diff --git a/group_vars/all.yml b/group_vars/all.yml index f4812539..aed41730 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,4 +1,5 @@ --- + ### wird in vielen Rollen verwendet empfaenger_mail: michael.grote@posteo.de ### mgrote.postfix / werden auch bei gitlab verwendet postfix_absender_mailadresse: info@mgrote.net @@ -11,7 +12,7 @@ ### mgrote.apt_manage_sources manage_sources_apt_proxy_url: "acng.grote.lan:9999" ### mgrote.restic - restic_folders_to_backup: "/usr/local /etc /root /var/www /home" + restic_folders_to_backup: "/usr/local /etc /root /home" restic_cron_hours: "19" restic_repository: "//fileserver2.grote.lan/backup/restic" restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}" @@ -121,11 +122,9 @@ apcupsd_slave_minutes_for_shutdown: 10 apcupsd_slave_nologon_when_active: disable apcupsd_nis_master: on - # apcupsd_nis_master_hostname: pve2.grote.lan # wird pro host gesetzt apcupsd_nis_master_listen_ip: 0.0.0.0 apcupsd_nis_master_listen_port: 3551 apcupsd_ups_name: APC-BX950U-GR - # apcupsd_nis_master: false # wird pro host gesetzt # Ansible Variablen diff --git a/group_vars/docker.yml b/group_vars/docker.yml index 37475032..145be884 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -39,6 +39,18 @@ servers: - production - test + - username: ansible-user + password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" + update_password: on_create + ssh_key: "{{ lookup('keepass', 'ansible_user_ssh_pubkey', 'password') }}" + use_sudo: yes + use_sudo_nopass: yes + user_state: present + groups: ssh, sudo + servers: + - production + - test + ### mgrote.restic restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker restic_cron_hours: "*" @@ -56,10 +68,3 @@ /var/lib/docker/volumes/ocrmypdf-auto_scan_output/* # https://github.com/restic/restic/issues/1005 # https://forum.restic.net/t/exclude-syntax-confusion/1531/12 - - ### riemers.gitlab-runner - gitlab_runner_coordinator_url: https://git.mgrote.net - gitlab_runner_registration_token: "{{ lookup('keepass', 'gitlab_runner_registration_token', 'password') }}" - gitlab_runner_runners: - - name: "{{ ansible_hostname }}-docker" - executor: docker diff --git a/group_vars/storage.yml b/group_vars/fileserver.yml similarity index 99% rename from group_vars/storage.yml rename to group_vars/fileserver.yml index e7776c26..e1ddcc9a 100644 --- a/group_vars/storage.yml +++ b/group_vars/fileserver.yml @@ -76,10 +76,10 @@ ordnerpfad: '/shares_pve_backup' lese_nutzer: 'michaelgrote' schreibe_nutzer: 'pve' - smb_workgroup: WORKGROUP smb_nutzer_loeschen: - - { name: 'airsonic' } + - { name: '' } + ### oefenweb.ufw ufw_rules: - rule: allow diff --git a/group_vars/gitlab.yml b/group_vars/gitlab.yml index 91ad2417..98140b0e 100644 --- a/group_vars/gitlab.yml +++ b/group_vars/gitlab.yml @@ -1,6 +1,16 @@ --- ### geerlingguy.gitlab - # nicht alle gitlab Einstellungen lassen sich als Variable festlegen! + # nicht alle gitlab Einstellungen lassen sich als Variable festlegen! siehe unten: + # Einstellungen + ### General + # * sign up disabled + # * Require all users to set up Two-factor authentication + # * Gravatar enabled --> off + ### Network + # * Enable unauthenticated request rate limit + # * Default to Auto DevOps pipeline for all projects + + gitlab_domain: gitlab.grote.lan gitlab_external_url: "http://git.mgrote.net" gitlab_edition: "gitlab-ce" diff --git a/inventory b/inventory index 05103f55..4a1dcbb4 100644 --- a/inventory +++ b/inventory @@ -8,7 +8,7 @@ all: hosts: dokuwiki2.grote.lan: dokuwiki-test.grote.lan: - storage: + fileserver: hosts: fileserver2.grote.lan: fileserver-test.grote.lan: diff --git a/playbooks/base/0_master.yml b/playbooks/base/0_master.yml index cc5a57eb..26f7d2df 100644 --- a/playbooks/base/0_master.yml +++ b/playbooks/base/0_master.yml @@ -1,6 +1,5 @@ --- - import_playbook: 2_packages.yml - import_playbook: 3_base.yml - - import_playbook: 4_create_user.yml - import_playbook: 5_personalisierung.yml - import_playbook: 6_haertung.yml diff --git a/playbooks/base/2_packages.yml b/playbooks/base/2_packages.yml index 389ad3b7..65f1d48a 100644 --- a/playbooks/base/2_packages.yml +++ b/playbooks/base/2_packages.yml @@ -1,11 +1,6 @@ --- - hosts: all roles: - - { role: mgrote.apt_manage_sources, - tags: "apt_sources" } - - { role: mgrote.apt_update_packages, - tags: "updates", - serial: 3 } - - { role: mgrote.apt_install_packages, - tags: "install", - serial: 3 } + - { role: mgrote.apt_manage_sources, tags: "apt_sources" } + - { role: mgrote.apt_update_packages, tags: "updates", serial: 3 } + - { role: mgrote.apt_install_packages, tags: "install", serial: 3 } diff --git a/playbooks/base/3_base.yml b/playbooks/base/3_base.yml index 220a3039..8597424c 100644 --- a/playbooks/base/3_base.yml +++ b/playbooks/base/3_base.yml @@ -3,3 +3,4 @@ roles: - { role: mgrote.set_timezone, tags: "timezone" } - { role: mgrote.restic, tags: "restic" } + - { role: ryandaniels.create_users, tags: "user", become: yes } diff --git a/playbooks/base/4_create_user.yml b/playbooks/base/4_create_user.yml deleted file mode 100644 index 17919a5a..00000000 --- a/playbooks/base/4_create_user.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - - hosts: all - roles: - - { role: ryandaniels.create_users, tags: "user", become: yes } diff --git a/playbooks/base/5_personalisierung.yml b/playbooks/base/5_personalisierung.yml index 0e65a992..118275b4 100644 --- a/playbooks/base/5_personalisierung.yml +++ b/playbooks/base/5_personalisierung.yml @@ -2,10 +2,5 @@ - hosts: all roles: - { role: mgrote.motd, tags: "motd" } - - { role: mgrote.tmux, - tags: "tmux", - when: "not 'proxmox' in group_names" } - - { role: geerlingguy.dotfiles, -# become_user: "{{ dotfiles_user }}" , - become: true, - tags: "dotfiles" } + - { role: mgrote.tmux, tags: "tmux", when: "not 'proxmox' in group_names" } + - { role: geerlingguy.dotfiles, become: true, tags: "dotfiles" } diff --git a/playbooks/service/docker.yml b/playbooks/service/docker.yml index 246fe0cf..8eb9db05 100644 --- a/playbooks/service/docker.yml +++ b/playbooks/service/docker.yml @@ -4,9 +4,3 @@ - { role: geerlingguy.pip, tags: "pip", become: true } - { role: geerlingguy.docker, tags: "docker", become: true } - { role: gantsign.ctop, tags: "ctop", become: true } - -# tasks: -# - git: # noqa 401 401 502 502 -# repo: 'https://github.com/quotengrote/docker' # noqa 401 401 502 502 -# dest: /home/mg/docker -# become: yes diff --git a/playbooks/service/fileserver.yml b/playbooks/service/fileserver.yml index 760f449c..3984e08d 100644 --- a/playbooks/service/fileserver.yml +++ b/playbooks/service/fileserver.yml @@ -12,7 +12,7 @@ ############################################################################### --- -- hosts: storage +- hosts: fileserver roles: - { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.fileserver_smb, tags: "fileserver_smb" }