homeserver/group_vars/docker.yml

---
  ### mrlesmithjr.ansible-manage-lvm
  lvm_groups:
   - vgname: vg_docker
     disks:
       - /dev/sdb
     create: true
     lvnames:
       - lvname: lv_docker
         size: +100%FREE
         create: true
         filesystem: xfs
         mount: true
         mntp: /var/lib/docker
  manage_lvm: true
  pvresize_to_max: true
  ### mgrote.restic
  restic_folders_to_backup: "/ /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
  ### mgrote.user
  users:
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
      update_password: on_create
      groups: ssh, sudo, docker
      state: present
      public_ssh_key: "{{ ssh_public_key_mg }}"
      allow_sudo: true
      allow_passwordless_sudo: true
    - username: docker-user
      password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}"
      update_password: on_create
      groups: ssh, sudo, docker
      state: present
      allow_sudo: true
      allow_passwordless_sudo: true
      uid: "5000"
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
      update_password: on_create
      groups: ssh, sudo
      state: present
      public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
      allow_sudo: true
      allow_passwordless_sudo: true
  ### geerlingguy.docker
  docker_users:
    - mg
    - docker-user
  ### geerlingguy.pip
  pip_package: python3-pip
  pip_install_packages:
    - name: docker # für munin-plugin docker_
  ### mgrote.docker-compose-deploy
  docker_compose_base_dir: /home/docker-user
  ### mgrote.munin-node
  munin_node_bind_host: "0.0.0.0"
  munin_node_bind_port: "4949"
  munin_node_allowed_cidrs: [192.168.2.0/24]
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: systemd_mem
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
      config: |
        [systemd_mem]
        env.all_services true
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: docker_containers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
      config: |
        [docker_*]
        user root
        env.DOCKER_HOST unix://run/docker.sock
    - name: docker_cpu
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_memory
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_network
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_volumes
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_