keepass housekeeping, adding subdirs, updating vault pass (#232)
Reviewed-on: #232 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
866952eb51
commit
3d75c0911e
23 changed files with 72 additions and 80 deletions
|
|
@ -12,7 +12,7 @@ services:
|
|||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
GITEA_INSTANCE_URL: https://git.mgrote.net
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'forgejo/gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
|
||||
GITEA_RUNNER_NAME: "docker10-act-runner"
|
||||
CONFIG_FILE: /config.yml
|
||||
|
||||
|
|
|
|||
|
|
@ -8,11 +8,11 @@ services:
|
|||
depends_on:
|
||||
- mf-db17
|
||||
environment:
|
||||
DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable"
|
||||
DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable"
|
||||
RUN_MIGRATIONS: 1
|
||||
# CREATE_ADMIN: 1
|
||||
# ADMIN_USERNAME: adminmf
|
||||
# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_admin_password', 'password') }}"
|
||||
# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_admin_password', 'password') }}"
|
||||
WORKER_POOL_SIZE: 10
|
||||
POLLING_FREQUENCY: 10
|
||||
CLEANUP_ARCHIVE_UNREAD_DAYS: -1
|
||||
|
|
@ -39,7 +39,7 @@ services:
|
|||
pull_policy: missing
|
||||
environment:
|
||||
POSTGRES_USER: miniflux
|
||||
POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}"
|
||||
POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}"
|
||||
TZ: Europe/Berlin
|
||||
POSTGRES_HOST_AUTH_METHOD: "md5" # Workaround beim Migration von 13 -> 16; https://eelkevdbos.medium.com/upgrade-postgresql-with-docker-compose-99d995e464 ;
|
||||
volumes:
|
||||
|
|
@ -60,7 +60,7 @@ services:
|
|||
pull_policy: missing
|
||||
environment:
|
||||
TZ: Europe/Berlin
|
||||
MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux_auth_token', 'password') }}"
|
||||
MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_auth_token', 'password') }}"
|
||||
MF_API_URL: https://miniflux.mgrote.net/v1
|
||||
MF_SLEEP: 600
|
||||
#MF_DEBUG: 1
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ services:
|
|||
volumes:
|
||||
- data:/data # wird im "command" verwendet/gesetzt
|
||||
environment:
|
||||
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}"
|
||||
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}"
|
||||
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'username') }}"
|
||||
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'password') }}"
|
||||
command: server /data --console-address ":9001"
|
||||
healthcheck: # https://github.com/minio/minio/issues/18389
|
||||
test: ["CMD", "mc", "ready", "local"]
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ volumes:
|
|||
driver: local
|
||||
driver_opts:
|
||||
type: "cifs"
|
||||
o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}"
|
||||
o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}"
|
||||
device: "//192.168.2.54/musik/Musik"
|
||||
######## Networks ########
|
||||
networks:
|
||||
|
|
|
|||
|
|
@ -11,15 +11,15 @@ services:
|
|||
- /etc/timezone:/etc/timezone:ro
|
||||
- db:/var/lib/mysql
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_root_password', 'password') }}"
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
|
||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_root_password', 'password') }}"
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
|
||||
MYSQL_DATABASE: nextcloud
|
||||
MYSQL_USER: nextcloud
|
||||
MYSQL_INITDB_SKIP_TZINFO: 1
|
||||
networks:
|
||||
- intern
|
||||
healthcheck:
|
||||
test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"]
|
||||
test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
|
@ -39,9 +39,9 @@ services:
|
|||
- intern
|
||||
restart: unless-stopped
|
||||
pull_policy: missing
|
||||
command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
|
||||
command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
|
||||
test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
|
||||
interval: 5s
|
||||
timeout: 2s
|
||||
retries: 3
|
||||
|
|
@ -73,15 +73,15 @@ services:
|
|||
environment:
|
||||
# redis
|
||||
REDIS_HOST: nextcloud-redis
|
||||
REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
|
||||
REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
|
||||
# mysql
|
||||
MYSQL_DATABASE: nextcloud
|
||||
MYSQL_USER: nextcloud
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
|
||||
MYSQL_HOST: nextcloud-db
|
||||
# admin
|
||||
NEXTCLOUD_ADMIN_USER: n-admin
|
||||
NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_admin_user_password', 'password') }}"
|
||||
NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_admin_user_password', 'password') }}"
|
||||
# misc
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
|
||||
PHP_MEMORY_LIMIT: 1024M
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
|
||||
# lldap_bind_user=nextcloud_bind_user
|
||||
# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
|
||||
# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
|
||||
# lldap_bind_user_groups=lldap_strict_readonly
|
||||
|
||||
php occ app:install user_ldap
|
||||
|
|
@ -15,7 +15,7 @@ php occ ldap:set-config s01 ldapPort 3890
|
|||
# EDIT: admin user
|
||||
php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
|
||||
# EDIT: password
|
||||
php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
|
||||
php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
|
||||
# EDIT: Base DN
|
||||
php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
|
||||
php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_deploy-token', 'notes') }}
|
||||
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_deploy-token', 'notes') }}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_crs305_private_key', 'notes') }}
|
||||
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_crs305_private_key', 'notes') }}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_hex_private_key', 'notes') }}
|
||||
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_hex_private_key', 'notes') }}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_rb5009_private_key', 'notes') }}
|
||||
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_rb5009_private_key', 'notes') }}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ log:
|
|||
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}
|
||||
jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_jwt_secret', 'password') }}
|
||||
totp:
|
||||
issuer: totp.mgrote.net
|
||||
|
||||
|
|
@ -22,7 +22,7 @@ access_control:
|
|||
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: {{ lookup('viczem.keepass.keepass', 'authelia_session_secret', 'password') }}
|
||||
secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_session_secret', 'password') }}
|
||||
expiration: 3600
|
||||
inactivity: 300
|
||||
cookies:
|
||||
|
|
@ -40,12 +40,12 @@ regulation:
|
|||
ban_time: 300
|
||||
|
||||
storage:
|
||||
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
|
||||
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_storage_encryption_key', 'password') }}
|
||||
mysql:
|
||||
database: authelia
|
||||
address: 'tcp://authelia-db:3306'
|
||||
username: authelia
|
||||
password: {{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}
|
||||
password: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
|
|
@ -75,6 +75,6 @@ authentication_backend:
|
|||
group_name: cn
|
||||
mail: mail
|
||||
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
||||
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
|
||||
password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
|
||||
|
||||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
||||
|
|
|
|||
|
|
@ -88,15 +88,15 @@ services:
|
|||
- /etc/timezone:/etc/timezone:ro
|
||||
- db:/var/lib/mysql
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_root_password', 'password') }}"
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}"
|
||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
|
||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
|
||||
MYSQL_DATABASE: authelia
|
||||
MYSQL_USER: authelia
|
||||
MYSQL_INITDB_SKIP_TZINFO: 1
|
||||
networks:
|
||||
- authelia
|
||||
healthcheck:
|
||||
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}"]
|
||||
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ file_header: |
|
|||
#----------------------------------------------------------------#
|
||||
# für Zugriff auf nicht öffentliche git.mgrote.net-Repos
|
||||
ansible_forgejo_user: svc_ansible
|
||||
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
||||
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
||||
|
||||
### mgrote_user_setup
|
||||
dotfiles:
|
||||
|
|
@ -102,7 +102,7 @@ restic_folders_to_backup: "/usr/local /etc /root /home"
|
|||
restic_repository: "//fileserver3.mgrote.net/restic"
|
||||
restic_fail_mail: michael.grote@posteo.de
|
||||
restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
|
||||
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
|
||||
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
|
||||
restic_mount_user: restic
|
||||
restic_schedule: "*-*-* 4:00:00"
|
||||
|
||||
|
|
@ -268,8 +268,14 @@ ansible_python_interpreter: "/usr/bin/python3"
|
|||
keepass_dbx: "./keepass_db.kdbx"
|
||||
keepass_psw: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62383737623066396239383336646164616537646630653964313532383130343533346561633039
|
||||
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
|
||||
61613132326536666466636632363866393066656236303766333338356337396338376266346631
|
||||
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
|
||||
38363035376662353135333332363431343833656666643036326234656166643531
|
||||
35333563623630373138383563343432333866623533343766646165363261656439653861613336
|
||||
6632626438396538316565343061393735383836633631620a653832333936313166316436613237
|
||||
38616366623862306534313038343132613832633162303965313138383232383065336231643030
|
||||
3862333162643436360a396162303433306138643863333461383737656538636463336533613630
|
||||
64383631396664636139393932386239656636366337346163643430353838653166393030323132
|
||||
34623439323063336438663031303638303735353735316238616633343833616461363561666338
|
||||
36616565393333303935343961386130353435373830383865613133663538633338303762643935
|
||||
37626537396238386365
|
||||
|
||||
# in "ansible-vault" steht das Vault-Secret um die Variablen "keepass_psw" zu entschlüsseln,
|
||||
# das entschlüsselte Secret ist gleich dem KeepassPW
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
### mgrote_minio_configure
|
||||
minio_url: https://s3.mgrote.net
|
||||
minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_access_key', 'password') }}"
|
||||
minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_secret_key', 'password') }}"
|
||||
minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_access_key', 'password') }}"
|
||||
minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_secret_key', 'password') }}"
|
||||
minio_users:
|
||||
- name: testuser
|
||||
secret: "{{ lookup('viczem.keepass.keepass', 'minio_testuser_secret_key', 'password') }}"
|
||||
secret: "{{ lookup('viczem.keepass.keepass', 'minio/minio_testuser_secret_key', 'password') }}"
|
||||
state: present
|
||||
policy: testbucket_rw
|
||||
minio_buckets:
|
||||
|
|
|
|||
|
|
@ -92,14 +92,14 @@ gitea_db_type: "postgres"
|
|||
gitea_db_host: "localhost"
|
||||
gitea_db_name: "gitea"
|
||||
gitea_db_user: "gitea"
|
||||
gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo_db_password', 'password') }}"
|
||||
gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_db_password', 'password') }}"
|
||||
# indexer
|
||||
gitea_repo_indexer_enabled: true
|
||||
# security
|
||||
gitea_disable_webhooks: false
|
||||
gitea_password_check_pwn: false
|
||||
gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo_internal_token', 'password') }}"
|
||||
gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo_secret_key', 'password') }}"
|
||||
gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_internal_token', 'password') }}"
|
||||
gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_secret_key', 'password') }}"
|
||||
# service
|
||||
gitea_disable_registration: true
|
||||
gitea_register_email_confirm: true
|
||||
|
|
@ -139,7 +139,7 @@ gitea_extra_config: |
|
|||
[repo-archive]
|
||||
ENABLED = false
|
||||
# oauth2
|
||||
gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo_oauth2_jwt_secret', 'password') }}"
|
||||
gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_oauth2_jwt_secret', 'password') }}"
|
||||
# Fail2Ban configuration
|
||||
gitea_fail2ban_enabled: true
|
||||
gitea_fail2ban_jail_maxretry: "3"
|
||||
|
|
@ -151,6 +151,6 @@ gitea_fail2ban_jail_action: "iptables-allports"
|
|||
gitea_ldap_host: "ldap.mgrote.net"
|
||||
gitea_ldap_base_path: "dc=mgrote,dc=net"
|
||||
gitea_ldap_bind_user: "forgejo_bind_user"
|
||||
gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_forgejo_bind_user', 'password') }}"
|
||||
gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/lldap_forgejo_bind_user', 'password') }}"
|
||||
gitea_admin_user: "fadmin"
|
||||
gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo_admin_user_pass', 'password') }}"
|
||||
gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_admin_user_pass', 'password') }}"
|
||||
|
|
|
|||
|
|
@ -41,13 +41,13 @@ lldap_http_port: 17170
|
|||
lldap_http_host: "0.0.0.0"
|
||||
lldap_ldap_host: "0.0.0.0"
|
||||
lldap_public_url: http://ldap.mgrote.net:17170
|
||||
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}"
|
||||
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_jwt_secret', 'password') }}"
|
||||
lldap_ldap_base_dn: "dc=mgrote,dc=net"
|
||||
lldap_admin_username: ladmin # only used on setup
|
||||
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
|
||||
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
|
||||
lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
|
||||
lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
|
||||
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}"
|
||||
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_key_seed', 'password') }}"
|
||||
#lldap_smtp_from: "lldap@mgrote.net" # unused in role
|
||||
lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
|
||||
lldap_smtp_server: "docker10.mgrote.net"
|
||||
|
|
@ -58,6 +58,6 @@ lldap_smtp_enable_password_reset: "true" # must be a string not a boolean
|
|||
# "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
|
||||
lldap_db_name: "lldap"
|
||||
lldap_db_user: "lldap"
|
||||
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}"
|
||||
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}"
|
||||
lldap_db_host: "localhost"
|
||||
...
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ munin_node_plugins:
|
|||
[mikrotik_system_rb5009]
|
||||
user root
|
||||
env.ssh_user munin
|
||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
|
||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
|
||||
env.ssh_host 192.168.2.1
|
||||
- name: mikrotik_system_crs305
|
||||
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
||||
|
|
@ -90,7 +90,7 @@ munin_node_plugins:
|
|||
[mikrotik_system_crs305]
|
||||
user root
|
||||
env.ssh_user munin
|
||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
|
||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
|
||||
env.ssh_host 192.168.2.225
|
||||
- name: mikrotik_system_hex
|
||||
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
||||
|
|
@ -98,7 +98,7 @@ munin_node_plugins:
|
|||
[mikrotik_system_hex]
|
||||
user root
|
||||
env.ssh_user munin
|
||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
|
||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
|
||||
env.ssh_host 192.168.3.144
|
||||
- name: http_response
|
||||
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response
|
||||
|
|
|
|||
|
|
@ -15,20 +15,6 @@ lvm_groups:
|
|||
manage_lvm: true
|
||||
pvresize_to_max: true
|
||||
|
||||
### mgrote_mount_cifs # löschen
|
||||
cifs_mounts:
|
||||
- name: bilder
|
||||
type: cifs
|
||||
state: absent
|
||||
dest: /mnt/fileserver3_photoprism_bilder_ro
|
||||
src: //fileserver3.mgrote.net/bilder
|
||||
user: photoprism
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_photoprism', 'password') }}"
|
||||
domain: mgrote.net
|
||||
uid: 5000
|
||||
gid: 5000
|
||||
extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
|
||||
|
||||
### mgrote_docker-compose-inline
|
||||
compose_owner: "docker-user"
|
||||
compose_group: "docker-user"
|
||||
|
|
|
|||
|
|
@ -26,21 +26,21 @@ ytdl_download_limit: "10000K"
|
|||
### mgrote_fileserver_smb
|
||||
smb_users:
|
||||
- name: 'restic'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}"
|
||||
- name: 'win10'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_win10', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_win10', 'password') }}"
|
||||
- name: 'kodi'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_kodi', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_kodi', 'password') }}"
|
||||
- name: 'michaelgrote'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_michaelgrote', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_michaelgrote', 'password') }}"
|
||||
- name: 'navidrome'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}"
|
||||
- name: 'docker'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_docker', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_docker', 'password') }}"
|
||||
- name: 'pve'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_pve', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_pve', 'password') }}"
|
||||
- name: 'brother_ads2700w'
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_brother_ads2700w', 'password') }}"
|
||||
|
||||
smb_shares:
|
||||
- name: 'videos'
|
||||
|
|
|
|||
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
|
|
@ -34,8 +34,8 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
|
|||
#### Nutzer
|
||||
```
|
||||
smb_users:
|
||||
- name: 'annemariedroessler' # Nutzername
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_amd', 'password') }}" # Passwort als Klartext
|
||||
- name: 'xxx' # Nutzername
|
||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_xxx', 'password') }}" # Passwort als Klartext
|
||||
state: present # Status(default: present)
|
||||
remove_dir: false # removes homedir if state is absent und remove_dir is true (default: false)
|
||||
```
|
||||
|
|
@ -46,7 +46,7 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
|
|||
- name: 'videos' # Freigabename
|
||||
path: '/shares_videos' # Pfad auf SMB-Server
|
||||
users_ro: ' win10 kodi' # Nutzer - Lesezugriff
|
||||
users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff
|
||||
users_rw: 'xxx michaelgrote' # Nutzer - Schreibzugriff
|
||||
# Optional(+default-values)
|
||||
item.guest ok: "no"
|
||||
item.read only: "no"
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
changed_when: false
|
||||
|
||||
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
|
||||
#no_log: true
|
||||
no_log: true
|
||||
become_user: gitea
|
||||
become: true
|
||||
ansible.builtin.command: |
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ dotfiles:
|
|||
home: /root
|
||||
|
||||
ansible_forgejo_user: svc_ansible
|
||||
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
||||
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
||||
|
||||
dotfiles_vim_vundle_repo_url: "https://github.com/VundleVim/Vundle.vim.git"
|
||||
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
|
||||
|
|
|
|||
Loading…
Reference in a new issue