created draw server

LICENSE

@@ -0,0 +1,5 @@
+Author: Petar Cubela
+Company: Softbox GmbH
+Date: 2024-12-04
+
+Bla bla legal advise bla bla trademark, intellectual property and such bla bla

README.md

@@ -1 +1,3 @@
-# Buero Infrastruktur
+# Buero Templates for used software deployments
+
+In this repository I collect all ansible playbooks used during my work.

TODO.md

@@ -0,0 +1,13 @@
+## todo
+
+### Modifications
+
+- [ ] Build ansible-role-lamp
+- [ ] Build seperate ansible-role-owncloud depending on ansible-role-lamp
+- [ ] Build seperate ansible-role-nextcloud depending on ansible-role-lamp
+
+## LAMP Stack
+
+- [ ] Build with option to choose between apache and nginx
+- [ ] Build with option to choose different databases
+- [ ] Build with option to choose different php versions

ansible.cfg

@@ -2,6 +2,7 @@
 nocows = 1
 host_key_checking = false
 inventory = ./hosts.ini 
+ansible_python_interpreter  = /usr/bin/python3
 
 [ssh_connections]
 pipelining = true

group_vars/all.yml

@@ -8,6 +8,11 @@ main_gid: "{{ main_uid }}"
 # weareinteractive.environment
 environment_config: { "PUID": "{{ main_gid }}", "PGID": "{{ main_gid }}" }
 
+global_env_vars:
+  - "PUID={{ main_uid }}"
+  - "PGID={{ main_gid }}"
+  - "TZ={{ ntp_timezone }}"
+
 # geerlingguy.ntp
 ntp_timezone: "Europe/Berlin"
 
@@ -34,7 +39,7 @@ security_autoupdate_reboot: false
 security_autoupdate_reboot_time: "03:00"
 security_autoupdate_mail_to: "service@softbox.de"
 security_autoupdate_mail_on_error: false
-security_fail2ban_enabled: false
+security_fail2ban_enabled: true
 security_fail2ban_custom_configuration_template: "jail.local.j2"
 ###
 #packages
@@ -55,5 +60,5 @@ package_list:
   - gcc
   - make
   - psmisc
-  - linux-headers-$(uname -r)
+  #- linux-headers-$(uname -r)
-  - open-vpm-tools
+  - open-vm-tools

group_vars/drawio.yml

@@ -0,0 +1,26 @@
+#This compose file adds draw.io to your stack
+---
+main_username: sbxadmin
+main_uid: "1000"
+main_gid: "{{ main_uid }}"
+docker_compose_generator_output_path: "/home/sbxadmin/drawio"
+containers:
+  - service_name: drawio
+    active: true
+    image: jgraph/drawio
+    container_name: drawio
+    restart: unless-stopped
+    ports:
+      - 8080:8080
+      - 8443:8443
+    environment:
+      PUBLIC_DNS: drawio.lab.softbox.net
+      DRAWIO_SERVER_URL: http://drawio.lab.softbox.net/
+      DRAWIO_BASE_URL: http://drawio.lab.softbox.net
+      DRAWIO_USE_HTTP: 1
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://domain:8080 || exit 1"]
+      interval: 1m30s
+      timeout: 10s
+      retries: 5
+      start_period: 10s

group_vars/mailout.yml

@@ -0,0 +1 @@
+domain_base: mailout.glt.lan

group_vars/netbootxyz.yml

@@ -0,0 +1,18 @@
+---
+main_username: root
+main_uid: "0"
+main_gid: "{{ main_uid }}"
+docker_compose_generator_output_path: "/root/netboot_xyz"
+containers:
+  - service_name: netboot
+    active: true
+    image: lscr.io/linuxserver/netbootxyz
+    ports:
+      - 3000:3000
+      - 69:69/udp
+      - 3001:80
+    volumes:
+      - ./config:/config
+      - ./assets:/assets #optional
+    include_global_env_vars: true
+    restart: unless-stopped

group_vars/nextcloud.yml

@@ -0,0 +1,2 @@
+hostname: cloud.softbox-rz.lan
+php_version: 8.2

group_vars/webserver.yml

@@ -0,0 +1,4 @@
+# Need to be in var file
+domain_name: ga.glt.lan
+nginx_root: tu # /var/www/"{{ nginx_root }}" is the folder where the website files reside
+

hosts.ini

@@ -1,6 +1,14 @@
-[snipeit]
+#[snipeit]
-10.0.101.15 ansible_user=root ansible_port=22
+#10.0.101.15 ansible_user=root ansible_port=22
+#
+[owncloud]
+10.0.101.99 ansible_user=sbxadmin ansible_port=22
 
-[sbx-srv-owncloud01]
+[nextcloud]
-10.0.101.16 ansible_user=sbxadmin ansible_port=22
+10.0.101.11 ansible_user=sbxadmin ansible_port=22
 
+[netbootxyz]
+10.11.12.69 ansible_user=root ansible_port=22
+
+[drawio]
+10.11.12.20 ansible_user=sbxadmin ansible_port=22

roles/nextcloud/defaults/main.yml

@@ -0,0 +1,5 @@
+site_conf: cloud.conf
+php_verison: "8.4"
+mysql_db_name: nextcloud
+mysql_db_user: nextcloud
+web_root: "/var/www/nextcloud"

roles/nextcloud/tasks/apache.yml

@@ -15,17 +15,17 @@
 
 - name: Add Apache virtualhost for Owncloud
   template:
-    src: "templates/owncloud.dav.conf.j2"
+    src: "templates/{{ site_conf }}.j2"
-    dest: "/etc/apache2/sites-available/owncloud.dav.conf"
+    dest: "/etc/apache2/sites-available/{{ site_conf }}"
     owner: root
     group: root
     mode: 0644
   notify: restart apache
 
-- name: Enable the ownCloud site.
+- name: Enable the Nextcloud site.
   command: >
-    a2ensite owncloud.dav
+    a2ensite {{ site_conf }}
-    creates=/etc/apache2/sites-enabled/owncloud.dav.conf
+    creates="/etc/apache2/sites-enabled/{{ site_conf }}"
   notify: restart apache
 
 - name: Disable the default site.

roles/nextcloud/tasks/dependencies.yml

@@ -0,0 +1,71 @@
+---
+- name: Get software for apt repository management.
+  apt:
+    state: present
+    name:
+      - python3-apt
+      - python3-pycurl
+      - python3-pymysql
+
+- name: Add ondrej repository for later versions of PHP.
+  apt_repository:
+    repo: "ppa:ondrej/php"
+    update_cache: yes
+
+#sudo dpkg -l | grep php | tee packages.txt
+#sudo apt install apt-transport-https lsb-release ca-certificates wget -y
+#sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+#sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
+#sudo apt update
+
+- name: "Install Apache, MySQL, PHP, and other dependencies."
+  apt:
+    state: present
+    name:
+      - acl
+      - git
+      - curl
+      - wget
+      - unzip
+      - openssl
+      - redis-server
+      - mariadb-server
+      - libpcre3-dev
+      - apache2
+      - "libapache2-mod-php"
+      - "php{{ php_version }}"
+      - "php{{ php_version }}-imagick"
+      - "php{{ php_version }}-common"
+      - "php{{ php_version }}-curl"
+      - "php{{ php_version }}-gd"
+      - "php{{ php_version }}-imap"
+      - "php{{ php_version }}-intl"
+      - "php{{ php_version }}-json"
+      - "php{{ php_version }}-mbstring"
+      - "php{{ php_version }}-gmp"
+      - "php{{ php_version }}-bcmath"
+      - "php{{ php_version }}-mysql"
+      - "php{{ php_version }}-ssh2"
+      - "php{{ php_version }}-xml"
+      - "php{{ php_version }}-zip"
+      - "php{{ php_version }}-apcu"
+      - "php{{ php_version }}-redis"
+      - "php{{ php_version }}-ldap"
+      #- "php{{ php_version }}-smbclient"
+      - php-phpseclib
+      - bzip2
+      - rsync
+      - jq
+      - inetutils-ping
+      - ldap-utils
+      - smbclient
+      - cron
+
+#- name: Disable the firewall (since this is behind a firewall)
+#  service: name=ufw state=stopped
+
+- name: "Start Apache, MySQL, and PHP."
+  service: "name={{ item }} state=started enabled=yes"
+  with_items:
+    - apache2
+    - mysql

roles/nextcloud/tasks/main.yml

@@ -19,6 +19,6 @@
   include_tasks:
     file: occ.yml
 
-- name: Download ownCloud.
+- name: Download Nextcloud.
   include_tasks:
-    file: owncloud.yml
+    file: nextcloud.yml

roles/nextcloud/tasks/mysql.yml

@@ -0,0 +1,16 @@
+- name: Create a MySQL database.
+  community.mysql.mysql_db:
+    name: "{{ mysql_db_name }}"
+    state: present
+    login_unix_socket: /run/mysqld/mysqld.sock
+
+- name: Create a MySQL db user.
+  community.mysql.mysql_user:
+    name: "{{ mysql_db_user }}"
+    password: "{{ mysql_passwd }}"
+    login_user: "root"
+    login_password: "{{ mysql_passwd }}"
+    priv: "{{ mysql_db_user }}.*:ALL"
+    host: localhost
+    state: present
+    login_unix_socket: /run/mysqld/mysqld.sock

roles/nextcloud/tasks/nextcloud.yml

@@ -0,0 +1,13 @@
+---
+- name: Download Nextcloud source.
+  ansible.builtin.get_url:
+    url: https://download.nextcloud.com/server/releases/latest.tar.bz2
+    dest: "/tmp/nextcloud-complete-latest.tar.bz2"
+    owner: www-data
+
+- name: Extract the archive.
+  ansible.builtin.unarchive:
+    src: "/tmp/nextcloud-complete-latest.tar.bz2"
+    dest: "/var/www/"
+    owner: www-data
+    remote_src: yes

roles/nextcloud/tasks/php.yml

@@ -0,0 +1,15 @@
+---
+- name: Adjust OpCache memory setting.
+  lineinfile:
+    dest: "/etc/php/{{ php_version }}/apache2/conf.d/10-opcache.ini"
+    regexp: "^opcache.memory_consumption"
+    line: "opcache.memory_consumption = 96"
+    state: present
+  notify: restart apache
+#- name: Adjust smbclient setting.
+#  template:
+#    src: "templates/smbclient.ini.j2"
+#    dest: "/etc/php/7.4/mods-available/smbclient.ini"
+#    owner: root
+#    group: root
+#  notify: restart apache

roles/nextcloud/templates/cloud.conf.j2

@@ -1,9 +1,9 @@
 <VirtualHost *:80>
 ServerName {{ hostname }}
 DirectoryIndex index.php index.html
-DocumentRoot /var/www/owncloud
+DocumentRoot {{ web_root }}
-<Directory /var/www/owncloud>
+<Directory {{ web_root }}>
-  Options +FollowSymlinks -Indexes
+  Options FollowSymLinks MultiViews
   AllowOverride All
   Require all granted
 
@@ -11,7 +11,7 @@ DocumentRoot /var/www/owncloud
   Dav off
  </IfModule>
 
- SetEnv HOME /var/www/owncloud
+ #SetEnv HOME {{ web_root }}
- SetEnv HTTP_HOME /var/www/owncloud
+ #SetEnv HTTP_HOME {{ web_root }}
 </Directory>
 </VirtualHost>

roles/nextcloud/templates/occ.j2

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cd /var/www/nextcloud || exit
+sudo -E -u www-data /usr/bin/php /var/www/nextcloud/occ "$@"

roles/nginx/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

roles/nginx/defaults/main.yml

@@ -0,0 +1,11 @@
+# Need to be in var file
+#domain_name: kazcynski.duckdns.org
+#nginx_root: kazcynski # /var/www/"{{ nginx_root }}" is the folder where the website files reside
+
+packages:
+  - nginx
+
+nginx_root_path: /var/www
+
+nginx_config_dir: /etc/nginx/sites-available
+nginx_sites_enabled: /etc/nginx/sites-enabled

roles/nginx/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart nginx
+  service:
+    name: nginx
+    state: reloaded

roles/nginx/tasks/link.yml

@@ -0,0 +1,9 @@
+---
+- name: link nginx config to sites-enabled dir
+  ansible.builtin.file:
+    src: "{{ nginx_config_dir }}/{{ domain_name }}"
+    dest: "{{ nginx_sites_enabled }}/{{ domain_name }}"
+    owner: root
+    group: root
+    state: link
+  notify: Restart nginx

roles/nginx/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Install and enable nginx
+  include_tasks: nginx.yml
+
+- name: Template config files into place
+  include_tasks: template.yml
+
+- name: Enable site by linking to the dir "{{ nginx_sites_enabled }}"
+  include_tasks: link.yml

roles/nginx/tasks/nginx.yml

@@ -0,0 +1,10 @@
+- name: Install nginx
+  package:
+    name: nginx
+    state: present
+
+- name: Enable nginx
+  service:
+    name: nginx
+    state: started
+    enabled: yes

roles/nginx/tasks/template.yml

@@ -0,0 +1,39 @@
+---
+- name: ensure target dirs exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+  loop:
+    - "{{ nginx_config_dir }}"
+
+- name: ensure target dirs exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ main_username }}"
+    group: root
+  loop:
+    - "{{ nginx_root_path }}/{{ nginx_root }}"
+
+- name: change hostname to domain_name
+  template:
+    src: ../templates/hostname.j2
+    dest: "/etc/hostname"
+    owner: root
+    group: root
+
+- name: write homepage nginx config file
+  template:
+    src: ../templates/nginx-config.j2
+    dest: "{{ nginx_config_dir }}/{{ domain_name }}"
+    owner: root
+    group: root
+
+- name: write simple homepage index.html file
+  template:
+    src: ../templates/index.html.j2
+    dest: "{{ nginx_root_path }}/{{ nginx_root }}/index.html"
+    owner: "{{ main_username }}"
+    group: root

roles/nginx/templates/hostname.j2

@@ -0,0 +1 @@
+"{{ domain_name }}"

roles/nginx/templates/index.html.j2

@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<h1>Congratulations!</h1>
+<p>The web server is running! </p>
+<p>And serving this webpage on port 80.</p>

roles/nginx/templates/nginx-config.j2

@@ -0,0 +1,10 @@
+server {
+        listen 80 ;
+        listen [::]:80 ;
+        server_name {{ domain_name }} ;
+        root /var/www/{{ nginx_root }} ;
+        index index.html index.htm index.nginx-debian.html ;
+        location / {
+                try_files $uri $uri/ =404 ;
+        }
+}

roles/owncloud/tasks/dependencies.yml

@@ -1,61 +0,0 @@
----
-- name: Get software for apt repository management.
-  apt:
-    state: present
-    name:
-      - python3-apt
-      - python3-pycurl
-
-- name: Add ondrej repository for later versions of PHP.
-  apt_repository:
-    repo: "ppa:ondrej/php"
-    update_cache: yes
-
-- name: "Install Apache, MySQL, PHP, and other dependencies."
-  apt:
-    state: present
-    name:
-      - acl
-      - git
-      - curl
-      - wget
-      - unzip
-      - openssl
-      - redis-server
-      - mariadb-server
-      - libpcre3-dev
-      - apache2
-      - libapache2-mod-php7.4
-      - php7.4
-      - php7.4-imagick
-      - php7.4-common
-      - php7.4-curl
-      - php7.4-gd
-      - php7.4-imap
-      - php7.4-intl
-      - php7.4-json
-      - php7.4-mbstring
-      - php7.4-gmp
-      - php7.4-bcmath
-      - php7.4-mysql
-      - php7.4-ssh2
-      - php7.4-xml
-      - php7.4-zip
-      - php7.4-apcu
-      - php7.4-redis
-      - php7.4-ldap
-      - php-phpseclib
-      - bzip2
-      - rsync
-      - jq
-      - inetutils-ping
-      - ldap-utils
-
-- name: Disable the firewall (since this is behind a firewall)
-  service: name=ufw state=stopped
-
-- name: "Start Apache, MySQL, and PHP."
-  service: "name={{ item }} state=started enabled=yes"
-  with_items:
-    - apache2
-    - mysql

roles/owncloud/tasks/mysql.yml

@@ -1,7 +0,0 @@
-- name: Create a MySQL database for ownCloud.
-  mysql_user:
-    name: "owncloud"
-    password: "{{ mysql_passwd }}"
-    priv: "owncloud.*:ALL"
-    host: localhost
-    state: present

roles/owncloud/tasks/owncloud.yml

@@ -1,17 +0,0 @@
----
-- name: Download ownCloud source.
-  ansible.builtin.get_url:
-    url: https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2
-    dest: "/tmp/owncloud-complete-latest.tar.bz2"
-
-- name: Extract the archive.
-  ansible.builtin.unarchive:
-    src: "/tmp/owncloud-complete-latest.tar.bz2"
-    dest: "/var/www/owncloud"
-    owner: www-data
-
-- name: Configure ownCloud's trusted domains
-  command: >
-    my_ip=$(hostname -I|cut -f1 -d ' ')
-    occ config:system:set trusted_domains 1 --value="$my_ip"
-    occ config:system:set trusted_domains 2 --value="{{ hostname }}"

roles/owncloud/tasks/php.yml

@@ -1,8 +0,0 @@
----
-- name: Adjust OpCache memory setting.
-  lineinfile:
-    dest: "/etc/php/7.4/apache2/conf.d/10-opcache.ini"
-    regexp: "^opcache.memory_consumption"
-    line: "opcache.memory_consumption = 96"
-    state: present
-  notify: restart apache

roles/owncloud/templates/occ.j2

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-cd /var/www/owncloud
-sudo -E -u www-data /usr/bin/php /var/www/owncloud/occ "$@"

roles/samba/files/etc/samba/smb.conf

@@ -0,0 +1,54 @@
+## NAS Samba Configuration
+
+[global]
+  workgroup = SBX
+  server string = pve
+  security = user
+  guest ok = yes
+  map to guest = Bad Password
+
+  # Disable netbios/wins support
+  disable netbios = no
+  dns proxy = no
+
+  log file = /var/log/samba/%m.log
+  max log size = 50
+  printcap name = /dev/null
+  load printers = no
+
+# Samba Shares
+[Windows]
+  path = /mnt/Windows
+  public = yes
+  browseable = yes
+  read only = no
+  guest ok = yes
+
+# Samba Shares
+#[frigate]
+#  path = /mnt/ssd/frigate
+#  browseable = yes
+#  read only = no
+#  guest ok = no
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

roles/samba/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: start samba service
+  service:
+    name: smbd
+    state: started
+
+- name: restart samba service
+  service:
+    name: smbd
+    state: restarted

roles/samba/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: install samba
+  apt:
+    pkg: samba
+    state: present
+  notify: start samba service
+
+- name: install samba config
+  copy:
+    src: etc/samba/smb.conf
+    dest: /etc/samba/smb.conf
+    owner: root
+    group: root
+  notify:
+    - restart samba service
+
+    ### nfs
+    #- name: Ensure nfs root exists
+    #  ansible.builtin.file:
+    #    path: "{{ item }}"
+    #    owner: root
+    #    group: root
+    #    state: directory
+    #  loop:
+    #    - "{{ nfs_root_path }}"

roles/smtp/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Reload postfix
+  service:
+    name: postfix
+    state: reloaded

roles/smtp/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Perform a dist-upgrade.
+  ansible.builtin.apt:
+    upgrade: dist
+    update_cache: yes
+
+- name: Set mailname
+  template:
+    src: templates/mailname
+    dest: /etc/mailname
+
+- name: Install postfix
+  package:
+    name:
+      - postfix
+      - mailutils
+    state: present
+
+- name: Copy the config file
+  template:
+    src: templates/main.cf
+    dest: /etc/postfix/main.cf
+  notify: Reload postfix

roles/smtp/templates/mailname

@@ -0,0 +1 @@
+{{ domain_base }}

roles/smtp/templates/main.cf

@@ -0,0 +1,51 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
+# fresh installs.
+compatibility_level = 3.6
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_security_level=may
+
+smtp_tls_CApath=/etc/ssl/certs
+smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = mailoutgltlan.glt.lan
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = mailout.glt.lan, $myhostname, {{ domain_base }}, , , localhost, mailoutgltlan
+relayhost = 129.187.254.15
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.54.15.11 192.157.167.116 192.157.163.234 10.0.25.172 10.54.0.80
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+
+
+

run.yml

@@ -1,12 +1,38 @@
 ---
-#- hosts: k3s_cluster
+#- hosts: netbootxyz
 #  become: yes
 #  vars_files:
 #    - "vars/vault.yml"
+#  pre_tasks:
+#    - name: Perform a dist-upgrade.
+#      ansible.builtin.apt:
+#        upgrade: dist
+#        update_cache: yes
+#    - name: Install essential packages
+#      package:
+#        name: "{{ package_list }}"
+#        state: present
 #  roles:
-#    - role: geerlingguy.security
+#    #- role: geerlingguy.security
-#    - role: geerlingguy.ntp
+#    - role: geerlingguy.docker
-
+#    - role: ironicbadger.docker_compose_generator
+#- role: samba
+#
+- hosts: drawio
+  become: yes
+  pre_tasks:
+    - name: Perform a dist-upgrade.
+      ansible.builtin.apt:
+        upgrade: dist
+        update_cache: yes
+    - name: Install essential packages
+      package:
+        name: "{{ package_list }}"
+        state: present
+  roles:
+    - role: geerlingguy.security
+    - role: geerlingguy.docker
+    - role: ironicbadger.docker_compose_generator
 #- hosts: snipeit
 #  vars_files:
 #    - "vars/vault.yml"
@@ -16,19 +42,36 @@
 #    - role: ironicbadger.docker_compose_generator
 #
 
-- hosts: sbx-srv-owncloud01
+#- hosts: owncloud
-  become: yes
+#  become: yes
-  vars_files:
+#  vars_files:
-    - "vars/vault.yml"
+#    - "vars/vault.yml"
+#
+#  pre_tasks:
+#    - name: Update apt cache.
+#      apt:
+#        update_cache: true
+#        cache_valid_time: 3600
+#      when: ansible_os_family == 'Debian'
+#
+#  roles:
+#    - role: geerlingguy.security
+#    #- role: geerlingguy.ntp ## NEEDED?
+#    - role: owncloud
 
-  pre_tasks:
+#- hosts: nextcloud
-    - name: Update apt cache.
+#  become: yes
-      apt:
+#  vars_files:
-        update_cache: true
+#    - "vars/vault.yml"
-        cache_valid_time: 3600
+#
-      when: ansible_os_family == 'Debian'
+#  pre_tasks:
-
+#    - name: Update apt cache.
-  roles:
+#      apt:
-    - role: geerlingguy.security
+#        update_cache: true
-    #- role: geerlingguy.ntp ## NEEDED?
+#        cache_valid_time: 3600
-    - role: owncloud
+#      when: ansible_os_family == 'Debian'
+#
+#  roles:
+#    - role: geerlingguy.security
+#    #- role: geerlingguy.ntp ## NEEDED?
+#    - role: nextcloud

vars/vault.yml

@@ -1,13 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-61653539633662393863626638666466303131396237373661303939333263303033653638343235
+31353435633062366461353231666566366662373733656337356339626234313966366139613161
-6437663430656538303865336663616432313832333532380a323632633339616466313038356239
+3533646266393033316330323737303638303162356161610a393337313837653835396162633030
-64623565623264303739633134656666363163613361306230343638346330383435623931373364
+30313066326337393831643833663237643966383163363866386133373264373933633133653462
-3463643433323631650a613233353266333036643239366330613133643238626132336530653462
+6636376563336433640a356231363764363834626431616435633436306662313932313164623733
-37643966643663313964373531373731343064613461636564656332336461326235666264643030
+62383062653166613661303939346135643661646630386532306161393365393133626164303337
-37663966626561343761623363346539333662613966366564323639306230626265343431366238
+31623962623931353365346365623333386638313266356131326565613730303338643863396237
-63353531313165633365323439643033313536306330656332373162373733616338613561383233
+39353261616339356563393236633232646361326234333533643338656331623732636432383434
-33376530636530376638383562373862633362366366333130633833633938613462613932313834
+63653963336333366462366562633631336636643935646632323031666366633136383732643733
-61353563356361363338356665363364366166346534346137323661363464653934363638303766
+63366433363136666131386434333431333062363238633064646336626463623730616238646136
-39633963626231373138636237326531353835343930643535313937656334613462626639326139
+31333839623538306161393862306231656466613231326165666562616432363136396332646533
-61326665643862326365356165393361326266616530306330643665386663356536646337343061
+30663130336438623463336333343830656138316236353963373833386434393337356262313934
-37353230653062616266
+63323030323837373066323337363633636236353931643636643337393161303965613438363638
+3532