homeserver/host_vars/docker7.grote.lan.yml

---
  ### mgrote.apt_manage_packages
  apt_packages_extra:
    - libwww-curl-perl # für munin-plugin: unifi
    - libjson-perl # für munin-plugin: unifi
    - sshpass # fur munin mt_system_*
  ### mgrote.docker-compose-deploy
  docker_compose_projects:
    - name: watchtower
      dir_name: docker-watchtower
      repository_url: git.mgrote.net/mg/docker-watchtower
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: ansible-ara
      dir_name: docker-ansible-ara
      repository_url: git.mgrote.net/mg/docker-ansible-ara
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: homer
      dir_name: docker-homer
      repository_url: git.mgrote.net/mg/docker-homer
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: photoprism
      dir_name: docker-photoprism
      repository_url: git.mgrote.net/mg/docker-photoprism
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: miniflux
      dir_name: docker-miniflux
      repository_url: git.mgrote.net/mg/docker-miniflux
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: traefik
      dir_name: docker-traefik
      repository_url: git.mgrote.net/mg/docker-traefik
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      network_name: nw_proxy_traefik
    - name: munin-master
      dir_name: docker-munin-master
      repository_url: git.mgrote.net/mg/docker-munin-master_production
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: oxidized
      dir_name: docker-oxidized
      repository_url: git.mgrote.net/mg/docker-oxidized
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: librenms
      dir_name: docker-librenms
      repository_url: git.mgrote.net/mg/docker-librenms
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: unifi-controller
      dir_name: docker-unifi-controller
      repository_url: git.mgrote.net/mg/docker-unifi-controller
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: navidrome-mg
      dir_name: docker-navidrome-mg
      repository_url: git.mgrote.net/mg/docker-navidrome-mg
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: hastebin
      dir_name: docker-hastebin
      repository_url: git.mgrote.net/mg/docker-hastebin
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
  ### oefenweb.ufw
  ufw_rules: # ist extra weil bei munin kein subnet angegeben ist
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 4949
      protocol: tcp
      comment: 'munin'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 443
      protocol: tcp
      comment: 'mf-filter' # da mgrote.net auf tarefik umgelietet wird funktioniert sonst mf-filter nicht, daher hier explizit Port 443 freigegeben
      from_ip: 0.0.0.0/0
  ### geerlingguy.pip
  pip_package: python3-pip
  pip_install_packages:
    - name: docker # für munin-plugin docker_
    - name: fritzconnection # für munin fritzbox*
    - name: lxml # für munin fritzbox*
    - name: requests # für munin fritzbox*
  ### mgrote.munin-node
  munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: systemd_mem
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
      config: |
        [systemd_mem]
        env.all_services true
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: docker_containers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
      config: |
        [docker_*]
        user root
        env.DOCKER_HOST unix://run/docker.sock
    - name: docker_cpu
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_memory
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_network
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_volumes
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: http_response
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
      config: |
        [http_response]
        env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 http://docker7.grote.lan:2342 https://audio.mgrote.net/mg
        env.max_time 20
        env.short_label true
        env.follow_redirect true
    - name: mt_system_crs309
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
      config: |
        [mt_system_crs309]
        user root
        env.ssh_user munin
        env.ssh_password {{ lookup('keepass', 'crs309_munin_user', 'password') }}
        env.ssh_host 192.168.2.224
    - name: mt_system_hex
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
      config: |
        [mt_system_hex]
        user root
        env.ssh_user munin
        env.ssh_password {{ lookup('keepass', 'hex_munin_user', 'password') }}
        env.ssh_host 192.168.3.144
    - name: mt_system_crs305
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
      config: |
        [mt_system_crs305]
        user root
        env.ssh_user munin
        env.ssh_password {{ lookup('keepass', 'crs305_munin_user', 'password') }}
        env.ssh_host 192.168.2.225
    - name: mt_system_rb5009
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
      config: |
        [mt_system_rb5009]
        user root
        env.ssh_user munin
        env.ssh_password {{ lookup('keepass', 'rb5009_munin_user', 'password') }}
        env.ssh_host 192.168.2.1
    - name: unifi
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi
      config: |
        [unifi*]
        # User name to login to unifi controller API.  Default is "ubnt".  Ideally, this should
        # point to a read-only account.
        env.user munin
        # Password to login to unifi controller API. Default is "ubnt"
        env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }}
        # URL of the API, with port if needed.  No trailing slash.
        env.api_url https://docker7.grote.lan:8443
        # Verify SSL certificate name against host.
        # Note: if using a default cloudkey certificate, this will fail unless you manually add it
        # to the local keystore.
        # Default is "yes"
        env.ssl_verify_host no
        # Verify Peer's SSL vertiicate.
        # Note: if using a default cloudkey certificate, this will fail
        # Default is "yes"
        env.ssl_verify_peer no
        # The human readable name of the unifi site - used for graph titles
        env.name Unifi
        # By default, Use standard munin well know categories -
        env.force_category unifi
        #---
        # Show device CPU utilization
        env.enable_device_cpu yes
        # Show device memory usage
        env.enable_device_mem yes
        # Show device load average (switches and APs only)
        env.enable_device_load yes
        # Show device uptime
        env.enable_device_uptime yes
        # Show number of clients connected to each device
        env.enable_clients_device yes
        # Show detailed graphs for each device (per device graphs)
        env.enable_detail_clients_device yes
        # Show number of clients connected to each network type
        env.enable_clients_type yes
        # Show detailed graphs for each client type (per type graphs)
        env.enable_detail_clients_type yes
        # Show unauthorized / authorized client list
        # if you are not using the guest portal, this is useless
        env.show_authorized_clients_type yes
        # Show transfer statistics on switch ports; wirft Fehler wenn aktiv
        env.enable_xfer_port no
        # Show detailed graphs per switch port; wirft Fehler wenn aktiv
        env.enable_detail_xfer_port no
        # Hide ports that have no link (When set to no, unplugged ports will transfer 0, not be undefined); wirft Fehler wenn aktiv
        env.hide_empty_xfer_port no
        # Show transfer statistics per device; wirft Fehler wenn aktiv
        env.enable_xfer_device no
        # Show detailed graphs for each device; wirft Fehler wenn aktiv
        env.enable_detail_xfer_device yes
        # Show transfer statistics per named network; wirft Fehler wenn aktiv
        env.enable_xfer_network no
        # Show detailed graphs for each named network; wirft Fehler wenn aktiv
        env.enable_detail_xfer_network no
        # Show transfer statistics per radio; wirft Fehler wenn aktiv
        env.enable_xfer_radio no
        # Show detailed graphs for each radio; wirft Fehler wenn aktiv
        env.enable_detail_xfer_radio no
    - name: fritzbox_uptime.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_uptime.py
    - name: fritzbox_traffic.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_traffic.py
    - name: fritzbox_power.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_power_consumption.py
    - name: fritzbox_memory.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_memory_usage.py
    - name: fritzbox_helper.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_helper.py
    - name: fritzbox_cpu.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_usage.py
    - name: fritzbox_temp.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_temperature.py
    - name: fritzbox_conn_uptime.py
      src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_connection_uptime.py
      config: |
        [fritzbox_*]
        env.fritzbox_ip 192.168.5.1
        env.fritzbox_username munin
        env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }}
        env.traffic_remove_max true # if you do not want the possible max values