recursor_lport is defined %}{{ pdns_recursor_lport }}{% else %}53{% endif %} From 7af871d7c70dac6d4f9a61f95685a928510abd24 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 18:33:10 +0200 Subject: [PATCH 33/82] syntax --- roles/nameserver/tasks/configure_bind_snmpd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index a1dac1f..ef715a8 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -32,7 +32,7 @@ state: present line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;' insertafter: "options {" - validate: "{{ named_checkconf }} {{ named_conf }}" + validate: "{{ named_checkconf }} %s" notify: restart_named - name: nameserver | snmpd | configure extend From 739bd1460db8814d6b47194449de7a2647dd69ee Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 18:59:15 +0200 Subject: [PATCH 34/82] added additional options --- roles/nameserver/templates/powerdns-recursor-custom-config.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 index 0bc5fc6..b19a6ce 100644 --- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -1,6 +1,8 @@ allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8 +dont-query = +forward-zones-recurse = universe.local=192.168.1.3 local-address = 127.0.0.1 {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} local-port = {% if pdns_recursor_lport is defined %}{{ pdns_recursor_lport }}{% else %}53{% endif %} -query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }}{% endif %} \ No newline at end of file +query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }}{% endif %} {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% endif %} \ No newline at end of file From 048f2eac8f38623e873016ca127adfe8790b09dc Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 22 Jul 2024 19:20:18 +0200 Subject: [PATCH 35/82] added powerdns-recursor snmp script to sudoers --- host_vars/mail.mewissen.site.yml | 42 ++++++++++----------- host_vars/mewitoot.de.yml | 64 ++++++++++++++++---------------- roles/server/files/sudoers | 2 +- 3 files changed, 54 insertions(+), 54 deletions(-) diff --git a/host_vars/mail.mewissen.site.yml b/host_vars/mail.mewissen.site.yml index 8697bb0..a63556e 100644 --- a/host_vars/mail.mewissen.site.yml +++ b/host_vars/mail.mewissen.site.yml @@ -1,22 +1,22 @@ $ANSIBLE_VAULT;1.1;AES256 -30633034623438666463383865346539376431343335613165316666363764356132343830656462 -6665623239646539363535623031393266643263663530620a353835653339363661313461343834 -64633039323331326533623036363063363938346337373134333933666463313332386631643637 -3564633538643135610a386138613665653664613635393234326439376662353231333034383264 -34306135323730363861383962346239373561343234633438653036396336373239656264653262 -65313963653532356266643933613534373631326134663732373864303465383637633531363732 -32323464393139653138313530363633326335356336653664633039306433636238343762333361 -30663861373164303366623031613966376439373939623365363638653866306634623435386536 -62353533333762343939366339373962356162613333386131353465303632626131333437616635 -36303034636564313934313238623863616662613666633339336336656561363031313437626638 -33613537356331393134313464643533323038623038383364363536383438303236353736333662 -31336263336463633034613365613864383536326662353431393837633863333564376236396634 -65623536663733376535643832363938613762656265376136653135343832353565653261396633 -30373832663937656362643164376333653633383566386534613166393133376530333938323261 -32336533663663383366363433366131653838343261383133323136396666313164663236393632 -31393235313738373732343530376635633131333161346561666161646266353834636138616463 -32353130313164333662333766326531653262316235383837376232333738613764393232623661 -63363334363363396664666633316136643134326236363936643465386531653064333837633465 -64666231633363666261343834623766633164316334383864326535383932326164653761336262 -32323364623538333435393833363233333765343534306565303565326239386334626331393963 -6536 +36303665633161336631373965373436653433326630666234393137316361616636396238303139 +3731666534646135346536663965306164383361333566350a666337353564643066646366643961 +32353636396134396531333939363338393331353735663363653636383333336333666361623330 +6662663864633664390a383033343563623732333064376331303536666633306139623865353539 +33613262316161653364326433303263616665316261323965336263313064656433383331653432 +36666461306437316137633261663062633734353130386432623463613366326363383431343433 +38633564646635666162353736643966656537313531336365303762663562623064316333303131 +61643439323238373837633566636563646537343533613262383832353338643934333939383464 +65303636613638643065303337316662373538653230363764633534656365356563393462333964 +39336464666337653263353434663039326663353638313161396439303733383265653961666361 +62366333373237643732303533326166353534303066303664613532666331646665643763323966 +38623730326630306536343530653234663864386662653130353334343363323232323966393363 +38353465643434613837653939376665303933376437346161656231313832643264653830663535 +63333165623036653566616266373162303035366632316135626131376162636637643334356131 +36636166366234343966343231366361383162633236626665653365393661346235626161333861 +32316465663465653933356561616366373735636664373962323939653234393661663834613136 +66383463626632333432343164333963373065373831656438616133326436646437326565356334 +32663262376163623530653363666331333838643764383661313935643935386463393037633439 +39613635623866396439613137376262393433306565336432343933306437346561653434313336 +30306262653833623739626534646162643537343666343735336138613661623461326664363561 +38636566613363303631643637613535316366636137376364613562646236333838 diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml index f0ccc1b..dbcfde9 100644 --- a/host_vars/mewitoot.de.yml +++ b/host_vars/mewitoot.de.yml @@ -1,33 +1,33 @@ $ANSIBLE_VAULT;1.1;AES256 -62323839346437303139383462663139656364313338613538633437373435396236373136623263 -6437346531383362343935343961333363363535633036610a383637333263633664373362333761 -39316266633863613738623933383632333932393738326263363936303933333934626332633834 -6130636638356539620a393662353261633534333861336130383964643963383136653365346362 -66313565333636323833636666623135643935636161323561323561643233343735636236633038 -62393630303165636135626331656165633032613333373233343838363437373561353230333138 -37386664666638663361333931343366383536653631666332643237336139303037313139303832 -66343565363837306133373565623661636133323134316333346130666335313761363766356130 -39376664646438333466646437656466643836333032363535346133373330663437376465396130 -39316639316435613737393261353737663236333764353461636437396132643939313233363962 -35633763313838613364313464623130636465626263363437353635373664323131636138313538 -31616634383938623538393337306662663632663337613432333336313831666163623738663435 -62656334653563613534643161356662333963633235363033366233303766376535363038353132 -30646638643133343638326364663363633030633562363032646331323136633063643132386130 -61343661353065363362393530306365613462333439386639613031656266373436623261616362 -66306238316639363433366231313131633764633666626562646635356365386662623262343437 -66616163353133666234323435343938653632316530393064663864633064366232396666363036 -30373664313731626434663561353566626639646235333765383132626665663165386535646665 -38303138626630333132356339356630636665643461666565316635323639346632633564343639 -36316461396230323863323163366534666664306434306234663830626239333535386630643039 -64636130646666363934343933343364366332373438616261333934396637393865313238343064 -33376230353533633233613934323532356535373137626635303438336161346333386438383531 -34343265373830353664376435303634366535356638633633353865643965346438323735383039 -39396137616164626462376561393161346663303133343262323838663366343463323337373564 -34363232363830383464303661633232613664326634373665373234353637633166323430396366 -62633364623463623831336661383139373563363461343538363363383364376532323839323965 -66346230313234653638373237353065656236306131383638386463613032653631663232323237 -30306632633864336336613437636336313864643366653932306338653366333032623532376436 -66636431323563323830633130613834633231313161326630343232353734353766653638386466 -62363839616131306463346464393765633362613638616462323961613437333361376132396130 -32653235643066626137633061616463363066313763643137396433353230383666333037633464 -66363330366339323366 +39616635346238323063313534646239616663633962363764646466383336316132623463343130 +3261353336636334373761626263646631383166353734610a393834653066646164646434316337 +66376666356631363135363764623738313064643734336432393733653134633366656635383738 +6364646534303866610a326366383033336666353739346330623636633635616331353734633533 +63396131623861333765396532656365303738393731323635306631653835326235356539383165 +61643538633538613861386230623936336462613864313533386638646332353461366236383034 +34666261636261653261376465313138343939643265626464643237636136316363366634373931 +39633961636365633735623534313034363563346533396139666638666264393966656264336162 +38336464666232656637313135613266353135393138306132363966343532333739313435343362 +66306465623135623564323135333266373261313466353330646433313262633431313839353861 +38393238363764636536343437623066303834373966643937313636353938646366316532316463 +35633538373233356136373831303733343430353033376565353736343962356463616636366234 +32646635613463666335346131373530613236366333646163373630623539656363366465396438 +30663665363866376461343536353163616236303237373139346562393433326365343439313632 +63373136323638633561326236653639323464646264346566636363653161366464346633346361 +35326339393031666632613031656563376433333265393930366430363631363531363963363162 +61646338663839643539613933373038383032373738663237303138383563313236366163663561 +64396163623264656337636130356638323734306433643134626266373334646538373939623139 +30653334363634303436663534333263616533386565626133323034663735653336356333376265 +65623864393664616531616636346632663161386137343735353261333035376235363039396633 +63323437653361306164663536376266656263646637626139653135373632363939373533633135 +31316538376339333132386136336634646135646531653938396562653633376166356261346563 +64356665346239383661346139626636303632633465643333316565356333643965653664623532 +39636638393037653538353634373437383832303833346563646561666436323763373932326231 +39303330646563613266306130653330656236336166363434346234646666613765386162346131 +66663264333330313263366236373431353237396535353036306635666662323130663765653538 +65316636353762626130373836613336663332633763616138623363646664323931363063363132 +62323861636239393661323736626135626261663233663534653363636463363637373136356131 +33653666393063303438623732653032383332653237653263643834383565656261393238306331 +63313831653464393334373434316364613363646339376136653232306163353135353839353736 +63343134356630646132393736663363636131616462343361346663633939336364393062393138 +66326532306434306433 diff --git a/roles/server/files/sudoers b/roles/server/files/sudoers index b117044..6209602 100644 --- a/roles/server/files/sudoers +++ b/roles/server/files/sudoers @@ -1,2 +1,2 @@ -Debian-snmp ALL = NOPASSWD: /etc/snmp/bind, /etc/snmp/fail2ban, /etc/snmp/docker-stats.sh, /etc/snmp/mailcow-dockerized-postfix, /etc/snmp/unbound, /etc/snmp/osupdate, /etc/snmp/distro +Debian-snmp ALL = NOPASSWD: /etc/snmp/bind, /etc/snmp/fail2ban, /etc/snmp/docker-stats.sh, /etc/snmp/mailcow-dockerized-postfix, /etc/snmp/unbound, /etc/snmp/osupdate, /etc/snmp/distro, /etc/snmp/powerdns-recursor Debian-snmp ALL = (postgres) NOPASSWD: /etc/snmp/postgres From ad4f47d925549000ea78e4f7d60c2350b0009eef Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 23 Jul 2024 19:48:32 +0200 Subject: [PATCH 36/82] added installation for powerdns primary server --- host_vars/dnspri.universe.local.yml | 2 + host_vars/dnssec1.universe.local.yml | 3 + host_vars/dnssec2.universe.local.yml | 1 + hosts | 3 + roles/database/tasks/install_mysql.yml | 12 +++- roles/database/vars/debian.yml | 4 ++ roles/database/vars/ubuntu.yml | 4 ++ .../tasks/configure_powerdns_server_snmpd.yml | 27 +++++++++ .../tasks/install_powerdns_server.yml | 59 +++++++++++++++++++ roles/nameserver/tasks/main.yml | 13 +++- .../powerdns-server-pri-mysql-config.j2 | 3 + roles/nameserver/vars/debian.yml | 9 ++- roles/nameserver/vars/main.yml | 3 + 13 files changed, 138 insertions(+), 5 deletions(-) create mode 100644 host_vars/dnspri.universe.local.yml create mode 100644 host_vars/dnssec1.universe.local.yml create mode 120000 host_vars/dnssec2.universe.local.yml create mode 100644 roles/nameserver/tasks/configure_powerdns_server_snmpd.yml create mode 100644 roles/nameserver/tasks/install_powerdns_server.yml create mode 100644 roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 create mode 100644 roles/nameserver/vars/main.yml diff --git a/host_vars/dnspri.universe.local.yml b/host_vars/dnspri.universe.local.yml new file mode 100644 index 0000000..7a0fb92 --- /dev/null +++ b/host_vars/dnspri.universe.local.yml @@ -0,0 +1,2 @@ +powerdns_server: True +powerdns_primary: True \ No newline at end of file diff --git a/host_vars/dnssec1.universe.local.yml b/host_vars/dnssec1.universe.local.yml new file mode 100644 index 0000000..2155a80 --- /dev/null +++ b/host_vars/dnssec1.universe.local.yml @@ -0,0 +1,3 @@ +powerdns-server: True +powerdns-primary: False +powerdns-secondary: True diff --git a/host_vars/dnssec2.universe.local.yml b/host_vars/dnssec2.universe.local.yml new file mode 120000 index 0000000..a82f5a2 --- /dev/null +++ b/host_vars/dnssec2.universe.local.yml @@ -0,0 +1 @@ +dnssec1.universe.local.yml \ No newline at end of file diff --git a/hosts b/hosts index c8c81cd..6e83d6d 100644 --- a/hosts +++ b/hosts @@ -119,6 +119,9 @@ tuxedo-book-xp1511.universe.local [nameserver] coruscant.universe.local +dnspri1.universe.local +dnssec1.universe.local +dnssec2.universe.local mewimeet.de mewitoot.de ns1.universe.local diff --git a/roles/database/tasks/install_mysql.yml b/roles/database/tasks/install_mysql.yml index d972aaf..b877fd0 100644 --- a/roles/database/tasks/install_mysql.yml +++ b/roles/database/tasks/install_mysql.yml @@ -1,2 +1,12 @@ - debug: - msg: "mysql: {{ mysql }}" \ No newline at end of file + msg: "mysql: {{ mysql }}" + +- name: database | mariadb | install mariadb packages + package: + name: "{{ item.package }}" + update_cache: yes + cache_valid_time: 3600 + state: present + install_recommends: no + become: yes + with_items: "{{ mysql_pkgs.packages }}" \ No newline at end of file diff --git a/roles/database/vars/debian.yml b/roles/database/vars/debian.yml index 1f75b2f..164cddc 100644 --- a/roles/database/vars/debian.yml +++ b/roles/database/vars/debian.yml @@ -3,6 +3,10 @@ redis_pkgs: - package: "redis-server" - package: "redis-tools" +mysql_pkgs: + packages: + - package: "mariadb-server" + postgres_pkgs: packages: - package: "libpq-dev" diff --git a/roles/database/vars/ubuntu.yml b/roles/database/vars/ubuntu.yml index 1f75b2f..164cddc 100644 --- a/roles/database/vars/ubuntu.yml +++ b/roles/database/vars/ubuntu.yml @@ -3,6 +3,10 @@ redis_pkgs: - package: "redis-server" - package: "redis-tools" +mysql_pkgs: + packages: + - package: "mariadb-server" + postgres_pkgs: packages: - package: "libpq-dev" diff --git a/roles/nameserver/tasks/configure_powerdns_server_snmpd.yml b/roles/nameserver/tasks/configure_powerdns_server_snmpd.yml new file mode 100644 index 0000000..0ff3b44 --- /dev/null +++ b/roles/nameserver/tasks/configure_powerdns_server_snmpd.yml @@ -0,0 +1,27 @@ +- name: "Nameserver: powerdns-server | snmpd | get script" + get_url: + url: "https://github.com/librenms/librenms-agent/raw/master/snmp/powerdns.py" + dest: "/etc/snmp/powerdns.py" + mode: "0755" + owner: "root" + group: "root" + +- name: "Nameserver: powerdns-server | snmpd | remove bind script" + file: + path: "/etc/snmp/bind" + state: absent + +- name: "Nameserver: powerdns-server | snmpd | configure extend" + lineinfile: + path: "{{ snmpd_conf }}" + state: present + line: "extend powerdns {{ sudo }} /etc/snmp/powerdns.py" + insertafter: "# SECTION: Extends" + notify: restart_snmpd + +- name: "Nameserver: powerdns-server | snmpd | remove bind extend" + lineinfile: + path: "{{ snmpd_conf }}" + state: absent # not required. choices: absent;present. Whether the line should be there or not. + line: "extend unbound {{ sudo }} /etc/snmp/bind" + notify: restart_snmpd diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml new file mode 100644 index 0000000..e82b20e --- /dev/null +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -0,0 +1,59 @@ +- name: nameserver | powerdns-server | install packages + package: + name: "{{ powerdns_server_package }}" + state: present + +- name: nameserver | powerdns-server | install backends + package: + name: "{{ item.package }}" + state: latest + with_items: "{{ powerdns_backends }}" + +- name: nameserver | powerdns-server | install and configure database + block: + - set_fact: + key_value: mysql=True + - include_role: + name: database # required. The name of the role to be executed. + - name: nameserver | powerdns-server | create database + mysql_db: + name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). + state: present # not required. choices: present;absent;dump;import. The database state + encoding: "utf8" # not required. Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci) + - name: nameserver | powerdns-server | import database + mysql_db: + name: "{{ pdns_db_name }}" + state: import + target: "{{ pdns_mysql_schema }}" # not required. Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and xz (Added in 2.0) compressed files are supported. + - name: nameserver | powerdns-server | create database user + mysql_user: + name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove. + password: "{{ pdns_db_passwd }}" # not required. Set the user's password.. + host: localhost + priv: "{{ pdns_db_name }}.*:ALL" # not required. MySQL privileges string in the format: C(db.table:priv1,priv2). Multiple privileges can be specified by separating each one using a forward slash: C(db.table:priv/db.table:priv). The format is based on MySQL C(GRANT) statement. Database and table names can be quoted, MySQL-style. If column privileges are used, the C(priv1,priv2) part must be exactly as returned by a C(SHOW GRANT) statement. If not followed, the module will always report changes. It includes grouping columns by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))). + append_privs: False # not required. Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones. + sql_log_bin: True # not required. Whether binary logging should be enabled or disabled for the connection. + state: present # not required. choices: absent;present. Whether the user should exist. When C(absent), removes the user. + update_password: on_create # not required. choices: always;on_create. C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. + - name: nameserver | powerdns-server | copy config + template: + src: "powerdns-server-pri-mysql-config.j2" + dest: "/etc/powerdns/pdns.d/mysql.conf" + mode: "0644" + owner: "root" + group: "root" + when: + - powerdns_primary is defined + - powerdns_primary is true + +- name: nameserver | powerdns-recursor | disable bind + service: + name: "named" + state: stopped + enabled: False + +- name: nameserver | powerdns-recursor | enable service + service: + name: "pdns" + state: started + enabled: True diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 3b42e7c..b220ad4 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -38,7 +38,18 @@ when: - bind is defined - bind is true - - powerdns_auth is not defined or powerdns_auth is false + - powerdns_server is not defined or powerdns_server is false + + - name: nameserver | powerdns-server | install and configure + block: + - name: nameserver | powerdns-server | install + include_tasks: install_powerdns_server.yml + - name: nameserver | powerdns-server | configure + include_tasks: configure_powerdns_server_snmpd.yml + when: + - powerdns_server is defined + - powerdns_server is true + - bind is not defined or bind is false rescue: - set_fact: task_failed=true diff --git a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 new file mode 100644 index 0000000..8334331 --- /dev/null +++ b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 @@ -0,0 +1,3 @@ +gmysql-socket = {{ pdns_mysql_socket }} +gmysql-password = {{ pdns_db_passwd }} +gmysql-dnssec = Yes diff --git a/roles/nameserver/vars/debian.yml b/roles/nameserver/vars/debian.yml index 55480eb..9849fb3 100644 --- a/roles/nameserver/vars/debian.yml +++ b/roles/nameserver/vars/debian.yml @@ -1,13 +1,16 @@ bind_package: bind9 unbound_package: unbound perl_readbackwards: libfile-readbackwards-perl -powerdns_server_package: pdns-server -powerdns_recursor_package: pdns-recursor -powerdns_tools_package: pdns-tools +# PowerDNS specific +powerdns_recursor_package: pdns-recursor +powerdns_server_package: pdns-server +powerdns_tools_package: pdns-tools powerdns_backends: - package: pdns-backend-bind - package: pdns-backend-mysql +pdns_mysql_schema: "/usr/share/pdns-backend-mysql/schema/schema.mysql.sql" +pdns_mysql_socket: "/run/mysqld/mysqld.sock" # named / bind specific named_conf_zones: /etc/bind/named.conf.default-zones diff --git a/roles/nameserver/vars/main.yml b/roles/nameserver/vars/main.yml new file mode 100644 index 0000000..5afe122 --- /dev/null +++ b/roles/nameserver/vars/main.yml @@ -0,0 +1,3 @@ +pdns_db_name: "powerdns" +pdns_db_user: "powerdns" +pdns_db_passwd: "alsdkafhdfgjrnyödfdfjksdzlyso57sfn7093c5n7aß46bs946r9xbr85xr6" \ No newline at end of file From 5fd96746387744e0a0ffe949b6864b82d8b413fd Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 23 Jul 2024 19:50:41 +0200 Subject: [PATCH 37/82] typo --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index 6e83d6d..588de2c 100644 --- a/hosts +++ b/hosts @@ -119,7 +119,7 @@ tuxedo-book-xp1511.universe.local [nameserver] coruscant.universe.local -dnspri1.universe.local +dnspri.universe.local dnssec1.universe.local dnssec2.universe.local mewimeet.de From 5df0bc5a422f6a475e4b14f6f60854ed8d9eced9 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 23 Jul 2024 19:59:29 +0200 Subject: [PATCH 38/82] syntax --- roles/nameserver/tasks/install_powerdns_server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index e82b20e..d394a65 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -12,7 +12,7 @@ - name: nameserver | powerdns-server | install and configure database block: - set_fact: - key_value: mysql=True + mysql: True - include_role: name: database # required. The name of the role to be executed. - name: nameserver | powerdns-server | create database From ccf689b5139f9720b5cc642d975d5b44620f4be6 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 24 Jul 2024 08:42:39 +0200 Subject: [PATCH 39/82] syntax --- roles/nameserver/tasks/install_powerdns_server.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index d394a65..1d89ff1 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -11,10 +11,10 @@ - name: nameserver | powerdns-server | install and configure database block: - - set_fact: - mysql: True - include_role: name: database # required. The name of the role to be executed. + vars: + mysql: True - name: nameserver | powerdns-server | create database mysql_db: name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). From 9477fbccb69bb5147507293288c3a3ec509f7b69 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 24 Jul 2024 10:24:50 +0200 Subject: [PATCH 40/82] moved vars --- roles/fileserver/readme.md | 2 ++ roles/nameserver/tasks/install_powerdns_server.yml | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 roles/fileserver/readme.md diff --git a/roles/fileserver/readme.md b/roles/fileserver/readme.md new file mode 100644 index 0000000..993dc18 --- /dev/null +++ b/roles/fileserver/readme.md @@ -0,0 +1,2 @@ +- samba +- nfs \ No newline at end of file diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 1d89ff1..31d73d8 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -13,8 +13,6 @@ block: - include_role: name: database # required. The name of the role to be executed. - vars: - mysql: True - name: nameserver | powerdns-server | create database mysql_db: name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). From b6ab9db9a2e9e0c78bae3e6ac1cfdb4ca0bb7669 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 24 Jul 2024 11:41:51 +0200 Subject: [PATCH 41/82] moved vars --- roles/nameserver/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nameserver/vars/main.yml b/roles/nameserver/vars/main.yml index 5afe122..4f5f478 100644 --- a/roles/nameserver/vars/main.yml +++ b/roles/nameserver/vars/main.yml @@ -1,3 +1,4 @@ +mysql: True pdns_db_name: "powerdns" pdns_db_user: "powerdns" pdns_db_passwd: "alsdkafhdfgjrnyödfdfjksdzlyso57sfn7093c5n7aß46bs946r9xbr85xr6" \ No newline at end of file From a7e39f9305ae17e09a69b6541ec9004888b1b420 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 24 Jul 2024 11:46:23 +0200 Subject: [PATCH 42/82] syntax --- roles/nameserver/tasks/install_powerdns_server.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 31d73d8..221b0c7 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -11,8 +11,7 @@ - name: nameserver | powerdns-server | install and configure database block: - - include_role: - name: database # required. The name of the role to be executed. + - include_role: name=database # required. The name of the role to be executed. - name: nameserver | powerdns-server | create database mysql_db: name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). From ac4272612b0ef1004417e78a7d44272788dda57a Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 24 Jul 2024 12:03:05 +0200 Subject: [PATCH 43/82] Python's MySQL client needed --- roles/nameserver/tasks/install_powerdns_server.yml | 4 ++++ roles/nameserver/vars/debian.yml | 1 + 2 files changed, 5 insertions(+) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 221b0c7..e8c9436 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -12,6 +12,10 @@ - name: nameserver | powerdns-server | install and configure database block: - include_role: name=database # required. The name of the role to be executed. + - name: nameserver | powerdns-server | install python mysql client + package: + name: "{{ python_mysql_client }}" + state: present - name: nameserver | powerdns-server | create database mysql_db: name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). diff --git a/roles/nameserver/vars/debian.yml b/roles/nameserver/vars/debian.yml index 9849fb3..dc73de1 100644 --- a/roles/nameserver/vars/debian.yml +++ b/roles/nameserver/vars/debian.yml @@ -1,6 +1,7 @@ bind_package: bind9 unbound_package: unbound perl_readbackwards: libfile-readbackwards-perl +python_mysql_client: python3-pymysql # PowerDNS specific powerdns_recursor_package: pdns-recursor From 032bcc7c0f6c2a9ffd64552a128cadbd4964fba3 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 24 Jul 2024 12:14:32 +0200 Subject: [PATCH 44/82] my.cnf needed --- roles/nameserver/tasks/install_powerdns_server.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index e8c9436..3d0d56d 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -21,11 +21,13 @@ name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). state: present # not required. choices: present;absent;dump;import. The database state encoding: "utf8" # not required. Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci) + config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. - name: nameserver | powerdns-server | import database mysql_db: name: "{{ pdns_db_name }}" state: import target: "{{ pdns_mysql_schema }}" # not required. Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and xz (Added in 2.0) compressed files are supported. + config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. - name: nameserver | powerdns-server | create database user mysql_user: name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove. @@ -36,6 +38,7 @@ sql_log_bin: True # not required. Whether binary logging should be enabled or disabled for the connection. state: present # not required. choices: absent;present. Whether the user should exist. When C(absent), removes the user. update_password: on_create # not required. choices: always;on_create. C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. + config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. - name: nameserver | powerdns-server | copy config template: src: "powerdns-server-pri-mysql-config.j2" From df99ddea83aa7c2be9af3ae0c6155f2bd3abeb55 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 24 Jul 2024 13:30:29 +0200 Subject: [PATCH 45/82] need to use socket for mysql --- roles/nameserver/tasks/install_powerdns_server.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 3d0d56d..5ff5ec1 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -22,12 +22,14 @@ state: present # not required. choices: present;absent;dump;import. The database state encoding: "utf8" # not required. Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci) config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. + login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. - name: nameserver | powerdns-server | import database mysql_db: name: "{{ pdns_db_name }}" state: import target: "{{ pdns_mysql_schema }}" # not required. Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and xz (Added in 2.0) compressed files are supported. config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. + login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. - name: nameserver | powerdns-server | create database user mysql_user: name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove. @@ -39,6 +41,7 @@ state: present # not required. choices: absent;present. Whether the user should exist. When C(absent), removes the user. update_password: on_create # not required. choices: always;on_create. C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. + login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. - name: nameserver | powerdns-server | copy config template: src: "powerdns-server-pri-mysql-config.j2" From 6d534689471daf6865e512bf58b5db381f996c53 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 11:07:26 +0200 Subject: [PATCH 46/82] do not overwrite with template, if file already exists --- roles/nameserver/tasks/install_powerdns_recursor.yml | 1 + roles/nameserver/tasks/install_unbound.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/nameserver/tasks/install_powerdns_recursor.yml b/roles/nameserver/tasks/install_powerdns_recursor.yml index 4a414bc..396f7f7 100644 --- a/roles/nameserver/tasks/install_powerdns_recursor.yml +++ b/roles/nameserver/tasks/install_powerdns_recursor.yml @@ -10,6 +10,7 @@ mode: "0644" owner: "root" group: "root" + force: no - name: nameserver | powerdns-recursor | disable unbound service: diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index 3e3061c..1265bd0 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -11,6 +11,7 @@ owner: "root" group: "root" validate: "unbound-checkconf %s" + force: no - name: nameserver | unbound | disable service pdns-resolver service: From 5d5c4bc91a28eadcf525206d5a8a73c3c7bef39e Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 11:08:14 +0200 Subject: [PATCH 47/82] import data only if database did not exist before; generate password, if not set in vars --- roles/nameserver/tasks/install_powerdns_server.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 5ff5ec1..631123d 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -23,6 +23,7 @@ encoding: "utf8" # not required. Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci) config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. + register: database_exists - name: nameserver | powerdns-server | import database mysql_db: name: "{{ pdns_db_name }}" @@ -30,10 +31,11 @@ target: "{{ pdns_mysql_schema }}" # not required. Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and xz (Added in 2.0) compressed files are supported. config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. + when: database_exists.changed - name: nameserver | powerdns-server | create database user mysql_user: name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove. - password: "{{ pdns_db_passwd }}" # not required. Set the user's password.. + password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw' length=20)) }}" # not required. Set the user's password.. host: localhost priv: "{{ pdns_db_name }}.*:ALL" # not required. MySQL privileges string in the format: C(db.table:priv1,priv2). Multiple privileges can be specified by separating each one using a forward slash: C(db.table:priv/db.table:priv). The format is based on MySQL C(GRANT) statement. Database and table names can be quoted, MySQL-style. If column privileges are used, the C(priv1,priv2) part must be exactly as returned by a C(SHOW GRANT) statement. If not followed, the module will always report changes. It includes grouping columns by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))). append_privs: False # not required. Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones. @@ -49,6 +51,7 @@ mode: "0644" owner: "root" group: "root" + force: no when: - powerdns_primary is defined - powerdns_primary is true @@ -57,10 +60,12 @@ service: name: "named" state: stopped - enabled: False + enabled: false + rescue: + - set_fact: task_failed=true - name: nameserver | powerdns-recursor | enable service service: name: "pdns" state: started - enabled: True + enabled: true From 7b5d51bf81bd1a184bf8a65e6c69ccede77ff43c Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 11:08:37 +0200 Subject: [PATCH 48/82] generate or get password if not set in vars --- roles/nameserver/templates/powerdns-server-pri-api-config.j2 | 4 ++++ .../nameserver/templates/powerdns-server-pri-mysql-config.j2 | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 roles/nameserver/templates/powerdns-server-pri-api-config.j2 diff --git a/roles/nameserver/templates/powerdns-server-pri-api-config.j2 b/roles/nameserver/templates/powerdns-server-pri-api-config.j2 new file mode 100644 index 0000000..5a1a67e --- /dev/null +++ b/roles/nameserver/templates/powerdns-server-pri-api-config.j2 @@ -0,0 +1,4 @@ +api = Yes +api-key ={{ pdns_api_key | default(lookup('password', '/etc/powerdns/pdns.d/.api-key' length=20)) }} +webserver = Yes +webserver-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} \ No newline at end of file diff --git a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 index 8334331..39e6da2 100644 --- a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 +++ b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 @@ -1,3 +1,4 @@ +launch += gmysql gmysql-socket = {{ pdns_mysql_socket }} -gmysql-password = {{ pdns_db_passwd }} +gmysql-password = {{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw' length=20)) }} gmysql-dnssec = Yes From a6529fa87d9752facb0b498c0e1bd4be81eecf36 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 11:09:07 +0200 Subject: [PATCH 49/82] I don't want bind backend --- roles/nameserver/vars/debian.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/nameserver/vars/debian.yml b/roles/nameserver/vars/debian.yml index dc73de1..8ba64a2 100644 --- a/roles/nameserver/vars/debian.yml +++ b/roles/nameserver/vars/debian.yml @@ -8,7 +8,6 @@ powerdns_recursor_package: pdns-recursor powerdns_server_package: pdns-server powerdns_tools_package: pdns-tools powerdns_backends: - - package: pdns-backend-bind - package: pdns-backend-mysql pdns_mysql_schema: "/usr/share/pdns-backend-mysql/schema/schema.mysql.sql" pdns_mysql_socket: "/run/mysqld/mysqld.sock" From 86f97169505995644a6082c2765e56035b654288 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 11:11:49 +0200 Subject: [PATCH 50/82] use handler to restart powerdns --- roles/nameserver/handlers/main.yml | 5 +++++ roles/nameserver/tasks/install_powerdns_server.yml | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/nameserver/handlers/main.yml b/roles/nameserver/handlers/main.yml index 0c1fa07..3e1bd1e 100644 --- a/roles/nameserver/handlers/main.yml +++ b/roles/nameserver/handlers/main.yml @@ -11,4 +11,9 @@ - name: restart_unbound service: name: "unbound" + state: restarted + +- name: restart_pdns + service: + name: "pdns" state: restarted \ No newline at end of file diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 631123d..d926622 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -55,6 +55,7 @@ when: - powerdns_primary is defined - powerdns_primary is true + notify: restart_pdns - name: nameserver | powerdns-recursor | disable bind service: @@ -68,4 +69,4 @@ service: name: "pdns" state: started - enabled: true + enabled: true \ No newline at end of file From 888aa7f07119d159b78c636ba40471c04bcd65ec Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 11:42:05 +0200 Subject: [PATCH 51/82] moved notify --- roles/nameserver/tasks/install_powerdns_server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index d926622..f47a8a3 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -52,10 +52,10 @@ owner: "root" group: "root" force: no + notify: restart_pdns when: - powerdns_primary is defined - powerdns_primary is true - notify: restart_pdns - name: nameserver | powerdns-recursor | disable bind service: From 35b78971ebd052b9940dfc9d4b3c0245b974d671 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 12:04:20 +0200 Subject: [PATCH 52/82] syntax --- roles/nameserver/tasks/install_powerdns_server.yml | 4 ++-- roles/nameserver/templates/powerdns-server-pri-api-config.j2 | 2 +- .../nameserver/templates/powerdns-server-pri-mysql-config.j2 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index f47a8a3..b74bab9 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -35,7 +35,7 @@ - name: nameserver | powerdns-server | create database user mysql_user: name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove. - password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw' length=20)) }}" # not required. Set the user's password.. + password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }}" # not required. Set the user's password.. host: localhost priv: "{{ pdns_db_name }}.*:ALL" # not required. MySQL privileges string in the format: C(db.table:priv1,priv2). Multiple privileges can be specified by separating each one using a forward slash: C(db.table:priv/db.table:priv). The format is based on MySQL C(GRANT) statement. Database and table names can be quoted, MySQL-style. If column privileges are used, the C(priv1,priv2) part must be exactly as returned by a C(SHOW GRANT) statement. If not followed, the module will always report changes. It includes grouping columns by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))). append_privs: False # not required. Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones. @@ -52,10 +52,10 @@ owner: "root" group: "root" force: no - notify: restart_pdns when: - powerdns_primary is defined - powerdns_primary is true + notify: restart_pdns - name: nameserver | powerdns-recursor | disable bind service: diff --git a/roles/nameserver/templates/powerdns-server-pri-api-config.j2 b/roles/nameserver/templates/powerdns-server-pri-api-config.j2 index 5a1a67e..25fdadd 100644 --- a/roles/nameserver/templates/powerdns-server-pri-api-config.j2 +++ b/roles/nameserver/templates/powerdns-server-pri-api-config.j2 @@ -1,4 +1,4 @@ api = Yes -api-key ={{ pdns_api_key | default(lookup('password', '/etc/powerdns/pdns.d/.api-key' length=20)) }} +api-key ={{ pdns_api_key | default(lookup('password', '/etc/powerdns/pdns.d/.api-key length=20')) }} webserver = Yes webserver-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} \ No newline at end of file diff --git a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 index 39e6da2..78ca609 100644 --- a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 +++ b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 @@ -1,4 +1,4 @@ launch += gmysql gmysql-socket = {{ pdns_mysql_socket }} -gmysql-password = {{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw' length=20)) }} +gmysql-password = {{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }} gmysql-dnssec = Yes From 93b074476fcf57c2165811bde8f31a32d7e580a0 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 14:26:58 +0200 Subject: [PATCH 53/82] task rewritten --- .../tasks/install_powerdns_server.yml | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index b74bab9..d70665f 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -12,10 +12,12 @@ - name: nameserver | powerdns-server | install and configure database block: - include_role: name=database # required. The name of the role to be executed. + - name: nameserver | powerdns-server | install python mysql client package: name: "{{ python_mysql_client }}" state: present + - name: nameserver | powerdns-server | create database mysql_db: name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). @@ -24,6 +26,7 @@ config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. register: database_exists + - name: nameserver | powerdns-server | import database mysql_db: name: "{{ pdns_db_name }}" @@ -32,6 +35,7 @@ config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. when: database_exists.changed + - name: nameserver | powerdns-server | create database user mysql_user: name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove. @@ -44,6 +48,7 @@ update_password: on_create # not required. choices: always;on_create. C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. + - name: nameserver | powerdns-server | copy config template: src: "powerdns-server-pri-mysql-config.j2" @@ -57,15 +62,21 @@ - powerdns_primary is true notify: restart_pdns -- name: nameserver | powerdns-recursor | disable bind - service: - name: "named" - state: stopped - enabled: false - rescue: - - set_fact: task_failed=true +- name: nameserver | powerdns-server | disable bind + block: + - name: nameserver | powerdns-server | get running services + service_facts: -- name: nameserver | powerdns-recursor | enable service + - name: nameserver | powerdns-server | disable bind + service: + name: "named" + state: stopped + enabled: false + when: "'bind' in service_names" + vars: + service_names: "{{ services|dict2items|map(attribute='value.name')|list }}" + +- name: nameserver | powerdns-server | enable service service: name: "pdns" state: started From 6170be413d6c7882ce9f0658e9c777b341f211cc Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 14:52:37 +0200 Subject: [PATCH 54/82] loop over templates --- roles/nameserver/tasks/install_powerdns_server.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index d70665f..99d3420 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -51,12 +51,15 @@ - name: nameserver | powerdns-server | copy config template: - src: "powerdns-server-pri-mysql-config.j2" - dest: "/etc/powerdns/pdns.d/mysql.conf" + src: "{{ item.src }}" + dest: "{{ item.dest }}" mode: "0644" owner: "root" group: "root" force: no + loop: + - { src: "powerdns-server-pri-mysql-config.j2", dest: "/etc/powerdns/pdns.d/mysql.conf" } + - { src: "powerdns-server-pri-api-config.j2", dest: "/etc/powerdns/pdns.d/api.conf"} when: - powerdns_primary is defined - powerdns_primary is true From 4579237ab11965d73a349ad63aa18f902611b9e7 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 15:03:14 +0200 Subject: [PATCH 55/82] moved user specific part to end --- roles/base/tasks/users/all.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml index 513c93d..7102b39 100644 --- a/roles/base/tasks/users/all.yml +++ b/roles/base/tasks/users/all.yml @@ -1,6 +1,3 @@ -- name: users | {{ user }} | include user specific parts - include_tasks: "{{ user }}.yml" - - name: users | {{ user }} | getent user home directory getent: database: passwd @@ -107,4 +104,8 @@ owner: root group: root mode: 0440 - when: sudo_group == "wheel" \ No newline at end of file + when: sudo_group == "wheel" + +- name: users | {{ user }} | include user specific parts + include_tasks: "{{ user }}.yml" + \ No newline at end of file From 4000699794c715deeedc7da9cc7c6b017d8959af Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 15:22:45 +0200 Subject: [PATCH 56/82] replace command by var with absolute path --- os_vars/archlinux.yml | 2 ++ os_vars/debian.yml | 5 ++++- os_vars/ubuntu.yml | 5 ++++- roles/server/tasks/utilities/snmpd.yml | 2 +- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/os_vars/archlinux.yml b/os_vars/archlinux.yml index e69de29..a1f423c 100644 --- a/os_vars/archlinux.yml +++ b/os_vars/archlinux.yml @@ -0,0 +1,2 @@ +commands: + - visudo: "/usr/bin/visudo" \ No newline at end of file diff --git a/os_vars/debian.yml b/os_vars/debian.yml index 314e3a6..e429371 100644 --- a/os_vars/debian.yml +++ b/os_vars/debian.yml @@ -12,4 +12,7 @@ postgres_pkgs: - package: "postgresql" - package: "postgresql-contrib" - package: "python3-psycopg2" - - package: "sudo" \ No newline at end of file + - package: "sudo" + +commands: + - visudo: "/usr/sbin/visudo" \ No newline at end of file diff --git a/os_vars/ubuntu.yml b/os_vars/ubuntu.yml index 314e3a6..e429371 100644 --- a/os_vars/ubuntu.yml +++ b/os_vars/ubuntu.yml @@ -12,4 +12,7 @@ postgres_pkgs: - package: "postgresql" - package: "postgresql-contrib" - package: "python3-psycopg2" - - package: "sudo" \ No newline at end of file + - package: "sudo" + +commands: + - visudo: "/usr/sbin/visudo" \ No newline at end of file diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 951b98f..6a6f33b 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -12,7 +12,7 @@ owner: "root" group: "root" mode: "0660" - validate: "visudo -cf %s" + validate: " {{ commands.visudo }} -cf %s" when: ansible_distribution in ["Debian", "Ubuntu"] - name: server | snmpd | create /etc/snmp From d2691f57400762c8af65db6ef23b7e3c15e75151 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 15:34:38 +0200 Subject: [PATCH 57/82] mta for servers must not be postfix unless it is a mailserver --- .../tasks/utilities/mail_transfer_agent.yml | 42 ++++++++++++------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/roles/server/tasks/utilities/mail_transfer_agent.yml b/roles/server/tasks/utilities/mail_transfer_agent.yml index 506b152..6a878a9 100644 --- a/roles/server/tasks/utilities/mail_transfer_agent.yml +++ b/roles/server/tasks/utilities/mail_transfer_agent.yml @@ -1,17 +1,27 @@ -- name: server | utilities | install {{ mta_package }} - package: - name: "{{ mta_package }}" - state: present +- name: server | utilities | {{ mta_package }} + block: + - name: server | utilities | remove postfix + package: + name: + - postfix + - postfix-ldap + - postfix-mysql + - postfix-sqlite + - postgrey + state: absent + - name: server | utilities | install {{ mta_package }} + package: + name: "{{ mta_package }}" + state: present + - name: server | utitilies | configure {{ mta_package }} + lineinfile: + path: "/etc/ssmtp/ssmtp.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + regexp: "{{ item.regex }}" + state: present + line: "{{ item.line }}" + loop: + - { regex: "^root=.*$", line: "root=rene@tantooine.myfirewall.org"} + - { regex: "^mailhub=.*", line: "mailhub=mail.universe.local"} + - { regex: "^hostname=.*", line: "hostname={{ ansible_fqdn }}"} + when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"] when: postfix is not defined or postfix == false - -- name: server | utitilies | configure {{ mta_package }} - lineinfile: - path: "/etc/ssmtp/ssmtp.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). - regexp: "{{ item.regex }}" - state: present - line: "{{ item.line }}" - loop: - - { regex: "^root=.*$", line: "root=rene@tantooine.myfirewall.org"} - - { regex: "^mailhub=.*", line: "mailhub=mail.universe.local"} - - { regex: "^hostname=.*", line: "hostname={{ ansible_fqdn }}"} - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"] \ No newline at end of file From 3980132f3245d938143153b45ae08ba1d2694b84 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 16:32:26 +0200 Subject: [PATCH 58/82] syntax --- os_vars/archlinux.yml | 2 +- os_vars/debian.yml | 2 +- os_vars/ubuntu.yml | 2 +- roles/server/tasks/utilities/snmpd.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/os_vars/archlinux.yml b/os_vars/archlinux.yml index a1f423c..0c341f5 100644 --- a/os_vars/archlinux.yml +++ b/os_vars/archlinux.yml @@ -1,2 +1,2 @@ commands: - - visudo: "/usr/bin/visudo" \ No newline at end of file + visudo: "/usr/bin/visudo" \ No newline at end of file diff --git a/os_vars/debian.yml b/os_vars/debian.yml index e429371..2ff44c1 100644 --- a/os_vars/debian.yml +++ b/os_vars/debian.yml @@ -15,4 +15,4 @@ postgres_pkgs: - package: "sudo" commands: - - visudo: "/usr/sbin/visudo" \ No newline at end of file + visudo: "/usr/sbin/visudo" \ No newline at end of file diff --git a/os_vars/ubuntu.yml b/os_vars/ubuntu.yml index e429371..2ff44c1 100644 --- a/os_vars/ubuntu.yml +++ b/os_vars/ubuntu.yml @@ -15,4 +15,4 @@ postgres_pkgs: - package: "sudo" commands: - - visudo: "/usr/sbin/visudo" \ No newline at end of file + visudo: "/usr/sbin/visudo" \ No newline at end of file diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 6a6f33b..c4418b1 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -12,7 +12,7 @@ owner: "root" group: "root" mode: "0660" - validate: " {{ commands.visudo }} -cf %s" + validate: "{{ commands.visudo }} -cf %s" when: ansible_distribution in ["Debian", "Ubuntu"] - name: server | snmpd | create /etc/snmp From 1127b11054e5eb03ddb625b0a5145b6c08b152c8 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 25 Jul 2024 16:58:19 +0200 Subject: [PATCH 59/82] moved vars --- os_vars/archlinux.yml | 2 -- os_vars/debian.yml | 3 --- os_vars/ubuntu.yml | 3 --- roles/server/vars/archlinux.yml | 5 ++++- roles/server/vars/debian.yml | 8 +++++++- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/os_vars/archlinux.yml b/os_vars/archlinux.yml index 0c341f5..e69de29 100644 --- a/os_vars/archlinux.yml +++ b/os_vars/archlinux.yml @@ -1,2 +0,0 @@ -commands: - visudo: "/usr/bin/visudo" \ No newline at end of file diff --git a/os_vars/debian.yml b/os_vars/debian.yml index 2ff44c1..751dca8 100644 --- a/os_vars/debian.yml +++ b/os_vars/debian.yml @@ -13,6 +13,3 @@ postgres_pkgs: - package: "postgresql-contrib" - package: "python3-psycopg2" - package: "sudo" - -commands: - visudo: "/usr/sbin/visudo" \ No newline at end of file diff --git a/os_vars/ubuntu.yml b/os_vars/ubuntu.yml index 2ff44c1..751dca8 100644 --- a/os_vars/ubuntu.yml +++ b/os_vars/ubuntu.yml @@ -13,6 +13,3 @@ postgres_pkgs: - package: "postgresql-contrib" - package: "python3-psycopg2" - package: "sudo" - -commands: - visudo: "/usr/sbin/visudo" \ No newline at end of file diff --git a/roles/server/vars/archlinux.yml b/roles/server/vars/archlinux.yml index 3a9bcd2..8db19c2 100644 --- a/roles/server/vars/archlinux.yml +++ b/roles/server/vars/archlinux.yml @@ -6,4 +6,7 @@ openssh_server_package: openssh check_update_cmd: "/root/bin/cron_pacman" glusterfs_packages: - - package: glusterfs \ No newline at end of file + - package: glusterfs + +commands: + visudo: "/usr/bin/visudo" \ No newline at end of file diff --git a/roles/server/vars/debian.yml b/roles/server/vars/debian.yml index fcf63df..ea82435 100644 --- a/roles/server/vars/debian.yml +++ b/roles/server/vars/debian.yml @@ -8,4 +8,10 @@ check_update_cmd: "apt list --upgradable" glusterfs_packages: - package: glusterfs-common - package: glusterfs-server - - package: glusterfs-client \ No newline at end of file + - package: glusterfs-client + +commands: + visudo: "/usr/sbin/visudo" + +commands: + visudo: "/usr/sbin/visudo" \ No newline at end of file From ffc44a6b1226b43e1879f7dfdd0e60af6f7ed78c Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 26 Jul 2024 11:43:46 +0200 Subject: [PATCH 60/82] add users for secondaries --- .../tasks/install_powerdns_server.yml | 14 +++++++++++++ roles/nameserver/vars/main.yml | 20 +++++++++++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 99d3420..09784c2 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -49,6 +49,20 @@ config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. + - name: nameserver | powerdns-server | create database users for secondaries + mysql_user: + name: "{{ pdns_db_user }}" + password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }}" + host: "{{ item }}" + priv: "{{ pdns_db_name }}.*:SELECT" + append_privs: False + sql_log_bin: True + state: present + update_password: on_create + config_file: "/etc/mysql/my.cnf" + login_unix_socket: "{{ pdns_mysql_socket }}" + loop: pdns_secondaries + - name: nameserver | powerdns-server | copy config template: src: "{{ item.src }}" diff --git a/roles/nameserver/vars/main.yml b/roles/nameserver/vars/main.yml index 4f5f478..05b8bf5 100644 --- a/roles/nameserver/vars/main.yml +++ b/roles/nameserver/vars/main.yml @@ -1,4 +1,16 @@ -mysql: True -pdns_db_name: "powerdns" -pdns_db_user: "powerdns" -pdns_db_passwd: "alsdkafhdfgjrnyödfdfjksdzlyso57sfn7093c5n7aß46bs946r9xbr85xr6" \ No newline at end of file +$ANSIBLE_VAULT;1.1;AES256 +33393637343963633639303764623635356261393833353539626539396635666264393865333738 +3666356534343238656532373735383161666232373536380a366134386664653133323936383364 +36616330356462373436313032303133656433316566373632656532333166323439663465343139 +6165353566313464370a343066616239366166333563333364333634643635636135636230346633 +61393731323835666338626262326538346362613561666533623839333566613033363037636364 +39643031343232366437316263356339613163333033383664616532343433653131616438383663 +38623631323233656238373264346235656530613261303863633964373736653531333236356537 +65386166396262343430313431646439663234313561346463316563313832356635653865363333 +63653362326535323864353738376132663266353161386461613538313063633332383538316634 +39313664323337303861666361636633613631623438613434303964373065396263663232386131 +38383235373066633338633938303663623331376330356635343661303061663535346639336464 +31646530386533636165346233626532643437336136373731313738313463373436313334613834 +38633136613935373466366138336538623266346333313831646339626433396366373761656337 +39356365383762363662666162313932323831386133336631383039383132623661646566376265 +613335613464393433626139343731393633 From 7e513f6c77590a44045ef9454194a9e515a60c5c Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 26 Jul 2024 11:44:05 +0200 Subject: [PATCH 61/82] add docker host for accessing api --- roles/nameserver/templates/powerdns-server-pri-api-config.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/nameserver/templates/powerdns-server-pri-api-config.j2 b/roles/nameserver/templates/powerdns-server-pri-api-config.j2 index 25fdadd..fc0cb0e 100644 --- a/roles/nameserver/templates/powerdns-server-pri-api-config.j2 +++ b/roles/nameserver/templates/powerdns-server-pri-api-config.j2 @@ -1,4 +1,5 @@ api = Yes api-key ={{ pdns_api_key | default(lookup('password', '/etc/powerdns/pdns.d/.api-key length=20')) }} webserver = Yes -webserver-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} \ No newline at end of file +webserver-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} +webserver-allow-from = 127.0.0.1, [::1], 192.168.1.238 \ No newline at end of file From e3edcf02f9ecde736a0028473e78458b35aeed82 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 26 Jul 2024 11:53:21 +0200 Subject: [PATCH 62/82] syntax --- roles/nameserver/tasks/install_powerdns_server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index 09784c2..b1bc8e8 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -61,7 +61,7 @@ update_password: on_create config_file: "/etc/mysql/my.cnf" login_unix_socket: "{{ pdns_mysql_socket }}" - loop: pdns_secondaries + loop: "{{ pdns_secondaries }}" - name: nameserver | powerdns-server | copy config template: From 13080071ebfc482ef73a798ad4a1868c1d04f158 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 16 Aug 2024 17:58:44 +0200 Subject: [PATCH 63/82] pdns-recursor must run before wireguard can start --- roles/nameserver/templates/powerdns-recursor-custom-config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 index b19a6ce..23b96f9 100644 --- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 +++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2 @@ -4,5 +4,5 @@ forward-zones-recurse = universe.local=192.168.1.3 local-address = 127.0.0.1 {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %} local-port = {% if pdns_recursor_lport is defined %}{{ pdns_recursor_lport }}{% else %}53{% endif %} - +non-local-bind = yes query-local-address = {{ ansible_default_ipv4.address }} {% if ansible_default_ipv6.address is defined %}, {{ ansible_default_ipv6.address }}{% endif %} {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% endif %} \ No newline at end of file From c7e0bf8c3c52aaee331d416c9292a84d172cecf3 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 16 Aug 2024 18:45:41 +0200 Subject: [PATCH 64/82] use default if not a wg client --- roles/server/tasks/utilities/snmpd.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index c4418b1..620c29b 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -74,8 +74,7 @@ lineinfile: path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" - state: present - line: "agentaddress udp:161,udp6:[::1]:161" + state: absent when: wg_local_ip is not defined - name: server | snmpd | copy distro script From 37aaa1ca89e65328fa42708484568a9a76ff3dfb Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 20 Aug 2024 13:23:00 +0200 Subject: [PATCH 65/82] run all as root --- roles/base/tasks/software/wazuh-agent.yml | 28 ++++++++++++----------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/roles/base/tasks/software/wazuh-agent.yml b/roles/base/tasks/software/wazuh-agent.yml index 8c31888..d1ee586 100644 --- a/roles/base/tasks/software/wazuh-agent.yml +++ b/roles/base/tasks/software/wazuh-agent.yml @@ -1,15 +1,17 @@ -- name: install wazuh agent - apt: - deb: https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.8.0-1_amd64.deb - environment: - WAZUH_MANAGER: "{{ wazuh_manager }}" +- block + - name: base | software | install wazuh agent + apt: + deb: https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.8.0-1_amd64.deb + environment: + WAZUH_MANAGER: "{{ wazuh_manager }}" -- name: systemctl daemon-reload - systemd: - daemon-reload: yes + - name: systemctl daemon-reload + systemd: + daemon-reload: yes -- name: Start Wazuh agent - systemd: - name: "wazuh-agent" - state: started - enabled: yes \ No newline at end of file + - name: Start Wazuh agent + systemd: + name: "wazuh-agent" + state: started + enabled: yes + become: yes \ No newline at end of file From c72cb52b2b4054a717ad597cca29764376d6a83c Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 21 Aug 2024 15:45:34 +0200 Subject: [PATCH 66/82] syntax --- roles/base/tasks/software/wazuh-agent.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/tasks/software/wazuh-agent.yml b/roles/base/tasks/software/wazuh-agent.yml index d1ee586..49f7356 100644 --- a/roles/base/tasks/software/wazuh-agent.yml +++ b/roles/base/tasks/software/wazuh-agent.yml @@ -1,4 +1,4 @@ -- block +- block: - name: base | software | install wazuh agent apt: deb: https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.8.0-1_amd64.deb From f407b9f66a77fca94b0928d773b9e0fa88e707a6 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 29 Aug 2024 18:48:13 +0200 Subject: [PATCH 67/82] added a new host --- host_vars/truenas.universe.local.yml | 1 + hosts | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 host_vars/truenas.universe.local.yml diff --git a/host_vars/truenas.universe.local.yml b/host_vars/truenas.universe.local.yml new file mode 100644 index 0000000..73b314f --- /dev/null +++ b/host_vars/truenas.universe.local.yml @@ -0,0 +1 @@ +--- \ No newline at end of file diff --git a/hosts b/hosts index 588de2c..afea1ad 100644 --- a/hosts +++ b/hosts @@ -25,6 +25,7 @@ samba-ad-dc1.universe.local samba-ad-dc2.universe.local shinobi.universe.local step-ca.universe.local +truenas.universe.local wazuh.universe.local zoneminder.universe.local @@ -69,6 +70,7 @@ coruscant.universe.local dhcp-kea.universe.local [docker] +docker01 docker01.universe.local docker02 docker02.universe.local From 69ccca721fc7f8ca4b1bb3a7514ce4b1bd696cfd Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 23 Sep 2024 18:19:41 +0200 Subject: [PATCH 68/82] added new systems to backup --- host_vars/backup.universe.local.yml | 11 +++++++++-- .../ntfy.universe.local.yml | 0 hosts | 1 + roles/backup/files/config/agh01_excludes.txt | 0 roles/backup/files/config/agh01_includes.txt | 3 +++ roles/backup/files/config/docker02_excludes .txt | 1 + roles/backup/files/config/docker02_includes.txt | 4 ++++ roles/backup/files/config/freeradius_excludes.txt | 0 roles/backup/files/config/freeradius_includes.txt | 3 +++ roles/backup/files/config/paperless_excludes.txt | 0 roles/backup/files/config/paperless_includes.txt | 8 ++++++++ roles/backup/files/config/samba-ad-dc1_excludes.txt | 0 ...a-ad-dc_includes.txt => samba-ad-dc1_includes.txt} | 0 roles/backup/files/config/samba-ad-dc2_excludes.txt | 0 roles/backup/files/config/samba-ad-dc2_includes.txt | 2 ++ roles/backup/files/config/searx_excludes.txt | 0 roles/backup/files/config/searx_includes.txt | 4 ++++ roles/backup/files/config/shinobi_excludes.txt | 0 roles/backup/files/config/shinobi_includes.txt | 3 +++ 19 files changed, 38 insertions(+), 2 deletions(-) rename roles/backup/files/config/samba-ad-dc_excludes.txt => host_vars/ntfy.universe.local.yml (100%) create mode 100644 roles/backup/files/config/agh01_excludes.txt create mode 100644 roles/backup/files/config/agh01_includes.txt create mode 100644 roles/backup/files/config/docker02_excludes .txt create mode 100644 roles/backup/files/config/docker02_includes.txt create mode 100644 roles/backup/files/config/freeradius_excludes.txt create mode 100644 roles/backup/files/config/freeradius_includes.txt create mode 100644 roles/backup/files/config/paperless_excludes.txt create mode 100644 roles/backup/files/config/paperless_includes.txt create mode 100644 roles/backup/files/config/samba-ad-dc1_excludes.txt rename roles/backup/files/config/{samba-ad-dc_includes.txt => samba-ad-dc1_includes.txt} (100%) create mode 100644 roles/backup/files/config/samba-ad-dc2_excludes.txt create mode 100644 roles/backup/files/config/samba-ad-dc2_includes.txt create mode 100644 roles/backup/files/config/searx_excludes.txt create mode 100644 roles/backup/files/config/searx_includes.txt create mode 100644 roles/backup/files/config/shinobi_excludes.txt create mode 100644 roles/backup/files/config/shinobi_includes.txt diff --git a/host_vars/backup.universe.local.yml b/host_vars/backup.universe.local.yml index 6232b95..d11819a 100644 --- a/host_vars/backup.universe.local.yml +++ b/host_vars/backup.universe.local.yml @@ -5,12 +5,14 @@ hosts_to_backup: - { hostname: "coruscant", fqdn: "coruscant.universe.local" } - { hostname: "ns1", fqdn: "ns1.universe.local" } - { hostname: "docker01", fqdn: "docker01.universe.local" } + - { hostname: "docker02", fqdn: "docker02.universe.local" } - { hostname: "pi-alert", fqdn: "pi-alert.universe.local" } - { hostname: "mariadb01", fqdn: "mariadb01.universe.local" } - { hostname: "mariadb02", fqdn: "mariadb02.universe.local" } - { hostname: "mariadb03", fqdn: "mariadb03.universe.local" } - { hostname: "icinga", fqdn: "icinga.universe.local" } - - { hostname: "samba-ad-dc", fqdn: "samba-ad-dc.universe.local" } + - { hostname: "samba-ad-dc1", fqdn: "samba-ad-dc1.universe.local" } + - { hostname: "samba-ad-dc2", fqdn: "samba-ad-dc2.universe.local" } - { hostname: "webserver", fqdn: "webserver.universe.local" } - { hostname: "elk-stack", fqdn: "elk-stack.universe.local" } - { hostname: "netbox", fqdn: "netbox.universe.local" } @@ -19,6 +21,7 @@ hosts_to_backup: - { hostname: "librenms", fqdn: "librenms.universe.local" } - { hostname: "pi-hole", fqdn: "pi-hole.universe.local" } - { hostname: "adguard", fqdn: "adguard.universe.local" } + - { hostname: "agh01", fqdn: "agh01.universe.local" } - { hostname: "grafana", fqdn: "grafana.universe.local" } - { hostname: "nextcloud", fqdn: "nextcloud.universe.local" } - { hostname: "dhcp-kea", fqdn: "dhcp-kea.universe.local" } @@ -26,4 +29,8 @@ hosts_to_backup: - { hostname: "unbound01", fqdn: "unbound01.universe.local" } - { hostname: "unbound02", fqdn: "unbound02.universe.local" } - { hostname: "mail", fqdn: "mail.universe.local" } - - { hostname: "graylog", fqdn: "graylog.universe.local" } \ No newline at end of file + - { hostname: "graylog", fqdn: "graylog.universe.local" } + - { hostname: "freeradius", fqdn: "freeradius.universe.local" } + - { hostname: "searx", fqdn: "searx.universe.local" } + - { hostname: "shinobi", fqdn: "shinobi.universe.local" } + - { hostname: "paperless", fqdn: "paperless.universe.local" } \ No newline at end of file diff --git a/roles/backup/files/config/samba-ad-dc_excludes.txt b/host_vars/ntfy.universe.local.yml similarity index 100% rename from roles/backup/files/config/samba-ad-dc_excludes.txt rename to host_vars/ntfy.universe.local.yml diff --git a/hosts b/hosts index afea1ad..89ab461 100644 --- a/hosts +++ b/hosts @@ -16,6 +16,7 @@ haproxy02.universe.local learningdjango.universe.local librenms.universe.local netbox.universe.local +ntfy.universe.local paperless.universe.local pi-alert.universe.local pi-hole.universe.local diff --git a/roles/backup/files/config/agh01_excludes.txt b/roles/backup/files/config/agh01_excludes.txt new file mode 100644 index 0000000..e69de29 diff --git a/roles/backup/files/config/agh01_includes.txt b/roles/backup/files/config/agh01_includes.txt new file mode 100644 index 0000000..61cbf61 --- /dev/null +++ b/roles/backup/files/config/agh01_includes.txt @@ -0,0 +1,3 @@ +/etc +/opt/AdGuardHome +/var/spool/cron/crontabs diff --git a/roles/backup/files/config/docker02_excludes .txt b/roles/backup/files/config/docker02_excludes .txt new file mode 100644 index 0000000..dcd154f --- /dev/null +++ b/roles/backup/files/config/docker02_excludes .txt @@ -0,0 +1 @@ +peertube.test diff --git a/roles/backup/files/config/docker02_includes.txt b/roles/backup/files/config/docker02_includes.txt new file mode 100644 index 0000000..5863403 --- /dev/null +++ b/roles/backup/files/config/docker02_includes.txt @@ -0,0 +1,4 @@ +/etc +/opt/docker +/var/lib/docker/volumes +/var/spool/cron/crontabs diff --git a/roles/backup/files/config/freeradius_excludes.txt b/roles/backup/files/config/freeradius_excludes.txt new file mode 100644 index 0000000..e69de29 diff --git a/roles/backup/files/config/freeradius_includes.txt b/roles/backup/files/config/freeradius_includes.txt new file mode 100644 index 0000000..98fa377 --- /dev/null +++ b/roles/backup/files/config/freeradius_includes.txt @@ -0,0 +1,3 @@ +/etc +/home +/var/spool/cron/crontabs \ No newline at end of file diff --git a/roles/backup/files/config/paperless_excludes.txt b/roles/backup/files/config/paperless_excludes.txt new file mode 100644 index 0000000..e69de29 diff --git a/roles/backup/files/config/paperless_includes.txt b/roles/backup/files/config/paperless_includes.txt new file mode 100644 index 0000000..d55b5db --- /dev/null +++ b/roles/backup/files/config/paperless_includes.txt @@ -0,0 +1,8 @@ +/etc +/home +/opt/paperless +/opt/paperless-consume +/opt/paperless-data +/opt/paperless-media +/opt/paperless-static +/var/spool/cron/crontabs \ No newline at end of file diff --git a/roles/backup/files/config/samba-ad-dc1_excludes.txt b/roles/backup/files/config/samba-ad-dc1_excludes.txt new file mode 100644 index 0000000..e69de29 diff --git a/roles/backup/files/config/samba-ad-dc_includes.txt b/roles/backup/files/config/samba-ad-dc1_includes.txt similarity index 100% rename from roles/backup/files/config/samba-ad-dc_includes.txt rename to roles/backup/files/config/samba-ad-dc1_includes.txt diff --git a/roles/backup/files/config/samba-ad-dc2_excludes.txt b/roles/backup/files/config/samba-ad-dc2_excludes.txt new file mode 100644 index 0000000..e69de29 diff --git a/roles/backup/files/config/samba-ad-dc2_includes.txt b/roles/backup/files/config/samba-ad-dc2_includes.txt new file mode 100644 index 0000000..557adad --- /dev/null +++ b/roles/backup/files/config/samba-ad-dc2_includes.txt @@ -0,0 +1,2 @@ +/etc +/var/spool/cron/crontabs diff --git a/roles/backup/files/config/searx_excludes.txt b/roles/backup/files/config/searx_excludes.txt new file mode 100644 index 0000000..e69de29 diff --git a/roles/backup/files/config/searx_includes.txt b/roles/backup/files/config/searx_includes.txt new file mode 100644 index 0000000..6165f21 --- /dev/null +++ b/roles/backup/files/config/searx_includes.txt @@ -0,0 +1,4 @@ +/etc +/home +/var/spool/cron/crontabs +/usr/local/searxng \ No newline at end of file diff --git a/roles/backup/files/config/shinobi_excludes.txt b/roles/backup/files/config/shinobi_excludes.txt new file mode 100644 index 0000000..e69de29 diff --git a/roles/backup/files/config/shinobi_includes.txt b/roles/backup/files/config/shinobi_includes.txt new file mode 100644 index 0000000..98fa377 --- /dev/null +++ b/roles/backup/files/config/shinobi_includes.txt @@ -0,0 +1,3 @@ +/etc +/home +/var/spool/cron/crontabs \ No newline at end of file From e4116f9f94f6d13b199c6b63cac2c6a8a54e974d Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 24 Sep 2024 11:03:14 +0200 Subject: [PATCH 69/82] create backup config dynamically --- roles/backup/tasks/system_setup/copy_backup_config.yml | 5 +++++ roles/backup/templates/backup_remote.j2 | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 roles/backup/templates/backup_remote.j2 diff --git a/roles/backup/tasks/system_setup/copy_backup_config.yml b/roles/backup/tasks/system_setup/copy_backup_config.yml index 51f6e40..4992434 100644 --- a/roles/backup/tasks/system_setup/copy_backup_config.yml +++ b/roles/backup/tasks/system_setup/copy_backup_config.yml @@ -18,6 +18,11 @@ dest: "/opt/backup/config/" src: "config/" +- name: backup | system setup | copy backup config files 2 + template: + src: "backup_remote.j2" + dest: "/opt/backup/config/backup_remote.conf" + - name: backup | system setup | add entries to ssh_config blockinfile: dest: "{{ ansible_user_dir }}/.ssh/config" diff --git a/roles/backup/templates/backup_remote.j2 b/roles/backup/templates/backup_remote.j2 new file mode 100644 index 0000000..19c8788 --- /dev/null +++ b/roles/backup/templates/backup_remote.j2 @@ -0,0 +1,3 @@ +{% for host in hostvars[inventory_hostname]['hosts_to_backup'] %} +{{ host.hostname }};/opt/backup/config/{{ host.hostname }}_includes.txt;/opt/backup/config/{{ host.hostname }}_excludes.txt +{% endfor %} \ No newline at end of file From 1248057d177e6e94246d2416fb6056cf5f208cdf Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 24 Sep 2024 13:20:07 +0200 Subject: [PATCH 70/82] removed host --- host_vars/backup.universe.local.yml | 1 - roles/backup/files/config/backup_remote.conf | 28 -------------------- 2 files changed, 29 deletions(-) delete mode 100644 roles/backup/files/config/backup_remote.conf diff --git a/host_vars/backup.universe.local.yml b/host_vars/backup.universe.local.yml index d11819a..4381230 100644 --- a/host_vars/backup.universe.local.yml +++ b/host_vars/backup.universe.local.yml @@ -14,7 +14,6 @@ hosts_to_backup: - { hostname: "samba-ad-dc1", fqdn: "samba-ad-dc1.universe.local" } - { hostname: "samba-ad-dc2", fqdn: "samba-ad-dc2.universe.local" } - { hostname: "webserver", fqdn: "webserver.universe.local" } - - { hostname: "elk-stack", fqdn: "elk-stack.universe.local" } - { hostname: "netbox", fqdn: "netbox.universe.local" } - { hostname: "haproxy01", fqdn: "haproxy01.universe.local" } - { hostname: "haproxy02", fqdn: "haproxy02.universe.local" } diff --git a/roles/backup/files/config/backup_remote.conf b/roles/backup/files/config/backup_remote.conf deleted file mode 100644 index cf85553..0000000 --- a/roles/backup/files/config/backup_remote.conf +++ /dev/null @@ -1,28 +0,0 @@ -mailcow;/opt/backup/config/mailcow_includes.txt;/opt/backup/config/mailcow_excludes.txt -jitsi;/opt/backup/config/jitsi_includes.txt;/opt/backup/config/jitsi_excludes.txt -mewitoot;/opt/backup/config/mewitoot_includes.txt;/opt/backup/config/mewitoot_excludes.txt -coruscant;/opt/backup/config/coruscant_includes.txt;/opt/backup/config/coruscant_excludes.txt -ns1;/opt/backup/config/ns1_includes.txt;/opt/backup/config/ns1_excludes.txt -docker01;/opt/backup/config/docker01_includes.txt;/opt/backup/config/docker01_excludes.txt -pi-alert;/opt/backup/config/pi-alert_includes.txt;/opt/backup/config/pi-alert_excludes.txt -mariadb01;/opt/backup/config/mariadb01_includes.txt;/opt/backup/config/mariadb01_excludes.txt -mariadb02;/opt/backup/config/mariadb02_includes.txt;/opt/backup/config/mariadb02_excludes.txt -mariadb03;/opt/backup/config/mariadb03_includes.txt;/opt/backup/config/mariadb03_excludes.txt -icinga;/opt/backup/config/icinga_includes.txt;/opt/backup/config/icinga_excludes.txt -samba-ad-dc;/opt/backup/config/samba-ad-dc_includes.txt;/opt/backup/config/samba-ad-dc_excludes.txt -webserver;/opt/backup/config/webserver_includes.txt;/opt/backup/config/webserver_excludes.txt -elk-stack;/opt/backup/config/elk-stack_includes.txt;/opt/backup/config/elk-stack_excludes.txt -netbox;/opt/backup/config/netbox_includes.txt;/opt/backup/config/netbox_excludes.txt -haproxy01;/opt/backup/config/haproxy01_includes.txt;/opt/backup/config/haproxy01_excludes.txt -haproxy02;/opt/backup/config/haproxy02_includes.txt;/opt/backup/config/haproxy02_excludes.txt -librenms;/opt/backup/config/librenms_includes.txt;/opt/backup/config/librenms_excludes.txt -pi-hole;/opt/backup/config/pi-hole_includes.txt;/opt/backup/config/pi-hole_excludes.txt -adguard;/opt/backup/config/adguard_includes.txt;/opt/backup/config/adguard_excludes.txt -grafana;/opt/backup/config/grafana_includes.txt;/opt/backup/config/grafana_excludes.txt -nextcloud;/opt/backup/config/nextcloud_includes.txt;/opt/backup/config/nextcloud_excludes.txt -dhcp-kea;/opt/backup/config/dhcp-kea_includes.txt;/opt/backup/config/dhcp-kea_excludes.txt -dhcp-stork;/opt/backup/config/dhcp-stork_includes.txt;/opt/backup/config/dhcp-stork_excludes.txt -unbound01;/opt/backup/config/unbound01_includes.txt;/opt/backup/config/unbound01_excludes.txt -unbound02;/opt/backup/config/unbound02_includes.txt;/opt/backup/config/unbound02_excludes.txt -mail;/opt/backup/config/mail_includes.txt;/opt/backup/config/mail_excludes.txt -graylog;/opt/backup/config/graylog_includes.txt;/opt/backup/config/graylog_excludes.txt From 88c48df36c0d674fd20b669fe066fa98a72e0d33 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 24 Sep 2024 16:41:27 +0200 Subject: [PATCH 71/82] adjusted path --- roles/backup/files/config/adguard_includes.txt | 2 +- roles/backup/files/config/agh01_includes.txt | 2 +- roles/backup/files/config/dhcp-kea_includes.txt | 2 +- roles/backup/files/config/dhcp-stork_includes.txt | 2 +- roles/backup/files/config/docker01_includes.txt | 2 +- roles/backup/files/config/docker02_includes.txt | 2 +- roles/backup/files/config/elk-stack_includes.txt | 2 +- roles/backup/files/config/freeradius_includes.txt | 2 +- roles/backup/files/config/generic_includes.txt | 3 +++ roles/backup/files/config/grafana_includes.txt | 2 +- roles/backup/files/config/graylog_includes.txt | 2 +- roles/backup/files/config/haproxy01_includes.txt | 2 +- roles/backup/files/config/haproxy02_includes.txt | 2 +- roles/backup/files/config/icinga_includes.txt | 2 +- roles/backup/files/config/librenms_includes.txt | 2 +- roles/backup/files/config/mail_includes.txt | 2 +- roles/backup/files/config/mailcow_includes.txt | 2 +- roles/backup/files/config/mariadb01_includes.txt | 2 +- roles/backup/files/config/mariadb02_includes.txt | 2 +- roles/backup/files/config/mariadb03_includes.txt | 2 +- roles/backup/files/config/netbox_includes.txt | 2 +- roles/backup/files/config/nextcloud_includes.txt | 2 +- roles/backup/files/config/ns1_includes.txt | 2 +- roles/backup/files/config/paperless_includes.txt | 2 +- roles/backup/files/config/pi-alert_includes.txt | 2 +- roles/backup/files/config/pi-hole_includes.txt | 2 +- roles/backup/files/config/samba-ad-dc1_includes.txt | 2 +- roles/backup/files/config/samba-ad-dc2_includes.txt | 2 +- roles/backup/files/config/searx_includes.txt | 2 +- roles/backup/files/config/shinobi_includes.txt | 2 +- roles/backup/files/config/unbound01_includes.txt | 2 +- roles/backup/files/config/unbound02_includes.txt | 2 +- roles/backup/files/config/webserver_includes.txt | 2 +- 33 files changed, 35 insertions(+), 32 deletions(-) create mode 100644 roles/backup/files/config/generic_includes.txt diff --git a/roles/backup/files/config/adguard_includes.txt b/roles/backup/files/config/adguard_includes.txt index 61cbf61..5d0eccb 100644 --- a/roles/backup/files/config/adguard_includes.txt +++ b/roles/backup/files/config/adguard_includes.txt @@ -1,3 +1,3 @@ /etc /opt/AdGuardHome -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/agh01_includes.txt b/roles/backup/files/config/agh01_includes.txt index 61cbf61..5d0eccb 100644 --- a/roles/backup/files/config/agh01_includes.txt +++ b/roles/backup/files/config/agh01_includes.txt @@ -1,3 +1,3 @@ /etc /opt/AdGuardHome -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/dhcp-kea_includes.txt b/roles/backup/files/config/dhcp-kea_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/dhcp-kea_includes.txt +++ b/roles/backup/files/config/dhcp-kea_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/dhcp-stork_includes.txt b/roles/backup/files/config/dhcp-stork_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/dhcp-stork_includes.txt +++ b/roles/backup/files/config/dhcp-stork_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/docker01_includes.txt b/roles/backup/files/config/docker01_includes.txt index 5863403..c11144e 100644 --- a/roles/backup/files/config/docker01_includes.txt +++ b/roles/backup/files/config/docker01_includes.txt @@ -1,4 +1,4 @@ /etc /opt/docker /var/lib/docker/volumes -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/docker02_includes.txt b/roles/backup/files/config/docker02_includes.txt index 5863403..c11144e 100644 --- a/roles/backup/files/config/docker02_includes.txt +++ b/roles/backup/files/config/docker02_includes.txt @@ -1,4 +1,4 @@ /etc /opt/docker /var/lib/docker/volumes -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/elk-stack_includes.txt b/roles/backup/files/config/elk-stack_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/elk-stack_includes.txt +++ b/roles/backup/files/config/elk-stack_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/freeradius_includes.txt b/roles/backup/files/config/freeradius_includes.txt index 98fa377..702f9aa 100644 --- a/roles/backup/files/config/freeradius_includes.txt +++ b/roles/backup/files/config/freeradius_includes.txt @@ -1,3 +1,3 @@ /etc /home -/var/spool/cron/crontabs \ No newline at end of file +/var/spool/cron \ No newline at end of file diff --git a/roles/backup/files/config/generic_includes.txt b/roles/backup/files/config/generic_includes.txt new file mode 100644 index 0000000..702f9aa --- /dev/null +++ b/roles/backup/files/config/generic_includes.txt @@ -0,0 +1,3 @@ +/etc +/home +/var/spool/cron \ No newline at end of file diff --git a/roles/backup/files/config/grafana_includes.txt b/roles/backup/files/config/grafana_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/grafana_includes.txt +++ b/roles/backup/files/config/grafana_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/graylog_includes.txt b/roles/backup/files/config/graylog_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/graylog_includes.txt +++ b/roles/backup/files/config/graylog_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/haproxy01_includes.txt b/roles/backup/files/config/haproxy01_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/haproxy01_includes.txt +++ b/roles/backup/files/config/haproxy01_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/haproxy02_includes.txt b/roles/backup/files/config/haproxy02_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/haproxy02_includes.txt +++ b/roles/backup/files/config/haproxy02_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/icinga_includes.txt b/roles/backup/files/config/icinga_includes.txt index 8ef020b..c854776 100644 --- a/roles/backup/files/config/icinga_includes.txt +++ b/roles/backup/files/config/icinga_includes.txt @@ -1,4 +1,4 @@ /etc /usr/share/icinga* /usr/lib/icinga2 -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/librenms_includes.txt b/roles/backup/files/config/librenms_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/librenms_includes.txt +++ b/roles/backup/files/config/librenms_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/mail_includes.txt b/roles/backup/files/config/mail_includes.txt index e175dd5..3a503fb 100644 --- a/roles/backup/files/config/mail_includes.txt +++ b/roles/backup/files/config/mail_includes.txt @@ -1,4 +1,4 @@ /etc /home -/var/spool/cron/crontabs +/var/spool/cron /var/spool/postfix \ No newline at end of file diff --git a/roles/backup/files/config/mailcow_includes.txt b/roles/backup/files/config/mailcow_includes.txt index 687c7f4..37cda11 100644 --- a/roles/backup/files/config/mailcow_includes.txt +++ b/roles/backup/files/config/mailcow_includes.txt @@ -3,4 +3,4 @@ /opt/backup /opt/mailcow-dockerized /var/lib/docker/volumes -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/mariadb01_includes.txt b/roles/backup/files/config/mariadb01_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/mariadb01_includes.txt +++ b/roles/backup/files/config/mariadb01_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/mariadb02_includes.txt b/roles/backup/files/config/mariadb02_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/mariadb02_includes.txt +++ b/roles/backup/files/config/mariadb02_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/mariadb03_includes.txt b/roles/backup/files/config/mariadb03_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/mariadb03_includes.txt +++ b/roles/backup/files/config/mariadb03_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/netbox_includes.txt b/roles/backup/files/config/netbox_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/netbox_includes.txt +++ b/roles/backup/files/config/netbox_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/nextcloud_includes.txt b/roles/backup/files/config/nextcloud_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/nextcloud_includes.txt +++ b/roles/backup/files/config/nextcloud_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/ns1_includes.txt b/roles/backup/files/config/ns1_includes.txt index c4dbd90..6d649a9 100644 --- a/roles/backup/files/config/ns1_includes.txt +++ b/roles/backup/files/config/ns1_includes.txt @@ -1,3 +1,3 @@ /etc /var/named -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/paperless_includes.txt b/roles/backup/files/config/paperless_includes.txt index d55b5db..69cd84e 100644 --- a/roles/backup/files/config/paperless_includes.txt +++ b/roles/backup/files/config/paperless_includes.txt @@ -5,4 +5,4 @@ /opt/paperless-data /opt/paperless-media /opt/paperless-static -/var/spool/cron/crontabs \ No newline at end of file +/var/spool/cron \ No newline at end of file diff --git a/roles/backup/files/config/pi-alert_includes.txt b/roles/backup/files/config/pi-alert_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/pi-alert_includes.txt +++ b/roles/backup/files/config/pi-alert_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/pi-hole_includes.txt b/roles/backup/files/config/pi-hole_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/pi-hole_includes.txt +++ b/roles/backup/files/config/pi-hole_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/samba-ad-dc1_includes.txt b/roles/backup/files/config/samba-ad-dc1_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/samba-ad-dc1_includes.txt +++ b/roles/backup/files/config/samba-ad-dc1_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/samba-ad-dc2_includes.txt b/roles/backup/files/config/samba-ad-dc2_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/samba-ad-dc2_includes.txt +++ b/roles/backup/files/config/samba-ad-dc2_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/searx_includes.txt b/roles/backup/files/config/searx_includes.txt index 6165f21..dcccec8 100644 --- a/roles/backup/files/config/searx_includes.txt +++ b/roles/backup/files/config/searx_includes.txt @@ -1,4 +1,4 @@ /etc /home -/var/spool/cron/crontabs +/var/spool/cron /usr/local/searxng \ No newline at end of file diff --git a/roles/backup/files/config/shinobi_includes.txt b/roles/backup/files/config/shinobi_includes.txt index 98fa377..702f9aa 100644 --- a/roles/backup/files/config/shinobi_includes.txt +++ b/roles/backup/files/config/shinobi_includes.txt @@ -1,3 +1,3 @@ /etc /home -/var/spool/cron/crontabs \ No newline at end of file +/var/spool/cron \ No newline at end of file diff --git a/roles/backup/files/config/unbound01_includes.txt b/roles/backup/files/config/unbound01_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/unbound01_includes.txt +++ b/roles/backup/files/config/unbound01_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/unbound02_includes.txt b/roles/backup/files/config/unbound02_includes.txt index 557adad..daa0100 100644 --- a/roles/backup/files/config/unbound02_includes.txt +++ b/roles/backup/files/config/unbound02_includes.txt @@ -1,2 +1,2 @@ /etc -/var/spool/cron/crontabs +/var/spool/cron diff --git a/roles/backup/files/config/webserver_includes.txt b/roles/backup/files/config/webserver_includes.txt index fcab06e..40ea62a 100644 --- a/roles/backup/files/config/webserver_includes.txt +++ b/roles/backup/files/config/webserver_includes.txt @@ -1,3 +1,3 @@ /etc /var/www -/var/spool/cron/crontabs +/var/spool/cron From 8ab8c804a904be40e52be8ded60d993fd357042a Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 24 Sep 2024 16:55:49 +0200 Subject: [PATCH 72/82] removed paths which are alread in generic include --- roles/backup/files/config/adguard_includes.txt | 2 -- roles/backup/files/config/agh01_includes.txt | 2 -- roles/backup/files/config/coruscant_includes.txt | 4 ---- roles/backup/files/config/dhcp-kea_includes.txt | 2 -- roles/backup/files/config/dhcp-stork_includes.txt | 2 -- roles/backup/files/config/docker01_includes.txt | 2 -- roles/backup/files/config/docker02_includes.txt | 2 -- roles/backup/files/config/elk-stack_includes.txt | 2 -- roles/backup/files/config/freeradius_includes.txt | 3 --- roles/backup/files/config/generic_includes.txt | 3 ++- roles/backup/files/config/grafana_includes.txt | 2 -- roles/backup/files/config/graylog_includes.txt | 2 -- roles/backup/files/config/haproxy01_includes.txt | 2 -- roles/backup/files/config/haproxy02_includes.txt | 2 -- roles/backup/files/config/icinga_includes.txt | 2 -- roles/backup/files/config/jitsi_includes.txt | 4 ---- roles/backup/files/config/librenms_includes.txt | 2 -- roles/backup/files/config/mail_includes.txt | 5 +---- roles/backup/files/config/mailcow_includes.txt | 3 --- roles/backup/files/config/mariadb01_includes.txt | 2 -- roles/backup/files/config/mariadb02_includes.txt | 2 -- roles/backup/files/config/mariadb03_includes.txt | 2 -- roles/backup/files/config/mewitoot_includes.txt | 4 ---- roles/backup/files/config/netbox_includes.txt | 2 -- roles/backup/files/config/nextcloud_includes.txt | 2 -- roles/backup/files/config/ns1_includes.txt | 2 -- roles/backup/files/config/paperless_includes.txt | 3 --- roles/backup/files/config/pi-alert_includes.txt | 2 -- roles/backup/files/config/pi-hole_includes.txt | 2 -- roles/backup/files/config/samba-ad-dc1_includes.txt | 2 -- roles/backup/files/config/samba-ad-dc2_includes.txt | 2 -- roles/backup/files/config/searx_includes.txt | 5 +---- roles/backup/files/config/shinobi_includes.txt | 3 --- roles/backup/files/config/unbound01_includes.txt | 2 -- roles/backup/files/config/unbound02_includes.txt | 2 -- roles/backup/files/config/webserver_includes.txt | 2 -- 36 files changed, 4 insertions(+), 85 deletions(-) diff --git a/roles/backup/files/config/adguard_includes.txt b/roles/backup/files/config/adguard_includes.txt index 5d0eccb..a8bb4c0 100644 --- a/roles/backup/files/config/adguard_includes.txt +++ b/roles/backup/files/config/adguard_includes.txt @@ -1,3 +1 @@ -/etc /opt/AdGuardHome -/var/spool/cron diff --git a/roles/backup/files/config/agh01_includes.txt b/roles/backup/files/config/agh01_includes.txt index 5d0eccb..a8bb4c0 100644 --- a/roles/backup/files/config/agh01_includes.txt +++ b/roles/backup/files/config/agh01_includes.txt @@ -1,3 +1 @@ -/etc /opt/AdGuardHome -/var/spool/cron diff --git a/roles/backup/files/config/coruscant_includes.txt b/roles/backup/files/config/coruscant_includes.txt index 0e5bdc8..73a5661 100644 --- a/roles/backup/files/config/coruscant_includes.txt +++ b/roles/backup/files/config/coruscant_includes.txt @@ -2,8 +2,6 @@ /Daten/ossn /Daten/owncloud /Daten/tdps -/etc -/home /opt/docker-compose-projects/available/Rocket.Chat /opt/docker-compose-projects/available/docker-matrix-data-v0.9 /opt/docker-compose-projects/available/docker-matrix-data-v1.0 @@ -21,12 +19,10 @@ /opt/docker-compose-projects/available/searx /opt/librenms /opt/tdps/tdps.config -/root /usr/share/icingaweb2 /var/git /var/lib/docker/volumes /var/lib/icinga2 /var/lib/samba -/var/spool/cron /var/svn /var/www diff --git a/roles/backup/files/config/dhcp-kea_includes.txt b/roles/backup/files/config/dhcp-kea_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/dhcp-kea_includes.txt +++ b/roles/backup/files/config/dhcp-kea_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/dhcp-stork_includes.txt b/roles/backup/files/config/dhcp-stork_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/dhcp-stork_includes.txt +++ b/roles/backup/files/config/dhcp-stork_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/docker01_includes.txt b/roles/backup/files/config/docker01_includes.txt index c11144e..67c7e64 100644 --- a/roles/backup/files/config/docker01_includes.txt +++ b/roles/backup/files/config/docker01_includes.txt @@ -1,4 +1,2 @@ -/etc /opt/docker /var/lib/docker/volumes -/var/spool/cron diff --git a/roles/backup/files/config/docker02_includes.txt b/roles/backup/files/config/docker02_includes.txt index c11144e..67c7e64 100644 --- a/roles/backup/files/config/docker02_includes.txt +++ b/roles/backup/files/config/docker02_includes.txt @@ -1,4 +1,2 @@ -/etc /opt/docker /var/lib/docker/volumes -/var/spool/cron diff --git a/roles/backup/files/config/elk-stack_includes.txt b/roles/backup/files/config/elk-stack_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/elk-stack_includes.txt +++ b/roles/backup/files/config/elk-stack_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/freeradius_includes.txt b/roles/backup/files/config/freeradius_includes.txt index 702f9aa..e69de29 100644 --- a/roles/backup/files/config/freeradius_includes.txt +++ b/roles/backup/files/config/freeradius_includes.txt @@ -1,3 +0,0 @@ -/etc -/home -/var/spool/cron \ No newline at end of file diff --git a/roles/backup/files/config/generic_includes.txt b/roles/backup/files/config/generic_includes.txt index 702f9aa..7fcb33f 100644 --- a/roles/backup/files/config/generic_includes.txt +++ b/roles/backup/files/config/generic_includes.txt @@ -1,3 +1,4 @@ /etc /home -/var/spool/cron \ No newline at end of file +/root +/var/spool/cron diff --git a/roles/backup/files/config/grafana_includes.txt b/roles/backup/files/config/grafana_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/grafana_includes.txt +++ b/roles/backup/files/config/grafana_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/graylog_includes.txt b/roles/backup/files/config/graylog_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/graylog_includes.txt +++ b/roles/backup/files/config/graylog_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/haproxy01_includes.txt b/roles/backup/files/config/haproxy01_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/haproxy01_includes.txt +++ b/roles/backup/files/config/haproxy01_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/haproxy02_includes.txt b/roles/backup/files/config/haproxy02_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/haproxy02_includes.txt +++ b/roles/backup/files/config/haproxy02_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/icinga_includes.txt b/roles/backup/files/config/icinga_includes.txt index c854776..7d009b0 100644 --- a/roles/backup/files/config/icinga_includes.txt +++ b/roles/backup/files/config/icinga_includes.txt @@ -1,4 +1,2 @@ -/etc /usr/share/icinga* /usr/lib/icinga2 -/var/spool/cron diff --git a/roles/backup/files/config/jitsi_includes.txt b/roles/backup/files/config/jitsi_includes.txt index bbb06d2..86bd44a 100644 --- a/roles/backup/files/config/jitsi_includes.txt +++ b/roles/backup/files/config/jitsi_includes.txt @@ -1,6 +1,3 @@ -/etc -/home -/root /usr/share/jicofo /usr/share/jitsi-meet /usr/share/jitsi-meet-prosody @@ -8,5 +5,4 @@ /usr/share/jitsi-meet-web-config /usr/share/jitsi-videobridge /var/lib/prosody -/var/spool/cron /var/www diff --git a/roles/backup/files/config/librenms_includes.txt b/roles/backup/files/config/librenms_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/librenms_includes.txt +++ b/roles/backup/files/config/librenms_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/mail_includes.txt b/roles/backup/files/config/mail_includes.txt index 3a503fb..dde8591 100644 --- a/roles/backup/files/config/mail_includes.txt +++ b/roles/backup/files/config/mail_includes.txt @@ -1,4 +1 @@ -/etc -/home -/var/spool/cron -/var/spool/postfix \ No newline at end of file +/var/spool/postfix diff --git a/roles/backup/files/config/mailcow_includes.txt b/roles/backup/files/config/mailcow_includes.txt index 37cda11..19be07c 100644 --- a/roles/backup/files/config/mailcow_includes.txt +++ b/roles/backup/files/config/mailcow_includes.txt @@ -1,6 +1,3 @@ -/etc -/home /opt/backup /opt/mailcow-dockerized /var/lib/docker/volumes -/var/spool/cron diff --git a/roles/backup/files/config/mariadb01_includes.txt b/roles/backup/files/config/mariadb01_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/mariadb01_includes.txt +++ b/roles/backup/files/config/mariadb01_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/mariadb02_includes.txt b/roles/backup/files/config/mariadb02_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/mariadb02_includes.txt +++ b/roles/backup/files/config/mariadb02_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/mariadb03_includes.txt b/roles/backup/files/config/mariadb03_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/mariadb03_includes.txt +++ b/roles/backup/files/config/mariadb03_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/mewitoot_includes.txt b/roles/backup/files/config/mewitoot_includes.txt index 2571ad0..b656fcf 100644 --- a/roles/backup/files/config/mewitoot_includes.txt +++ b/roles/backup/files/config/mewitoot_includes.txt @@ -1,7 +1,3 @@ -/etc -/home -/root /var/backups/postgresql /var/cache/bind /var/lib/bind -/var/spool/cron diff --git a/roles/backup/files/config/netbox_includes.txt b/roles/backup/files/config/netbox_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/netbox_includes.txt +++ b/roles/backup/files/config/netbox_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/nextcloud_includes.txt b/roles/backup/files/config/nextcloud_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/nextcloud_includes.txt +++ b/roles/backup/files/config/nextcloud_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/ns1_includes.txt b/roles/backup/files/config/ns1_includes.txt index 6d649a9..f6529da 100644 --- a/roles/backup/files/config/ns1_includes.txt +++ b/roles/backup/files/config/ns1_includes.txt @@ -1,3 +1 @@ -/etc /var/named -/var/spool/cron diff --git a/roles/backup/files/config/paperless_includes.txt b/roles/backup/files/config/paperless_includes.txt index 69cd84e..7be3dd5 100644 --- a/roles/backup/files/config/paperless_includes.txt +++ b/roles/backup/files/config/paperless_includes.txt @@ -1,8 +1,5 @@ -/etc -/home /opt/paperless /opt/paperless-consume /opt/paperless-data /opt/paperless-media /opt/paperless-static -/var/spool/cron \ No newline at end of file diff --git a/roles/backup/files/config/pi-alert_includes.txt b/roles/backup/files/config/pi-alert_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/pi-alert_includes.txt +++ b/roles/backup/files/config/pi-alert_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/pi-hole_includes.txt b/roles/backup/files/config/pi-hole_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/pi-hole_includes.txt +++ b/roles/backup/files/config/pi-hole_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/samba-ad-dc1_includes.txt b/roles/backup/files/config/samba-ad-dc1_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/samba-ad-dc1_includes.txt +++ b/roles/backup/files/config/samba-ad-dc1_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/samba-ad-dc2_includes.txt b/roles/backup/files/config/samba-ad-dc2_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/samba-ad-dc2_includes.txt +++ b/roles/backup/files/config/samba-ad-dc2_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/searx_includes.txt b/roles/backup/files/config/searx_includes.txt index dcccec8..31f480e 100644 --- a/roles/backup/files/config/searx_includes.txt +++ b/roles/backup/files/config/searx_includes.txt @@ -1,4 +1 @@ -/etc -/home -/var/spool/cron -/usr/local/searxng \ No newline at end of file +/usr/local/searxng diff --git a/roles/backup/files/config/shinobi_includes.txt b/roles/backup/files/config/shinobi_includes.txt index 702f9aa..e69de29 100644 --- a/roles/backup/files/config/shinobi_includes.txt +++ b/roles/backup/files/config/shinobi_includes.txt @@ -1,3 +0,0 @@ -/etc -/home -/var/spool/cron \ No newline at end of file diff --git a/roles/backup/files/config/unbound01_includes.txt b/roles/backup/files/config/unbound01_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/unbound01_includes.txt +++ b/roles/backup/files/config/unbound01_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/unbound02_includes.txt b/roles/backup/files/config/unbound02_includes.txt index daa0100..e69de29 100644 --- a/roles/backup/files/config/unbound02_includes.txt +++ b/roles/backup/files/config/unbound02_includes.txt @@ -1,2 +0,0 @@ -/etc -/var/spool/cron diff --git a/roles/backup/files/config/webserver_includes.txt b/roles/backup/files/config/webserver_includes.txt index 40ea62a..3f566e9 100644 --- a/roles/backup/files/config/webserver_includes.txt +++ b/roles/backup/files/config/webserver_includes.txt @@ -1,3 +1 @@ -/etc /var/www -/var/spool/cron From c97864c7d3a5c402c228136379982d110bb42430 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 24 Sep 2024 17:05:52 +0200 Subject: [PATCH 73/82] removed some hosts --- host_vars/backup.universe.local.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/host_vars/backup.universe.local.yml b/host_vars/backup.universe.local.yml index 4381230..5cf2cb9 100644 --- a/host_vars/backup.universe.local.yml +++ b/host_vars/backup.universe.local.yml @@ -2,7 +2,6 @@ hosts_to_backup: - { hostname: "mailcow", fqdn: "mewissen.site", ip: "192.168.3.8" } - { hostname: "jitsi", fqdn: "mewimeet.de", ip: "192.168.3.10" } - { hostname: "mewitoot", fqdn: "mewitoot.de", ip: "192.168.3.11" } - - { hostname: "coruscant", fqdn: "coruscant.universe.local" } - { hostname: "ns1", fqdn: "ns1.universe.local" } - { hostname: "docker01", fqdn: "docker01.universe.local" } - { hostname: "docker02", fqdn: "docker02.universe.local" } @@ -25,8 +24,6 @@ hosts_to_backup: - { hostname: "nextcloud", fqdn: "nextcloud.universe.local" } - { hostname: "dhcp-kea", fqdn: "dhcp-kea.universe.local" } - { hostname: "dhcp-stork", fqdn: "dhcp-stork.universe.local" } - - { hostname: "unbound01", fqdn: "unbound01.universe.local" } - - { hostname: "unbound02", fqdn: "unbound02.universe.local" } - { hostname: "mail", fqdn: "mail.universe.local" } - { hostname: "graylog", fqdn: "graylog.universe.local" } - { hostname: "freeradius", fqdn: "freeradius.universe.local" } From 1ad69c1e5f8660483cc6c312a3011a6d123a78a4 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 24 Sep 2024 17:18:38 +0200 Subject: [PATCH 74/82] updated known_hosts --- roles/base/files/users/known_hosts | 174 ++++++++++++++++++++++------- 1 file changed, 132 insertions(+), 42 deletions(-) diff --git a/roles/base/files/users/known_hosts b/roles/base/files/users/known_hosts index e719c7e..6c9a7ff 100644 --- a/roles/base/files/users/known_hosts +++ b/roles/base/files/users/known_hosts @@ -1,50 +1,140 @@ -|1|3/OZevHMLW4lIzsrmFx6zRdSW9U=|jWD/ocbFMmNHW34t/Fykl02mlBc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= -|1|lVxBqlsEdsMWsVz8qe/MTN5kL4s=|K+4ne0Y4tAfxvBw58CMPUIrFvKQ= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= -|1|+ebqSRFuT6ZpVb032ycgNFK9aYk=|GG8wNwMN/MonLjYeRqZNVzr4/l8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMj+ZCAgXVg4OhxpQHLDFanvm7/QP9qRA1zGIAy+1jK7/OTAu3pb6/C1wXufZMn4V1YEbzkeAh8RJeJXmprhdn4= -|1|Nxpoqfn5XUKOUkUPrDsac1U2jx8=|bePErvLRXOGc2nM7s8bphY4QL3E= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMj+ZCAgXVg4OhxpQHLDFanvm7/QP9qRA1zGIAy+1jK7/OTAu3pb6/C1wXufZMn4V1YEbzkeAh8RJeJXmprhdn4= -gitlab.social.my-wan.de,192.168.1.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= -gitea.mewissen.site,192.168.1.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= -diskstation,192.168.1.234 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBbDuuwpYg92O+O3ZVYyctZ5szXfE7GRUW4rDZjlEYTf2q8ieE2vezHo/sl2wZW1jCSevER2jYYbhvpoQVyiweI= -192.168.1.250 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMUVrBrOlUQamGWS9qO9mOTbzSW3L1VGhrgpBp6pNf/ekAmWRrxJ0bdEKjHI+YlDt7nNjffjsVlLUwtPtQI0nTI= -vuduo2,172.16.0.5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRLsnDtDLuNBN8X8rmCNdrrIYCWfK7DrI/bPQAbSroCuwdHRLztd5doWJyVy6XjuJ2cVaal5xR11hit5qz0TQHhhXJbkViivRSDUuFKVZQajGmUjxMdE0vChqIn3ObIhtkf5ESTvxnroETMUQXzPe30EzO8tGlbV6cGrv80rhp9l1eWUt1pOzYe6pNEPVZiavJYD/rNWd/1xTqx8TCC3yeaWKFINAvo+C5wshKv31r7k9KXlliLMdbvBwkalbk8CK+AwJQsAapklVfQ4u/H0xpXUYlQU4c4kmjq2PTM8i6pLBtCRtfY2GUEu4OvjcHUl/WK1uICVWDPr7O7HLbtvVR -[tantooine.myfirewall.org]:22222,[91.39.133.124]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= -[tantooine.myfirewall.org]:2222,[91.39.133.124]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= -tuxedo-book-xp1511,192.168.1.220 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAyz243LYFBTd7QsMd1k+sirj+8mK8QuPmyVGlKJG1v1s52+i+7s22FElXFB7L85LSjza+LxXmcJDZ2ONAJmcTg= -[91.39.139.224]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= -[46.85.249.160]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= 139.162.139.175 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHRRQQBGZVH80kiGIBza9ntfwtL2ktqQITWlT30RpYIyczFOl2/5AxVPhT9/h2MNcdfsRGg+UUYoniYS62BXK2o= -172.105.75.31 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPgzCDyqhDJlJimGVDQSwMcNTEFCReL61x4aiIyILlTjmULNSN9hPdmAZ+y98E9rz17iLoMC+MXB13Kvwf3PWG0= -[192.168.1.240]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= -[91.39.133.154]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= -[91.39.133.154]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= -raspberrypi,172.16.0.100 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFsPOLPHU1pAapm6ljdg178ZqnANuSkdAa7PE22DksNQ9VVrvxY5h054pyaviDb2XxsHwYbAL0fP+4I2Slq4wGc= -[gitlab.social.my-wan.de]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= -[gitea.mewissen.site]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= -debian-test,192.168.1.216 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHFoAceudj8VLkAAkBUS0A9g2yJRyVaTSqeLWo09aXFEwxf1L73qIoLJZhg15kKBB6bu/EKjyDHvO8mczbr92a8= -139.162.139.175 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7RsWnr4soqIp+XxKn7NEGBePzNrwn4+7Bi4Mv75wVmh2u97itRxRz13CTp7ru80rTQcdce8Cx0i2K9A/aTwOQOvE6it6Typ1RfdXyf7POC3i2yoZTyLdtPcYUDUvS4EHnv1LS2v7ccOlOYTBjz6vzPkMQDRp9TW8LeaUNiqH3+IRKyQZ0omjAVqzqxr812IfEVo/vrqH2tFF9oNV921dJH01vbBBN1XYevCk6c6eJt5F/fZvr+yN98oxf5AyzCkJXvH+y/rnUdEfw7EruDsLMy2GRm8idWz+fNR4tlxYFMAEI+lMt/RJ0o3whJfB1rc+wS1c/BMjOAk+l7vBpksqmOehEF22jc3rrpdLnFRYj+hkFZInwz5ZoWQyGSG/tTLpXDpIwQZrIH4RF2KPxBlC7VJ5ljBrv9P7wHaXbxsdYGnxfNNCPuEQfYOariVlTAVHfoQYRLXFyXHMgDybvyS/xH5bi92WnDsLB22GIs5O6ARAf3s7Vscj1fSkXYmdfrQk= 139.162.139.175 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+/wgiRWZnX4IjJmBOYEhSRkJ1DHsbwKUVx6eNNuIZy -172.105.75.31 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+jJ6BAQZf/etrkMkPYaWLK0s1hGDYF7TxVYhMTQQ5T58wzeUlDdbGjKhhDRfYPXXLr/4kXd4SfGPWFP63qD6Ro3AIhTE3AwJIhsli+49cftHjqXfXnS/VUs96qP9TMro3e0Hxkt21SEiaj8W5JssiFSHy5u/MnAu51fKLw2tWxJhDfVbCPoaVQ6U1vOsFlqEeZ8HdrPdt9X4vVBxrCXBUk6+6ZDeLRZEeFzGKmw9o1Bb6Q/tDMl/ZRCOgV39ZHTe24zpetEReAI4Xyj/xhzOuO3uagF9U+iT2Kxyg0mBxEIT9nBea9Mb+wqSRfz01HfhPDx8LikbzTXDQVRgJTzqpcZ1d/nn2xhQtN6pRBePNMU70qx+2/C12VlG4ZFBXMhsl/hpHti6kzDesTu42uOiPn/WJmoYoC/hhKnbyLODXKyPdsRlRUwdTsw9lMnKdKDT4i47P3lJdyqzLdh/FJhYXUDSPT6Ja6PKgdMoXdZ1Y8g+u+bL5e/kI5A0OTrsdRn0= -172.105.75.31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMUuyue2VKciNVRaLsbHlRGBRxJHorK5PO3H6Zyqp2q -naboo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCOh2sVL/SqU1MiGUdN819FNupTlpbLMXEe8XMeffdreCU8M0q6BQl4dVCg88NrVGa+TOyEaBvVhoD+5XWUdsmar7STcUtSHvOAGUoD5YgEfhvMJR3ILM8OduLzbZTlWHOeGKsUtKXCET4477VtgbVLXgjyn0bSp1HNhpe5XKuvd1X9WHEK05IGyxITrvhRfb87edg2ZJJgIPmlHdsDtcgWsUwgueECRWG81fRfwzL2BSgFP2o94IzqhSr0GmzvuXC6P9GXTRu4oSaX26M0+xXH39VWnlPksYy5uYASSkta9q8KFmy7VS4ElyIb6w19xAplAnldpJYWfB0gxVLPyJu7 -tatooine ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxTVc9yuqG1BtP59f5q9q/LJw4mGUmcOChrP4iUeAbT -tatooine ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCq/6z7xJlO7zMk85iX84UVE7D/I55NzY6m5hos4RgVzhTb5DxOV0Y1lMK3sW80ZLMCS9ZoLa/BdATqHLIoCCtQipjKRuHK4qP4c00tVfPwsZj4VyVNx6cUArinqqzUCQPZ6Tty5lJPbH5iCaFPaXMmi7NKF6GEz4p/rJVw0d91N9OKwTxedMfV6XuKuEUXDA3TASQk/32Xib3Bw39y3rPuyMgc/NIkM8zOFuLm4YnJST15x33wvhraA0TQt+5+hApQ+n/JwYCENwj0OXORJxMdXZR5MqlNr3KVrlPmsMViEeUlR26c4L3W//QLLPovbUDWQK5OwotEF7E+ac0FmghX -tatooine ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAn9LBrAdp5hj3pOaqpzrT4fZWDjZhuT+XUMlE+wyDIAwykrPlnXv+tui2Gq4g3v9UCRvYSJOvlDvqs6BO6XsJQ= -localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUg4UIbuIC0o9o/w50CjLUUsNzRtx/BmRg1QU+ZDOgA -[192.168.1.234]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoFaKb6oln/EjBHRxR3ci/8oDZVMJGcsjZ8j/4LRZP+ -192.168.1.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGAlyK37kddMjIh7VZVOEgy+O3lI+o84HvHlbvel86MWQZN3dEBZWEZ6AAZMK08RbMd7Voy1Wx064Yu3KRFr0O8v0KQkRbTw1W2yWOcb05ah7fIwoy7Xm1HvxkibDQ1Yw3WtvR8Xlrg3AcOuvKtlsAIFCfsrOFOLgq14Q0dHNPOeOiBIX4veKbA+dzkHeIopa19CiKpzJ+fW0oiXXxpuXFnTFW1rO06kqwzuEl9pDINfLo2HUBjqErJXyTYnWl22zExpd3mbxhCgq+8JclrwKBnfb0suHECDogTfugw0QogDHVJlzLTFcIxzPGtpBj6P8B/oZHvhcxagsO+Soj6srt -172.16.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgm3BwlqQAzn0e55nY2rHKd8DEI1pXONBQMe9MWAJm8fB6+IrGmxiqZStuoX0/SO4QCU8bp30JrPFONyLS5Qg6kMdDAFqTZA7QDBkfhhSLmpkF65oaDQnMoFWtV4rA18XNdA/vblWSs8wpRkl36S4tTCtn9H13NKZhXDNqedRtMzot2c= -172.16.0.253 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWcOfKPfn502kxgGuML/8yYjrwoXZvLJptDWQZiAdR2 -192.168.1.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfskAIabzTJOL9t0R3vOmNf5B/+QhKmt3nWONQb5kqk -192.168.0.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfskAIabzTJOL9t0R3vOmNf5B/+QhKmt3nWONQb5kqk -192.168.1.241 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDE2dc8CmNkUKOz2mnjbLplw6Ey6pbxO64dH6gPMm1Za -192.168.1.241 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1RyObAxSGEx3wHK3a5yFgqQ6nVUFPIQCdM3lQzDrDzjDK+aZlp6n/zyASyXUJezKu/r+vrR/0N0sRTa+unIiXesszeyc6I5C7RkMpqgfjJ8yFLEk0RhMN583RrP90t2pIv7pneVLfbm+i6+A5swWboqJavM0FQi+7eoji+QygSlHb/W0gTm94x/8Gmv/pw7cQC67oAfCTkgJVCWkRrwMc2lWX4oXmaDx6YlqbTg7QMr5b0mqgpedEa6VTx7Nfa4vtgCnkltiPTG2ZK1RRvlJvqjkPVflDNMuTFi29D4IsBUOPhqB7KfXv9bXL3Vn63A9FkdCOqkcHlLHJovylelMhPOObTqq2zWTkCQhnRUhQRybAb7iVJ15HBlgk3noFMR+0zJqY+yDOiqIf1yZxTCg2ifg/oLtqUjXmgfvsOkDWqZ3ZHRY7Q/L3Kj8Yf5iVL+G9C+PDmqS9lEu85dAU4XdwH3XkCgeqfElOSAYmSurKpqZPPA1DhagCteG5zJhviLs= -192.168.1.241 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI18RJWpMtJV6K3Ph55iGMrolfGxaT1nIkp2Tm0LQIl9SNfhIhuMOetk+z6IlGZTNFRBSRHdDpKf3+mg/5t1veM= +139.162.139.175 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7RsWnr4soqIp+XxKn7NEGBePzNrwn4+7Bi4Mv75wVmh2u97itRxRz13CTp7ru80rTQcdce8Cx0i2K9A/aTwOQOvE6it6Typ1RfdXyf7POC3i2yoZTyLdtPcYUDUvS4EHnv1LS2v7ccOlOYTBjz6vzPkMQDRp9TW8LeaUNiqH3+IRKyQZ0omjAVqzqxr812IfEVo/vrqH2tFF9oNV921dJH01vbBBN1XYevCk6c6eJt5F/fZvr+yN98oxf5AyzCkJXvH+y/rnUdEfw7EruDsLMy2GRm8idWz+fNR4tlxYFMAEI+lMt/RJ0o3whJfB1rc+wS1c/BMjOAk+l7vBpksqmOehEF22jc3rrpdLnFRYj+hkFZInwz5ZoWQyGSG/tTLpXDpIwQZrIH4RF2KPxBlC7VJ5ljBrv9P7wHaXbxsdYGnxfNNCPuEQfYOariVlTAVHfoQYRLXFyXHMgDybvyS/xH5bi92WnDsLB22GIs5O6ARAf3s7Vscj1fSkXYmdfrQk= +|1|3/OZevHMLW4lIzsrmFx6zRdSW9U=|jWD/ocbFMmNHW34t/Fykl02mlBc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= +157.90.226.154 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIjuPBsua6uzr6BGWWaEj51uEVrV61M/lJtfGgAy2g/MIbyWhfKX2KjyO6LqbQd9usU35ZA4WXMCfExUMcZj1rw= 157.90.226.154 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+L3cjpRpQoa9WEbSJ24m8a3TH/8hPSuA+03noCkY6C 157.90.226.154 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvc1wh/3VrYrhZyprhyoW+mAAkuS4XDumhCaU/MO0tc0IgsIYOuP204C8IqajW0Lgej14GDnqNDjabdvC29XnmwVwE5I0EY3QDEWU/CnoBmmmq46G2wfromc7SAgYP7Wo3phOjaBlUd6Rafk9KNwp8GeNRTQdw1beQf5WZaGT36ecfWTD9ET6vybW/W/G6vKLHlcZVq/NlOZOzv/OjqE0iaCbDLyyUfBtegmTn3q5ukwSbGgT18Q88LIJez97ttefbFnFFP+M7hdmXZH430kVW6pXARi7s0ZeRk6arf857LrFxDAh3UGdMg8/u9TaimM0gj2T1qqdNHhhZsj0x4iVYWmIxw9MyLNucGYL2Ewc52G0U7kIojr3PV4eV/2Q7ScgHm3R0pbGkapDnC/NDA7tJwHIAEKQLbJx0CH951Lr8M3QwBL+40fvB8RSzEYhU/XjyZu1gMEXIyP6A1geMR3Tce6CswC03QYAcXrqevN9+j55+8Iyjyc9yh2wgrbgi8KM= -157.90.226.154 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIjuPBsua6uzr6BGWWaEj51uEVrV61M/lJtfGgAy2g/MIbyWhfKX2KjyO6LqbQd9usU35ZA4WXMCfExUMcZj1rw= +172.105.75.31 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPgzCDyqhDJlJimGVDQSwMcNTEFCReL61x4aiIyILlTjmULNSN9hPdmAZ+y98E9rz17iLoMC+MXB13Kvwf3PWG0= +172.105.75.31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMUuyue2VKciNVRaLsbHlRGBRxJHorK5PO3H6Zyqp2q +172.105.75.31 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+jJ6BAQZf/etrkMkPYaWLK0s1hGDYF7TxVYhMTQQ5T58wzeUlDdbGjKhhDRfYPXXLr/4kXd4SfGPWFP63qD6Ro3AIhTE3AwJIhsli+49cftHjqXfXnS/VUs96qP9TMro3e0Hxkt21SEiaj8W5JssiFSHy5u/MnAu51fKLw2tWxJhDfVbCPoaVQ6U1vOsFlqEeZ8HdrPdt9X4vVBxrCXBUk6+6ZDeLRZEeFzGKmw9o1Bb6Q/tDMl/ZRCOgV39ZHTe24zpetEReAI4Xyj/xhzOuO3uagF9U+iT2Kxyg0mBxEIT9nBea9Mb+wqSRfz01HfhPDx8LikbzTXDQVRgJTzqpcZ1d/nn2xhQtN6pRBePNMU70qx+2/C12VlG4ZFBXMhsl/hpHti6kzDesTu42uOiPn/WJmoYoC/hhKnbyLODXKyPdsRlRUwdTsw9lMnKdKDT4i47P3lJdyqzLdh/FJhYXUDSPT6Ja6PKgdMoXdZ1Y8g+u+bL5e/kI5A0OTrsdRn0= +172.16.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgm3BwlqQAzn0e55nY2rHKd8DEI1pXONBQMe9MWAJm8fB6+IrGmxiqZStuoX0/SO4QCU8bp30JrPFONyLS5Qg6kMdDAFqTZA7QDBkfhhSLmpkF65oaDQnMoFWtV4rA18XNdA/vblWSs8wpRkl36S4tTCtn9H13NKZhXDNqedRtMzot2c= +172.16.0.223 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIFH5vIt3f7GLHbHFYNluoxswNXeJ4+0wmWyJR41IHjvww+M5zZfbOavxBHAfXV3Zyi85W89qSklvjy0wYDctH8= 172.16.0.223 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3qDNg4d//HlwVMPhQXFBAGNflx3J7JFxEUcav7/qRs 172.16.0.223 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Xoeu7qRbWJjaFSM18RuXfCkZdaCfEBSVpY0gQdPgghO/ofejF8EqwlfZ5gz4HfQQjJ3cLZ+l0hP08sARZDfeYRhLfn8YP+ZjmtWaOHewdyYnR9wcGgtsiV3cmJwItfG524NAhi1PbYE5MzdGGamOeDlhvBmNM/s215EJNheIkGl7SLXkSqEqnPQkX4OSHEI9PsWw/dEsyvMEkl5IMBOukoiHypDvLJr/wMyRRJEC9E794KJt4H/kJwxLUzk7IT6KIBsUf3we7fM6fwLdzfjGFS5t3nMDGiuph/x5xPzR4WipJ8dIDkClu+orSA/7tbOfV8zambchTQKaNmLKSHLj -172.16.0.223 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIFH5vIt3f7GLHbHFYNluoxswNXeJ4+0wmWyJR41IHjvww+M5zZfbOavxBHAfXV3Zyi85W89qSklvjy0wYDctH8= +172.16.0.253 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFWcOfKPfn502kxgGuML/8yYjrwoXZvLJptDWQZiAdR2 +192.168.0.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfskAIabzTJOL9t0R3vOmNf5B/+QhKmt3nWONQb5kqk +192.168.1.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGAlyK37kddMjIh7VZVOEgy+O3lI+o84HvHlbvel86MWQZN3dEBZWEZ6AAZMK08RbMd7Voy1Wx064Yu3KRFr0O8v0KQkRbTw1W2yWOcb05ah7fIwoy7Xm1HvxkibDQ1Yw3WtvR8Xlrg3AcOuvKtlsAIFCfsrOFOLgq14Q0dHNPOeOiBIX4veKbA+dzkHeIopa19CiKpzJ+fW0oiXXxpuXFnTFW1rO06kqwzuEl9pDINfLo2HUBjqErJXyTYnWl22zExpd3mbxhCgq+8JclrwKBnfb0suHECDogTfugw0QogDHVJlzLTFcIxzPGtpBj6P8B/oZHvhcxagsO+Soj6srt 192.168.1.222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3qDNg4d//HlwVMPhQXFBAGNflx3J7JFxEUcav7/qRs +[192.168.1.234]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoFaKb6oln/EjBHRxR3ci/8oDZVMJGcsjZ8j/4LRZP+ +[192.168.1.240]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= +192.168.1.241 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI18RJWpMtJV6K3Ph55iGMrolfGxaT1nIkp2Tm0LQIl9SNfhIhuMOetk+z6IlGZTNFRBSRHdDpKf3+mg/5t1veM= +192.168.1.241 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDE2dc8CmNkUKOz2mnjbLplw6Ey6pbxO64dH6gPMm1Za +192.168.1.241 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1RyObAxSGEx3wHK3a5yFgqQ6nVUFPIQCdM3lQzDrDzjDK+aZlp6n/zyASyXUJezKu/r+vrR/0N0sRTa+unIiXesszeyc6I5C7RkMpqgfjJ8yFLEk0RhMN583RrP90t2pIv7pneVLfbm+i6+A5swWboqJavM0FQi+7eoji+QygSlHb/W0gTm94x/8Gmv/pw7cQC67oAfCTkgJVCWkRrwMc2lWX4oXmaDx6YlqbTg7QMr5b0mqgpedEa6VTx7Nfa4vtgCnkltiPTG2ZK1RRvlJvqjkPVflDNMuTFi29D4IsBUOPhqB7KfXv9bXL3Vn63A9FkdCOqkcHlLHJovylelMhPOObTqq2zWTkCQhnRUhQRybAb7iVJ15HBlgk3noFMR+0zJqY+yDOiqIf1yZxTCg2ifg/oLtqUjXmgfvsOkDWqZ3ZHRY7Q/L3Kj8Yf5iVL+G9C+PDmqS9lEu85dAU4XdwH3XkCgeqfElOSAYmSurKpqZPPA1DhagCteG5zJhviLs= +192.168.1.250 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMUVrBrOlUQamGWS9qO9mOTbzSW3L1VGhrgpBp6pNf/ekAmWRrxJ0bdEKjHI+YlDt7nNjffjsVlLUwtPtQI0nTI= +192.168.1.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfskAIabzTJOL9t0R3vOmNf5B/+QhKmt3nWONQb5kqk +192.168.3.10 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBiaJspUpkNaAg3dwnf+rY4/VKyX4Absv1K0hYijmu211z+Jb3P+rNCjC2ict+mT2DigjT25JLkKB3+sBAkOqQA= +192.168.3.10 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0HxkVvuq3Hn45Fba51oVYapMHcND/DTqFjV/+UX2eS +192.168.3.10 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVm0gUwyG5Fd3SShjFrSufxsIRL00sZINrVdAqbMLiQFyoQVQIsXskLG7jpibpIj4IjAvEKgoxh738sb9vECtQjqeR/X4rHcZpxm4NA+QKksbJinNSl6b7yWP7+RWmyCLQ2YLzxD7CnHBZw8POw236N/gx4mBVmPB8M5S5Ws2QWH8alM62yxqPUU27Fe+F64YuupXz42UBTxY/iKvBCox+pq0xCI97be8hvZ4N90GgBftTMMcyeVfD38qMv5n/BDv4TrU6dqmZOQ8XHHosqb1aRVhf5+jJc8Ne4+WL9nyHSjzYPhly7EGPIzKWr7482nniDrjAcQRNc2IZ+xML0TG2HaxUAJ3VIPtJjOc5IfW6Zxk6X//GWPbRiNzCAxeIWhVQPawQ8vXVr/3VPKXqJxJmljp2xr6+h54RHqwcvHfp7YIMbwScaL2+0vQyxcXR2vk7iovq953+AYW4zSfBqm5sYIdXO99ohZOBqFuX3FoxGP0bEp7D89yJg/P9bTYke40= +192.168.3.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIo9QFgNf48og6DiS54zdAP30Ci6u1Ja/Hw32QTALvsztynto6RNRNvTLCF1GgowuxpLmYSXlM88O9NBTukf1GY= +192.168.3.11 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1CXbVHalyDTKAyfR1y9/LPeyFBvt1RqM+K57fJEtY+ +192.168.3.11 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDU4Qq4Weigf9w4sEdQUQDJgfc/9fNAdfy0PDN7YJdR+3vH0Tqa9MtAEAs7okNZl7EVS2URbKbbrAfbmaNuShNds35BFjkn9ipoGNDUPDnnEiOp4cY7GthWgHbwgxbRfZxx/1kp/6nlY1j1rijsvNFyx2ciIharggbHyAAqk6qKvR8NSM3H+TZa5pxR2vJMmN/yWCU3H3zlm3S2itw/pQQyPbM+2TmTcedc38HsV4nQ7R4OJDJ3jItFPbo9nrdqC2+hapTMEYA0ojTPQlryCD9tgtR9efepSjxf6EXbHhe/j2fMDf8p4BqFOFKvKUoaXpLot/YPRyx0GrwGFJTXB2SF+O5X5ZcMkdSMQsGkl+OXcb/sBg2fFpfrLB+TUhDRUdO10jnuA+mdyg5eeKpjY9GhA+mtf442pff+bDZ3BCT5Os2Brmhp6JWycr2D0Mehixqj247VemE73aWrq/vT83mQJ1Tl/aYiJallkuwrTlDqQNyywKXtMvCPSL//SXYBzzM= +192.168.3.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIjuPBsua6uzr6BGWWaEj51uEVrV61M/lJtfGgAy2g/MIbyWhfKX2KjyO6LqbQd9usU35ZA4WXMCfExUMcZj1rw= +192.168.3.8 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+L3cjpRpQoa9WEbSJ24m8a3TH/8hPSuA+03noCkY6C +|1|+ebqSRFuT6ZpVb032ycgNFK9aYk=|GG8wNwMN/MonLjYeRqZNVzr4/l8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMj+ZCAgXVg4OhxpQHLDFanvm7/QP9qRA1zGIAy+1jK7/OTAu3pb6/C1wXufZMn4V1YEbzkeAh8RJeJXmprhdn4= +|1|lVxBqlsEdsMWsVz8qe/MTN5kL4s=|K+4ne0Y4tAfxvBw58CMPUIrFvKQ= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= +|1|Nxpoqfn5XUKOUkUPrDsac1U2jx8=|bePErvLRXOGc2nM7s8bphY4QL3E= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMj+ZCAgXVg4OhxpQHLDFanvm7/QP9qRA1zGIAy+1jK7/OTAu3pb6/C1wXufZMn4V1YEbzkeAh8RJeJXmprhdn4= +[46.85.249.160]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= +[91.39.133.154]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= +[91.39.133.154]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= +[91.39.139.224]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= +adguard.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL1CEm3j2aoi2Y8/Mbu5CBo5jd11uDzMxjkBC3VGz5KR/6ufTR6fCzGdJhqGVmddwZyofKxQ9mT26100YprT048= +adguard.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGK4WgMInT6CKFsEB69tltx6oLzAYJJG+eCqjAiCLLC +adguard.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWViVAR+WPCPzD6QNYdZCT2a2U7acY75ayG4RTBYufE6zgmz5ybg9wO0PJcT/y9xqaoM/DzctI5k+JNXqdxu90P2s3OTk9NE56a5vjEmPPg0sxCIXU78EM2652X6XlkHOCQUGC7gN6v+x0hinAVmneJxXDJGZtB9NRXnV8FqmYV++IeffGUGUmK9t7iEZpi3NNVekCqtYwqi6cv9QMUNv6Wiftg//PFPTbwQSXj8ISopjXfA7lMKFkPagchMZQwdKyeWokZSjESbdrif0qp9j1oFHLDpL6Mxui+N42sUuPHcRxvxrbKNaYKux8SzRBmyAcJUyUpEKT+zgIOxgPYiyOO+yD8SEgLg+DmkY/P2o8p5mQUdpDkqtQ0OIwDCWqUuAxPIawZb81jnjzyj45weeXZ2wCBOuszwMPagXbE6QSGFxY3RN14nswUg2Qbrbi6pO3pjasPlyzZA3XtZuqKNmn0YDDKZdSxu/chJWM9eEikHEoDhyYx66LvdE9vq74CeU= +agh01.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCtMuxFfxZeOW3ZfO/XljJ1+3z2lXTBtZtWXeceYTcLTPBGyUq6vu7ZQ+ESkPCDSBBtPwINFndYFZXKtcINBM3E= +agh01.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuqF86tw5qNP8J7A+gyjDidwR5fDt5SE1W2e4v2Fzom +agh01.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD6xZU7IzsqMj7qnF7rQ+mNyQUaz4bEctkMR1qrgFsJeYrqm5DnyxglK84ycJPJSMW8mSsXECWgJ+EienPvnUXEXtzoJc3XLTOArmxIEGCAgxLQe4sgvqPmt6kUMt+2ynXYKAZOi31bv6RS/Hhdps9MTbCAcQ9MV3fj1z4Xa8y9t1tMyG3eNFhJKyk0/Svr5YfYt1DV3gCDnAtuICkOY/SlLROt2YqT5oRSUmoVfbYTdUuZp1HczdN1LxsqL4UBCZLqwGWoPP9FJaYbUfRfYtzJTKNMwxo/9hJYWhV+1vA044/G1+rSCkcy+n4nWlIjP5JL3i6EmVN6fzBdU7/wcTIrDwXmge8+InnTuPqTKuWOOfwj+7BwosJ/Pcn1KfDkL3oPDrVQp0UyNL1Bk5mfRakqcty2GEUUGdmJQ+2NTyt9LyDD8cRe3nrGPXTguon+DMXt2cywpl/RyM29nJUmxTb+zzTQkR7Eci9phpsVpaAIddjRjs1lTZ/TfG/TgRARgvE= +debian-test,192.168.1.216 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHFoAceudj8VLkAAkBUS0A9g2yJRyVaTSqeLWo09aXFEwxf1L73qIoLJZhg15kKBB6bu/EKjyDHvO8mczbr92a8= +dhcp-kea.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAU2pjL2Nnr1awJgqGe4uq3E2fz0vn/Ddc9N5VCLS35woUWZCe9vzzwcfeE+hihVcoImDpd1IoQVhte0afs6MIs= +dhcp-kea.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDopP3iexTPxIR2Hwc/14TH84AM/CeuhRQPpn2VZQIEJ +dhcp-kea.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgnCQdCGo2z2zD5KGXpZX2dAdl5x2Wj47e0zd1WFCFT/eqxrqDa6YC77moYts0ce3kRLQecc1zzt0MSb6Op9+z88Oj5WtKcouiycey7Y/95h5jygBXJAtJVshO80etC2b1wwI6CHmrPvN4KqvSLAPkbhN64e9+fA0mP9bnDJFutNYJTHi81B9mD73r4T3kHHLhWwR9BaW8Kkey1JvUrQgEYYzuEhIoXqWBN3mEXJCFOKz6dfqIWDP7EpU6hLfqScu7X+Z+rtNLJmJ6zqdk6CCbKXqoP86FHot3a8/eNL9VI9rzNNZ68gsK+DrY3eDvL8TxUQsiflWtEzsmN5s6ilKO3idMQnKHDUMcgUYd5Y/9HHOmuLOjkSlXNQ0J7cZSmQriX09Vd++vb2S1tvN3Ij+kxOq3VOeDwAP4ILqFmUEPV5Lc2fQ2e9dKMcMVyOhW7knhOKdAD8G7kuFsvfzwlmu9BHlTHwex6oC4J30uWIioJ9aomCmq68xE9gqUHWVBTvU= +dhcp-stork.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCENgWeXdpkAVLMC1Dzzcj6DAPNfSLb8e9/ACmEYG96C7Dix7CsgPkU9Qw2Fo1sgMoJG7CWrnD4/kk2ILxFqP8I= +dhcp-stork.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDN/x/zo02Ch+f4iP3ROP+8Y21QPgGa6A35/FNCtKrZ +dhcp-stork.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClEA4PrH1NCO7cZCxY+O25cWVezavUm3c8/0PHgWoL8ceaGx+YjsKKkkYUxYW3yJPJk86/P8mvPbCo13kjRJJlh8xfoyu6RKJOKUhS4ONG74fi3d5gXSOSa7t+WpPcPcK2U6g4/8jfGRilIHmsPcbL5g8nMBfMK0olMowsswwWH5T5iJs99R5SC17s/0YZUelBMd0oulq8yW38GNZMT/4wDLG9tGGnWwNHhMZHnOiq6GIFB2OvYNDAGb0cQOQdwKnDUxuvhBYPURKT1uXkLuZwmGMktUvyfzToRZTKoo5G26TstWm74W123kV1sm2DV+DwZgG3SkWiv9lSRxnWwvpNlrkdjKkJ2rcg2IKR2lwA7kT9prXqB1nuFfibGRG7HaMV7nftVUreCJCvWKVbSsIcrLsPIMPYh0pp4+d4idRafV2Nj2FRvsilalbu0lA/m4OdsteFhinf25D75qq5ngXUl6I9LyBYHy54mt1ov+/sVnln4IzUQbyaxBakQt0rkQs= +diskstation,192.168.1.234 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBbDuuwpYg92O+O3ZVYyctZ5szXfE7GRUW4rDZjlEYTf2q8ieE2vezHo/sl2wZW1jCSevER2jYYbhvpoQVyiweI= +docker01 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAOkprfhz7eo55wTXSjM3nAjxSCnF7zQZ+IEViE4orduxve6WSB9pERj79kP2Mgt1Z4jk6HP9U9n+l4CkuLN6Bg=192.168.3.8 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvc1wh/3VrYrhZyprhyoW+mAAkuS4XDumhCaU/MO0tc0IgsIYOuP204C8IqajW0Lgej14GDnqNDjabdvC29XnmwVwE5I0EY3QDEWU/CnoBmmmq46G2wfromc7SAgYP7Wo3phOjaBlUd6Rafk9KNwp8GeNRTQdw1beQf5WZaGT36ecfWTD9ET6vybW/W/G6vKLHlcZVq/NlOZOzv/OjqE0iaCbDLyyUfBtegmTn3q5ukwSbGgT18Q88LIJez97ttefbFnFFP+M7hdmXZH430kVW6pXARi7s0ZeRk6arf857LrFxDAh3UGdMg8/u9TaimM0gj2T1qqdNHhhZsj0x4iVYWmIxw9MyLNucGYL2Ewc52G0U7kIojr3PV4eV/2Q7ScgHm3R0pbGkapDnC/NDA7tJwHIAEKQLbJx0CH951Lr8M3QwBL+40fvB8RSzEYhU/XjyZu1gMEXIyP6A1geMR3Tce6CswC03QYAcXrqevN9+j55+8Iyjyc9yh2wgrbgi8KM= docker01 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2ePwlU2sJtRqTK6s1GFmzAHbxrTsVw3Gdo8UGqmMJ9 -docker01 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAOkprfhz7eo55wTXSjM3nAjxSCnF7zQZ+IEViE4orduxve6WSB9pERj79kP2Mgt1Z4jk6HP9U9n+l4CkuLN6Bg= \ No newline at end of file +docker01.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAOkprfhz7eo55wTXSjM3nAjxSCnF7zQZ+IEViE4orduxve6WSB9pERj79kP2Mgt1Z4jk6HP9U9n+l4CkuLN6Bg= +docker01.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2ePwlU2sJtRqTK6s1GFmzAHbxrTsVw3Gdo8UGqmMJ9 +docker01.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzbjg4BfZKE+hMelBbFBomiDdh1zU1BsjeFG/JAkAT7HJv2+cVRC1QD726YtoSkbnuxgsWrVXHADBKjCKhb1rHJ+Lz/tXE/MVr+8YPNJRhEALP9YfNXhppq1aKAspXRz1P+LSnI1RvWok3N6VgDssZCE67lbglo1feIb5S7iy9vVLyqUfM2nb6tIjyliU9xnuTcfS8uUzZdYfpay0QorNTg3gk+TXXBMbl5BoXbKBNXgryMPH18RGtlVpCShYJO0vTAk+wBJwRL+1BtRTMhdh6oJ+88nnB9Bs4z0kSwRHpI3S5aVTOsVQH5YX8Tl6RDYMnY8q3dYEdPw3wGIlAyNIPgb+/ej0PUAvetrEJKwfcf796BgZlX64MFoVuWPcNPMyN3IirhKJTfrLC870DMpTg40fTgRNZJaARJmDooGLbemrPGX9EZqRogx28F9cW1GL857q2WZt7yoVotQ5ALYKSFnBwGXb3qDMHzCnBjm7TDMkr7pLDAqdHZQYGE8kyK7M= +docker02.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMoksk1GhthKvT6QdMRH14yFQ+qv+nvZJAtj8JtfabLTCF7H4Xl0OyQ66e1wFoureAMhdqqTXxVd14BpfgLb+uA= +docker02.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfgdFVSIaOU5Yg4UO6uC2ba2/32cIY6rcmIZqII/RZS +docker02.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCOs3/1yNAsokrI3ENAnZBTxKznSjdd7A0/6d7z4Q3ad9VNPIQpniEueCoiY5x8IoMFbjddRcusSi4SAhOrC+TimeO1s9FYmwRO2XJYMP3uDL4C4UfPOYw6c0+rIn2alf2LFfCTyXKnDXyY4SxeVv1yuWh53vSc20h6UjmNlbBfOq2wS50rZm61x5i8pMh3WRylq6UQOisXYgjrXljr4gFa3wQqzEXp2eDgrAvhSDcTCIO+HIZhlNVp7/oySiYIXQqhjAN2gdzCtKsmdkTB4EeZFIE7PfW5O5HCMpDiFKq6Fw0MpZaSo+WKfQFRUh2RFuwCE8SljaWGxVKmVdz9W9vywu1+otmjRprExf8eGWmefiw8QPy2rmH7HmqzWUrMSG4Hwg3Jr4fu3CU8uAr3kwDbP8Aa7Y47n4cNFjcmld+DkMp0PJYQTn6ZliOxg+puFM+OnTQzK4eCL069spgkU+ytBW3VmvaOc8yoHlAvFuEN2gAAUQf19tdaHXQjqGanD9k= +freeradius.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOxW+eFoxQ1JMWWeByu6nW4NE+sjYwigbyyHTFFAj0q9qtpvh1KFFOCMtgTSeOLkAUHssupaV4QBZLJxQZHWMwk= +freeradius.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZC22wV2/Y+E9TfulupVUGelgfuqAs6Dret8ceVgQcJ +freeradius.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoxB9Tb3QusYy5WiSCg6xpmJQQNadUvAUp8GST6eCbykxLq/TBDGYIv8hyKeAeLVL0NDbHfkK9aVjUSo3VOEZm4T1aA/5s/lfy1ocfGdrlbdrkfAQq1OdPBwSeIKryDPoyT3eOGUgMbt1IQKV9UXF1YuKehC//WVtrF3ngPLINlM5XJ1+qFlWPqiZ73I7xe0nu7zFg6fYRqKeDvAgAObE9nglnb5AMtd2i7oGuLR/dmqLuJSPen0IXPdI17t//J+MIEgqefiXbIFnItN6/z+E2NzR3HuTnv0pK5nV9A+vylUJ9eN3vfqEZAJMCCB62cDMTA8AEoryhp+cNGvlS9LPWCjOvC5qZEHk0oUAjDnsf5uUlfeYKznPM9SdboX3b7mNGZZ6cB8XCvU5/BUagc9/WL4bjUOCyjBFjKzsuRxCJPKHEM4ek7m/4T/x4dkH0UETyIl17tyPHkneWV5ZKYxFMfpcJYX9k9J9sJnZ7wlyL6wVBjVfW6CrF4aEZ3jmD3Ic= +gitea.mewissen.site,192.168.1.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= +[gitea.mewissen.site]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= +gitlab.social.my-wan.de,192.168.1.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= +[gitlab.social.my-wan.de]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= +grafana.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAc1ItoQHL+KyweUoO2B7GA/YOPT7Uj/N0FCOnV+XINiKAr3sEn8wO2qbN7wV/ew1X+gMnEPrPlNFubrBA2PEFA= +grafana.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1FOIMBOJUG6dbabqn4fT+aDCcBDyT1Te8fVxadR5Lp +grafana.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvDGBJboV/r3ouapiChCnj15nyzu9RKMykaTjU0rKPc3HHHTeW9XXh4C6X0TxNdPBgPGLCFzrhBgPAQexcxlj0jE5MZal1XUjJEHlP4OmARlOOn6rbzS70R7DjFf6Mr2TBFyVHgwOOo3tJMiGWdH4iNpTZa+HV6X07HOf8K/NnuFxetB63HnHjNim3AuwtC8iZwUYQHrc3GO1shPimubjt+tt2v0D0/vVU7dW5IQLWBD5NB41DY23GMzP2uNHLxu06y6cGV0bxRVORe1fcZk/+XVHcDkSd43wQIYk/82GjcIgeRyTSlSkjXWob5xnJT5zolxtN0sUN2KIMuirRJCSrvr6cFNBWnW633/4DIR5y3N7mplHdW4oYsS48XfkGdgK26AruSA2xOe+HAm6csvw/L0ipURkXqeU6wa/lLWIa6gy/txfBBAxySNSXaaUUrRFKXl80BRJv/bqUDpxI9cUylSl5QESNmMBloUPmoVgNZeV9YeeAryfIa37h88m1kEE= +graylog.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDOYxmALM3iNvwGTpQ3R+lgH/4k9PAvEXByaV4YWxYWGEil2UL2HE51sHjLNHhzJaoonC2K7qTIhnqTIX8k9+hE= +graylog.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4lpAtL2NctPYmjTQH+umj8S6RycKUYz9onUe7pd++dl/79ZG/fXPoWFsPaRZ4uaOkPNNU1+vq04rN/MuxHnAoFekn/EdfO9Ng5aFNKtcddkXKN80ecquLgR4pDu81jEl/PDp5MArzALBMKPb3KSUdA3Je8Z7inuZObPtxO4eJox4f5i1dyW/i8NTycp1dfyKcQCmI5s0pmrkKsXenPMFhGjgIX3mzPGhgJSQNkSU9k83LR2Z3m3LTb5Og4rXMEvsBcYUb7UTUGXFEstRk+Ow3ZOFPohi40EAYz9S0qFURn9G6X+3XXZqOTFhqzGFoBUf7ZdPWYshfFYxdLoyqtUVxfiPor2rlCWTq2SnJsflUiYqir4T9uu4u+bm6GyE79lfTuB437CFprqq+vuN6XL8Ws8HVf9hPLVtHt/Gq/Jx2gPJvX1lEhSeZoV12Vt7PA3gwljVRLb6K5ziFWnet9Px0LCkGAZ+qjIJHvxECYn+nBs1gR/btdSTu228xzP8cs98= +haproxy01.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMVjFX+BTf5UxbhMAqhUY8KarqeefQoCE7OISJKKmxDSNfqkb+7d0njIU+uG0ap1tBvRIxibvi7QMn8/T4RxIi8= +haproxy01.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuAPK5G2m4vyx0l5M2jVouHvZLwr5ocFGJ3qkb89JwY +haproxy01.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2UqhMjOGkRbWBOf93qEnViDU3fNugE0lIUv0I+qvw02ohFRnI2QwwpRTNm7tWOEzrzLJly1cVU7vdwCJ4h9ptycZO7x1ZSNNNovopVEumvdoVH/2V+TdxZ/fw/OMbEeJdHEn6YMP48lUV4iS8ygMgRkfysKrFuAS8Fhbu68hPlQQMWAFERtsuWyjfu9XguQzIZ5v1lozCpardL1ILaaUIYROitKnRB7Pw2MLtwlEV5vL+PBF1V9LkCe1qz9Ajm/kK7u0TSg1zRwZyYI0OJhQ6WUMWw6RAT20bSbwwP+nE5ACuAldLv4iC/bW3C62WsvWM2ejBl8eiKvhkJaENZGhhhNFuPj6kYOETXTPks9WxhRF4/vRv0NMIkN5nb1QD9bpq4bOby5dv2seEIjfif88MfSU61v9S/HwPR0ji5+qcf2he2AlF+yEk7htEUFrMr+oAIinhpKf3aKNubbPT5FDNx4W4rL0+HV0fNFAI9opkkXkePftlL5lQ/uqjPkhqCPU= +haproxy02.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEZ6X6flRFd0KI99PjGPpUnPmTBAHBInt6AT0h4ti1mo8JY9aE1o8KA4Bg6rBgRUiAiTQYGXnjPInKcbjdOtETE= +haproxy02.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrBClKKZoacXzCUiKApLZRpwlJBgIGuUBR5b8jlxllD +haproxy02.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC39Hl+CIjo6xYngBEU0bHG30WIQF27hrgmARCHvVilAJ8F4ebrJPRCWF4AL9XvRXC3KwS3BIudH0Yj5Fy4+5Gdf4q4sAf1cRW17Ax33yJIhyR0tPu1QiDlDiL2wRL+dgU0vwdR07rRh1B/svyb+g7l1edSzBRqAyPu1tK/bT2ffMYytnrmfeby98kOLtow9hYgVoCJzdCmJ+EiiVtfhhZa9VKM5ndHTzUBDnTgQrjozB+oDAJTIz/YeljEVUQmtaGmfi+HWbt+k+1mqedQ+/z8wHe+jmm9qwr9/xbPQmy/tTDecKtR/EN2CxAAmy/oHejc57g24Ni0b7SqKXoGxsxUNhdsJi5Z4XI6CPXNUnWkajf40Cy75poZD1PFVmZwXeaXBP/zkmTqrNbxbySl83dTNt2SELgSt0xv+ECgX/9IaPR/CF134qopRTnxIMZokt3iP10lpKZBUwO9tkDYS0Gnqjd9UwRiyT6IP0PEJRoGqIWMVQaz697LFrMfiZ4kd1pC3PjvSUiqmh/Ujtm5PwXyC+BKASi9leynk5RpBTj1P/xqLWAlqpO/cNmVJfFJODSQ5GB/3VSnu6YlHzZrDFioN1CWSWjuy8pJF41QpPVX4KufOwi6zCIv1Mzb4g/GFGFP+WsaRabP+BaGE9gG9EyRebj4iPVO/9Htn9OEJlaQMQ== +icinga.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMVjFX+BTf5UxbhMAqhUY8KarqeefQoCE7OISJKKmxDSNfqkb+7d0njIU+uG0ap1tBvRIxibvi7QMn8/T4RxIi8= +icinga.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuAPK5G2m4vyx0l5M2jVouHvZLwr5ocFGJ3qkb89JwY +icinga.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2UqhMjOGkRbWBOf93qEnViDU3fNugE0lIUv0I+qvw02ohFRnI2QwwpRTNm7tWOEzrzLJly1cVU7vdwCJ4h9ptycZO7x1ZSNNNovopVEumvdoVH/2V+TdxZ/fw/OMbEeJdHEn6YMP48lUV4iS8ygMgRkfysKrFuAS8Fhbu68hPlQQMWAFERtsuWyjfu9XguQzIZ5v1lozCpardL1ILaaUIYROitKnRB7Pw2MLtwlEV5vL+PBF1V9LkCe1qz9Ajm/kK7u0TSg1zRwZyYI0OJhQ6WUMWw6RAT20bSbwwP+nE5ACuAldLv4iC/bW3C62WsvWM2ejBl8eiKvhkJaENZGhhhNFuPj6kYOETXTPks9WxhRF4/vRv0NMIkN5nb1QD9bpq4bOby5dv2seEIjfif88MfSU61v9S/HwPR0ji5+qcf2he2AlF+yEk7htEUFrMr+oAIinhpKf3aKNubbPT5FDNx4W4rL0+HV0fNFAI9opkkXkePftlL5lQ/uqjPkhqCPU= +librenms.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJVbZnzU0hQywIx2dxUYoID94tD2ccNuYEtjrz4z1Vud8p+132tV1Y4ORYA+9fkqsbNvrqX3Zo5eDR5Ck2dTPps= +librenms.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGH112sT4u0+H7ZuThYp4e/9rRPIv442toe3Yoy5hqlK +librenms.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZaa2HiZ4mAnLCI45giqhoV5yIcu0EcLOKa+NwADIsT7Qf5fRoUE3/eBWmVEvfxZbkiP6I6dGD1fbg4ApXyzOq6xtiH7luwZddLUbgB5hRMMHu1t0ZaeCDSxkfevT+VkPq5pZ4S0I20LAV7/Tix0dTZFp+W54IeiKOP0PXMKNhoEl3NAj7LimL3EJEwd36cJF5N/t/MtynHcg/MG8BL2YXzneA2MkpTWfAebB2vPcwCy5X1batKmiPuIFVBZxn2DqTSuOitNSh4a082CNjd+ZRz6fp1ShkSqg68XVGSLt6qj4vZVgT2i+tLHZSj1+QjUABLiWSAXybqbG01FqEQeyYywjAZRsOtJ1YHwkI0ZbiLGzd/V8YvJBbTjFxpVoqkPzCVXXjHG7IZfrgQfh/7JMuF2nXin+kYJjACvsjcxxA+fs5XTk0XFcMoJyq8E6/PWQFEDb3mtkGeoBn4Oi1P6Zt2SDwhkzmhS5Ce3YGn5bgPBra30GQNc7CoFNL+HWbTwc= +localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUg4UIbuIC0o9o/w50CjLUUsNzRtx/BmRg1QU+ZDOgA +mail.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPbAmIqQUqXXUMHUqsfGZWoXEDeHBAiTtW1OYTlgPFl9sd7HCD1ReIoa9ZtJ11StVOI4O1LydWzCUnzs9M3z+EU= +mail.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIw32XEvkgqDBvSpxFHY2Yst6pAFOd/tkf23g+e4ZlmN +mail.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPlmcQt6/daaPylDA/kz3o8eYHGKtR31/DooWuEZiJxMjMpo+SipUWjzA6APvrU5i/WiOjF03r7gmMh9IwGNGZ0H9lT+ZSVFoHVQuTYy9E/slCIn4KsMCVNiBRLgKVHzGgcAeF57O0mnxuojiDQA2kB4FI9hmBY+ddHNneOrnfqldiw/GCLhbSw82qkas+7hlBU1x7/fb6tLgbhtIpFRpDDEJMkx5GGUI1hlfoWPr6JaYmr6i4YNRGSYWDC9n13QpUrqT6aMfcP/obJ+26Or/ESxP2QtJIf2RF/IF1MB/le5qmFsOw1BWtV4GPENpYcWHEZEZe+fy7aFZAvwbTqsftEjitbGqlQjm0UGd2k1imF5VtvpVPvNvyTx4EhQnlGgTB09LivkCiq1ympSgpYcgm7Z13wKNejZo+YqW4CBTeFDir1zcTs/ai7yqzOqf4U6P2ZvUKs5PXasH2xjKqWZlA8Ad4/JjSVAFnABXE1uuWRJtnF1NH1pXdRTHKzi8Qskk= +mariadb01.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7dBOBpxoMX2ow3pFa7poyv8koWeqj9+gIDgEM8DfiRiVqHi/hEXN1ZwzzOKL3kawT6hmTlg/QACdhuFAPQqVU= +mariadb01.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOh+K2q2xtGrCTcoWoiyAO1jtWIOw3zsQYOZ5WEMqZ3 +mariadb01.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCPsgrc0zTJUqLMf4ISO7gtXVDNdRPGHz59UDCfrKKw3RLJlLFQOK2aaPwe9kt/15NL+ri8meqsC2wIdaHk1urWJ7YFFig6i/I+6b81Jg7UKHr0MOfsiwwGedEc2iAlC+fdBUlUtINwCI9hdeDMkp4zWgLyZDPDjccenytbfhS+QnJZXV/ZldaZFebiuIG1B0rYifP+fK/ztsKfG+O5nONbvP7WAufw8bpYX5rhisXVS0Lhg0o5ViCVlrNq1tvhgN7ff8j5Ivn0OuFAem6LbJb3GG3Kt/44Lz6B8/d+8uKR/fxFLVat3OUZtNJ4pxWNg+AbdNNfeDI3kUib/Tt+DndIV8PAmoVjrrxpioP67QicwrpKI+T0JRBP72wUklS+ibybdcdYHhUZZMmWZ+cTCQc/Jqr+QPZOd+oANgQsNXUptLCJzllDRo9nwbpIdGb2g0qfJPuOCtbpIwezBu1EoVVhg8E/hexwgCLGAxImPSvhRdx8j8+V1IGkqpv6Wby5KU= +mariadb02.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7dBOBpxoMX2ow3pFa7poyv8koWeqj9+gIDgEM8DfiRiVqHi/hEXN1ZwzzOKL3kawT6hmTlg/QACdhuFAPQqVU= +mariadb02.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOh+K2q2xtGrCTcoWoiyAO1jtWIOw3zsQYOZ5WEMqZ3 +mariadb02.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCPsgrc0zTJUqLMf4ISO7gtXVDNdRPGHz59UDCfrKKw3RLJlLFQOK2aaPwe9kt/15NL+ri8meqsC2wIdaHk1urWJ7YFFig6i/I+6b81Jg7UKHr0MOfsiwwGedEc2iAlC+fdBUlUtINwCI9hdeDMkp4zWgLyZDPDjccenytbfhS+QnJZXV/ZldaZFebiuIG1B0rYifP+fK/ztsKfG+O5nONbvP7WAufw8bpYX5rhisXVS0Lhg0o5ViCVlrNq1tvhgN7ff8j5Ivn0OuFAem6LbJb3GG3Kt/44Lz6B8/d+8uKR/fxFLVat3OUZtNJ4pxWNg+AbdNNfeDI3kUib/Tt+DndIV8PAmoVjrrxpioP67QicwrpKI+T0JRBP72wUklS+ibybdcdYHhUZZMmWZ+cTCQc/Jqr+QPZOd+oANgQsNXUptLCJzllDRo9nwbpIdGb2g0qfJPuOCtbpIwezBu1EoVVhg8E/hexwgCLGAxImPSvhRdx8j8+V1IGkqpv6Wby5KU= +mariadb03.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7dBOBpxoMX2ow3pFa7poyv8koWeqj9+gIDgEM8DfiRiVqHi/hEXN1ZwzzOKL3kawT6hmTlg/QACdhuFAPQqVU= +mariadb03.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDOh+K2q2xtGrCTcoWoiyAO1jtWIOw3zsQYOZ5WEMqZ3 +mariadb03.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCPsgrc0zTJUqLMf4ISO7gtXVDNdRPGHz59UDCfrKKw3RLJlLFQOK2aaPwe9kt/15NL+ri8meqsC2wIdaHk1urWJ7YFFig6i/I+6b81Jg7UKHr0MOfsiwwGedEc2iAlC+fdBUlUtINwCI9hdeDMkp4zWgLyZDPDjccenytbfhS+QnJZXV/ZldaZFebiuIG1B0rYifP+fK/ztsKfG+O5nONbvP7WAufw8bpYX5rhisXVS0Lhg0o5ViCVlrNq1tvhgN7ff8j5Ivn0OuFAem6LbJb3GG3Kt/44Lz6B8/d+8uKR/fxFLVat3OUZtNJ4pxWNg+AbdNNfeDI3kUib/Tt+DndIV8PAmoVjrrxpioP67QicwrpKI+T0JRBP72wUklS+ibybdcdYHhUZZMmWZ+cTCQc/Jqr+QPZOd+oANgQsNXUptLCJzllDRo9nwbpIdGb2g0qfJPuOCtbpIwezBu1EoVVhg8E/hexwgCLGAxImPSvhRdx8j8+V1IGkqpv6Wby5KU= +naboo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCOh2sVL/SqU1MiGUdN819FNupTlpbLMXEe8XMeffdreCU8M0q6BQl4dVCg88NrVGa+TOyEaBvVhoD+5XWUdsmar7STcUtSHvOAGUoD5YgEfhvMJR3ILM8OduLzbZTlWHOeGKsUtKXCET4477VtgbVLXgjyn0bSp1HNhpe5XKuvd1X9WHEK05IGyxITrvhRfb87edg2ZJJgIPmlHdsDtcgWsUwgueECRWG81fRfwzL2BSgFP2o94IzqhSr0GmzvuXC6P9GXTRu4oSaX26M0+xXH39VWnlPksYy5uYASSkta9q8KFmy7VS4ElyIb6w19xAplAnldpJYWfB0gxVLPyJu7 +netbox.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJx6lWdTXLynRwLOkwS+SKAQGmGfniLsaJHIa6SUbqp5HezROQws2ChM5FdP/cF4HfLpuDy/lLNfMGShyJUmG14= +netbox.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLPBtjPa3lFon87BLQHBxeJAclvMpuKbchGD3bSwTh8 +netbox.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhP/0yYjXBqI+/xgK+8FD2dVpjwCN/fs5vFPKwIibHvP1YB7ERUc33VGk9zydl1WRdn6mG1vCIZlXYZStZKWOIZIyW/QFelGqws3+v1HLjEVL0B3eho1Buq875DzzGcEpziXVRno1xAFNFyx5GwYDS1El9yog8qMQPUb7kK3UPtn0UzuFimGmYy5I7CmCCpiPqZgHUA+W5notQaLfTyScpprgM6QvGSkPMNKp4m09d6nYqc4/C2AwITsjwKY67Wr5BOo+jTK5fsGfTca1wsERaY3+YEJKMyq62t/yfLTcg0I51kCgN1qqztauWpLCbWuXPsW5DLLxxn0LfqU4snSdBMl29aWQyxxhWuKYvUPXdaldV0hsesxlZ/+C9K5gMFl4N9Jh17tH7MAdXvpZmtP312x0AdUygzVcJYsHVtvzCooqNczjVR0pd/GIEhIUkTJPzaLzW7a/q6p5FYroS5KQUccPuWvqmBdBzzwvllLeZMfqa4NsUS9ArbycAVt7zfXs= +nextcloud.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC5mh/EWTl3zPKFr4tXu6b5xNcrBxEmYAavfoUB6Hi5yK+vd9dN5KI5c86yV6JRlyl85q0r6vevOTBfDVawieDo= +nextcloud.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0Q9LgwAmLEYSwhrowNhkrI+S7L9gsqEGC8ZIPgZgIDmSrQSFUAQenpUi90njZ49S9AgncX8WrseD0xk2RUywDL0Y8nRG2PuQ2aDgPcKYeJZzibL9LXqRzQIFdjx9qENeI3rAhhXW0yOOyiWMag0AidlaywzZkiNtD6hXKQfd+Sde47g106PpjSDd6yGqxiSq33ryFH65g6tmgVU/cYzDvUfmL2F5mDMa5HkMqfbyP2WNmJnjlbrOGWqWFILQWkrhDCfo8fCMDN758dAp1F5JA62JQFapjll2G9myUa5gukDqGBOEAVNguPyjNID1eHXXtJ4Vf8zhSpoRvXjs77qvbqP2GCvaQ2Jr95qsFPBtCCrdctjObDN1sk1B98tONWsEPQaSIDWi+AzhgTNnd3/Cdk+GO9S7xcdodeUogyngIsAeip/w+EB++LPw5NY5t4fOnZB3bCjnW2LKYzlPGCIMETgf56CqdkmRnq2HlpgdsOtDuzhav3IRFQHbr7bU6v1s= +ns1.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMxmeZHoRF3NAA7IL7ybgPPE4BsOhaUyTBlaAEGFVuOW2q5F8bpp49ZM2f9G1lEHsVOHpStLVuQ1dCwhUCRBfl4= +ns1.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuP6Ii2s/yXcqjOC453YVxxYnNaHbpTewUYOacU2S6L +ns1.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDnA9dUFJzBI+BqTFRb4tnm8mZPSk08SfYzbljpTPUnfzu2EoHX1orD/APDTnEbBLhU72E+itw+xr3sstx/Bz8XjXvZGOl1vriwI2rgVKAT27vQSsLF5Kbrps1pZXxVCjbcQ5QRWDrvLaQbVQFPQyeCucUQPFkiPy/jrz/J0c+TrWhyH7sdA5aIknqil1+U2xESRN/kiqkVu6/eh12Nl0zQfdegA2znh87tMElKgq5VGS+SpiwqPVwAIqQs/hw5sRPFWprNv6KkFV/n33QuW0KcdyIdQkKxi1WIYlfT6KOQZng6RHB5G/TNaCAxfrR+k9Rh71YKE4WJBkcTi/MNpEOGQYK7cL1sCb1ShwhpRLdaLuQR/7Z5+riqruM9AceJVuS+UIoH2tEQACJSCc7+COgYLgMvcdYEgFVoBKxoYcAFdTl3f1LNThIbo0/CA+//gHXWxQ7h7bXlD1PqBbjeyp4c7p888dMc1LmN1AXy3Vq22yDhMtK7crynnYOuYX59Syk= +paperless.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFERQ2pwEElA9UKCsNcL5RZqz647mT9HPdrQ/qWJEefrTJazJ/wLFtQdpWEq1iTI98gjyd2vQrApgh8BZaDCjG0= +paperless.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4DaNcYHgOHxxDZMZsf4F4rZoQNFXRapeaoNEe1ZMuj +paperless.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBGbqYB1ne90Ppxiab5Ei1EcKX2mNEt5BTW2V4Maw4SGRcAT8dqtF59qpTFK19gdZGeaKHei5P6vZFa6av8jPpP/XzO3iovcNg6PGSI5SQ/vfAZc1e3wo+JRWJPDGKZB5Leq7XuHweEF4GULBQZt9Y4FCuhGWU9FyNCTnf3eXzNF9rXhSjt4n+K8m/+HVm4vd/XMF6wFKHeb/AJWGqqc3SdOO06Ajatt8lhi/wjZ7LI1abkZkhBB431zYVkTRlILtwFfYCAv0AuWRxv3wZh9rNPNqqZSQlhEsoQ4OgYopf3PPlqWj7WerbwreNbbGUvQcbsmRhRHDFArYAdQc54kGPddMpia/kAwOCO4SYy9Q2c/kuUn/AYdzv++semVM2ri+978A7ptNNXKYAg7ANnVZYeYjAd+bqtQQukbgSTFuVuQIK1chYW129KXjGEWNMPWJr3ZmfO6BCvd8tj6/6h0sB/KZaxeUc1bO8GzvIOLURM1Lto5tEBL99Ua0g0hfmdBk= +pi-alert.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBAzEaUXDW1xyx5IdsWfw+hWdq3bh86ZURjz0h45jlo+F2oDIXLJOOUljgieL5QzuuRlJ+fvIhgTdsB6GOfY2Ag= +pi-alert.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjaIDCd51SeNseA8flbK2c6kvWbdMeFHwPbUX+I1rqH +pi-alert.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgnPW95c+FY9wCTINyphQkeTMiQvCZm1aPyINaUi1tEC3cOR0kDFs1nHr46g0oiN7mTX3XsCKF4h3w60EFZ41hUyfxUek61bnbZlRv+Mmip+YS2guiu9w8WHa0tYCgg2L8VFesODLLPinFe6cpmlYyCWxdh86n4dKVwrbNJEsEsMyNmj5vzKU0jIxrYhEG0Rb9vjEzbweb6zMq19oHeVvSby3umr8xSayt0xoFOuj6131IyjXbe00L63t/xI+uYj/DfqgIFWhehWepl+IBr+j3VqUEV315wpvTSUrnNGadg+xfqpE0Ltaxh0DndK7WS0FZk9aBriv32/CHcir5awHNpKjeAJT1GWXP2eIOHKu1Z5BNyc9r/LrQWku+NWgppRANVNobThEzqLxplSTWlVBuqh1WpqUNj2eeG24nNMxB/hj0hYMO4NT6XXnK9WEcge0gYwNhRJKcr9hsZKej7Ti0cXrQ0VK112VBJXvceKwsGpbqzxhHBHuEm3mqePKf2Z8= +pi-hole.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF9d/KOm72TYQM9KyIKlszVQ7bluogukSTJ5hN9Y0EuOTmZps90vZ653auvdKuqDN16r15z9VellE09pRFfoBbQ= +pi-hole.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1E4qL5Y2mcjfl/AeT2snITSWbDHXWLujvFvQtm6xzz +pi-hole.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDH0Z8Y1E+mUT9IUth3mHf+lHGz9Y7KHNfP7uymGSpjqyPNVDCDhVolkKo8zxkBjTSuFijCRjab/xs8a21rti+Zz+HzDd0PbKVfzNSX80fzWhoubF6PsP2R6LuekPmR09WmFAvxzoROXzuoqvQtr7FPS2Qkoj6Qy2GOuT+TIVc7f7Xz4GuIy0Je8ymUj1gQ3UJWfV1K9BnsIRaq+vW5LQGf/FSN8qGwikAeKMo/Tgh0u5ma4jR2Afsb7BCvjE2ENC1tcmQa8HPgbDC1eI1hTBTFoVMU0bRWwOL9hHJmw3MkzT0pwsisSN0TQKQ5/veLvD1ADBYh2ZRW/Mbu77RNBla6VXiSwc5blQMqIhWqcDgguYJYVpFEM+nzur69xJr8mgwlpJHgMP4yaqNUoaLuWhWMDLuiSuayFQNVV0V204WQJGefmm7bxgvyreIU62BDrZu0wnlPhPDY7Lpj8Kt5muciJ2RnovIZVDwngXdBLYYrG+8FT5q65sljkUMAX/rjcPU= +raspberrypi,172.16.0.100 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFsPOLPHU1pAapm6ljdg178ZqnANuSkdAa7PE22DksNQ9VVrvxY5h054pyaviDb2XxsHwYbAL0fP+4I2Slq4wGc= +samba-ad-dc1.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKLfWVkt/B9NPgJe6sUD5SjFbnkzV0ZbwnWoDT4/iIIUiARToVVONpORMHNmohgeu4gbBuxMZT0OPMt/9NYtiyY= +samba-ad-dc1.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAeFPksE+8PJ9V0egdfOv0AEdi3qPym32eyRpwIcsW +samba-ad-dc1.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJ3hijoqcxSctJdo/+VpYNdhGc63oN10ZahzjaplP0vZQbMuDqhVsHJRVBxpY9ZlDcZxIfEjf1GLqXXOJZN95VLVg/b6XjlJ9JT/51/E5bt0W57NNcR9jNllVY81X9n2jCAqYfW9/xTCtY2DCSFrf/Kpaz11LSzF85UQclbx7bgNn6od9GI0v8YjzvWllXYnu4lc77diYkQAQeoWdolXmw2dj/cawIQlmMEbTSPFn4mdieYW2RCO50ZbWjVUI005U3Dvry/6hSPrhKfptnUJ7NAylC3hmW1p7zMHofREo3t0qogixpdWSr8cH2a8Bhk33OAP1Vd+EU6HCOJnyXuxFQ1k8Tc+pAMxNk1SEV5FVL+EHs1TPFeifMziRG1QTVT7cDsXFhxP5XGrQYIF+M0ZLUAvSOV6luNC4LHZskbTUtCV+1QsLqy/zv8zuKSZ/CpsK/j36gXnCxFPxa9H2VWWQvv5GA6bLJbJ9Na90PPEp68/VHbwfzzAFVwk6hN05UjNs= +samba-ad-dc2.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJDlzwJ24EeLCpIJ+JTUgthF7IPgamXL7UpVwkNvLvtyEQ0xHuusH47H2NATD2KutH1VdmyBgmLovoOzQCn3Kfg= +samba-ad-dc2.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzX3k5/jNA+ffE8hQSyE57x1NMhGHUOhpwlK1/gFNuQ +samba-ad-dc2.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+Le+haRCsK0XoVjU/DiaBE9MNtKvdRA06QajNaa80SPl/UUiJil3VFQimi4MdCTwei2j0fJQKNeKXlaYwEKMU9eVZNOapdfvZDVdWmwNsYgBtw2uL73BzG8nq996wjBGkK763Sh/nyW5/TwbWuJD+1dKDfioc/aQuy74gf79nHLmP7aQl3q1pr6+kua/r2jTMioVXJQNlUF3CO/LLtiwHQalMPClXnSTzE/6MGIgur2TRpT2JNS9M9MmW5y8FNUfzUkM9gVaRlPdDwLX/mLUMTtUI8PtRwk0q0kaIMk8KXekzzbd3q/w3RN/nQBWjKL8cH84h35nZm6otzfICR4WqaL1TT/X1cS3SVycwd3lzWaSF7VL82NNcsXNnef8k5xWDk2I0qYwtbaE5ASsSKHQ0elyMzZIytg7yPB0T4OmBsuCgOU4Cp73LrEbti3NgOrZG90wcxCuxtR1VKnfERX6fA+6uTQk3DwYOLjmyk6WWQar41DJUEkBAVo5h0rrLTAs= +searx.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMVjFX+BTf5UxbhMAqhUY8KarqeefQoCE7OISJKKmxDSNfqkb+7d0njIU+uG0ap1tBvRIxibvi7QMn8/T4RxIi8= +searx.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuAPK5G2m4vyx0l5M2jVouHvZLwr5ocFGJ3qkb89JwY +searx.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2UqhMjOGkRbWBOf93qEnViDU3fNugE0lIUv0I+qvw02ohFRnI2QwwpRTNm7tWOEzrzLJly1cVU7vdwCJ4h9ptycZO7x1ZSNNNovopVEumvdoVH/2V+TdxZ/fw/OMbEeJdHEn6YMP48lUV4iS8ygMgRkfysKrFuAS8Fhbu68hPlQQMWAFERtsuWyjfu9XguQzIZ5v1lozCpardL1ILaaUIYROitKnRB7Pw2MLtwlEV5vL+PBF1V9LkCe1qz9Ajm/kK7u0TSg1zRwZyYI0OJhQ6WUMWw6RAT20bSbwwP+nE5ACuAldLv4iC/bW3C62WsvWM2ejBl8eiKvhkJaENZGhhhNFuPj6kYOETXTPks9WxhRF4/vRv0NMIkN5nb1QD9bpq4bOby5dv2seEIjfif88MfSU61v9S/HwPR0ji5+qcf2he2AlF+yEk7htEUFrMr+oAIinhpKf3aKNubbPT5FDNx4W4rL0+HV0fNFAI9opkkXkePftlL5lQ/uqjPkhqCPU= +shinobi.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPFHHcGEt/64jos/LzjAcFcXuQfNzxc6Dhw+S8myAh05WkFQvbrbTdiT0ywliCi7QwgsCmG2UAZ3ngdBPWUNYWo= +shinobi.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMN19mh9RrJIJmfmqPcnNfo9S8i4AZ4p8UriAqyiZsYD +shinobi.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCaYNrnRUtw2NmQG6PGf+XyrHZKVnKb45r9GiTBSyhiKuzWRAp7qBGSfrDLDzzogJdGhVKmpcGJYggdU//f6WFqBdw3koC2LOU/iLeQkLAKFZdzExZigyNrRTaaHYG5ZAuExZU6MdJfSJZEEgBBu7b+PCBkiw5f0GdYoZQZvp/8HCmt+/Cki4E/4htqEPuKDr5+I9yugUx0s0G4GuaMEFndALdAHKqgIrzOn9zeAjCoLykDPOQhbfTjFQcLBoLkFLEpb/xMV2V2MNQHhXzD1Tey/8jrK1e6DJ2jrKRhDa1qjmMSyH60QkyW+SPcJSRiqbTbm2yQMC/0pbsZHFJXPWsjm5uKCwUyXCwkcu4QD3Zl3McCLzqbYrhGSw0Vz6FNVLDoNuJgbtKhRzi0a1P+Sg3IdiSJH49XrtavHzYepG6hKYpuNZGkA4D/9A0bIHTvBl/sNRNt8QGTIL9ZzkHwl6XgiappVzq5AFi0qQeIGsR+xbaPSfUy0g4fC8xON5EAjzk= +[tantooine.myfirewall.org]:22222,[91.39.133.124]:22222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= +[tantooine.myfirewall.org]:2222,[91.39.133.124]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= +tatooine ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAn9LBrAdp5hj3pOaqpzrT4fZWDjZhuT+XUMlE+wyDIAwykrPlnXv+tui2Gq4g3v9UCRvYSJOvlDvqs6BO6XsJQ= +tatooine ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxTVc9yuqG1BtP59f5q9q/LJw4mGUmcOChrP4iUeAbT +tatooine ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCq/6z7xJlO7zMk85iX84UVE7D/I55NzY6m5hos4RgVzhTb5DxOV0Y1lMK3sW80ZLMCS9ZoLa/BdATqHLIoCCtQipjKRuHK4qP4c00tVfPwsZj4VyVNx6cUArinqqzUCQPZ6Tty5lJPbH5iCaFPaXMmi7NKF6GEz4p/rJVw0d91N9OKwTxedMfV6XuKuEUXDA3TASQk/32Xib3Bw39y3rPuyMgc/NIkM8zOFuLm4YnJST15x33wvhraA0TQt+5+hApQ+n/JwYCENwj0OXORJxMdXZR5MqlNr3KVrlPmsMViEeUlR26c4L3W//QLLPovbUDWQK5OwotEF7E+ac0FmghX +tuxedo-book-xp1511,192.168.1.220 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAyz243LYFBTd7QsMd1k+sirj+8mK8QuPmyVGlKJG1v1s52+i+7s22FElXFB7L85LSjza+LxXmcJDZ2ONAJmcTg= +vuduo2,172.16.0.5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRLsnDtDLuNBN8X8rmCNdrrIYCWfK7DrI/bPQAbSroCuwdHRLztd5doWJyVy6XjuJ2cVaal5xR11hit5qz0TQHhhXJbkViivRSDUuFKVZQajGmUjxMdE0vChqIn3ObIhtkf5ESTvxnroETMUQXzPe30EzO8tGlbV6cGrv80rhp9l1eWUt1pOzYe6pNEPVZiavJYD/rNWd/1xTqx8TCC3yeaWKFINAvo+C5wshKv31r7k9KXlliLMdbvBwkalbk8CK+AwJQsAapklVfQ4u/H0xpXUYlQU4c4kmjq2PTM8i6pLBtCRtfY2GUEu4OvjcHUl/WK1uICVWDPr7O7HLbtvVR +webserver.universe.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMVjFX+BTf5UxbhMAqhUY8KarqeefQoCE7OISJKKmxDSNfqkb+7d0njIU+uG0ap1tBvRIxibvi7QMn8/T4RxIi8= +webserver.universe.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHuAPK5G2m4vyx0l5M2jVouHvZLwr5ocFGJ3qkb89JwY +webserver.universe.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2UqhMjOGkRbWBOf93qEnViDU3fNugE0lIUv0I+qvw02ohFRnI2QwwpRTNm7tWOEzrzLJly1cVU7vdwCJ4h9ptycZO7x1ZSNNNovopVEumvdoVH/2V+TdxZ/fw/OMbEeJdHEn6YMP48lUV4iS8ygMgRkfysKrFuAS8Fhbu68hPlQQMWAFERtsuWyjfu9XguQzIZ5v1lozCpardL1ILaaUIYROitKnRB7Pw2MLtwlEV5vL+PBF1V9LkCe1qz9Ajm/kK7u0TSg1zRwZyYI0OJhQ6WUMWw6RAT20bSbwwP+nE5ACuAldLv4iC/bW3C62WsvWM2ejBl8eiKvhkJaENZGhhhNFuPj6kYOETXTPks9WxhRF4/vRv0NMIkN5nb1QD9bpq4bOby5dv2seEIjfif88MfSU61v9S/HwPR0ji5+qcf2he2AlF+yEk7htEUFrMr+oAIinhpKf3aKNubbPT5FDNx4W4rL0+HV0fNFAI9opkkXkePftlL5lQ/uqjPkhqCPU= From 6a4322db1f78bd81dbc154e055d73ce817d280fb Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 24 Sep 2024 17:25:53 +0200 Subject: [PATCH 75/82] paths --- roles/backup/files/config/icinga_includes.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/backup/files/config/icinga_includes.txt b/roles/backup/files/config/icinga_includes.txt index 7d009b0..8b41550 100644 --- a/roles/backup/files/config/icinga_includes.txt +++ b/roles/backup/files/config/icinga_includes.txt @@ -1,2 +1,8 @@ -/usr/share/icinga* -/usr/lib/icinga2 +/usr/share/icinga-L10n +/usr/share/icinga-php +/usr/share/icinga2 +/usr/share/icinga2-ido-mysql +/usr/share/icingadb +/usr/share/icingadb-redis +/usr/share/icingaweb2 +/usr/lib/icinga2 \ No newline at end of file From 289c3c83174dfec802293a417733bacd10b4205d Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 27 Sep 2024 09:59:09 +0200 Subject: [PATCH 76/82] expanded PATH to be able to execute ldconfig with su --- roles/base/tasks/software/wazuh-agent.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/software/wazuh-agent.yml b/roles/base/tasks/software/wazuh-agent.yml index 49f7356..8e41ad5 100644 --- a/roles/base/tasks/software/wazuh-agent.yml +++ b/roles/base/tasks/software/wazuh-agent.yml @@ -4,6 +4,7 @@ deb: https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.8.0-1_amd64.deb environment: WAZUH_MANAGER: "{{ wazuh_manager }}" + PATH: "/usr/sbin:{{ lookup('env', 'PATH') }}" - name: systemctl daemon-reload systemd: From 7e947d39cedbb3d74a6e237fcced4ced6dca7f8a Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 3 Oct 2024 09:52:39 +0200 Subject: [PATCH 77/82] generic_excludes --- roles/backup/files/config/coruscant_excludes.txt | 2 -- roles/backup/files/config/generic_excludes.txt | 3 +++ roles/backup/files/config/jitsi_excludes.txt | 1 - roles/backup/files/config/mewitoot_excludes.txt | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) create mode 100644 roles/backup/files/config/generic_excludes.txt diff --git a/roles/backup/files/config/coruscant_excludes.txt b/roles/backup/files/config/coruscant_excludes.txt index 9493134..3784aee 100644 --- a/roles/backup/files/config/coruscant_excludes.txt +++ b/roles/backup/files/config/coruscant_excludes.txt @@ -6,8 +6,6 @@ /root/backup/ files_versions/ files_trashbin/ -lost\+found -*.bak .local/share/Steam/Steamapps grav.log diff --git a/roles/backup/files/config/generic_excludes.txt b/roles/backup/files/config/generic_excludes.txt new file mode 100644 index 0000000..3fb79a0 --- /dev/null +++ b/roles/backup/files/config/generic_excludes.txt @@ -0,0 +1,3 @@ +lost\+found +*.bak +.debug \ No newline at end of file diff --git a/roles/backup/files/config/jitsi_excludes.txt b/roles/backup/files/config/jitsi_excludes.txt index 751553b..e69de29 100644 --- a/roles/backup/files/config/jitsi_excludes.txt +++ b/roles/backup/files/config/jitsi_excludes.txt @@ -1 +0,0 @@ -*.bak diff --git a/roles/backup/files/config/mewitoot_excludes.txt b/roles/backup/files/config/mewitoot_excludes.txt index 751553b..e69de29 100644 --- a/roles/backup/files/config/mewitoot_excludes.txt +++ b/roles/backup/files/config/mewitoot_excludes.txt @@ -1 +0,0 @@ -*.bak From b668d71b860ae4d25a86fd1e7efa976aff0e8dff Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 3 Oct 2024 23:02:04 +0200 Subject: [PATCH 78/82] prepare dns secondaries --- host_vars/dnssec1.universe.local.yml | 7 +- roles/nameserver/handlers/main.yml | 5 ++ .../tasks/install_powerdns_server.yml | 90 ++++++++++++------- roles/nameserver/tasks/main.yml | 50 +++++------ .../powerdns-server-sec-mysql-config .j2 | 4 + roles/nameserver/vars/main.yml | 30 +++---- roles/server/vars/debian.yml | 3 - 7 files changed, 110 insertions(+), 79 deletions(-) create mode 100644 roles/nameserver/templates/powerdns-server-sec-mysql-config .j2 diff --git a/host_vars/dnssec1.universe.local.yml b/host_vars/dnssec1.universe.local.yml index 2155a80..29d86e4 100644 --- a/host_vars/dnssec1.universe.local.yml +++ b/host_vars/dnssec1.universe.local.yml @@ -1,3 +1,4 @@ -powerdns-server: True -powerdns-primary: False -powerdns-secondary: True +powerdns_server: True +powerdns_primary: False +powerdns_secondary: True +pdns_pri_server: "192.168.1.190" diff --git a/roles/nameserver/handlers/main.yml b/roles/nameserver/handlers/main.yml index 3e1bd1e..bbfd24a 100644 --- a/roles/nameserver/handlers/main.yml +++ b/roles/nameserver/handlers/main.yml @@ -16,4 +16,9 @@ - name: restart_pdns service: name: "pdns" + state: restarted + +- name: restart_mysqld + service: + name: "mysqld" state: restarted \ No newline at end of file diff --git a/roles/nameserver/tasks/install_powerdns_server.yml b/roles/nameserver/tasks/install_powerdns_server.yml index b1bc8e8..1512b5f 100644 --- a/roles/nameserver/tasks/install_powerdns_server.yml +++ b/roles/nameserver/tasks/install_powerdns_server.yml @@ -1,55 +1,58 @@ -- name: nameserver | powerdns-server | install packages +- name: Nameserver | powerdns-server | install packages package: name: "{{ powerdns_server_package }}" state: present -- name: nameserver | powerdns-server | install backends +- name: Nameserver | powerdns-server | install backends package: name: "{{ item.package }}" state: latest with_items: "{{ powerdns_backends }}" -- name: nameserver | powerdns-server | install and configure database +- name: Nameserver | powerdns-server | install and configure database + when: + - powerdns_primary is defined + - powerdns_primary is true block: - include_role: name=database # required. The name of the role to be executed. - - name: nameserver | powerdns-server | install python mysql client + - name: Nameserver | powerdns-server | install python mysql client package: name: "{{ python_mysql_client }}" state: present - - name: nameserver | powerdns-server | create database + - name: Nameserver | powerdns-server | create database mysql_db: - name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0). - state: present # not required. choices: present;absent;dump;import. The database state - encoding: "utf8" # not required. Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci) - config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. - login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. + name: "{{ pdns_db_name }}" + state: present + encoding: "utf8" + config_file: "/etc/mysql/my.cnf" + login_unix_socket: "{{ pdns_mysql_socket }}" register: database_exists - - name: nameserver | powerdns-server | import database + - name: Nameserver | powerdns-server | import database mysql_db: name: "{{ pdns_db_name }}" state: import - target: "{{ pdns_mysql_schema }}" # not required. Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and xz (Added in 2.0) compressed files are supported. - config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. - login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. + target: "{{ pdns_mysql_schema }}" + config_file: "/etc/mysql/my.cnf" + login_unix_socket: "{{ pdns_mysql_socket }}" when: database_exists.changed - - name: nameserver | powerdns-server | create database user + - name: Nameserver | powerdns-server | create database user mysql_user: - name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove. + name: "{{ pdns_db_user }}" password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }}" # not required. Set the user's password.. host: localhost - priv: "{{ pdns_db_name }}.*:ALL" # not required. MySQL privileges string in the format: C(db.table:priv1,priv2). Multiple privileges can be specified by separating each one using a forward slash: C(db.table:priv/db.table:priv). The format is based on MySQL C(GRANT) statement. Database and table names can be quoted, MySQL-style. If column privileges are used, the C(priv1,priv2) part must be exactly as returned by a C(SHOW GRANT) statement. If not followed, the module will always report changes. It includes grouping columns by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))). - append_privs: False # not required. Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones. - sql_log_bin: True # not required. Whether binary logging should be enabled or disabled for the connection. - state: present # not required. choices: absent;present. Whether the user should exist. When C(absent), removes the user. - update_password: on_create # not required. choices: always;on_create. C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. - config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read. - login_unix_socket: "{{ pdns_mysql_socket }}" # not required. The path to a Unix domain socket for local connections. + priv: "{{ pdns_db_name }}.*:ALL" + append_privs: False + sql_log_bin: True + state: present + update_password: on_create + config_file: "/etc/mysql/my.cnf" + login_unix_socket: "{{ pdns_mysql_socket }}" - - name: nameserver | powerdns-server | create database users for secondaries + - name: Nameserver | powerdns-server | create database users for secondaries mysql_user: name: "{{ pdns_db_user }}" password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }}" @@ -62,8 +65,18 @@ config_file: "/etc/mysql/my.cnf" login_unix_socket: "{{ pdns_mysql_socket }}" loop: "{{ pdns_secondaries }}" - - - name: nameserver | powerdns-server | copy config + + - name: Nameserver | powerdns-server | configure mysql for network + ini_file: + path: "/etc/mysql/mariadb.conf.d/50-server.cnf" + section: "mysqld" + option: "bind-address" + value: "{{ ansible_default_ipv4.address }}" + state: present + no_extra_spaces: False # not required. Do not insert spaces before and after '=' symbol. + notify: restart_mysqld + + - name: Nameserver | powerdns-server | copy config template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -74,17 +87,28 @@ loop: - { src: "powerdns-server-pri-mysql-config.j2", dest: "/etc/powerdns/pdns.d/mysql.conf" } - { src: "powerdns-server-pri-api-config.j2", dest: "/etc/powerdns/pdns.d/api.conf"} - when: - - powerdns_primary is defined - - powerdns_primary is true notify: restart_pdns -- name: nameserver | powerdns-server | disable bind +- name: Nameserver | powerdns-server | configure backends for secondaries + when: + - powerdns_primary is defined + - powerdns_primary is false + - powerdns_secondary is defined + - powerdns_secondary is true + template: + src: "powerdns-server-pri-mysql-config.j2" + dest: "/etc/powerdns/pdns.d/mysql.conf" + mode: "0644" + owner: "root" + group: "root" + force: no + +- name: Nameserver | powerdns-server | disable bind block: - - name: nameserver | powerdns-server | get running services + - name: Nameserver | powerdns-server | get running services service_facts: - - name: nameserver | powerdns-server | disable bind + - name: Nameserver | powerdns-server | disable bind service: name: "named" state: stopped @@ -93,7 +117,7 @@ vars: service_names: "{{ services|dict2items|map(attribute='value.name')|list }}" -- name: nameserver | powerdns-server | enable service +- name: Nameserver | powerdns-server | enable service service: name: "pdns" state: started diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index b220ad4..b6d863d 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -3,53 +3,53 @@ tags: always - block: - - name: nameserver | unbound | install and configure - block: - - name: nameserver | unbound | install - include_tasks: install_unbound.yml - - name: nameserver | unbound | configure - include_tasks: configure_unbound_snmpd.yml + - name: Nameserver | unbound | install and configure when: - unbound is defined - unbound is true - powerdns_recursor is not defined or powerdns_recursor is false + block: + - name: Nameserver | unbound | install + include_tasks: install_unbound.yml + - name: Nameserver | unbound | configure + include_tasks: configure_unbound_snmpd.yml - - name: nameserver | unbound | disable systemd-resolved + - name: Nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml when: bind is true or unbound is true or powerdns_recursor is true - - name: nameserver | powerdns-recursor | install and configure - block: - - name: nameserver| powerdns-recursor | install - include_tasks: install_powerdns_recursor.yml - - name: nameserver | powerdns-recursor | configure - include_tasks: configure_powerdns_recursor_snmpd.yml + - name: Nameserver | powerdns-recursor | install and configure when: - powerdns_recursor is defined - powerdns_recursor is true - unbound is not defined or unbound is false - - - name: nameserver | bind | install and configure block: - - name: nameserver | bind | install - include_tasks: install_bind.yml - - name: nameserver | bind | configure - include_tasks: configure_bind_snmpd.yml + - name: Nameserver| powerdns-recursor | install + include_tasks: install_powerdns_recursor.yml + - name: Nameserver | powerdns-recursor | configure + include_tasks: configure_powerdns_recursor_snmpd.yml + + - name: Nameserver | bind | install and configure when: - bind is defined - bind is true - powerdns_server is not defined or powerdns_server is false - - - name: nameserver | powerdns-server | install and configure block: - - name: nameserver | powerdns-server | install - include_tasks: install_powerdns_server.yml - - name: nameserver | powerdns-server | configure - include_tasks: configure_powerdns_server_snmpd.yml + - name: Nameserver | bind | install + include_tasks: install_bind.yml + - name: Nameserver | bind | configure + include_tasks: configure_bind_snmpd.yml + + - name: Nameserver | powerdns-server | install and configure when: - powerdns_server is defined - powerdns_server is true - bind is not defined or bind is false + block: + - name: Nameserver | powerdns-server | install + include_tasks: install_powerdns_server.yml + - name: Nameserver | powerdns-server | configure + include_tasks: configure_powerdns_server_snmpd.yml rescue: - set_fact: task_failed=true diff --git a/roles/nameserver/templates/powerdns-server-sec-mysql-config .j2 b/roles/nameserver/templates/powerdns-server-sec-mysql-config .j2 new file mode 100644 index 0000000..863ac7b --- /dev/null +++ b/roles/nameserver/templates/powerdns-server-sec-mysql-config .j2 @@ -0,0 +1,4 @@ +launch += gmysql +gmysql-host = {{ pdns_pri_server }} +gmysql-password = {{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }} +gmysql-dnssec = Yes diff --git a/roles/nameserver/vars/main.yml b/roles/nameserver/vars/main.yml index 05b8bf5..502d4ae 100644 --- a/roles/nameserver/vars/main.yml +++ b/roles/nameserver/vars/main.yml @@ -1,16 +1,16 @@ $ANSIBLE_VAULT;1.1;AES256 -33393637343963633639303764623635356261393833353539626539396635666264393865333738 -3666356534343238656532373735383161666232373536380a366134386664653133323936383364 -36616330356462373436313032303133656433316566373632656532333166323439663465343139 -6165353566313464370a343066616239366166333563333364333634643635636135636230346633 -61393731323835666338626262326538346362613561666533623839333566613033363037636364 -39643031343232366437316263356339613163333033383664616532343433653131616438383663 -38623631323233656238373264346235656530613261303863633964373736653531333236356537 -65386166396262343430313431646439663234313561346463316563313832356635653865363333 -63653362326535323864353738376132663266353161386461613538313063633332383538316634 -39313664323337303861666361636633613631623438613434303964373065396263663232386131 -38383235373066633338633938303663623331376330356635343661303061663535346639336464 -31646530386533636165346233626532643437336136373731313738313463373436313334613834 -38633136613935373466366138336538623266346333313831646339626433396366373761656337 -39356365383762363662666162313932323831386133336631383039383132623661646566376265 -613335613464393433626139343731393633 +61303361653739306432353266666164316662373337626436323530663765393231373432623163 +6137383465666332313434343038343738666434646233300a633832353361656438316635363433 +35313563366132303832653761663639663135303864383434346566313434653965633233633262 +3337343536366534360a613539633535313362633366666431373534356334666661386266316132 +66323735313438366432356132313537353463313563633133323832346561306266653838366662 +30373136656363336164366662656362316235623530666239396665326165616666663339303932 +32643462623363383237636435313564626138373638656235313733306138396366623966636132 +31633539383834613335343636323230353530363366353430343036343838353763373134623165 +38633164643165326638613535323330363835396661326566373064316435346563393935333437 +61653633646365343165306564366631316234386430363538636535313436646232326634616365 +62373066306130373161343664666163623434336663356561613166353137373163323639343034 +61653261346637306461346164626535353335346461326233303162656539333031613932353832 +31653063666163633862393334386365633862363034353861643734363031383137323163326637 +39346531646231363832303037383837336164326330646634343934643135626234646265356535 +656462656539613538373764656134373037 diff --git a/roles/server/vars/debian.yml b/roles/server/vars/debian.yml index ea82435..a986cd3 100644 --- a/roles/server/vars/debian.yml +++ b/roles/server/vars/debian.yml @@ -10,8 +10,5 @@ glusterfs_packages: - package: glusterfs-server - package: glusterfs-client -commands: - visudo: "/usr/sbin/visudo" - commands: visudo: "/usr/sbin/visudo" \ No newline at end of file From 82852dc14748d98fdcc0bbad054246784dc88883 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 5 Nov 2024 12:20:45 +0100 Subject: [PATCH 79/82] backup now is done from dedicated backup server --- roles/server/tasks/system_setup/cron.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/server/tasks/system_setup/cron.yml b/roles/server/tasks/system_setup/cron.yml index bd4bcdd..6963f35 100644 --- a/roles/server/tasks/system_setup/cron.yml +++ b/roles/server/tasks/system_setup/cron.yml @@ -12,7 +12,7 @@ hour: "{{ item.hour }}" minute: "{{ item.minute }}" job: "{{ item.job }}" - state: present + state: absent when: - ansible_virtualization_role == "NA" or ansible_virtualization_role == "guest" - ansible_virtualization_type == "kvm" From 3f759b0fb2cd6dd0abc7e016160d9585527f9704 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 14 Nov 2024 16:00:59 +0100 Subject: [PATCH 80/82] copying querylog might lockup adguard process --- roles/backup/files/config/adguard_excludes.txt | 1 + roles/backup/files/config/agh01_excludes.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/backup/files/config/adguard_excludes.txt b/roles/backup/files/config/adguard_excludes.txt index e69de29..528f08a 100644 --- a/roles/backup/files/config/adguard_excludes.txt +++ b/roles/backup/files/config/adguard_excludes.txt @@ -0,0 +1 @@ +querylog.json \ No newline at end of file diff --git a/roles/backup/files/config/agh01_excludes.txt b/roles/backup/files/config/agh01_excludes.txt index e69de29..528f08a 100644 --- a/roles/backup/files/config/agh01_excludes.txt +++ b/roles/backup/files/config/agh01_excludes.txt @@ -0,0 +1 @@ +querylog.json \ No newline at end of file From fecfe4be69e1f3712a48868ed3b3de9d4c4e1ef8 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 19 Nov 2024 11:15:25 +0100 Subject: [PATCH 81/82] new public key --- roles/base/files/id_ed25519_putty.pub | 1 + 1 file changed, 1 insertion(+) create mode 100644 roles/base/files/id_ed25519_putty.pub diff --git a/roles/base/files/id_ed25519_putty.pub b/roles/base/files/id_ed25519_putty.pub new file mode 100644 index 0000000..09634e4 --- /dev/null +++ b/roles/base/files/id_ed25519_putty.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPaTj6FeAH4fGieFQV2swbjBPSMPL58SyhZ1G6+wb6ow ed25519-key-20210216 \ No newline at end of file From 01e5b2bac5e1457d9610c354b7a1a2307d27375f Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 29 Nov 2024 10:40:13 +0100 Subject: [PATCH 82/82] added new hosts --- host_vars/pve-ha.universe.local.yml | 2 ++ host_vars/pve2.universe.local.yml | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 host_vars/pve-ha.universe.local.yml create mode 100644 host_vars/pve2.universe.local.yml diff --git a/host_vars/pve-ha.universe.local.yml b/host_vars/pve-ha.universe.local.yml new file mode 100644 index 0000000..2cdb9bc --- /dev/null +++ b/host_vars/pve-ha.universe.local.yml @@ -0,0 +1,2 @@ +--- +is_proxmox: true \ No newline at end of file diff --git a/host_vars/pve2.universe.local.yml b/host_vars/pve2.universe.local.yml new file mode 100644 index 0000000..2cdb9bc --- /dev/null +++ b/host_vars/pve2.universe.local.yml @@ -0,0 +1,2 @@ +--- +is_proxmox: true \ No newline at end of file