Housekeeping

group_vars/all.yml

@@ -1,4 +1,5 @@
 ---
+  ### wird in vielen Rollen verwendet
   empfaenger_mail: michael.grote@posteo.de
   ### mgrote.postfix / werden auch bei gitlab verwendet
   postfix_absender_mailadresse: info@mgrote.net
@@ -11,7 +12,7 @@
   ### mgrote.apt_manage_sources
   manage_sources_apt_proxy_url: "acng.grote.lan:9999"
   ### mgrote.restic
-  restic_folders_to_backup: "/usr/local /etc /root /var/www /home"
+  restic_folders_to_backup: "/usr/local /etc /root /home"
   restic_cron_hours: "19"
   restic_repository: "//fileserver2.grote.lan/backup/restic"
   restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
@@ -121,11 +122,9 @@
   apcupsd_slave_minutes_for_shutdown: 10
   apcupsd_slave_nologon_when_active: disable
   apcupsd_nis_master: on
-  # apcupsd_nis_master_hostname: pve2.grote.lan # wird pro host gesetzt
   apcupsd_nis_master_listen_ip: 0.0.0.0
   apcupsd_nis_master_listen_port: 3551
   apcupsd_ups_name: APC-BX950U-GR
-  # apcupsd_nis_master: false # wird pro host gesetzt
 
 
   # Ansible Variablen

group_vars/docker.yml

@@ -39,6 +39,18 @@
     servers:
       - production
       - test
+  - username: ansible-user
+    password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
+    update_password: on_create
+    ssh_key: "{{ lookup('keepass', 'ansible_user_ssh_pubkey', 'password') }}"
+    use_sudo: yes
+    use_sudo_nopass: yes
+    user_state: present
+    groups: ssh, sudo
+    servers:
+      - production
+      - test
+
   ### mgrote.restic
   restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
   restic_cron_hours: "*"
@@ -56,10 +68,3 @@
         /var/lib/docker/volumes/ocrmypdf-auto_scan_output/*
         # https://github.com/restic/restic/issues/1005
         # https://forum.restic.net/t/exclude-syntax-confusion/1531/12
-
-  ### riemers.gitlab-runner
-  gitlab_runner_coordinator_url: https://git.mgrote.net
-  gitlab_runner_registration_token: "{{ lookup('keepass', 'gitlab_runner_registration_token', 'password') }}"
-  gitlab_runner_runners:
-    - name: "{{ ansible_hostname }}-docker"
-      executor: docker

group_vars/fileserver.yml

@@ -76,10 +76,10 @@
       ordnerpfad: '/shares_pve_backup'
       lese_nutzer: 'michaelgrote'
       schreibe_nutzer: 'pve'
-
   smb_workgroup: WORKGROUP
   smb_nutzer_loeschen:
-    - { name: 'airsonic' }
+    - { name: '' }
+    
   ### oefenweb.ufw
   ufw_rules:
     - rule: allow

group_vars/gitlab.yml

@@ -1,6 +1,16 @@
 ---
   ### geerlingguy.gitlab
-  # nicht alle gitlab Einstellungen lassen sich als Variable festlegen!
+  # nicht alle gitlab Einstellungen lassen sich als Variable festlegen! siehe unten:
+  # Einstellungen
+  ### General
+  # * sign up disabled
+  # * Require all users to set up Two-factor authentication
+  # * Gravatar enabled --> off
+  ### Network
+  # * Enable unauthenticated request rate limit
+  # * Default to Auto DevOps pipeline for all projects
+
+
   gitlab_domain: gitlab.grote.lan
   gitlab_external_url: "http://git.mgrote.net"
   gitlab_edition: "gitlab-ce"

inventory

@@ -8,7 +8,7 @@ all:
       hosts:
         dokuwiki2.grote.lan:
         dokuwiki-test.grote.lan:
-    storage:
+    fileserver:
       hosts:
         fileserver2.grote.lan:
         fileserver-test.grote.lan:

playbooks/base/0_master.yml

@@ -1,6 +1,5 @@
 ---
   - import_playbook: 2_packages.yml
   - import_playbook: 3_base.yml
-  - import_playbook: 4_create_user.yml
   - import_playbook: 5_personalisierung.yml
   - import_playbook: 6_haertung.yml

playbooks/base/2_packages.yml

@@ -1,11 +1,6 @@
 ---
   - hosts: all
     roles:
-      - { role: mgrote.apt_manage_sources,
+      - { role: mgrote.apt_manage_sources, tags: "apt_sources" }
-        tags: "apt_sources" }
+      - { role: mgrote.apt_update_packages, tags: "updates", serial: 3 }
-      - { role: mgrote.apt_update_packages,
+      - { role: mgrote.apt_install_packages, tags: "install", serial: 3 }
-        tags: "updates",
-        serial: 3 }
-      - { role: mgrote.apt_install_packages,
-        tags: "install",
-        serial: 3 }

playbooks/base/3_base.yml

@@ -3,3 +3,4 @@
     roles:
       - { role: mgrote.set_timezone, tags: "timezone" }
       - { role: mgrote.restic, tags: "restic" }
+      - { role: ryandaniels.create_users, tags: "user", become: yes }

playbooks/base/4_create_user.yml

@@ -1,4 +0,0 @@
----
-  - hosts: all
-    roles:
-      - { role: ryandaniels.create_users, tags: "user", become: yes }

playbooks/base/5_personalisierung.yml

@@ -2,10 +2,5 @@
   - hosts: all
     roles:
       - { role: mgrote.motd, tags: "motd" }
-      - { role: mgrote.tmux,
+      - { role: mgrote.tmux, tags: "tmux", when: "not 'proxmox' in group_names" }
-          tags: "tmux",
+      - { role: geerlingguy.dotfiles, become: true, tags: "dotfiles" }
-          when: "not 'proxmox' in group_names" }
-      - { role: geerlingguy.dotfiles,
-#          become_user: "{{ dotfiles_user }}" ,
-          become: true,
-          tags: "dotfiles" }

playbooks/service/docker.yml

@@ -4,9 +4,3 @@
     - { role: geerlingguy.pip, tags: "pip", become: true }
     - { role: geerlingguy.docker, tags: "docker", become: true }
     - { role: gantsign.ctop, tags: "ctop", become: true }
-
-#  tasks:
-#    - git: # noqa 401 401 502 502
-#        repo: 'https://github.com/quotengrote/docker' # noqa 401 401 502 502
-#        dest: /home/mg/docker
-#      become: yes

playbooks/service/fileserver.yml

@@ -12,7 +12,7 @@
 ###############################################################################
 
 ---
-- hosts: storage
+- hosts: fileserver
   roles:
     - { role: mgrote.postfix, tags: "postfix" }
     - { role: mgrote.fileserver_smb, tags: "fileserver_smb" }