ff

group_vars/all.yml

@@ -20,6 +20,7 @@ dotfiles:
     home: /root
 dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
 dotfiles_vim_vundle_repo_url: "https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"
+
 ### mgrote_netplan
 netplan_configure: true
 
@@ -101,7 +102,7 @@ restic_exclude: |
       **/**AppData***/**
 restic_folders_to_backup: "/usr/local /etc /root /home"
 restic_repository: "//fileserver3.mgrote.net/restic"
-restic_fail_mail: michael.grote@posteo.de
+restic_fail_mail: "{{ my_mail }}"
 restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
 restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
 restic_mount_user: restic

host_vars/irantu.mgrote.net.yml

@@ -0,0 +1,105 @@
+---
+# Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen.
+### mgrote_user_setup
+dotfiles:
+  - user: mg
+    home: /home/mg
+  - user: root
+    home: /root
+dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
+dotfiles_vim_vundle_repo_url: "https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"
+
+### mgrote_user
+users:
+  - username: mg
+    password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
+    update_password: always
+    groups:
+      - ssh
+      - sudo
+    state: present
+    public_ssh_key: "{{ ssh_public_key_mg }}"
+    allow_sudo: true
+    allow_passwordless_sudo: true
+  - username: ansible-user
+    password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
+    update_password: always
+    groups:
+      - ssh
+      - sudo
+    state: present
+    public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE
+    allow_sudo: true
+    allow_passwordless_sudo: true
+
+### oefenweb.ufw
+ufw_rules:
+  - rule: allow
+    to_port: 22
+    protocol: tcp
+    comment: 'ssh'
+    from_ip: 0.0.0.0/0
+ufw_default_incoming_policy: deny
+ufw_default_outgoing_policy: allow
+
+### mgrote_restic
+restic_exclude: |
+      ._*
+      desktop.ini
+      .Trash-*
+      **/**cache***/**
+      **/**Cache***/**
+      **/**AppData***/**
+restic_folders_to_backup: "/usr/local /etc /root /home"
+restic_repository: "//fileserver3.mgrote.net/restic"
+restic_fail_mail: "{{ my_mail }}"
+restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
+restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
+restic_mount_user: restic
+restic_schedule: "*-*-* 4:00:00"
+
+### mgrote_apt_manage_packages
+apt_packages_common:
+  - locales
+  - python3
+  - build-essential
+  - htop
+  - git
+  - dnsutils
+  - mc
+  - cifs-utils
+  - haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/
+  - ca-certificates
+  - netdiscover
+  - tree
+  - curl
+  - whois
+  - logrotate
+  - ncdu
+  - net-tools
+  - apt-transport-https
+  - moreutils
+  - acl
+  - vim
+  - rsync
+  - at
+  - ripgrep
+  - iotop
+  - pwgen
+  - keychain
+  - bc
+  - jq
+apt_packages_physical:
+  - s-tui
+  - smartmontools
+  - lm-sensors
+  - ethtool
+  - fwupd
+apt_packages_absent:
+  - nano
+  - snapd
+  - ubuntu-advantage-tools
+  - neofetch
+  - graphviz
+  - ubuntu-pro-client
+...