Housekeeping

This commit is contained in:
Michael Grote 2021-02-07 13:16:51 +01:00
parent bb85d8798d
commit 40500232da
12 changed files with 35 additions and 41 deletions

View file

@ -1,4 +1,5 @@
--- ---
### wird in vielen Rollen verwendet
empfaenger_mail: michael.grote@posteo.de empfaenger_mail: michael.grote@posteo.de
### mgrote.postfix / werden auch bei gitlab verwendet ### mgrote.postfix / werden auch bei gitlab verwendet
postfix_absender_mailadresse: info@mgrote.net postfix_absender_mailadresse: info@mgrote.net
@ -11,7 +12,7 @@
### mgrote.apt_manage_sources ### mgrote.apt_manage_sources
manage_sources_apt_proxy_url: "acng.grote.lan:9999" manage_sources_apt_proxy_url: "acng.grote.lan:9999"
### mgrote.restic ### mgrote.restic
restic_folders_to_backup: "/usr/local /etc /root /var/www /home" restic_folders_to_backup: "/usr/local /etc /root /home"
restic_cron_hours: "19" restic_cron_hours: "19"
restic_repository: "//fileserver2.grote.lan/backup/restic" restic_repository: "//fileserver2.grote.lan/backup/restic"
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}" restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
@ -121,11 +122,9 @@
apcupsd_slave_minutes_for_shutdown: 10 apcupsd_slave_minutes_for_shutdown: 10
apcupsd_slave_nologon_when_active: disable apcupsd_slave_nologon_when_active: disable
apcupsd_nis_master: on apcupsd_nis_master: on
# apcupsd_nis_master_hostname: pve2.grote.lan # wird pro host gesetzt
apcupsd_nis_master_listen_ip: 0.0.0.0 apcupsd_nis_master_listen_ip: 0.0.0.0
apcupsd_nis_master_listen_port: 3551 apcupsd_nis_master_listen_port: 3551
apcupsd_ups_name: APC-BX950U-GR apcupsd_ups_name: APC-BX950U-GR
# apcupsd_nis_master: false # wird pro host gesetzt
# Ansible Variablen # Ansible Variablen

View file

@ -39,6 +39,18 @@
servers: servers:
- production - production
- test - test
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create
ssh_key: "{{ lookup('keepass', 'ansible_user_ssh_pubkey', 'password') }}"
use_sudo: yes
use_sudo_nopass: yes
user_state: present
groups: ssh, sudo
servers:
- production
- test
### mgrote.restic ### mgrote.restic
restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
restic_cron_hours: "*" restic_cron_hours: "*"
@ -56,10 +68,3 @@
/var/lib/docker/volumes/ocrmypdf-auto_scan_output/* /var/lib/docker/volumes/ocrmypdf-auto_scan_output/*
# https://github.com/restic/restic/issues/1005 # https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12 # https://forum.restic.net/t/exclude-syntax-confusion/1531/12
### riemers.gitlab-runner
gitlab_runner_coordinator_url: https://git.mgrote.net
gitlab_runner_registration_token: "{{ lookup('keepass', 'gitlab_runner_registration_token', 'password') }}"
gitlab_runner_runners:
- name: "{{ ansible_hostname }}-docker"
executor: docker

View file

@ -76,10 +76,10 @@
ordnerpfad: '/shares_pve_backup' ordnerpfad: '/shares_pve_backup'
lese_nutzer: 'michaelgrote' lese_nutzer: 'michaelgrote'
schreibe_nutzer: 'pve' schreibe_nutzer: 'pve'
smb_workgroup: WORKGROUP smb_workgroup: WORKGROUP
smb_nutzer_loeschen: smb_nutzer_loeschen:
- { name: 'airsonic' } - { name: '' }
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:
- rule: allow - rule: allow

View file

@ -1,6 +1,16 @@
--- ---
### geerlingguy.gitlab ### geerlingguy.gitlab
# nicht alle gitlab Einstellungen lassen sich als Variable festlegen! # nicht alle gitlab Einstellungen lassen sich als Variable festlegen! siehe unten:
# Einstellungen
### General
# * sign up disabled
# * Require all users to set up Two-factor authentication
# * Gravatar enabled --> off
### Network
# * Enable unauthenticated request rate limit
# * Default to Auto DevOps pipeline for all projects
gitlab_domain: gitlab.grote.lan gitlab_domain: gitlab.grote.lan
gitlab_external_url: "http://git.mgrote.net" gitlab_external_url: "http://git.mgrote.net"
gitlab_edition: "gitlab-ce" gitlab_edition: "gitlab-ce"

View file

@ -8,7 +8,7 @@ all:
hosts: hosts:
dokuwiki2.grote.lan: dokuwiki2.grote.lan:
dokuwiki-test.grote.lan: dokuwiki-test.grote.lan:
storage: fileserver:
hosts: hosts:
fileserver2.grote.lan: fileserver2.grote.lan:
fileserver-test.grote.lan: fileserver-test.grote.lan:

View file

@ -1,6 +1,5 @@
--- ---
- import_playbook: 2_packages.yml - import_playbook: 2_packages.yml
- import_playbook: 3_base.yml - import_playbook: 3_base.yml
- import_playbook: 4_create_user.yml
- import_playbook: 5_personalisierung.yml - import_playbook: 5_personalisierung.yml
- import_playbook: 6_haertung.yml - import_playbook: 6_haertung.yml

View file

@ -1,11 +1,6 @@
--- ---
- hosts: all - hosts: all
roles: roles:
- { role: mgrote.apt_manage_sources, - { role: mgrote.apt_manage_sources, tags: "apt_sources" }
tags: "apt_sources" } - { role: mgrote.apt_update_packages, tags: "updates", serial: 3 }
- { role: mgrote.apt_update_packages, - { role: mgrote.apt_install_packages, tags: "install", serial: 3 }
tags: "updates",
serial: 3 }
- { role: mgrote.apt_install_packages,
tags: "install",
serial: 3 }

View file

@ -3,3 +3,4 @@
roles: roles:
- { role: mgrote.set_timezone, tags: "timezone" } - { role: mgrote.set_timezone, tags: "timezone" }
- { role: mgrote.restic, tags: "restic" } - { role: mgrote.restic, tags: "restic" }
- { role: ryandaniels.create_users, tags: "user", become: yes }

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: ryandaniels.create_users, tags: "user", become: yes }

View file

@ -2,10 +2,5 @@
- hosts: all - hosts: all
roles: roles:
- { role: mgrote.motd, tags: "motd" } - { role: mgrote.motd, tags: "motd" }
- { role: mgrote.tmux, - { role: mgrote.tmux, tags: "tmux", when: "not 'proxmox' in group_names" }
tags: "tmux", - { role: geerlingguy.dotfiles, become: true, tags: "dotfiles" }
when: "not 'proxmox' in group_names" }
- { role: geerlingguy.dotfiles,
# become_user: "{{ dotfiles_user }}" ,
become: true,
tags: "dotfiles" }

View file

@ -4,9 +4,3 @@
- { role: geerlingguy.pip, tags: "pip", become: true } - { role: geerlingguy.pip, tags: "pip", become: true }
- { role: geerlingguy.docker, tags: "docker", become: true } - { role: geerlingguy.docker, tags: "docker", become: true }
- { role: gantsign.ctop, tags: "ctop", become: true } - { role: gantsign.ctop, tags: "ctop", become: true }
# tasks:
# - git: # noqa 401 401 502 502
# repo: 'https://github.com/quotengrote/docker' # noqa 401 401 502 502
# dest: /home/mg/docker
# become: yes

View file

@ -12,7 +12,7 @@
############################################################################### ###############################################################################
--- ---
- hosts: storage - hosts: fileserver
roles: roles:
- { role: mgrote.postfix, tags: "postfix" } - { role: mgrote.postfix, tags: "postfix" }
- { role: mgrote.fileserver_smb, tags: "fileserver_smb" } - { role: mgrote.fileserver_smb, tags: "fileserver_smb" }