it-team/lmn-client
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add school-specific inventory and vault

Browse source
This commit is contained in:
Raphael Dannecker 2026-02-14 17:14:14 +01:00
parent d34a2d78e8
commit 2cf905f09d
2 changed files with 635 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

590
inventory-fvs.yml Normal file
View file

@ -0,0 +1,590 @@
---
ungrouped:
hosts:
all:
vars:
domain: "{{ ansible_domain }}"
vm_support: true
vm_torrent_serv: seedbox.pn.steinbeis.schule
extra_pkgs:
- vim
- mc
- tmux
- debconf-utils
- firmware-sof-signed
## Additional roles to run:
custom_roles:
- fvs
## Enable automatic reports
misc_reporter: true
## Server to which reports should be sent. If you don't want to use reporting, this can be empty:
misc_reporter_serv: collector.steinbeis.schule
## Proxy configuration:
localproxy: true
no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule
kerberize_uris: "idam.steinbeis.schule, *.steinbeis.schule, steinbeis.schule"
apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
ntp_serv: server.pn.steinbeis.schule
## NFS-Server for additional mount. Remove or leave empty to use no additional NFS-Server:
nfs_server: files.pn.steinbeis.schule
## List of print servers. The order of the print servers determines which print server the printer will be installed from:
printservers:
- 10.190.4.3
- 10.190.4.2
- 10.190.1.1
## PAM mount nextcloud, remove or leave empty to skip:
# web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/ ## http://livebox.example.org/mscorefonts/
## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
mirror_dvdcss: http://livebox.pn.steinbeis.schule/libdvdcss/ ## http://livebox.example.org/libdvdcss/
## SSH-keys to deploy:
keys2deploy:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE4KWQsrcM1ilTgI1eaTsscTbpdIXVAPk8j5aACjw3D8'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII1hcR20r+8JbBUeWHds00gmfbxEYZ9CQM+oV1X7BzKn'
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
infrastructure:
hosts:
wireguard_server:
ansible_host: wg.steinbeis.schule
radius_server:
ansible_host: radius.steinbeis.schule
proxmox:
hosts:
lmnclient[1:3]:
lmnclient4:
localhome: true
R016:
# VLAN 3119
hosts:
r016pc[01:16]:
r016pc80:
R115:
# VLAN 3113
hosts:
r115pc[01:35]:
r115pc80:
dual_screen: [DP-1, DP-1]
audio_output: [pci-0000_00_1f.3-platform-skl_hda_dsp_generic, pro-autput-0]
R117:
# VLAN 3114
hosts:
r117pc[01:35]:
r117pc80:
dual_screen: [HDMI-1, HDMI-A-1]
audio_output: [pci-0000_00_1b.0, analog-stereo]
R121:
# VLAN 3118
hosts:
r121pc[01:35]:
r121pc80:
audio_output: [pci-0000_00_1f.3, analog-stereo]
R202:
# VLAN 3107
hosts:
r202pc[01:20]:
r202pc80:
r202pc90:
vars:
misc_pxe_first: true
R205:
# VLAN 3117
hosts:
r205pc[01:10]:
R216:
# VLAN 3108
hosts:
r216pc[01:28]:
r216pc80:
audio_output: [pci-0000_00_1f.3, analog-stereo]
vars:
misc_pxe_first: true
R217:
# VLAN 3106
hosts:
r217pc[01:28]:
r217pc80:
dual_screen: [DisplayPort-1, DP-1]
audio_output: [pci-0000_00_1f.3, analog-stereo]
vars:
misc_pxe_first: true
R314:
# VLAN 3109
hosts:
r314pc[01:24]:
r314pc80:
audio_output: [pci-0000_04_00.0, hdmi-stereo-extra1]
vars:
misc_pxe_first: true
R317:
# VLAN 3110
hosts:
r317pc[01:24]:
r317pc80:
dual_screen: [HDMI-1, HDMI-A-1]
vars:
misc_pxe_first: true
R319:
# VLAN 3105
hosts:
r319pc[01:12]:
r319pc80:
dual_screen: [HDMI-1, HDMI-A-1]
audio_output: [pci-0000_00_1b.0, analog-stereo]
vars:
misc_pxe_first: true
R406:
# VLAN 3111
hosts:
r406pc[01:18]:
r406pc80:
dual_screen: [DP-2, DP-2]
vars:
misc_pxe_first: true
R407:
# VLAN 3112
hosts:
r407pc[01:18]:
r407pc80:
dual_screen: [HDMI-1, HDMI-A-1]
audio_output: [pci-0000_00_1f.3, hdmi-stereo-extra1]
vars:
misc_pxe_first: true
CU051:
# VLAN 3126
hosts:
cu051pc[01:16]:
C051:
# VLAN 3122
hosts:
c051pc[01:32]:
## Extra Rechner Lehrer kein Laptop:
C051pc:
# VLAN 3122
hosts:
c051pc80:
## Extra Rechner Lehrer kein Laptop:
C054:
# VLAN 3122
hosts:
c051pc81:
C055:
# VLAN 3124
hosts:
c055pc[01:32]:
C061:
# VLAN 3120
hosts:
c061pc[01:12]:
c061pc80:
C062:
# VLAN 3121
hosts:
c062pc[01:16]:
c062pc80:
E021:
# VLAN 3132
hosts:
e021pc80:
E024:
# VLAN 3133
hosts:
e024pc80:
E026:
# VLAN 3134
hosts:
e026pc[01:16]:
E029:
# VLAN 3135
hosts:
e029pc[01:16]:
M146:
# VLAN 3136
hosts:
m146pc[01:08]:
A126:
# VLAN 3128
hosts:
a126pc[01:12]:
A127:
# VLAN 3159
hosts:
a127pc01:
A130:
# VLAN 3129
hosts:
a130pc[01:12]:
A134:
# VLAN 3130
hosts:
a134pc[01:26]:
a134pc[80:81]:
vars:
exam_teacherpc_ips:
- 10.190.30.80
- 10.190.30.81
- 10.190.30.82
A134pc:
# VLAN 3130
hosts:
a134pc82:
dual_screen: [HDMI-1, HDMI-A-1]
A135:
# VLAN 3131
hosts:
a135pc[01:08]:
a135pc[21:24]:
a135pc80:
K000:
# VLAN 3195
hosts:
r007pc01:
r008pc01:
r010pc01:
r011pc01:
r013pc01:
r014pc01:
r017pc01:
K100:
# VLAN 3196
hosts:
r103pc01:
dual_screen: [HDMI-2, HDMI-A-2]
r104pc01:
dual_screen: [HDMI-2, HDMI-A-2]
r112pc01:
r114pc01:
audio_output: [pci-0000_00_1b.0, analog-stereo]
r118pc01:
dual_screen: [HDMI-1, HDMI-A-1]
audio_output: [pci-0000_00_1b.0, analog-stereo]
r120pc01:
K200:
# VLAN 3199
hosts:
r204pc01:
r204pc02:
r207pc01:
r208pc01:
r209pc01:
r210pc01:
r212pc01:
r214pc01:
K300:
# VLAN 3198
hosts:
r302pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
r304pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
r307pc01:
r308pc01:
r310pc01:
r311pc01:
r313pc01:
audio_output: [pci-0000_00_1f.3, hdmi-stereo-extra1]
r316pc01:
K400:
# VLAN 3197
hosts:
r405pc01:
dual_screen: [HDMI-3, HDMI-A-3]
r409pc01:
dual_screen: [HDMI-3, HDMI-A-3]
r410pc01:
dual_screen: [HDMI-3, HDMI-A-3]
r411pc01:
dual_screen: [HDMI-3, HDMI-A-3]
r413pc01:
dual_screen: [HDMI-3, HDMI-A-3]
r414pc01:
dual_screen: [HDMI-3, HDMI-A-3]
r415pc01:
dual_screen: [HDMI-3, HDMI-A-3]
CK100:
# VLAN 3190
hosts:
c152pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
c153pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
c154pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
misc_clonescreen_mode: "1680x1050@60"
c155pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
misc_clonescreen_mode: "1680x1050@60"
c156pc01:
c157pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
misc_clonescreen_mode: "1440x900@60"
c158pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
c159pc01:
audio_output: [pci-0000_00_1f.3, analog-stereo]
misc_clonescreen_mode: "1440x900@60"
EK100:
# VLAN 3191
hosts:
e019pc01:
L000:
# VLAN 3155
hosts:
r002pc01:
r002pc02:
r003pc01:
r005pc01:
localhome: true
r009pc01:
r012pc01:
r015pc01:
L100:
# VLAN 3154
hosts:
r102pc01:
r105pc01:
r109pc01:
r112pc01:
localhome: true
r112pc02:
localhome: true
r116pc01:
r116pc02:
r118pc01:
L200:
# VLAN 3151
hosts:
r201pc[01:03]:
r206pc01:
r211pc01:
r211pc02:
localhome: true
r213pc01:
r215pc[01:03]:
r218pc01:
L300:
# VLAN 3152
hosts:
r301pc01:
r306pc[01:03]:
r309pc[01:03]:
r312pc01:
r315pc01:
L400:
# VLAN 3153
hosts:
r404pc[01:02]:
r408pc01:
r412pc01:
CK000:
# VLAN 3189
hosts:
c059pc01:
misc_clonescreen_mode: "1440x900@60"
audio_output: [pci-0000_00_1f.3, analog-stereo]
c060pc01:
CL100:
# VLAN 3162
hosts:
c161pc[01:05]:
ML100:
# VLAN 3158
hosts:
m080pc01:
m144pc01:
m144pc02:
m153pc01:
m155pc01:
m158pc01:
m162pc01:
EL100:
# VLAN 3159
hosts:
a127pc01:
CloneScreen:
hosts:
r016pc80:
r115pc80:
r117pc80:
r121pc80:
r202pc80:
r216pc80:
r217pc80:
r314pc80:
r317pc80:
r319pc80:
r406pc80:
r407pc80:
r407pc80:
a134pc82:
a135pc80:
c061pc80:
c062pc80:
e021pc80:
e024pc80:
children:
K000:
K100:
K200:
K300:
K400:
CK100:
CK000:
vars:
misc_clonescreen: true
PCroom:
children:
R016:
R115:
R117:
R121:
R202:
R216:
R217:
R314:
R317:
R319:
R406:
R407:
CU051:
C051:
C055:
C061:
C062:
M146:
A126:
A130:
A134:
A135:
E026:
E029:
vars:
sudo_permissions:
"%role-teacher":
- /usr/bin/journalctl --since today
exam_destination_allowed_ipv4:
- 10.190.1.0/24
- 10.190.2.0/24
- 10.190.4.0/24
- 192.168.122.0/24
Kroom:
children:
K200:
K300:
K400:
CK100:
Lroom:
children:
L000:
L100:
L200:
L300:
L400:
ML100:
EL100:
CL000:
CL100:
vars:
cifsopt: ""
desktop:
children:
PCroom:
Kroom:
Lroom:
C054:
laptop:
children:
CU051:
C051:
C055:
A126:
A130:
A134:
E026:
E029:
teacherlaptop:
hosts:
# Experimental Laptop installed in JuFo LAN
m080pc01:
r302pc01:
r304pc01:
a135pc[21:24]:
nb[001:104]:
nb105:
localhome_logout_missing_serverhome: false
nb[106:112]:
nb113:
localhome_logout_missing_serverhome: false
nb[114:999]:
vars:
wlan: "eap-tls"
cifsopt: ",cache=loose,echo_interval=10"
localhome: true
localuser: ferdi
localuser_password: !unsafe steini
sudo_permissions:
"%role-teacher":
- /usr/bin/journalctl --since today
teacherlaptop:
hosts:
nbt[001:105]:
nbt[106:999]:
encrypt_tpm2: true
vars:
exam_mode: false
vpn: wg
extra_pkgs1:
- plasma-discover
- nextcloud-desktop
- dolphin-nextcloud
sudo_permissions:
"%role-teacher":
- /usr/bin/apt
- /usr/sbin/cryptsetup
polkit_rules:
"role-teacher":
- "org.freedesktop.NetworkManager.settings.modify.system"
- "org.freedesktop.packagekit.package-install"
- "org.freedesktop.packagekit.package-reinstall"
- "org.freedesktop.packagekit.system-update"
- "org.freedesktop.packagekit.upgrade-system"
- "org.freedesktop.packagekit.package-install-untrusted"
localuser: false
localhome_logout_missing_serverhome: false
wlan_enable_on_boot: false
misc_avoid_suspend: false
misc_pwroff: false
misc_pwroff_idle: false
misc_reporter: false
printer_admin_group: role-teacher
fvs_remove_discover: false

45
vault-fvs.yml Normal file
View file

@ -0,0 +1,45 @@
$ANSIBLE_VAULT;1.1;AES256
35333038363061373031666537313631653364653164643236373864316261626537633336336261
6262313765616335643166623261663434356366333633340a616339623331373436626532396265
31613162383038633132653964323137353165346539326366316234383535633637323032376237
3864613565343236650a333364336164616137393431303334393433636363656431653438666237
32626661346637356635646664656132333230373066626437623636343865306230386233396232
62326636626338626166303633613763333338626235316238633463653563646230323431653437
31383339636663303266313130323234383938306361616636313066326564343437663636326163
31613830363964343335626566653938623066363432316438626666623139616266373264323533
65323532353264613437303563346263343538643039626366643166653032666163633164663632
64363338636230313166353530316232386136373133303562303537656265303265613232313461
39633061353939663030613834626663303630383561653262373461656130303337623566626432
65396232343739333530333235653862363836643932366131376138356530363030323030666439
64656635316466613564373037383837303436646561616530363434333936656630386430393038
63333861376638323834393338333533643431646533343035306233633933353531666565616632
65666333376535373931336231643065613464633266636238363963306233633336336164383261
66333233663061666636323063363530646161666161376333313066633431626234343438373861
63343661346565353135393633633030303836646232616233623130336637353933303335643834
34333237613137653234323938366364313233613734376230363636353766656164393637313635
62653266366162366134306664353232376432376436326530643139393763623832323035613065
33663664316161663034656564323536383264663964376565376162616537366364633336396333
34313231663430613330343561656431323931313962333562346230653337393362303438316533
64316537323966323932616437633939393165376239393537383132383130633532343433366531
35666231653331363033396165626438353035643861616334393361396434386337353837666663
66383636666630613237346666666637616665303333336234653561366332343763356439643838
38393363313932376166333436323738346136636166653839313639656430333930663836303263
33633039326534616562643865323265613463353933323039393731623763356533613331306566
38646637363936306338363238353263303937633538373463336238326339323138366566366666
32306633353665323961373730636338653638653531653136623034313339613162353566383362
66326630303763333961383430623733356264346239353537613137636666396432333233653530
32343039366562616666616336653134373631386562623163366233356465386566336265333636
37336431663732383038346530316439366332373462663933353636653935396134626234333735
36623837663030303665316433396162666130656630653765303561343135326633313337666664
63333735326664313831376666623865346330623962353132363335356664626265636564373033
32633833333334376639353138646465656263376366316134383531623866663330336532353061
33343638383735346233613964633262626335373662646433636363626563393065333439636236
33613166323562656466323735643337623432636538663135623961316632323430363533393333
65346230316537323835303839363835323337383762393439393665386236383930666535326133
65336532643336313335313034643063303237633965363634663231383534363464346239323130
39343239313133323665623935303461383039303331376162663033393634356630323236666463
61323535653165373539633166343233306665626464646532616162373865303038653464383033
34366131356430376131386232316135343332663232666131346433366432386361356662303835
62373332623335346534373565636438373136646434346266663739363861363338306338393839
37656437646335636130626231343662666134346337353163316333616335353162663432663730
34306565323039363936