Merge branch 'master' into fetlab

doc/ariane.md

@@ -20,11 +20,7 @@ Configure the clock: NTP Server: tutimea.tuwien.ac.at
 Detect disks, partition disks: manual
 RAID1 md0 with both SSDs https://blog.sleeplessbeastie.eu/2013/10/04/how-to-configure-software-raid1-during-installation-process/
 /dev/nvmeXn1p1 32GB primary Volume für / in btrfs 32GB
-/dev/nvmeXn1p5 1.5 GB logical Volume
-/dev/nvmeXn1p6 1.5 GB logical Volume
-/dev/nvmeXn1p7 1.5 GB logical Volume
-/dev/nvmeXn1p8 1.5 GB logical Volume
-/dev/nvmeXn1p9 90  GB logical Volume
+/dev/nvmeXn1p2 80 GB primary Volume
 ZFS RAIDZ-2 on is already on 4 x 6TB disks = 12TB 0 spares
 partition1 ariane-root btrfs noatime, discard
 Generic Kernel
@@ -79,8 +75,7 @@ zpool create -o ashift=12 -o autoexpand=on -o autoreplace=on -O atime=off -O com
 /dev/mapper/ata-WDC_WD60EFRX-68L0BN1_WD-WX21D36PPLPH-part1 \
 /dev/mapper/ata-WDC_WD60EFRX-68L0BN1_WD-WX21D36PP0K1-part1 \
 /dev/mapper/ata-WDC_WD60EFRX-68L0BN1_WD-WXB1HB4MJCMM-part1
-zpool add zv1 log mirror /dev/nvme0n1p5 /dev/nvme1n1p5
-zpool create -o ashift=12 -O atime=off -O compression=lz4 ssd mirror /dev/disk/by-id/nvme-INTEL_SSDPEKKW128G7_BTPY63830DUM128A-part9 /dev/disk/by-id/nvme-INTEL_SSDPEKKW128G7_BTPY63750L9G128A-part9
+zpool create -o ashift=12 -O atime=off -O compression=lz4 ssd mirror /dev/disk/by-id/nvme-INTEL_SSDPEKKW128G7_BTPY63830DUM128A-part2 /dev/disk/by-id/nvme-INTEL_SSDPEKKW128G7_BTPY63750L9G128A-part2
 ```
 ### Create datasets
 ```shell
@@ -91,7 +86,7 @@ chown root:nogroup /zv1/homes
 chown root:2000 /zv1/daten/ /zv1/fotos/
 zfs create -o canmount=off -o setuid=off -o exec=off ssd/var
 zfs create -o com.sun:auto-snapshot=false -o mountpoint=/var/lib/nfs ssd/var/nfs
-zfs create -o com.sun:auto-snapshot=false ssd/var/cache
+zfs create -o com.sun:auto-snapshot=false -o exec=on ssd/var/cache
 zfs create ssd/var/log
 zfs create -o exec=on ssd/var/lxc
 mv /var/cache/* /ssd/var/cache/
@@ -154,6 +149,7 @@ zpool list -v
 zpool get all
 zpool history
 zpool scrub zv1
+zfs list -o space
 ```
 ### show and delete all snapshots
 ```shell
@@ -166,6 +162,16 @@ mdadm --misc --detail /dev/md0
 echo check > /sys/block/md0/md/sync_action
 watch -n 0.1 cat /proc/mdstat
 ```
+## Start System
+```shell
+zfs_mount.sh mount # Enter Passphrase
+# start all LXC containers
+```
+## Reboot System
+```shell
+# stop all LXC containers
+zfs_mount.sh reboot
+```
 ## Shutdown System
 ```shell
 # stop all LXC containers

doc/configs/ariane_mbr_nvme1n1.txt

@@ -1,16 +0,0 @@
-Disk /dev/nvme1n1: 119.2 GiB, 128035676160 bytes, 250069680 sectors
-Units: sectors of 1 * 512 = 512 bytes
-Sector size (logical/physical): 512 bytes / 512 bytes
-I/O size (minimum/optimal): 512 bytes / 512 bytes
-Disklabel type: dos
-Disk identifier: 0x35c808a6
-
-Device         Boot    Start       End   Sectors  Size Id Type
-/dev/nvme1n1p1          2048  62500863  62498816 29.8G fd Linux raid autodetect
-/dev/nvme1n1p2      62502910 250068991 187566082 89.4G  5 Extended
-/dev/nvme1n1p5      62504960  65435647   2930688  1.4G 83 Linux
-/dev/nvme1n1p6      65437696  68368383   2930688  1.4G 83 Linux
-/dev/nvme1n1p7      68370432  71301119   2930688  1.4G 83 Linux
-/dev/nvme1n1p8      71303168  74233855   2930688  1.4G 83 Linux
-/dev/nvme1n1p9      74235904 250068991 175833088 83.9G 83 Linux
-

doc/configs/ariane_mbr_ssd.txt

@@ -7,9 +7,4 @@ Disk identifier: 0x21183a98
 
 Device         Boot    Start       End   Sectors  Size Id Type
 /dev/nvme0n1p1          2048  62500863  62498816 29.8G fd Linux raid autodetect
-/dev/nvme0n1p2      62502910 250068991 187566082 89.4G  5 Extended
-/dev/nvme0n1p5      62504960  65435647   2930688  1.4G 83 Linux
-/dev/nvme0n1p6      65437696  68368383   2930688  1.4G 83 Linux
-/dev/nvme0n1p7      68370432  71301119   2930688  1.4G 83 Linux
-/dev/nvme0n1p8      71303168  74233855   2930688  1.4G 83 Linux
-/dev/nvme0n1p9      74235904 250068991 175833088 83.9G 83 Linux
+/dev/nvme0n1p2      62500864 230273023 167772160   80G 83 Linux

doc/gitea.md

@@ -1,4 +1,12 @@
-# Gitea LDAP Authentication settings
+# Gitea
+
+## Setup using installer, create user root
+
+```shell
+INSTALL_LOCK to false
+```
+
+## Gitea LDAP Authentication settings
 
 - Authentication Type: `LDAP (via BindDN)`
 - Authentication Name: `LDAP`
@@ -7,7 +15,9 @@
 - Port: `389`
 - User Search Base: `dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at`
 - User Filter: `(&(objectClass=posixAccount)(uid=%s))`
-- Admin Filter: `(memberOf=cn=admin,ou=groups,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at)`
+- Admin Filter: doesn't work, otherwise `(memberOf=cn=admin,ou=groups,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at)`
 - First name attribute: `givenName`
 - Surname attribute: `sn`
 - Email attribute: `mail`
+
+No Bind-DN and password needed!

doc/sojus.md

@@ -1,4 +1,28 @@
 # sojus
+
+## test if backups work
+```shell
+cd /home/backup/repos/
+borg list <repo>/system
+borg check -v <repo>/system
+```
+
+## test if backups work from remote
+```shell
+/etc/cron.d/borgbackup_system_create_sojus
+cat /var/log/borg/system_create_sojus.lastlog
+```
+
+## retrieve files from backup
+```shell
+cd /home/backup/repos/
+borg mount <repo>/system /mnt/
+```
+retrieve backup data from /mnt
+```shell
+borg umount /mnt
+```
+
 ## create big backup locally
 ```shell
 cryptsetup luksOpen /dev/disk/by-id/ata-<ID>-part1 ata-<ID>-part1

files/known_hosts

@@ -1,4 +0,0 @@
-sputnik,sputnik.htu.tuwien.ac.at,128.131.95.206 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4Nj/FF5NOYdoYbIGo0vqNuyFw6bvNE70lPQWoQiRyj9Gp8Imovw87cN1CtP1OOaESW+6bLi0TXZnCxaVn5zOYLBap7m/iLUDjzuOM0suogr8sGPvc4JUGNg4ofLvGTUkJELwxYtg38aG2fG8Gklh96txoR70RjncWPtQR/yXkZs=
-atlas ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsY/JwHRX6YH0WSbp6+xpoZmuQOGDaEsQX7gmad0y4Qv2Sk4MXvvD9vqWGz7qX7YDAskbrCgptX/tRTXoiaVlH635bpkWaevfVcY+DF7JgsrVzayfit5sxG6c8N1qCgXX6GlOQnwRgkHUgBCmkEOtJXvgv5AwUL3B+8fhtqbgMB1aHXbZ0Wbo8AnUgwt9Jti/Nlegd03uY6NT8fk9JaD6MF1eg45ggdvyin621xoWu1wmJu9+wZJFJ7lxKYH49d+6rQlbVwTNLFWxMaIM18OIK5ON/py//Zxa2smyvntZf584nRCvqhU3FYMfY9BZJRVb+3slS+W08Rb9c6OZgiAnh
-ariane ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLKqNwsw3yBDVJFIvssJWqhD0E03z9FnrNhcBLIdklJ
-lxc-pet-01 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtD59+Py1juHugC0aImmgD66FWEYoSOrKyXzC/mfLsP

group_vars/all

@@ -19,8 +19,13 @@ common_hostname: True
 common_rsyslog: True
 common_openssh_permit_root_login: "yes"
 
+common_ntp_servers:
+  - tutimea.tuwien.ac.at
+  - tutimeb.tuwien.ac.at
+  - tutimec.tuwien.ac.at
+
 common_resolvconf: True
-common_resolvconf_nameservers: ["10.0.3.1", "192.168.86.1"]
+common_resolvconf_nameservers: ["192.168.86.1"]
 common_resolvconf_search: ["fet.htu.tuwien.ac.at"]
 common_resolvconf_domain: "fet.htu.tuwien.ac.at"
 nocows: True
@@ -42,5 +47,5 @@ common_openssh_keys_root:
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEer+2Q3/bSJv2SpaGo8tjkQdSw/Kqoyy3XZ2RrtEqwzGozfvjyrZ0jd2Vy6LJ37o3n34brfVOvzeBaiSzc+5ciNgRVohaMydM6ADSGvZ9S2BGod1KonKfTbultWA1+BzJAjn7ZTjLlPJmceITYlh5uAnHrWQgZNPipMHLbKnSMUUd7AbkBy/nhg/ad5dO6e9TOXmEY+cNMCcA20R1i/O9nA1LIgXfnx1WKtW40gOf5YioHnhOMo8rNP5WlzZ1Lf5SiMJgxeT0covc3pq+hAHa+Y6KKdeO5oQ36RMi5FJUk2txQHGQtAjLMg0dv+bJgepIakM5wxekk9oY0J8inZOMh0mRH86KMH3SDwXt2xPomXfkGKeHVkM5VO6qfv8CzX/FjMoTTFGVaKDEPngbA8BIrPD7++gicdcnkmYOJLXgBDuJhhpis/Yp8F+F1tMBDT9LRLNvM18BXpekoFJNwTWJOAR8gktsiYP3VMt6oN1Y5lStvzv6MkhaEa0WGqjQoOJsQuI1roVHwlQhyWM/igCeO0Egb7qz/qPJHRRCgNfVjDO/rtFK09EjmG1bQrgOP7dJv0E+3scxilnoIED6ocCpKNVpc/okehgHwC+QdIpWrn5fPrXJt/hifguCn7KziWfQne8eIxaQOWBaZLdcY7HmgtQmOi3KRlKy+ORXtj/+MQ== hans@fet.at"
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZAVxkHZYqjgCBcfHy0yggdVALZKoQbJP1TJAEYgLIAWFQ0ZPMGDaidOQiTzFTE0i35MUlQB6Rc+pTYnW/+h9rzktWbU/8RNirQve2XR5TWiRIUa13p31Xgjyw05O0uF3LEL/SmZruMHy25ncDXGF+xC2VllIttC+fLHJWLXIbWVujHdOA69fBqOonQrcPTsg1l4QQv6ZAxwVgCsbeOccZkdpoT0BJk03nflW+SGsKthTYX2VMGJlc/4QjArfZ2hTykr0I/lSA6E9FkFSLl65ejovGxCp1oXn484DlyajoXqJY7IOD86izXqkQSq4w4bLKEdrfQOnfGKe1XmxzFdk92SNEW41RXokNQ16xOBZzO1ZHkXd6hx0Pj6aBvUbs3PlCn4q764LKIcjSk7ADgeC5OBA4xgRxyZt9vuP93o7jl3vvqLWevsFa0j8orxC0D3cO5SMPbowW9LqrtqHynC0WltrtLT5+Q2tBSavP615NOu+bfcakgiWN8otv41ST+2hWka8qNptOxTRj/h7+MMOyi9bh1vjgB1KkOZYotJtFdXKFiYz+buIKwguWZWEni9uTRMiEsu84x8aJwdptPO0UIgZGroyUZJcWlUkwrkdE5T4cg9zP14M6zmogAYEI7oRX56FyspRVlA7J6VF/mcZ1z6ufH+97cle613gPKUVkpw== andis@fet.at"
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKrEdkD1Oecw++r77MVrga1e20FA+e/O37rhMc0etS5MvlbsAHd6Ftx2SIXVtwDnHDzyUAOJb8WlYPdG5r/QJYtXgVMGZrZ31UFdlAZq3K8ytczKkcMgnEEOWYSSyQRJlEW5LkZ9tD0hv1myIg5iw6Vpuqe6YFSkdDHtGxf0lnLAfi1XKwu7b7tARJz7teOAjaFzXumvsZlFx9BdufMW32uu7BSYWjSGcrEzMyyB/5C3kU/d5Q1ZTNK6tceopFr/K1lKBzvj85safD5BH8NpjvLe1QkzHu+C0AVxYNtqGHI5oWJbcR+UOwelBeEM/On+/Xq0ZIVmiLmFx03Qun8t1n berni@fet.at"
-  - key: 'no-pty,no-agent-forwarding,no-X11-forwarding,command="shutdown -h +1" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiI41+XkobMT0K8ZrHdCeomdGAIRMZbdX1VjGe5OWa72rcaDFmBtK7MxD5xPZEdSaDkn+Nrpwv5/j10MccvkAOI/tx6PIxcgDF52FnHLMMVrXRM3cnkm9CrBi4kCN0D2fpbDLhknJhiqftIcPdct/a9foZQwkWOzGUN2Rk0mCw2QzkGyWHNxOMzMjV0gpfAWPv6Jg+JKDl5EHf2xJTeJ/l0TG6O0lsc5YY/7cqjRJJzTVFDo1Gy+qNgff0mbPrhcbWepG5R1tjkdT++f8uuoVkBUamwkjwDpH2y57sdESEPB0C5ES2cglOp2X3MMN7EnUBHYU3mMiYU0wV+b7Q3oKmQuG86a2D+yEp+0+WFaUY/TMCNpslGOtTBrNLshMIX/bnrx/aF9DApl9L/kUIlSxwwBNiPIl4VVU1p5Zzj/YAPvRl0kAKjosOZgl108JeRUbhQSGVrcODyhaIMQv4BAzHnV0kii7jNACHhqBR36eo3N6HX7GkbnU1YadZRcrxrpE9z9mrXuqWxzl4Cmz1yHb1JTwsnQQ2Dy0trIklQjEmLxvG8zpxHLV3EQmtIMK/g2Mk6VTdz9HZnwYLU7Mj/uZk0DWhTZ5Eyj6QAbcw2gLPLEUmdQhkHSoQKxHY0at3OjGFGydyc/3n7B7d578uxVBrp04uhTbW7SDi6mYGCkvCRQ== nut ups shutdown'
+  - key: 'no-pty,no-agent-forwarding,no-X11-forwarding,command="zfs_mount.sh shutdown || shutdown -h +1" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiI41+XkobMT0K8ZrHdCeomdGAIRMZbdX1VjGe5OWa72rcaDFmBtK7MxD5xPZEdSaDkn+Nrpwv5/j10MccvkAOI/tx6PIxcgDF52FnHLMMVrXRM3cnkm9CrBi4kCN0D2fpbDLhknJhiqftIcPdct/a9foZQwkWOzGUN2Rk0mCw2QzkGyWHNxOMzMjV0gpfAWPv6Jg+JKDl5EHf2xJTeJ/l0TG6O0lsc5YY/7cqjRJJzTVFDo1Gy+qNgff0mbPrhcbWepG5R1tjkdT++f8uuoVkBUamwkjwDpH2y57sdESEPB0C5ES2cglOp2X3MMN7EnUBHYU3mMiYU0wV+b7Q3oKmQuG86a2D+yEp+0+WFaUY/TMCNpslGOtTBrNLshMIX/bnrx/aF9DApl9L/kUIlSxwwBNiPIl4VVU1p5Zzj/YAPvRl0kAKjosOZgl108JeRUbhQSGVrcODyhaIMQv4BAzHnV0kii7jNACHhqBR36eo3N6HX7GkbnU1YadZRcrxrpE9z9mrXuqWxzl4Cmz1yHb1JTwsnQQ2Dy0trIklQjEmLxvG8zpxHLV3EQmtIMK/g2Mk6VTdz9HZnwYLU7Mj/uZk0DWhTZ5Eyj6QAbcw2gLPLEUmdQhkHSoQKxHY0at3OjGFGydyc/3n7B7d578uxVBrp04uhTbW7SDi6mYGCkvCRQ== nut ups shutdown'
     state: present

group_vars/fet_lxc_void

@@ -8,6 +8,7 @@ common_basic_packages:
   - git
   - htop
   - logrotate
+  - ldns
   - ncdu
   - rsync
   - strace

host_vars/ariane

@@ -2,7 +2,8 @@
 inventory_hostname: ariane.fet.htu.tuwien.ac.at
 inventory_hostname_short: ariane
 
-common_interfaces: interfaces_ariane.j2
+common_interfaces: True
+common_interfaces_file: interfaces_ariane.j2
 common_iptables_v4: "iptables_ariane_v4.j2"
 common_iptables_v6: "iptables_ariane_v6.j2"
 
@@ -12,26 +13,29 @@ lxc:
     revision: "01"
     template: debian
     config:
-      - lxc.network.1.type = veth
-      - lxc.network.1.hwaddr = 1c:bd:b9:7f:fe:a4
-      - lxc.network.1.link = br0
-      - lxc.network.1.flags = up
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 1c:bd:b9:7f:fe:a4
+      - lxc.network.link = br0
+      - lxc.network.flags = up
 
   - name: betam
     revision: "01"
     template: debian
     config:
-      - lxc.network.1.type = veth
-      - lxc.network.1.hwaddr = 2e:6d:b6:07:14:01
-      - lxc.network.1.link = br0
-      - lxc.network.1.flags = up
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 2e:6d:b6:07:14:01
+      - lxc.network.link = br0
+      - lxc.network.flags = up
       - lxc.cgroup.devices.allow = c 188:0 rwm
 
   - name: zyklon
     revision: "01"
     template: voidlinux
     config:
+      - lxc.network.type = veth
       - lxc.network.hwaddr = 2e:6d:b6:07:15:01
+      - lxc.network.link = br0
+      - lxc.network.flags = up
       - lxc.pts = 6
 
   - name: progress
@@ -60,9 +64,10 @@ lxc:
     revision: "01"
     template: debian
     config:
-      - lxc.network.1.type = veth
-      - lxc.network.1.hwaddr = 2e:6d:b6:07:16:01
-      - lxc.network.1.link = br0
-      - lxc.network.1.flags = up
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 2e:6d:b6:07:16:01
+      - lxc.network.link = br0
+      - lxc.network.flags = up
 
 common_zfs: True
+common_snapper: False

host_vars/progress

@@ -3,4 +3,4 @@ inventory_hostname_short: progress
 
 common_iptables_v4: "iptables_progress_v4.j2"
 common_iptables_v6: "iptables_progress_v6.j2"
-printer_ip: 192.168.86.14
+printer_ip: dell3465

roles/ariane/files/lxc_default.conf

@@ -1,5 +1 @@
-lxc.network.type = veth
-lxc.network.link = lxcbr0
-lxc.network.flags = up
-
 lxc.aa_profile = unconfined

roles/ariane/tasks/lxc.yml

@@ -14,7 +14,7 @@
 - name: lxc - /etc/default/lxc-net
   copy:
     dest: /etc/default/lxc-net
-    content: 'USE_LXC_BRIDGE="true"'
+    content: 'USE_LXC_BRIDGE="false"'
     owner: root
     group: root
     mode: 0644

roles/borg_server/tasks/borgbackup_server.yml

@@ -26,6 +26,9 @@
     - "{{ borgbackup_server_home }}/.ssh"
     - "{{ borgbackup_server_pool }}"
 
+- name: borg_server - create fuse device for mounting
+  command: mknod -m 666 /dev/fuse c 10 229 creates=/dev/fuse
+
 - name : borg_server - create authorized_keys
   stat:
     path: "{{ borgbackup_server_home }}/.ssh/authorized_keys"

roles/osticket/files/index.html

@@ -0,0 +1,9 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head>
+<meta http-equiv="refresh" content="0; URL=./scp/">
+</head><body>
+<br>
+
+<link rel="shortcut icon" href="favicon.ico">
+<link rel="icon" type="image/gif" href="favicon.gif">
+</body></html>

roles/osticket/files/ost-config.php

@@ -0,0 +1,162 @@
+<?php
+/*********************************************************************
+    ost-config.php
+
+    Static osTicket configuration file. Mainly useful for mysql login info.
+    Created during installation process and shouldn't change even on upgrades.
+
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2010 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+    $Id: $
+**********************************************************************/
+
+#Disable direct access.
+if(!strcasecmp(basename($_SERVER['SCRIPT_NAME']),basename(__FILE__)) || !defined('INCLUDE_DIR'))
+    die('kwaheri rafiki!');
+
+#Install flag
+define('OSTINSTALLED',TRUE);
+if(OSTINSTALLED!=TRUE){
+    if(!file_exists(ROOT_DIR.'setup/install.php')) die('Error: Contact system admin.'); //Something is really wrong!
+    //Invoke the installer.
+    header('Location: '.ROOT_PATH.'setup/install.php');
+    exit;
+}
+
+# Encrypt/Decrypt secret key - randomly generated during installation.
+define('SECRET_SALT','BaeFGWPNwDymYuYtmpo62AZLoL0Q4oV9');
+
+#Default admin email. Used only on db connection issues and related alerts.
+define('ADMIN_EMAIL','bofh@fet.at');
+
+# Database Options
+# ---------------------------------------------------
+# Mysql Login info
+define('DBTYPE','mysql');
+define('DBHOST','localhost');
+define('DBNAME','osticket');
+define('DBUSER','osticket');
+define('DBPASS','PiRWgNBrD9SZsceW');
+
+# Table prefix
+define('TABLE_PREFIX','ost_');
+
+#
+# SSL Options
+# ---------------------------------------------------
+# SSL options for MySQL can be enabled by adding a certificate allowed by
+# the database server here. To use SSL, you must have a client certificate
+# signed by a CA (certificate authority). You can easily create this
+# yourself with the EasyRSA suite. Give the public CA certificate, and both
+# the public and private parts of your client certificate below.
+#
+# Once configured, you can ask MySQL to require the certificate for
+# connections:
+#
+# > create user osticket;
+# > grant all on osticket.* to osticket require subject '<subject>';
+#
+# More information (to-be) available in doc/security/hardening.md
+
+# define('DBSSLCA','/path/to/ca.crt');
+# define('DBSSLCERT','/path/to/client.crt');
+# define('DBSSLKEY','/path/to/client.key');
+
+#
+# Mail Options
+# ---------------------------------------------------
+# Option: MAIL_EOL (default: \n)
+#
+# Some mail setups do not handle emails with \r\n (CRLF) line endings for
+# headers and base64 and quoted-response encoded bodies. This is an error
+# and a violation of the internet mail RFCs. However, because this is also
+# outside the control of both osTicket development and many server
+# administrators, this option can be adjusted for your setup. Many folks who
+# experience blank or garbled email from osTicket can adjust this setting to
+# use "\n" (LF) instead of the CRLF default.
+#
+# References:
+# http://www.faqs.org/rfcs/rfc2822.html
+# https://github.com/osTicket/osTicket-1.8/issues/202
+# https://github.com/osTicket/osTicket-1.8/issues/700
+# https://github.com/osTicket/osTicket-1.8/issues/759
+# https://github.com/osTicket/osTicket-1.8/issues/1217
+
+# define(MAIL_EOL, "\r\n");
+
+#
+# HTTP Server Options
+# ---------------------------------------------------
+# Option: ROOT_PATH (default: <auto detect>, fallback: /)
+#
+# If you have a strange HTTP server configuration and osTicket cannot
+# discover the URL path of where your osTicket is installed, define
+# ROOT_PATH here.
+#
+# The ROOT_PATH is the part of the URL used to access your osTicket
+# helpdesk before the '/scp' part and after the hostname. For instance, for
+# http://mycompany.com/support', the ROOT_PATH should be '/support/'
+#
+# ROOT_PATH *must* end with a forward-slash!
+
+# define('ROOT_PATH', '/support/');
+
+
+# Option: TRUSTED_PROXIES (default: <none>)
+#
+# To support running osTicket installation on a web servers that sit behind a
+# load balancer, HTTP cache, or other intermediary (reverse) proxy; it's
+# necessary to define trusted proxies to protect against forged http headers
+#
+# osTicket supports passing the following http headers from a trusted proxy;
+# - HTTP_X_FORWARDED_FOR    =>  Chain of client's IPs
+# - HTTP_X_FORWARDED_PROTO  =>  Client's HTTP protocal (http | https)
+#
+# You'll have to explicitly define comma separated IP addreseses or CIDR of
+# upstream proxies to trust. Wildcard "*" (not recommended) can be used to
+# trust all chained IPs as proxies in cases that ISP/host doesn't provide
+# IPs of loadbalancers or proxies.
+#
+# References:
+# http://en.wikipedia.org/wiki/X-Forwarded-For
+#
+
+define('TRUSTED_PROXIES', '');
+
+
+# Option: LOCAL_NETWORKS (default: 127.0.0.0/24)
+#
+# When running osTicket as part of a cluster it might become necessary to
+# whitelist local/virtual networks that can bypass some authentication/checks.
+#
+# define comma separated IP addreseses or enter CIDR of local network.
+
+define('LOCAL_NETWORKS', '127.0.0.0/24');
+
+
+#
+# Session Storage Options
+# ---------------------------------------------------
+# Option: SESSION_BACKEND (default: db)
+#
+# osTicket supports Memcache as a session storage backend if the `memcache`
+# pecl extesion is installed. This also requires MEMCACHE_SERVERS to be
+# configured as well.
+#
+# MEMCACHE_SERVERS can be defined as a comma-separated list of host:port
+# specifications. If more than one server is listed, the session is written
+# to all of the servers for redundancy.
+#
+# Values: 'db' (default)
+#         'memcache' (Use Memcache servers)
+#         'system' (use PHP settings as configured (not recommended!))
+#
+# define('SESSION_BACKEND', 'memcache');
+# define('MEMCACHE_SERVERS', 'server1:11211,server2:11211');
+?>

roles/scans/tasks/samba.yml

@@ -5,7 +5,7 @@
   - samba
 
 - name: samba - /etc/smb.conf
-  template: dest=/etc/smb.conf src=smb.conf.j2 owner=root group=root mode=0644
+  template: dest=/etc/samba/smb.conf src=smb.conf.j2 owner=root group=root mode=0644
   notify: restart samba
 
 - name: samba - create users group

roles/scans/templates/smb.conf.j2

@@ -6,7 +6,6 @@
    server string = PROGRESS
 
    security = user
-   hosts allow = 192.168.86.14
 
    log file = /var/log/samba/%m.log
    max log size = 500

templates/interfaces_ariane.j2

@@ -9,11 +9,9 @@ allow-hotplug enp8s0
 iface enp8s0 inet dhcp
 
 auto br0
-iface br0 inet dhcp
+iface br0 inet manual
     bridge_ports enp9s0
     bridge_fd 0
     bridge_maxwait 0
 
 dns-nameservers 192.168.86.1
-#dns-nameservers 192.168.86.1 10.0.3.1
-#dns-nameserver 10.0.3.1