homeserver/group_vars/docker.yml

---
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 5000
      protocol: tcp
      comment: 'rss-feed-changedetection'
  ### geerlingguy.docker
  docker_users:
    - mg
  ### mgrote.restic
  restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
  qssrestic_cron_hours: "*/4"
  restic_exclude: |
        ._*
        desktop.ini
        .Trash-*
        **/**cache***/**
        **/**Cache***/**
        **/**AppData***/**
        /var/lib/docker/volumes/***Musik***
        /var/lib/docker/volumes/***musik***
        /var/lib/docker/volumes/***musik***
        /var/lib/docker/volumes/***musik***
        /var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/**
        # https://github.com/restic/restic/issues/1005
        # https://forum.restic.net/t/exclude-syntax-confusion/1531/12
  ### ryandaniels.create_users
  users:
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
      update_password: on_create
      ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw==  #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
      use_sudo: yes
      use_sudo_nopass: yes
      user_state: present
      groups: ssh, sudo, docker
      servers:
        - production
        - test
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
      update_password: on_create
      ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
      use_sudo: yes
      use_sudo_nopass: yes
      user_state: present
      groups: ssh, sudo
      servers:
        - production
        - test
Vars entschlüsselt Rolle zu ansible-Playbook hinzugefügt, Var liegen in Group_Vars KeepassPW mit Vault verschlüsselt wip Umstellung in DB pb var auf testeinzeln miniflux storage gitignore angepasst pb vars wieder auf all virt 2020-08-19 12:29:49 +02:00			`---`
			`### oefenweb.ufw`
			`ufw_rules:`
			`- rule: allow`
ufw: Regeln verschärft (#11) Docker: allow all weg, dafür einzelne dienste freigeschaltet smb aus lan jenkins-webgui aus lan pihole-webgui aus lan acng aus LAN ssh nur aus LAN Co-authored-by: Michael Grote <38253905+quotengrote@users.noreply.github.com> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/11 2020-12-23 17:34:11 +01:00			`to_port: 22`
			`protocol: tcp`
			`comment: 'ssh'`
Firewallregeln verschärft 2020-12-31 14:39:17 +01:00			`from_ip: 192.168.2.0/24`
ufw: docker: port 5000 für changedetection (#95) ufw: docker: port 5000 für changedetection Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/95 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-17 10:52:10 +02:00			`- rule: allow`
			`to_port: 5000`
			`protocol: tcp`
			`comment: 'rss-feed-changedetection'`
Houesekeeping (#59) * Variablen von Docker Playbook zu Docker Vars verschoben * Variablen nickyjj.ansible-user aus Playbook entfernt, Rolle wird hier nicht verwendet 2020-11-04 11:49:02 +01:00			`### geerlingguy.docker`
			`docker_users:`
			`- mg`
Bugfix: restic - Pfade 2020-12-03 12:18:00 +01:00			`### mgrote.restic`
Restic Docker (#82) * Schließe Musik mount von airsonic aus * Pfade docker 2020-12-03 13:18:00 +01:00			`restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker`
restic: docker alle 4h (#91) restic: docker alle 4h Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/91 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-12 10:24:50 +02:00			`qssrestic_cron_hours: "*/4"`
Docker: restic Variablen angepasst 2020-12-22 12:27:43 +01:00			`restic_exclude: \|`
			`._*`
			`desktop.ini`
			`.Trash-*`
			`/cache*/`
			`/Cache*/`
			`/AppData*/`
			`/var/lib/docker/volumes/*Musik*`
			`/var/lib/docker/volumes/*musik*`
Photoprism (#71) gather facts aus für all user keepass in photoprism user photprism Restc exclude Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/71 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-04-18 10:22:47 +02:00			`/var/lib/docker/volumes/*musik*`
			`/var/lib/docker/volumes/*musik*`
			`/var/lib/docker/volumes/docker-photoprism_pp_smb_bilder*/`
Docker: restic Variablen angepasst 2020-12-22 12:27:43 +01:00			`# https://github.com/restic/restic/issues/1005`
			`# https://forum.restic.net/t/exclude-syntax-confusion/1531/12`
Nutzerpasswörter (#92) gruppe docker nur für docker-hosts Nutzer root für pve angelegt Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/92 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-05-14 14:57:04 +02:00			`### ryandaniels.create_users`
			`users:`
			`- username: mg`
			`password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"`
			`update_password: on_create`
			ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
			`use_sudo: yes`
			`use_sudo_nopass: yes`
			`user_state: present`
			`groups: ssh, sudo, docker`
			`servers:`
			`- production`
			`- test`
			`- username: ansible-user`
			`password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"`
			`update_password: on_create`
			`ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2`
			`use_sudo: yes`
			`use_sudo_nopass: yes`
			`user_state: present`
			`groups: ssh, sudo`
			`servers:`
			`- production`
			`- test`