Upload Ansible Files

playbook/roles/add-sshkey/files/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNdRNrH1dPWDce2Y70rij7B5Ef/a3jv3q2D/9M/uNEBicWJmXCZOYlT5iwP/A1hatx6wYZTXcmMffHwuwvTV7pcfIxCyzI4LrdyKVPlmcvx5APut5cbOGMK/qIUwTCYGKstCaVgtna/DWmeYxjDTUO2TalzImGlLMPDEasSc4yAzfvC/EHBo/JFRK5g0beXGeU6OYcJAGQViba9iD4I2M07DD1KY05k4KiOgMJP+n+hXTs5E7VWwfeKWhhtUJUD8dNoPtUW8xdFz3thqstX7WSHq/GTigFa0BuK61TrUQVfN6rbGVsoQMM/N/EtwD48yIxZUHft36Wkgw+PJcKELSfb/ggqCjEXuUoid3AX4dtlLtARoiURJPe5a0PUjuH0JBbVduKjQ/MVIQswJr0rPTbMtZxUxAIbHYhzhmxBlBTPDS7RdZkXh+Hq0dky4KECAs0kaYqoEnt4oX1vHtdBxW1JrBKFJN/djsPpkhzVHCoco576Gs4pI0046qjwy0y7QE= root@STI-AWX01

playbook/roles/add-sshkey/tasks/main.yaml

@@ -0,0 +1,4 @@
+- name: Copy a ssh-key to Windows Server file
+  ansible.windows.win_copy:
+    src: authorized_keys
+    dest: C:\Users\ansible-admin\.ssh\

playbook/roles/ansible_ip/tasks/main.yaml

@@ -0,0 +1,15 @@
+--- 
+- name: ADD static Ansible-IP Address {{ ansible_host }}
+  win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet 2' | New-NetIpAddress -IpAddress {{ ansible_host }} -PrefixLength 24 -DefaultGateway 110.1.1.250"
+  async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
+  poll: 0
+
+- name: Set IP Adress to {{ ip }}
+  win_shell: "Set-NetIpAddress -InterfaceAlias 'Ethernet 2' -IpAddress {{ ip }} -PrefixLength 24"
+  async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
+  poll: 0
+
+- name: Remove IPAdress 110.1.1.50
+  win_shell: "Remove-NetIPAddress -IpAddress 110.1.1.50 -Confirm:$false"  
+  async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
+  poll: 0

playbook/roles/docker/tasks/main.yaml

@@ -0,0 +1,28 @@
+- ansible.builtin.stat:
+    path: /usr/local/bin/docker-compose
+  register: stat_result
+
+- ansible.builtin.debug:
+    var: stat_result
+
+- ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - software-properties-common
+  when: stat_result.stat.exists == False
+
+- ansible.builtin.shell: 
+    cmd: curl -sSL https://get.docker.com/ | CHANNEL=stable sh
+  when: stat_result.stat.exists == False
+      
+- ansible.builtin.service:
+    name: docker
+    enabled: yes
+    state: restarted
+  when: stat_result.stat.exists == False
+  

playbook/roles/firewall-proxmox/tasks/main.yaml

@@ -0,0 +1,18 @@
+- name: Ping to Host "{{ inventory_hostname }}"
+  ansible.builtin.ping:
+
+- name: ADD Firewall Role Ports 22,8006 for Primary Interface
+  ansible.builtin.shell:
+    iptables -t nat -A PREROUTING -i $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -p tcp -m multiport ! --dport 22,8006 -j DNAT --to 10.0.0.2
+
+- name: ADD Firewall Role Ports UDP for Primary Interface
+  ansible.builtin.shell:
+    iptables -t nat -A PREROUTING -i $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -p udp -j DNAT --to 10.0.0.2
+
+- name: ADD Firewall Role Privat Network
+  ansible.builtin.shell:
+    iptables -t nat -A POSTROUTING -s '10.0.0.0/30' -o $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -j MASQUERADE
+
+- name: ADD IPv4 Forwarding
+  ansible.builtin.shell:
+    echo 1 > /proc/sys/net/ipv4/ip_forward

playbook/roles/jenkins/tasks/main.yaml

@@ -0,0 +1,9 @@
+- name: Install Jenkins Docker
+  community.docker.docker_container:
+    name: jenkins
+    image: jenkins/jenkins:latest
+    volumes:
+      - ./data
+    ports:
+      - 8080:8080
+    state: started

playbook/roles/openssh-server-service/tasks/main.yaml

@@ -0,0 +1,5 @@
+- name: Enable OpenSSH Server Service
+  ansible.windows.win_service:
+    name: sshd
+    start_mode: auto
+    state: started

playbook/roles/router/tasks/main.yaml

@@ -0,0 +1,130 @@
+# - name: Install Pfsense-Sudo Package
+#   ansible.builtin.shell:
+#     cmd:  pkg install -y pfsense-pkg-sudo
+
+- name: Set Hostname to "{{ kundenkürzel }}-ROU01"
+  pfsensible.core.pfsense_setup:
+    hostname: "{{ kundenkürzel }}-ROU01"
+    domain: "{{ kundendomain }}"
+
+- name: Set timezone and language
+  pfsensible.core.pfsense_setup:
+    timezone: Europe/Berlin
+    language: de_DE
+
+- name: Enable Interface vtnet1 (Privat-Network)
+  pfsensible.core.pfsense_interface:
+      descr: LAN
+      interface: vtnet1
+      ipv4_address: "{{ privatip }}.1"
+      ipv4_prefixlen: 24
+      ipv4_type: static
+      enable: true
+
+- name: "Add NAT port 25 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 25'
+    interface: wan
+    source: any
+    destination: any:25
+    target: "{{ privatip }}.2:25"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 80 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 80'
+    interface: wan
+    source: any
+    destination: any:80
+    target: "{{ privatip }}.3:80"
+    associated_rule: associated
+    state: present
+    
+- name: "Add NAT port 443 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 443'
+    interface: wan
+    source: any
+    destination: any:443
+    target: "{{ privatip }}.3:443"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 465 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 465'
+    interface: wan
+    source: any
+    destination: any:465
+    target: "{{ privatip }}.2:465"
+    associated_rule: associated
+    state: present
+    
+- name: "Add NAT port 993 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 993'
+    interface: wan
+    source: any
+    destination: any:993
+    target: "{{ privatip }}.2:993"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 587 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 587'
+    interface: wan
+    source: any
+    destination: any:587
+    target: "{{ privatip }}.2:587"
+    associated_rule: associated
+    state: present
+
+- name: "Add NAT port 4500 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 4500'
+    interface: wan
+    source: any
+    destination: any:4500
+    target: "{{ privatip }}.1:4500"
+    associated_rule: associated
+    state: present
+    protocol: udp
+
+- name: "Add NAT port 500 forward traffic rule"
+  pfsensible.core.pfsense_nat_port_forward:
+    descr: 'Port 500'
+    interface: wan
+    source: any
+    destination: any:500
+    target: "{{ privatip }}.1:500"
+    associated_rule: associated
+    state: present
+    protocol: udp
+
+- name: Add IPSEC "{{ kundenkürzel }} - Tunnel"
+  pfsensible.core.pfsense_ipsec:
+    state: present
+    descr: "{{ kundenkürzel }} - Tunnel"
+    interface: wan
+    remote_gateway: "{{ kunde_public_ip }}"
+    iketype: ikev1
+    mode: main
+    authentication_method: pre_shared_key
+    preshared_key: "{{ lookup('community.general.random_string', base64=True, length=32) }}"
+
+- name: Add Phases 1 to IPSEC "{{ kundenkürzel }} - Tunnel"
+  pfsensible.core.pfsense_ipsec_p2:
+    p1_descr: "{{ kundenkürzel }} - Tunnel"
+    descr: "{{ kundenkürzel }} - Phase 2"
+    state: present
+    apply: False  
+    mode: tunnel
+    local: "{{ privatip }}.1/24"
+    remote: "{{ kundennetz }}/24"
+    aes: True
+    aes256gcm: true
+    aes_len: auto
+    aes256gcm_len: auto
+    sha256: True

playbook/roles/upgrades/tasks/main.yaml

@@ -0,0 +1,9 @@
+- name: Linux Updates
+  ansible.builtin.apt:
+    update_cache: true
+    upgrade: yes
+  register: upgrade
+
+- name: Debug Install
+  ansible.builtin.debug:
+    var: upgrade

playbook/roles/vmbr-proxmox/tasks/main.yaml

@@ -0,0 +1,15 @@
+- name: Create vmbr1
+  ansible.builtin.shell:
+    cmd: echo "auto vmbr1\niface vmbr1 inet static\n\taddress 10.0.0.1/30\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces
+
+- name: Create vmbr2
+  ansible.builtin.shell:
+    cmd: echo "auto vmbr2\niface vmbr2 inet static\n\taddress "{{ privatip }}.250/24"\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces
+
+- name: Create vmbr100
+  ansible.builtin.shell:
+    cmd: echo "auto vmbr100\niface vmbr100 inet static\n\taddress 110.1.1.250/24\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces
+
+- name: Restart Networking Service
+  ansible.builtin.shell:
+    cmd: service networking restart

playbook/roles/vmstart-proxmox/tasks/main.yaml

@@ -0,0 +1,4 @@
+--- 
+- name: Start VM "{{ inventory_hostname }}"
+  ansible.builtin.shell:
+    cmd: qm start "{{ vmid }}"

playbook/roles/wait/tasks/main.yaml

@@ -0,0 +1,4 @@
+- name: WAIT for VM "{{ vmid }}"
+  ansible.builtin.wait_for_connection:
+    delay: 10
+    timeout: "{{ timeout_set }}"

playbook/roles/windows_adcontroller_install/files/checkliste.txt

@@ -0,0 +1,5 @@
+Das ist Checklist für nach der Grundinstallation
+- User kontollieren ob alle angelegt sind
+- Azure-Client Einrichten (siehe HOWTo Cloud)
+- Lizneznmanager Einrichten (siehe HOWTo Cloud)
+- 

playbook/roles/windows_adcontroller_install/tasks/main.yaml

@@ -0,0 +1,221 @@
+- name: Check AD-Controller Service exists
+  ansible.builtin.win_service:
+    name: NTLD
+  register: file_check_ntld
+  ignore_unreachable: yes
+
+- name: Install Active-Directory-Service
+  ansible.builtin.win_shell:
+    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature
+  when: file_check_ntld.exists == False
+
+- name: Reboot ad-controller
+  ansible.builtin.win_shell:
+    shutdown -t 0 -r
+  when: file_check_ntld.exists == False
+
+- name: Wait for Server Reboot
+  ansible.builtin.wait_for_connection:
+    delay: 10
+    timeout: 60
+  when: file_check_ntld.exists == False
+
+- name: Disable Local-Administrator-User
+  ansible.builtin.win_user:
+    name: Administrator
+    account_disabled: true
+  when: file_check_ntld.exists == False
+
+- name: Install-ADDSForest
+  ansible.builtin.win_shell: |
+    $password = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force
+    Install-ADDSForest -DomainName {{ kundendomain }} -InstallDNS:$true -SafeModeAdministratorPassword $password -DomainMode WinThreshold -ForestMode WinThreshold -Force
+  when: file_check_ntld.exists == False
+
+- name: Wait for Server Reboot
+  ansible.builtin.wait_for_connection:
+    delay: 10
+    # timeout: 300
+  when: file_check_ntld.exists == False
+
+- name: Disable AD-Administrator-User
+  ansible.builtin.win_shell:
+    Disable-ADAccount -Identity "Administrator"
+  when: file_check_ntld.exists == False
+
+- name: ADD Reverse DNS Zone
+  ansible.builtin.win_shell:
+    Add-DnsServerPrimaryZone -NetworkID "{{privatip}}/24" -ReplicationScope "Domain"eml.kommerziale@tnp-gruppe.deeml.kommerziale@tnp-gruppe.de
+
+- name: ADD DNS Roles
+  ansible.builtin.win_shell: | 
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-ROU01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.1" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-SMTP01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.2" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-HAPROX01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.3" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-NEXT01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.4" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-DATA01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.5" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-CMS01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.6" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-AD01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.8" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-RDS01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.7" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-EX01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.9" -CreatePtr:$true
+    Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-APP01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.10" -CreatePtr:$true
+
+- name: Create OU System-Accounts
+  ansible.builtin.win_shell:
+    New-ADOrganizationalUnit -Name "System-Accounts" -Path "DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}"
+
+- name: Create OU System-Accounts
+  ansible.builtin.win_shell:
+    New-ADOrganizationalUnit -Name "System-Gruppen" -Path "DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}"
+
+- name: Create OU Kunden-Gruppen
+  ansible.builtin.win_shell:
+    New-ADOrganizationalUnit -Name "{{ kundenkürzel }}-Gruppen" -Path "DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}"
+
+- name: Create OU Kunden-Gruppen
+  ansible.builtin.win_shell:
+    New-ADOrganizationalUnit -Name "{{ kundenkürzel }}-Benutzer" -Path "DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}"
+
+- name: Create Stines Admin
+  ansible.builtin.win_shell: |
+    $adminpw = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force
+    New-ADUser -Name "Stines Admin" -GivenName "Stines" -Surname "Admin" -SamAccountName "stinessu" -UserPrincipalName "stinessu@{{kundendomain}}" -Path "OU=System-Accounts,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Enabled $true -AccountPassword $adminpw -ChangePasswordAtLogon:$false -PasswordNeverExpires:$true
+    Add-ADGroupMember -Identity Domänen-Admins -Members stinessu
+    $group = get-adgroup "Domänen-Admins" -properties @("primaryGroupToken")
+    get-aduser "stinessu" | set-aduser -replace @{primaryGroupID=$group.primaryGroupToken}
+
+- name: Create LDAP-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "LDAP-Admins" -SamAccountName LDAPAdmins -GroupCategory Security -GroupScope Global -DisplayName "LDAP-Admins" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "LDAP Admins für LDAP Verbindungen"
+
+- name: Create Mail-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "Mail-User" -SamAccountName MailUser -GroupCategory Security -GroupScope Global -DisplayName "Mail-User" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "E-Mail Mitglieder"
+
+- name: Create Exchange-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "EX-User" -SamAccountName EXUser -GroupCategory Security -GroupScope Global -DisplayName "EX-User" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "Exchange Mitglieder"
+
+- name: Create Bitwarden-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "Bitwarden-User" -SamAccountName BitwardenUser -GroupCategory Security -GroupScope Global -DisplayName "Bitwarden-User" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "Bitwarden Mitglieder"
+
+- name: Create Nextcloud-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "Nextcloud-User" -SamAccountName NextcloudUser -GroupCategory Security -GroupScope Global -DisplayName "Nextcloud-User" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "Nextcloud Mitglieder"
+
+- name: Create RDS-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "RDS-User" -SamAccountName RDSUser -GroupCategory Security -GroupScope Global -DisplayName "RDS-User" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "RDS Mitglieder"
+
+- name: Create VPN-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "VPN-User" -SamAccountName VPNUser -GroupCategory Security -GroupScope Global -DisplayName "VPN-User" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "VPN Mitglieder"
+
+- name: Create Daten-Gruppe
+  ansible.builtin.win_shell: |
+    New-ADGroup -Name "Daten-User" -SamAccountName DatenUser -GroupCategory Security -GroupScope Global -DisplayName "Daten-User" -Path "OU=System-Gruppen,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Description "Daten Mitglieder"
+
+- name: Create LDAP-Admin
+  ansible.builtin.win_shell: |
+    $adminpw = ConvertTo-SecureString -String "zzLGuggugSG7bwMQruv#3bPLwp4DfQ8Hq9Ldq$D6MPy2m" -AsPlainText -Force
+    New-ADUser -Name "LDAP Admin" -GivenName "LDAP" -Surname "Admin" -SamAccountName "ldap-admin" -UserPrincipalName "ldap@{{kundendomain}}" -Path "OU=System-Accounts,DC={{  kundendomain.split(".")[0]}},DC={{  kundendomain.split(".")[1]}}" -Enabled $true -AccountPassword $adminpw -ChangePasswordAtLogon:$false -PasswordNeverExpires:$true
+    Add-ADGroupMember -Identity LDAPAdmins -Members ldap-admin
+    $group = get-adgroup "LDAPAdmins" -properties @("primaryGroupToken")
+    get-aduser "ldap-admin" | set-aduser -replace @{primaryGroupID=$group.primaryGroupToken}
+
+- name: Create Folder deployment
+  ansible.builtin.win_file:
+    path: C:\deployment\
+    state: directory
+    
+- name: Create Share Folder deployment
+  ansible.windows.win_share:
+    name: deployment
+    description: deployment
+    path: C:\deployment
+    list: false
+    full: Domänen-Admins
+    read: RDSUser,Domänen-Benutzer
+
+- name: Create AD-Controller Shortcuts on Stines-Admin Desktop
+  community.windows.win_shortcut:
+    src: '%SystemRoot%\system32\dsa.msc'
+    dest: C:\Users\Public\Desktop\AD-Controller.lnk
+    icon: '%SystemRoot%\system32\dsadmin.dll,0'
+
+- name: Create DNS Shortcuts on Stines-Admin Desktop
+  community.windows.win_shortcut:
+    src: '%SystemRoot%\system32\dnsmgmt.msc'
+    dest: C:\Users\Public\Desktop\DNS.lnk
+    icon: '%SystemRoot%\system32\dnsmgr.dll'
+
+- name: Create GPO Shortcuts on Stines-Admin Desktop
+  community.windows.win_shortcut:
+    src: '%SystemRoot%\system32\gpmc.msc'
+    dest: C:\Users\Public\Desktop\GPO.lnk
+    icon: '%SystemRoot%\system32\gpoadmin.dll'
+
+- name: Copy aduser CSV File
+  ansible.builtin.copy:
+    src: /root/ansible/playbook/kunden/{{ kunde }}/files/aduser.csv
+    dest: C:\deployment\aduser.csv
+
+- name: Install Azure-Client
+  ansible.builtin.win_shell: | 
+    wget https://download.microsoft.com/download/B/0/0/B00291D0-5A83-4DE7-86F5-980BC00DE05A/AzureADConnect.msi -outfile C:\deployment\AzureADConnect.msi
+#     C:\deployment\AzureADConnect.msi /quiet
+
+- name: Create GPO Folder PolicyDefinitions
+  ansible.builtin.win_file:
+    path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions
+    state: directory
+
+- name: Create GPO Folder PolicyDefinitions\de
+  ansible.builtin.win_file:
+    path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\de
+    state: directory
+
+- name: Create GPO Folder PolicyDefinitions\de-DE
+  ansible.builtin.win_file:
+    path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\de-DE
+    state: directory
+
+- name: Import ADMX Files
+  ansible.builtin.copy:
+    src: all.zip
+    dest: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\all.zip
+
+- name: Export ADMX Files
+  ansible.builtin.win_shell: |
+    Expand-Archive C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\all.zip  -DestinationPath C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\
+
+- name: Copy GPO Settings
+  ansible.builtin.copy:
+    src: GPO.zip
+    dest: C:\deployment\GPO.zip
+
+- name: Export GPO Files
+  ansible.builtin.win_shell: |
+    Expand-Archive C:\deployment\GPO.zip  -DestinationPath C:\deployment\GPO
+
+- name: Import GPO Settings
+  ansible.builtin.win_shell: |
+    Import-GPO -BackupGpoName "RDS-Clients" -TargetName "RDS-Clients" -path C:\deployment\GPO\RDS-Clients\ -CreateIfNeeded:$true
+    Import-GPO -BackupGpoName "Exchange-Clients" -TargetName "Exchange-Clients" -path C:\deployment\GPO\Exchange-Clients\ -CreateIfNeeded:$true
+    Import-GPO -BackupGpoName "Google-Chrome" -TargetName "Google-Chrome" -path C:\deployment\GPO\Google-Chrome\ -CreateIfNeeded:$true
+
+- name: Install Druck-Server-Service
+  ansible.builtin.win_shell:
+    Install-WindowsFeature -Name Print-Server
+
+# - name: Copy CSV Import Script
+#   ansible.builtin.copy:
+#     src: /root/ansible/playbook/kunden/{{ kunde }}/files/import_ad_user.ps1
+#     dest: C:\deployment\import_ad_user.ps1
+
+# - name: Import ADUser by CSV File
+#   ansible.builtin.win_shell: |
+#     cd C:\deployment
+#     ./import_ad_user.ps1
+    

playbook/roles/windows_choco_install_defaults/tasks/main.yaml

@@ -0,0 +1,37 @@
+---
+- name: Check Chocolaty Install
+  ansible.builtin.win_stat:
+    path: C:\ProgramData\chocolatey\choco.exe
+  register: file_check
+
+- name: Install .NetFramwork 4.8
+  ansible.builtin.win_shell: | 
+    wget https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/ndp48-x86-x64-allos-enu.exe -outfile C:\Windows\temp\ndp48-x86-x64-allos-enu.exe
+    cd C:\Windows\temp\
+    ./ndp48-x86-x64-allos-enu.exe /q
+
+- name: WAIT for VM "{{ vmid }}"
+  ansible.builtin.wait_for_connection:
+    delay: 10
+    timeout: "{{ timeout_set }}"
+  when: file_check.stat.exists == False
+
+- name: Install Chocolaty
+  ansible.builtin.win_shell:
+    "Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))"
+  when: file_check.stat.exists == False
+
+- name: Install Google Chrome
+  ansible.builtin.win_chocolatey:
+    name: googlechrome
+    state: present
+
+- name: Install 7zip
+  ansible.builtin.win_chocolatey:
+    name: 7zip
+    state: present
+
+- name: Install Javaruntime
+  ansible.builtin.win_chocolatey:
+    name: javaruntime
+    state: present

playbook/roles/windows_hostname/tasks/main.yaml

@@ -0,0 +1,2 @@
+- name: Change Hostname to {{hostname}}
+  win_shell: "Rename-Computer -NewName {{hostname}} -Force -Restart"

playbook/roles/windows_ip_set/tasks/main.yaml

@@ -0,0 +1,19 @@
+- name: Set up static IP address {{privatip}}.8
+  win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet' | New-NetIpAddress -IpAddress {{privatip}}.8 -PrefixLength 24 -DefaultGateway {{privatip}}.1"
+  async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
+  poll: 0
+  when: inventory_hostname == "AD01"
+
+- name: Set up static IP address {{privatip}}.7
+  win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet' | New-NetIpAddress -IpAddress {{privatip}}.7 -PrefixLength 24 -DefaultGateway {{privatip}}.1"
+  async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
+  poll: 0
+  when: inventory_hostname == "RDS01"
+
+- name: Set DNS Server
+  win_shell:  "Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses ('{{privatip}}.8','1.1.1.1')"
+  async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
+  poll: 0
+
+- name: Set {{privatip}} to Privat
+  win_shell: "Set-NetConnectionProfile -InterfaceAlias 'Ethernet' -NetworkCategory Private"

playbook/roles/windows_rds_install/tasks/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: Add PC to Customer Domain
+  ansible.builtin.win_shell: |
+    $SecurePassword = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force
+    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList stinessu, $SecurePassword
+    Add-Computer -DomainName "{{ kundendomain }}" -Credential $Credential -Restart

playbook/roles/windows_scheduled_tasks/tasks/main.yaml

@@ -0,0 +1,53 @@
+- name: Reboot Scheduled Tasks
+  community.windows.win_scheduled_task:
+    name: Reboot
+    description: open command prompt
+    actions:
+    - path: shutdown.exe
+      arguments: /r
+    triggers:
+    - type: daily
+      start_boundary: '2024-01-01T23:30:00'
+    username: SYSTEM
+    state: present
+    enabled: yes
+
+- name: Choco Update Scheduled Tasks
+  community.windows.win_scheduled_task:
+    name: Choco Update
+    description: open command prompt
+    actions:
+    - path: C:\ProgramData\chocolatey\choco.exe
+      arguments: upgrade all --yes --confirm
+    triggers:
+    - type: daily
+      start_boundary: '2024-01-01T22:30:00'
+    username: SYSTEM
+    state: present
+    enabled: yes
+
+- name: Install NuGet
+  ansible.builtin.win_shell:
+    Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
+
+- name: Register a PowerShell repository
+  ansible.builtin.win_shell:
+    Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
+
+- name: Add Windows Update Module
+  ansible.builtin.win_shell:
+    Install-Module -Name PSWindowsUpdate
+
+- name: Windows Update Scheduled Tasks
+  community.windows.win_scheduled_task:
+    name: Windows Update
+    description: open command prompt
+    actions:
+    - path: powershell.exe
+      arguments: -command "Get-WindowsUpdate -AcceptAll -Install"
+    triggers:
+    - type: daily
+      start_boundary: '2024-01-01T22:30:00'
+    username: SYSTEM
+    state: present
+    enabled: yes