Add school-specific inventory and vault

inventory-fvs.yml

@@ -0,0 +1,590 @@
+---
+ungrouped:
+  hosts:
+
+all:
+  vars:
+    domain: "{{ ansible_domain }}"
+
+    vm_support: true
+    vm_torrent_serv: seedbox.pn.steinbeis.schule
+
+    extra_pkgs:
+      - vim
+      - mc
+      - tmux
+      - debconf-utils
+      - firmware-sof-signed
+
+    ## Additional roles to run:
+    custom_roles:
+      - fvs
+
+    ## Enable automatic reports
+    misc_reporter: true
+    ## Server to which reports should be sent. If you don't want to use reporting, this can be empty:
+    misc_reporter_serv: collector.steinbeis.schule
+
+    ## Proxy configuration:
+    localproxy: true
+    no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule
+
+    kerberize_uris: "idam.steinbeis.schule, *.steinbeis.schule, steinbeis.schule"
+
+    apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
+    ntp_serv: server.pn.steinbeis.schule
+
+    ## NFS-Server for additional mount. Remove or leave empty to use no additional NFS-Server:
+    nfs_server: files.pn.steinbeis.schule
+
+    ## List of print servers. The order of the print servers determines which print server the printer will be installed from:
+    printservers:
+      - 10.190.4.3
+      - 10.190.4.2
+      - 10.190.1.1
+
+    ## PAM mount nextcloud, remove or leave empty to skip:
+    # web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)
+
+    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
+    mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/ ## http://livebox.example.org/mscorefonts/
+
+    ## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
+    mirror_dvdcss: http://livebox.pn.steinbeis.schule/libdvdcss/ ## http://livebox.example.org/libdvdcss/
+
+    ## SSH-keys to deploy:
+    keys2deploy:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE4KWQsrcM1ilTgI1eaTsscTbpdIXVAPk8j5aACjw3D8'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII1hcR20r+8JbBUeWHds00gmfbxEYZ9CQM+oV1X7BzKn'
+
+    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
+    grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
+
+infrastructure:
+  hosts:
+    wireguard_server:
+      ansible_host: wg.steinbeis.schule
+    radius_server:
+      ansible_host: radius.steinbeis.schule
+
+proxmox:
+  hosts:
+    lmnclient[1:3]:
+    lmnclient4:
+      localhome: true
+R016:
+  # VLAN 3119
+  hosts:
+    r016pc[01:16]:
+    r016pc80:
+R115:
+  # VLAN 3113
+  hosts:
+    r115pc[01:35]:
+    r115pc80:
+      dual_screen: [DP-1, DP-1]
+      audio_output: [pci-0000_00_1f.3-platform-skl_hda_dsp_generic, pro-autput-0]
+R117:
+  # VLAN 3114
+  hosts:
+    r117pc[01:35]:
+    r117pc80:
+      dual_screen: [HDMI-1, HDMI-A-1]
+      audio_output: [pci-0000_00_1b.0, analog-stereo]
+R121:
+  # VLAN 3118
+  hosts:
+    r121pc[01:35]:
+    r121pc80:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+R202:
+  # VLAN 3107
+  hosts:
+    r202pc[01:20]:
+    r202pc80:
+    r202pc90:
+  vars:
+    misc_pxe_first: true
+R205:
+  # VLAN 3117
+  hosts:
+    r205pc[01:10]:
+R216:
+  # VLAN 3108
+  hosts:
+    r216pc[01:28]:
+    r216pc80:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+  vars:
+    misc_pxe_first: true
+R217:
+  # VLAN 3106
+  hosts:
+    r217pc[01:28]:
+    r217pc80:
+      dual_screen: [DisplayPort-1, DP-1]
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+  vars:
+    misc_pxe_first: true
+R314:
+  # VLAN 3109
+  hosts:
+    r314pc[01:24]:
+    r314pc80:
+      audio_output: [pci-0000_04_00.0, hdmi-stereo-extra1]
+  vars:
+    misc_pxe_first: true
+R317:
+  # VLAN 3110
+  hosts:
+    r317pc[01:24]:
+    r317pc80:
+      dual_screen: [HDMI-1, HDMI-A-1]
+  vars:
+    misc_pxe_first: true
+R319:
+  # VLAN 3105
+  hosts:
+    r319pc[01:12]:
+    r319pc80:
+      dual_screen: [HDMI-1, HDMI-A-1]
+      audio_output: [pci-0000_00_1b.0, analog-stereo]
+  vars:
+    misc_pxe_first: true
+R406:
+  # VLAN 3111
+  hosts:
+    r406pc[01:18]:
+    r406pc80:
+      dual_screen: [DP-2, DP-2]
+  vars:
+    misc_pxe_first: true
+R407:
+  # VLAN 3112
+  hosts:
+    r407pc[01:18]:
+    r407pc80:
+      dual_screen: [HDMI-1, HDMI-A-1]
+      audio_output: [pci-0000_00_1f.3, hdmi-stereo-extra1]
+  vars:
+    misc_pxe_first: true
+CU051:
+  # VLAN 3126
+  hosts:
+    cu051pc[01:16]:
+C051:
+  # VLAN 3122
+  hosts:
+    c051pc[01:32]:
+## Extra Rechner Lehrer kein Laptop:
+C051pc:
+  # VLAN 3122
+  hosts:
+    c051pc80:
+## Extra Rechner Lehrer kein Laptop:
+C054:
+  # VLAN 3122
+  hosts:
+    c051pc81:
+C055:
+  # VLAN 3124
+  hosts:
+    c055pc[01:32]:
+C061:
+  # VLAN 3120
+  hosts:
+    c061pc[01:12]:
+    c061pc80:
+C062:
+  # VLAN 3121
+  hosts:
+    c062pc[01:16]:
+    c062pc80:
+E021:
+  # VLAN 3132
+  hosts:
+    e021pc80:
+E024:
+  # VLAN 3133
+  hosts:
+    e024pc80:
+E026:
+  # VLAN 3134
+  hosts:
+    e026pc[01:16]:
+E029:
+  # VLAN 3135
+  hosts:
+    e029pc[01:16]:
+M146:
+  # VLAN 3136
+  hosts:
+    m146pc[01:08]:
+A126:
+  # VLAN 3128
+  hosts:
+    a126pc[01:12]:
+A127:
+  # VLAN 3159
+  hosts:
+    a127pc01:
+A130:
+  # VLAN 3129
+  hosts:
+    a130pc[01:12]:
+A134:
+  # VLAN 3130
+  hosts:
+    a134pc[01:26]:
+    a134pc[80:81]:
+  vars:
+    exam_teacherpc_ips:
+      - 10.190.30.80
+      - 10.190.30.81
+      - 10.190.30.82
+A134pc:
+  # VLAN 3130
+  hosts:
+    a134pc82:
+      dual_screen: [HDMI-1, HDMI-A-1]
+A135:
+  # VLAN 3131
+  hosts:
+    a135pc[01:08]:
+    a135pc[21:24]:
+    a135pc80:
+
+K000:
+  # VLAN 3195
+  hosts:
+    r007pc01:
+    r008pc01:
+    r010pc01:
+    r011pc01:
+    r013pc01:
+    r014pc01:
+    r017pc01:
+K100:
+  # VLAN 3196
+  hosts:
+    r103pc01:
+      dual_screen: [HDMI-2, HDMI-A-2]
+    r104pc01:
+      dual_screen: [HDMI-2, HDMI-A-2]
+    r112pc01:
+    r114pc01:
+      audio_output: [pci-0000_00_1b.0, analog-stereo]
+    r118pc01:
+      dual_screen: [HDMI-1, HDMI-A-1]
+      audio_output: [pci-0000_00_1b.0, analog-stereo]
+    r120pc01:
+K200:
+  # VLAN 3199
+  hosts:
+    r204pc01:
+    r204pc02:
+    r207pc01:
+    r208pc01:
+    r209pc01:
+    r210pc01:
+    r212pc01:
+    r214pc01:
+K300:
+  # VLAN 3198
+  hosts:
+    r302pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+    r304pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+    r307pc01:
+    r308pc01:
+    r310pc01:
+    r311pc01:
+    r313pc01:
+      audio_output: [pci-0000_00_1f.3, hdmi-stereo-extra1]
+    r316pc01:
+K400:
+  # VLAN 3197
+  hosts:
+    r405pc01:
+      dual_screen: [HDMI-3, HDMI-A-3]
+    r409pc01:
+      dual_screen: [HDMI-3, HDMI-A-3]
+    r410pc01:
+      dual_screen: [HDMI-3, HDMI-A-3]
+    r411pc01:
+      dual_screen: [HDMI-3, HDMI-A-3]
+    r413pc01:
+      dual_screen: [HDMI-3, HDMI-A-3]
+    r414pc01:
+      dual_screen: [HDMI-3, HDMI-A-3]
+    r415pc01:
+      dual_screen: [HDMI-3, HDMI-A-3]
+CK100:
+  # VLAN 3190
+  hosts:
+    c152pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+    c153pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+    c154pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+      misc_clonescreen_mode: "1680x1050@60"
+    c155pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+      misc_clonescreen_mode: "1680x1050@60"
+    c156pc01:
+    c157pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+      misc_clonescreen_mode: "1440x900@60"
+    c158pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+    c159pc01:
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+      misc_clonescreen_mode: "1440x900@60"
+EK100:
+  # VLAN 3191
+  hosts:
+    e019pc01:
+
+L000:
+  # VLAN 3155
+  hosts:
+    r002pc01:
+    r002pc02:
+    r003pc01:
+    r005pc01:
+      localhome: true
+    r009pc01:
+    r012pc01:
+    r015pc01:
+L100:
+  # VLAN 3154
+  hosts:
+    r102pc01:
+    r105pc01:
+    r109pc01:
+    r112pc01:
+      localhome: true
+    r112pc02:
+      localhome: true
+    r116pc01:
+    r116pc02:
+    r118pc01:
+L200:
+  # VLAN 3151
+  hosts:
+    r201pc[01:03]:
+    r206pc01:
+    r211pc01:
+    r211pc02:
+      localhome: true
+    r213pc01:
+    r215pc[01:03]:
+    r218pc01:
+L300:
+  # VLAN 3152
+  hosts:
+    r301pc01:
+    r306pc[01:03]:
+    r309pc[01:03]:
+    r312pc01:
+    r315pc01:
+L400:
+  # VLAN 3153
+  hosts:
+    r404pc[01:02]:
+    r408pc01:
+    r412pc01:
+CK000:
+  # VLAN 3189
+  hosts:
+    c059pc01:
+      misc_clonescreen_mode: "1440x900@60"
+      audio_output: [pci-0000_00_1f.3, analog-stereo]
+    c060pc01:
+CL100:
+  # VLAN 3162
+  hosts:
+    c161pc[01:05]:
+ML100:
+  # VLAN 3158
+  hosts:
+    m080pc01:
+    m144pc01:
+    m144pc02:
+    m153pc01:
+    m155pc01:
+    m158pc01:
+    m162pc01:
+EL100:
+  # VLAN 3159
+  hosts:
+    a127pc01:
+
+CloneScreen:
+  hosts:
+    r016pc80:
+    r115pc80:
+    r117pc80:
+    r121pc80:
+    r202pc80:
+    r216pc80:
+    r217pc80:
+    r314pc80:
+    r317pc80:
+    r319pc80:
+    r406pc80:
+    r407pc80:
+    r407pc80:
+    a134pc82:
+    a135pc80:
+    c061pc80:
+    c062pc80:
+    e021pc80:
+    e024pc80:
+  children:
+    K000:
+    K100:
+    K200:
+    K300:
+    K400:
+    CK100:
+    CK000:
+  vars:
+    misc_clonescreen: true
+
+PCroom:
+  children:
+    R016:
+    R115:
+    R117:
+    R121:
+    R202:
+    R216:
+    R217:
+    R314:
+    R317:
+    R319:
+    R406:
+    R407:
+    CU051:
+    C051:
+    C055:
+    C061:
+    C062:
+    M146:
+    A126:
+    A130:
+    A134:
+    A135:
+    E026:
+    E029:
+  vars:
+    sudo_permissions:
+      "%role-teacher":
+        - /usr/bin/journalctl --since today
+    exam_destination_allowed_ipv4:
+      - 10.190.1.0/24
+      - 10.190.2.0/24
+      - 10.190.4.0/24
+      - 192.168.122.0/24
+
+Kroom:
+  children:
+    K200:
+    K300:
+    K400:
+    CK100:
+Lroom:
+  children:
+    L000:
+    L100:
+    L200:
+    L300:
+    L400:
+    ML100:
+    EL100:
+    CL000:
+    CL100:
+  vars:
+    cifsopt: ""
+desktop:
+  children:
+    PCroom:
+    Kroom:
+    Lroom:
+    C054:
+laptop:
+  children:
+    CU051:
+    C051:
+    C055:
+    A126:
+    A130:
+    A134:
+    E026:
+    E029:
+    teacherlaptop:
+  hosts:
+    # Experimental Laptop installed in JuFo LAN
+    m080pc01:
+    r302pc01:
+    r304pc01:
+    a135pc[21:24]:
+    nb[001:104]:
+    nb105:
+      localhome_logout_missing_serverhome: false
+    nb[106:112]:
+    nb113:
+      localhome_logout_missing_serverhome: false
+    nb[114:999]:
+  vars:
+    wlan: "eap-tls"
+    cifsopt: ",cache=loose,echo_interval=10"
+    localhome: true
+    localuser: ferdi
+    localuser_password: !unsafe steini
+    sudo_permissions:
+      "%role-teacher":
+        - /usr/bin/journalctl --since today
+teacherlaptop:
+  hosts:
+    nbt[001:105]:
+    nbt[106:999]:
+      encrypt_tpm2: true
+  vars:
+    exam_mode: false
+    vpn: wg
+    extra_pkgs1:
+      - plasma-discover
+      - nextcloud-desktop
+      - dolphin-nextcloud
+    sudo_permissions:
+      "%role-teacher":
+        - /usr/bin/apt
+        - /usr/sbin/cryptsetup
+    polkit_rules:
+      "role-teacher":
+        - "org.freedesktop.NetworkManager.settings.modify.system"
+        - "org.freedesktop.packagekit.package-install"
+        - "org.freedesktop.packagekit.package-reinstall"
+        - "org.freedesktop.packagekit.system-update"
+        - "org.freedesktop.packagekit.upgrade-system"
+        - "org.freedesktop.packagekit.package-install-untrusted"
+    localuser: false
+    localhome_logout_missing_serverhome: false
+    wlan_enable_on_boot: false
+    misc_avoid_suspend: false
+    misc_pwroff: false
+    misc_pwroff_idle: false
+    misc_reporter: false
+    printer_admin_group: role-teacher
+    fvs_remove_discover: false