homeserver/host_vars/docker10.grote.lan.yml

---
  ### mrlesmithjr.ansible-manage-lvm
  lvm_groups:
   - vgname: vg_docker
     disks:
       - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
     create: true
     lvnames:
       - lvname: docker
         size: +100%FREE
         create: true
         filesystem: xfs
         mount: true
         mntp: /var/lib/docker
  manage_lvm: true
  pvresize_to_max: true
  ### mgrote.restic
  restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben

  ### mgrote.docker-compose-inline
  compose_owner: "docker-user"
  compose_group: "docker-user"
  compose_file_permissions: "644"
  compose_dir_permissions: "755"
  compose_dest_basedir: "/docker"
  compose_src_basedir: "{{ inventory_dir }}/docker-compose"
  compose_files:
    - name: homer
      state: present
    - name: drone
      state: present
    - name: nextcloud
      state: present
      network: traefik
    - name: httpd
      state: present
    - name: unifi-controller
      state: present
    - name: miniflux
      state: present
      network: traefik
    - name: traefik
      state: present
      network: traefik
    - name: navidrome
      state: present
      network: traefik
    - name: watchtower
      state: present
    - name: routeros-config-export
      state: present
    - name: registry
      state: present
      network: traefik
    - name: whoami
      state: absent
      network: traefik
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 0.0.0.0/0
    # docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
    - rule: allow
      from_ip: 192.168.0.0/16
      comment: 'docker networks'
    - rule: allow
      from_ip: 172.0.0.0/8
      comment: 'docker networks'
docker2 (#160) munin für alle fehler var name munin auf docker2 inventory Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/160 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-07-17 19:57:50 +02:00			`---`
Drone + "Package-Registry" (#395) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/395 2022-08-06 11:20:05 +02:00			`### mrlesmithjr.ansible-manage-lvm`
			`lvm_groups:`
			`- vgname: vg_docker`
			`disks:`
Role: LVM: sd* --> by-id (#402) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/402 2022-08-08 21:26:56 +02:00			`- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1`
Drone + "Package-Registry" (#395) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/395 2022-08-06 11:20:05 +02:00			`create: true`
			`lvnames:`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`- lvname: docker`
Drone + "Package-Registry" (#395) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/395 2022-08-06 11:20:05 +02:00			`size: +100%FREE`
			`create: true`
			`filesystem: xfs`
			`mount: true`
			`mntp: /var/lib/docker`
			`manage_lvm: true`
			`pvresize_to_max: true`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`### mgrote.restic`
container: selfhosted registry (#512) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/512 2023-04-20 14:38:30 +02:00			`restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00
			`### mgrote.docker-compose-inline`
			`compose_owner: "docker-user"`
			`compose_group: "docker-user"`
			`compose_file_permissions: "644"`
			`compose_dir_permissions: "755"`
			`compose_dest_basedir: "/docker"`
			`compose_src_basedir: "{{ inventory_dir }}/docker-compose"`
			`compose_files:`
Aufbau Docker 3/4 (#162) docker2 munin docker 4 docker3 vm test docker 2 inventory group vars inventory Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/162 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-07-19 20:18:48 +02:00			`- name: homer`
role: docker erweitert (#166) bugfix no log base dir set fact state vars state Doku tasks unnütze kennwörter entfernt nutzer optional dir_name darf empty sein erstelle docker-networks Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/166 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-07-20 10:14:07 +02:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`- name: drone`
Umbau docker (#337) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/337 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-03-06 14:10:30 +01:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`- name: nextcloud`
Umbau docker (#337) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/337 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-03-06 14:10:30 +01:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`network: traefik`
httpd-api (#499) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/499 2023-04-14 12:20:34 +02:00			`- name: httpd`
Umbau docker (#337) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/337 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-03-06 14:10:30 +01:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`- name: unifi-controller`
Aufbau LibreNMS (#316) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/316 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-01-22 22:28:30 +01:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`- name: miniflux`
Docker: hastebin hinzugefügt (#391) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/391 2022-07-16 10:54:37 +02:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`network: traefik`
			`- name: traefik`
docker: tor-snowflake hinzugefügt (#405) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/405 2022-08-12 22:38:25 +02:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`network: traefik`
			`- name: navidrome`
Drone + "Package-Registry" (#395) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/395 2022-08-06 11:20:05 +02:00			`state: present`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`network: traefik`
Docker: Watchtower (#480) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/480 2023-03-21 19:00:37 +01:00			`- name: watchtower`
			`state: present`
ersetze oxidized mit routeros-config-export (#562) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/562 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-08-02 20:38:26 +02:00			`- name: routeros-config-export`
			`state: present`
container: selfhosted registry (#512) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/512 2023-04-20 14:38:30 +02:00			`- name: registry`
			`state: present`
			`network: traefik`
traefik: nforwardauth (#518) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/518 2023-05-12 08:18:45 +02:00			`- name: whoami`
docker: remove munin (#578) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/578 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-14 22:33:08 +02:00			`state: absent`
traefik: nforwardauth (#518) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/518 2023-05-12 08:18:45 +02:00			`network: traefik`
docker4: photoprism (#167) Firewall angepasst für munin docker4: photoprism eingebaut Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/167 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-07-20 10:42:30 +02:00			`### oefenweb.ufw`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`ufw_rules:`
docker4: photoprism (#167) Firewall angepasst für munin docker4: photoprism eingebaut Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/167 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net> 2021-07-20 10:42:30 +02:00			`- rule: allow`
			`to_port: 22`
			`protocol: tcp`
			`comment: 'ssh'`
ufw: Zugriff immer nur per IPv4 (#210) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/210 Co-authored-by: mg <mg@noreply.git.mgrote.net> Co-committed-by: mg <mg@noreply.git.mgrote.net> 2021-10-06 10:18:23 +02:00			`from_ip: 0.0.0.0/0`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`# docker network inspect $(docker network ls -q)\|grep -E "IPv(4\|6)A" \| grep -v \"\" \| sort -h`
docker7: ufw: mf-filter (#366) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/366 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2022-05-20 11:55:15 +02:00			`- rule: allow`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`from_ip: 192.168.0.0/16`
			`comment: 'docker networks'`
			`- rule: allow`
			`from_ip: 172.0.0.0/8`
			`comment: 'docker networks'`