Umbau docker (#337)

Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#337 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de>
2022-03-06 14:10:30 +01:00 · 2022-03-06 14:10:30 +01:00 · 8a4e47ad75
commit 8a4e47ad75
parent 111f6613e7
12 changed files with 251 additions and 203 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -34,4 +34,4 @@ always = true
 [ara]
 api_client = http
-api_server = http://docker4.grote.lan:2233
+api_server = http://docker7.grote.lan:2233
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -130,7 +130,7 @@
      to_port: 4949
      protocol: tcp
      comment: 'munin'
-      from_ip: 192.168.2.144/24
+      from_ip: 192.168.2.0/24
  ufw_default_incoming_policy: deny
  ufw_default_outgoing_policy: allow
  ### mgrote.apt_manage_packages
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -9,6 +9,14 @@
      public_ssh_key: "{{ ssh_public_key_mg }}"
      allow_sudo: true
      allow_passwordless_sudo: true
    - username: docker-user
      password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}"
      update_password: on_create
      groups: ssh, sudo, docker
      state: present
      allow_sudo: true
      allow_passwordless_sudo: true
      uid: "5000"
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
      update_password: on_create
@ -20,9 +28,54 @@
  ### geerlingguy.docker
  docker_users:
    - mg
    - docker-user
  ### geerlingguy.pip
  pip_package: python3-pip
  pip_install_packages:
    - name: docker # für munin-plugin docker_
  ### mgrote.docker-compose-deploy
-  docker_compose_base_dir: /home/mg/docker
+  docker_compose_base_dir: /home/docker-user
  ### geerlingguy.munin-node
  munin_node_bind_host: "0.0.0.0"
  munin_node_bind_port: "4949"
  munin_node_allowed_cidrs: [192.168.2.0/24]
  munin_node_disabled_plugins:
    - name: meminfo # zu hohe last
    - name: hddtemp2 # ersetzt durch hddtemp_smartctl
    - name: ntp # verursacht zu viele dns ptr request
    - name: hddtempd # ersetzt durch hddtemp_smartctl
    - name: ipmi_power # für pve2, leeres diagramm
    - name: docker_images
    - name: docker_status
    - name: chrony
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: docker_containers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
      config: |
        [docker_*]
        user root
        env.DOCKER_HOST unix://run/docker.sock
    - name: docker_cpu
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_memory
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_network
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_volumes
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
--- a/host_vars/docker-test.grote.lan.yml
+++ b/host_vars/docker-test.grote.lan.yml
@ -20,12 +20,6 @@
      repository_url: git.mgrote.net/mg/docker-munin-master_test
      state: present
      os_username: mg
  ### geerlingguy.munin-node
  munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
  munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift
    - '^127\.0\.0\.1$'
    - '^::1$'
    - ^0\.0\.0\.0$
  ### oefenweb.ufw
  ufw_rules: # ist extra weil bei munin kein subnet angegeben ist
    - rule: allow
@ -38,3 +32,53 @@
      protocol: tcp
      comment: 'munin'
      from_ip: 0.0.0.0/0
  ### geerlingguy.munin-node
  munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
  munin_node_disabled_plugins:
    - name: meminfo # zu hohe last
    - name: hddtemp2 # ersetzt durch hddtemp_smartctl
    - name: ntp # verursacht zu viele dns ptr request
    - name: hddtempd # ersetzt durch hddtemp_smartctl
    - name: ipmi_power # für pve2, leeres diagramm
    - name: docker_images
    - name: docker_status
    - name: chrony
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: docker_containers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
      config: |
        [docker_*]
        user root
        env.DOCKER_HOST unix://run/docker.sock
    - name: docker_cpu
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_memory
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_network
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_volumes
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: http_response
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
      config: |
        [http_response]
        env.sites http://docker-test.grote.lan:333 http://docker-test.grote.lan:1234
        env.max_time 20
        env.short_label true
        env.follow_redirect true
--- a/host_vars/docker3.grote.lan.yml
+++ b/host_vars/docker3.grote.lan.yml
@ -1,77 +0,0 @@
 ---
  ### mgrote.docker-compose-deploy
  docker_compose_projects:
    - name: miniflux
      dir_name: docker-miniflux
      repository_url: git.mgrote.net/mg/docker-miniflux
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      state: present
      os_username: mg
    - name: navidrome-mg
      dir_name: docker-navidrome-mg
      repository_url: git.mgrote.net/mg/docker-navidrome-mg
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      state: present
      os_username: mg
    - name: nightscout
      dir_name: docker-nightscout
      repository_url: git.mgrote.net/mg/docker-nightscout
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      state: present
      os_username: mg
    - name: traefik
      dir_name: docker-traefik
      repository_url: git.mgrote.net/mg/docker-traefik
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      network_name: nw_proxy_traefik
      state: present
      os_username: mg
    - name: watchtower
      dir_name: docker-watchtower
      repository_url: git.mgrote.net/mg/docker-watchtower
      state: present
      os_username: mg
  ### geerlingguy.munin-node
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: docker_containers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
      config: |
        [docker_*]
        user root
        env.DOCKER_HOST unix://run/docker.sock
    - name: docker_cpu
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_memory
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_network
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_volumes
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: http_response
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
      config: |
        [http_response]
        env.sites http://docker3.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker3.grote.lan:3001 https://nightscout.mgrote.net https://audio.mgrote.net/mg
        env.max_time 20
        env.short_label true
        env.follow_redirect true
--- a/host_vars/docker4.grote.lan.yml
+++ b/host_vars/docker4.grote.lan.yml
@ -1,61 +0,0 @@
 ---
  ### mgrote.docker-compose-deploy
  docker_compose_projects:
    - name: watchtower
      dir_name: docker-watchtower
      repository_url: git.mgrote.net/mg/docker-watchtower
      state: present
      os_username: mg
    - name: ansible-ara
      dir_name: docker-ansible-ara
      repository_url: git.mgrote.net/mg/docker-ansible-ara
      state: present
      os_username: mg
    - name: photoprism # wird der container woanders hin verschoben restic ausnahmen wieder eintragen, oder /var/lib/docker aus restic entfernen
      dir_name: docker-photoprism
      repository_url: git.mgrote.net/mg/docker-photoprism
      state: present
      os_username: mg
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
  ### geerlingguy.munin-node
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: lvm_
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
      config: |
        [lvm_*]
        user root
    - name: docker_containers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
      config: |
        [docker_*]
        user root
        env.DOCKER_HOST unix://run/docker.sock
    - name: docker_cpu
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_memory
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_network
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_volumes
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: http_response
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
      config: |
        [http_response]
        env.sites http://docker4.grote.lan:2233 http://docker4.grote.lan:2342
        env.max_time 20
        env.short_label true
        env.follow_redirect true
--- a/host_vars/docker7.grote.lan.yml
+++ b/host_vars/docker7.grote.lan.yml
@ -1,53 +1,103 @@
 ---
  ### mgrote.apt_manage_packages
  apt_packages_extra:
    - libwww-curl-perl # für munin-plugin: unifi
    - libjson-perl # für munin-plugin: unifi
    - sshpass # fur munin mt_system_*
  ### mgrote.docker-compose-deploy
  docker_compose_projects:
    - name: changedetection
      dir_name: docker-changedetection
      repository_url: git.mgrote.net/mg/docker-changedetection.io
      state: present
      os_username: mg
    - name: munin-master
      dir_name: docker-munin-master
      repository_url: git.mgrote.net/mg/docker-munin-master_production
      state: present
      os_username: mg
    - name: watchtower
      dir_name: docker-watchtower
      repository_url: git.mgrote.net/mg/docker-watchtower
      state: present
-      os_username: mg
+      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: ansible-ara
      dir_name: docker-ansible-ara
      repository_url: git.mgrote.net/mg/docker-ansible-ara
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: homer
      dir_name: docker-homer
      repository_url: git.mgrote.net/mg/docker-homer
      state: present
-      os_username: mg
+      os_username: docker-user
    - name: unifi-controller
      dir_name: docker-unifi-controller
      repository_url: git.mgrote.net/mg/docker-unifi-controller
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: changedetection
      dir_name: docker-changedetection
      repository_url: git.mgrote.net/mg/docker-changedetection.io
      state: present
-      os_username: mg
+      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: photoprism
      dir_name: docker-photoprism
      repository_url: git.mgrote.net/mg/docker-photoprism
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: nightscout
      dir_name: docker-nightscout
      repository_url: git.mgrote.net/mg/docker-nightscout
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: miniflux
      dir_name: docker-miniflux
      repository_url: git.mgrote.net/mg/docker-miniflux
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: traefik
      dir_name: docker-traefik
      repository_url: git.mgrote.net/mg/docker-traefik
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      network_name: nw_proxy_traefik
    - name: munin-master
      dir_name: docker-munin-master
      repository_url: git.mgrote.net/mg/docker-munin-master_production
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: oxidized
      dir_name: docker-oxidized
      repository_url: git.mgrote.net/mg/docker-oxidized
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      state: present
      os_username: mg
    - name: librenms
      dir_name: docker-librenms
      repository_url: git.mgrote.net/mg/docker-librenms
      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
    - name: unifi-controller
      dir_name: docker-unifi-controller
      repository_url: git.mgrote.net/mg/docker-unifi-controller
      state: present
-      os_username: mg
+      os_username: docker-user
-  ### geerlingguy.munin-node
+      repository_user: mg
-  munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
+      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
-  munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift
+    - name: navidrome-mg
-    - '^127\.0\.0\.1$'
+      dir_name: docker-navidrome-mg
-    - '^::1$'
+      repository_url: git.mgrote.net/mg/docker-navidrome-mg
-    - ^0\.0\.0\.0$
+      state: present
      os_username: docker-user
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
  ### oefenweb.ufw
  ufw_rules: # ist extra weil bei munin kein subnet angegeben ist
    - rule: allow
@ -60,10 +110,6 @@
      protocol: tcp
      comment: 'munin'
      from_ip: 0.0.0.0/0
  ### mgrote.apt_manage_packages
  apt_packages_extra:
    - libwww-curl-perl # für munin-plugin: unifi
    - libjson-perl # für munin-plugin: unifi
  ### geerlingguy.pip
  pip_package: python3-pip
  pip_install_packages:
@ -71,7 +117,17 @@
    - name: fritzconnection # für munin fritzbox*
    - name: lxml # für munin fritzbox*
    - name: requests # für munin fritzbox*
-  ### mgrote.munin-node
+  ### geerlingguy.munin-node
  munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
  munin_node_disabled_plugins:
    - name: meminfo # zu hohe last
    - name: hddtemp2 # ersetzt durch hddtemp_smartctl
    - name: ntp # verursacht zu viele dns ptr request
    - name: hddtempd # ersetzt durch hddtemp_smartctl
    - name: ipmi_power # für pve2, leeres diagramm
    - name: docker_images
    - name: docker_status
    - name: chrony
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
@ -82,20 +138,19 @@
      config: |
        [lvm_*]
        user root
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: docker_containers
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
      config: |
        [docker_*]
        user root
        env.DOCKER_HOST unix://run/docker.sock
    - name: nextcloud_mgrote.next-cloud.org
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
      config: |
        [nextcloud_mgrote.next-cloud.org]
        env.username munin
        env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }}
        env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
        env.scheme https
    - name: docker_cpu
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_memory
@ -104,6 +159,22 @@
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: docker_volumes
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
    - name: http_response
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
      config: |
        [http_response]
        env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 https://nightscout.mgrote.net https://audio.mgrote.net/mg
        env.max_time 20
        env.short_label true
        env.follow_redirect true
    - name: nextcloud_mgrote.next-cloud.org
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
      config: |
        [nextcloud_mgrote.next-cloud.org]
        env.username munin
        env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }}
        env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
        env.scheme https
    - name: mt_system_crs309
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
      config: |
@ -138,7 +209,7 @@
        # Password to login to unifi controller API. Default is "ubnt"
        env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }}
        # URL of the API, with port if needed.  No trailing slash.
-        env.api_url https://docker2.grote.lan:8443
+        env.api_url https://docker7.grote.lan:8443
        # Verify SSL certificate name against host.
        # Note: if using a default cloudkey certificate, this will fail unless you manually add it
        # to the local keystore.
@ -212,11 +283,3 @@
        env.fritzbox_username munin
        env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }}
        env.traffic_remove_max true # if you do not want the possible max values
    - name: http_response
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
      config: |
        [http_response]
        env.sites http://docker2.grote.lan:8888/nodes http://docker2.grote.lan:1234 http://docker2.grote.lan:5000 http://docker2.grote.lan:333
        env.max_time 20
        env.short_label true
        env.follow_redirect true
--- a/host_vars/pve2.grote.lan.yml
+++ b/host_vars/pve2.grote.lan.yml
@ -252,7 +252,6 @@
      snapshots: true
      template: '3tage'
  sanoid_templates:
    - name: '31tage'
      keep_hourly: '24'                        # Aufheben (Stunde)
@ -294,7 +293,7 @@
  ### mgrote.cv4pve-autosnap
  cv4pve_api_user: root@pam!cv4pve-autosnap
  cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
-  cv4pve_vmid: all,-127,-112,-100,-116
+  cv4pve_vmid: all,-127,-112,-100,-116,-105
  cv4pve_keep_snapshots: 5
  cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip"
--- a/8
+++ b/8
@ -26,9 +26,7 @@ all:
        ansible-test.grote.lan:
    docker:
      hosts:
-        docker3.grote.lan:
+        docker7.grote.lan:
        docker2.grote.lan:
        docker4.grote.lan:
        docker-test.grote.lan:
    vmtest:
      hosts:
@ -63,9 +61,7 @@ all:
        gitea.grote.lan:
        dnsmasq.grote.lan:
        ntp-server.grote.lan:
-        docker2.grote.lan:
+        docker7.grote.lan:
        docker3.grote.lan:
        docker4.grote.lan:
    test:
      hosts:
        dokuwiki-test.grote.lan:
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/playbooks/3_service/docker.yml
+++ b/playbooks/3_service/docker.yml
@ -1,5 +1,34 @@
 ---
- hosts: docker
+- hosts: docker7.grote.lan
  pre_tasks:
    - name: create pv + vg for docker
      become: true
      community.general.lvg:
        vg: vg_docker
        pvs: /dev/sdb
        state: present
    - name: create lv for docker
      become: true
      community.general.lvol:
        state: present
        vg: vg_docker
        lv: lv_docker
        size: +100%FREE
    - name: create fs on lv
      become: true
      community.general.filesystem:
        fstype: xfs
        dev: /dev/mapper/vg_docker-lv_docker
    - name: mount lv
      become: true
      ansible.posix.mount:
        path: /var/lib/docker
        src: /dev/mapper/vg_docker-lv_docker
        state: mounted
        fstype: xfs
        boot: yes
  roles:
    - { role: geerlingguy.pip, tags: "pip", become: true }
    - { role: geerlingguy.docker, tags: "docker", become: true }
--- a/roles/mgrote.docker-compose-deploy/tasks/main.yml
+++ b/roles/mgrote.docker-compose-deploy/tasks/main.yml
@ -4,6 +4,7 @@
    loop: "{{ docker_compose_projects }}"
    when:
      - item.state == "present"
      - docker_compose_projects is defined
    no_log: true
  - name: loop docker tasks - down
@ -11,4 +12,5 @@
    loop: "{{ docker_compose_projects }}"
    when:
      - item.state == "absent"
      - docker_compose_projects is defined
    no_log: true