mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Aufbau NextCloud (#362)

Browse source 
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#362
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2022-05-22 21:12:36 +02:00
parent 1dc736d9e6
commit 192cb2a1ef
11 changed files with 116 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
group_vars/acng.yml
View file

@ -7,12 +7,13 @@
create: true create: true
lvnames: lvnames:
- lvname: lv_acng - lvname: lv_acng
size: 100%FREE size: +100%FREE
create: true create: true
filesystem: xfs filesystem: xfs
mount: true mount: true
mntp: /var/cache/apt-cacher-ng mntp: /var/cache/apt-cacher-ng
manage_lvm: true manage_lvm: true
pvresize_to_max: true
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:
- rule: allow - rule: allow

2
group_vars/all.yml
View file

@ -22,7 +22,7 @@
restic_mount_timeout: "10 min" restic_mount_timeout: "10 min"
restic_failure_delay: "30 s" restic_failure_delay: "30 s"
restic_schedule: "0/6:00" # alle 6 Stunden restic_schedule: "0/6:00" # alle 6 Stunden
restic_folders_to_backup: "/" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eigeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files restic_folders_to_backup: "/" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
restic_repository: "//fileserver2.grote.lan/restic" restic_repository: "//fileserver2.grote.lan/restic"
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}" restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
restic_mount_user: restic restic_mount_user: restic

5
group_vars/docker.yml
View file

@ -7,12 +7,15 @@
create: true create: true
lvnames: lvnames:
- lvname: lv_docker - lvname: lv_docker
size: 100%FREE size: +100%FREE
create: true create: true
filesystem: xfs filesystem: xfs
mount: true mount: true
mntp: /var/lib/docker mntp: /var/lib/docker
manage_lvm: true manage_lvm: true
pvresize_to_max: true
### mgrote.restic
restic_folders_to_backup: "/ /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
### mgrote.user ### mgrote.user
users: users:
- username: mg - username: mg

3
group_vars/gitea.yml
View file

@ -14,7 +14,8 @@
mntp: /var/lib/gitea mntp: /var/lib/gitea
manage_lvm: true manage_lvm: true
pvresize_to_max: true pvresize_to_max: true
### mgrote.restic
restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:
- rule: allow - rule: allow

3
host_vars/docker7-test.grote.lan.yml
View file

@ -43,9 +43,6 @@
pip_package: python3-pip pip_package: python3-pip
pip_install_packages: pip_install_packages:
- name: docker # für munin-plugin docker_ - name: docker # für munin-plugin docker_
- name: fritzconnection # für munin fritzbox*
- name: lxml # für munin fritzbox*
- name: requests # für munin fritzbox*
### geerlingguy.munin-node ### geerlingguy.munin-node
munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
munin_node_disabled_plugins: munin_node_disabled_plugins:

1
host_vars/docker7.grote.lan.yml
View file

@ -119,6 +119,7 @@
- name: docker_images - name: docker_images
- name: docker_status - name: docker_status
- name: chrony - name: chrony
- name: nextcloud_mgrote.next-cloud.org
munin_node_plugins: munin_node_plugins:
- name: timesync - name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status

104
host_vars/docker8.grote.lan.yml Normal file
View file

@ -0,0 +1,104 @@
---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_nextcloud
disks:
- /dev/sdb
create: true
lvnames:
- lvname: lv_nextcloud
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /mnt/nextcloud
manage_lvm: true
pvresize_to_max: true
### mgrote.restic
restic_folders_to_backup: "/ /mnt/nextcloud /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
restic_schedule: "0/2:00" # alle 2 Stunden
restic_exclude: |
._*
.Trash-*
# https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
### geerlingguy.munin-node
munin_node_plugins:
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: nextcloud_nextcloud.mgrote.net
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
config: |
[nextcloud_nextcloud.mgrote.net]
env.username munin
env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }}
env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
env.scheme https
- name: http_response
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: |
[http_response]
env.sites https://nextcloud.mgrote.net
env.max_time 20
env.short_label true
env.follow_redirect true
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: docker_containers
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
config: |
[docker_*]
user root
env.DOCKER_HOST unix://run/docker.sock
- name: docker_cpu
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_memory
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_network
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_volumes
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
### mgrote.docker-compose-deploy
docker_compose_projects:
- name: nextcloud
dir_name: docker-nextcloud
repository_url: git.mgrote.net/mg/docker-nextcloud
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: watchtower
dir_name: docker-watchtower
repository_url: git.mgrote.net/mg/docker-watchtower
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"

28
host_vars/fileserver2.grote.lan.yml
View file

@ -1,34 +1,6 @@
--- ---
### mgote.rclone ### mgote.rclone
rclone_jobs: rclone_jobs:
- name: nc_od_keepass
quelle: nextcloud-mg:/Rest/KeepassDB
ziel: onedrive-encrypt:/Rest/KeepassDB
timer: "*-*-* 23:15"
state: true
bwlimit: 2M
mode: "--size-only"
- name: nc_od_docs
quelle: nextcloud-mg:/Dokumente
ziel: onedrive-encrypt:/Dokumente
timer: "*-*-* 23:15"
state: true
bwlimit: 2M
mode: "--size-only"
- name: nc_sc_mg
quelle: nextcloud-mg:/
ziel: scaleway-encrypt-mg:/
timer: "*-*-* 23:15"
state: true
bwlimit: 2M
mode: "--size-only"
- name: nc_sc_amd
quelle: nextcloud-amd:/
ziel: scaleway-encrypt-amd:/
timer: "*-*-* 23:15"
state: true
bwlimit: 2M
mode: "--size-only"
- name: smb_amd_glacier - name: smb_amd_glacier
quelle: "/shares_amd" quelle: "/shares_amd"
ziel: "scaleway-encrypt-glacier:/amd" ziel: "scaleway-encrypt-glacier:/amd"

2
inventory
View file

@ -24,6 +24,7 @@ all:
hosts: hosts:
docker7.grote.lan: docker7.grote.lan:
docker7-test.grote.lan: docker7-test.grote.lan:
docker8.grote.lan:
vmtest: vmtest:
hosts: hosts:
vm-test2.grote.lan: vm-test2.grote.lan:
@ -57,6 +58,7 @@ all:
gitea.grote.lan: gitea.grote.lan:
dnsmasq.grote.lan: dnsmasq.grote.lan:
docker7.grote.lan: docker7.grote.lan:
docker8.grote.lan:
test: test:
hosts: hosts:
dokuwiki-test.grote.lan: dokuwiki-test.grote.lan:

BIN
keepass_db.kdbx
View file

Binary file not shown.

6
roles/mrlesmithjr.ansible-manage-lvm/tasks/debian.yml
View file

@ -1,10 +1,4 @@
--- ---
- name: debian | Updating Apt Cache
apt:
update_cache: true
cache_valid_time: 3600
become: true
- name: debian | installing pre-reqs - name: debian | installing pre-reqs
apt: apt:
name: name: