From 3d4ec29bafd75aa9b50001ed407aba6b44815382 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Sat, 28 Dec 2024 20:18:04 +0100 Subject: [PATCH] ff --- group_vars/all.yml | 3 +- host_vars/irantu.mgrote.net.yml | 105 ++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+), 1 deletion(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 49575290..b8630520 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -20,6 +20,7 @@ dotfiles: home: /root dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git" + ### mgrote_netplan netplan_configure: true @@ -101,7 +102,7 @@ restic_exclude: | **/**AppData***/** restic_folders_to_backup: "/usr/local /etc /root /home" restic_repository: "//fileserver3.mgrote.net/restic" -restic_fail_mail: michael.grote@posteo.de +restic_fail_mail: "{{ my_mail }}" restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}" restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow restic_mount_user: restic diff --git a/host_vars/irantu.mgrote.net.yml b/host_vars/irantu.mgrote.net.yml index e69de29b..0ad30b4e 100644 --- a/host_vars/irantu.mgrote.net.yml +++ b/host_vars/irantu.mgrote.net.yml @@ -0,0 +1,105 @@ +--- +# Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen. +### mgrote_user_setup +dotfiles: + - user: mg + home: /home/mg + - user: root + home: /root +dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles +dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git" + +### mgrote_user +users: + - username: mg + password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" + update_password: always + groups: + - ssh + - sudo + state: present + public_ssh_key: "{{ ssh_public_key_mg }}" + allow_sudo: true + allow_passwordless_sudo: true + - username: ansible-user + password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" + update_password: always + groups: + - ssh + - sudo + state: present + public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE + allow_sudo: true + allow_passwordless_sudo: true + +### oefenweb.ufw +ufw_rules: + - rule: allow + to_port: 22 + protocol: tcp + comment: 'ssh' + from_ip: 0.0.0.0/0 +ufw_default_incoming_policy: deny +ufw_default_outgoing_policy: allow + +### mgrote_restic +restic_exclude: | + ._* + desktop.ini + .Trash-* + **/**cache***/** + **/**Cache***/** + **/**AppData***/** +restic_folders_to_backup: "/usr/local /etc /root /home" +restic_repository: "//fileserver3.mgrote.net/restic" +restic_fail_mail: "{{ my_mail }}" +restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}" +restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow +restic_mount_user: restic +restic_schedule: "*-*-* 4:00:00" + +### mgrote_apt_manage_packages +apt_packages_common: + - locales + - python3 + - build-essential + - htop + - git + - dnsutils + - mc + - cifs-utils + - haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/ + - ca-certificates + - netdiscover + - tree + - curl + - whois + - logrotate + - ncdu + - net-tools + - apt-transport-https + - moreutils + - acl + - vim + - rsync + - at + - ripgrep + - iotop + - pwgen + - keychain + - bc + - jq +apt_packages_physical: + - s-tui + - smartmontools + - lm-sensors + - ethtool + - fwupd +apt_packages_absent: + - nano + - snapd + - ubuntu-advantage-tools + - neofetch + - graphviz + - ubuntu-pro-client +...