2020-08-19 12:29:49 +02:00
---
2023-10-25 22:26:17 +02:00
### mrlesmithjr.ansible-manage-lvm
lvm_groups :
- vgname : vg_docker
disks :
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
create : true
lvnames :
- lvname : lv_docker
size : +100%FREE
create : true
filesystem : xfs
mount : true
mntp : /var/lib/docker
manage_lvm : true
pvresize_to_max : true
2023-11-12 21:53:11 +01:00
2024-02-15 13:52:00 +01:00
### geerlingguy.pip
pip_package : python3-pip
pip_install_packages :
- name : docker # für munin-plugin docker_
### mgrote.apt_manage_packages
apt_packages_extra :
- libnet-dns-perl # für munin : dnsresponse_*
2023-11-29 21:15:50 +01:00
### mgrote_user
2023-10-25 22:26:17 +02:00
users :
- username : mg
2024-07-09 17:35:56 +02:00
password : "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
2023-10-25 22:26:17 +02:00
update_password : always
groups : ssh, sudo, docker
state : present
public_ssh_key : "{{ ssh_public_key_mg }}"
allow_sudo : true
allow_passwordless_sudo : true
- username : docker-user
2024-07-09 17:35:56 +02:00
password : "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"
2023-10-25 22:26:17 +02:00
update_password : always
groups : ssh, sudo, docker
state : present
allow_sudo : true
allow_passwordless_sudo : true
uid : "5000"
- username : ansible-user
2024-07-09 17:35:56 +02:00
password : "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
2023-10-25 22:26:17 +02:00
update_password : always
groups : ssh, sudo
state : present
public_ssh_key : ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
allow_sudo : true
allow_passwordless_sudo : true
2023-10-19 09:32:59 +02:00
2023-10-25 22:26:17 +02:00
### geerlingguy.docker
docker_users :
- mg
- docker-user
2023-11-12 21:53:11 +01:00
docker_install_compose : true
2024-01-26 14:02:21 +01:00
docker_add_repo : false # erstelle kein Repo-Eintrag unter /etc/apt/sources.list.d/, steht explizit unter "repos_override", wird nur zum installieren benötigt
2023-07-21 12:27:20 +02:00
2023-11-29 21:15:50 +01:00
### mgrote_docker-compose-deploy
2023-10-25 22:26:17 +02:00
docker_compose_base_dir : /home/docker-user
2023-11-29 21:15:50 +01:00
### mgrote_apt_manage_sources
2023-10-25 22:26:17 +02:00
repos_override : # mit docker-repos
- deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} universe"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates universe"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-backports main restricted universe multiverse"
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted"
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security universe"
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security multiverse"
2023-11-29 12:22:34 +01:00
### mgrote_systemd_resolved
systemd_resolved_nameserver : 192.168 .2 .37
2024-02-15 13:52:00 +01:00
2024-05-25 20:58:07 +02:00
### mgrote_restic
restic_folders_to_backup : "/usr/local /etc /root /home /var/lib/docker"
2024-02-15 13:52:00 +01:00
### mgrote_munin_node
2024-08-01 12:23:57 +02:00
munin_node_plugin_timeout : 120 # in sec, docker_multi braucht länger
2024-02-15 13:52:00 +01:00
munin_node_allowed_cidrs : [ 0.0 .0 .0 /0] # weil der munin-server aus einem anderen subnet zugreift
munin_node_plugins :
- name : systemd_status
2024-04-04 09:48:09 +02:00
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
2024-02-15 13:52:00 +01:00
- name : systemd_mem
2024-04-04 09:48:09 +02:00
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
2024-02-15 13:52:00 +01:00
config : |
[ systemd_mem]
env.all_services true
- name : lvm_
2024-04-04 09:48:09 +02:00
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
2024-02-15 13:52:00 +01:00
config : |
[ lvm_*]
user root
- name : fail2ban
src : https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config : |
[ fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
2024-07-31 12:17:30 +02:00
- name : chrony
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
2024-08-02 16:55:59 +02:00
- name : docker_volumesize
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_volumesize
- name : docker_containers
2024-04-04 09:48:09 +02:00
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_
2024-02-15 13:52:00 +01:00
config : |
[ docker_*]
2024-07-31 12:17:30 +02:00
group docker
2024-02-15 13:52:00 +01:00
env.DOCKER_HOST unix://run/docker.sock
2024-07-31 12:17:30 +02:00
env.EXCLUDE_CONTAINER_NAME wp
2024-08-02 16:55:59 +02:00
- name : docker_cpu
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_
- name : docker_images
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_
- name : docker_memory
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_
- name : docker_network
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_
- name : docker_status
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_
- name : docker_volumes
src : https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/docker/docker_
2024-02-15 13:52:00 +01:00
### oefenweb.ufw
ufw_rules :
- rule : allow
to_port : 22
protocol : tcp
comment : 'ssh'
from_ip : 0.0 .0 .0 /0
- rule : allow
to_port : 4949
protocol : tcp
comment : 'munin'
from_ip : 192.168 .2 .0 /24
- rule : allow
from_ip : 192.168 .0 .0 /16
comment : 'docker networks'
- rule : allow
from_ip : 172.0 .0 .0 /8
comment : 'docker networks'