homeserver/group_vars/laptop.yml

---
# Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen.

### mgrote_install_archived_deb_files_from_url
laptop_install_deb_url:
  - https://github.com/pulsar-edit/pulsar/releases/download/v1.123.0/Linux.pulsar_1.123.0_amd64.deb
  - https://download.xnview.com/XnViewMP-linux-x64.deb
  - https://github.com/torakiki/pdfsam/releases/download/v5.2.9/pdfsam_5.2.9-1_amd64.deb

### mgrote_install_deb_files_from_url
laptop_install_deb_url_archived:
  - url: https://download.mikrotik.com/routeros/winbox/4.0beta14/WinBox_Linux.zip
    creates: /usr/local/bin/WinBox

### mgrote_user
users:
  - username: mg
    password: "{{ lookup('viczem.keepass.keepass', 'laptop_mg_linux_password_hash', 'password') }}"
    update_password: always
    groups:
      - ssh
      - sudo
    state: present
    public_ssh_key: "{{ ssh_public_key_mg }}"
    allow_sudo: true
    allow_passwordless_sudo: true
  - username: ansible-user
    password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
    update_password: always
    groups:
      - ssh
      - sudo
    state: present
    public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE
    allow_sudo: true
    allow_passwordless_sudo: true
  - username: docker-user
    password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"
    update_password: always
    groups:
      - ssh
      - sudo
      - docker
    state: present
    allow_sudo: true
    allow_passwordless_sudo: true
    uid: "5000"

### geerlingguy.pip
pip_package: python3-pip
pip_install_packages:
  - name: docker # für munin-plugin docker_

### geerlingguy.docker
docker_users:
  - mg
  - docker-user
docker_install_compose: true
docker_add_repo: true
docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/ubuntu jammy {{ docker_apt_release_channel }}" # Distribution ubuntu jammy explizit gesetzt
docker_apt_gpg_key: "{{ docker_repo_url }}/ubuntu/gpg" # Distribution ubuntu explizit gesetzt

### oefenweb.ufw
ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'ssh'
    from_ip: 0.0.0.0/0
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow

### mgrote_restic
restic_schedule: "*-*-* 14:00:00"

### mgrote_apt_manage_packages
apt_packages_common:
  - locales
  - wget
  - python3
  - build-essential
  - htop
  - git
  - dnsutils
  - mc
  - cifs-utils
  - haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/
  - ca-certificates
  - netdiscover
  - tree
  - curl
  - whois
  - logrotate
  - ncdu
  - net-tools
  - apt-transport-https
  - moreutils
  - acl
  - vim
  - rsync
  - at
  - ripgrep
  - iotop
  - pwgen
  - keychain
  - bc
  - jq
apt_packages_extra:
  - firefox
  - vlc
  - keepassxc
  - git
  - tmux
  - vim
  - ripgrep
  - ca-certificates
  - nextcloud-desktop
  - wireguard
  - dos2unix
  - remmina
  - mintstick
  - picard
  - network-manager
  - virt-manager
  - alacritty
apt_packages_absent:
  - nano
  - snapd
  - ubuntu-advantage-tools
  - neofetch
  - graphviz
  - ubuntu-pro-client
  - thunderbird
  - libflatpak0
  - nano
  - snapd
  - thingy
  - gnome-calendar
  - pix
  - drawing
  - transmission
  - transmission-gtk
  - mintchat
  - webapp-manager
  - hypnotix
  - celluloid
  - onboard
  - warpinator
  - gnome-terminal
...
add laptop setup (#268) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/268 2024-12-30 20:06:25 +01:00			`---`
			`# Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen.`

			`### mgrote_install_archived_deb_files_from_url`
			`laptop_install_deb_url:`
			`- https://github.com/pulsar-edit/pulsar/releases/download/v1.123.0/Linux.pulsar_1.123.0_amd64.deb`
			`- https://download.xnview.com/XnViewMP-linux-x64.deb`
			`- https://github.com/torakiki/pdfsam/releases/download/v5.2.9/pdfsam_5.2.9-1_amd64.deb`

			`### mgrote_install_deb_files_from_url`
			`laptop_install_deb_url_archived:`
			`- url: https://download.mikrotik.com/routeros/winbox/4.0beta14/WinBox_Linux.zip`
			`creates: /usr/local/bin/WinBox`

			`### mgrote_user`
			`users:`
			`- username: mg`
			`password: "{{ lookup('viczem.keepass.keepass', 'laptop_mg_linux_password_hash', 'password') }}"`
			`update_password: always`
			`groups:`
			`- ssh`
			`- sudo`
			`state: present`
			`public_ssh_key: "{{ ssh_public_key_mg }}"`
			`allow_sudo: true`
			`allow_passwordless_sudo: true`
			`- username: ansible-user`
			`password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"`
			`update_password: always`
			`groups:`
			`- ssh`
			`- sudo`
			`state: present`
			`public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE`
			`allow_sudo: true`
			`allow_passwordless_sudo: true`
			`- username: docker-user`
			`password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"`
			`update_password: always`
			`groups:`
			`- ssh`
			`- sudo`
			`- docker`
			`state: present`
			`allow_sudo: true`
			`allow_passwordless_sudo: true`
			`uid: "5000"`

			`### geerlingguy.pip`
			`pip_package: python3-pip`
			`pip_install_packages:`
			`- name: docker # für munin-plugin docker_`

			`### geerlingguy.docker`
			`docker_users:`
			`- mg`
			`- docker-user`
			`docker_install_compose: true`
			`docker_add_repo: true`
			`docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/ubuntu jammy {{ docker_apt_release_channel }}" # Distribution ubuntu jammy explizit gesetzt`
			`docker_apt_gpg_key: "{{ docker_repo_url }}/ubuntu/gpg" # Distribution ubuntu explizit gesetzt`

			`### oefenweb.ufw`
			`ufw_rules:`
			`- rule: allow`
			`to_port: 22`
			`protocol: tcp`
			`comment: 'ssh'`
			`from_ip: 0.0.0.0/0`
			`ufw_default_incoming_policy: deny`
			`ufw_default_outgoing_policy: allow`

			`### mgrote_restic`
			`restic_schedule: "--* 14:00:00"`

			`### mgrote_apt_manage_packages`
			`apt_packages_common:`
			`- locales`
			`- wget`
			`- python3`
			`- build-essential`
			`- htop`
			`- git`
			`- dnsutils`
			`- mc`
			`- cifs-utils`
			`- haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/`
			`- ca-certificates`
			`- netdiscover`
			`- tree`
			`- curl`
			`- whois`
			`- logrotate`
			`- ncdu`
			`- net-tools`
			`- apt-transport-https`
			`- moreutils`
			`- acl`
			`- vim`
			`- rsync`
			`- at`
			`- ripgrep`
			`- iotop`
			`- pwgen`
			`- keychain`
			`- bc`
			`- jq`
			`apt_packages_extra:`
			`- firefox`
			`- vlc`
			`- keepassxc`
			`- git`
			`- tmux`
			`- vim`
			`- ripgrep`
			`- ca-certificates`
			`- nextcloud-desktop`
			`- wireguard`
			`- dos2unix`
			`- remmina`
			`- mintstick`
			`- picard`
			`- network-manager`
			`- virt-manager`
			`- alacritty`
			`apt_packages_absent:`
			`- nano`
			`- snapd`
			`- ubuntu-advantage-tools`
			`- neofetch`
			`- graphviz`
			`- ubuntu-pro-client`
			`- thunderbird`
			`- libflatpak0`
			`- nano`
			`- snapd`
			`- thingy`
			`- gnome-calendar`
			`- pix`
			`- drawing`
			`- transmission`
			`- transmission-gtk`
			`- mintchat`
			`- webapp-manager`
			`- hypnotix`
			`- celluloid`
			`- onboard`
			`- warpinator`
			`- gnome-terminal`
			`...`