From 03d10acea6da75961d59f693356fbcfd0f92f419 Mon Sep 17 00:00:00 2001 From: mg Date: Fri, 25 Dec 2020 18:37:14 +0100 Subject: [PATCH] Rolle postfix erweitert und Mails per Strato (#12) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tags angepasst Postfix Rolle erweitert mit Sender-Mail rewrite Port für Strato angepasst Rolle postfix in haertung eingebaut Bugfix: Vars2 Bugfix: Vars Doku postfix angepasst Defaults Postfix aktualisiert f2b Vars in GroupVars Fail2Ban parametrisiert KeePass: Postfix Absenderpasswort aktualisiert Vars und defaults ergänzt Rolle umbenannt in anderen Rollen Rolle umbenannt: mgrote.postfix-gmail --> mgrote.postfix postfix GroupVars auf Strato umgestellt postfix defaults aktualisiert Variablennamen postfix umbenannt Keepass: gmail_nutzer_passwort --> postfix_absender_passwort Co-authored-by: Michael Grote <38253905+quotengrote@users.noreply.github.com> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/12 --- group_vars/all.yml | 18 ++++++++++-------- keepass_db.kdbx | Bin 12318 -> 12478 bytes playbooks/base/6_haertung.yml | 1 + playbooks/on-off/f2b.yml | 2 +- playbooks/service/fileserver.yml | 2 +- playbooks/service/pve.yml | 2 +- roles/mgrote.apcupsd/README.md | 2 +- roles/mgrote.apcupsd/meta/main.yml | 2 +- roles/mgrote.fail2ban/defaults/main.yml | 2 ++ roles/mgrote.fail2ban/meta/main.yml | 2 +- roles/mgrote.fail2ban/templates/jail.local | 4 ++-- roles/mgrote.postfix-gmail/defaults/main.yml | 6 ------ roles/mgrote.postfix-gmail/templates/main.cf | 13 ------------- .../templates/sasl_passwd | 1 - .../README.md | 16 ++++++++-------- roles/mgrote.postfix/defaults/main.yml | 12 ++++++++++++ .../handlers/main.yml | 6 +++++- .../tasks/main.yml | 16 +++++++++++++--- roles/mgrote.postfix/templates/main.cf | 13 +++++++++++++ roles/mgrote.postfix/templates/sasl_passwd | 1 + .../mgrote.postfix/templates/sender_canonical | 1 + roles/mgrote.restic/meta/main.yml | 2 +- roles/mgrote.smart/meta/main.yml | 2 +- roles/mgrote.zfs_tools/README.md | 2 +- roles/mgrote.zfs_tools/meta/main.yml | 2 +- 25 files changed, 78 insertions(+), 52 deletions(-) delete mode 100644 roles/mgrote.postfix-gmail/defaults/main.yml delete mode 100644 roles/mgrote.postfix-gmail/templates/main.cf delete mode 100644 roles/mgrote.postfix-gmail/templates/sasl_passwd rename roles/{mgrote.postfix-gmail => mgrote.postfix}/README.md (50%) create mode 100644 roles/mgrote.postfix/defaults/main.yml rename roles/{mgrote.postfix-gmail => mgrote.postfix}/handlers/main.yml (71%) rename roles/{mgrote.postfix-gmail => mgrote.postfix}/tasks/main.yml (68%) create mode 100644 roles/mgrote.postfix/templates/main.cf create mode 100644 roles/mgrote.postfix/templates/sasl_passwd create mode 100644 roles/mgrote.postfix/templates/sender_canonical diff --git a/group_vars/all.yml b/group_vars/all.yml index e67a913f..50727055 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,13 +1,13 @@ --- - ### mgrote.postfix-gmail empfaenger_mail: michael.grote@posteo.de - gmail_nutzer_gmail: michael.grote@gmail.com - gmail_nutzer_passwort: "{{ lookup('keepass', 'gmail_nutzer_passwort', 'password') }}" - gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" - gmail_mail_nach_cronjob: false - gmail_smtp_server: smtp.gmail.com - gmail_smtp_server_port: 587 - gmail_smtp_use_tls: "yes" + ### mgrote.postfix + postfix_absender_mailadresse: info@mgrote.net + postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" + postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" + postfix_mail_nach_cronjob: false + postfix_smtp_server: smtp.strato.de + postfix_smtp_server_port: 587 + postfix_smtp_use_tls: "yes" ### mgrote.set_apt_sources acng_server: acng.grote.lan acng_server_port: 9999 @@ -33,6 +33,8 @@ f2b_bantime: 300 f2b_findtime: 300 f2b_maxretry: 5 + f2b_destemail: "{{ empfaenger_mail }}" + f2b_sender: "{{ postfix_absender_mailadresse }}" ### oefenweb.ufw ufw_rules: - rule: allow diff --git a/keepass_db.kdbx b/keepass_db.kdbx index 09e66ae12bf1a57392334af930c30e8a7e8ace74..1b918a1eaad60ec95985426602a73ee8f60a39eb 100644 GIT binary patch literal 12478 zcmV;vFhS1)*`k_f`%AR}00RI55CAd3^5(yBLr}h01tDtuTK@wC0096100bZa3J?5( zqHCKLH4{!M*e|6TwR<1RRB$2Hx^?Qd?!o1K1t0)_XFeT+V78iiabPjL6HiD~wtgSN zq*H?j?k}Km4hx|M2moN}00000000LN0A7^9{y_OWx(zzC7-1+?q1ONg60000401XNa3XlkxaN-pZtCu8OV$A*xm4kJ4{Do*4@b?tGxy}F8 zw{UvJv36w+@svT_ovdOePs9g}<$A&IQsU;;7WnznW>Pcyo1UUvkL*z&2~&P64*WH0 zf&ZwYlhE+@?DCXeJx~1b{nCBw`H1-(88CAS5brXjxKsYy0a1)!lBv%g9ISbiKftw8 zozP%@D@J>);j%2ddysTNtr14|A;6LqQ@dyFpWz%?=+0$)k$uY9pyfbA#J1NEylel- z!%ZFeLgKzS1UNWv6j-=7RhYx4|7tAUvPq2O0)B?F+2s##+9!Ck8d=0+WL$G>Mg)l_ zp^?e4!Xa(7H#EPV9v7X&uyh_vf4y;=L`X24{!uwWt!*39p1fjQi@n@4YB~ZWA}l=? z90e|ne`^B#9-F2>Z}X(|Kn-X@Z>AA^Xb#Kta!VR13?oXNuq;n+Jl(C$v^S?t+fuia z3y3TKeNz!~Z1al%Q(Wrql1-{G2V@GHml*}=Ls0mLKBvc1{FBXp{FDPy*!-@@U1 z(6nMg|Jjv>(!cW7Z76V1@U3L@Dlh)_eIz#8a^?lMqhp)&&IHTLAgJ4QgYvPDFs&|z z>)H}|@sjIZb6bU!1T4@dT(*2d`R!o8ZYRmaObcGqB;?Jm<4&b!51Pvh#~sRPT}olY zk)VrgmYV&k0DKe}(6O?Lu#;INHmnp?oWsu4rPe~@noub9HYZb)LPZJimG)Q>u<z%#6X&1MKPP3m0Mk{tuPZZ!nx_`55JlKqNWQIx$AX{<4dRQx$UZ*+4;}H4aRh zAB{G0)9mrk&S3!ReEN4q1oHiQ8{t;DBY6L;SXNqgos|zjWWZU`uo)0+_ykfR7=a^@ zy()~}aX+h_ zkFHDD!%E3Lp8>#MlCVoP%M=bZml}MId|tJ&R6a0HMf+==Of-m>E#_(>et=z9b5a&c zd5%t%(0yY7eKTBPFGB$;?BL~K*%T20fDYtpBP^D znSfm}MJVZYkd|8!^@9fjC zDKtOx)hqwkATTgA^Ff1w$l);uE-Mo|QW>6lI^1q?t@Kpz5t8@mQh;b& zH1D2BmA~vBP5866cgs311d2&w`bj3`b`zux8o^6=w`u?zupw1?EUR6#S8bq2r=Z0_ zE^^A5vRw=dLxEXTIAy6#|xeBv9N z!-e1;t`nA3W1z%Jr=`|VT^VsDb^zwIZsxDsWlC8$AS;@xU_Sn0`Sk83p1x)!9ztVB zoZYK}(Lajw{}bvgjpSHy12r*ZF`GFTuc)xn7Jn@YzriJIQ{??Z`hw~JAT29pT`dckR4ge?$acyIKK+!AF1lko5`9- znNTW5N`P75KCh_t9GeY^aI#_!=`wR<%|Q<6TJ_trmTqD~T0=Otk>%m@CiVyM+Dyf? zVME8V?$mKcL(7LlH~S=<3m1!NMDV#MFD?x}mGfG5>Gk|NCz|DJiYZ$McAt{~#BJfI zWZw)2M|*P%UqziiqOg>BI4=&#)U06O*{8m`S{(FKwKPfkV1wOz#x)WYHT`IE&dxnG z3amR-D3oV4`%;{-8^v|=7s;@z;aHauNq9p3`c09f^C{tsy_EQ%W6y_tTP-!QkFh0> z(hdiI{63KDA2W1MFaS$OKt=T#I|*g&#wYwE8nSS%(?aR&<)T1`{uC`Nmqy?+=3II% zr;Os4Tsajmgc=K%&ILMS-OW!cpSWehgnarlrM3O)`{A@dfOkLWnQFC4#jOhKy~X9G zaVrHWBQj$Ce!cjQT4CNH!GQ#-WfHxRg%DUzB5fvP6q~Gp&<@e$p3^aKqP5z3wh-)) zPXeVCmjo08I{P8=NFq6aZ%B|wcZpUp$o0@5G22zPZxKlIV~zsJ9?ycqnX8~L`X-dj zWVKNbWZ#gb@nOkFp#@XiO)GT1(JQy%Rsq7G_OKAv4~Fs9RF>=+ ztTPv1@5EKJjKmX>?vi$*PDt>RXhEM3y4b`w#j zsD6_wSkdp)Ligw8brfCy(tdLA{mq_~zb3tL|0B|R+e?k0N#3S2@*`$=qF0c>yDK@G zw}GqD%^!<3ML}|Kv$i8IL(DhOx*an86l#`x<`gqM&lNniu(t0EfS)3%x*Mw24Ri;B z<roRH;`z`Mu6MXhbl8gQ=>H^p?j#_Z5?vagP`FGEW-MsIUeK31}8A zRnV1aB-J1}v`KRo*RsClM5a)F(;2lGL**?`zJN+=NVE`5RQ_0b=`lJ(x7uER8P zsZFY&C8q-s6TfbhSTg#G?%2@l%8kU)t#3zk;Nwcl%@WQ?Lqc$M%NOijc9%mF#i*y> z_W`3yG|fET5^5a{a)dLAeB`z8{8oMR^<*m)4?lklR?0=6>nGgD{s2Gu(RtF)A;#$5 zq4;Qif&Kr2 zm(9sC$2})%WtEUGH@hkEJHgP@10_>Qgwg&XTs^!eMy>1wYG)>ZV>97Fd>r&wDV!%? zkG^#sE>}-eQ%(9a>U@W+U>ly07zyeQH&Dw_CgeS}aJ|4pV=3ttTyjY^68P6CJ4YI#-%`=RHtJ0PsV zWePb?yFQtbt>Mb3A|Dg*dycJWDO<8l!HP8?cP2hw7t)Yk-2T-`U%7gTReF>pl!OGq zj_{-@Fp{Ik_Q-?GG1IK|-TCZITf_&jhA4!N1e`Nr@J#o%gf7~{qWmh^FXly0(rzdn z2?=3y;ltmXeHhYZ_VhsMr1fS`%v9_TurIwuz<6||uyb@`#L{I_*vQ@)y-VO@^tELJ zwvK8sgg)!r;5e{{l_CQ*>aPQiY(Bt9SIhh1J`xU}qLZ-@!>0Jd}_8fF6* zYWC=M<}PM3IQJuEz({AaRT7cD4c6{Tl7hO$bRBTupHCk#P}2FQokIlc-5>oI*H?zt zi^gi@5v%;$?ZPjt0CjFzqu{_8VT)WixKn-M`1EJ5pUvd!YtN)9`;)-qk~%a5y?6On z{#Z^D=UH77_fnlTSV6ASB;xmkfByN zG=N-*BzO^f7LpIz_YQF^PZ9nT7k*iofeZu4z5M!XCGV+SsscF`*|w;^ItJ+@K7<=F z7%K}!qK`lRA8TfL)EV6xRx4jdw{f3(u}8wsJ$V?cz=+ zj_AX#j{nf5N?&smS}+qee5rfBN5DxmWH&8Og3wgVL*MdF=cq-sMK_B~a&R8SNiebr zRrqnG%&~7fLM<{O{TFgCPWfY z6RdIXb#2L~wdiiDQ+2zpmg(F7Y$U)N@VJ~3n%AWMFxKSCtb392sDTAcP{zzINoH8Z zl^-1Jf2>7;sbMX%TGL?I)OJ9n8HEhqcX*+=dpac*oJ!d#b-#z;y;2I7{> zXGLfq;Gk>^9*=PkT!6C3mH?TZ-$@pRn@7i3!y!odHX4*vfno&I@JMILNZ8VH9ERC) z%yYwG=x zs=jVpCcL19SRCg&*!y(?aq#|VqcteZ43SZ30uN~k>`T7k&^>N@-ZMt;KB94Htu7W+ zTQGLaR^D$Qe+h)T7J#&Xbger_ITtP4>>Z`bq>nN4Qq;rY^Ib2Qaz2555dKerQty2J zMKLkRmnYL!==NE^oa4}O(W={mxBw){bn2`RL$Ra!KAWr)!wY8>7ty~S%>JR`kcq{+ zHLMS$=L6R|F=5qMH=W9MVziz`v>2L#f+9T zb06YqvM(CraJOR*?+kDI&i-7iDwA+lBBx%*O4ril?pN<>dGrPw2jTdTte^w5X6 zNcLHFs@I?+dLxHS$!wz~ClO9VG47=pt@mFU-Wp?khum4x8?oJlLc9G_bOfore^jLY zW`0iDdalf>6$M_me1me!l9fdE^rqw$py>9IY-`8&r(8C4B&H9j#9+!S#CK&B+6FcU zeK9>CQ!A-uCzKOVc;YS{dj&xI4ND*t;b{dXTjZ<|QK^hn#uo>+Z)kju?scZC`bGZB zK_Oi$N=J4cHMw%{6tb=64h7Ys-9f$-LY;zLGW=YxzXO2~&k*aR)v~>jz9AVB*3k^T zTu(4wJK)ZV9zQJ zn--Ww#SEpgA)8l^Fsx!R+UYOMu_Vf-v7V}9P&r@v=9KyVs~nE~&$?gMdBYz3UQl?C z6b*ZRdqzlYQ99KE9gI^6PJ;cJvBYdo-Wr1mnc=L~k-Ak~Ey6^LbMA?qqU{9%r6OV= zZ6wCoI*}dclgvnzvhNRlN7JCjqubJ*`}eXYJKXFOslwb3IDwf=`?mav_iIEY5Ky0lzc$o^zP-U|}u-&5A+CUuv5a3t{ zaroh7Ogy{UZyvLL=5gH=@b+~nz3akQu
sdt<;<~7M|=QsKMX}w)iHdrAtIwpAPY=qDL^%x=~-!QUXB5tJ;(2E0X z7xJ@=wYEk-veET^05kgyWq2F{mMiX*1s>`Ut%xzuiJyN)lx>rIi59^3>XJh8@qxLJ z@c*gmOWv^}&rL}urmr0m@bDQyi);RYk}k=fD>Zz3o0f-98E^>r$T^$ZTh> ztuK~Jtw6I6f>-o)UeJrjQcIqci2p@}S=ICN9`UXykZ_+dD-EwVy_6P(t1vf$_@ z9~nYT>{UjWL??Xj0il+J)4e=)^6@sdoqs|I__8U-DdQO(UcCdRGw!JVfKUw*omP_y zuYO*H@*3`E6;k{Rd7clydrX);W9I)q%I;LHphdPxfu=M4m_l`)nn^I_a!W<3_TdU^ ztx{)&S%VPbAlr;D=bIEb&uj(oNUw`AF=6VF3E^>7HL|6YvYA=tT71g^}*Kj$6%A z1?5TCkBu)~I{ogMqW)4*Gok6XPq73_Q!g{T!Htls*0Pfx?%9nM_ov1bKcfj8;CCC>Xl-{^F)Uy!Bz~#%CLi`4KE>i zyav`jCw(x)O>=2x?p;<#q_MzJl7T321LEj)wT@*jxbLaV)2%JC?ib z)Q89>*l9?nqHq3yU8K(6*c9N)y(Vbbs2}(+Ew7mahM5#3BL$;{;AT!Nh?vW^^)1a- zsL!o}vg}IObVV>BF3CgW4Q56aP2ydtgeIOkjgZpyNr)P&XW<)4WjY0=$p_Jq*+SYk`!%&9=Y&XABSCy1q>zuKpw^c6Qs z=8q!3B>5wv@N=rwxcT*T%uex72DCrI7G+IlQFlnB5w}gpX^zjYO#w(B?ERr)Pc1EN z59D9Q!#!{Z(|`Qu^beRGzf!YDDP6h6WkB#v7B6iX#+`Jg>f3SP%nE(N;3Czc>FBuC zhUNVCwOt9ijg4LgZG%ny!rVOk;cE00U95qLHHy$si8<#^YG|K+XlrA3%t?It&T}Yq zM*ujv8Zd!WU*~w?;iZ}yS4z+F@q7B0x(D0JCVPOn>93I6Tt3xN)iy-*yHhBZt?6^w z&!G%Mkki6M%m~?QXX{_wwE>e4=z5w=9)z|+9v6)-t2&y-v)DzgYejK%qCeS*zr97o zFAo}jirZH1-QeCwsH_oi?dRMpC#4>1GC5xx$Mqt?^VA)ZVB>k^6LBV+2C%&4;}DE5 zaogdp?Bj&5R+jSyrug?0F793Pr1zIG_xsPv9~b3k_L_$$_!h z&0M^^_Ge7Tz1tkapHQy)eErLaPPkDGRNJpt6beWb>AA@^D)E^k&H^FU6%2OjrvIIe> zB^_g6(k;iY)(QOUONl*QIzK7B&~8+`9mQr@%5ODa34k;SZVegg;;6 z_ISexGwwXepEU^9t8|rOg2BU#G6JTUG>Q*xCLN-bdB1lP0$y*F0YRvvRLhv7Nl0NL zTI(S|u1fr3PwDh&vwL^&DpHG#sqaYsO~}o#x|=nz3n+C;PA1g3r2HSx`|lEy(xmtG zAn?#5t*jGGfI6sfwO@KMWI5M~n=7{GyBHg4bqhClvPeqO)7q*fN1>EgIGFRK%ex%M zhHPgeHv^}!IbZ8RHReora5OR@Ep!W-E=PYlV)LuuRO~V=QF`+`l0}h=LH5Vtd7Gk- zV1{sl@b9wEus3koYbbI>#MmHmtr%YxfQXo!*FLfXfd!+|q`Ro_2g+msN|?5o-^AWk zXfRJ1{0y`OOazr%hf=F2`W|9Y8#42nXTCn^5{qxJmQKnv*sU3q*oi4Hj3`4q#6WN{ zeRIx{O|rUt)R6*F{7Ap>+0K09A=ZFS+g|g^$K#sMCL>_|j#>7@&neQ^}l?nNEY zbA~_{)z-3qn0+3~)Cxj4Pb5K6ip}@+;&AS}B>ajOj9%fSD@odhxF*bt5th+Z&JZ)^ zW9Z0KyhCdddrt7TP4My5T+(_cJKGMs@g6v-ON83j@QX1V&nDK`p|k~t;3Ehcko9up zEKwH@CFrRv5G+_rf9~U$2HoAB1fdK;3qdA`* ztmH+HXkPyy0h2}xpL}j%{df1$#tuvaq}6&oc-{1IQzx%QBc+FZrwLg>4ecl!TFAyn z`hM_-7<5fOVHi$(2B4T?f=@t}k^GKVUek~dh(BcOUTN6&^bj`XD&dFAYTZOFUXp5I z7GC*2GWg0$jrN(05yOa=xqumcJc3dERC3X@V*kLBjAqY715`9?=_sN${UEDC2<*zw z4WwN+rP*>xU*IY&u!HS^{C9ojV(qSC4s}E^^GVjCC-`kMmz*XbC(b&(ho#KY}1JBrd)w1_Zs-klEz5d*tKsTd=fT<1cPmxnmRw4SgBa0 z_M8XllUV72`@49h76^S~x|m#f-Ye9@!2FwZwPNRnPKg_qpOV%1p;Rpn%{FWt+}~`g z{sj1v_vJK=B?OE}zM#cb!G;Z&<5j890p1 z2`Ed)VNmCrB{bG%KsqC8m5HYH}%Ac(rYARP%s4?m=2~F!Y?3 ztMkNBsz0!J+sax^Z zUPxIu(GZ`}-F|!sspXHT{G5+UhhlbF* z+KCA!Hcvy-k9Hx1woL|~!(p%5f+DU!@mrS6?*x@k&_Pv)OeN?p-}&|X+zZ|*oHwXQ z!!vCMuLO@)1+zt9`ix2$-f@gcK&{#_Ufp3nndSe29Vf6=lk~*pA$H9!i0_*W~ zk!bsNdUblm?RgCKRtRsj8;Iam43dFNVsG)>S*`a9CRsBP3(+Mho^gI{opr9Rpd7TF zmcJpHLO{zHyQVEv2`Y8c!IIoqE|gS_67{M!sFZFwL6Z6I`e_uD-Psn&^J}Z<1EDtqJCbU}vv_NWkRjy!wF>PopMnIBTRvMj zg5k4dMX=ys7ks^^A zoJzHXNd}?k9qmlvNPR<4odLW~FsxcihoyPipb0Urm)^M0^J~L-tM8A!nZAxjpm_+h zw9Q=DN6Ag6~ViwM9WK|#(50)e`ldQ;))EecGBroRMceWKum|r(Y z2w_r$#)T4pLpHRn`Y8==J#I;~xYffEXRiAaz03lX_dBN)^yOd{V${RFuus%)d~^E~ zhQ6{-Km_aBIud`pJ+C#LlQ%PlEGHQezwAhamZ?Q&b~6{ZoX9ewziSYUyWG3Pl8bWZ z@iV;S|G<+H8l;~r?s9ZhfzB3QdWp|AQNcnL$H3k(0cl7PSr~>N(ux$8eZ1>g_w_HP z5sqF@U|4yBri|Gw%AjCJ(gd-CUg>0l(uf5hHqm05byB}G97&e77*_dRntz26W)pIV z5Yq#4I$O9Sl2V=#a9xA=2!uj#yIsfYT%B93Ac@`tH*nm#UA2b2o*alMxbT~jMZP!c zi1Nvc)fxz^szLiL`U>b>QmO|s*3_qQBI@31i+De06;9Dbz3zOMuUj})0lgxtk0FJ} znZIYOI6Ne!3ozA|iZLu(KTE!s(^jhT#g2{J{G_9%r~e$R1#DG%g!0DnA~f2Kw0G8b zJ+PTrPN(4Si8~MnVO9;W@;D1}2?r>30Z1HWeo$|PK&t1oY+!-j4j14M8pAfN) zQfEIid`CK*;XIaghMqeJNw6?Rt3oEvtApy#vkTNmAuu#MA+j8D&wV6AHpwh%A3ZG3 zW%Fh9D+g7(*j5n`?qz; zYji#Ui(sOah%@%Q$9kzD9_<|vgl)=bw>Hq}ktFsd0jErI&^MWgrIxlE2Bv~k0Og2F z<0ARmL+OjbfYpJB2;Q`ScO7Q z#Eqj&YEOeHTm`>FmM2`P#FQR6y^5{^Uu`gFzNua3+b3lP*YyNL_+M6$PhVMNY!DMNIxmN4u%upTLlNAyfr zgjtN%X5sh5E@&Y&=cW#viBwv?SUo9h2#?yVJGENP)Y&1TRY}8~-?2jY{V6D2V?9n) zS4B?STZ(;k2>)g?y9X9j6Fel6c%`+jC*V>wESW3^@ToStFAzSJM7*UD%hUbea|mq-VA>`Uu1$5u_he^UOY+lFF-SLR#@bLi^{||xm%V4`p-9uTFu3er6EY{xn4(F}j;f1tDuF#+c(oCXO`vb zliu#PW3T8>T5oZJ)(~Ss523v{*0TU07U6J`HWnS?TyMPwu;|BEZ3nu@udJKjc1WZa z{1RmZPf2sZiN$b#&9)~Xa{iu?);m9XY5gPhG@7kD%Ab;kkSXCws~N$Hrq<#7=i*t5 zrfTbQ!2HIpETzqQgEYGw0p%PfFc(f4)DUruj)VADt;{@6D2S5h1(TF2h&bk+7`tbX z7)VO1GuYd9q#|=RGOi~FP)p!W-<|4KX)E@D4p>*>DNe%>D`Y(s-DcA7Xk1My=i6v9 zK3dL_$!C<-BeXRIB>UgE@bK?C;y!XuM^-Pvq^4y6xBn|#pwtgcI=c4ZK6;_(ZvC?9 zbNn*(R`m1|{9VARm7xMr5Z$!o_q+!X?Vlm+c@~9m%uR&ra}yjQ6|2H1&CU`7VzV^@ zqaFUzrvDoDIw+8G5)Jj7z<7+!1wcEhr+RWGVO0u6{$`w%tvE6FAOL)-vT3oLIou>j zP{wpjIH~;H76`ds)!8&KTeu|sSF=Pd zATonteR$m(B}B8h8g!0 zWMnY|m*d(^nYy?!|L}RkjMqdXdD?>XP?W>8$>r>QYG$*c7rze6p4 zNn~lrgzp#GtY7)ylW=!H4)Rl99IZkZkLO2mAH)W|=Y%{8Lu6s2{Lj%APem>+-6ueI I>IhFRz|w^(xc~qF literal 12318 zcmV+(FyYSw*`k_f`%AR}00RI55CAd3^5(yBLr}h01tDtuTK@wC0096100bZaiKdk> zvJ;_XK19R+VN~u;*9>dS!n^RLnKejh0!`QI1t0*TiBWE=vZXI*HK%8+fg`Dos3 z;VkX=H5wiY1ONg60000401XNa3av>htOj87hEK0vj}9^v4}F;utfTuMWGs#Pcyg6? z6%ukue3=zApxLQM9y8T-E*^gaA-9ACCuz?WIPED>K8nFEO({6yPCUahQE-hTfx2mR z*RsOi-?iy+WOmbNe~N1#gYJLB>`yElONgvW#WCq)r_h4&TSnn+?}cZo1YNKdBqh%$ z(P7B{v2eQ|n5x<9RJzx3z18|2W4{Rt?d=mn=QjX1M6+Q?PTUU!4%Z~}59Gzg{}sro z!jJn_P_P+$`y$d*f`|%Y9!>#oZeLU)XE**F9|H%7{XMR^HeDquUno+-d(1lsEXc#| zHiJcMO!mKnf`K&_ROBHfZ>7A%*CJw5F{v9mJ)|T^sY4*x`dd zvPr<~nnC>kdWPrf2(vTo^Yzj}?|LTY>n@FQDZh9LB7Ty6jSK-`3)niUb$T7}T2$Uv ztmj+D{$%=%zM8-V@%en{mz4qNc!F~~D#y32uh`%Y0b0-3oacz}C*DrA+b5ids1N4o zp>w=)?7K@U27MJrr2&IBWtu%73W{w+_VYX?!4Op8p(IRoT?+@3XdpqlgE6_;WZVEiP?PE@tj&*918Z`9lGz+nT zAy;kC1t^s7NDDd^nfw?2q@I8u?w3(qV~E|}as8$lpmdxK-NcM(Pw_^64n9U1_DXeo zT3VRZv2I#8jtnV&@Im^q#2ffdFaZ)w*cJol1G$o~*dO*mXtYT8c`0s!wl3JzqV_h< zKlzH_Fol7OEuNpP$$7z7L{bG9(64(4V|qiK zDBUAw@MunXcFQA36W+rT5=d{z`6KeZ4he%YywPGS>tHD!S5!|%<}DXVP8z+nD^Y(} zSQ|NH<|Hakal5wP`&r~HaQg@2GaD6N;;RNx*X+19>x;44l_zg|+SOd;BEd9pm#((t zB_RaIMY!m^0$y@+B|iGR+uB_^MQPqPu(WD zRzsmiB0EQ|Cae+rVEW7TXd_Zj|0r6@?k`16QWQ<8w|*OozRch;pKf;XUaa#M9&9|1 z)G^5TNRQ>q^Zv!Hj(9oaRQ>t^yH+q1;(X?heKG}#o{S$ZDfdm@h^OWI76q-p3neLt z;&c7j_jqgUqISSh@=N;2@WX)-C3-vzk;D#N!SNw(zy!ggwfc+VwXH(#8?PI+ZY~#J z1w7`EwGZUr?2Znnuvl5=DAQ-fcy>SEJD0sl5C)(}TVJdqXlY!wOoyvZl0acQS_dQT z<*-1?a6KB&n~$%7lThVB^NcI}o0)ghm4W$qx1|0wl_sG*TyI9{4;>&5`U)D)Zufv< zW{U%_->Z8pd74FzicQ`~)K-40)1kNoFCk)&=cUo{YabtdBoU~o=VV)OP=q|4^DJM!gWxSlx(gyl1 z+H%%=?Qk-E{}>rT2EuC-Nr@zN8$B;^NV+RI&fOQB0NHdYwAmU=@da^FF7Z06B3MD? zQa)DFG>R$v2XJ3*8T#F^q)ct;1R7{pC4tEppI4I%1D*!Ico}?1>LAsn#OzNPDnNoL z+=7<3<}B#V7CBac+b1hnC?$T^k*Xbcl7dU~b+Fg=ljLPAH_*E0L>JY~xh#=87Y*}* zs$iL4RnXT>^8qxHDCVG=!z&n3%y-@WMg*3#L;w)+zXSvKRYPrE;vN~BM@I1h?A2VB zn<>w~ia-o8!KY~a<<)h92-pmg)*vXStWu^}M&h%Xq_n|wF5AFL+#B_&tKk$p@_2=!@zD^hP zv2r9-b57Zp!+rB&09&+H`JR7IB|~RNF-hkUaQ!dEU*5yes&vhRYNh*UB#gPJp9JF< zjp6}UPme6l_|0RQjUf~E z0B!_f&*;cB=fO`5g7$;O0^s-0<%~W8IcmMf6~%aZ#Jpq^*y$KWH!OdjjG4J?@M&pP z@%AHj*x=GM`i=~x%v!WkOEmkkj^BgCSYs;AQjL_#856);*8)P?2U?b54PRg+CuyKG z9l6EKc7@QYz?5{Gpa?RW{G`b$tzDZoA9UVlfB~yVPmEw#1B$eKTLoP&UxU`w4Yf0s z;~1hhr@FAW+VAzK02q4u-oRtToG=`J?Asb0&++yytB|HZzGQM;37Q}bg2vl#!qYL~ z+$YT43~LoRs@%z=u-dGfJ%oK}tMSGaA7MXkOh4z6;rVSJE)<1og@W$mRi+h|1@G6z zE~1R9&o$!bf$LB!3gi?UH*L-Fx;6aKdoA%dT$7#%g>}y}?!^T}f_?YS05rMea!zt# zjgt!7G}6*Attw12Vlb5X=oi#zGZw znYOjMQu9_Y@pEf)-Y=n?qkn&RDPcdR3M%mg=|oNTlo$%j+Au7a6AQ#TBM$M^)Nm*_ zf^%#$@cVM49W`6DH|-ys+=F-=9$Dc;w=0{Qt1I^;MRg8?tvg8EcSn$Y_~J|rHUO>S zm=H0jbm1vss6j_DeK1|C>0};Iu>*8<-#hf;?PP_^-^L_%>d%tRi8Z@LI}6 z^6@BQx$1r{2Sd7{+hDeN8=pK{-?lLh2oXviEb&^Sy$%SMg}dh7pHpIAt{!S{QnIv- z#ryaB78l1+cI_I!u5?b03}3!P)|mbPmv>Jzcxa4d7LAE*dp!CpsF(B{k1*tB9q^Wr zi&9EX7uSFUo8*Qd7nT5$ca+#V?4!+u;#DC(NF5H@oW5+t&R2^QJ^&98O^(w@F)eiK z7^{YjP7>6Eu9=MK>5M_lrJ^TA7t%W$gCV za6GD-@|~5}0dio2l!oT@?g^b~YVaXIQcl$9qZ#lYFTTVKhO`dYF#oy04k$vntvgNR zUYurWYQd`7m*i>GP({DRv9Rs99U~sMaW~3pW7EK4zFR2KuZc;j>vmu>O4SvB8hArjSt0pj=8b-((e;jK_K0+{{^2$yop<-*aXCDeq@li|U3*S_yr(Dx6N?4>zonG_kP) z*cz?tlZ-AwW#q8~#)-TSbHwKF-XrZULlodbow z!uZBa*Q=hXzsssy?W*nO5xzmssKXgYvr-R|M5y_%*>xO zGV1S&f*8>H{Y!S4UZ@?X?`gBX%UAR#Ca0&=J9-mS-Z^`C(tLHM80N_iopfkjgKqNTh;Cf!Vc~ zeSGS9Xu_Z#MvY7TC&2vIy>wtF1BTwGKjkcS{GD&+9{_x^dq1?Y9);H^n6n@CAh6tf zpVPHs^&*4)iVxURxj462E$Qw_dj2(G7VMLO3rh8g$l(lUdka@+j$i|!UKP*#;Wxki zl!Pp9%^ToD#zj%m(ZM8XN{|KzSGAs+u>asB(C?%)4Z5hCa?v55ih;%tC9DVHh@g=3 zw#x>7UR3AJT|{nN1xiR~$G>uK$kk3phi&}Yhz4Q9awJ~eoQm1->ogtN{o%;h_-hvS zK~XRz)Q`O2x9|c+_tm|mip2T0sIl>85BNxmeXjESIlXQa3b&>tDXE&hBgoa3T>7sSSB4HD(-i+h~ zt|mk$J>i%n8Y|M5R>_hRXf)Qwn?eZ==U263)pr+W*q%SDCH1SKs}vYa-o97~3F;o} zw-WM17(p961LEd!#L`ysPTo^gf2;2VeAl$@!MM2wenD4j+<2fy-~1$QGR#yH=BNXi z+OXkNzLUnt9K1{gg?NYXbb|)5#|W0Y{<+xJ}Kd>WGFg z7%P^?Fw~CL*v?~kE&mWhZLthfvtSj$qgRZH>Fv`#M-c0!M-qX)>C=x{r*H}G9qe#! z_8`oU&g>28mXoPRn*QXH?|C`Ud{t5aYRNZLV0KaDr-kVsZ*qblGKtVHQ6`7=;HSbG zrwT8BTo(Bz3756#=^v}sb;>VVa7EwD#3(V2a#B$Z+S~6@JLuXcSxrRPx}WjT+Z9Z! zBzxWOk@28R`Y^ZOu*F1j{Ji8X49lu#4!gXI01ReJs$BH9S;D&}!LCy&N#Tj5A;oyL z&z7tFZp=ZfOtLxyRihQ)oD-48uLLR)FU(qW;o$wN#fkvLQ@592FK#fu=N-o=iE;H0 zM}5sr>uI;MtoEWRiiNN?b`=ojqgK;IIjZcesUoV*n|G*~Fpg7m^g=5B-*6!JNFBS0 zsU=t*Dny!=0{e~f-x7p)`0kMBSevNFb5j#<0{^1w6-H=twc-K4L6bN9ra4(6#-Ur4 z4*isfvytYsl9#F^*5dGyiD2icoNx<+5hiEs2KxV8Xp7(gJOqv*YU%IaI`J#If!0xv z8pXfPxr~`Q-f37SV!eou{i!UXX`iU5a~Jcro^&7A!$9not14sqoS>`;r5A{sin1qo!L~GFX)(t+RT-Ai)Li|%_O_LJ~vGnxBF*J zmKd3ft&5MKgWR>feuGba_^D=Y-~QQAwGNWT(UYx6o7&l;UxE1Q=3_(*hYz&5Q2O)Y z^yjM3d5evulC1LX+0;$~cXP!Md7%9IeM&{>?5stJKnf&;h}lODVxt-~P9FZLH8ruA zUx1n?-9QZwr^5&-c3CL{krU)p35b>jrwHLo@k|y`{O|yv9Z~i4%st=?T_cph`D@WQ zeHYFbt+c6X(x6qQbg1+P27o%&f}CFTM2%I&6lT4F%yh*SY{v6>p|?j@b-)#4$W2!- z1=+egigH5z(GRA4@Z8BADO2W;pz`6U9e_lCx*?)GjZ(1`2z@`__ZtAJaMLuSUCO^1 z1lYKk(9;h-f>wD|YNd~%_Fm;)yx0gys(Bh+vD++<-gpXMHoVWqnSct&=zkk{V?8b; z$^ON0qaq0Zu4Bhn(|m`tWQF&V->Z^GYG`521wL2u&bw9v^OAJi*n|K|Y^5fxSJf6! z$or5j`Do6IjoFvEXc%YC5DD?Qpe(;~7#D&$(?r7DgeXy3lbF!v!88?1_Q3(fkmO=J zVjiUCdx2dY6k<1!UgUr>cmL-Jp~@Nzo6OFKniq(3?&rC-PyNkO2{NVq3cr`J=PBNx zd-kIZ)lO_B(8^Q^Ml#sM;XJ5p@2LhOM8A;(j2*>8Q>!o)TFF^cMRXYcUQ`bod6N#8 zXquIjo$&BIy^cu|mLB6kJx;AO44w6{`zI+-*2tV)70_buus@qnT130V1;nR7`5C`b z!^@Mp_ykY2G(KCVg3FtleU{$E26Y;_H5CkX%MLrVkrLhvZ2jX_fzA3Fbv~+Ug-=>(rh0WIU1V^G*24SRsvOpHB%-whG=~CN`rt ze4=xkS-Ah27*55fBGcm4vxPPmS z=y9a6vjqw`*|46unSw#~%|YegSPYjHAB+<^*ESAf`xC(X*dZ8>=squ_QhWwW4drP9 zfDs*E^Ka{Mi(MeF9o_=cW3vj~u^4Qqar4mb_y@&KuJt}S;(7sY3*vg$z3%a{8ZsqG zP%JBbO(@xM@@ly}ObF1`wcD1(0;Z}zQ$uplG}|36(89FCHLV5^AmT`KK^?Mjh$BU8 z7uU(1c#l=C|LFOG1N{&+UupROYz1d}Lh@A9y8r#?G^~m8!X_o}&oY?$18>yhcSf8L zk>B46iI+0kI5vJJ!1}jTJ2>f2<+>3)STZ4b*juoOJ&%~H(fvq=VFrZr=`%tihn3^9IFGht32%{6kApFN zPQ92Q(QU6I`XP~~qLP#Bt3C!^Gv8_6fvP&UuABe$;lS%6sw7scspKo(bX6x?M4keK zO*^-d!{eU8w=M)LKvYQ`vDH8M|NYuZwkeP_p%tduf>jtxFay)sGz?`UilmcbAkW zP5qCb=vvxWG~R2WQJPKlX7izf6@rdt`TxjkPMI~^>XO_v73mB^2Gu7UE=QTPyUdV@ zYBDdXr5aX!9?}L)peVofZ}T)>_`rfdJ41JBpcR7mSj@{(m!GL);G@-#wjcFdp4wS{ zf$h^YYkv?wqV``jeylo&=b-s;tLWGnV3h&2Th=$B#*3%};HI{pKuVk|88GV)O1 zkb1=%cu0KB0s3#(tJBPLj8?hQX>nc9$NXpJp>uvmtvyPnu*n6LSg}?7+l$IsyCT{hO2Z^l6LsvG zQsc@4DsRr!DG4|&Q|sZ{I=q{Q&%w>eICakUwfg9 zS;kdnhNFAfc);bgkmGlc&zXX^Yv}_Y6@x%u_YdohACgaO>&!#i_AEOm z7%>5(8RgV@Q5EllL0;XpAm(c36Wp+}u;lUIr&fbQjp8*!3#dN@-El1H?-VYR4#L1o z%t9A(T@jtuW00#e!tW>i39%m5(TpD`gJgnqU%b26u)&TZ?;ZdYkd+GTn@42ryCSmY#;zKWaT@;usl5L zr1-`$5qJ=ENXQR#_PpnE-r)DobB=7IF=_Rq*cw-hv6vxNr)kgu^`O^5)WD{sq0oV7 zlo_1lCwl7uT7~8BXC;1_(cwBK4oQh`n@e#W(=^~FjFISpOS*`d(<4c9&DdfjMu7%3 zq+J=O+kz(mrG9sA5!6A*DgtarNfvdgl^~`1Ufxrt*}IN}`)@lq)GjPojE`_5N7;83 zbkzIVO%XPs=CZBjYIXL5&ZwdF>IuVZ^$JRWpbFu7)}p~a0`2=KaSQ>SSZ$Ey=>X`C z-d&9&6A&`M=JIu9*`7x~JAY@9^v%~9C%v}Mo3=(-ljmDP<`Slu4jBcpzHb#r(FLP8 zZUX^AsAAVWOtppNXqG2$p2VM|&jgqzvAVWEvjyT3Gi`JLO2UIjrw1XLcST9h-nOPr==BnTOyI1_ zEUp9=dR2G;&W5AYnVT^U(%3lY8`7s(MlA;Wg|q0E@|VXTG1B-Ezxemd*ZjOOdL%Ru zb0oU?yXuT#j|*6y-x|!;u0%0O!cI`UFComiQmPDk7q!)v!A%5?Fm?01_U(lgQ_8Ri zQI8&w_E>gjj$NdUnC0rC%4O;nV`nIUdh9eDl9t6}t>#Q#H-U$hFj*dTu`V%v{<(V4wUS zL#0yeTD)A$=fcSA!Mi(-(C>vgdFtS9q14G1(v-qFii+9sFSI?>6*rNKipe9kU0xvid0Bt1gDO=rd$y&X`8ck1tQPNw_TYNUacS$6eZ2I zleq%lh!&9D24b)TT(x$AaF&69NSqKla<~`=SwD{OP&(=W#|}}07wh20x2{&_KM}S zjpL08xA0lEi|inqr^gc@Tlfa?VO6w0yP+kE_P6{9Lk@L86$6<)vZqXjn3 z&UB%^s!`zqtb@!V1XhbfAe==Q*a2enk7G=E_Aj2*0SG~!|Ct)I{HUV?K;XgKI?D^E zDBtZvy5F~Ew62nbuO~mbcBdx|FJOnTN@(acMmc!RK7pvMvnXJBkeb$y0~5#oR35Fp zp=X@vLJi646N=Qi_QxU5jj0t)Ihqni3WixsQ{wnD;r%^JMg%pgn3FX4^P`#O4D8+L zWx$B!$CT5|PDIP}y$<@+*kwJFmXBwb3*?Yi`SnRk&tkewl7xErT}cI*;VWAQb7%kk zKC{fbdv2sg_{X6=#D$Qno|!24E5VvPj=A109!ljYRtw!>gB^D<9lg}-n&#BvD=w2_ zQ&$VK@e9V(03KkWPY0I{16PeX1e3N8@p3}Jpz)XFTP_)KQbS7H$+=}UYM!X^s@U?2 zL034tPARSIub-zap$1MXz?kL`H$Dxs?iNl*RrQ*J+bVP5ExOoTbJ#&_bLM=v1Sph4 zdyTg}Ebn7Arpne)4T(=VtOcP1MNV6Nu1xS`6bq7hr zvxhdB$<{g{Cx*esyq;t^rCVvAiVrOfYPg$XogcDLfstRzbLB1mB>ak2J8*rVI3=@4 za?6bhfa5gyZ{n60;X5_02Ix6hhJZI&A#IhD&MZkfNobl7rLhT%Y?#yNNrd{4mX`d& zE7e<(OlqsAZoLSQU>v~Xc9?nn-`Qxl;_!K0fVd{+v5cG%x1uk$l|)SeHMAb3ZhNl# zZGW;IJNqj`tsq1NzvyYcKeHKro5CE&M8}Rt{0@cz6C3%gg=bxw(v+ESkBF%;V`dqT3k|P~0sZDNe<)p1J^~GfM zSP)&O9{tgY+w@6o>z6G!U#+FJb_;aD`lC%LcJ2$}ZCO5c8F{V!ZWZ+mF4U1OnM}4Q z@uHXdlREQAw4IQ51>LWR_+ELxbYZ+`wLKmPwR$QRxcI(V_DjKDT&aNED zprMZDiuuZG5J7ZUsKvuFGyR6K-}XQ_XVqnYQpt7M7|rI>L<3p zh7th?Glbttzy(OQ zeTL`x*R_N?Hhkrw{tE$$fmk1(pxR zP^-+Neoq^26{QUxhp0n6%8yt;5#S%_833|wL^(#r=hWi!ImPW)XkU@yNt7^eIN#($ zhB9PXZQ}7kX_o1y-G>3FTa|1D9u(TBa11ck^ozdkPJQ}t`jR z8=0}rwrV10ZoYaT(&3XzR^$g)gf@VsJzDp!8(_65b+!N_mEsZNFwvIB2 z(J`d+F2eF)6UDp8rZX~&F)`3CY?Y&X*T`r!`39rp5f*@o26jq2aa1n#&c0*xU`3Yi zC&{7UOjE3>$fjO*bpF18S9N+LbRBqnhE?}|_a#l5Fud%=s7jSGaGIrv;}qrr+9>b& zwY^z={j^{cUZc<&*AVZDMe|OdoLPY<4gH*OQ9Hzo&P?oh{M93}{k%Y4&x@sLim$(I z4`3B>eS0;7<{sT*YgHWXss3!3=p^6PIdPbTL;Mx6GU!j84V9XNRWv$IjINcu>A&(u z1R=L8CCbrMFF@4*aK%%R@oZ_;+MUyJ28r+{GM01mC0O@#q$fHH)%KYTWDXm>G_Rx+ zIo#|H_NM&@JxDCQZe0&g+{l&1nL@TZf?UjUq03Z3(Z{Y_1kik-SL{A~G`SxnqMvYseFGybSqQ(gXs)QGrd#SpfN9Z7^2+pj)10pA>c9`2d_QG8w zm$GEZS-87>XuR5L({>n~NbJ+S=6IFAN9{KMGeQfax3~2-^IwN14CFIT^Ha$CDcEez zL3>va4f*=$sY;CFxd`kHHqUuc^rE@~S-=?SAr% zLkAWltH_X>*k*YQc@bgxO|t@sJTXBjF|jAGR`o456m6ztMXfSwM+(^-gG2ny-v24g zO?Q+khfrye4M&cV>@rZQS9ci+lPCi%A8r~DitZLelt4tev;$z67$*9x*P%>tblUuP zaV6U(JH5wQk9N7F9>??Hzv3OBTbVk7EbfKgtW|pV~h<5El1u-Wd0EH zo-@Uk)0R<;w_ignc@C?F%bynq;FxRx zKi0_+FBE?STY&HFY8cJroqP3WEW#O|U|#)8rx;YtkP*c=;`N7GT~cC~nTGipII(4Y zOd7J|Jj3SL@`>V#AfxIHZgI`uet!|D(c-Znj&%M~B;a>)c9ul&R7G-Rkzdm|MDnwrnsVomg`1f?dDkcPUQ?$EixKY$; z$om+dTKKCaxaDleT0-D>u?LK%66axWuKiVka_q(Sp_N;M+D=6psV-+ROg_}VO*mBT z&W*cV$r0U2Vv!DP>dI+|@8M&xAx&eVk(_2)exa*v&A=6kjU7K_vEHwwYb){SX9vKE z8V_n1DT*i=+Jh&1&h>G%MEElC8-2yz+gZZsbbLs5~8?X^jluCej|q|-Dqd-w8MAp`7esa zcU6Cn{ug4`j9WAd><2xH8VBrki!of2>_=Bw<3=ULRJVNwx(;_95)b-U6r47pv+|ef z(r)m)4g=suZ7*1GI5SuVEK5qU-HniQf{5xd{|-otUZa*Nh$Vn_ODW;S1nIj?Terj6H+b54EOEhpPMXcz|_sc;n|Q=JHbeZGRF>KN;+d`Sn#+4%`3P5~y`s3w@|Yszyir22e4Vghx3 zjb+Vp|H#M~EDzZ#C4t3-Y6w*;vg^~tkgkZjyy3rt;J5gDOkfA+iClW?IpFx-7+ak+ ETsl(zKmY&$ diff --git a/playbooks/base/6_haertung.yml b/playbooks/base/6_haertung.yml index cb1eae0a..69c91813 100644 --- a/playbooks/base/6_haertung.yml +++ b/playbooks/base/6_haertung.yml @@ -2,6 +2,7 @@ - hosts: all roles: - { role: mgrote.fail2ban, tags: "f2b" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.deactivate_ssh_password_login, tags: "ssh" } - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt tags: "ufw", diff --git a/playbooks/on-off/f2b.yml b/playbooks/on-off/f2b.yml index ee346697..5eed98cd 100644 --- a/playbooks/on-off/f2b.yml +++ b/playbooks/on-off/f2b.yml @@ -2,5 +2,5 @@ - hosts: testeinzeln become: yes roles: - - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.fail2ban, tags: "f2b" } diff --git a/playbooks/service/fileserver.yml b/playbooks/service/fileserver.yml index a57ab311..33a4e68c 100644 --- a/playbooks/service/fileserver.yml +++ b/playbooks/service/fileserver.yml @@ -14,5 +14,5 @@ --- - hosts: storage roles: - - { role: mgrote.postfix-gmail, tags: "gmail" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.fileserver_smb, tags: "fileserver_smb" } diff --git a/playbooks/service/pve.yml b/playbooks/service/pve.yml index 349fa84a..32e9dbeb 100644 --- a/playbooks/service/pve.yml +++ b/playbooks/service/pve.yml @@ -5,7 +5,7 @@ - { role: mgrote.apcupsd, tags: "apcupsd" } - { role: mgrote.smart, tags: "smart" } - { role: mgrote.zfs_tools, tags: "zfs_tools" } - - { role: mgrote.postfix-gmail, tags: "postfix-gmail" } + - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.sanoid, tags: "sanoid" } - { role: mgrote.ecc-rasdaemon, tags: "ecc", diff --git a/roles/mgrote.apcupsd/README.md b/roles/mgrote.apcupsd/README.md index c3c65f3e..48224127 100644 --- a/roles/mgrote.apcupsd/README.md +++ b/roles/mgrote.apcupsd/README.md @@ -2,7 +2,7 @@ ### Beschreibung Installiert APCUPSD fuer eine APC UPS mit USB Verbindung. -Benoetigt mgrote.postfix-gmail. +Benoetigt mgrote.postfix. https://linux.die.net/man/5/apcupsd.conf ### Funktioniert auf diff --git a/roles/mgrote.apcupsd/meta/main.yml b/roles/mgrote.apcupsd/meta/main.yml index c0512f74..ad9041df 100644 --- a/roles/mgrote.apcupsd/meta/main.yml +++ b/roles/mgrote.apcupsd/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix galaxy_info: author: mgrote description: installs apcupsd diff --git a/roles/mgrote.fail2ban/defaults/main.yml b/roles/mgrote.fail2ban/defaults/main.yml index e69366ae..fb532d00 100644 --- a/roles/mgrote.fail2ban/defaults/main.yml +++ b/roles/mgrote.fail2ban/defaults/main.yml @@ -3,3 +3,5 @@ f2b_bantime: 60 f2b_findtime: 600 f2b_maxretry: 5 + f2b_destemail: michael.grote@posteo.de + f2b_sender: info@mgrote.net diff --git a/roles/mgrote.fail2ban/meta/main.yml b/roles/mgrote.fail2ban/meta/main.yml index fbdfc873..8737962d 100644 --- a/roles/mgrote.fail2ban/meta/main.yml +++ b/roles/mgrote.fail2ban/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix diff --git a/roles/mgrote.fail2ban/templates/jail.local b/roles/mgrote.fail2ban/templates/jail.local index 8bc1041f..3485e9e6 100644 --- a/roles/mgrote.fail2ban/templates/jail.local +++ b/roles/mgrote.fail2ban/templates/jail.local @@ -6,8 +6,8 @@ findtime = {{ f2b_findtime }} maxretry = {{ f2b_maxretry }} # Mail Reporting -destemail = michael.grote@posteo.de -sender = michael.grote@gmail.com +destemail = {{ f2b_destemail }} +sender = {{ f2b_sender }} # to ban & send an e-mail with whois report to the destemail. #action = %(action_mw)s diff --git a/roles/mgrote.postfix-gmail/defaults/main.yml b/roles/mgrote.postfix-gmail/defaults/main.yml deleted file mode 100644 index 9c84dec8..00000000 --- a/roles/mgrote.postfix-gmail/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - gmail_mail_nach_cronjob: false - gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" - gmail_smtp_server: smtp.gmail.com - gmail_smtp_server_port: 587 - gmail_smtp_use_tls: yes diff --git a/roles/mgrote.postfix-gmail/templates/main.cf b/roles/mgrote.postfix-gmail/templates/main.cf deleted file mode 100644 index c8da501f..00000000 --- a/roles/mgrote.postfix-gmail/templates/main.cf +++ /dev/null @@ -1,13 +0,0 @@ -relayhost = [{{ gmail_smtp_server }}]:{{ gmail_smtp_server_port }} -smtp_use_tls = {{ gmail_smtp_use_tls }} -smtp_sasl_auth_enable = yes -smtp_sasl_security_options = -smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd -smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache -smtp_tls_session_cache_timeout = 3600s -inet_protocols = ipv4 -append_dot_mydomain = no - -mynetworks = {{ gmail_postfix_erlaubte_netzwerke }} - -smtpd_relay_restrictions = permit_mynetworks diff --git a/roles/mgrote.postfix-gmail/templates/sasl_passwd b/roles/mgrote.postfix-gmail/templates/sasl_passwd deleted file mode 100644 index 9a52ffe5..00000000 --- a/roles/mgrote.postfix-gmail/templates/sasl_passwd +++ /dev/null @@ -1 +0,0 @@ -{{ gmail_smtp_server }} {{ gmail_nutzer_gmail }}:{{ gmail_nutzer_passwort }} diff --git a/roles/mgrote.postfix-gmail/README.md b/roles/mgrote.postfix/README.md similarity index 50% rename from roles/mgrote.postfix-gmail/README.md rename to roles/mgrote.postfix/README.md index d41509ea..c04b15b9 100644 --- a/roles/mgrote.postfix-gmail/README.md +++ b/roles/mgrote.postfix/README.md @@ -1,7 +1,7 @@ -## mgrote.postfix-gmail +## mgrote.postfix ### Beschreibung -Installiert und konfiguriert postfix fuer den GMail. +Installiert und konfiguriert postfix. ### Funktioniert auf - [x] Ubuntu (>=18.04) @@ -11,11 +11,11 @@ Installiert und konfiguriert postfix fuer den GMail. ### Variablen + Defaults ##### Wer soll die Mails bekommen. empfaenger_mail: michael.grote@posteo.de -##### Nutzer fuer GMail -gmail_nutzer_gmail: michael.grote@gmail.com -##### Passwort fuer GMail -gmail_nutzer_passwort: FKXaOXXXXXX5kHC +##### Nutzer +postfix_absender_mailadresse: info@mgrote.net +##### Passwort +postfix_absender_passwort: FKXaOXXXXXX5kHC ##### Soll nach Aufuehrung eines cronjobs eine Mail versendet werden? -gmail_mail_nach_cronjob: false +postfix_mail_nach_cronjob: false ##### Netzwerke aus denen postfix Mails annimmt -gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" +postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" diff --git a/roles/mgrote.postfix/defaults/main.yml b/roles/mgrote.postfix/defaults/main.yml new file mode 100644 index 00000000..ae8488fb --- /dev/null +++ b/roles/mgrote.postfix/defaults/main.yml @@ -0,0 +1,12 @@ +--- + postfix_mail_nach_cronjob: false + postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" + postfix_smtp_server: smtp.gmail.com + postfix_smtp_server_port: 587 + postfix_absender_mailadresse: info@mgrote.net + postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" + postfix_smtp_use_tls: "yes" + postfix_smtp_sasl_auth_enable: "yes" + postfix_smtp_tls_session_cache_timeout: 3600s + postfix_inet_protocols: ipv4 + postfix_append_dot_mydomain: "no" diff --git a/roles/mgrote.postfix-gmail/handlers/main.yml b/roles/mgrote.postfix/handlers/main.yml similarity index 71% rename from roles/mgrote.postfix-gmail/handlers/main.yml rename to roles/mgrote.postfix/handlers/main.yml index a83d51b5..1c610b42 100644 --- a/roles/mgrote.postfix-gmail/handlers/main.yml +++ b/roles/mgrote.postfix/handlers/main.yml @@ -1,7 +1,11 @@ - - name: create_db_passwordfile + - name: hash_sasl_passwd become: yes command: /usr/sbin/postmap hash:/etc/postfix/sasl_passwd + - name: hash_sender_canonical + become: yes + command: /usr/sbin/postmap hash:/etc/postfix/sender_canonical + - name: postfix_reload become: yes systemd: diff --git a/roles/mgrote.postfix-gmail/tasks/main.yml b/roles/mgrote.postfix/tasks/main.yml similarity index 68% rename from roles/mgrote.postfix-gmail/tasks/main.yml rename to roles/mgrote.postfix/tasks/main.yml index c08ac580..cfe46f66 100644 --- a/roles/mgrote.postfix-gmail/tasks/main.yml +++ b/roles/mgrote.postfix/tasks/main.yml @@ -16,7 +16,17 @@ dest: /etc/postfix/sasl_passwd force: yes notify: - - create_db_passwordfile + - hash_sasl_passwd + - postfix_testmail + + - name: kopiere sender_canonical + become: yes + ansible.builtin.template: + src: sender_canonical + dest: /etc/postfix/sender_canonical + notify: + - hash_sender_canonical + - postfix_reload - postfix_testmail - name: kopiere postfix_main.cf @@ -30,7 +40,7 @@ - name: Mail Cronjob - Anlegen become: yes - when: gmail_mail_nach_cronjob # ohne parameter wird auf true geprueft https://www.buildahomelab.com/2018/11/12/using-ansible-when-statements/ + when: postfix_mail_nach_cronjob # ohne parameter wird auf true geprueft https://www.buildahomelab.com/2018/11/12/using-ansible-when-statements/ ansible.builtin.cron: name: MAILTO env: yes @@ -40,7 +50,7 @@ - name: Mail Cronjob - Entfernen become: yes - when: not gmail_mail_nach_cronjob + when: not postfix_mail_nach_cronjob ansible.builtin.cron: name: MAILTO env: yes diff --git a/roles/mgrote.postfix/templates/main.cf b/roles/mgrote.postfix/templates/main.cf new file mode 100644 index 00000000..cea9b28a --- /dev/null +++ b/roles/mgrote.postfix/templates/main.cf @@ -0,0 +1,13 @@ +relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_server_port }} +smtp_use_tls = {{ postfix_smtp_use_tls }} +smtp_sasl_auth_enable = {{ postfix_smtp_sasl_auth_enable }} +smtp_sasl_security_options = +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd +smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache +smtp_tls_session_cache_timeout = {{ postfix_smtp_tls_session_cache_timeout }} +inet_protocols = {{ postfix_inet_protocols }} +append_dot_mydomain = {{ postfix_append_dot_mydomain }} +mynetworks = {{ postfix_erlaubte_netzwerke }} +smtpd_relay_restrictions = permit_mynetworks +sender_canonical_classes = envelope_sender, header_sender +sender_canonical_maps = regexp:/etc/postfix/sender_canonical diff --git a/roles/mgrote.postfix/templates/sasl_passwd b/roles/mgrote.postfix/templates/sasl_passwd new file mode 100644 index 00000000..31c5492d --- /dev/null +++ b/roles/mgrote.postfix/templates/sasl_passwd @@ -0,0 +1 @@ +{{ postfix_smtp_server }} {{ postfix_absender_mailadresse }}:{{ postfix_absender_passwort }} diff --git a/roles/mgrote.postfix/templates/sender_canonical b/roles/mgrote.postfix/templates/sender_canonical new file mode 100644 index 00000000..a77cfc7d --- /dev/null +++ b/roles/mgrote.postfix/templates/sender_canonical @@ -0,0 +1 @@ +/.+/ {{ postfix_absender_mailadresse }} diff --git a/roles/mgrote.restic/meta/main.yml b/roles/mgrote.restic/meta/main.yml index b3cb6676..2c0c14d6 100644 --- a/roles/mgrote.restic/meta/main.yml +++ b/roles/mgrote.restic/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix diff --git a/roles/mgrote.smart/meta/main.yml b/roles/mgrote.smart/meta/main.yml index 3e1b6539..89beb0c1 100644 --- a/roles/mgrote.smart/meta/main.yml +++ b/roles/mgrote.smart/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix galaxy_info: author: mgrote description: installs smartctl and configures it diff --git a/roles/mgrote.zfs_tools/README.md b/roles/mgrote.zfs_tools/README.md index 495daf46..652df2ad 100644 --- a/roles/mgrote.zfs_tools/README.md +++ b/roles/mgrote.zfs_tools/README.md @@ -3,7 +3,7 @@ ### Beschreibung Aktiviert die Mail Funktion von ZED (ZFS Event Daemon). Setzt die maximale ARC-Groesse. -Benoetigt "mgrote.postfix-gmail". +Benoetigt "mgrote.postfix". Richtet regelmaessige Scrubs(jeden Sonntag) und Trim(alle 4 Monate) ein. Richtet "zfs_health.sh", ein ZFS-Checkscript das auch Mails versendet bei Fehlern. Deaktiviert das mitinstallierte scrub-Script in /etc/cron.d/zfsutils-linux. diff --git a/roles/mgrote.zfs_tools/meta/main.yml b/roles/mgrote.zfs_tools/meta/main.yml index 56f9f145..c56a97fa 100644 --- a/roles/mgrote.zfs_tools/meta/main.yml +++ b/roles/mgrote.zfs_tools/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - role: mgrote.postfix-gmail + - role: mgrote.postfix galaxy_info: author: mgrote description: installs zfs-tools