2021-07-17 19:57:50 +02:00
---
2022-08-06 11:20:05 +02:00
### mrlesmithjr.ansible-manage-lvm
lvm_groups :
- vgname : vg_docker
disks :
2022-08-08 21:26:56 +02:00
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
2022-08-06 11:20:05 +02:00
create : true
lvnames :
2022-08-25 22:22:11 +02:00
- lvname : docker
2022-08-06 11:20:05 +02:00
size : +100%FREE
create : true
filesystem : xfs
mount : true
mntp : /var/lib/docker
- vgname : vg_docker2
disks :
2022-08-08 21:26:56 +02:00
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
2022-08-06 11:20:05 +02:00
create : true
lvnames :
2022-08-25 22:22:11 +02:00
- lvname : httpd
size : 1G
2022-08-06 11:20:05 +02:00
create : true
filesystem : xfs
mount : true
2022-08-25 22:22:11 +02:00
mntp : /mnt/httpd
2022-08-06 11:20:05 +02:00
manage_lvm : true
pvresize_to_max : true
2022-08-25 22:22:11 +02:00
### mgrote.restic
restic_folders_to_backup : "/ /var/lib/docker /mnt/httpd" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
# die vars noch in rolle übertragen mit beispiel
### mgrote.docker-compose-inline
compose_owner : "docker-user"
compose_group : "docker-user"
compose_file_permissions : "644"
compose_dir_permissions : "755"
compose_dest_basedir : "/docker"
compose_src_basedir : "{{ inventory_dir }}/docker-compose"
compose_files :
- name : hastebin
2021-07-20 10:14:07 +02:00
state : present
2022-08-25 22:22:11 +02:00
- name : ara
state : present
- name : oxidized
2022-03-06 14:10:30 +01:00
state : present
2021-07-19 20:18:48 +02:00
- name : homer
2021-07-20 10:14:07 +02:00
state : present
2022-08-25 22:22:11 +02:00
- name : munin
2022-03-06 14:10:30 +01:00
state : present
2022-08-25 22:22:11 +02:00
- name : drone
2022-03-06 14:10:30 +01:00
state : present
2022-08-26 14:26:42 +02:00
- name : dozzle
state : present
2022-08-25 22:22:11 +02:00
- name : nextcloud
2022-03-06 14:10:30 +01:00
state : present
2022-08-25 22:22:11 +02:00
network : traefik
- name : tor-snowflake
2022-03-06 14:10:30 +01:00
state : present
2022-08-25 22:22:11 +02:00
- name : photoprism
2022-03-06 14:10:30 +01:00
state : present
2022-01-22 22:28:30 +01:00
- name : librenms
2022-03-06 14:10:30 +01:00
state : present
2022-08-25 22:22:11 +02:00
- name : httpd # das Volume hat die Rechte 0777 damit jeder per SSH reinschreiben kann; ist fur drone.io eingerichtet; siehe $dir_permissions
2022-03-06 14:10:30 +01:00
state : present
2022-08-25 22:22:11 +02:00
- name : unifi-controller
2022-01-22 22:28:30 +01:00
state : present
2022-08-25 22:22:11 +02:00
- name : miniflux
2022-07-16 10:54:37 +02:00
state : present
2022-08-25 22:22:11 +02:00
network : traefik
- name : traefik
2022-08-12 22:38:25 +02:00
state : present
2022-08-25 22:22:11 +02:00
network : traefik
- name : navidrome
2022-08-06 11:20:05 +02:00
state : present
2022-08-25 22:22:11 +02:00
network : traefik
2022-08-06 11:20:05 +02:00
2022-08-25 22:22:11 +02:00
#### mgrote.set_permissions
dir_permissions :
- path : /mnt/httpd
mode : '0777'
2021-07-20 10:42:30 +02:00
### oefenweb.ufw
2022-08-25 22:22:11 +02:00
ufw_rules :
2021-07-20 10:42:30 +02:00
- rule : allow
to_port : 22
protocol : tcp
comment : 'ssh'
2021-10-06 10:18:23 +02:00
from_ip : 0.0 .0 .0 /0
2021-07-20 10:42:30 +02:00
- rule : allow
to_port : 4949
protocol : tcp
comment : 'munin'
2021-10-06 10:18:23 +02:00
from_ip : 0.0 .0 .0 /0
2022-08-25 22:22:11 +02:00
# docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
2022-05-20 11:55:15 +02:00
- rule : allow
2022-08-25 22:22:11 +02:00
from_ip : 192.168 .0 .0 /16
comment : 'docker networks'
- rule : allow
from_ip : 172.0 .0 .0 /8
comment : 'docker networks'
2022-01-16 14:39:52 +01:00
### geerlingguy.pip
pip_package : python3-pip
pip_install_packages :
- name : docker # für munin-plugin docker_
- name : fritzconnection # für munin fritzbox*
- name : lxml # für munin fritzbox*
- name : requests # für munin fritzbox*
2022-08-25 22:22:11 +02:00
### mgrote.apt_manage_packages
apt_packages_extra :
- libwww-curl-perl # für munin-plugin : unifi
- libjson-perl # für munin-plugin : unifi
- sshpass # fur munin mt_system_*
2022-06-12 22:24:12 +02:00
### mgrote.munin-node
2022-03-06 14:10:30 +01:00
munin_node_allowed_cidrs : [ 0.0 .0 .0 /0] # weil der munin-server aus einem anderen subnet zugreift
2021-09-24 10:11:54 +02:00
munin_node_plugins :
2022-02-18 20:34:43 +01:00
- name : timesync
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
2021-09-24 10:11:54 +02:00
- name : systemd_status
2021-11-07 12:22:11 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
2022-06-12 22:24:12 +02:00
- name : systemd_mem
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config : |
[ systemd_mem]
env.all_services true
2021-09-24 10:11:54 +02:00
- name : lvm_
2021-11-07 12:22:11 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
2021-09-24 10:11:54 +02:00
config : |
[ lvm_*]
user root
2022-03-06 14:10:30 +01:00
- name : fail2ban
src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config : |
[ fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
2021-09-24 10:11:54 +02:00
- name : docker_containers
2021-11-07 12:22:11 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
2021-09-24 10:11:54 +02:00
config : |
[ docker_*]
user root
env.DOCKER_HOST unix://run/docker.sock
- name : docker_cpu
2021-11-07 12:22:11 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
2021-09-24 10:11:54 +02:00
- name : docker_memory
2021-11-07 12:22:11 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
2021-09-24 10:11:54 +02:00
- name : docker_network
2021-11-07 12:22:11 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
2021-09-24 10:11:54 +02:00
- name : docker_volumes
2021-11-07 12:22:11 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
2022-03-06 14:10:30 +01:00
- name : http_response
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config : |
[ http_response]
2022-08-26 14:26:42 +02:00
env.sites http://docker10.grote.lan:7777 http://docker10.grote.lan:2233 http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 http://docker10.grote.lan:2342/ http://docker10.grote.lan:4455
2022-03-06 14:10:30 +01:00
env.max_time 20
env.short_label true
env.follow_redirect true
2022-04-06 18:49:15 +02:00
- name : mt_system_hex
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
config : |
[ mt_system_hex]
user root
env.ssh_user munin
2022-08-25 22:22:11 +02:00
env.ssh_password {{ lookup('keepass', 'munin_user_hex', 'password') }}
2022-04-06 18:49:15 +02:00
env.ssh_host 192.168.3.144
2022-02-15 18:42:58 +01:00
- name : mt_system_crs305
2022-01-03 13:43:56 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
config : |
2022-02-15 18:42:58 +01:00
[ mt_system_crs305]
2022-01-03 13:43:56 +01:00
user root
env.ssh_user munin
2022-08-25 22:22:11 +02:00
env.ssh_password {{ lookup('keepass', 'munin_user_crs305', 'password') }}
2022-01-03 13:43:56 +01:00
env.ssh_host 192.168.2.225
2021-10-05 13:46:44 +02:00
- name : mt_system_rb5009
2021-11-19 11:54:48 +01:00
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
2021-09-24 10:11:54 +02:00
config : |
2021-10-05 13:46:44 +02:00
[ mt_system_rb5009]
2021-09-24 10:11:54 +02:00
user root
env.ssh_user munin
2022-08-25 22:22:11 +02:00
env.ssh_password {{ lookup('keepass', 'munin_user_rb5009', 'password') }}
2021-10-05 13:46:44 +02:00
env.ssh_host 192.168.2.1
2021-09-24 10:11:54 +02:00
- name : unifi
src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi
config : |
[ unifi*]
# User name to login to unifi controller API. Default is "ubnt". Ideally, this should
# point to a read-only account.
env.user munin
# Password to login to unifi controller API. Default is "ubnt"
2022-08-25 22:22:11 +02:00
env.pass {{ lookup('keepass', 'munin_user_unifi', 'password') }}
2021-09-24 10:11:54 +02:00
# URL of the API, with port if needed. No trailing slash.
2022-08-25 22:22:11 +02:00
env.api_url https://docker10.grote.lan:8443
2021-09-24 10:11:54 +02:00
# Verify SSL certificate name against host.
# Note: if using a default cloudkey certificate, this will fail unless you manually add it
# to the local keystore.
# Default is "yes"
env.ssl_verify_host no
# Verify Peer's SSL vertiicate.
# Note: if using a default cloudkey certificate, this will fail
# Default is "yes"
env.ssl_verify_peer no
# The human readable name of the unifi site - used for graph titles
env.name Unifi
# By default, Use standard munin well know categories -
env.force_category unifi
#---
# Show device CPU utilization
env.enable_device_cpu yes
# Show device memory usage
env.enable_device_mem yes
# Show device load average (switches and APs only)
env.enable_device_load yes
# Show device uptime
env.enable_device_uptime yes
# Show number of clients connected to each device
env.enable_clients_device yes
# Show detailed graphs for each device (per device graphs)
env.enable_detail_clients_device yes
# Show number of clients connected to each network type
env.enable_clients_type yes
# Show detailed graphs for each client type (per type graphs)
env.enable_detail_clients_type yes
# Show unauthorized / authorized client list
# if you are not using the guest portal, this is useless
env.show_authorized_clients_type yes
2022-01-16 15:14:36 +01:00
# Show transfer statistics on switch ports; wirft Fehler wenn aktiv
env.enable_xfer_port no
# Show detailed graphs per switch port; wirft Fehler wenn aktiv
env.enable_detail_xfer_port no
# Hide ports that have no link (When set to no, unplugged ports will transfer 0, not be undefined); wirft Fehler wenn aktiv
2021-09-24 10:11:54 +02:00
env.hide_empty_xfer_port no
2022-01-16 15:14:36 +01:00
# Show transfer statistics per device; wirft Fehler wenn aktiv
env.enable_xfer_device no
# Show detailed graphs for each device; wirft Fehler wenn aktiv
2021-09-24 10:11:54 +02:00
env.enable_detail_xfer_device yes
2022-01-16 15:14:36 +01:00
# Show transfer statistics per named network; wirft Fehler wenn aktiv
env.enable_xfer_network no
# Show detailed graphs for each named network; wirft Fehler wenn aktiv
env.enable_detail_xfer_network no
# Show transfer statistics per radio; wirft Fehler wenn aktiv
env.enable_xfer_radio no
# Show detailed graphs for each radio; wirft Fehler wenn aktiv
env.enable_detail_xfer_radio no
2022-01-16 14:39:52 +01:00
- name : fritzbox_uptime.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_uptime.py
- name : fritzbox_traffic.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_traffic.py
- name : fritzbox_power.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_power_consumption.py
- name : fritzbox_memory.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_memory_usage.py
- name : fritzbox_helper.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_helper.py
- name : fritzbox_cpu.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_usage.py
- name : fritzbox_temp.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_temperature.py
- name : fritzbox_conn_uptime.py
src : https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_connection_uptime.py
config : |
[ fritzbox_*]
env.fritzbox_ip 192.168.5.1
env.fritzbox_username munin
2022-08-25 22:22:11 +02:00
env.fritzbox_password {{ lookup('keepass', 'munin_user_fritzbox', 'password') }}
2022-01-16 14:39:52 +01:00
env.traffic_remove_max true # if you do not want the possible max values
2022-08-25 22:22:11 +02:00
- name : nextcloud_nextcloud.mgrote.net
src : https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
config : |
[ nextcloud_nextcloud.mgrote.net]
env.username munin
env.password {{ lookup('keepass', 'munin_user_nextcloud', 'password') }}
env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
env.scheme https