homeserver/host_vars/irantu.mgrote.net.yml

---
# Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen.

### mgrote_laptop
laptop_install_deb_url:
  - https://github.com/pulsar-edit/pulsar/releases/download/v1.123.0/Linux.pulsar_1.123.0_amd64.deb
  - https://download.xnview.com/XnViewMP-linux-x64.deb
  - https://github.com/torakiki/pdfsam/releases/download/v5.2.9/pdfsam_5.2.9-1_amd64.deb
laptop_install_deb_url_archived:
  - https://download.mikrotik.com/routeros/winbox/4.0beta14/WinBox_Linux.zip

### mgrote_user_setup
dotfiles:
  - user: mg
    home: /home/mg
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
dotfiles_vim_vundle_repo_url: "https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"

### mgrote_user
users:
  - username: mg
    password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
    update_password: always
    groups:
      - ssh
      - sudo
    state: present
    public_ssh_key: "{{ ssh_public_key_mg }}"
    allow_sudo: true
    allow_passwordless_sudo: true
  - username: ansible-user
    password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
    update_password: always
    groups:
      - ssh
      - sudo
    state: present
    public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE
    allow_sudo: true
    allow_passwordless_sudo: true
  - username: docker-user
    password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"
    update_password: always
    groups:
      - ssh
      - sudo
      - docker
    state: present
    allow_sudo: true
    allow_passwordless_sudo: true
    uid: "5000"

### geerlingguy.pip
pip_package: python3-pip
pip_install_packages:
  - name: docker # für munin-plugin docker_

### geerlingguy.docker
docker_users:
  - mg
  - docker-user
docker_install_compose: true
docker_add_repo: true
docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/ubuntu jammy {{ docker_apt_release_channel }}" # Distribution ubuntu jammy explizit gesetzt
docker_apt_gpg_key: "{{ docker_repo_url }}/ubuntu/gpg" # Distribution ubuntu explizit gesetzt

### oefenweb.ufw
ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'ssh'
    from_ip: 0.0.0.0/0
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow

### mgrote_restic
restic_exclude: |
      ._*
      desktop.ini
      .Trash-*
      **/**cache***/**
      **/**Cache***/**
      **/**AppData***/**
restic_folders_to_backup: "/usr/local /etc /root /home"
restic_repository: "//fileserver3.mgrote.net/restic"
restic_fail_mail: "{{ my_mail }}"
restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
restic_mount_user: restic
restic_schedule: "*-*-* 4:00:00"

### mgrote_apt_manage_packages
apt_packages_common:
  - locales
  - wget
  - python3
  - build-essential
  - htop
  - git
  - dnsutils
  - mc
  - cifs-utils
  - haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/
  - ca-certificates
  - netdiscover
  - tree
  - curl
  - whois
  - logrotate
  - ncdu
  - net-tools
  - apt-transport-https
  - moreutils
  - acl
  - vim
  - rsync
  - at
  - ripgrep
  - iotop
  - pwgen
  - keychain
  - bc
  - jq
apt_packages_extra:
  - firefox
  - vlc
  - keepassxc
  - git
  - tmux
  - vim
  - ripgrep
  - ca-certificates
  - nextcloud-desktop
  - wireguard
  - dos2unix
  - remmina
  - mintstick
  - picard
  - network-manager
  - virt-manager
  - alacritty
apt_packages_physical:
  - s-tui
  - smartmontools
  - lm-sensors
  - ethtool
  - fwupd
apt_packages_absent:
  - nano
  - snapd
  - ubuntu-advantage-tools
  - neofetch
  - graphviz
  - ubuntu-pro-client
  - thunderbird
  - libflatpak0
  - nano
  - snapd
  - thingy
  - gnome-calendar
  - pix
  - drawing
  - transmission
  - transmission-gtk
  - mintchat
  - webapp-manager
  - hypnotix
  - celluloid
  - onboard
  - warpinator
  - gnome-terminal
...
ff 2024-12-28 20:18:04 +01:00			`---`
			`# Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen.`
dd 2024-12-29 11:11:03 +01:00
			`### mgrote_laptop`
			`laptop_install_deb_url:`
			`- https://github.com/pulsar-edit/pulsar/releases/download/v1.123.0/Linux.pulsar_1.123.0_amd64.deb`
			`- https://download.xnview.com/XnViewMP-linux-x64.deb`
dd 2024-12-29 11:16:09 +01:00			`- https://github.com/torakiki/pdfsam/releases/download/v5.2.9/pdfsam_5.2.9-1_amd64.deb`
dd 2024-12-29 11:13:21 +01:00			`laptop_install_deb_url_archived:`
			`- https://download.mikrotik.com/routeros/winbox/4.0beta14/WinBox_Linux.zip`
dd 2024-12-29 11:11:03 +01:00
ff 2024-12-28 20:18:04 +01:00			`### mgrote_user_setup`
			`dotfiles:`
			`- user: mg`
			`home: /home/mg`
			`dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles`
			`dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user \| urlencode }}:{{ ansible_forgejo_user_pass \| urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"`

			`### mgrote_user`
			`users:`
			`- username: mg`
			`password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"`
			`update_password: always`
			`groups:`
			`- ssh`
			`- sudo`
			`state: present`
			`public_ssh_key: "{{ ssh_public_key_mg }}"`
			`allow_sudo: true`
			`allow_passwordless_sudo: true`
			`- username: ansible-user`
			`password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"`
			`update_password: always`
			`groups:`
			`- ssh`
			`- sudo`
			`state: present`
			`public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE`
			`allow_sudo: true`
			`allow_passwordless_sudo: true`
ff 2024-12-28 20:20:18 +01:00			`- username: docker-user`
			`password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"`
			`update_password: always`
			`groups:`
			`- ssh`
			`- sudo`
			`- docker`
			`state: present`
			`allow_sudo: true`
			`allow_passwordless_sudo: true`
			`uid: "5000"`

			`### geerlingguy.pip`
			`pip_package: python3-pip`
			`pip_install_packages:`
			`- name: docker # für munin-plugin docker_`

			`### geerlingguy.docker`
			`docker_users:`
			`- mg`
			`- docker-user`
			`docker_install_compose: true`
			`docker_add_repo: true`
dd 2024-12-28 20:49:39 +01:00			`docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/ubuntu jammy {{ docker_apt_release_channel }}" # Distribution ubuntu jammy explizit gesetzt`
			`docker_apt_gpg_key: "{{ docker_repo_url }}/ubuntu/gpg" # Distribution ubuntu explizit gesetzt`
ff 2024-12-28 20:18:04 +01:00
			`### oefenweb.ufw`
			`ufw_rules:`
			`- rule: allow`
			`to_port: 22`
			`protocol: tcp`
			`comment: 'ssh'`
			`from_ip: 0.0.0.0/0`
			`ufw_default_incoming_policy: deny`
			`ufw_default_outgoing_policy: allow`

			`### mgrote_restic`
			`restic_exclude: \|`
			`._*`
			`desktop.ini`
			`.Trash-*`
			`/cache*/`
			`/Cache*/`
			`/AppData*/`
			`restic_folders_to_backup: "/usr/local /etc /root /home"`
			`restic_repository: "//fileserver3.mgrote.net/restic"`
			`restic_fail_mail: "{{ my_mail }}"`
			`restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"`
			`restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow`
			`restic_mount_user: restic`
			`restic_schedule: "--* 4:00:00"`

			`### mgrote_apt_manage_packages`
			`apt_packages_common:`
			`- locales`
instal 2024-12-29 11:06:04 +01:00			`- wget`
ff 2024-12-28 20:18:04 +01:00			`- python3`
			`- build-essential`
			`- htop`
			`- git`
			`- dnsutils`
			`- mc`
			`- cifs-utils`
			`- haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/`
			`- ca-certificates`
			`- netdiscover`
			`- tree`
			`- curl`
			`- whois`
			`- logrotate`
			`- ncdu`
			`- net-tools`
			`- apt-transport-https`
			`- moreutils`
			`- acl`
			`- vim`
			`- rsync`
			`- at`
			`- ripgrep`
			`- iotop`
			`- pwgen`
			`- keychain`
			`- bc`
			`- jq`
instal 2024-12-29 11:06:04 +01:00			`apt_packages_extra:`
			`- firefox`
			`- vlc`
			`- keepassxc`
			`- git`
			`- tmux`
			`- vim`
			`- ripgrep`
			`- ca-certificates`
			`- nextcloud-desktop`
			`- wireguard`
			`- dos2unix`
			`- remmina`
			`- mintstick`
			`- picard`
			`- network-manager`
			`- virt-manager`
			`- alacritty`
ff 2024-12-28 20:18:04 +01:00			`apt_packages_physical:`
			`- s-tui`
			`- smartmontools`
			`- lm-sensors`
			`- ethtool`
			`- fwupd`
			`apt_packages_absent:`
			`- nano`
			`- snapd`
			`- ubuntu-advantage-tools`
			`- neofetch`
			`- graphviz`
			`- ubuntu-pro-client`
instal 2024-12-29 11:06:04 +01:00			`- thunderbird`
rem 2024-12-29 11:04:06 +01:00			`- libflatpak0`
			`- nano`
			`- snapd`
			`- thingy`
			`- gnome-calendar`
			`- pix`
			`- drawing`
			`- transmission`
			`- transmission-gtk`
			`- mintchat`
			`- webapp-manager`
			`- hypnotix`
			`- celluloid`
			`- onboard`
			`- warpinator`
			`- gnome-terminal`
ff 2024-12-28 20:18:04 +01:00			`...`