2020-12-26 16:22:59 +01:00
---
2022-05-19 21:37:39 +02:00
### mrlesmithjr.ansible-manage-lvm
lvm_groups :
- vgname : vg_gitea_data
disks :
2022-08-08 21:26:56 +02:00
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
2022-05-19 21:37:39 +02:00
create : true
lvnames :
- lvname : lv_gitea_data
size : +100%FREE
create : true
filesystem : xfs
mount : true
mntp : /var/lib/gitea
manage_lvm : true
pvresize_to_max : true
2022-05-22 21:12:36 +02:00
### mgrote.restic
restic_folders_to_backup : "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
2020-12-26 16:22:59 +01:00
### oefenweb.ufw
ufw_rules :
- rule : allow
to_port : 22
protocol : tcp
comment : 'ssh'
2021-10-06 10:18:23 +02:00
from_ip : 0.0 .0 .0 /0
2020-12-26 16:22:59 +01:00
- rule : allow
2021-10-17 19:40:18 +02:00
to_port : "{{ gitea_http_port }}"
2020-12-26 16:22:59 +01:00
protocol : tcp
comment : 'gitea'
2021-10-06 10:18:23 +02:00
from_ip : 0.0 .0 .0 /0
2020-12-26 16:22:59 +01:00
- rule : allow
2021-10-17 19:40:18 +02:00
to_port : "{{ gitea_ssh_port }}"
2020-12-26 16:22:59 +01:00
protocol : tcp
comment : 'gitea'
2021-10-06 10:18:23 +02:00
from_ip : 0.0 .0 .0 /0
2021-06-16 21:57:28 +02:00
- rule : allow
to_port : 4949
protocol : tcp
comment : 'munin'
from_ip : 192.168 .2 .144 /24
2023-04-25 16:25:50 +02:00
### l3d.gitea
2022-07-23 10:59:46 +02:00
# config liegt in /etc/gitea/gitea.ini
2023-04-14 10:16:18 +02:00
gitea_version : "1.19.1"
2020-12-26 16:22:59 +01:00
gitea_app_name : "Gitea"
gitea_user : "gitea"
gitea_home : "/var/lib/gitea"
gitea_repository_root : "{{ gitea_home }}"
gitea_user_repo_limit : 300
gitea_root_url : https://git.mgrote.net
gitea_offline_mode : true
gitea_lfs_server_enabled : false
gitea_secret_key : "{{ lookup('keepass', 'gitea_secret_key', 'password') }}"
gitea_internal_token : "{{ lookup('keepass', 'gitea_internal_token', 'password') }}"
gitea_disable_git_hooks : false
gitea_show_user_email : false
gitea_disable_gravatar : true
gitea_enable_captcha : true
gitea_only_allow_external_registration : false
gitea_enable_notify_mail : false
gitea_force_private : false
2022-07-20 11:50:03 +02:00
gitea_oauth2_enabled : true
2020-12-26 16:22:59 +01:00
gitea_repo_indexer_enabled : true
gitea_mailer_enabled : true
gitea_mailer_skip_verify : false
gitea_mailer_tls_enabled : true
gitea_mailer_host : smtp.strato.de:465
gitea_mailer_from : info@mgrote.net
gitea_mailer_user : "info@mgrote.net"
gitea_mailer_password : "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
gitea_mailer_type : smtp
2023-04-25 16:25:50 +02:00
gitea_default_branch : 'master'
2020-12-26 16:22:59 +01:00
gitea_db_type : sqlite3
gitea_db_path : "{{ gitea_home }}/data/gitea.db" # for sqlite3
gitea_ssh_listen : 0.0 .0 .0
gitea_ssh_domain : git.mgrote.net
gitea_ssh_port : 2222
gitea_start_ssh : true
gitea_http_domain : git.mgrote.net
gitea_http_listen : 0.0 .0 .0
gitea_http_port : 3000
gitea_disable_http_git : false
gitea_protocol : http
gitea_show_registration_button : false
2020-12-26 16:35:10 +01:00
gitea_require_signin : false
2020-12-26 16:22:59 +01:00
gitea_disable_registration : true
2020-12-27 17:43:16 +01:00
gitea_fail2ban_enabled : true
2021-11-26 12:26:55 +01:00
gitea_fail2ban_jail_maxretry : 3
2020-12-27 17:43:16 +01:00
gitea_fail2ban_jail_findtime : 300
2021-11-26 12:26:55 +01:00
gitea_fail2ban_jail_bantime : 600
2022-07-23 10:59:46 +02:00
# wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
gitea_extra_config : |
2023-04-25 16:25:50 +02:00
[ webhook]
ALLOWED_HOST_LIST = *.grote.lan
gitea_backup_on_upgrade : false
gitea_backup_location : "{{ gitea_home }}/backups/"
2022-07-23 10:59:46 +02:00
2022-06-12 22:24:12 +02:00
### mgrote.munin-node
2022-01-22 11:33:49 +01:00
munin_node_plugins :
2022-02-18 20:34:43 +01:00
- name : timesync
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
2022-01-22 11:33:49 +01:00
- name : systemd_status
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
2022-06-12 22:24:12 +02:00
- name : systemd_mem
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config : |
[ systemd_mem]
env.all_services true
2022-01-22 11:33:49 +01:00
- name : lvm_
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config : |
[ lvm_*]
user root
- name : fail2ban
src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config : |
[ fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name : http_response
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config : |
[ http_response]
env.sites http://gitea.grote.lan:3000 https://git.mgrote.net
env.max_time 20
env.short_label true
env.follow_redirect true
2023-04-17 18:03:10 +02:00
- name : drone
2023-04-18 14:34:19 +02:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/cicd/drone
2023-04-17 18:03:10 +02:00
config : |
[ drone]
env.url http://docker10.grote.lan:81/api/user/repos?latest=true
env.token {{ lookup('keepass', 'munin_plugin_drone_token', 'password') }}