diff --git a/docker-compose/act-runner/docker-compose.yml.j2 b/docker-compose/act-runner/docker-compose.yml.j2 index a442a4f3..6097d26e 100644 --- a/docker-compose/act-runner/docker-compose.yml.j2 +++ b/docker-compose/act-runner/docker-compose.yml.j2 @@ -12,7 +12,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock environment: GITEA_INSTANCE_URL: https://git.mgrote.net - GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners + GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'forgejo/gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners GITEA_RUNNER_NAME: "docker10-act-runner" CONFIG_FILE: /config.yml diff --git a/docker-compose/miniflux/docker-compose.yml.j2 b/docker-compose/miniflux/docker-compose.yml.j2 index 773c4ea5..4c6071a6 100644 --- a/docker-compose/miniflux/docker-compose.yml.j2 +++ b/docker-compose/miniflux/docker-compose.yml.j2 @@ -8,11 +8,11 @@ services: depends_on: - mf-db17 environment: - DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable" + DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable" RUN_MIGRATIONS: 1 # CREATE_ADMIN: 1 # ADMIN_USERNAME: adminmf -# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_admin_password', 'password') }}" +# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_admin_password', 'password') }}" WORKER_POOL_SIZE: 10 POLLING_FREQUENCY: 10 CLEANUP_ARCHIVE_UNREAD_DAYS: -1 @@ -39,7 +39,7 @@ services: pull_policy: missing environment: POSTGRES_USER: miniflux - POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}" + POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}" TZ: Europe/Berlin POSTGRES_HOST_AUTH_METHOD: "md5" # Workaround beim Migration von 13 -> 16; https://eelkevdbos.medium.com/upgrade-postgresql-with-docker-compose-99d995e464 ; volumes: @@ -60,7 +60,7 @@ services: pull_policy: missing environment: TZ: Europe/Berlin - MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux_auth_token', 'password') }}" + MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_auth_token', 'password') }}" MF_API_URL: https://miniflux.mgrote.net/v1 MF_SLEEP: 600 #MF_DEBUG: 1 diff --git a/docker-compose/minio/docker-compose.yml.j2 b/docker-compose/minio/docker-compose.yml.j2 index 703edbdc..39d2b830 100644 --- a/docker-compose/minio/docker-compose.yml.j2 +++ b/docker-compose/minio/docker-compose.yml.j2 @@ -12,8 +12,8 @@ services: volumes: - data:/data # wird im "command" verwendet/gesetzt environment: - MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}" - MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}" + MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'username') }}" + MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'password') }}" command: server /data --console-address ":9001" healthcheck: # https://github.com/minio/minio/issues/18389 test: ["CMD", "mc", "ready", "local"] diff --git a/docker-compose/navidrome/docker-compose.yml.j2 b/docker-compose/navidrome/docker-compose.yml.j2 index f29453e9..e7ffc171 100644 --- a/docker-compose/navidrome/docker-compose.yml.j2 +++ b/docker-compose/navidrome/docker-compose.yml.j2 @@ -54,7 +54,7 @@ volumes: driver: local driver_opts: type: "cifs" - o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}" + o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}" device: "//192.168.2.54/musik/Musik" ######## Networks ######## networks: diff --git a/docker-compose/nextcloud/docker-compose.yml.j2 b/docker-compose/nextcloud/docker-compose.yml.j2 index fa72ef33..c3652753 100644 --- a/docker-compose/nextcloud/docker-compose.yml.j2 +++ b/docker-compose/nextcloud/docker-compose.yml.j2 @@ -11,15 +11,15 @@ services: - /etc/timezone:/etc/timezone:ro - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_root_password', 'password') }}" - MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}" + MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_root_password', 'password') }}" + MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}" MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud MYSQL_INITDB_SKIP_TZINFO: 1 networks: - intern healthcheck: - test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"] + test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"] interval: 30s timeout: 10s retries: 3 @@ -39,9 +39,9 @@ services: - intern restart: unless-stopped pull_policy: missing - command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}" + command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}" healthcheck: - test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"] + test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"] interval: 5s timeout: 2s retries: 3 @@ -73,15 +73,15 @@ services: environment: # redis REDIS_HOST: nextcloud-redis - REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}" + REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}" # mysql MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud - MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}" + MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}" MYSQL_HOST: nextcloud-db # admin NEXTCLOUD_ADMIN_USER: n-admin - NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_admin_user_password', 'password') }}" + NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_admin_user_password', 'password') }}" # misc NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net" PHP_MEMORY_LIMIT: 1024M diff --git a/docker-compose/nextcloud/ldap.sh.j2 b/docker-compose/nextcloud/ldap.sh.j2 index fc49f6f2..14db6569 100644 --- a/docker-compose/nextcloud/ldap.sh.j2 +++ b/docker-compose/nextcloud/ldap.sh.j2 @@ -2,7 +2,7 @@ # Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md # lldap_bind_user=nextcloud_bind_user -# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}" +# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}" # lldap_bind_user_groups=lldap_strict_readonly php occ app:install user_ldap @@ -15,7 +15,7 @@ php occ ldap:set-config s01 ldapPort 3890 # EDIT: admin user php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net" # EDIT: password -php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}" +php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}" # EDIT: Base DN php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net" php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net" diff --git a/docker-compose/routeros-config-export/deploy_token.j2 b/docker-compose/routeros-config-export/deploy_token.j2 index 503791c1..6f082d1f 100644 --- a/docker-compose/routeros-config-export/deploy_token.j2 +++ b/docker-compose/routeros-config-export/deploy_token.j2 @@ -1 +1 @@ -{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_deploy-token', 'notes') }} +{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_deploy-token', 'notes') }} diff --git a/docker-compose/routeros-config-export/key_crs305.j2 b/docker-compose/routeros-config-export/key_crs305.j2 index d828d5c3..a42bb8b9 100644 --- a/docker-compose/routeros-config-export/key_crs305.j2 +++ b/docker-compose/routeros-config-export/key_crs305.j2 @@ -1 +1 @@ -{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_crs305_private_key', 'notes') }} +{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_crs305_private_key', 'notes') }} diff --git a/docker-compose/routeros-config-export/key_hex.j2 b/docker-compose/routeros-config-export/key_hex.j2 index 19c25a9d..a800b8a6 100644 --- a/docker-compose/routeros-config-export/key_hex.j2 +++ b/docker-compose/routeros-config-export/key_hex.j2 @@ -1 +1 @@ -{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_hex_private_key', 'notes') }} +{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_hex_private_key', 'notes') }} diff --git a/docker-compose/routeros-config-export/key_rb5009.j2 b/docker-compose/routeros-config-export/key_rb5009.j2 index c696ba0d..b36958c4 100644 --- a/docker-compose/routeros-config-export/key_rb5009.j2 +++ b/docker-compose/routeros-config-export/key_rb5009.j2 @@ -1 +1 @@ -{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_rb5009_private_key', 'notes') }} +{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_rb5009_private_key', 'notes') }} diff --git a/docker-compose/traefik/configuration.yml.j2 b/docker-compose/traefik/configuration.yml.j2 index 515ad360..03ee4ea0 100644 --- a/docker-compose/traefik/configuration.yml.j2 +++ b/docker-compose/traefik/configuration.yml.j2 @@ -8,7 +8,7 @@ log: identity_validation: reset_password: - jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }} + jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_jwt_secret', 'password') }} totp: issuer: totp.mgrote.net @@ -22,7 +22,7 @@ access_control: session: name: authelia_session - secret: {{ lookup('viczem.keepass.keepass', 'authelia_session_secret', 'password') }} + secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_session_secret', 'password') }} expiration: 3600 inactivity: 300 cookies: @@ -40,12 +40,12 @@ regulation: ban_time: 300 storage: - encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }} + encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_storage_encryption_key', 'password') }} mysql: database: authelia address: 'tcp://authelia-db:3306' username: authelia - password: {{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }} + password: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }} notifier: smtp: @@ -75,6 +75,6 @@ authentication_backend: group_name: cn mail: mail user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net - password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}' + password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}' # Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/ diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 0c7b89ed..40ff6641 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -88,15 +88,15 @@ services: - /etc/timezone:/etc/timezone:ro - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_root_password', 'password') }}" - MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}" + MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}" + MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}" MYSQL_DATABASE: authelia MYSQL_USER: authelia MYSQL_INITDB_SKIP_TZINFO: 1 networks: - authelia healthcheck: - test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}"] + test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"] interval: 30s timeout: 10s retries: 3 diff --git a/group_vars/all.yml b/group_vars/all.yml index 5133fdea..cb453501 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -9,7 +9,7 @@ file_header: | #----------------------------------------------------------------# # für Zugriff auf nicht öffentliche git.mgrote.net-Repos ansible_forgejo_user: svc_ansible -ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden +ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden ### mgrote_user_setup dotfiles: @@ -102,7 +102,7 @@ restic_folders_to_backup: "/usr/local /etc /root /home" restic_repository: "//fileserver3.mgrote.net/restic" restic_fail_mail: michael.grote@posteo.de restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}" -restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}" #gitleaks:allow +restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow restic_mount_user: restic restic_schedule: "*-*-* 4:00:00" @@ -268,8 +268,14 @@ ansible_python_interpreter: "/usr/bin/python3" keepass_dbx: "./keepass_db.kdbx" keepass_psw: !vault | $ANSIBLE_VAULT;1.1;AES256 - 62383737623066396239383336646164616537646630653964313532383130343533346561633039 - 3437306134656535353438666165376332633064383135650a636537626662656130376537633164 - 61613132326536666466636632363866393066656236303766333338356337396338376266346631 - 6364336331623539300a313562303161373631613734313938346666376239613333333363376236 - 38363035376662353135333332363431343833656666643036326234656166643531 + 35333563623630373138383563343432333866623533343766646165363261656439653861613336 + 6632626438396538316565343061393735383836633631620a653832333936313166316436613237 + 38616366623862306534313038343132613832633162303965313138383232383065336231643030 + 3862333162643436360a396162303433306138643863333461383737656538636463336533613630 + 64383631396664636139393932386239656636366337346163643430353838653166393030323132 + 34623439323063336438663031303638303735353735316238616633343833616461363561666338 + 36616565393333303935343961386130353435373830383865613133663538633338303762643935 + 37626537396238386365 + +# in "ansible-vault" steht das Vault-Secret um die Variablen "keepass_psw" zu entschlüsseln, +# das entschlüsselte Secret ist gleich dem KeepassPW diff --git a/group_vars/docker.yml b/group_vars/docker.yml index ab11092c..13fee0b2 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -1,11 +1,11 @@ --- ### mgrote_minio_configure minio_url: https://s3.mgrote.net -minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_access_key', 'password') }}" -minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_secret_key', 'password') }}" +minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_access_key', 'password') }}" +minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_secret_key', 'password') }}" minio_users: - name: testuser - secret: "{{ lookup('viczem.keepass.keepass', 'minio_testuser_secret_key', 'password') }}" + secret: "{{ lookup('viczem.keepass.keepass', 'minio/minio_testuser_secret_key', 'password') }}" state: present policy: testbucket_rw minio_buckets: diff --git a/group_vars/git.yml b/group_vars/git.yml index a713faf0..aadb9bd4 100644 --- a/group_vars/git.yml +++ b/group_vars/git.yml @@ -92,14 +92,14 @@ gitea_db_type: "postgres" gitea_db_host: "localhost" gitea_db_name: "gitea" gitea_db_user: "gitea" -gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo_db_password', 'password') }}" +gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_db_password', 'password') }}" # indexer gitea_repo_indexer_enabled: true # security gitea_disable_webhooks: false gitea_password_check_pwn: false -gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo_internal_token', 'password') }}" -gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo_secret_key', 'password') }}" +gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_internal_token', 'password') }}" +gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_secret_key', 'password') }}" # service gitea_disable_registration: true gitea_register_email_confirm: true @@ -139,7 +139,7 @@ gitea_extra_config: | [repo-archive] ENABLED = false # oauth2 -gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo_oauth2_jwt_secret', 'password') }}" +gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_oauth2_jwt_secret', 'password') }}" # Fail2Ban configuration gitea_fail2ban_enabled: true gitea_fail2ban_jail_maxretry: "3" @@ -151,6 +151,6 @@ gitea_fail2ban_jail_action: "iptables-allports" gitea_ldap_host: "ldap.mgrote.net" gitea_ldap_base_path: "dc=mgrote,dc=net" gitea_ldap_bind_user: "forgejo_bind_user" -gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_forgejo_bind_user', 'password') }}" +gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/lldap_forgejo_bind_user', 'password') }}" gitea_admin_user: "fadmin" -gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo_admin_user_pass', 'password') }}" +gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_admin_user_pass', 'password') }}" diff --git a/group_vars/ldap.yml b/group_vars/ldap.yml index d9fefb71..77b0ae1e 100644 --- a/group_vars/ldap.yml +++ b/group_vars/ldap.yml @@ -41,13 +41,13 @@ lldap_http_port: 17170 lldap_http_host: "0.0.0.0" lldap_ldap_host: "0.0.0.0" lldap_public_url: http://ldap.mgrote.net:17170 -lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}" +lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_jwt_secret', 'password') }}" lldap_ldap_base_dn: "dc=mgrote,dc=net" lldap_admin_username: ladmin # only used on setup -lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret +lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}" -lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}" +lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_key_seed', 'password') }}" #lldap_smtp_from: "lldap@mgrote.net" # unused in role lldap_smtp_reply_to: "Do not reply " lldap_smtp_server: "docker10.mgrote.net" @@ -58,6 +58,6 @@ lldap_smtp_enable_password_reset: "true" # must be a string not a boolean # "meta vars"; daraus werden die db-url und die postgres-db abgeleitet lldap_db_name: "lldap" lldap_db_user: "lldap" -lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}" +lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}" lldap_db_host: "localhost" ... diff --git a/group_vars/munin.yml b/group_vars/munin.yml index 9a097bcb..5ee059ff 100644 --- a/group_vars/munin.yml +++ b/group_vars/munin.yml @@ -82,7 +82,7 @@ munin_node_plugins: [mikrotik_system_rb5009] user root env.ssh_user munin - env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }} + env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }} env.ssh_host 192.168.2.1 - name: mikrotik_system_crs305 src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system @@ -90,7 +90,7 @@ munin_node_plugins: [mikrotik_system_crs305] user root env.ssh_user munin - env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }} + env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }} env.ssh_host 192.168.2.225 - name: mikrotik_system_hex src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system @@ -98,7 +98,7 @@ munin_node_plugins: [mikrotik_system_hex] user root env.ssh_user munin - env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }} + env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }} env.ssh_host 192.168.3.144 - name: http_response src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response diff --git a/host_vars/docker10.mgrote.net.yml b/host_vars/docker10.mgrote.net.yml index 8f7f3cfb..cc9b4922 100644 --- a/host_vars/docker10.mgrote.net.yml +++ b/host_vars/docker10.mgrote.net.yml @@ -15,20 +15,6 @@ lvm_groups: manage_lvm: true pvresize_to_max: true -### mgrote_mount_cifs # löschen -cifs_mounts: - - name: bilder - type: cifs - state: absent - dest: /mnt/fileserver3_photoprism_bilder_ro - src: //fileserver3.mgrote.net/bilder - user: photoprism - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_photoprism', 'password') }}" - domain: mgrote.net - uid: 5000 - gid: 5000 - extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird - ### mgrote_docker-compose-inline compose_owner: "docker-user" compose_group: "docker-user" diff --git a/host_vars/fileserver3.mgrote.net.yml b/host_vars/fileserver3.mgrote.net.yml index faef40fd..f306155d 100644 --- a/host_vars/fileserver3.mgrote.net.yml +++ b/host_vars/fileserver3.mgrote.net.yml @@ -26,21 +26,21 @@ ytdl_download_limit: "10000K" ### mgrote_fileserver_smb smb_users: - name: 'restic' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" - name: 'win10' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_win10', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_win10', 'password') }}" - name: 'kodi' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_kodi', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_kodi', 'password') }}" - name: 'michaelgrote' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_michaelgrote', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_michaelgrote', 'password') }}" - name: 'navidrome' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}" - name: 'docker' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_docker', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_docker', 'password') }}" - name: 'pve' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_pve', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_pve', 'password') }}" - name: 'brother_ads2700w' - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}" + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_brother_ads2700w', 'password') }}" smb_shares: - name: 'videos' diff --git a/keepass_db.kdbx b/keepass_db.kdbx index 8ef1a86d..7cb1cfb0 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ diff --git a/roles/mgrote_fileserver_smb/README.md b/roles/mgrote_fileserver_smb/README.md index cba74c65..e72a4748 100644 --- a/roles/mgrote_fileserver_smb/README.md +++ b/roles/mgrote_fileserver_smb/README.md @@ -34,8 +34,8 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final). #### Nutzer ``` smb_users: - - name: 'annemariedroessler' # Nutzername - password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_amd', 'password') }}" # Passwort als Klartext + - name: 'xxx' # Nutzername + password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_xxx', 'password') }}" # Passwort als Klartext state: present # Status(default: present) remove_dir: false # removes homedir if state is absent und remove_dir is true (default: false) ``` @@ -46,7 +46,7 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final). - name: 'videos' # Freigabename path: '/shares_videos' # Pfad auf SMB-Server users_ro: ' win10 kodi' # Nutzer - Lesezugriff - users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff + users_rw: 'xxx michaelgrote' # Nutzer - Schreibzugriff # Optional(+default-values) item.guest ok: "no" item.read only: "no" diff --git a/roles/mgrote_gitea_setup/tasks/admin.yml b/roles/mgrote_gitea_setup/tasks/admin.yml index 789e9fc1..4adbd209 100644 --- a/roles/mgrote_gitea_setup/tasks/admin.yml +++ b/roles/mgrote_gitea_setup/tasks/admin.yml @@ -16,7 +16,7 @@ changed_when: false - name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when - #no_log: true + no_log: true become_user: gitea become: true ansible.builtin.command: | diff --git a/roles/mgrote_user_setup/defaults/main.yml b/roles/mgrote_user_setup/defaults/main.yml index 5076c226..b5d3e11b 100644 --- a/roles/mgrote_user_setup/defaults/main.yml +++ b/roles/mgrote_user_setup/defaults/main.yml @@ -6,7 +6,7 @@ dotfiles: home: /root ansible_forgejo_user: svc_ansible -ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden +ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden dotfiles_vim_vundle_repo_url: "https://github.com/VundleVim/Vundle.vim.git" dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles