2020-08-19 12:29:49 +02:00
---
2021-02-07 13:16:51 +01:00
### wird in vielen Rollen verwendet
2020-08-19 12:29:49 +02:00
empfaenger_mail : michael.grote@posteo.de
2021-03-07 19:40:32 +01:00
file_header : |
2021-03-25 09:44:44 +01:00
#----------------------------------------------------------------#
# This file is managed with ansible! #
#----------------------------------------------------------------#
2021-06-16 21:57:28 +02:00
### geerlingguy.munin-node
munin_node_bind_host : "0.0.0.0"
munin_node_bind_port : "4949"
munin_node_allowed_cidrs : [ 192.168 .2 .0 /24]
munin_node_remove_plugins :
- name : meminfo # zu hohe last
- name : hddtemp2 # ersetzt durch hddtemp_smartctl
- name : squid_cache
- name : squid_objectsize
- name : squid_requests
- name : squid_traffic
- name : nfsd
- name : samba
- name : nfsd4
- name : ntp # verursacht zu viele dns ptr request
- name : cronjobs
- name : hddtempd # ersetzt durch hddtemp_smartctl
- name : ipmi_power # für pve2, leeres diagramm
- name : fail2ban
- name : fail2ban_
- name : apcupsd_pct
- name : kvm_io
- name : kvm_cpu
- name : docker_mem
- name : docker_cpu
munin_node_plugins :
- name : chrony
- name : systemd_status
- name : lvm_
munin_node_install_plugins : # in eigenes Repo gesichert
- remote_src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- remote_src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
- remote_src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
munin_node_config : {
"lvm_": {
"user munin"
}
}
2021-06-06 22:01:20 +02:00
### mgrote.dotfiles
dotfiles_repo_url : https://git.mgrote.net/mg/dotfiles
dotfiles_repo_path : /home/mg/dotfiles
dotfiles_files :
- repo_path : "{{ dotfiles_repo_path}}/.vimrc"
local_path : "/home/mg/.vimrc"
- repo_path : "{{ dotfiles_repo_path}}/.tmux.conf"
local_path : "/home/mg/.tmux.conf"
- repo_path : "{{ dotfiles_repo_path}}/.gitconfig"
local_path : "/home/mg/.gitconfig"
- repo_path : "{{ dotfiles_repo_path}}/.bash_aliases"
local_path : "/home/mg/.bash_aliases"
dotfiles_dirs :
- path : /home/mg/.config/i3
- path : /home/mg/.config/polybar
dotfiles_owner : mg
2021-03-25 09:44:44 +01:00
### jnv.unattended_upgrades
unattended_mail : "{{ empfaenger_mail }}"
unattended_mail_only_on_error : true
unattended_syslog_enable : true
unattended_origins_patterns :
- 'origin=Ubuntu,archive=${distro_codename}-security'
- 'o=Ubuntu,a=${distro_codename}-updates'
2021-03-13 12:32:54 +01:00
### mgrote.ntp_chrony_server
ntp_chrony_timezone : "Europe/Berlin" # Zeitzone in der sich der Computer befindet
ntp_chrony_servers : # welche Server sollen befragt werden
- address : ntp-server.grote.lan
options : iburst #optionaler parameter
ntp_chrony_logging : false # logging an/aus
2021-02-26 14:16:03 +01:00
### mgrote.postfix
2020-12-25 18:37:14 +01:00
postfix_absender_mailadresse : info@mgrote.net
postfix_absender_passwort : "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
postfix_erlaubte_netzwerke : "127.0.0.0/8 192.168.2.0/24"
postfix_mail_nach_cronjob : false
postfix_smtp_server : smtp.strato.de
postfix_smtp_server_port : 587
postfix_smtp_use_tls : "yes"
2021-02-07 10:53:08 +01:00
### mgrote.apt_manage_sources
2021-04-09 23:29:03 +02:00
manage_sources_apt_proxy_url : "acng.grote.lan:9999/"
2020-08-19 12:29:49 +02:00
### mgrote.restic
2021-02-07 13:16:51 +01:00
restic_folders_to_backup : "/usr/local /etc /root /home"
2020-08-19 12:29:49 +02:00
restic_cron_hours : "19"
restic_repository : "//fileserver2.grote.lan/backup/restic"
restic_repository_password : "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
restic_mount : "/mnt/restic"
restic_mount_user : restic
2020-12-03 12:04:01 +01:00
restic_mount_password : "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
2020-12-22 12:23:10 +01:00
restic_exclude : |
._*
desktop.ini
.Trash-*
**/**cache***/**
**/**Cache***/**
**/**AppData***/**
2020-08-19 12:29:49 +02:00
### mgrote.tmux
tmux_conf_destination : "/home/mg/.tmux.conf"
tmux_bashrc_destination : "/home/mg/.bashrc"
tmux_standardsession_name : "default"
### mgrote.fail2ban
f2b_bantime : 300
f2b_findtime : 300
f2b_maxretry : 5
2020-12-25 18:37:14 +01:00
f2b_destemail : "{{ empfaenger_mail }}"
f2b_sender : "{{ postfix_absender_mailadresse }}"
2020-08-19 12:29:49 +02:00
### oefenweb.ufw
ufw_rules :
- rule : allow
to_port : 22
protocol : tcp
comment : 'ssh'
2020-12-31 14:39:17 +01:00
from_ip : 192.168 .2 .0 /24
2021-06-16 21:57:28 +02:00
- rule : allow
to_port : 4949
protocol : tcp
comment : 'munin'
from_ip : 192.168 .2 .144 /24
2020-12-31 15:05:35 +01:00
ufw_default_incoming_policy : deny
ufw_default_outgoing_policy : allow
2020-11-05 17:16:30 +01:00
### ryandaniels.create_users
users :
2021-01-17 19:34:17 +01:00
- username : mg
2021-02-05 12:52:23 +01:00
password : "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
2021-01-17 19:34:17 +01:00
update_password : on_create
2021-03-13 12:32:23 +01:00
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren : ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
2021-01-17 19:34:17 +01:00
use_sudo : yes
use_sudo_nopass : yes
user_state : present
2021-06-16 21:57:28 +02:00
groups : ssh, sudo, docker
2021-01-17 19:34:17 +01:00
servers :
- production
- test
2021-06-07 19:34:38 +02:00
- laptop
2021-06-16 21:57:28 +02:00
- username : munin
password : "{{ lookup('keepass', 'munin_linux_password_hash', 'password') }}"
update_password : always
use_sudo : yes
use_sudo_nopass : yes
user_state : present
groups : root, docker
servers :
- production
2021-05-14 14:57:04 +02:00
- username : root
password : "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}"
update_password : on_create
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren : ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
use_sudo : yes
use_sudo_nopass : yes
user_state : present
groups : ssh, sudo
servers :
- proxmox
2021-02-05 13:23:17 +01:00
- username : ansible-user
password : "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password : on_create
2021-03-13 12:32:23 +01:00
ssh_key : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
2021-02-05 13:23:17 +01:00
use_sudo : yes
use_sudo_nopass : yes
user_state : present
groups : ssh, sudo
servers :
- production
- test
2021-06-07 19:34:38 +02:00
- laptop
2021-02-07 10:53:08 +01:00
### mgrote.apt_install_packages
2020-12-22 13:20:29 +01:00
programs_common :
- locales
2021-03-07 19:40:32 +01:00
- python3
2020-12-22 13:20:29 +01:00
- build-essential
- htop
- git
- dnsutils
- nano
- mc
- cifs-utils
2021-03-16 13:27:57 +01:00
- ca-certificates
2020-12-22 13:20:29 +01:00
- netdiscover
- tree
- curl
2021-06-11 22:10:50 +02:00
- whois
2020-12-22 13:20:29 +01:00
- logrotate
- ncdu
- net-tools
- apt-transport-https
- neofetch
2021-04-09 23:29:03 +02:00
- moreutils
2020-12-22 13:20:29 +01:00
- ntpdate
- acl
- vim
2021-05-08 23:05:22 +02:00
- rsync
2021-05-10 14:26:39 +02:00
- at
2020-12-22 13:20:29 +01:00
programs_only_physical :
- hddtemp
- ipmitool
- s-tui
2021-02-26 14:16:03 +01:00
- smartmontools
- lm-sensors
2021-05-11 10:58:14 +02:00
- ethtool
2020-12-22 13:20:29 +01:00
programs_only_vms :
- qemu-guest-agent
- open-vm-tools
2020-11-05 17:16:30 +01:00
2021-02-07 12:46:03 +01:00
### mgrote.apcupsd
apcupsd_master_onbatterydelay : 10
apcupsd_master_batterylevel_for_shutdown : 50
apcupsd_master_minutes_for_shutdown : 10
apcupsd_master_nologon_when_active : disable
apcupsd_slave_onbatterydelay : 10
apcupsd_slave_batterylevel_for_shutdown : 50
apcupsd_slave_minutes_for_shutdown : 10
apcupsd_slave_nologon_when_active : disable
apcupsd_nis_master : on
apcupsd_nis_master_listen_ip : 0.0 .0 .0
apcupsd_nis_master_listen_port : 3551
apcupsd_ups_name : APC-BX950U-GR
2020-08-19 12:29:49 +02:00
# Ansible Variablen
### User
ansible_user : "ansible-user"
### SSH
ansible_ssh_common_args : "'-o StrictHostKeyChecking=no'"
### python3
# https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
ansible_python_interpreter : "/usr/bin/python3"
# Ansible Plugin Variablen
### Keepass
# https://github.com/viczem/ansible-keepass
2020-12-09 10:21:40 +01:00
keepass_dbx : "./keepass_db.kdbx"
2020-08-19 12:29:49 +02:00
keepass_psw : !vault |
$ANSIBLE_VAULT;1.1;AES256
62383737623066396239383336646164616537646630653964313532383130343533346561633039
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
61613132326536666466636632363866393066656236303766333338356337396338376266346631
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
38363035376662353135333332363431343833656666643036326234656166643531