diff --git a/ansible.cfg b/ansible.cfg index 823a9b4b..3dc509a5 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -34,4 +34,4 @@ always = true [ara] api_client = http -api_server = http://docker4.grote.lan:2233 +api_server = http://docker7.grote.lan:2233 diff --git a/group_vars/all.yml b/group_vars/all.yml index b6bb604c..7bb0b0e5 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -130,7 +130,7 @@ to_port: 4949 protocol: tcp comment: 'munin' - from_ip: 192.168.2.144/24 + from_ip: 192.168.2.0/24 ufw_default_incoming_policy: deny ufw_default_outgoing_policy: allow ### mgrote.apt_manage_packages diff --git a/group_vars/docker.yml b/group_vars/docker.yml index 47c25fa2..7ee331eb 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -9,6 +9,14 @@ public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true allow_passwordless_sudo: true + - username: docker-user + password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}" + update_password: on_create + groups: ssh, sudo, docker + state: present + allow_sudo: true + allow_passwordless_sudo: true + uid: "5000" - username: ansible-user password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: on_create @@ -20,9 +28,54 @@ ### geerlingguy.docker docker_users: - mg + - docker-user ### geerlingguy.pip pip_package: python3-pip pip_install_packages: - name: docker # für munin-plugin docker_ ### mgrote.docker-compose-deploy - docker_compose_base_dir: /home/mg/docker + docker_compose_base_dir: /home/docker-user + ### geerlingguy.munin-node + munin_node_bind_host: "0.0.0.0" + munin_node_bind_port: "4949" + munin_node_allowed_cidrs: [192.168.2.0/24] + munin_node_disabled_plugins: + - name: meminfo # zu hohe last + - name: hddtemp2 # ersetzt durch hddtemp_smartctl + - name: ntp # verursacht zu viele dns ptr request + - name: hddtempd # ersetzt durch hddtemp_smartctl + - name: ipmi_power # für pve2, leeres diagramm + - name: docker_images + - name: docker_status + - name: chrony + munin_node_plugins: + - name: timesync + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status + - name: systemd_status + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status + - name: lvm_ + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ + config: | + [lvm_*] + user root + - name: fail2ban + src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban + config: | + [fail2ban] + env.client /usr/bin/fail2ban-client + env.config_dir /etc/fail2ban + user root + - name: docker_containers + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + config: | + [docker_*] + user root + env.DOCKER_HOST unix://run/docker.sock + - name: docker_cpu + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_memory + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_network + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_volumes + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ diff --git a/host_vars/docker-test.grote.lan.yml b/host_vars/docker-test.grote.lan.yml index 7ec3b1da..77690c33 100644 --- a/host_vars/docker-test.grote.lan.yml +++ b/host_vars/docker-test.grote.lan.yml @@ -20,12 +20,6 @@ repository_url: git.mgrote.net/mg/docker-munin-master_test state: present os_username: mg - ### geerlingguy.munin-node - munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift - munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift - - '^127\.0\.0\.1$' - - '^::1$' - - ^0\.0\.0\.0$ ### oefenweb.ufw ufw_rules: # ist extra weil bei munin kein subnet angegeben ist - rule: allow @@ -38,3 +32,53 @@ protocol: tcp comment: 'munin' from_ip: 0.0.0.0/0 + ### geerlingguy.munin-node + munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift + munin_node_disabled_plugins: + - name: meminfo # zu hohe last + - name: hddtemp2 # ersetzt durch hddtemp_smartctl + - name: ntp # verursacht zu viele dns ptr request + - name: hddtempd # ersetzt durch hddtemp_smartctl + - name: ipmi_power # für pve2, leeres diagramm + - name: docker_images + - name: docker_status + - name: chrony + munin_node_plugins: + - name: timesync + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status + - name: systemd_status + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status + - name: lvm_ + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ + config: | + [lvm_*] + user root + - name: fail2ban + src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban + config: | + [fail2ban] + env.client /usr/bin/fail2ban-client + env.config_dir /etc/fail2ban + user root + - name: docker_containers + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + config: | + [docker_*] + user root + env.DOCKER_HOST unix://run/docker.sock + - name: docker_cpu + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_memory + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_network + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_volumes + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: http_response + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response + config: | + [http_response] + env.sites http://docker-test.grote.lan:333 http://docker-test.grote.lan:1234 + env.max_time 20 + env.short_label true + env.follow_redirect true diff --git a/host_vars/docker3.grote.lan.yml b/host_vars/docker3.grote.lan.yml deleted file mode 100644 index 92615dce..00000000 --- a/host_vars/docker3.grote.lan.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- - ### mgrote.docker-compose-deploy - docker_compose_projects: - - name: miniflux - dir_name: docker-miniflux - repository_url: git.mgrote.net/mg/docker-miniflux - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - state: present - os_username: mg - - name: navidrome-mg - dir_name: docker-navidrome-mg - repository_url: git.mgrote.net/mg/docker-navidrome-mg - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - state: present - os_username: mg - - name: nightscout - dir_name: docker-nightscout - repository_url: git.mgrote.net/mg/docker-nightscout - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - state: present - os_username: mg - - name: traefik - dir_name: docker-traefik - repository_url: git.mgrote.net/mg/docker-traefik - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - network_name: nw_proxy_traefik - state: present - os_username: mg - - name: watchtower - dir_name: docker-watchtower - repository_url: git.mgrote.net/mg/docker-watchtower - state: present - os_username: mg - ### geerlingguy.munin-node - munin_node_plugins: - - name: timesync - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: lvm_ - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ - config: | - [lvm_*] - user root - - name: docker_containers - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - config: | - [docker_*] - user root - env.DOCKER_HOST unix://run/docker.sock - - name: docker_cpu - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_memory - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_network - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_volumes - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root - - name: http_response - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response - config: | - [http_response] - env.sites http://docker3.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker3.grote.lan:3001 https://nightscout.mgrote.net https://audio.mgrote.net/mg - env.max_time 20 - env.short_label true - env.follow_redirect true diff --git a/host_vars/docker4.grote.lan.yml b/host_vars/docker4.grote.lan.yml deleted file mode 100644 index d5cdbe2a..00000000 --- a/host_vars/docker4.grote.lan.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- - ### mgrote.docker-compose-deploy - docker_compose_projects: - - name: watchtower - dir_name: docker-watchtower - repository_url: git.mgrote.net/mg/docker-watchtower - state: present - os_username: mg - - name: ansible-ara - dir_name: docker-ansible-ara - repository_url: git.mgrote.net/mg/docker-ansible-ara - state: present - os_username: mg - - name: photoprism # wird der container woanders hin verschoben restic ausnahmen wieder eintragen, oder /var/lib/docker aus restic entfernen - dir_name: docker-photoprism - repository_url: git.mgrote.net/mg/docker-photoprism - state: present - os_username: mg - repository_user: mg - repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - - ### geerlingguy.munin-node - munin_node_plugins: - - name: timesync - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: lvm_ - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ - config: | - [lvm_*] - user root - - name: docker_containers - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - config: | - [docker_*] - user root - env.DOCKER_HOST unix://run/docker.sock - - name: docker_cpu - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_memory - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_network - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: docker_volumes - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root - - name: http_response - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response - config: | - [http_response] - env.sites http://docker4.grote.lan:2233 http://docker4.grote.lan:2342 - env.max_time 20 - env.short_label true - env.follow_redirect true diff --git a/host_vars/docker2.grote.lan.yml b/host_vars/docker7.grote.lan.yml similarity index 73% rename from host_vars/docker2.grote.lan.yml rename to host_vars/docker7.grote.lan.yml index 10c26483..e26c3835 100644 --- a/host_vars/docker2.grote.lan.yml +++ b/host_vars/docker7.grote.lan.yml @@ -1,53 +1,103 @@ --- + ### mgrote.apt_manage_packages + apt_packages_extra: + - libwww-curl-perl # für munin-plugin: unifi + - libjson-perl # für munin-plugin: unifi + - sshpass # fur munin mt_system_* ### mgrote.docker-compose-deploy docker_compose_projects: - - name: changedetection - dir_name: docker-changedetection - repository_url: git.mgrote.net/mg/docker-changedetection.io - state: present - os_username: mg - - name: munin-master - dir_name: docker-munin-master - repository_url: git.mgrote.net/mg/docker-munin-master_production - state: present - os_username: mg - name: watchtower dir_name: docker-watchtower repository_url: git.mgrote.net/mg/docker-watchtower state: present - os_username: mg + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: ansible-ara + dir_name: docker-ansible-ara + repository_url: git.mgrote.net/mg/docker-ansible-ara + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: homer dir_name: docker-homer repository_url: git.mgrote.net/mg/docker-homer state: present - os_username: mg - - name: unifi-controller - dir_name: docker-unifi-controller - repository_url: git.mgrote.net/mg/docker-unifi-controller + os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: changedetection + dir_name: docker-changedetection + repository_url: git.mgrote.net/mg/docker-changedetection.io state: present - os_username: mg + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: photoprism + dir_name: docker-photoprism + repository_url: git.mgrote.net/mg/docker-photoprism + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: nightscout + dir_name: docker-nightscout + repository_url: git.mgrote.net/mg/docker-nightscout + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: miniflux + dir_name: docker-miniflux + repository_url: git.mgrote.net/mg/docker-miniflux + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: traefik + dir_name: docker-traefik + repository_url: git.mgrote.net/mg/docker-traefik + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + network_name: nw_proxy_traefik + - name: munin-master + dir_name: docker-munin-master + repository_url: git.mgrote.net/mg/docker-munin-master_production + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: oxidized dir_name: docker-oxidized repository_url: git.mgrote.net/mg/docker-oxidized + state: present + os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - state: present - os_username: mg - name: librenms dir_name: docker-librenms repository_url: git.mgrote.net/mg/docker-librenms + state: present + os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: unifi-controller + dir_name: docker-unifi-controller + repository_url: git.mgrote.net/mg/docker-unifi-controller state: present - os_username: mg - ### geerlingguy.munin-node - munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift - munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift - - '^127\.0\.0\.1$' - - '^::1$' - - ^0\.0\.0\.0$ + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: navidrome-mg + dir_name: docker-navidrome-mg + repository_url: git.mgrote.net/mg/docker-navidrome-mg + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" ### oefenweb.ufw ufw_rules: # ist extra weil bei munin kein subnet angegeben ist - rule: allow @@ -60,10 +110,6 @@ protocol: tcp comment: 'munin' from_ip: 0.0.0.0/0 - ### mgrote.apt_manage_packages - apt_packages_extra: - - libwww-curl-perl # für munin-plugin: unifi - - libjson-perl # für munin-plugin: unifi ### geerlingguy.pip pip_package: python3-pip pip_install_packages: @@ -71,7 +117,17 @@ - name: fritzconnection # für munin fritzbox* - name: lxml # für munin fritzbox* - name: requests # für munin fritzbox* - ### mgrote.munin-node + ### geerlingguy.munin-node + munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift + munin_node_disabled_plugins: + - name: meminfo # zu hohe last + - name: hddtemp2 # ersetzt durch hddtemp_smartctl + - name: ntp # verursacht zu viele dns ptr request + - name: hddtempd # ersetzt durch hddtemp_smartctl + - name: ipmi_power # für pve2, leeres diagramm + - name: docker_images + - name: docker_status + - name: chrony munin_node_plugins: - name: timesync src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status @@ -82,20 +138,19 @@ config: | [lvm_*] user root + - name: fail2ban + src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban + config: | + [fail2ban] + env.client /usr/bin/fail2ban-client + env.config_dir /etc/fail2ban + user root - name: docker_containers src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ config: | [docker_*] user root env.DOCKER_HOST unix://run/docker.sock - - name: nextcloud_mgrote.next-cloud.org - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_ - config: | - [nextcloud_mgrote.next-cloud.org] - env.username munin - env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }} - env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info - env.scheme https - name: docker_cpu src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_memory @@ -104,6 +159,22 @@ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_volumes src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: http_response + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response + config: | + [http_response] + env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 https://nightscout.mgrote.net https://audio.mgrote.net/mg + env.max_time 20 + env.short_label true + env.follow_redirect true + - name: nextcloud_mgrote.next-cloud.org + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_ + config: | + [nextcloud_mgrote.next-cloud.org] + env.username munin + env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }} + env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info + env.scheme https - name: mt_system_crs309 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system config: | @@ -138,7 +209,7 @@ # Password to login to unifi controller API. Default is "ubnt" env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }} # URL of the API, with port if needed. No trailing slash. - env.api_url https://docker2.grote.lan:8443 + env.api_url https://docker7.grote.lan:8443 # Verify SSL certificate name against host. # Note: if using a default cloudkey certificate, this will fail unless you manually add it # to the local keystore. @@ -212,11 +283,3 @@ env.fritzbox_username munin env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }} env.traffic_remove_max true # if you do not want the possible max values - - name: http_response - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response - config: | - [http_response] - env.sites http://docker2.grote.lan:8888/nodes http://docker2.grote.lan:1234 http://docker2.grote.lan:5000 http://docker2.grote.lan:333 - env.max_time 20 - env.short_label true - env.follow_redirect true diff --git a/host_vars/pve2.grote.lan.yml b/host_vars/pve2.grote.lan.yml index 1e43df87..78d89192 100644 --- a/host_vars/pve2.grote.lan.yml +++ b/host_vars/pve2.grote.lan.yml @@ -252,7 +252,6 @@ snapshots: true template: '3tage' - sanoid_templates: - name: '31tage' keep_hourly: '24' # Aufheben (Stunde) @@ -294,7 +293,7 @@ ### mgrote.cv4pve-autosnap cv4pve_api_user: root@pam!cv4pve-autosnap cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}" - cv4pve_vmid: all,-127,-112,-100,-116 + cv4pve_vmid: all,-127,-112,-100,-116,-105 cv4pve_keep_snapshots: 5 cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip" diff --git a/inventory b/inventory index 6ea30f25..bdc0351e 100644 --- a/inventory +++ b/inventory @@ -26,9 +26,7 @@ all: ansible-test.grote.lan: docker: hosts: - docker3.grote.lan: - docker2.grote.lan: - docker4.grote.lan: + docker7.grote.lan: docker-test.grote.lan: vmtest: hosts: @@ -63,9 +61,7 @@ all: gitea.grote.lan: dnsmasq.grote.lan: ntp-server.grote.lan: - docker2.grote.lan: - docker3.grote.lan: - docker4.grote.lan: + docker7.grote.lan: test: hosts: dokuwiki-test.grote.lan: diff --git a/keepass_db.kdbx b/keepass_db.kdbx index 95278493..ab6d069b 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ diff --git a/playbooks/3_service/docker.yml b/playbooks/3_service/docker.yml index 312adf40..d6d8ce16 100644 --- a/playbooks/3_service/docker.yml +++ b/playbooks/3_service/docker.yml @@ -1,5 +1,34 @@ --- -- hosts: docker +- hosts: docker7.grote.lan + pre_tasks: + - name: create pv + vg for docker + become: true + community.general.lvg: + vg: vg_docker + pvs: /dev/sdb + state: present + - name: create lv for docker + become: true + community.general.lvol: + state: present + vg: vg_docker + lv: lv_docker + size: +100%FREE + - name: create fs on lv + become: true + community.general.filesystem: + fstype: xfs + dev: /dev/mapper/vg_docker-lv_docker + - name: mount lv + become: true + ansible.posix.mount: + path: /var/lib/docker + src: /dev/mapper/vg_docker-lv_docker + state: mounted + fstype: xfs + boot: yes + + roles: - { role: geerlingguy.pip, tags: "pip", become: true } - { role: geerlingguy.docker, tags: "docker", become: true } diff --git a/roles/mgrote.docker-compose-deploy/tasks/main.yml b/roles/mgrote.docker-compose-deploy/tasks/main.yml index c1513b33..c02d0ab1 100644 --- a/roles/mgrote.docker-compose-deploy/tasks/main.yml +++ b/roles/mgrote.docker-compose-deploy/tasks/main.yml @@ -4,6 +4,7 @@ loop: "{{ docker_compose_projects }}" when: - item.state == "present" + - docker_compose_projects is defined no_log: true - name: loop docker tasks - down @@ -11,4 +12,5 @@ loop: "{{ docker_compose_projects }}" when: - item.state == "absent" + - docker_compose_projects is defined no_log: true