fix linter errors (#584)

Reviewed-on: #584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2023-10-25 22:26:17 +02:00 · 2023-10-25 22:26:17 +02:00 · 7a24089031
parent ccaaabc1be
commit 7a24089031
758 changed files with 7206 additions and 24226 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -3,6 +3,8 @@ skip_list:
  - yaml[line-length]
  - name[casing]
  - yaml[comments]
+  - name[play]
+  - var-naming[no-role-prefix]
 quiet: true
 exclude_paths:
  - .cache/ # implicit unless exclude_paths is defined in config
@ -22,3 +24,5 @@ exclude_paths:
  - roles/robertdebock.bootstrap
  - roles/PyratLabs.k3s
  - .gitlab-ci.yml
+  - friedhof/
+  - playbooks/on-off
--- a/.ansible-lint-ignore
+++ b/.ansible-lint-ignore
@ -1,3 +0,0 @@
-# This file contains ignores rule violations for ansible-lint
-playbooks/on-off/remove_old_ssh_key.yml name[play]
-playbooks/on-off/remove_old_ssh_key.yml yaml[truthy]
--- a/.drone.yml
+++ b/.drone.yml
@ -23,7 +23,7 @@ steps:
    commands:
      - ansible-lint --version
      - echo $ANSIBLE_VAULT_PASSWORD > ./vault-pass.yml
-      - ansible-lint
+      - ansible-lint --force-color --format pep8
    when:
      event:
        exclude:
@ -31,17 +31,3 @@ steps:
    environment:
      ANSIBLE_VAULT_PASSWORD:
        from_secret: vault-pass
-
---
-kind: pipeline
-type: docker
-name: yaml-lint
-steps:
-  - name: yamllint
-    image: cytopia/yamllint:1
-    commands:
-      - /usr/bin/yamllint -f colored .
-    when:
-      event:
-        exclude:
-          - tag
--- a/.yamllint
+++ b/.yamllint
@ -1,3 +0,0 @@
-ignore:
-  - ./roles/pandemonium1986.ansible-role-k9s
-  - ./roles/robertdebock.bootstrap
--- a/README.md
+++ b/README.md
@ -1,4 +1 @@
 # ansible_heimserver
-
-## example-cli
-`ansible-playbook playbooks/base/0_master.yml  -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan`
--- a/collections/community/general/plugins/modules/btrfs_info.py
+++ b/collections/community/general/plugins/modules/btrfs_info.py
@ -50,8 +50,8 @@ filesystems:
            description: A list of devices assigned to the filesystem.
            type: list
            sample:
-                - /dev/sda1
-                - /dev/sdb1
+               - /dev/sda1
+               - /dev/sdb1
        default_subvolume:
            description: The id of the filesystem's default subvolume.
            type: int
--- a/collections/community/general/plugins/modules/btrfs_subvolume.py
+++ b/collections/community/general/plugins/modules/btrfs_subvolume.py
@ -162,8 +162,8 @@ filesystem:
            returned: success
            type: list
            sample:
-                - /dev/sda1
-                - /dev/sdb1
+               - /dev/sda1
+               - /dev/sdb1
        default_subvolume:
            description: The ID of the filesystem's default subvolume.
            returned: success and if filesystem is mounted
--- a/docker-compose/homer/assets/config.yml
+++ b/docker-compose/homer/assets/config.yml
@ -15,11 +15,6 @@ defaults:
 stylesheet:
  - 'assets/catppuccin-frappe.css'

-
-
-
-
-
 links:
  - name: "Homepage"
    icon: "fas fa-heartbeat"
--- a/docker-compose/httpd/docker-compose.yml.j2
+++ b/docker-compose/httpd/docker-compose.yml.j2
@ -6,7 +6,7 @@ services:
    restart: always
    volumes:
      - uploads:/usr/local/apache2/htdocs/
-      - "${PWD}/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro"
+      - "/docker/httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro"
    ports:
      - 3344:80
    labels:
--- a/docker-compose/traefik/file-provider.yml
+++ b/docker-compose/traefik/file-provider.yml
@ -21,8 +21,8 @@ http:
    service_dokuwiki:
      loadBalancer:
        servers:
-        - url: "http://dokuwiki2.grote.lan/"
+          - url: "http://dokuwiki2.grote.lan/"
    service_gitea:
      loadBalancer:
        servers:
-        - url: "http://gitea.grote.lan:3000/"
+          - url: "http://gitea.grote.lan:3000/"
--- a/roles/_mgrote.musterrolle/LICENSE
+++ b/roles/_mgrote.musterrolle/LICENSE
--- a/roles/_mgrote.musterrolle/README.md
+++ b/roles/_mgrote.musterrolle/README.md
--- a/friedhof/mgrote_acng/defaults/main.yml
+++ b/friedhof/mgrote_acng/defaults/main.yml
@ -0,0 +1,6 @@
+---
+acng_exthreshold: "60"
+acng_server_port: "9999"
+acng_security_conf_path: "/etc/apt-cacher-ng/security.conf"
+acng_server_auth_user: acngadmin
+acng_server_auth_pass: klauspeter
--- a/friedhof/mgrote_acng/handlers/main.yml
+++ b/friedhof/mgrote_acng/handlers/main.yml
@ -0,0 +1,7 @@
+---
+- name: acng_starten_aktivieren
+  become: true
+  ansible.builtin.systemd:
+    name: apt-cacher-ng
+    enabled: true
+    state: restarted
--- a/roles/_mgrote.musterrolle_systemd/LICENSE
+++ b/roles/_mgrote.musterrolle_systemd/LICENSE
--- a/friedhof/mgrote_acng/mgrote.acng/README.md
+++ b/friedhof/mgrote_acng/mgrote.acng/README.md
--- a/friedhof/mgrote_acng/mgrote.acng/defaults/main.yml
+++ b/friedhof/mgrote_acng/mgrote.acng/defaults/main.yml
@ -0,0 +1,6 @@
+---
+acng_exthreshold: "60"
+acng_server_port: "9999"
+acng_security_conf_path: "/etc/apt-cacher-ng/security.conf"
+acng_server_auth_user: acngadmin
+acng_server_auth_pass: klauspeter
--- a/friedhof/mgrote_acng/mgrote.acng/handlers/main.yml
+++ b/friedhof/mgrote_acng/mgrote.acng/handlers/main.yml
@ -0,0 +1,7 @@
+---
+- name: acng_starten_aktivieren
+  become: true
+  ansible.builtin.systemd:
+    name: apt-cacher-ng
+    enabled: true
+    state: restarted
--- a/friedhof/mgrote_acng/mgrote.acng/tasks/main.yml
+++ b/friedhof/mgrote_acng/mgrote.acng/tasks/main.yml
@ -0,0 +1,42 @@
+---
+- name: ensure directories exists
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /etc/apt-cacher-ng
+    - /var/cache/apt-cacher-ng
+
+- name: ensure directories have the right permissions
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: apt-cacher-ng
+    group: apt-cacher-ng
+  loop:
+    - /var/cache/apt-cacher-ng
+
+- name: templating acng.conf
+  become: true
+  ansible.builtin.template:
+    src: "acng.conf"
+    dest: "/etc/apt-cacher-ng/acng.conf"
+    mode: "0664"
+  notify: acng_starten_aktivieren
+
+- name: install apt-cacher-ng packages
+  become: true
+  ansible.builtin.package:
+    name: apt-cacher-ng
+    state: present
+
+- name: templating security.conf
+  become: true
+  ansible.builtin.template:
+    src: "security.conf"
+    dest: "{{ acng_security_conf_path }}"
+    mode: "0640"
+  notify: acng_starten_aktivieren
+  no_log: true
--- a/friedhof/mgrote_acng/mgrote.acng/templates/acng.conf
+++ b/friedhof/mgrote_acng/mgrote.acng/templates/acng.conf
--- a/friedhof/mgrote_acng/mgrote.acng/templates/security.conf
+++ b/friedhof/mgrote_acng/mgrote.acng/templates/security.conf
--- a/friedhof/mgrote_acng/tasks/main.yml
+++ b/friedhof/mgrote_acng/tasks/main.yml
@ -0,0 +1,35 @@
+---
+- name: ensure directories exists
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: apt-cacher-ng
+    group: apt-cacher-ng
+    mode: "0644"
+  loop:
+    - /etc/apt-cacher-ng
+    - /var/cache/apt-cacher-ng
+
+- name: templating acng.conf
+  become: true
+  ansible.builtin.template:
+    src: "acng.conf"
+    dest: "/etc/apt-cacher-ng/acng.conf"
+    mode: "0644"
+  notify: acng_starten_aktivieren
+
+- name: install apt-cacher-ng packages
+  become: true
+  ansible.builtin.package:
+    name: apt-cacher-ng
+    state: present
+
+- name: templating security.conf
+  become: true
+  ansible.builtin.template:
+    src: "security.conf"
+    dest: "{{ acng_security_conf_path }}"
+    mode: "0640"
+  notify: acng_starten_aktivieren
+  no_log: true
--- a/friedhof/mgrote_acng/templates/acng.conf
+++ b/friedhof/mgrote_acng/templates/acng.conf
--- a/friedhof/mgrote_acng/templates/security.conf
+++ b/friedhof/mgrote_acng/templates/security.conf
--- a/friedhof/mgrote_alacritty/LICENSE
+++ b/friedhof/mgrote_alacritty/LICENSE
--- a/friedhof/mgrote_alacritty/README.md
+++ b/friedhof/mgrote_alacritty/README.md
--- a/friedhof/mgrote_alacritty/defaults/main.yml
+++ b/friedhof/mgrote_alacritty/defaults/main.yml
@ -0,0 +1,2 @@
+---
+alacritty_url: http://docker10.grote.lan:3344/alacritty-latest.tar.gz
--- a/friedhof/mgrote_alacritty/mgrote.alacritty/LICENSE
+++ b/friedhof/mgrote_alacritty/mgrote.alacritty/LICENSE
--- a/friedhof/mgrote_alacritty/mgrote.alacritty/README.md
+++ b/friedhof/mgrote_alacritty/mgrote.alacritty/README.md
@ -0,0 +1,8 @@
+## mgrote.alacritty
+### Beschreibung
+Installiert alacritty.
+
+
+### getestet auf
+- [x] Ubuntu (>=18.04)
+- [x] Linux Mint
--- a/friedhof/mgrote_alacritty/mgrote.alacritty/defaults/main.yml
+++ b/friedhof/mgrote_alacritty/mgrote.alacritty/defaults/main.yml
@ -0,0 +1,2 @@
+---
+alacritty_url: http://docker10.grote.lan:3344/alacritty-latest.tar.gz
--- a/friedhof/mgrote_alacritty/mgrote.alacritty/tasks/main.yml
+++ b/friedhof/mgrote_alacritty/mgrote.alacritty/tasks/main.yml
@ -0,0 +1,11 @@
+---
+- name: download binary
+  ansible.builtin.unarchive:
+    src: "{{ alacritty_url }}"
+    dest: /usr/local/bin
+    remote_src: true
+
+- name: set permissions
+  ansible.builtin.file:
+    path: /usr/local/bin/alacritty
+    mode: '0755'
--- a/friedhof/mgrote_alacritty/tasks/main.yml
+++ b/friedhof/mgrote_alacritty/tasks/main.yml
@ -0,0 +1,11 @@
+---
+- name: download binary
+  ansible.builtin.unarchive:
+    src: "{{ alacritty_url }}"
+    dest: /usr/local/bin
+    remote_src: true
+
+- name: set permissions
+  ansible.builtin.file:
+    path: /usr/local/bin/alacritty
+    mode: '0755'
--- a/friedhof/mgrote_apcupsd/LICENSE
+++ b/friedhof/mgrote_apcupsd/LICENSE
--- a/friedhof/mgrote_apcupsd/README.md
+++ b/friedhof/mgrote_apcupsd/README.md
--- a/friedhof/mgrote_apcupsd/defaults/main.yml
+++ b/friedhof/mgrote_apcupsd/defaults/main.yml
@ -0,0 +1,40 @@
+---
+## Values: http://www.apcupsd.org/manual/manual.html
+
+## Master
+# Wenn "true" ist dieser Host master.
+apcupsd_nis_master: true
+
+# Interface auf dem der "Master" erreichbar ist.
+apcupsd_nis_master_listen_ip: 0.0.0.0
+
+# Post auf dem der "Master" erreichbar ist.
+apcupsd_nis_master_listen_port: 3551
+
+# Name der USV
+apcupsd_ups_name: APC-BX950U-GR
+
+## Slave
+# Zeitspanne zwischen dem pollen
+apcupsd_slave_polltime: 10 #in Sekunden
+
+
+## Master & Slave
+# FQDN oder IP des "master"
+apcupsd_nis_master_hostname: pve2.grote.lan
+
+# Zeitspanne in Sekunden, ab der der Systemdienst einen Stromausfall annimmt. Nuetzlich, um sehr kurze Ausfaelle ignorieren zu koennen.
+apcupsd_master_onbatterydelay: 10
+apcupsd_slave_onbatterydelay: 10
+
+# Durch die USV gemeldete Restkapazitaet in Prozent, ab der der Rechner heruntergefahren wird.
+apcupsd_master_batterylevel_for_shutdown: 50
+apcupsd_slave_batterylevel_for_shutdown: 60
+
+# apcupsd will shutdown the system during a power failure when the remaining runtime on batteries as internally calculated by the UPS falls below the specified minutes. Jeweils Master und Slave.
+apcupsd_master_minutes_for_shutdown: 10
+apcupsd_slave_minutes_for_shutdown: 11
+
+# Specifies when apcupsd should create the NOLOGON file to prevent users from logging on to the system. Jeweils Master und Slave.
+apcupsd_master_nologon_when_active: always
+apcupsd_slave_nologon_when_active: always
--- a/friedhof/mgrote_apcupsd/handlers/main.yml
+++ b/friedhof/mgrote_apcupsd/handlers/main.yml
@ -0,0 +1,12 @@
+---
+- name: restart_apcupsd #wird aufgerufen wenn apcupsd.conf_kopieren nach aenderungen den status "changed hat"
+  become: true
+  ansible.builtin.systemd:
+    name: apcupsd
+    state: restarted
+    enabled: true
+
+- name: apc_access_mail
+  ansible.builtin.shell:
+    cmd: set -o pipefail && /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ empfaenger_mail }}
+    executable: /bin/bash
--- a/friedhof/mgrote_apcupsd/meta/main.yml
+++ b/friedhof/mgrote_apcupsd/meta/main.yml
@ -0,0 +1,14 @@
+---
+dependencies:
+  - role: mgrote_postfix
+galaxy_info:
+  author: mgrote
+  description: installs apcupsd
+  min_ansible_version: 2.0
+  license: GPLv3
+  platforms:
+    - name: Proxmox
+      versions:
+        - all
+  galaxy_tags:
+    - system
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/LICENSE
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/LICENSE
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/README.md
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/README.md
@ -0,0 +1,20 @@
+## mgrote.apcupsd
+
+### Beschreibung
+* Installiert apcupsd.
+* Auf einem PC als "Master", hier ist die USV per USB angeschlossen.
+* Auf allen anderen PCs als "Slave", diese OCs pollen alle <n> Sekunden den Master.
+* Benoetigt mgrote.postfix.
+* Getestet mit: APC-BX950U-GR
+
+### Links
+ * http://www.apcupsd.org/manual/#checking-your-configuration-file
+ * https://linux.die.net/man/5/apcupsd.conf
+
+
+### getestet auf
+- [x] ProxMox 6.1
+- [x] ProxMox 7
+
+### Variablen + Defaults
+- siehe [defaults/main.yml](./defaults/main.yml)
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/defaults/main.yml
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/defaults/main.yml
@ -0,0 +1,40 @@
+---
+## Values: http://www.apcupsd.org/manual/manual.html
+
+## Master
+# Wenn "true" ist dieser Host master.
+apcupsd_nis_master: true
+
+# Interface auf dem der "Master" erreichbar ist.
+apcupsd_nis_master_listen_ip: 0.0.0.0
+
+# Post auf dem der "Master" erreichbar ist.
+apcupsd_nis_master_listen_port: 3551
+
+# Name der USV
+apcupsd_ups_name: APC-BX950U-GR
+
+## Slave
+# Zeitspanne zwischen dem pollen
+apcupsd_slave_polltime: 10 #in Sekunden
+
+
+## Master & Slave
+# FQDN oder IP des "master"
+apcupsd_nis_master_hostname: pve2.grote.lan
+
+# Zeitspanne in Sekunden, ab der der Systemdienst einen Stromausfall annimmt. Nuetzlich, um sehr kurze Ausfaelle ignorieren zu koennen.
+apcupsd_master_onbatterydelay: 10
+apcupsd_slave_onbatterydelay: 10
+
+# Durch die USV gemeldete Restkapazitaet in Prozent, ab der der Rechner heruntergefahren wird.
+apcupsd_master_batterylevel_for_shutdown: 50
+apcupsd_slave_batterylevel_for_shutdown: 60
+
+# apcupsd will shutdown the system during a power failure when the remaining runtime on batteries as internally calculated by the UPS falls below the specified minutes. Jeweils Master und Slave.
+apcupsd_master_minutes_for_shutdown: 10
+apcupsd_slave_minutes_for_shutdown: 11
+
+# Specifies when apcupsd should create the NOLOGON file to prevent users from logging on to the system. Jeweils Master und Slave.
+apcupsd_master_nologon_when_active: always
+apcupsd_slave_nologon_when_active: always
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/handlers/main.yml
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/handlers/main.yml
@ -0,0 +1,10 @@
+---
+- name: restart_apcupsd #wird aufgerufen wenn apcupsd.conf_kopieren nach aenderungen den status "changed hat"
+  become: true
+  ansible.builtin.systemd:
+    name: apcupsd
+    state: restarted
+    enabled: true
+
+- name: apc_access_mail
+  ansible.builtin.shell: /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ empfaenger_mail }}
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/meta/main.yml
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/meta/main.yml
@ -0,0 +1,14 @@
+---
+dependencies:
+  - role: mgrote_postfix
+galaxy_info:
+  author: mgrote
+  description: installs apcupsd
+  min_ansible_version: 2.0
+  license: GPLv3
+  platforms:
+    - name: Proxmox
+      versions:
+        - all
+  galaxy_tags:
+    - system
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/main.yml
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/main.yml
@ -0,0 +1,42 @@
+---
+- name: install apcupsd packages
+  ansible.builtin.package:
+    name:
+      - apcupsd
+      - apcupsd-cgi
+      - apcupsd-doc
+    state: present
+  become: true
+  notify: apc_access_mail
+
+- name: create master config
+  ansible.builtin.include_tasks: master.yml
+  when:
+    - apcupsd_nis_master
+    - apcupsd_nis_master is defined
+
+- name: create slave config
+  ansible.builtin.include_tasks: slave.yml
+  when:
+    - not apcupsd_nis_master
+    - apcupsd_nis_master is defined
+
+- name: copy apcupsd file
+  become: true
+  ansible.builtin.template:
+    src: "apcupsd"
+    dest: "/etc/default/apcupsd"
+
+- name: set mail recipient
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/apcupsd/apccontrol #wo
+    regexp: export SYSADMIN=root #suche nach
+    line: export SYSADMIN={{ empfaenger_mail }} #ersetze durch...
+    backrefs: true #verhindert das die zeile bei "nicht zutreffen"  am ende der datei angefuegt wird: https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#parameters
+
+- name: copy test script
+  become: true
+  ansible.builtin.template:
+    src: "apccontrol.save"
+    dest: "/etc/apcupsd/apccontrol.save"
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/master.yml
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/master.yml
@ -0,0 +1,7 @@
+---
+- name: templating master_apcupsd.conf
+  become: true
+  ansible.builtin.template:
+    src: "master_apcupsd.conf"
+    dest: "/etc/apcupsd/apcupsd.conf"
+  notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/slave.yml
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/slave.yml
@ -0,0 +1,7 @@
+---
+- name: templating slave_apcupsd.conf
+  become: true
+  ansible.builtin.template:
+    src: "slave_apcupsd.conf"
+    dest: "/etc/apcupsd/apcupsd.conf"
+  notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/apccontrol.save
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/apccontrol.save
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/apcupsd
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/apcupsd
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/master_apcupsd.conf
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/master_apcupsd.conf
--- a/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/slave_apcupsd.conf
+++ b/friedhof/mgrote_apcupsd/mgrote.apcupsd/templates/slave_apcupsd.conf
--- a/friedhof/mgrote_apcupsd/tasks/main.yml
+++ b/friedhof/mgrote_apcupsd/tasks/main.yml
@ -0,0 +1,42 @@
+---
+- name: install apcupsd packages
+  ansible.builtin.package:
+    name:
+      - apcupsd
+      - apcupsd-cgi
+      - apcupsd-doc
+    state: present
+  become: true
+  notify: apc_access_mail
+
+- name: create master config
+  ansible.builtin.include_tasks: master.yml
+  when:
+    - apcupsd_nis_master
+    - apcupsd_nis_master is defined
+
+- name: create slave config
+  ansible.builtin.include_tasks: slave.yml
+  when:
+    - not apcupsd_nis_master
+    - apcupsd_nis_master is defined
+
+- name: copy apcupsd file
+  become: true
+  ansible.builtin.template:
+    src: "apcupsd"
+    dest: "/etc/default/apcupsd"
+
+- name: set mail recipient
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/apcupsd/apccontrol #wo
+    regexp: export SYSADMIN=root #suche nach
+    line: export SYSADMIN={{ empfaenger_mail }} #ersetze durch...
+    backrefs: true #verhindert das die zeile bei "nicht zutreffen"  am ende der datei angefuegt wird: https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#parameters
+
+- name: copy test script
+  become: true
+  ansible.builtin.template:
+    src: "apccontrol.save"
+    dest: "/etc/apcupsd/apccontrol.save"
--- a/friedhof/mgrote_apcupsd/tasks/master.yml
+++ b/friedhof/mgrote_apcupsd/tasks/master.yml
@ -0,0 +1,7 @@
+---
+- name: templating master_apcupsd.conf
+  become: true
+  ansible.builtin.template:
+    src: "master_apcupsd.conf"
+    dest: "/etc/apcupsd/apcupsd.conf"
+  notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
--- a/friedhof/mgrote_apcupsd/tasks/slave.yml
+++ b/friedhof/mgrote_apcupsd/tasks/slave.yml
@ -0,0 +1,7 @@
+---
+- name: templating slave_apcupsd.conf
+  become: true
+  ansible.builtin.template:
+    src: "slave_apcupsd.conf"
+    dest: "/etc/apcupsd/apcupsd.conf"
+  notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
--- a/friedhof/mgrote_apcupsd/templates/apccontrol.save
+++ b/friedhof/mgrote_apcupsd/templates/apccontrol.save
@ -0,0 +1,138 @@
+{{ file_header | default () }}
+#!@SCRIPTSHELL@
+#
+#    Safe apccontrol for testing.
+#
+#  This apccontrol can be used for testing without fear
+#  that it will bring your system down
+#     @configure_input@
+#
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+APCUPSD=@sbindir@/apcupsd
+SHUTDOWN=@SHUTDOWN@
+SCRIPTDIR=@sysconfdir@
+
+#
+case "$1" in
+        killpower)
+                wall <<EOF
+apccontrol: ${APCUPSD} --killpower would have been.
+
+EOF
+        ;;
+        commfailure)
+                wall <<EOF
+apccontrol: Communications with UPS lost.
+
+EOF
+        ;;
+        commok)
+                wall <<EOF
+apccontrol: Communciations with UPS restored.
+
+EOF
+        ;;
+        powerout)
+                wall <<EOF
+apccontrol: Warning power loss detected.
+
+EOF
+        ;;
+        onbattery)
+                wall <<EOF
+apccontrol: Power failure. Running on UPS batteries.
+
+EOF
+        ;;
+        offbattery)
+                wall <<EOF
+apccontrol: Off battery. Mains returned.
+
+EOF
+        ;;
+        failing)
+                wall <<EOF
+apccontrol: UPS battery power exhausted. Doing shutdown.
+
+EOF
+        ;;
+        timeout)
+                wall <<EOF
+apccontrol: UPS battery runtime limit exceeded. Doing shutdown.
+
+EOF
+        ;;
+        loadlimit)
+                wall <<EOF
+apccontrol: UPS battery discharge limit reached. Doing shutdown.
+
+EOF
+        ;;
+        runlimit)
+                wall <<EOF
+apccontrol: UPS battery runtime percent reached. Doing shutdown.
+
+EOF
+        ;;
+        doreboot)
+                wall <EOF
+apccontrol: ${SHUTDOWN} for reboot would have been called.
+
+EOF
+        ;;
+        doshutdown)
+                wall <<EOF
+apccontrol: ${SHUTDOWN} for halt would have been called.
+
+EOF
+        ;;
+        mainsback)
+                wall <<EOF
+apccontrol: Power has returned...
+
+EOF
+        ;;
+        annoyme)
+                wall <<EOF
+apccontrol: Power problems please logoff.
+
+EOF
+        ;;
+        emergency)
+                wall <<EOF
+apccontrol: ${SHUTDOWN} for emergency halt would have been called.
+
+EOF
+        ;;
+        changeme)
+                wall <<EOF
+apccontrol: Emergency! UPS batteries have failed.
+
+Change them NOW !
+EOF
+        ;;
+        remotedown)
+                wall <<EOF
+apccontrol: ${SHUTDOWN} for remote halt would have been called.
+
+EOF
+        ;;
+        startselftest)
+                wall <<EOF
+apccontrol: start self test would have been called.
+
+EOF
+        ;;
+        endselftest)
+                wall <<EOF
+apccontrol: end self test would have been called.
+
+EOF
+        ;;
+        *)      echo "Usage: ${0##*/} command"
+                echo "       warning: this script is intended to be launched by"
+                echo "       apcupsd and should never be launched by users."
+                exit 1
+        ;;
+esac
--- a/friedhof/mgrote_apcupsd/templates/apcupsd
+++ b/friedhof/mgrote_apcupsd/templates/apcupsd
@ -0,0 +1 @@
+ISCONFIGURED=yes
--- a/friedhof/mgrote_apcupsd/templates/master_apcupsd.conf
+++ b/friedhof/mgrote_apcupsd/templates/master_apcupsd.conf
@ -0,0 +1,17 @@
+## apcupsd.conf v1.1 ##
+{{ file_header | default () }}
+UPSCABLE usb
+
+UPSTYPE usb
+DEVICE
+
+UPSNAME {{ apcupsd_ups_name }}
+
+NETSERVER ON
+NISIP {{ apcupsd_nis_master_listen_ip }}
+NISPORT {{ apcupsd_nis_master_listen_port }}
+
+ONBATTERYDELAY {{ apcupsd_master_onbatterydelay }}
+BATTERYLEVEL {{ apcupsd_master_batterylevel_for_shutdown }}
+MINUTES {{ apcupsd_master_minutes_for_shutdown }}
+NOLOGON {{ apcupsd_master_nologon_when_active }}
--- a/friedhof/mgrote_apcupsd/templates/slave_apcupsd.conf
+++ b/friedhof/mgrote_apcupsd/templates/slave_apcupsd.conf
@ -0,0 +1,16 @@
+## apcupsd.conf v1.1 ##
+{{ file_header | default () }}
+
+UPSCABLE ether
+UPSTYPE net
+DEVICE {{ apcupsd_nis_master_hostname }}:{{ apcupsd_nis_master_listen_port }}
+
+LOCKFILE /var/lock
+UPSCLASS standalone
+UPSMODE disable
+POLLTIME {{ apcupsd_slave_polltime }}
+
+ONBATTERYDELAY {{ apcupsd_slave_onbatterydelay }}
+BATTERYLEVEL {{ apcupsd_slave_batterylevel_for_shutdown }}
+MINUTES {{ apcupsd_slave_minutes_for_shutdown }}
+NOLOGON {{ apcupsd_slave_nologon_when_active }}
--- a/friedhof/mgrote_dnsmasq_adblocker/LICENSE
+++ b/friedhof/mgrote_dnsmasq_adblocker/LICENSE
--- a/friedhof/mgrote_dnsmasq_adblocker/README.md
+++ b/friedhof/mgrote_dnsmasq_adblocker/README.md
--- a/friedhof/mgrote_dnsmasq_adblocker/defaults/main.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/defaults/main.yml
@ -0,0 +1,41 @@
+---
+# Welche DNS-Server soll dnsmasq anfragen?
+dnsmasq_resolver:
+  - 9.9.9.9
+  - 1.1.1.1
+# Soll dnsmasq alle Anfragen loggen?
+dnsmasq_log_queries: false
+# Wohin soll das Log geschrieben werden?
+dnsmasq_logfile: /var/log/dnsmasq.log
+# Welche BLocklisten sollen verwendet werden?
+dnsmasq_blocklists:
+  - name: sysctl.org
+    state: present
+    url: http://sysctl.org/cameleon/hosts
+  - name: StevenBlack.1
+    state: present
+    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
+  - name: StevenBlack.2
+    state: present
+    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
+  - name: adaway.org
+    state: present
+    url: https://adaway.org/hosts.txt
+  - name: StevenBlack.3
+    state: present
+    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+  - name: developerdan.1
+    state: present
+    url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
+  - name: developerdan.2
+    state: present
+    url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
+# Wie groß soll der Cache sein?
+dnsmasq_cache_size: 10000
+# Auf welchem Port soll dnsmasq laufen?
+dnsmasq_port: 53
+# User und Gruppe für dnsmasq
+dnsmasq_user_group: dnsmasq
+dnsmasq_user: dnsmasq
+# Which domain should never be forwarded tor the "dnsmasq_resolvers"
+dnsmasq_never_forward_domain: local.lan
--- a/friedhof/mgrote_dnsmasq_adblocker/handlers/main.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: restart dnsmasq
+  become: true
+  ansible.builtin.systemd:
+    name: dnsmasq
+    state: restarted
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/LICENSE
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/LICENSE
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/README.md
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/README.md
@ -0,0 +1,16 @@
+## mgrote.dnsmasq-adblocker
+
+### Beschreibung
+Installiert ``dnsmasq`` als reinen DNS-Server mit Werbeblockerfunktion.
+
+### getestet auf
+- [X] Ubuntu (>=20.04)
+
+
+### Variablen + Defaults
+see [defaults](./defaults/main.yml)
+
+### Abgekupfert bei
+* https://alexellisuk.medium.com/lightweight-ad-blocking-with-dnsmasq-and-raspberry-pi-665dbb3242e3
+* https://www.atemlire.io/how-to-easily-create-your-own-adblock-using-dnsmasq
+* https://pi-hole.net
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/defaults/main.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/defaults/main.yml
@ -0,0 +1,41 @@
+---
+# Welche DNS-Server soll dnsmasq anfragen?
+dnsmasq_resolver:
+  - 9.9.9.9
+  - 1.1.1.1
+# Soll dnsmasq alle Anfragen loggen?
+dnsmasq_log_queries: false
+# Wohin soll das Log geschrieben werden?
+dnsmasq_logfile: /var/log/dnsmasq.log
+# Welche BLocklisten sollen verwendet werden?
+dnsmasq_blocklists:
+  - name: sysctl.org
+    state: present
+    url: http://sysctl.org/cameleon/hosts
+  - name: StevenBlack.1
+    state: present
+    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
+  - name: StevenBlack.2
+    state: present
+    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
+  - name: adaway.org
+    state: present
+    url: https://adaway.org/hosts.txt
+  - name: StevenBlack.3
+    state: present
+    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+  - name: developerdan.1
+    state: present
+    url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
+  - name: developerdan.2
+    state: present
+    url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
+# Wie groß soll der Cache sein?
+dnsmasq_cache_size: 10000
+# Auf welchem Port soll dnsmasq laufen?
+dnsmasq_port: 53
+# User und Gruppe für dnsmasq
+dnsmasq_user_group: dnsmasq
+dnsmasq_user: dnsmasq
+# Which domain should never be forwarded tor the "dnsmasq_resolvers"
+dnsmasq_never_forward_domain: local.lan
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/handlers/main.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: restart dnsmasq
+  become: true
+  ansible.builtin.systemd:
+    name: dnsmasq
+    state: restarted
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/blocklist.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/blocklist.yml
@ -0,0 +1,19 @@
+---
+- name: download blocklist(s)
+  ansible.builtin.get_url:
+    url: "{{ item.url }}"
+    dest: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
+    owner: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+  loop: "{{ dnsmasq_blocklists }}"
+  when: item.state == "present"
+  notify: restart dnsmasq
+  register: download
+
+- name: remove blocklist(s)
+  ansible.builtin.file:
+    path: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
+    state: absent
+  loop: "{{ dnsmasq_blocklists }}"
+  when: item.state == "absent"
+  notify: restart dnsmasq
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/config.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/config.yml
@ -0,0 +1,9 @@
+---
+- name: template /etc/dnsmasq.conf
+  become: true
+  ansible.builtin.template:
+    src: dnsmasq.conf.j2
+    dest: /etc/dnsmasq.conf
+    owner: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+  notify: restart dnsmasq
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/install.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/install.yml
@ -0,0 +1,62 @@
+---
+- name: ensure packages are installed
+  become: true
+  ansible.builtin.package:
+    name:
+      - dnsmasq
+      - wget
+    state: present
+  register: install
+
+- name: stop dnsmasq (to prevent accidental DHCP-Server after installation)
+  become: true
+  ansible.builtin.service:
+    name: dnsmasq
+    state: stopped
+  when: install.changed
+
+- name: ensure group exists
+  become: true
+  ansible.builtin.group:
+    name: "{{ dnsmasq_user_group }}"
+    state: present
+  when:
+    - dnsmasq_user_group is defined
+
+- name: ensure user exists
+  become: true
+  ansible.builtin.user:
+    name: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+    ansible.builtin.shell: /usr/sbin/nologin
+    create_home: false
+  when:
+    - dnsmasq_user_group is defined
+    - dnsmasq_user is defined
+
+- name: ensure needed directories exists
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+  loop:
+    - /etc/dnsmasq.d
+    - /etc/dnsmasq.d/blocklists
+
+- name: clear default directories
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/dnsmasq.d/README
+
+- name: template logrotate config
+  become: true
+  ansible.builtin.template:
+    src: logrotate.j2
+    dest: /etc/logrotate.d/dnsmasq
+    owner: root
+    group: root
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/main.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/main.yml
@ -0,0 +1,12 @@
+---
+- name: include install tasks
+  ansible.builtin.include_tasks: install.yml
+
+- name: include configuration tasks
+  ansible.builtin.include_tasks: config.yml
+
+- name: include systemd tasks
+  ansible.builtin.include_tasks: services.yml
+
+- name: include blocklist tasks
+  ansible.builtin.include_tasks: blocklist.yml
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/services.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/tasks/services.yml
@ -0,0 +1,18 @@
+---
+- name: stop systemd-resolved service
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    state: stopped
+
+- name: mask systemd-resolved service
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    masked: true
+    state: stopped
+
+- name: template /etc/resolv.conf
+  ansible.builtin.template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    backup: true
+  notify: restart dnsmasq
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/templates/dnsmasq.conf.j2
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/templates/dnsmasq.conf.j2
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/templates/logrotate.j2
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/templates/logrotate.j2
--- a/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/templates/resolv.conf.j2
+++ b/friedhof/mgrote_dnsmasq_adblocker/mgrote.dnsmasq_adblocker/templates/resolv.conf.j2
--- a/friedhof/mgrote_dnsmasq_adblocker/tasks/blocklist.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/tasks/blocklist.yml
@ -0,0 +1,19 @@
+---
+- name: download blocklist(s)
+  ansible.builtin.get_url:
+    url: "{{ item.url }}"
+    dest: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
+    owner: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+  loop: "{{ dnsmasq_blocklists }}"
+  when: item.state == "present"
+  notify: restart dnsmasq
+  register: download
+
+- name: remove blocklist(s)
+  ansible.builtin.file:
+    path: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
+    state: absent
+  loop: "{{ dnsmasq_blocklists }}"
+  when: item.state == "absent"
+  notify: restart dnsmasq
--- a/friedhof/mgrote_dnsmasq_adblocker/tasks/config.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/tasks/config.yml
@ -0,0 +1,9 @@
+---
+- name: template /etc/dnsmasq.conf
+  become: true
+  ansible.builtin.template:
+    src: dnsmasq.conf.j2
+    dest: /etc/dnsmasq.conf
+    owner: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+  notify: restart dnsmasq
--- a/friedhof/mgrote_dnsmasq_adblocker/tasks/install.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/tasks/install.yml
@ -0,0 +1,62 @@
+---
+- name: ensure packages are installed
+  become: true
+  ansible.builtin.package:
+    name:
+      - dnsmasq
+      - wget
+    state: present
+  register: install
+
+- name: stop dnsmasq (to prevent accidental DHCP-Server after installation)
+  become: true
+  ansible.builtin.service:
+    name: dnsmasq
+    state: stopped
+  when: install.changed
+
+- name: ensure group exists
+  become: true
+  ansible.builtin.group:
+    name: "{{ dnsmasq_user_group }}"
+    state: present
+  when:
+    - dnsmasq_user_group is defined
+
+- name: ensure user exists
+  become: true
+  ansible.builtin.user:
+    name: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+    ansible.builtin.shell: /usr/sbin/nologin
+    create_home: false
+  when:
+    - dnsmasq_user_group is defined
+    - dnsmasq_user is defined
+
+- name: ensure needed directories exists
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ dnsmasq_user }}"
+    group: "{{ dnsmasq_user_group }}"
+  loop:
+    - /etc/dnsmasq.d
+    - /etc/dnsmasq.d/blocklists
+
+- name: clear default directories
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/dnsmasq.d/README
+
+- name: template logrotate config
+  become: true
+  ansible.builtin.template:
+    src: logrotate.j2
+    dest: /etc/logrotate.d/dnsmasq
+    owner: root
+    group: root
--- a/friedhof/mgrote_dnsmasq_adblocker/tasks/main.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/tasks/main.yml
@ -0,0 +1,12 @@
+---
+- name: include install tasks
+  ansible.builtin.include_tasks: install.yml
+
+- name: include configuration tasks
+  ansible.builtin.include_tasks: config.yml
+
+- name: include systemd tasks
+  ansible.builtin.include_tasks: services.yml
+
+- name: include blocklist tasks
+  ansible.builtin.include_tasks: blocklist.yml
--- a/friedhof/mgrote_dnsmasq_adblocker/tasks/services.yml
+++ b/friedhof/mgrote_dnsmasq_adblocker/tasks/services.yml
@ -0,0 +1,18 @@
+---
+- name: stop systemd-resolved service
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    state: stopped
+
+- name: mask systemd-resolved service
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    masked: true
+    state: stopped
+
+- name: template /etc/resolv.conf
+  ansible.builtin.template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    backup: true
+  notify: restart dnsmasq
--- a/friedhof/mgrote_dnsmasq_adblocker/templates/dnsmasq.conf.j2
+++ b/friedhof/mgrote_dnsmasq_adblocker/templates/dnsmasq.conf.j2
@ -0,0 +1,63 @@
+{{ file_header | default () }}
+# Listen on this specific port instead of the standard DNS port
+# (53). Setting this to zero completely disables DNS function,
+# leaving only DHCP and/or TFTP.
+port={{ dnsmasq_port }}
+
+# If you want dnsmasq to listen for DHCP and DNS requests only on
+# specified interfaces (and the loopback) give the name of the
+# interface (eg eth0) here.
+# Repeat the line for more than one interface.
+interface={{ ansible_default_ipv4.interface }}
+
+# If you want dnsmasq to provide only DNS service on an interface,
+# configure it as shown above, and then use the following line to
+# disable DHCP and TFTP on it.
+no-dhcp-interface={{ ansible_default_ipv4.interface }}
+
+# Set the cachesize here.
+cache-size={{ dnsmasq_cache_size }}
+
+log-facility={{ dnsmasq_logfile }}
+
+# Never forward plain names (without a dot or domain part)
+domain-needed
+
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
+
+# If you don't want dnsmasq to read /etc/hosts, uncomment the
+# following line.
+no-hosts
+
+# Add local-only domains here, queries in these domains are answered
+# from /etc/hosts or DHCP only.
+local=/{{ dnsmasq_never_forward_domain }}/
+
+# RFC 6761: Caching DNS servers SHOULD recognize
+#     test, localhost, invalid
+# names as special and SHOULD NOT attempt to look up NS records for them, or
+# otherwise query authoritative DNS servers in an attempt to resolve these
+# names.
+server=/test/
+server=/localhost/
+server=/invalid/
+
+# OpenWRT furthermore blocks    bind, local, onion    domains
+# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
+# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
+server=/bind/
+server=/onion/
+
+# If you don't want dnsmasq to read /etc/hosts, uncomment the
+# following line.
+#no-hosts
+# or if you want it to read another file, as well as /etc/hosts, use
+# this.
+addn-hosts=/etc/dnsmasq.d/blocklists
+
+{% if dnsmasq_log_queries is sameas true %}
+# For debugging purposes, log each DNS query as it passes through
+# dnsmasq.
+log-queries
+{% endif %}
--- a/friedhof/mgrote_dnsmasq_adblocker/templates/logrotate.j2
+++ b/friedhof/mgrote_dnsmasq_adblocker/templates/logrotate.j2
@ -1,12 +1,15 @@
 {{ file_header | default () }}
-/var/log/restic.log {
+{{ dnsmasq_logfile }} {
  su root root
  create 0640 root root
  rotate 4
-  weekly
+  daily
  compress
  missingok
  notifempty
  dateext
  dateyesterday
+  postrotate
+    systemctl restart dnsmasq
+  endscript
 }
--- a/friedhof/mgrote_dnsmasq_adblocker/templates/resolv.conf.j2
+++ b/friedhof/mgrote_dnsmasq_adblocker/templates/resolv.conf.j2
@ -0,0 +1,4 @@
+{{ file_header | default () }}
+{% for item in dnsmasq_resolver %}
+nameserver {{ item }}
+{% endfor %}
--- a/friedhof/mgrote_docker_compose_deploy/LICENSE
+++ b/friedhof/mgrote_docker_compose_deploy/LICENSE
--- a/friedhof/mgrote_docker_compose_deploy/README.md
+++ b/friedhof/mgrote_docker_compose_deploy/README.md
--- a/friedhof/mgrote_docker_compose_deploy/tasks/dockercompose-down.yml
+++ b/friedhof/mgrote_docker_compose_deploy/tasks/dockercompose-down.yml
@ -0,0 +1,24 @@
+---
+- name: set dir - "{{ item.name }}"
+  ansible.builtin.set_fact:
+    project_dir: "{{ docker_compose_base_dir }}/{{ item.dir_name | default (item.name) }}"
+  when:
+    - docker_compose_base_dir is defined
+    - docker_compose_projects is defined
+
+- name: check if dir exists
+  ansible.builtin.stat:
+    path: "{{ project_dir }}"
+  register: dir
+
+- name: stop container - "{{ item.name }}"
+  ansible.builtin.shell: docker-compose down
+  args:
+    chdir: "{{ project_dir }}"
+  when: dir.stat.exists
+
+- name: remove repository - "{{ item.name }}"
+  ansible.builtin.file:
+    state: absent
+    dest: "{{ project_dir }}"
+  when: dir.stat.exists
--- a/friedhof/mgrote_docker_compose_deploy/tasks/dockercompose-up.yml
+++ b/friedhof/mgrote_docker_compose_deploy/tasks/dockercompose-up.yml
@ -0,0 +1,64 @@
+---
+- name: set username and passwort - "{{ item.name }}"
+  ansible.builtin.set_fact:
+    login: "{{ item.repository_user  }}:{{ item.repository_user_password }}@"
+  when:
+    - item.repository_user is defined
+    - item.repository_user_password is defined
+
+- name: set dir - "{{ item.name }}"
+  ansible.builtin.set_fact:
+    project_dir: "{{ docker_compose_base_dir }}/{{ item.dir_name | default (item.name) }}"
+  when:
+    - docker_compose_base_dir is defined
+    - docker_compose_projects is defined
+
+- name: check if repo exists - "{{ item.name }}" (wenn der Task >30s dauert sind die Login-Daten falsch)
+  ansible.builtin.stat:
+    path: "{{ project_dir }}"
+  register: repo_exists
+
+- name: set safe directory
+  become: true
+  ansible.builtin.shell:
+    cmd: git config --global --add safe.directory "{{ project_dir }}"
+  changed_when: false
+
+- name: stash changes - "{{ item.name }}"
+  ansible.builtin.shell: git stash
+  args:
+    chdir: "{{ project_dir }}"
+  changed_when: false
+  when: repo_exists.stat.exists
+
+- name: clone repository - "{{ item.name }}"
+  ansible.builtin.git:
+    repo: "https://{{ login | default () }}{{ item.repository_url }}"
+    dest: "{{ project_dir }}"
+    version: "{{ item.git_branch | default ('master') }}"
+  register: repo
+
+- name: set owner recursive for repo
+  ansible.builtin.file:
+    path: "{{ project_dir }}"
+    owner: "{{ item.os_username }}"
+    group: "{{ item.os_username }}"
+    recurse: true
+  when: repo is changed
+
+- name: create networks - "{{ item.name }}"
+  ansible.builtin.shell: "docker network create {{ item.network_name }}" # erstelle network
+  when: "item.network_name is defined" # wenn network_name definiert ist
+  register: network_result # speichere ergebnis in var
+  changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
+  ignore_errors: true # ignoriere fehler
+
+- name: (re)start container - "{{ item.name }}"
+  ansible.builtin.shell: docker-compose down && docker-compose up -d
+  args:
+    chdir: "{{ project_dir }}"
+  when: repo.changed
+
+- name: unset username and passwort - "{{ item.name }}"
+  ansible.builtin.set_fact:
+    login: ""
--- a/friedhof/mgrote_docker_compose_deploy/tasks/main.yml
+++ b/friedhof/mgrote_docker_compose_deploy/tasks/main.yml
@ -0,0 +1,16 @@
+---
+- name: loop docker tasks - up
+  ansible.builtin.include_tasks: dockercompose-up.yml
+  loop: "{{ docker_compose_projects }}"
+  when:
+    - item.state == "present"
+    - docker_compose_projects is defined
+  no_log: true
+
+- name: loop docker tasks - down
+  ansible.builtin.include_tasks: dockercompose-down.yml
+  loop: "{{ docker_compose_projects }}"
+  when:
+    - item.state == "absent"
+    - docker_compose_projects is defined
+  no_log: true
--- a/roles/mgrote.docker-compose-inline/LICENSE
+++ b/roles/mgrote.docker-compose-inline/LICENSE
--- a/friedhof/mgrote_i3/mgrote.i3/LICENSE
+++ b/friedhof/mgrote_i3/mgrote.i3/LICENSE
--- a/friedhof/mgrote_i3/mgrote.i3/readme.md
+++ b/friedhof/mgrote_i3/mgrote.i3/readme.md
--- a/friedhof/mgrote_i3/mgrote.i3/tasks/main.yml
+++ b/friedhof/mgrote_i3/mgrote.i3/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- name: install packages
+  become: true
+  ansible.builtin.package:
+    name:
+      - i3
+      - i3lock
+      - arandr
+      - x11-xserver-utils # xrandr
+      - feh # wallpaper
+      - rofi
+      - xautolock #bildschirmsperre nach x min
+      - flameshot #screenshots
+      - dunst #notification daemon
+    state: present
--- a/friedhof/mgrote_i3/readme.md
+++ b/friedhof/mgrote_i3/readme.md
@ -0,0 +1,4 @@
+## mgrote.vim
+
+### Beschreibung
+installiert i3 + tools.
--- a/friedhof/mgrote_i3/tasks/main.yml
+++ b/friedhof/mgrote_i3/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- name: install packages
+  become: true
+  ansible.builtin.package:
+    name:
+      - i3
+      - i3lock
+      - arandr
+      - x11-xserver-utils # xrandr
+      - feh # wallpaper
+      - rofi
+      - xautolock #bildschirmsperre nach x min
+      - flameshot #screenshots
+      - dunst #notification daemon
+    state: present
--- a/friedhof/mgrote_minio/LICENSE
+++ b/friedhof/mgrote_minio/LICENSE
--- a/friedhof/mgrote_minio/README.md
+++ b/friedhof/mgrote_minio/README.md
--- a/friedhof/mgrote_minio/defaults/main.yml
+++ b/friedhof/mgrote_minio/defaults/main.yml
@ -0,0 +1,20 @@
+---
+minio_download_url: https://dl.min.io/server/minio/release/linux-amd64/minio # downloadlink
+
+minio_bin_path: /usr/local/bin # where to put the binary
+minio_volumes_base_dir: /usr/local/share/minio/ # where to store the buckets
+minio_config_dir: /etc/minio # where to store the config
+
+minio_fqdn: minio-test.grote.lan
+minio_port: 9000 # s3 port
+minio_console_port: 34081 # mgmt-gui port
+
+minio_root_user: minio # default web user
+minio_root_password: miniostorage # defaut pass
+
+minio_user: minio-user # linux user
+minio_group: minio-user # linux group
+
+minio_server_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
+
+minio_browser_redirect_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
--- a/friedhof/mgrote_minio/handlers/main.yml
+++ b/friedhof/mgrote_minio/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: (re)start service
+  become: true
+  ansible.builtin.systemd:
+    name: minio
+    state: restarted
--- a/friedhof/mgrote_minio/mgrote.minio/LICENSE
+++ b/friedhof/mgrote_minio/mgrote.minio/LICENSE
--- a/friedhof/mgrote_minio/mgrote.minio/README.md
+++ b/friedhof/mgrote_minio/mgrote.minio/README.md
@ -0,0 +1,12 @@
+## mgrote.minio
+
+### Beschreibung
+Installiert einen Single-Minio-Server.
+
+### getestet auf
+- [X] Ubuntu (>=20.04)
+- [ ] Debian
+- [ ] ProxMox 6.1
+
+### Variablen + Defaults
+see [defaults](./defaults/main.yml)
--- a/friedhof/mgrote_minio/mgrote.minio/defaults/main.yml
+++ b/friedhof/mgrote_minio/mgrote.minio/defaults/main.yml
@ -0,0 +1,20 @@
+---
+minio_download_url: https://dl.min.io/server/minio/release/linux-amd64/minio # downloadlink
+
+minio_bin_path: /usr/local/bin # where to put the binary
+minio_volumes_base_dir: /usr/local/share/minio/ # where to store the buckets
+minio_config_dir: /etc/minio # where to store the config
+
+minio_fqdn: minio-test.grote.lan
+minio_port: 9000 # s3 port
+minio_console_port: 34081 # mgmt-gui port
+
+minio_root_user: minio # default web user
+minio_root_password: miniostorage # defaut pass
+
+minio_user: minio-user # linux user
+minio_group: minio-user # linux group
+
+minio_server_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
+
+minio_browser_redirect_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
--- a/friedhof/mgrote_minio/mgrote.minio/handlers/main.yml
+++ b/friedhof/mgrote_minio/mgrote.minio/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: (re)start service
+  become: true
+  ansible.builtin.systemd:
+    name: minio
+    state: restarted
--- a/friedhof/mgrote_minio/mgrote.minio/tasks/main.yml
+++ b/friedhof/mgrote_minio/mgrote.minio/tasks/main.yml
@ -0,0 +1,62 @@
+---
+- name: ensure group exists
+  ansible.builtin.group:
+    name: "{{ minio_group }}"
+    state: present
+
+- name: ensure user exists
+  ansible.builtin.user:
+    name: "{{ minio_user }}"
+    group: "{{ minio_group }}"
+    ansible.builtin.shell: /sbin/nologin
+    state: present
+    create_home: false
+
+- name: ensure needed directories are present
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ minio_user }}"
+    group: "{{ minio_user }}"
+  with_items:
+    - "{{ minio_volumes_base_dir }}"
+    - "{{ minio_config_dir }}"
+
+- name: download binary
+  ansible.builtin.get_url:
+    url: "{{ minio_download_url }}"
+    dest: "{{ minio_bin_path }}/minio"
+    mode: "0744"
+    owner: "{{ minio_user }}"
+    group: "{{ minio_user }}"
+
+- name: template default config
+  become: true
+  ansible.builtin.template:
+    src: "default.j2"
+    dest: "/etc/default/minio"
+    owner: "{{ minio_user }}"
+    group: "{{ minio_user }}"
+  notify: (re)start service
+  no_log: true
+
+- name: template systemd-unit
+  become: true
+  ansible.builtin.template:
+    src: "minio.service.j2"
+    dest: "/etc/systemd/system/minio.service"
+    mode: a+x
+    owner: "{{ minio_user }}"
+    group: "{{ minio_user }}"
+  notify: (re)start service
+
+- name: systemd daemon reload
+  become: true
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: enable systemd service
+  become: true
+  ansible.builtin.systemd:
+    name: minio
+    enabled: true
--- a/Show More
+++ b/Show More