diff --git a/README.md b/README.md
index d2f8c19c..82700cad 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# ansible_heimserver
-[![Build Status](http://docker9.grote.lan/api/badges/mg/ansible/status.svg)](http://docker9.grote.lan/mg/ansible)
+[![Build Status](http://docker10.grote.lan/api/badges/mg/ansible/status.svg)](http://docker10.grote.lan/mg/ansible)
## example-cli
`ansible-playbook playbooks/base/0_master.yml -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan`
diff --git a/ansible.cfg b/ansible.cfg
index 3dc509a5..0f87ac87 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -34,4 +34,4 @@ always = true
[ara]
api_client = http
-api_server = http://docker7.grote.lan:2233
+api_server = http://docker10.grote.lan:2233
diff --git a/docker-compose/ara/docker-compose.yml.j2 b/docker-compose/ara/docker-compose.yml.j2
new file mode 100644
index 00000000..2912c557
--- /dev/null
+++ b/docker-compose/ara/docker-compose.yml.j2
@@ -0,0 +1,15 @@
+version: '3.3'
+services:
+ ara:
+ container_name: ara
+ ports:
+ - '2233:8000'
+ image: 'quay.io/recordsansible/ara-api:latest'
+ volumes:
+ - store:/opt/ara:z
+ environment:
+ - ARA_ALLOWED_HOSTS=['docker10.grote.lan']
+ restart: always
+######## Volumes ########
+volumes:
+ store:
diff --git a/docker-compose/drone/docker-compose.yml.j2 b/docker-compose/drone/docker-compose.yml.j2
new file mode 100644
index 00000000..13b4534a
--- /dev/null
+++ b/docker-compose/drone/docker-compose.yml.j2
@@ -0,0 +1,50 @@
+version: '3.3'
+services:
+# server
+ drone:
+ volumes:
+ - 'data:/data'
+ environment:
+ - 'DRONE_GITEA_SERVER=https://git.mgrote.net'
+ - DRONE_GITEA_CLIENT_ID=f8f0db2a-0089-4e23-9f5a-a5e52f20d765
+ - DRONE_GITEA_CLIENT_SECRET={{ lookup('keepass', 'drone_gitea_client_secret', 'password') }}
+ - DRONE_RPC_SECRET={{ lookup('keepass', 'drone_rpc_secret', 'password') }}
+ - DRONE_SERVER_HOST=docker10.grote.lan:81
+ - DRONE_SERVER_PROTO=http
+ - DRONE_USER_CREATE=username:mg,admin:true # Gitea-Nutzer "mg" als Admin
+ #- DRONE_LOGS_DEBUG=true
+ ports:
+ - '81:80'
+ - '444:443'
+ restart: always
+ container_name: drone-server
+ image: 'drone/drone:latest'
+ networks:
+ - intern
+
+
+# runner
+ drone-runner-docker:
+ volumes:
+ - '/var/run/docker.sock:/var/run/docker.sock'
+ environment:
+ - DRONE_RPC_PROTO=http
+ # container-name des servers
+ - DRONE_RPC_HOST=drone-server
+ - DRONE_RPC_SECRET={{ lookup('keepass', 'drone_rpc_secret', 'password') }}
+ - DRONE_RUNNER_CAPACITY=4
+ - DRONE_RUNNER_NAME=drone-runner
+ ports:
+ - '3000:3000'
+ restart: always
+ container_name: drone-runner
+ image: 'drone/drone-runner-docker:latest'
+ networks:
+ - intern
+
+######## Volumes ########
+volumes:
+ data:
+######## Networks ########
+networks:
+ intern: # hier kommunizieren Runner + Server
diff --git a/docker-compose/hastebin/docker-compose.yml.j2 b/docker-compose/hastebin/docker-compose.yml.j2
new file mode 100644
index 00000000..6b17b99b
--- /dev/null
+++ b/docker-compose/hastebin/docker-compose.yml.j2
@@ -0,0 +1,36 @@
+version: '3'
+services:
+######## hastebin ########
+ hastebin:
+ container_name: "hastebin-frontend"
+ image: quotengrote/hastebin
+ restart: always
+ depends_on:
+ - redis
+ environment:
+ - TZ=Europe/Berlin
+ - STORAGE_TYPE=redis
+ - STORAGE_HOST=redis
+ networks:
+ - int
+ ports:
+ - 7777:7777
+######## redis ########
+ redis:
+ container_name: "hastebin-redis"
+ image: redis
+ restart: always
+ volumes:
+ - redis:/data
+ networks:
+ - int
+ environment:
+ - TZ=Europe/Berlin
+
+######## Volumes ########
+volumes:
+ redis:
+######## Networks ########
+networks:
+ int: # das Prefix "hastebin_" wird automatisch gesetzt; gilt auch für Volumes
+ driver: bridge
diff --git a/docker-compose/homer/assets/config.yml b/docker-compose/homer/assets/config.yml
new file mode 100644
index 00000000..d5f37027
--- /dev/null
+++ b/docker-compose/homer/assets/config.yml
@@ -0,0 +1,246 @@
+---
+# https://github.com/bastienwirtz/homer/blob/main/docs/configuration.md
+title: "Homer"
+logo: "assets/icons/homer.png"
+
+header: false
+footer: false
+
+columns: "4"
+
+
+
+theme: default
+colors:
+ light:
+ highlight-primary: "#3367d6"
+ highlight-secondary: "#4285f4"
+ highlight-hover: "#5a95f5"
+ background: "#f5f5f5"
+ card-background: "#ffffff"
+ text: "#363636"
+ text-header: "#ffffff"
+ text-title: "#303030"
+ text-subtitle: "#424242"
+ card-shadow: rgba(0, 0, 0, 0.1)
+ link-hover: "#363636"
+ dark:
+ highlight-primary: "#3367d6"
+ highlight-secondary: "#4285f4"
+ highlight-hover: "#5a95f5"
+ background: "#131313"
+ card-background: "#2b2b2b"
+ text: "#eaeaea"
+ text-header: "#ffffff"
+ text-title: "#fafafa"
+ text-subtitle: "#f5f5f5"
+ card-shadow: rgba(0, 0, 0, 0.4)
+ link-hover: "#ffdd57"
+
+
+
+
+links:
+ - name: "Homepage"
+ icon: "fas fa-heartbeat"
+ url: "http://docker10.grote.lan:333"
+ - name: "Management"
+ icon: "fas fa-code-branch"
+ url: "#mgmt"
+ - name: "Extern"
+ icon: "fas fa-file-alt"
+ url: "#papa"
+ - name: "Test"
+ icon: "fas fa-globe"
+ url: "#test"
+
+# wetter
+
+# https://github.com/bastienwirtz/homer/pull/181
+services:
+ - name: "Wetter"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Weather"
+ location: "Burg" # your location.
+ locationId: "2941501" # OpenWeatherMap city ID.
+ apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://openweathermap.org/api.
+ units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin.
+ background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none.
+ type: "OpenWeather"
+ - name: "Weather"
+ location: "Magdeburg"
+ locationId: "2874545"
+ apiKey: "c1ec4c040abfa80b991c72d48b49d4a0"
+ units: "metric"
+ background: "none"
+ type: "OpenWeather"
+
+
+ - name: "Help"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Crontab Guru"
+ logo: "assets/icons/healthchecks.png"
+ url: "https://crontab.guru"
+ target: "_blank"
+ - name: "Epoch Converter"
+ logo: "assets/icons/epochconverter.png"
+ url: "https://www.epochconverter.com"
+ target: "_blank"
+ - name: "fstab Generator"
+ logo: "assets/icons/sabnzbd.png"
+ url: "https://epistel.no/fstab/"
+ target: "_blank"
+ - name: "chmod Calculator"
+ logo: "assets/icons/redis.png"
+ url: "https://chmod-calculator.com"
+ target: "_blank"
+ - name: "composerizer"
+ logo: "assets/icons/docker.png"
+ url: "https://www.composerize.com"
+ target: "_blank"
+ subtitle: "docker-run to docker-compose"
+ - name: "Umrechner Bytes"
+ logo: "assets/icons/bytes.png"
+ url: "https://www.fischerclan.de/byte_umrechner.html"
+ target: "_blank"
+ - name: "git revert..."
+ logo: "assets/icons/netatmo.png"
+ url: "https://sethrobertson.github.io/GitFixUm/fixup.html"
+ target: "_blank"
+
+
+ - name: "Dienste"
+ icon: "fas fa-cloud"
+ items:
+ - name: "gitea"
+ logo: "assets/icons/gitea.png"
+ url: "https://git.mgrote.net"
+ target: "_blank"
+ subtitle: "git"
+ - name: "Miniflux"
+ logo: "assets/icons/miniflux.png"
+ url: "https://miniflux.mgrote.net/unread"
+ target: "_blank"
+ subtitle: "RSS"
+ - name: "Nextcloud"
+ logo: "assets/icons/nextcloud.png"
+ url: "https://nextcloud.mgrote.net"
+ target: "_blank"
+ subtitle: "Cloud"
+ - name: "DokuWiki"
+ logo: "assets/icons/dokuwiki.png"
+ url: "http://dokuwiki2.grote.lan"
+ target: "_blank"
+ subtitle: "Wiki"
+ - name: "RSS-Bridge"
+ logo: "assets/icons/rssb.png"
+ url: "http://docker10.grote.lan:3001"
+ target: "_blank"
+ subtitle: "Facebook/Instagram-to-rss"
+ - name: "Navidrome - mg"
+ logo: "assets/icons/navidrome.png"
+ url: "https://audio.mgrote.net/mg"
+ target: "_blank"
+ subtitle: "Audio-Streaming"
+ - name: "changedetection.io"
+ logo: "assets/icons/changedetection.png"
+ url: "http://docker10.grote.lan:5000"
+ target: "_blank"
+ subtitle: "Website2rss"
+ - name: "Photoprism"
+ logo: "assets/icons/photoprism.svg"
+ url: "http://docker10.grote.lan:2342"
+ target: "_blank"
+ subtitle: "Bildersammlung"
+ - name: "hastebin"
+ logo: "assets/icons/hastebin.png"
+ url: "http://docker10.grote.lan:7777"
+ target: "_blank"
+ subtitle: "pastebin"
+
+
+
+ - name: "Web"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Todoist"
+ logo: "assets/icons/todoist.png"
+ url: "https://todoist.com/app/#project%2F2231794668"
+ target: "_blank"
+ - name: "WhatsApp"
+ logo: "assets/icons/whatsapp.png"
+ url: "https://web.whatsapp.com"
+ target: "_blank"
+ - name: "GitHub"
+ logo: "assets/icons/github.png"
+ url: "https://github.com/quotengrote"
+ target: "_blank"
+ - name: "Monkeytype"
+ logo: "assets/icons/monkeytype.png"
+ target: "_blank"
+ url: "https://monkeytype.com"
+ - name: "Posteo"
+ logo: "assets/icons/posteo.png"
+ url: "https://posteo.de/webmail/?_task=mail&_refresh=1&_mbox=INBOX"
+ target: "_blank"
+ - name: "Wikipedia"
+ logo: "assets/icons/wikipedia.png"
+ url: "https://de.wikipedia.org/wiki/Benutzer:Quotengrote"
+ target: "_blank"
+ - name: "Docker Hub"
+ logo: "assets/icons/docker.png"
+ url: "https://hub.docker.com/r/quotengrote"
+ target: "_blank"
+
+
+ - name: "Diabetes"
+ icon: "fas fa-cloud"
+ items:
+ - name: "LibreView"
+ logo: "assets/icons/freestyle.png"
+ url: "https://www.libreview.com/glucosereports"
+ target: "_blank"
+ - name: "DexCom Clarity"
+ logo: "assets/icons/dexcom.png"
+ url: "https://clarity.dexcom.eu/#/overview"
+ target: "_blank"
+ - name: "glooko"
+ logo: "assets/icons/glooko.png"
+ url: "https://de-fr.my.glooko.com"
+ target: "_blank"
+
+
+
+ - name: "Spiele"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Gravity Simulator"
+ logo: "assets/icons/freshrss.png"
+ url: "https://testtubegames.com/gravity.html"
+ target: "_blank"
+
+
+
+ - name: "Finanzen"
+ icon: "fas fa-cloud"
+ items:
+ - name: "ING Diba"
+ logo: "assets/icons/ing.png"
+ url: "https://www.ing.de"
+ target: "_blank"
+ - name: "Leaseplanbank"
+ logo: "assets/icons/leaseplan.webp"
+ url: "https://sparen.leaseplanbank.de"
+ target: "_blank"
+
+
+ - name: "Dataport"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Outlook"
+ logo: "assets/icons/dataport.png"
+ url: "https://webmail.ondataport.de"
+ target: "_blank"
+ subtitle: "Webmail"
diff --git a/docker-compose/homer/assets/icons/1und1.jpg b/docker-compose/homer/assets/icons/1und1.jpg
new file mode 100644
index 00000000..71351691
Binary files /dev/null and b/docker-compose/homer/assets/icons/1und1.jpg differ
diff --git a/docker-compose/homer/assets/icons/acng.jpg b/docker-compose/homer/assets/icons/acng.jpg
new file mode 100644
index 00000000..ce5925c8
Binary files /dev/null and b/docker-compose/homer/assets/icons/acng.jpg differ
diff --git a/docker-compose/homer/assets/icons/ara.png b/docker-compose/homer/assets/icons/ara.png
new file mode 100644
index 00000000..076b1083
Binary files /dev/null and b/docker-compose/homer/assets/icons/ara.png differ
diff --git a/docker-compose/homer/assets/icons/brother.jpg b/docker-compose/homer/assets/icons/brother.jpg
new file mode 100644
index 00000000..8aa7a8e9
Binary files /dev/null and b/docker-compose/homer/assets/icons/brother.jpg differ
diff --git a/docker-compose/homer/assets/icons/bytes.png b/docker-compose/homer/assets/icons/bytes.png
new file mode 100644
index 00000000..866e103e
Binary files /dev/null and b/docker-compose/homer/assets/icons/bytes.png differ
diff --git a/docker-compose/homer/assets/icons/changedetection.png b/docker-compose/homer/assets/icons/changedetection.png
new file mode 100644
index 00000000..991bb6f4
Binary files /dev/null and b/docker-compose/homer/assets/icons/changedetection.png differ
diff --git a/docker-compose/homer/assets/icons/dataport.png b/docker-compose/homer/assets/icons/dataport.png
new file mode 100644
index 00000000..59ebc7bc
Binary files /dev/null and b/docker-compose/homer/assets/icons/dataport.png differ
diff --git a/docker-compose/homer/assets/icons/dexcom.png b/docker-compose/homer/assets/icons/dexcom.png
new file mode 100644
index 00000000..1c3bdde1
Binary files /dev/null and b/docker-compose/homer/assets/icons/dexcom.png differ
diff --git a/docker-compose/homer/assets/icons/docker.png b/docker-compose/homer/assets/icons/docker.png
new file mode 100644
index 00000000..dcce1ace
Binary files /dev/null and b/docker-compose/homer/assets/icons/docker.png differ
diff --git a/docker-compose/homer/assets/icons/dokuwiki.png b/docker-compose/homer/assets/icons/dokuwiki.png
new file mode 100644
index 00000000..82c1d495
Binary files /dev/null and b/docker-compose/homer/assets/icons/dokuwiki.png differ
diff --git a/docker-compose/homer/assets/icons/drone.png b/docker-compose/homer/assets/icons/drone.png
new file mode 100644
index 00000000..76b8f359
Binary files /dev/null and b/docker-compose/homer/assets/icons/drone.png differ
diff --git a/docker-compose/homer/assets/icons/epochconverter.png b/docker-compose/homer/assets/icons/epochconverter.png
new file mode 100644
index 00000000..6c8e07e5
Binary files /dev/null and b/docker-compose/homer/assets/icons/epochconverter.png differ
diff --git a/docker-compose/homer/assets/icons/freestyle.png b/docker-compose/homer/assets/icons/freestyle.png
new file mode 100644
index 00000000..212de89e
Binary files /dev/null and b/docker-compose/homer/assets/icons/freestyle.png differ
diff --git a/docker-compose/homer/assets/icons/freshrss.png b/docker-compose/homer/assets/icons/freshrss.png
new file mode 100644
index 00000000..3e54369e
Binary files /dev/null and b/docker-compose/homer/assets/icons/freshrss.png differ
diff --git a/docker-compose/homer/assets/icons/fritzbox.svg b/docker-compose/homer/assets/icons/fritzbox.svg
new file mode 100644
index 00000000..e47e6939
--- /dev/null
+++ b/docker-compose/homer/assets/icons/fritzbox.svg
@@ -0,0 +1,320 @@
+
+
+
+]>
+
diff --git a/docker-compose/homer/assets/icons/gitea.png b/docker-compose/homer/assets/icons/gitea.png
new file mode 100644
index 00000000..dd3e97c4
Binary files /dev/null and b/docker-compose/homer/assets/icons/gitea.png differ
diff --git a/docker-compose/homer/assets/icons/github.png b/docker-compose/homer/assets/icons/github.png
new file mode 100644
index 00000000..33479614
Binary files /dev/null and b/docker-compose/homer/assets/icons/github.png differ
diff --git a/docker-compose/homer/assets/icons/gl-cloud.png b/docker-compose/homer/assets/icons/gl-cloud.png
new file mode 100644
index 00000000..a4b6f054
Binary files /dev/null and b/docker-compose/homer/assets/icons/gl-cloud.png differ
diff --git a/docker-compose/homer/assets/icons/glooko.png b/docker-compose/homer/assets/icons/glooko.png
new file mode 100644
index 00000000..c6f29070
Binary files /dev/null and b/docker-compose/homer/assets/icons/glooko.png differ
diff --git a/docker-compose/homer/assets/icons/hastebin.png b/docker-compose/homer/assets/icons/hastebin.png
new file mode 100644
index 00000000..8d3858da
Binary files /dev/null and b/docker-compose/homer/assets/icons/hastebin.png differ
diff --git a/docker-compose/homer/assets/icons/healthchecks.png b/docker-compose/homer/assets/icons/healthchecks.png
new file mode 100644
index 00000000..3d7696b6
Binary files /dev/null and b/docker-compose/homer/assets/icons/healthchecks.png differ
diff --git a/docker-compose/homer/assets/icons/homer.png b/docker-compose/homer/assets/icons/homer.png
new file mode 100644
index 00000000..2ff23ae6
Binary files /dev/null and b/docker-compose/homer/assets/icons/homer.png differ
diff --git a/docker-compose/homer/assets/icons/ing.png b/docker-compose/homer/assets/icons/ing.png
new file mode 100644
index 00000000..2665d94a
Binary files /dev/null and b/docker-compose/homer/assets/icons/ing.png differ
diff --git a/docker-compose/homer/assets/icons/leaseplan.webp b/docker-compose/homer/assets/icons/leaseplan.webp
new file mode 100644
index 00000000..3936b6cc
Binary files /dev/null and b/docker-compose/homer/assets/icons/leaseplan.webp differ
diff --git a/docker-compose/homer/assets/icons/librenms.png b/docker-compose/homer/assets/icons/librenms.png
new file mode 100644
index 00000000..94799e98
Binary files /dev/null and b/docker-compose/homer/assets/icons/librenms.png differ
diff --git a/docker-compose/homer/assets/icons/miniflux.png b/docker-compose/homer/assets/icons/miniflux.png
new file mode 100644
index 00000000..62a25a22
Binary files /dev/null and b/docker-compose/homer/assets/icons/miniflux.png differ
diff --git a/docker-compose/homer/assets/icons/monkeytype.png b/docker-compose/homer/assets/icons/monkeytype.png
new file mode 100644
index 00000000..2f0c64d2
Binary files /dev/null and b/docker-compose/homer/assets/icons/monkeytype.png differ
diff --git a/docker-compose/homer/assets/icons/munin.png b/docker-compose/homer/assets/icons/munin.png
new file mode 100644
index 00000000..bdb93942
Binary files /dev/null and b/docker-compose/homer/assets/icons/munin.png differ
diff --git a/docker-compose/homer/assets/icons/navidrome.png b/docker-compose/homer/assets/icons/navidrome.png
new file mode 100644
index 00000000..2bb8c77d
Binary files /dev/null and b/docker-compose/homer/assets/icons/navidrome.png differ
diff --git a/docker-compose/homer/assets/icons/netatmo.png b/docker-compose/homer/assets/icons/netatmo.png
new file mode 100644
index 00000000..d5a3fc5a
Binary files /dev/null and b/docker-compose/homer/assets/icons/netatmo.png differ
diff --git a/docker-compose/homer/assets/icons/netbootxyz.png b/docker-compose/homer/assets/icons/netbootxyz.png
new file mode 100644
index 00000000..a57a8998
Binary files /dev/null and b/docker-compose/homer/assets/icons/netbootxyz.png differ
diff --git a/docker-compose/homer/assets/icons/nextcloud.png b/docker-compose/homer/assets/icons/nextcloud.png
new file mode 100644
index 00000000..294e230b
Binary files /dev/null and b/docker-compose/homer/assets/icons/nextcloud.png differ
diff --git a/docker-compose/homer/assets/icons/oxidized.svg b/docker-compose/homer/assets/icons/oxidized.svg
new file mode 100644
index 00000000..a58c2128
--- /dev/null
+++ b/docker-compose/homer/assets/icons/oxidized.svg
@@ -0,0 +1,38 @@
+
+
+
+
diff --git a/docker-compose/homer/assets/icons/photoprism.svg b/docker-compose/homer/assets/icons/photoprism.svg
new file mode 100644
index 00000000..2ffcd856
--- /dev/null
+++ b/docker-compose/homer/assets/icons/photoprism.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/docker-compose/homer/assets/icons/posteo.png b/docker-compose/homer/assets/icons/posteo.png
new file mode 100644
index 00000000..0cdaa6a1
Binary files /dev/null and b/docker-compose/homer/assets/icons/posteo.png differ
diff --git a/docker-compose/homer/assets/icons/pve.png b/docker-compose/homer/assets/icons/pve.png
new file mode 100644
index 00000000..4a972d7b
Binary files /dev/null and b/docker-compose/homer/assets/icons/pve.png differ
diff --git a/docker-compose/homer/assets/icons/qnap.png b/docker-compose/homer/assets/icons/qnap.png
new file mode 100644
index 00000000..b06ca3ef
Binary files /dev/null and b/docker-compose/homer/assets/icons/qnap.png differ
diff --git a/docker-compose/homer/assets/icons/redis.png b/docker-compose/homer/assets/icons/redis.png
new file mode 100644
index 00000000..923d14aa
Binary files /dev/null and b/docker-compose/homer/assets/icons/redis.png differ
diff --git a/docker-compose/homer/assets/icons/roundcube.png b/docker-compose/homer/assets/icons/roundcube.png
new file mode 100644
index 00000000..60fda3c6
Binary files /dev/null and b/docker-compose/homer/assets/icons/roundcube.png differ
diff --git a/docker-compose/homer/assets/icons/rssb.png b/docker-compose/homer/assets/icons/rssb.png
new file mode 100644
index 00000000..077f9548
Binary files /dev/null and b/docker-compose/homer/assets/icons/rssb.png differ
diff --git a/docker-compose/homer/assets/icons/sabnzbd.png b/docker-compose/homer/assets/icons/sabnzbd.png
new file mode 100644
index 00000000..46b4a92a
Binary files /dev/null and b/docker-compose/homer/assets/icons/sabnzbd.png differ
diff --git a/docker-compose/homer/assets/icons/scaleway.png b/docker-compose/homer/assets/icons/scaleway.png
new file mode 100644
index 00000000..c0ddedf5
Binary files /dev/null and b/docker-compose/homer/assets/icons/scaleway.png differ
diff --git a/docker-compose/homer/assets/icons/speedport.png b/docker-compose/homer/assets/icons/speedport.png
new file mode 100644
index 00000000..d5497565
Binary files /dev/null and b/docker-compose/homer/assets/icons/speedport.png differ
diff --git a/docker-compose/homer/assets/icons/strato.jpg b/docker-compose/homer/assets/icons/strato.jpg
new file mode 100644
index 00000000..d5b8e6f2
Binary files /dev/null and b/docker-compose/homer/assets/icons/strato.jpg differ
diff --git a/docker-compose/homer/assets/icons/switch.png b/docker-compose/homer/assets/icons/switch.png
new file mode 100644
index 00000000..fa4a81e0
Binary files /dev/null and b/docker-compose/homer/assets/icons/switch.png differ
diff --git a/docker-compose/homer/assets/icons/todoist.png b/docker-compose/homer/assets/icons/todoist.png
new file mode 100644
index 00000000..4daa8ab2
Binary files /dev/null and b/docker-compose/homer/assets/icons/todoist.png differ
diff --git a/docker-compose/homer/assets/icons/traefik.png b/docker-compose/homer/assets/icons/traefik.png
new file mode 100644
index 00000000..77a490a2
Binary files /dev/null and b/docker-compose/homer/assets/icons/traefik.png differ
diff --git a/docker-compose/homer/assets/icons/ubiquiti.png b/docker-compose/homer/assets/icons/ubiquiti.png
new file mode 100644
index 00000000..e67eec6b
Binary files /dev/null and b/docker-compose/homer/assets/icons/ubiquiti.png differ
diff --git a/docker-compose/homer/assets/icons/whatsapp.png b/docker-compose/homer/assets/icons/whatsapp.png
new file mode 100644
index 00000000..0a17a5d1
Binary files /dev/null and b/docker-compose/homer/assets/icons/whatsapp.png differ
diff --git a/docker-compose/homer/assets/icons/wikipedia.png b/docker-compose/homer/assets/icons/wikipedia.png
new file mode 100644
index 00000000..650e7cf2
Binary files /dev/null and b/docker-compose/homer/assets/icons/wikipedia.png differ
diff --git a/docker-compose/homer/assets/manifest.json b/docker-compose/homer/assets/manifest.json
new file mode 100644
index 00000000..9faa0934
--- /dev/null
+++ b/docker-compose/homer/assets/manifest.json
@@ -0,0 +1 @@
+{"name":"Homer Dashboard","short_name":"Homer","theme_color":"#3367D6","icons":[{"src":"./icons/favicon-16x16.png","sizes":"16x16","type":"image/png"},{"src":"./icons/favicon-32x32.png","sizes":"32x32","type":"image/png"},{"src":"./icons/icon-any.png","sizes":"512x512","type":"image/png","purpose":"any"},{"src":"./icons/icon-any.svg","sizes":"any","type":"image/svg+xml","purpose":"any"},{"src":"./icons/icon-maskable.png","sizes":"512x512","type":"image/png","purpose":"maskable"},{"src":"./icons/safari-pinned-tab.svg","sizes":"any","type":"image/svg+xml","purpose":"monochrome"}],"start_url":"../","display":"standalone","background_color":"#000000"}
\ No newline at end of file
diff --git a/docker-compose/homer/assets/mgmt.yml b/docker-compose/homer/assets/mgmt.yml
new file mode 100644
index 00000000..6599ad93
--- /dev/null
+++ b/docker-compose/homer/assets/mgmt.yml
@@ -0,0 +1,135 @@
+---
+# Additionnal page configuration
+
+# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://#).
+# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything
+
+
+subtitle: "Management"
+
+# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one:
+# message: ~
+
+# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field:
+links:
+ - name: "Homepage"
+ icon: "fas fa-heartbeat"
+ url: "http://docker10.grote.lan:333"
+ - name: "Management"
+ icon: "fas fa-code-branch"
+ url: "#mgmt"
+ - name: "Extern"
+ icon: "fas fa-file-alt"
+ url: "#papa"
+ - name: "Test"
+ icon: "fas fa-globe"
+ url: "#test"
+
+services:
+ - name: "Hardware"
+ icon: "fas fa-cloud"
+ items:
+ - name: "IPMI - pve2"
+ logo: "assets/icons/netbootxyz.png"
+ url: "https://192.168.2.13"
+ target: "_blank"
+ subtitle: "Supermicro X10SRL-F"
+ - name: "Brother ADS-2700W"
+ logo: "assets/icons/brother.jpg"
+ url: "http://192.168.2.48"
+ target: "_blank"
+ - name: "Fritzbox 7590"
+ logo: "assets/icons/fritzbox.svg"
+ url: "http://192.168.5.1"
+ target: "_blank"
+ subtitle: "Modem"
+
+ - name: "Infra"
+ icon: "fas fa-cloud"
+ items:
+ - name: "ProxMox Virtual Environment"
+ logo: "assets/icons/pve.png"
+ url: "https://pve2.grote.lan:8006"
+ target: "_blank"
+ subtitle: "Selbstbau"
+ - name: "Apt-Cacher-NG"
+ logo: "assets/icons/acng.jpg"
+ url: "http://acng.grote.lan:9999/acng-report.html"
+ target: "_blank"
+ subtitle: "apt"
+ - name: "gitea"
+ logo: "assets/icons/gitea.png"
+ url: "https://git.mgrote.net"
+ target: "_blank"
+ subtitle: "git"
+ - name: "Traefik"
+ logo: "assets/icons/traefik.png"
+ url: "http://docker10.grote.lan:8081"
+ target: "_blank"
+ subtitle: "Reverse Proxy"
+ - name: "Unifi Controller"
+ logo: "assets/icons/ubiquiti.png"
+ url: "https://docker10.grote.lan:8443"
+ target: "_blank"
+ subtitle: "WLAN"
+ - name: "drone.io"
+ logo: "assets/icons/drone.png"
+ url: "http://docker10.grote.lan:81"
+ target: "_blank"
+ subtitle: "CI/CD"
+ - name: "httpd"
+ logo: "assets/icons/roundcube.png"
+ url: " http://docker10.grote.lan:3344"
+ target: "_blank"
+ subtitle: "Package-Registry"
+
+
+
+
+ - name: "Monitoring"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Ara"
+ logo: "assets/icons/ara.png"
+ url: "http://docker10.grote.lan:2233"
+ target: "_blank"
+ subtitle: "ansible"
+ - name: "Munin - Production"
+ logo: "assets/icons/munin.png"
+ url: "http://docker10.grote.lan:1234"
+ target: "_blank"
+ subtitle: "Monitoring"
+ - name: "Oxidized"
+ logo: "assets/icons/oxidized.svg"
+ url: "http://docker10.grote.lan:8888"
+ target: "_blank"
+ subtitle: "network device configuration backup tool"
+ - name: "LibreNMS"
+ logo: "assets/icons/librenms.png"
+ url: "http://docker10.grote.lan:8000"
+ target: "_blank"
+ subtitle: "network monitoring"
+
+ - name: "Internet-MGMT"
+ icon: "fas fa-cloud"
+ items:
+ - name: "IONOS"
+ logo: "assets/icons/1und1.jpg"
+ url: "https://login.ionos.de/#/servers/F872D83983D453EA40074C5C59AFB7DD"
+ target: "_blank"
+ subtitle: "tor1.mgrote.net"
+ - name: "Scaleway"
+ logo: "assets/icons/scaleway.png"
+ url: "https://console.scaleway.com/object-storage/buckets"
+ target: "_blank"
+ subtitle: "Scaleway S3"
+ - name: "gl.inet - Cloud"
+ logo: "assets/icons/gl-cloud.png"
+ url: "https://www.goodcloud.xyz/#/login"
+ target: "_blank"
+ subtitle: "Mango MGMT"
+ - name: "Strato - DNS"
+ logo: "assets/icons/strato.jpg"
+ url: "https://www.strato.de/apps/CustomerService#/skl"
+ target: "_blank"
+ subtitle: "Domainverwaltung"
diff --git a/docker-compose/homer/assets/papa.yml b/docker-compose/homer/assets/papa.yml
new file mode 100644
index 00000000..bc86ff9a
--- /dev/null
+++ b/docker-compose/homer/assets/papa.yml
@@ -0,0 +1,46 @@
+---
+# Additionnal page configuration
+
+# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://#).
+# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything
+
+
+subtitle: "Papa's Dienste"
+
+# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one:
+message: "Nur per VPN erreichbar, @home über den Router als s2s-Tunnel umgesetzt."
+
+# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field:
+links:
+ - name: "Homepage"
+ icon: "fas fa-heartbeat"
+ url: "http://docker10.grote.lan:333"
+ - name: "Management"
+ icon: "fas fa-code-branch"
+ url: "#mgmt"
+ - name: "Extern"
+ icon: "fas fa-file-alt"
+ url: "#papa"
+ - name: "Test"
+ icon: "fas fa-globe"
+ url: "#test"
+
+services:
+ - name: "Storage"
+ icon: "fas fa-cloud"
+ items:
+ - name: "QNAP TS-251+"
+ logo: "assets/icons/qnap.png"
+ url: "http://192.168.3.108:8080"
+ target: "_blank"
+ - name: "Network"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Speedport Smart 3"
+ logo: "assets/icons/speedport.png"
+ url: "http://192.168.3.1"
+ target: "_blank"
+ - name: "Netgear GS308E"
+ logo: "assets/icons/switch.png"
+ url: "http://192.168.3.147"
+ target: "_blank"
diff --git a/docker-compose/homer/assets/test.yml b/docker-compose/homer/assets/test.yml
new file mode 100644
index 00000000..8e10ca1e
--- /dev/null
+++ b/docker-compose/homer/assets/test.yml
@@ -0,0 +1,69 @@
+---
+# Additionnal page configuration
+
+# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://#).
+# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything
+
+
+subtitle: "Test/Staging"
+
+# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one:
+# message: ~
+
+# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field:
+links:
+ - name: "Homepage"
+ icon: "fas fa-heartbeat"
+ url: "http://docker10.grote.lan:333"
+ - name: "Management"
+ icon: "fas fa-code-branch"
+ url: "#mgmt"
+ - name: "Extern"
+ icon: "fas fa-file-alt"
+ url: "#papa"
+ - name: "Test"
+ icon: "fas fa-globe"
+ url: "#test"
+
+services:
+ - name: "Infra"
+ icon: "fas fa-cloud"
+ items:
+ - name: "ProxMox Virtual Environment"
+ logo: "assets/icons/pve.png"
+ url: "https://pve2-test2.grote.lan:8006"
+ target: "_blank"
+ subtitle: "VM"
+ - name: "Apt-Cacher-NG"
+ logo: "assets/icons/acng.jpg"
+ url: "http://acng-test.grote.lan:9999/acng-report.html"
+ target: "_blank"
+ subtitle: "apt"
+ - name: "gitea"
+ logo: "assets/icons/gitea.png"
+ url: "http://gitea-test.grote.lan:3000"
+ target: "_blank"
+ subtitle: "git"
+
+ - name: "Monitoring"
+ icon: "fas fa-cloud"
+ items:
+ - name: "Munin"
+ logo: "assets/icons/munin.png"
+ url: "http://docker7-test.grote.lan:12345"
+ target: "_blank"
+ subtitle: "Monitoring"
+
+ - name: "Dienste"
+ icon: "fas fa-cloud"
+ items:
+ - name: "homer"
+ logo: "assets/icons/homer.png"
+ url: "http://docker7-test.grote.lan:333"
+ target: "_blank"
+ subtitle: "Dashboard"
+ - name: "DokuWiki"
+ logo: "assets/icons/dokuwiki.png"
+ url: "http://dokuwiki-test.grote.lan/doku.php"
+ target: "_blank"
+ subtitle: "Wiki"
diff --git a/docker-compose/homer/docker-compose.yml.j2 b/docker-compose/homer/docker-compose.yml.j2
new file mode 100644
index 00000000..b311eb76
--- /dev/null
+++ b/docker-compose/homer/docker-compose.yml.j2
@@ -0,0 +1,16 @@
+version: '3'
+services:
+######## homer ########
+ homer:
+ image: b4bz/homer:latest
+ container_name: homer-dashboard
+ restart: always
+ environment:
+ - TZ=Europe/Berlin
+ - UID=1000
+ - GID=1000
+ - INIT_ASSETS=0
+ volumes:
+ - ./assets/:/www/assets
+ ports:
+ - 333:8080
diff --git a/docker-compose/httpd/docker-compose.yml.j2 b/docker-compose/httpd/docker-compose.yml.j2
new file mode 100644
index 00000000..96bed481
--- /dev/null
+++ b/docker-compose/httpd/docker-compose.yml.j2
@@ -0,0 +1,12 @@
+version: '3'
+services:
+ httpd-registry:
+ container_name: "httpd-registry"
+ image: httpd:bullseye
+ restart: always
+ volumes:
+ # mounte das lokale Verzeichnis in den Container, der Inhalt ist dann per http aufzurufen; reingeschrieben wird in den lokalen Ordner z.B. per scp aus der Pipeline heraus
+ - /mnt/httpd:/usr/local/apache2/htdocs/
+ - "${PWD}/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro"
+ ports:
+ - 3344:80
diff --git a/docker-compose/httpd/httpd.conf.j2 b/docker-compose/httpd/httpd.conf.j2
new file mode 100644
index 00000000..11eb767b
--- /dev/null
+++ b/docker-compose/httpd/httpd.conf.j2
@@ -0,0 +1,555 @@
+#
+# This is the main Apache HTTP server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See for detailed information.
+# In particular, see
+#
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
+# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
+# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
+# will be interpreted as '/logs/access_log'.
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used. If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
+#
+ServerRoot "/usr/local/apache2"
+
+#
+# Mutex: Allows you to set the mutex mechanism and mutex file directory
+# for individual mutexes, or change the global defaults
+#
+# Uncomment and change the directory if mutexes are file-based and the default
+# mutex file directory is not on a local disk or is not appropriate for some
+# other reason.
+#
+# Mutex default:logs
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule mpm_event_module modules/mod_mpm_event.so
+#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+#LoadModule mpm_worker_module modules/mod_mpm_worker.so
+LoadModule authn_file_module modules/mod_authn_file.so
+#LoadModule authn_dbm_module modules/mod_authn_dbm.so
+#LoadModule authn_anon_module modules/mod_authn_anon.so
+#LoadModule authn_dbd_module modules/mod_authn_dbd.so
+#LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_user_module modules/mod_authz_user.so
+#LoadModule authz_dbm_module modules/mod_authz_dbm.so
+#LoadModule authz_owner_module modules/mod_authz_owner.so
+#LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_core_module modules/mod_authz_core.so
+#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+#LoadModule auth_form_module modules/mod_auth_form.so
+#LoadModule auth_digest_module modules/mod_auth_digest.so
+#LoadModule allowmethods_module modules/mod_allowmethods.so
+#LoadModule isapi_module modules/mod_isapi.so
+#LoadModule file_cache_module modules/mod_file_cache.so
+#LoadModule cache_module modules/mod_cache.so
+#LoadModule cache_disk_module modules/mod_cache_disk.so
+#LoadModule cache_socache_module modules/mod_cache_socache.so
+#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+#LoadModule socache_dbm_module modules/mod_socache_dbm.so
+#LoadModule socache_memcache_module modules/mod_socache_memcache.so
+#LoadModule socache_redis_module modules/mod_socache_redis.so
+#LoadModule watchdog_module modules/mod_watchdog.so
+#LoadModule macro_module modules/mod_macro.so
+#LoadModule dbd_module modules/mod_dbd.so
+#LoadModule bucketeer_module modules/mod_bucketeer.so
+#LoadModule dumpio_module modules/mod_dumpio.so
+#LoadModule echo_module modules/mod_echo.so
+#LoadModule example_hooks_module modules/mod_example_hooks.so
+#LoadModule case_filter_module modules/mod_case_filter.so
+#LoadModule case_filter_in_module modules/mod_case_filter_in.so
+#LoadModule example_ipc_module modules/mod_example_ipc.so
+#LoadModule buffer_module modules/mod_buffer.so
+#LoadModule data_module modules/mod_data.so
+#LoadModule ratelimit_module modules/mod_ratelimit.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+#LoadModule ext_filter_module modules/mod_ext_filter.so
+#LoadModule request_module modules/mod_request.so
+#LoadModule include_module modules/mod_include.so
+LoadModule filter_module modules/mod_filter.so
+#LoadModule reflector_module modules/mod_reflector.so
+#LoadModule substitute_module modules/mod_substitute.so
+#LoadModule sed_module modules/mod_sed.so
+#LoadModule charset_lite_module modules/mod_charset_lite.so
+#LoadModule deflate_module modules/mod_deflate.so
+#LoadModule xml2enc_module modules/mod_xml2enc.so
+#LoadModule proxy_html_module modules/mod_proxy_html.so
+#LoadModule brotli_module modules/mod_brotli.so
+LoadModule mime_module modules/mod_mime.so
+#LoadModule ldap_module modules/mod_ldap.so
+LoadModule log_config_module modules/mod_log_config.so
+#LoadModule log_debug_module modules/mod_log_debug.so
+#LoadModule log_forensic_module modules/mod_log_forensic.so
+#LoadModule logio_module modules/mod_logio.so
+#LoadModule lua_module modules/mod_lua.so
+LoadModule env_module modules/mod_env.so
+#LoadModule mime_magic_module modules/mod_mime_magic.so
+#LoadModule cern_meta_module modules/mod_cern_meta.so
+#LoadModule expires_module modules/mod_expires.so
+LoadModule headers_module modules/mod_headers.so
+#LoadModule ident_module modules/mod_ident.so
+#LoadModule usertrack_module modules/mod_usertrack.so
+#LoadModule unique_id_module modules/mod_unique_id.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+#LoadModule remoteip_module modules/mod_remoteip.so
+#LoadModule proxy_module modules/mod_proxy.so
+#LoadModule proxy_connect_module modules/mod_proxy_connect.so
+#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+#LoadModule proxy_http_module modules/mod_proxy_http.so
+#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
+#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
+#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
+#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
+#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
+#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+#LoadModule proxy_express_module modules/mod_proxy_express.so
+#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
+#LoadModule session_module modules/mod_session.so
+#LoadModule session_cookie_module modules/mod_session_cookie.so
+#LoadModule session_crypto_module modules/mod_session_crypto.so
+#LoadModule session_dbd_module modules/mod_session_dbd.so
+#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+#LoadModule ssl_module modules/mod_ssl.so
+#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
+#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
+#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
+#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
+#LoadModule dialup_module modules/mod_dialup.so
+#LoadModule http2_module modules/mod_http2.so
+#LoadModule proxy_http2_module modules/mod_proxy_http2.so
+#LoadModule md_module modules/mod_md.so
+#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
+#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
+#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
+#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
+LoadModule unixd_module modules/mod_unixd.so
+#LoadModule heartbeat_module modules/mod_heartbeat.so
+#LoadModule heartmonitor_module modules/mod_heartmonitor.so
+#LoadModule dav_module modules/mod_dav.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+#LoadModule asis_module modules/mod_asis.so
+#LoadModule info_module modules/mod_info.so
+#LoadModule suexec_module modules/mod_suexec.so
+
+ #LoadModule cgid_module modules/mod_cgid.so
+
+
+ #LoadModule cgi_module modules/mod_cgi.so
+
+#LoadModule dav_fs_module modules/mod_dav_fs.so
+#LoadModule dav_lock_module modules/mod_dav_lock.so
+#LoadModule vhost_alias_module modules/mod_vhost_alias.so
+#LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule dir_module modules/mod_dir.so
+#LoadModule imagemap_module modules/mod_imagemap.so
+#LoadModule actions_module modules/mod_actions.so
+#LoadModule speling_module modules/mod_speling.so
+#LoadModule userdir_module modules/mod_userdir.so
+LoadModule alias_module modules/mod_alias.so
+#LoadModule rewrite_module modules/mod_rewrite.so
+
+
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User www-data
+Group www-data
+
+
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# definition. These values also provide defaults for
+# any containers you may define later in the file.
+#
+# All of these directives may appear inside containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. admin@your-domain.com
+#
+ServerAdmin you@example.com
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:80
+
+#
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other
+# blocks below.
+#
+
+ AllowOverride none
+ Require all granted
+
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/usr/local/apache2/htdocs"
+
+ #
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.4/mod/core.html#options
+ # for more information.
+ #
+ Options Indexes FollowSymLinks
+
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # AllowOverride FileInfo AuthConfig Limit
+ #
+ AllowOverride None
+
+ #
+ # Controls who can get stuff from this server.
+ #
+
+ # Ab hier alles für schöne Dir-listings
+ # https://perishablepress.com/better-default-directory-views-with-htaccess/
+ IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
+ Order allow,deny
+ Options +Indexes
+ Allow from all
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+
+ DirectoryIndex index.html
+
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+
+ Require all denied
+
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog /proc/self/fd/2
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per- access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ CustomLog /proc/self/fd/1 common
+
+ #
+ # If you prefer a logfile with access, agent, and referer information
+ # (Combined Logfile Format) you can use the following directive.
+ #
+ #CustomLog "logs/access_log" combined
+
+
+
+ #
+ # Redirect: Allows you to tell clients about documents that used to
+ # exist in your server's namespace, but do not anymore. The client
+ # will make a new request for the document at its new location.
+ # Example:
+ # Redirect permanent /foo http://www.example.com/bar
+
+ #
+ # Alias: Maps web paths into filesystem paths and is used to
+ # access content that does not live under the DocumentRoot.
+ # Example:
+ # Alias /webpath /full/filesystem/path
+ #
+ # If you include a trailing / on /webpath then the server will
+ # require it to be present in the URL. You will also likely
+ # need to provide a section to allow access to
+ # the filesystem path.
+
+ #
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ #
+ ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
+
+
+
+
+ #
+ # ScriptSock: On threaded servers, designate the path to the UNIX
+ # socket used to communicate with the CGI daemon of mod_cgid.
+ #
+ #Scriptsock cgisock
+
+
+#
+# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+
+ #
+ # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
+ # backend servers which have lingering "httpoxy" defects.
+ # 'Proxy' request header is undefined by the IETF, not listed by IANA
+ #
+ RequestHeader unset Proxy early
+
+
+
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig conf/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ # For type maps (negotiated resources):
+ #AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ #AddType text/html .shtml
+ #AddOutputFilter INCLUDES .shtml
+
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type. The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+#MIMEMagicFile conf/magic
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# MaxRanges: Maximum number of Ranges in a request before
+# returning the entire resource, or one of the special
+# values 'default', 'none' or 'unlimited'.
+# Default setting is to accept 200 Ranges.
+#MaxRanges unlimited
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it,
+# memory-mapping or the sendfile syscall may be used to deliver
+# files. This usually improves server performance, but must
+# be turned off when serving from networked-mounted
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+#EnableSendfile on
+
+# Supplemental configuration
+#
+# The configuration files in the conf/extra/ directory can be
+# included to add extra features or to modify the default configuration of
+# the server, or you may simply copy their contents here and change as
+# necessary.
+
+# Server-pool management (MPM specific)
+#Include conf/extra/httpd-mpm.conf
+
+# Multi-language error messages
+#Include conf/extra/httpd-multilang-errordoc.conf
+
+# Fancy directory listings
+Include conf/extra/httpd-autoindex.conf
+
+# Language settings
+#Include conf/extra/httpd-languages.conf
+
+# User home directories
+#Include conf/extra/httpd-userdir.conf
+
+# Real-time info on requests and configuration
+#Include conf/extra/httpd-info.conf
+
+# Virtual hosts
+#Include conf/extra/httpd-vhosts.conf
+
+# Local access to the Apache HTTP Server Manual
+#Include conf/extra/httpd-manual.conf
+
+# Distributed authoring and versioning (WebDAV)
+#Include conf/extra/httpd-dav.conf
+
+# Various default settings
+#Include conf/extra/httpd-default.conf
+
+# Configure mod_proxy_html to understand HTML4/XHTML1
+
+Include conf/extra/proxy-html.conf
+
+
+# Secure (SSL/TLS) connections
+#Include conf/extra/httpd-ssl.conf
+#
+# Note: The following must must be present to support
+# starting without SSL on platforms with no /dev/random equivalent
+# but a statically compiled-in mod_ssl.
+#
+
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+
diff --git a/docker-compose/librenms/.env.j2 b/docker-compose/librenms/.env.j2
new file mode 100644
index 00000000..1ed21b53
--- /dev/null
+++ b/docker-compose/librenms/.env.j2
@@ -0,0 +1,21 @@
+TZ=Europe/Paris
+PUID=1000
+PGID=1000
+
+MYSQL_DATABASE=librenms
+MYSQL_USER=librenms
+MYSQL_PASSWORD={{ lookup('keepass', 'librenms_mysql_password', 'password') }}
+
+MEMORY_LIMIT=256M
+UPLOAD_MAX_SIZE=16M
+OPCACHE_MEM_SIZE=128
+REAL_IP_FROM=0.0.0.0/32
+REAL_IP_HEADER=X-Forwarded-For
+LOG_IP_VAR=remote_addr
+
+LIBRENMS_SNMP_COMMUNITY=librenms
+MEMCACHED_HOST=memcached
+MEMCACHED_PORT=11211
+
+LIBRENMS_WEATHERMAP=false
+LIBRENMS_WEATHERMAP_SCHEDULE=*/5 * * * *
diff --git a/docker-compose/librenms/docker-compose.yml.j2 b/docker-compose/librenms/docker-compose.yml.j2
new file mode 100644
index 00000000..02e97b53
--- /dev/null
+++ b/docker-compose/librenms/docker-compose.yml.j2
@@ -0,0 +1,161 @@
+version: "3.5"
+
+services:
+ db:
+ image: mariadb:10.5
+ container_name: librenms_db
+ command:
+ - "mysqld"
+ - "--innodb-file-per-table=1"
+ - "--lower-case-table-names=0"
+ - "--character-set-server=utf8mb4"
+ - "--collation-server=utf8mb4_unicode_ci"
+ volumes:
+ - "mariadb:/var/lib/mysql"
+ environment:
+ - "TZ=${TZ}"
+ - "MYSQL_ALLOW_EMPTY_PASSWORD=yes"
+ - "MYSQL_DATABASE=${MYSQL_DATABASE}"
+ - "MYSQL_USER=${MYSQL_USER}"
+ - "MYSQL_PASSWORD=${MYSQL_PASSWORD}"
+ restart: always
+
+ memcached:
+ image: memcached:alpine
+ container_name: librenms_memcached
+ environment:
+ - "TZ=${TZ}"
+ restart: always
+
+ redis:
+ image: redis:5.0-alpine
+ container_name: librenms_redis
+ environment:
+ - "TZ=${TZ}"
+ restart: always
+
+ librenms:
+ image: librenms/librenms:latest
+ container_name: librenms
+ hostname: librenms
+ cap_add:
+ - NET_ADMIN
+ - NET_RAW
+ ports:
+ - target: 8000
+ published: 8000
+ protocol: tcp
+ depends_on:
+ - db
+ - memcached
+ volumes:
+ - "data:/data"
+ environment:
+ - "TZ=${TZ}"
+ - "PUID=${PUID}"
+ - "PGID=${PGID}"
+ - "DB_HOST=db"
+ - "DB_NAME=${MYSQL_DATABASE}"
+ - "DB_USER=${MYSQL_USER}"
+ - "DB_PASSWORD=${MYSQL_PASSWORD}"
+ - "DB_TIMEOUT=60"
+ - "REDIS_HOST=redis"
+ - "REDIS_PORT=6379"
+ - "REDIS_DB=0"
+ restart: always
+
+ dispatcher:
+ image: librenms/librenms:latest
+ container_name: librenms_dispatcher
+ hostname: librenms-dispatcher
+ cap_add:
+ - NET_ADMIN
+ - NET_RAW
+ depends_on:
+ - librenms
+ - redis
+ volumes:
+ - "data:/data"
+ environment:
+ - "TZ=${TZ}"
+ - "PUID=${PUID}"
+ - "PGID=${PGID}"
+ - "DB_HOST=db"
+ - "DB_NAME=${MYSQL_DATABASE}"
+ - "DB_USER=${MYSQL_USER}"
+ - "DB_PASSWORD=${MYSQL_PASSWORD}"
+ - "DB_TIMEOUT=60"
+ - "DISPATCHER_NODE_ID=dispatcher1"
+ - "REDIS_HOST=redis"
+ - "REDIS_PORT=6379"
+ - "REDIS_DB=0"
+ - "SIDECAR_DISPATCHER=1"
+ restart: always
+
+ syslogng:
+ image: librenms/librenms:latest
+ container_name: librenms_syslogng
+ hostname: librenms-syslogng
+ cap_add:
+ - NET_ADMIN
+ - NET_RAW
+ depends_on:
+ - librenms
+ ports:
+ - target: 514
+ published: 514
+ protocol: tcp
+ - target: 514
+ published: 514
+ protocol: udp
+ volumes:
+ - "data:/data"
+ environment:
+ - "TZ=${TZ}"
+ - "PUID=${PUID}"
+ - "PGID=${PGID}"
+ - "DB_HOST=db"
+ - "DB_NAME=${MYSQL_DATABASE}"
+ - "DB_USER=${MYSQL_USER}"
+ - "DB_PASSWORD=${MYSQL_PASSWORD}"
+ - "DB_TIMEOUT=60"
+ - "REDIS_HOST=redis"
+ - "REDIS_PORT=6379"
+ - "REDIS_DB=0"
+ - "SIDECAR_SYSLOGNG=1"
+ restart: always
+
+ snmptrapd:
+ image: librenms/librenms:latest
+ container_name: librenms_snmptrapd
+ hostname: librenms-snmptrapd
+ cap_add:
+ - NET_ADMIN
+ - NET_RAW
+ depends_on:
+ - librenms
+ ports:
+ - target: 162
+ published: 162
+ protocol: tcp
+ - target: 162
+ published: 162
+ protocol: udp
+ volumes:
+ - "data:/data"
+ environment:
+ - "TZ=${TZ}"
+ - "PUID=${PUID}"
+ - "PGID=${PGID}"
+ - "DB_HOST=db"
+ - "DB_NAME=${MYSQL_DATABASE}"
+ - "DB_USER=${MYSQL_USER}"
+ - "DB_PASSWORD=${MYSQL_PASSWORD}"
+ - "DB_TIMEOUT=60"
+ - "SIDECAR_SNMPTRAPD=1"
+ restart: always
+
+######## Volumes ########
+volumes:
+ mariadb:
+ data:
diff --git a/docker-compose/miniflux/docker-compose.yml.j2 b/docker-compose/miniflux/docker-compose.yml.j2
new file mode 100644
index 00000000..a9240e46
--- /dev/null
+++ b/docker-compose/miniflux/docker-compose.yml.j2
@@ -0,0 +1,99 @@
+version: '3'
+services:
+######## Miniflux ########
+ miniflux:
+ container_name: "mf-frontend"
+ image: miniflux/miniflux:latest
+ restart: always
+ depends_on:
+ - db
+ environment:
+ - DATABASE_URL=postgres://miniflux:{{ lookup('keepass', 'miniflux_postgres_password', 'password') }}@mf-db/miniflux?sslmode=disable
+ - RUN_MIGRATIONS=1
+# - CREATE_ADMIN=1
+# - ADMIN_USERNAME=adminmf
+# - ADMIN_PASSWORD={{ lookup('keepass', 'miniflux_admin_password', 'password') }}
+ - WORKER_POOL_SIZE=10
+ - POLLING_FREQUENCY=10
+ - CLEANUP_ARCHIVE_UNREAD_DAYS=-1
+ - CLEANUP_ARCHIVE_READ_DAYS=90
+ - TZ=Europe/Berlin
+ networks:
+ - intern
+ - traefik
+ labels:
+ - traefik.http.routers.miniflux.rule=Host(`miniflux.mgrote.net`)
+ - traefik.enable=true
+ - traefik.http.routers.miniflux.tls=true
+ - traefik.http.routers.miniflux.tls.certresolver=resolver_letsencrypt
+ - traefik.http.routers.miniflux.entrypoints=entry_https
+ - traefik.http.services.miniflux.loadbalancer.server.port=8080
+######## PostGreSQL ########
+ db:
+ container_name: "mf-db"
+ image: postgres:13
+ restart: always
+ environment:
+ - POSTGRES_USER=miniflux
+ - POSTGRES_PASSWORD={{ lookup('keepass', 'miniflux_postgres_password', 'password') }}
+ - TZ=Europe/Berlin
+ volumes:
+ - db:/var/lib/postgresql/data
+ networks:
+ - intern
+ labels:
+ - com.centurylinklabs.watchtower.enable="false"
+######## Miniflux-Filter ########
+ mf-filter:
+ container_name: mf-filter
+ restart: always
+ environment:
+ - TZ=Europe/Berlin
+ - MF_AUTH_TOKEN={{ lookup('keepass', 'miniflux_auth_token', 'password') }}
+ - MF_API_URL=https://miniflux.mgrote.net/v1
+ - MF_SLEEP=60
+ #- MF_DEBUG=1
+ image: quotengrote/miniflux-filter:latest
+ volumes:
+ - ./filter.txt:/data/filter.txt
+ networks:
+ - intern
+######## RSS-Bridge ########
+ rssbridge:
+ container_name: "mf-bridge"
+ image: rssbridge/rss-bridge:latest
+ restart: always
+ environment:
+ - TZ=Europe/Berlin
+ volumes:
+ - ./whitelist.txt:/app/whitelist.txt
+ networks:
+ - intern
+ ports: #um neue Feeds einzufügen
+ - 3001:80
+######## changedetection ########
+ changedetection.io:
+ image: ghcr.io/dgtlmoon/changedetection.io
+ container_name: mf-changedetection.io
+ hostname: changedetection.io
+ volumes:
+ - changedetection-data:/datastore
+ environment:
+ - PORT=5000
+ - BASE_URL=http://docker10.grote.lan:5000
+ ports:
+ - 5000:5000
+ restart: always
+ networks:
+ - intern
+
+######## Volumes ########
+volumes:
+ db:
+ changedetection-data:
+######## Networks ########
+networks:
+ traefik:
+ external: true
+ intern:
+ driver: bridge
diff --git a/docker-compose/miniflux/filter.txt b/docker-compose/miniflux/filter.txt
new file mode 100644
index 00000000..cf1253d1
--- /dev/null
+++ b/docker-compose/miniflux/filter.txt
@@ -0,0 +1,460 @@
+9to5linux.com::9to5Linux Weekly Roundup:
+astralcodexten.substack.com::Open Thread
+augengeradeaus.net::Sicherheitshalber der Podcast
+axios.com::Axios on HBO
+computerbase.de::Adrenalin 2020 Edition
+computerbase.de::Adrenalin 2021 Edition
+computerbase.de::Community: Fotowettbewerb
+computerbase.de::Fotowettbewerb:
+computerbase.de::Screenshot-Wettbewerb
+computerbase.de::Sonntagsfrage:
+computerbase.de::Wochenrück- und Ausblick:
+facebook.com::Bridge returned error
+golem.de::Anzeige
+golem.de::Aus dem Verlag:
+golem.de::Fifa
+golem.de::(g+)
+golem.de::in aller Kürze
+golem.de::In eigener Sache
+golem.de::kurznews
+golem.de::Marvel
+golem.de::Sonst noch was?
+golem.de::Star Trek:
+golem.de::Tech Talks:
+golem.de::Wochenrückblick
+hardwareluxx.de::Der Hardwareluxx-Webwatch:
+hardwareluxx.de::Unsere Artikel der letzten Woche
+heise.de::Anzeige
+heise.de::Auslegungssache
+heise.de::Bit-Rauschen
+heise.de::Bit-Rauschen, der Prozessor-Podcast
+heise.de::c't
+heise.de::c’t-Webinar:
+heise.de::Desinfec
+heise.de::Die Bilder der Woche
+heise.de::Die Bilder der Woche (KW
+heise.de::Die Highlights bei
+heise.de::Die Hupe
+heise.de::Dienstag
+heise.de::Dienstag:
+heise.de::Die Produktwerker
+heise.de::Ferris Talk
+heise.de::FIFA
+heise.de::Freitag
+heise.de::Fußball-WM
+heise.de::heise+
+heise.de::heise+ |
+heise.de::heise-Angebot:
+heise.de::Heise-Konferenz
+heise.de::heise meets
+heise.de::heise meets…
+heise.de::#heiseshow
+heise.de::heiseshow
+heise.de::Heise spielt
+heise.de::iX-Workshop
+heise.de::Kurz informiert:
+heise.de::Mac & i Extra:
+heise.de::Missing Link
+heise.de::Mittwoch
+heise.de::Montag
+heise.de::Podcast
+heise.de::Podcast "Die Hupe"
+heise.de::Podcast Die Hupe
+heise.de::Podcast "Die Produktwerker"
+heise.de::samstag
+heise.de::SoftwareArchitekTOUR
+heise.de::software-architektur.tv
+heise.de::Sonderheft
+heise.de::sonntag
+heise.de::t 3003
+heise.de::Tech2go-Podcast:
+heise.de::TechStage
+heise.de::TechStage |
+heise.de::t Fotografie
+heise.de::t Fotografie-Wettbewerb
+heise.de::#TGIQF
+heise.de::TGIQF
+heise.de::t uplink
+heise.de::t zockt
+heise.de::uplink
+heise.de::Was war. Was wird.
+heise.de::WM 2022
+heise.de::zockt
+heise.de::Zugriff auf alle Inhalte von heise+
+instagram.com::Bridge returned error
+mdr.de::Fussball
+mdr.de::Fußball
+mdr.de::Leichtathletik:
+mdr.de::Link des Audios
+mdr.de::Link des Videos
+mdr.de::Livestream
+mdr.de::#MDRklärt:
+mdr.de::Pferdesport:
+mdr.de::Podcast:
+mdr.de::Podcast "digital Leben"
+mdr.de::Podcast "digital Leben":
+mdr.de::Podcastserie
+mdr.de::Schwimmen:
+mf-bridge::Bridge encountered an unexpected situation
+monkeyuser.com::AdLitteram
+netzpolitik.org::KW
+netzpolitik.org::NPP
+planet3dnow.de::AIDA64 Version
+planet3dnow.de::Blender
+planet3dnow.de::CrystalDiskInfo
+planet3dnow.de::CrystalDiskMark
+planet3dnow.de::DesktopOK
+planet3dnow.de::Display Driver Uninstaller (DDU)
+planet3dnow.de::FreeCommander XE
+planet3dnow.de::FurMark
+planet3dnow.de::GPU‑Z
+planet3dnow.de::HWiNFO64
+planet3dnow.de::KiTTY
+planet3dnow.de::LibreOffice 7
+planet3dnow.de::MC Extractor
+planet3dnow.de::Media Player Classic
+planet3dnow.de::Neue Downloads der KW
+planet3dnow.de::Notepad++
+planet3dnow.de::NVCleanstall v
+planet3dnow.de::Nvidia GeForce-Treiber
+planet3dnow.de::paint.net
+planet3dnow.de::PowerToys v
+planet3dnow.de::Prime95
+planet3dnow.de::Process Lasso
+planet3dnow.de::Quick CPU
+planet3dnow.de::Radeon Software Adrenalin
+planet3dnow.de::Rufus
+planet3dnow.de::Ryzen Master
+planet3dnow.de::Sysinternals Suite
+planet3dnow.de::System Information Viewer Version
+planet3dnow.de::SystemRescue
+planet3dnow.de::Thunderbird
+planet3dnow.de::Universal Media Server
+planet3dnow.de::WinRAR
+planet3dnow.de::WinSCP
+planet3dnow.de::ZenTimings
+portuguesegeese.com::portuguesegeese.com
+reddit.com::UEFA
+stackoverflow.blog::Podcast
+stackoverflow.blog::The Overflow
+stadt-bremerhaven.de::Bundesliga
+stadt-bremerhaven.de::Disney+
+stadt-bremerhaven.de::eFootball
+stadt-bremerhaven.de::FIFA
+stadt-bremerhaven.de::Formel 1
+stadt-bremerhaven.de::Immer wieder sonntags KW
+stadt-bremerhaven.de::Sky Ticket
+stadt-bremerhaven.de::(Werbung)
+stadt-bremerhaven.de::WM 2022
+sueddeutsche.de::1:1
+sueddeutsche.de::1860 München
+sueddeutsche.de::1. FC Kaiserslautern:
+sueddeutsche.de::1. FC Köln
+sueddeutsche.de::1. FC Union
+sueddeutsche.de::3. Liga
+sueddeutsche.de::Afrika-Cup:
+sueddeutsche.de::Alphonso Davies
+sueddeutsche.de::American Football:
+sueddeutsche.de::Arminia Bielefeld:
+sueddeutsche.de::ATP-
+sueddeutsche.de::ATP Finals
+sueddeutsche.de::Australian Open:
+sueddeutsche.de::Auswärtstor
+sueddeutsche.de::Barça
+sueddeutsche.de::Basketball
+sueddeutsche.de::Bayern
+sueddeutsche.de::Belenenses
+sueddeutsche.de::Berlinale
+sueddeutsche.de::Biathlon
+sueddeutsche.de::Bobfahr
+sueddeutsche.de::Borussia
+sueddeutsche.de::Borussia Dortmund:
+sueddeutsche.de::Bundesliga
+sueddeutsche.de::BVB
+sueddeutsche.de::Carlos Alcaraz
+sueddeutsche.de::Champions-League
+sueddeutsche.de::Conference League
+sueddeutsche.de::Conference-League
+sueddeutsche.de::Daniil Medwedew
+sueddeutsche.de::Darts
+sueddeutsche.de::Darts-WM:
+sueddeutsche.de::Davis Cup
+sueddeutsche.de::Derby
+sueddeutsche.de::Deutsche Nationalmannschaft
+sueddeutsche.de::Deutsche U21:
+sueddeutsche.de::DFB
+sueddeutsche.de::DFB-Elf
+sueddeutsche.de::DFB-Pokal
+sueddeutsche.de::DFL-Supercup
+sueddeutsche.de::Djokovic
+sueddeutsche.de::Dressur-Weltmeister
+sueddeutsche.de::Drittliga
+sueddeutsche.de::Eintracht
+sueddeutsche.de::Eisbären Berlin
+sueddeutsche.de::Eishockey-WM:
+sueddeutsche.de::Eiskunstl
+sueddeutsche.de::Eisschnelllauf
+sueddeutsche.de::Elfmeter
+sueddeutsche.de::EM:
+sueddeutsche.de::Emil Forsberg
+sueddeutsche.de::Englisches Nationalteam:
+sueddeutsche.de::ESC-Finale
+sueddeutsche.de::Euroleague
+sueddeutsche.de::Europa League
+sueddeutsche.de::Europa League:
+sueddeutsche.de::Europameister
+sueddeutsche.de::Europapokal
+sueddeutsche.de::Eurovision Song Contest
+sueddeutsche.de::Eurovision Song Contest:
+sueddeutsche.de::FC Augsburg
+sueddeutsche.de::FC Barcelona
+sueddeutsche.de::FC Chelsea:
+sueddeutsche.de::FC Sevilla
+sueddeutsche.de::Formel 1
+sueddeutsche.de::Frankfurt
+sueddeutsche.de::French Open
+sueddeutsche.de::Fussball
+sueddeutsche.de::Fußball
+sueddeutsche.de::Fußball-EM
+sueddeutsche.de::Fußballern
+sueddeutsche.de::Fußball in England:
+sueddeutsche.de::Fußballtorwart
+sueddeutsche.de::Fußball-WM
+sueddeutsche.de::Galopp
+sueddeutsche.de::Gerard López
+sueddeutsche.de::Gladbach
+sueddeutsche.de::Glasgow Rangers
+sueddeutsche.de::Golf:
+sueddeutsche.de::Guardiola
+sueddeutsche.de::Halbfinale
+sueddeutsche.de::Handball-EM:
+sueddeutsche.de::Handball-WM
+sueddeutsche.de::Hannover 96:
+sueddeutsche.de::Heldenfußball
+sueddeutsche.de::Hertha
+sueddeutsche.de::Hinspiel
+sueddeutsche.de::Hochspring
+sueddeutsche.de::HSV
+sueddeutsche.de::Ibrahimović
+sueddeutsche.de::"Ich bin ein Star"
+sueddeutsche.de::Infantino
+sueddeutsche.de::Inter Mailand
+sueddeutsche.de::Joachim Löw
+sueddeutsche.de::Julian Nagelsmann
+sueddeutsche.de::Juve
+sueddeutsche.de::Kevin Trapp
+sueddeutsche.de::Klopp
+sueddeutsche.de::Klosterhalfen
+sueddeutsche.de::La Boum:
+sueddeutsche.de::La Liga
+sueddeutsche.de::Länderspiel
+sueddeutsche.de::Lazio Rom
+sueddeutsche.de::Leichtathletik:
+sueddeutsche.de::Leichtathletik-Weltmeisterschaft
+sueddeutsche.de::Leichtathletik-WM
+sueddeutsche.de::Leichtathletik-WM:
+sueddeutsche.de::Leon Draisaitl
+sueddeutsche.de::leute:
+sueddeutsche.de::Leverkusen
+sueddeutsche.de::Lewandowski
+sueddeutsche.de::Lewis Hamilton
+sueddeutsche.de::LIV Tour
+sueddeutsche.de::Los Angeles Lakers
+sueddeutsche.de::Manchester City
+sueddeutsche.de::Manchester United
+sueddeutsche.de::ManCity
+sueddeutsche.de::ManUnited
+sueddeutsche.de::Mbappé
+sueddeutsche.de::Messi
+sueddeutsche.de::Miroslav Klose
+sueddeutsche.de::Monza
+sueddeutsche.de::Mourinho
+sueddeutsche.de::Musiala
+sueddeutsche.de::Nadal
+sueddeutsche.de::Nationalmannschaft
+sueddeutsche.de::Nations League
+sueddeutsche.de::NBA
+sueddeutsche.de::Neujahrsspringen
+sueddeutsche.de::NFL
+sueddeutsche.de::Niklas Süle:
+sueddeutsche.de::Nordische Ski-WM
+sueddeutsche.de::Olympia
+sueddeutsche.de::Olympia:
+sueddeutsche.de::Olympia 2022:
+sueddeutsche.de::Olympia-Ticker:
+sueddeutsche.de::Olympischen Spielen:
+sueddeutsche.de::Olympische Spiele:
+sueddeutsche.de::Olympische Winterspiele:
+sueddeutsche.de::OSC Lille
+sueddeutsche.de::Paralympics:
+sueddeutsche.de::Paris Saint-Germain
+sueddeutsche.de::Pep Guardiola
+sueddeutsche.de::Pferdesport
+sueddeutsche.de::Playoffs
+sueddeutsche.de::Podcasts-Tipps im
+sueddeutsche.de::Podcast-Tipps
+sueddeutsche.de::Pokal-Sieg
+sueddeutsche.de::Polizeiruf 110
+sueddeutsche.de::Prantls Blick:
+sueddeutsche.de::Premier
+sueddeutsche.de::Premier League
+sueddeutsche.de::PSV Eindhoven
+sueddeutsche.de::Qualifikationsspiel
+sueddeutsche.de::Raducanu
+sueddeutsche.de::Rangnick
+sueddeutsche.de::RB Leipzig:
+sueddeutsche.de::Real Madrid
+sueddeutsche.de::Reiten
+sueddeutsche.de::Reit-WM
+sueddeutsche.de::Relegation
+sueddeutsche.de::Robin Gosens
+sueddeutsche.de::Rodel-
+sueddeutsche.de::Rodeln:
+sueddeutsche.de::Ronaldo
+sueddeutsche.de::Rudern
+sueddeutsche.de::SC Freiburg
+sueddeutsche.de::Schach-WM
+sueddeutsche.de::Schalke
+sueddeutsche.de::Schiedsrichter
+sueddeutsche.de::Schwimmen:
+sueddeutsche.de::Schwimm-WM
+sueddeutsche.de::Serien des Monats
+sueddeutsche.de::Ski alpin
+sueddeutsche.de::Ski alpin:
+sueddeutsche.de::Skilanglauf
+sueddeutsche.de::Skirenn
+sueddeutsche.de::Skispringen
+sueddeutsche.de::Ski-Weltcup
+sueddeutsche.de::Slalomfahr
+sueddeutsche.de::Stanley Cup
+sueddeutsche.de::ST. Pauli
+sueddeutsche.de::Stürmer
+sueddeutsche.de::Super Bowl
+sueddeutsche.de::Super Bowl Sunday:
+sueddeutsche.de::Supercup
+sueddeutsche.de::Supercup live
+sueddeutsche.de::Super League
+sueddeutsche.de::Synchronschwimmen:
+sueddeutsche.de::SZ-Audioreihe
+sueddeutsche.de::SZ-Kolumne "Bester Dinge":
+sueddeutsche.de::SZ-Kolumne "Mitten in ...":
+sueddeutsche.de::SZ-Plus-Abonnenten lesen auch
+sueddeutsche.de::SZ-Podcast
+sueddeutsche.de::SZ-Podcast "Und nun zum Sport":
+sueddeutsche.de::Tabellenspitze
+sueddeutsche.de::"Tatort"
+sueddeutsche.de::Tatort aus
+sueddeutsche.de::Tatort München:
+sueddeutsche.de::Teamspringen
+sueddeutsche.de::Tennis
+sueddeutsche.de::Tennis:
+sueddeutsche.de::Three Lions:
+sueddeutsche.de::Timo Boll
+sueddeutsche.de::Tischtennis WM:
+sueddeutsche.de::Toni Kroos
+sueddeutsche.de::Tottenham
+sueddeutsche.de::Trikots
+sueddeutsche.de::TSG Hoffenheim
+sueddeutsche.de::Tuchel
+sueddeutsche.de::Türkgücü München
+sueddeutsche.de::Ukrainisches Tagebuch
+sueddeutsche.de::Uli Hoeneß
+sueddeutsche.de::Union Berlin
+sueddeutsche.de::US Open
+sueddeutsche.de::VfB Stuttgart
+sueddeutsche.de::VfL
+sueddeutsche.de::VfL Wolfsburg
+sueddeutsche.de::Vierschanzentournee
+sueddeutsche.de::Viertelfinal
+sueddeutsche.de::Weitspr
+sueddeutsche.de::Werder
+sueddeutsche.de::Wimbledon
+sueddeutsche.de::WM-Qualifikation
+sueddeutsche.de::WM-Silber
+sueddeutsche.de::WM-Ticket
+sueddeutsche.de::WM-Titel
+sueddeutsche.de::Zlatan
+tagesschau.de::Alpine-Super-Kombination:
+tagesschau.de::American Football:
+tagesschau.de::Auslandspodcast
+tagesschau.de::Bahnrad
+tagesschau.de::Bayern München
+tagesschau.de::Biathl
+tagesschau.de::Boateng
+tagesschau.de::Bremer SV
+tagesschau.de::Bundesliga
+tagesschau.de::BVB
+tagesschau.de::Carlsen
+tagesschau.de::Champions League
+tagesschau.de::Darts-
+tagesschau.de::Darts-WM:
+tagesschau.de::DFB
+tagesschau.de::DFB-Bundesgericht
+tagesschau.de::Dressurreit
+tagesschau.de::Eintracht
+tagesschau.de::Eishockey:
+tagesschau.de::Eishockey-WM:
+tagesschau.de::EM:
+tagesschau.de::ESC-Finale
+tagesschau.de::European Championships
+tagesschau.de::Fashion Week
+tagesschau.de::Football
+tagesschau.de::Formel 1:
+tagesschau.de::Formel-1
+tagesschau.de::Freiwasser-
+tagesschau.de::Fußball
+tagesschau.de::Fußball-Bundesliga
+tagesschau.de::Fußball-EM
+tagesschau.de::Gladbach
+tagesschau.de::Handball:
+tagesschau.de::Handball-EM:
+tagesschau.de::Hertha BSC
+tagesschau.de::Hoffenheim
+tagesschau.de::Klippenspring
+tagesschau.de::Klosterhalfen
+tagesschau.de::Kostic
+tagesschau.de::Leichtathletik-WM:
+tagesschau.de::Liveblog
+tagesschau.de::Livestream
+tagesschau.de::Mehrkamp
+tagesschau.de::Nationalmannschaft
+tagesschau.de::Nationaltrainer
+tagesschau.de::Nepomnjaschtschi
+tagesschau.de::Neujahrsspringen
+tagesschau.de::Olympia-
+tagesschau.de::Olympia:
+tagesschau.de::Olympischen Winterspiele:
+tagesschau.de::Olympische Winterspiele:
+tagesschau.de::Paralympics
+tagesschau.de::Remis
+tagesschau.de::Riesenslalom:
+tagesschau.de::RKI meldet
+tagesschau.de::Rodel-
+tagesschau.de::Schach-WM:
+tagesschau.de::Schwimm-EM
+tagesschau.de::Schwimm-WM:
+tagesschau.de::Ski Alpin:
+tagesschau.de::Skispring
+tagesschau.de::Sondersendung:
+tagesschau.de::Springreiter
+tagesschau.de::Sprintstaffel
+tagesschau.de::Stefan Kuntz
+tagesschau.de::Tabellenspitze
+tagesschau.de::Tennis
+tagesschau.de::Trainerwechsel
+tagesschau.de::Tuchel
+tagesschau.de::UEFA
+tagesschau.de::Verstappen
+tagesschau.de::Vierschanzentournee
+tagesschau.de::Wasserspringen:
+tagesschau.de::Weitsprung
+tagesschau.de::Werders
+tagesschau.de::WM-Auftakt
+tagesschau.de::WM-Gold
+tagesschau.de::WM-Qualifikation
+tagesschau.de::WM-Viertelfinale
+tagesschau.de::Zukunftspodcast
+tagesschau.de::Zweierbob:
+theguardian.com::Guardiola
+theguardian.com::Manchester United
+toonhole.com::Bernai
diff --git a/docker-compose/miniflux/sort_and_remove_double_entries.sh b/docker-compose/miniflux/sort_and_remove_double_entries.sh
new file mode 100644
index 00000000..876c3b25
--- /dev/null
+++ b/docker-compose/miniflux/sort_and_remove_double_entries.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+FILTERFILE=./filter.txt
+VORHER=$(wc -l < $FILTERFILE)
+echo Sortiere und filtere doppelte Zeilen heraus.
+sort filter.txt | uniq -u -i | cat > .tmp
+NACHHER=$(wc -l < .tmp)
+echo Es wurden $((VORHER-NACHHER)) Zeilen entfernt!
+mv -f .tmp filter.txt
diff --git a/docker-compose/miniflux/whitelist.txt b/docker-compose/miniflux/whitelist.txt
new file mode 100644
index 00000000..d95e62ed
--- /dev/null
+++ b/docker-compose/miniflux/whitelist.txt
@@ -0,0 +1,5 @@
+TwitterBridge
+WikipediaBridge
+YoutubeBridge
+FacebookBridge
+InstagramBridge
diff --git a/docker-compose/munin/docker-compose.yml.j2 b/docker-compose/munin/docker-compose.yml.j2
new file mode 100644
index 00000000..4fd6230e
--- /dev/null
+++ b/docker-compose/munin/docker-compose.yml.j2
@@ -0,0 +1,41 @@
+version: '3'
+services:
+ munin:
+ container_name: "munin-master-prod"
+ image: quotengrote/munin-server
+ restart: always
+ environment:
+ - MAILCONTACT=michael.grote@posteo.de
+ - MAILSERVER=smtp.strato.de
+ - MAILPORT=587
+ - MAILUSER=info@mgrote.net
+ - MAILPASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
+ - MAILFROM=info@mgrote.net
+ - MAILNAME=Munin-Prod
+ - MAILDOMAIN=mgrote.net
+ - TZ=Europe/Berlin
+ - DISABLELOCALNODE=yes
+ - CRONDELAY=5
+ - 'NODES=
+ fileserver2.grote.lan:fileserver2.grote.lan
+ acng.grote.lan:acng.grote.lan
+ ansible2.grote.lan:ansible2.grote.lan
+ pve2.grote.lan:pve2.grote.lan
+ dokuwiki2.grote.lan:dokuwiki2.grote.lan
+ gitea.grote.lan:gitea.grote.lan
+ docker10.grote.lan:docker10.grote.lan
+ dnsmasq.grote.lan:dnsmasq.grote.lan'
+ # z.B.
+ # computer-test.grote.lan.test:192.68.2.4
+ # computer.grote.lan:computer.grote.lan
+ volumes:
+ - db:/var/lib/munin
+ - logs:/var/log/munin
+ - cache:/var/cache/munin
+ ports:
+ - 1234:80
+
+volumes:
+ db:
+ logs:
+ cache:
diff --git a/docker-compose/navidrome/docker-compose.yml.j2 b/docker-compose/navidrome/docker-compose.yml.j2
new file mode 100644
index 00000000..48ddfd4a
--- /dev/null
+++ b/docker-compose/navidrome/docker-compose.yml.j2
@@ -0,0 +1,54 @@
+version: '3'
+services:
+######## navidrome-mg ########
+ navidrome-mg:
+ container_name: "navidrome-mg"
+ image: deluan/navidrome:latest
+ restart: always
+ environment:
+ - ND_LOGLEVEL=info
+ - ND_SESSIONTIMEOUT=24h
+ - ND_MUSICFOLDER=/music
+ - ND_DATAFOLDER=/data
+ - ND_SCANSCHEDULE=6 * * * *
+ - ND_TRANSCODINGCACHESIZE=500MB
+ - ND_IMAGECACHESIZE=100MB
+ - ND_AUTOIMPORTPLAYLISTS=false
+ - ND_BASEURL=/mg
+ - ND_ENABLESTARRATING=false
+ - ND_ENABLEGRAVATAR=false
+ - ND_LASTFM_ENABLED=false
+ - ND_ENABLETRANSCODINGCONFIG=true
+ - PUID=1000
+ - PGID=1000
+ - TZ=Europe/Berlin
+ - ND_ENABLE_EXTERNAL_SERVICES=false
+ volumes:
+ - musik_smb_mg:/music:ro
+ - data:/data
+ networks:
+ - traefik
+ labels:
+ - traefik.http.routers.navidrome-mg.rule=Host(`audio.mgrote.net`)&&PathPrefix(`/mg`)
+ - traefik.enable=true
+ - traefik.http.routers.navidrome-mg.tls=true
+ - traefik.http.routers.navidrome-mg.tls.certresolver=resolver_letsencrypt
+ - traefik.http.routers.navidrome-mg.entrypoints=entry_https
+ - traefik.http.services.navidrome-mg.loadbalancer.server.port=4533
+ ports:
+ - "4533:4533"
+
+
+######## Volumes ########
+volumes:
+ data:
+ musik_smb_mg: # Verzeichnis in restic aus Backup ausnehmen!
+ driver: local
+ driver_opts:
+ type: "cifs"
+ o: "user=navidrome,password={{ lookup('keepass', 'navidrome_smb_share_password', 'password') }}"
+ device: "//192.168.2.36/musik/Musik"
+######## Networks ########
+networks:
+ traefik:
+ external: true
diff --git a/docker-compose/nextcloud/.env.j2 b/docker-compose/nextcloud/.env.j2
new file mode 100644
index 00000000..6bf61d52
--- /dev/null
+++ b/docker-compose/nextcloud/.env.j2
@@ -0,0 +1,5 @@
+MYSQL_ROOT_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}
+MYSQL_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}
+REDIS_HOST_PASSWORD={{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}
+SMTP_PASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
+NC_MAJOR_VERSION=23
diff --git a/docker-compose/nextcloud/docker-compose.yml.j2 b/docker-compose/nextcloud/docker-compose.yml.j2
new file mode 100644
index 00000000..5553b5e3
--- /dev/null
+++ b/docker-compose/nextcloud/docker-compose.yml.j2
@@ -0,0 +1,117 @@
+version: '3.3'
+services:
+######## Datenbank ########
+ nextcloud-db:
+ image: mariadb
+ container_name: nextcloud-db
+ command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
+ restart: unless-stopped
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/timezone:/etc/timezone:ro
+ - db:/var/lib/mysql
+ environment:
+ - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+ - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+ - MYSQL_DATABASE=nextcloud
+ - MYSQL_USER=nextcloud
+ - MYSQL_INITDB_SKIP_TZINFO=1
+ networks:
+ - intern
+ labels:
+ - com.centurylinklabs.watchtower.enable="false"
+######## Redis ########
+ nextcloud-redis:
+ image: redis:alpine
+ container_name: nextcloud-redis
+ hostname: nextcloud-redis
+ networks:
+ - intern
+ restart: unless-stopped
+ command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
+ labels:
+ - com.centurylinklabs.watchtower.enable="false"
+######## cron ########
+ cron:
+ container_name: nextcloud-cron
+ image: rcdailey/nextcloud-cronjob
+ restart: unless-stopped
+ network_mode: none
+ depends_on:
+ - nextcloud-app
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - /etc/localtime:/etc/localtime:ro
+ environment:
+ - NEXTCLOUD_CONTAINER_NAME=nextcloud-app
+ - NEXTCLOUD_CRON_MINUTE_INTERVAL=1
+######## Nextcloud ########
+ nextcloud-app:
+ image: nextcloud:${NC_MAJOR_VERSION}
+ container_name: nextcloud-app
+ restart: unless-stopped
+ depends_on:
+ - nextcloud-db
+ - nextcloud-redis
+ environment:
+ REDIS_HOST: nextcloud-redis
+ REDIS_HOST_PASSWORD: ${REDIS_HOST_PASSWORD}
+ MYSQL_DATABASE: nextcloud
+ MYSQL_USER: nextcloud
+ MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+ MYSQL_HOST: nextcloud-db
+ NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
+ SMTP_HOST: smtp.strato.de
+ SMTP_SECURE: tls
+ SMTP_PORT: 587
+ SMTP_AUTHTYPE: LOGIN
+ SMTP_NAME: info@mgrote.net
+ SMTP_PASSWORD: ${SMTP_PASSWORD}
+ MAIL_FROM_ADDRESS: info@mgrote.net
+ PHP_MEMORY_LIMIT: 1024M
+ PHP_UPLOAD_LIMIT: 10G
+ APACHE_DISABLE_REWRITE_IP: 1
+ TRUSTED_PROXIES: "192.168.2.43" # docker10.grote.lan/traefik #prüfen
+ volumes:
+ - app:/var/www/html
+ - data:/var/www/html/data
+ networks:
+ - intern
+# ports:
+# - 80:80
+ networks:
+ - intern
+ - traefik
+ labels:
+ - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mgrote.net`)
+ - traefik.enable=true
+ - traefik.http.routers.nextcloud.tls=true
+ - traefik.http.routers.nextcloud.tls.certresolver=resolver_letsencrypt
+ - traefik.http.routers.nextcloud.entrypoints=entry_https
+ - traefik.http.services.nextcloud.loadbalancer.server.port=80
+
+ - traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex="^/.well-known/ca(l|rd)dav"
+ - traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement="/remote.php/dav/"
+
+ - traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains=false
+ - traefik.http.middlewares.nextcloud-hsts.headers.stspreload=true
+ - traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552001
+ - traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment=false
+
+ - traefik.http.routers.nextcloud.middlewares=nextcloud-hsts@docker,nextcloud-webdav@docker
+
+######## Networks ########
+networks:
+ intern:
+ driver: bridge
+ traefik:
+ external: true
+######## Volumes ########
+volumes:
+ db:
+ app:
+ data:
+
+######## Doku ########
+# Telefonregion
+# docker exec --user www-data nextcloud-app php occ config:system:set default_phone_region --value="DE"
diff --git a/docker-compose/nextcloud/e-mail_settings.png b/docker-compose/nextcloud/e-mail_settings.png
new file mode 100644
index 00000000..18826693
Binary files /dev/null and b/docker-compose/nextcloud/e-mail_settings.png differ
diff --git a/docker-compose/oxidized/config.j2 b/docker-compose/oxidized/config.j2
new file mode 100644
index 00000000..d6ac579b
--- /dev/null
+++ b/docker-compose/oxidized/config.j2
@@ -0,0 +1,34 @@
+source:
+ default: csv
+ csv:
+ file: /var/lib/oxidized/router.db
+ delimiter: !ruby/regexp /:/
+ map:
+ name: 0
+ ip: 1
+ model: 2
+ username: 3
+ password: 4
+ vars_map:
+ enable: 5
+
+# enable WebGUI
+rest: 0.0.0.0:8888
+
+# debug
+# debug: true
+
+output:
+ default: git
+ git:
+ user: oxidized
+ email: oxidized@grote.lan
+ repo: "/var/lib/oxidized/devices.git"
+
+hooks:
+ push_to_remote:
+ type: githubrepo
+ events: [post_store]
+ remote_repo: ssh://gitea@git.mgrote.net:2222/mg/oxidized-configs.git
+ publickey: /ssh/id_rsa.pub
+ privatekey: /ssh/id_rsa
diff --git a/docker-compose/oxidized/docker-compose.yml.j2 b/docker-compose/oxidized/docker-compose.yml.j2
new file mode 100644
index 00000000..18cb0314
--- /dev/null
+++ b/docker-compose/oxidized/docker-compose.yml.j2
@@ -0,0 +1,35 @@
+version: '3.3'
+services:
+ oxidized:
+ restart: always
+ container_name: "oxidized"
+ image: oxidized/oxidized:latest
+ ports:
+ - 8888:8888/tcp
+ environment:
+ CONFIG_RELOAD_INTERVAL: 600
+ volumes:
+ - ./router.db:/var/lib/oxidized/router.db
+ - ./config:/root/.config/oxidized/config
+ - ./ssh:/ssh/
+ - oxidized:/var/lib/oxidized
+
+######## Volumes ########
+volumes:
+ oxidized:
+
+# auf git.mgrote.net ist "docker-oxidized" als user angelegt und die ssh-keys sind in seinem Nutzerprofil hinterlegt
+# von Nutzer "mg" sind die beiden oxidized Repos an "docker-oxidized" geteilt
+
+# ssh:
+# die ssh-keys müsen im alten pem-format vorliegen
+# https://github.com/ytti/oxidized/pull/2453/commits/a67a7204f65be8c564144e23012844fcff5444b5
+
+# erstellen:
+# 1. ssh-keygen (ohne alles)
+# 2. ssh-keygen -p -m PEM -f
+# 3. chmod 0660 id_rsa*
+# 4. Key in ansible-vault/KeePass hinterlegen
+
+# hardware:
+# oxidized besitzt jeweils einen user auf jedem Gerät mit der Policy "read-only"
diff --git a/docker-compose/oxidized/router.db.j2 b/docker-compose/oxidized/router.db.j2
new file mode 100644
index 00000000..31f51554
--- /dev/null
+++ b/docker-compose/oxidized/router.db.j2
@@ -0,0 +1,5 @@
+rb5009.grote.lan:192.168.2.1:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_rb5009', 'password') }}
+crs309.grote.lan:192.168.2.224:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs309', 'password') }}
+nanohd-wohnzimmer.grote.lan:192.168.2.35:airos:ubi_ssh_admin:{{ lookup('keepass', 'docker_oxidized_nanohd', 'password') }}
+crs305.grote.lan:192.168.2.225:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs305', 'password') }}
+hex.grote.lan:192.168.3.144:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_hex', 'password') }}
diff --git a/docker-compose/oxidized/ssh/id_rsa.j2 b/docker-compose/oxidized/ssh/id_rsa.j2
new file mode 100644
index 00000000..208359be
--- /dev/null
+++ b/docker-compose/oxidized/ssh/id_rsa.j2
@@ -0,0 +1 @@
+{{ lookup('keepass', 'docker_oxidized_gitea_ssh_key_private', 'notes') }}
diff --git a/docker-compose/oxidized/ssh/id_rsa.pub b/docker-compose/oxidized/ssh/id_rsa.pub
new file mode 100644
index 00000000..f6ac6d1d
--- /dev/null
+++ b/docker-compose/oxidized/ssh/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiSAQC6Ayt6c9FSrJFBuuGmNpAU/cTDt+s9fy5l4LXOlY+255+ny0IDwfSYBx0e4DtOcpMnaOBazBSONc9zPAU+JFfX7XnO00ion4zHdoviy4TGYO+26L08srobU2sggZnIZLdXIXflpB2t80L2VfJa0RruARjDOAwAv1pM2JqWLjI1be1s8VvY6cj4ki5vl2xkKLBviIS/tBTgdIxtr/+S6U5az+wuopzEO6bXgIoye8ZvwWRVbqWhWwSarntX1yLfDHjFg5IIP9T5j1ySK/dgNL632JZhqM36F4LYEHiTZ4myAE7dCk08HIneQ3O5K4mWgRDKShBpPrWRMGKQouH0N0uoXVu24R7nBio3poVP0dY0TInhWtjIrY8vmdebHQGThNtTwXCBmBHX40UAkKSUuy98gzXa5X068ohvoWzOBHhSk9XY2upPwPEf3qga+mB98aH6UqjcI6/CHi2dIGOL5z8WbYBLhHJQo/hp7lVgLCbpQVv45Whjf+p+IX/sgk= mg@docker10
diff --git a/docker-compose/photoprism/docker-compose.yml.j2 b/docker-compose/photoprism/docker-compose.yml.j2
new file mode 100644
index 00000000..3a281e02
--- /dev/null
+++ b/docker-compose/photoprism/docker-compose.yml.j2
@@ -0,0 +1,92 @@
+version: '3.5'
+# ------------------------------------------------------------------
+# DOCKER COMPOSE COMMAND REFERENCE
+# ------------------------------------------------------------------
+# Start | docker-compose up -d
+# Stop | docker-compose stop
+# Update | docker-compose pull
+# Logs | docker-compose logs --tail=25 -f
+# Terminal | docker-compose exec photoprism bash
+# Help | docker-compose exec photoprism photoprism help
+# Config | docker-compose exec photoprism photoprism config
+# Reset | docker-compose exec photoprism photoprism reset
+# Backup | docker-compose exec photoprism photoprism backup -a -i
+# Restore | docker-compose exec photoprism photoprism restore -a -i
+# Index | docker-compose exec photoprism photoprism index
+# Reindex | docker-compose exec photoprism photoprism index -a
+# Import | docker-compose exec photoprism photoprism import
+# -------------------------------------------------------------------
+services:
+ photoprism:
+ # Use photoprism/photoprism:preview instead for testing preview builds:
+ image: photoprism/photoprism:latest
+ container_name: photoprism-frontend
+ restart: always
+ security_opt:
+ - seccomp:unconfined
+ - apparmor:unconfined
+ ports:
+ - 2342:2342
+ environment:
+ PHOTOPRISM_ADMIN_PASSWORD: "{{ lookup('keepass', 'photoprism_admin_password', 'password') }}"
+ PHOTOPRISM_HTTP_PORT: 2342
+ PHOTOPRISM_HTTP_COMPRESSION: "gzip" # none or gzip
+ PHOTOPRISM_DEBUG: "false"
+ PHOTOPRISM_PUBLIC: "false" # No authentication required (disables password protection)
+ PHOTOPRISM_READONLY: "true" # Don't modify originals directory (reduced functionality)
+ PHOTOPRISM_EXPERIMENTAL: "false"
+ PHOTOPRISM_DISABLE_WEBDAV: "true"
+ PHOTOPRISM_DISABLE_SETTINGS: "false"
+ PHOTOPRISM_DISABLE_TENSORFLOW: "false"
+ PHOTOPRISM_DARKTABLE_PRESETS: "false"
+ PHOTOPRISM_DETECT_NSFW: "true"
+ PHOTOPRISM_UPLOAD_NSFW: "true"
+ PHOTOPRISM_DATABASE_DRIVER: "mysql"
+ PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"
+ PHOTOPRISM_DATABASE_NAME: "photoprism"
+ PHOTOPRISM_DATABASE_USER: "photoprism"
+ PHOTOPRISM_DATABASE_PASSWORD: "{{ lookup('keepass', 'photoprism_database_password', 'password') }}"
+ PHOTOPRISM_SITE_URL: "http://docker10.grote.lan:2342/"
+ PHOTOPRISM_SITE_TITLE: "PhotoPrism"
+ PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
+ PHOTOPRISM_SITE_DESCRIPTION: ""
+ PHOTOPRISM_SITE_AUTHOR: "mgrote"
+ # You may optionally set a user / group id using environment variables if your Docker version or NAS does not
+ # support this natively (see next example):
+ # UID: 1000
+ # GID: 1000
+ # UMASK: 0000
+ # Uncomment and edit the following line to set a specific user / group id (native):
+ # user: "1000:1000"
+ volumes:
+ - "smb_bilder:/photoprism/originals/"
+ - "storage:/photoprism/storage"
+ # hier alle Bilder hinzufügen, in einem Ordner
+
+ mariadb:
+ image: mariadb:10.5
+ container_name: photoprism-db
+ restart: always
+ security_opt:
+ - seccomp:unconfined
+ - apparmor:unconfined
+ command: mysqld --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=50
+ volumes: # Don't remove permanent storage for index database files!
+ - "database:/var/lib/mysql"
+ environment:
+ MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'photoprism_mysql_root_password', 'password') }}
+ MYSQL_DATABASE: photoprism
+ MYSQL_USER: photoprism
+ MYSQL_PASSWORD: {{ lookup('keepass', 'photoprism_database_password', 'password') }}
+ labels:
+ - com.centurylinklabs.watchtower.enable="false"
+
+volumes:
+ storage:
+ database:
+ smb_bilder:
+ driver: local
+ driver_opts:
+ type: "cifs"
+ o: "user=photoprism,password={{ lookup('keepass', 'photoprism_fileserver_cifs_password', 'password') }}"
+ device: "//192.168.2.36/bilder"
diff --git a/docker-compose/tor-snowflake/docker-compose.yml.j2 b/docker-compose/tor-snowflake/docker-compose.yml.j2
new file mode 100644
index 00000000..89cc75da
--- /dev/null
+++ b/docker-compose/tor-snowflake/docker-compose.yml.j2
@@ -0,0 +1,8 @@
+---
+version: "3.8"
+services:
+ snowflake-proxy:
+ network_mode: host
+ image: thetorproject/snowflake-proxy:latest
+ container_name: tor-snowflake-proxy
+ restart: unless-stopped
diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2
new file mode 100644
index 00000000..21afd502
--- /dev/null
+++ b/docker-compose/traefik/docker-compose.yml.j2
@@ -0,0 +1,29 @@
+version: '3'
+services:
+######## traefik ########
+ traefik:
+ container_name: "traefik"
+ image: traefik:latest
+ restart: always
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - ./traefik.yml:/etc/traefik/traefik.yml
+ - ./file-provider.yml:/etc/traefik/file-provider.yml
+ - acme_data:/etc/traefik/acme
+ networks:
+ - traefik
+ ports:
+ - "80:80" # HTTP
+ - "8081:8080" # Web-GUI
+ - "443:443" # HTTPS
+ - "2222:2222" # SSH
+ environment:
+ - TZ=Europe/Berlin
+######## Networks ########
+networks:
+ traefik:
+ external: true
+
+######## Volumes ########
+volumes:
+ acme_data:
diff --git a/docker-compose/traefik/file-provider.yml b/docker-compose/traefik/file-provider.yml
new file mode 100644
index 00000000..3b8f55b8
--- /dev/null
+++ b/docker-compose/traefik/file-provider.yml
@@ -0,0 +1,44 @@
+# TCP da SSH keine Hostnamen kennt
+# alle Anfragen an diesen Port werden an Gitea weitergeleitet
+tcp:
+###### router #####
+ routers:
+ router-ssh:
+ entryPoints:
+ - entry_ssh
+ rule: HostSNI(`*`)
+ service: service_gitea_ssh
+###### services #####
+ services:
+ service_gitea_ssh:
+ loadBalancer:
+ servers:
+ - address: gitea.grote.lan:2222
+
+http:
+###### router #####
+ routers:
+ router_dokuwiki:
+ rule: "Host(`dokuwiki.mgrote.net`,`mgrote.net`,`www.mgrote.net`,`wiki.mgrote.net`)"
+ service: "service_dokuwiki"
+ entrypoints:
+ - entry_https
+ tls:
+ certresolver: resolver_letsencrypt
+ router_gitea:
+ rule: "Host(`git.mgrote.net`)"
+ service: "service_gitea"
+ entrypoints:
+ - entry_https
+ tls:
+ certresolver: resolver_letsencrypt
+###### services #####
+ services:
+ service_dokuwiki:
+ loadBalancer:
+ servers:
+ - url: "http://dokuwiki2.grote.lan/"
+ service_gitea:
+ loadBalancer:
+ servers:
+ - url: "http://gitea.grote.lan:3000/"
diff --git a/docker-compose/traefik/traefik.yml b/docker-compose/traefik/traefik.yml
new file mode 100644
index 00000000..1c61a6e2
--- /dev/null
+++ b/docker-compose/traefik/traefik.yml
@@ -0,0 +1,38 @@
+providers:
+ docker:
+ endpoint: "unix:///var/run/docker.sock"
+ exposedByDefault: false
+ network: traefik
+ file:
+ filename: /etc/traefik/file-provider.yml # Datei für alte/externe Services
+
+entryPoints:
+ entry_http:
+ address: :80
+ http: #Umleitung http zu https
+ redirections:
+ entryPoint:
+ to: entry_https
+ scheme: https
+ permanent: true
+ entry_https:
+ address: :443
+ entry_ssh:
+ address: :2222 # wenn hier zusätzliche Ports eingetragen werden, müssen diese auch in der docker-compose.yml als Ports gemappt werden
+
+#letsencrypt
+certificatesResolvers:
+ resolver_letsencrypt:
+ acme:
+ email: "michael.grote@posteo.de"
+ storage: "/etc/traefik/acme/acme.json"
+# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+ # zum Testen, da Staging kein Rate-Limiting einsetzt
+ tlsChallenge: true
+
+log:
+ level: INFO
+
+api:
+ insecure: true
+ dashboard: true #unter Port 8081 erreichbar
diff --git a/docker-compose/unifi-controller/docker-compose.yml.j2 b/docker-compose/unifi-controller/docker-compose.yml.j2
new file mode 100644
index 00000000..e53b0a21
--- /dev/null
+++ b/docker-compose/unifi-controller/docker-compose.yml.j2
@@ -0,0 +1,29 @@
+---
+version: "2.1"
+services:
+ unifi-controller:
+ image: ghcr.io/linuxserver/unifi-controller
+ container_name: unifi-controller
+ environment:
+ - PUID=1000
+ - PGID=1000
+ - MEM_LIMIT=1024M #optional
+ - MEM_STARTUP=1024M #optional
+ volumes:
+ - data:/config
+ ports:
+ - 3478:3478/udp #Unifi STUN port
+ - 10001:10001/udp #Required for AP discovery
+ - 8080:8080 #Required for device communication
+ - 8443:8443 #Unifi web admin port
+ - 1900:1900/udp #optional, Required for Make controller discoverable on L2 network option
+ - 8843:8843 #optional, Unifi guest portal HTTPS redirect port
+ - 8880:8880 #optional, Unifi guest portal HTTP redirect port
+ - 6789:6789 #optional, For mobile throughput test
+ - 5514:5514/udp #optional
+ restart: always
+ labels:
+ - com.centurylinklabs.watchtower.enable="false"
+######## Volumes ########
+volumes:
+ data:
diff --git a/group_vars/all.yml b/group_vars/all.yml
index a3fafea4..511816f4 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -185,7 +185,7 @@
- nano
- ubuntu-advantage-tools
apt_packages_internet:
- - http://docker7.grote.lan:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb
+ - http://docker10.grote.lan:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb
diff --git a/group_vars/dnsmasq.yml b/group_vars/dnsmasq.yml
index 68d2a304..895a94a3 100644
--- a/group_vars/dnsmasq.yml
+++ b/group_vars/dnsmasq.yml
@@ -23,7 +23,7 @@
### mgrote.apt_manage_packages
# hier mit IP statt Hostnamen da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann
apt_packages_internet:
- - http://192.168.2.50:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb
+ - http://192.168.2.43:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb
### mgrote.munin-node
munin_node_plugins:
- name: timesync
diff --git a/host_vars/docker7.grote.lan.yml b/host_vars/docker10.grote.lan.yml
similarity index 62%
rename from host_vars/docker7.grote.lan.yml
rename to host_vars/docker10.grote.lan.yml
index 64252a9c..594aaf9d 100644
--- a/host_vars/docker7.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@@ -1,10 +1,4 @@
---
- ### mgrote.restic
- restic_folders_to_backup: "/ /var/lib/docker /var/lib/docker2" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
- #### mgrote.set_permissions
- dir_permissions:
- - path: /var/lib/docker2/httpd-registry
- mode: '0777'
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_docker
@@ -12,7 +6,7 @@
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
create: true
lvnames:
- - lvname: lv_docker
+ - lvname: docker
size: +100%FREE
create: true
filesystem: xfs
@@ -23,124 +17,68 @@
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
create: true
lvnames:
- - lvname: lv_docker2
- size: +100%FREE
+ - lvname: httpd
+ size: 1G
create: true
filesystem: xfs
mount: true
- mntp: /var/lib/docker2/httpd-registry
+ mntp: /mnt/httpd
manage_lvm: true
pvresize_to_max: true
- ### mgrote.apt_manage_packages
- apt_packages_extra:
- - libwww-curl-perl # für munin-plugin: unifi
- - libjson-perl # für munin-plugin: unifi
- - sshpass # fur munin mt_system_*
- ### mgrote.docker-compose-deploy
- docker_compose_projects:
- - name: watchtower
- dir_name: docker-watchtower
- repository_url: git.mgrote.net/mg/docker-watchtower
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: ansible-ara
- dir_name: docker-ansible-ara
- repository_url: git.mgrote.net/mg/docker-ansible-ara
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: homer
- dir_name: docker-homer
- repository_url: git.mgrote.net/mg/docker-homer
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: photoprism
- dir_name: docker-photoprism
- repository_url: git.mgrote.net/mg/docker-photoprism
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: miniflux
- dir_name: docker-miniflux
- repository_url: git.mgrote.net/mg/docker-miniflux
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: traefik
- dir_name: docker-traefik
- repository_url: git.mgrote.net/mg/docker-traefik
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- network_name: nw_proxy_traefik
- - name: munin-master
- dir_name: docker-munin-master
- repository_url: git.mgrote.net/mg/docker-munin-master_production
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: oxidized
- dir_name: docker-oxidized
- repository_url: git.mgrote.net/mg/docker-oxidized
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: librenms
- dir_name: docker-librenms
- repository_url: git.mgrote.net/mg/docker-librenms
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: unifi-controller
- dir_name: docker-unifi-controller
- repository_url: git.mgrote.net/mg/docker-unifi-controller
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: navidrome-mg
- dir_name: docker-navidrome-mg
- repository_url: git.mgrote.net/mg/docker-navidrome-mg
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: hastebin
- dir_name: docker-hastebin
- repository_url: git.mgrote.net/mg/docker-hastebin
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: tor-snowflake
- dir_name: tor-snowflake
- repository_url: git.mgrote.net/Docker-Compose/tor-snowflake
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: apache-registry # fur diesen container ist das lv: lv_docker2 nach /var/lib/docker2/httpd-registry gemountet; dieser Pfad steht in der docker-compose.yml als Volume drin; dieser Ordner hat die Rechte 0777 damit jeder per SSH reinschrieben kann; ist fur drone.io eingerichtet; siehe $dir_permissions
- dir_name: docker-apache-registry
- repository_url: git.mgrote.net/Docker-Compose/apache-registry
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- git_branch: main
+ ### mgrote.restic
+ restic_folders_to_backup: "/ /var/lib/docker /mnt/httpd" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
+ # die vars noch in rolle übertragen mit beispiel
+
+ ### mgrote.docker-compose-inline
+ compose_owner: "docker-user"
+ compose_group: "docker-user"
+ compose_file_permissions: "644"
+ compose_dir_permissions: "755"
+ compose_dest_basedir: "/docker"
+ compose_src_basedir: "{{ inventory_dir }}/docker-compose"
+ compose_files:
+ - name: hastebin
+ state: present
+ - name: ara
+ state: present
+ - name: oxidized
+ state: present
+ - name: homer
+ state: present
+ - name: munin
+ state: present
+ - name: drone
+ state: present
+ - name: nextcloud
+ state: present
+ network: traefik
+ - name: tor-snowflake
+ state: present
+ - name: photoprism
+ state: present
+ - name: librenms
+ state: present
+ - name: httpd # das Volume hat die Rechte 0777 damit jeder per SSH reinschreiben kann; ist fur drone.io eingerichtet; siehe $dir_permissions
+ state: present
+ - name: unifi-controller
+ state: present
+ - name: miniflux
+ state: present
+ network: traefik
+ - name: traefik
+ state: present
+ network: traefik
+ - name: navidrome
+ state: present
+ network: traefik
+
+ #### mgrote.set_permissions
+ dir_permissions:
+ - path: /mnt/httpd
+ mode: '0777'
### oefenweb.ufw
- ufw_rules: # ist extra weil bei munin kein subnet angegeben ist
+ ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
@@ -151,11 +89,14 @@
protocol: tcp
comment: 'munin'
from_ip: 0.0.0.0/0
+ # docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
- rule: allow
- to_port: 443
- protocol: tcp
- comment: 'mf-filter' # da mgrote.net auf tarefik umgelietet wird funktioniert sonst mf-filter nicht, daher hier explizit Port 443 freigegeben
- from_ip: 0.0.0.0/0
+ from_ip: 192.168.0.0/16
+ comment: 'docker networks'
+ - rule: allow
+ from_ip: 172.0.0.0/8
+ comment: 'docker networks'
+
### geerlingguy.pip
pip_package: python3-pip
pip_install_packages:
@@ -163,6 +104,13 @@
- name: fritzconnection # für munin fritzbox*
- name: lxml # für munin fritzbox*
- name: requests # für munin fritzbox*
+
+ ### mgrote.apt_manage_packages
+ apt_packages_extra:
+ - libwww-curl-perl # für munin-plugin: unifi
+ - libjson-perl # für munin-plugin: unifi
+ - sshpass # fur munin mt_system_*
+
### mgrote.munin-node
munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
munin_node_plugins:
@@ -205,7 +153,7 @@
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: |
[http_response]
- env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 http://docker7.grote.lan:2342 https://audio.mgrote.net/mg http://docker7.grote.lan:3344
+ env.sites http://docker10.grote.lan:7777 http://docker10.grote.lan:2233 http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 http://docker10.grote.lan:2342/
env.max_time 20
env.short_label true
env.follow_redirect true
@@ -215,7 +163,7 @@
[mt_system_crs309]
user root
env.ssh_user munin
- env.ssh_password {{ lookup('keepass', 'crs309_munin_user', 'password') }}
+ env.ssh_password {{ lookup('keepass', 'munin_user_crs309', 'password') }}
env.ssh_host 192.168.2.224
- name: mt_system_hex
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@@ -223,7 +171,7 @@
[mt_system_hex]
user root
env.ssh_user munin
- env.ssh_password {{ lookup('keepass', 'hex_munin_user', 'password') }}
+ env.ssh_password {{ lookup('keepass', 'munin_user_hex', 'password') }}
env.ssh_host 192.168.3.144
- name: mt_system_crs305
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@@ -231,7 +179,7 @@
[mt_system_crs305]
user root
env.ssh_user munin
- env.ssh_password {{ lookup('keepass', 'crs305_munin_user', 'password') }}
+ env.ssh_password {{ lookup('keepass', 'munin_user_crs305', 'password') }}
env.ssh_host 192.168.2.225
- name: mt_system_rb5009
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@@ -239,7 +187,7 @@
[mt_system_rb5009]
user root
env.ssh_user munin
- env.ssh_password {{ lookup('keepass', 'rb5009_munin_user', 'password') }}
+ env.ssh_password {{ lookup('keepass', 'munin_user_rb5009', 'password') }}
env.ssh_host 192.168.2.1
- name: unifi
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi
@@ -249,9 +197,9 @@
# point to a read-only account.
env.user munin
# Password to login to unifi controller API. Default is "ubnt"
- env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }}
+ env.pass {{ lookup('keepass', 'munin_user_unifi', 'password') }}
# URL of the API, with port if needed. No trailing slash.
- env.api_url https://docker7.grote.lan:8443
+ env.api_url https://docker10.grote.lan:8443
# Verify SSL certificate name against host.
# Note: if using a default cloudkey certificate, this will fail unless you manually add it
# to the local keystore.
@@ -323,5 +271,13 @@
[fritzbox_*]
env.fritzbox_ip 192.168.5.1
env.fritzbox_username munin
- env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }}
+ env.fritzbox_password {{ lookup('keepass', 'munin_user_fritzbox', 'password') }}
env.traffic_remove_max true # if you do not want the possible max values
+ - name: nextcloud_nextcloud.mgrote.net
+ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
+ config: |
+ [nextcloud_nextcloud.mgrote.net]
+ env.username munin
+ env.password {{ lookup('keepass', 'munin_user_nextcloud', 'password') }}
+ env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
+ env.scheme https
diff --git a/host_vars/docker8.grote.lan.yml b/host_vars/docker8.grote.lan.yml
deleted file mode 100644
index 1c90044c..00000000
--- a/host_vars/docker8.grote.lan.yml
+++ /dev/null
@@ -1,120 +0,0 @@
----
- ### mrlesmithjr.ansible-manage-lvm
- lvm_groups:
- - vgname: vg_nextcloud
- disks:
- - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
- create: true
- lvnames:
- - lvname: lv_nextcloud
- size: +100%FREE
- create: true
- filesystem: xfs
- mount: true
- mntp: /mnt/nextcloud
- - vgname: vg_docker
- disks:
- - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
- create: true
- lvnames:
- - lvname: lv_docker
- size: +100%FREE
- create: true
- filesystem: xfs
- mount: true
- mntp: /var/lib/docker
- manage_lvm: true
- pvresize_to_max: true
- ### mgrote.restic
- restic_folders_to_backup: "/ /mnt/nextcloud /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
- restic_schedule: "0/2:00" # alle 2 Stunden
- restic_exclude: |
- ._*
- .Trash-*
- # https://github.com/restic/restic/issues/1005
- # https://forum.restic.net/t/exclude-syntax-confusion/1531/12
- ### mgrote.munin-node
- munin_node_plugins:
- - name: timesync
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- - name: systemd_status
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- - name: systemd_mem
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
- config: |
- [systemd_mem]
- env.all_services true
- - name: lvm_
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
- config: |
- [lvm_*]
- user root
- - name: fail2ban
- src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
- config: |
- [fail2ban]
- env.client /usr/bin/fail2ban-client
- env.config_dir /etc/fail2ban
- user root
- - name: nextcloud_nextcloud.mgrote.net
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
- config: |
- [nextcloud_nextcloud.mgrote.net]
- env.username munin
- env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }}
- env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
- env.scheme https
- - name: http_response
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
- config: |
- [http_response]
- env.sites https://nextcloud.mgrote.net
- env.max_time 20
- env.short_label true
- env.follow_redirect true
- - name: timesync
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- - name: systemd_status
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- - name: lvm_
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
- config: |
- [lvm_*]
- user root
- - name: fail2ban
- src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
- config: |
- [fail2ban]
- env.client /usr/bin/fail2ban-client
- env.config_dir /etc/fail2ban
- user root
- - name: docker_containers
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- config: |
- [docker_*]
- user root
- env.DOCKER_HOST unix://run/docker.sock
- - name: docker_cpu
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- - name: docker_memory
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- - name: docker_network
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- - name: docker_volumes
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- ### mgrote.docker-compose-deploy
- docker_compose_projects:
- - name: nextcloud
- dir_name: docker-nextcloud
- repository_url: git.mgrote.net/mg/docker-nextcloud
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: watchtower
- dir_name: docker-watchtower
- repository_url: git.mgrote.net/mg/docker-watchtower
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
diff --git a/host_vars/docker9.grote.lan.yml b/host_vars/docker9.grote.lan.yml
deleted file mode 100644
index eaa0ec48..00000000
--- a/host_vars/docker9.grote.lan.yml
+++ /dev/null
@@ -1,121 +0,0 @@
----
- ### mrlesmithjr.ansible-manage-lvm
- lvm_groups:
- - vgname: vg_drone
- disks:
- - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
- create: true
- lvnames:
- - lvname: lv_drone
- size: +100%FREE
- create: true
- filesystem: xfs
- mount: true
- mntp: /drone
- - vgname: vg_docker
- disks:
- - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
- create: true
- lvnames:
- - lvname: lv_docker
- size: +100%FREE
- create: true
- filesystem: xfs
- mount: true
- mntp: /var/lib/docker
- manage_lvm: true
- pvresize_to_max: true
- ### mgrote.restic
- restic_folders_to_backup: "/ /drone /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
- restic_schedule: "0/6:00"
- restic_exclude: |
- ._*
- .Trash-*
- # https://github.com/restic/restic/issues/1005
- # https://forum.restic.net/t/exclude-syntax-confusion/1531/12
- ### mgrote.munin-node
- munin_node_plugins:
- - name: timesync
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- - name: systemd_status
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- - name: systemd_mem
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
- config: |
- [systemd_mem]
- env.all_services true
- - name: lvm_
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
- config: |
- [lvm_*]
- user root
- - name: fail2ban
- src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
- config: |
- [fail2ban]
- env.client /usr/bin/fail2ban-client
- env.config_dir /etc/fail2ban
- user root
- - name: http_response
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
- config: |
- [http_response]
- env.sites http://docker9.grote.lan
- env.max_time 20
- env.short_label true
- env.follow_redirect true
- - name: timesync
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- - name: systemd_status
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- - name: lvm_
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
- config: |
- [lvm_*]
- user root
- - name: fail2ban
- src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
- config: |
- [fail2ban]
- env.client /usr/bin/fail2ban-client
- env.config_dir /etc/fail2ban
- user root
- - name: docker_containers
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- config: |
- [docker_*]
- user root
- env.DOCKER_HOST unix://run/docker.sock
- - name: docker_cpu
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- - name: docker_memory
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- - name: docker_network
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- - name: docker_volumes
- src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- ### mgrote.docker-compose-deploy
- docker_compose_projects:
- - name: watchtower
- dir_name: docker-watchtower
- repository_url: git.mgrote.net/mg/docker-watchtower
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- - name: drone-server
- dir_name: docker-drone-server
- repository_url: git.mgrote.net/mg/docker-drone-server
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- network_name: nw_drone
- - name: drone-runnner
- dir_name: docker-drone-runnner
- repository_url: git.mgrote.net/mg/docker-drone-runner
- state: present
- os_username: docker-user
- repository_user: mg
- repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- network_name: nw_drone
diff --git a/inventory b/inventory
index a7349d82..cfa07929 100644
--- a/inventory
+++ b/inventory
@@ -22,10 +22,8 @@ all:
ansible-test.grote.lan:
docker:
hosts:
- docker7.grote.lan:
+ docker10.grote.lan:
docker7-test.grote.lan:
- docker8.grote.lan:
- docker9.grote.lan:
vmtest:
hosts:
vm-test2.grote.lan:
@@ -58,9 +56,7 @@ all:
pve2.grote.lan:
gitea.grote.lan:
dnsmasq.grote.lan:
- docker7.grote.lan:
- docker8.grote.lan:
- docker9.grote.lan:
+ docker10.grote.lan:
test:
hosts:
dokuwiki-test.grote.lan:
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index 82bc9c42..75064fef 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ
diff --git a/playbooks/3_service/docker.yml b/playbooks/3_service/docker.yml
index 85a72e05..c7d5a93f 100644
--- a/playbooks/3_service/docker.yml
+++ b/playbooks/3_service/docker.yml
@@ -5,4 +5,4 @@
- { role: geerlingguy.docker, tags: "docker", become: true }
- { role: gantsign.ctop, tags: "ctop", become: true }
- { role: mgrote.set_permissions, tags: "perm", become: true }
- - { role: mgrote.docker-compose-deploy, tags: "compose", become: true }
+ - { role: mgrote.docker-compose-inline, tags: "compose", become: true }
diff --git a/roles/mgrote.alacritty/defaults/main.yml b/roles/mgrote.alacritty/defaults/main.yml
index a8034351..d489a06c 100644
--- a/roles/mgrote.alacritty/defaults/main.yml
+++ b/roles/mgrote.alacritty/defaults/main.yml
@@ -1,2 +1,2 @@
---
- alacritty_url: http://docker7.grote.lan:3344/alacritty/alacritty-latest.tar.gz
+ alacritty_url: http://docker10.grote.lan:3344/alacritty/alacritty-latest.tar.gz
diff --git a/roles/mgrote.docker-compose-inline/LICENSE b/roles/mgrote.docker-compose-inline/LICENSE
new file mode 100644
index 00000000..e72bfdda
--- /dev/null
+++ b/roles/mgrote.docker-compose-inline/LICENSE
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ Copyright (C)
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
\ No newline at end of file
diff --git a/roles/mgrote.docker-compose-inline/README.md b/roles/mgrote.docker-compose-inline/README.md
new file mode 100644
index 00000000..c3491d9f
--- /dev/null
+++ b/roles/mgrote.docker-compose-inline/README.md
@@ -0,0 +1,27 @@
+# mgrote.docker-compose-inline
+
+### Beschreibung
+
+Diese Rolle templated docker-compose-Ordner auf die Zielmaschine und startet dort die Container.
+
+### getestet auf
+
+- [X] Ubuntu (>=20.04)
+
+### Variablen + Defaults
+
+siehe [defaults](./defaults/main.yml)
+
+### Nutzung: Abbau Container
+
+1. setze `state: absent`
+1. lösche Ordner in `compose_src_basedir`
+2. Rolle ausführen
+
+
+### Nutzung: Hinzufügen Container
+
+1. ersteller Ordner in `compose_src_basedir`
+1. alle Dateien die templated werden sollen + IMMER `docker-compose.yml` mit der Dateiendung `.j2` versehen
+1. Secrets: in `*.j2`-Dateien mit `{{ lookup('keepass', '', 'password') }}
+` einbauen
diff --git a/roles/mgrote.docker-compose-inline/defaults/main.yml b/roles/mgrote.docker-compose-inline/defaults/main.yml
new file mode 100644
index 00000000..8d9cb9e5
--- /dev/null
+++ b/roles/mgrote.docker-compose-inline/defaults/main.yml
@@ -0,0 +1,18 @@
+---
+ # owner and group of all files and directories
+ compose_owner: "docker-user"
+ compose_group: "docker-user"
+ # default permissions for all files and directories
+ compose_file_permissions: "644"
+ compose_dir_permissions: "755"
+ # where to store the compose-files on the destination system
+ compose_dest_basedir: "/docker" # without trailing "/"
+ # where are the docker-compose-files located on the ansible controller
+ compose_src_basedir: "{{ inventory_dir }}/docker-compose" # without trailing "/"
+ # dict of compose-files to deploy
+ #compose_files:
+ # - name: hastebin # used for directory name; starting & stopping
+ # state: present
+ # #network: test_nw # external network (optional)
+ # - name: ara
+ # state: present
diff --git a/roles/mgrote.docker-compose-inline/tasks/main.yml b/roles/mgrote.docker-compose-inline/tasks/main.yml
new file mode 100644
index 00000000..9dfda2aa
--- /dev/null
+++ b/roles/mgrote.docker-compose-inline/tasks/main.yml
@@ -0,0 +1,97 @@
+---
+ - name: ensure basedir exists
+ become: true
+ ansible.builtin.file:
+ path: "{{ compose_dest_basedir }}"
+ state: directory
+ mode: "{{ compose_dir_permissions }}"
+ owner: "{{ compose_owner }}"
+ group: "{{ compose_group }}"
+
+# https://codeutility.org/ansible-can-the-templates-module-handle-multiple-templates-directories-stack-overflow/
+ - name: copy all directories recursively
+ ansible.builtin.file:
+ dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '') }}"
+ state: directory
+ mode: "{{ compose_dir_permissions }}"
+ owner: "{{ compose_owner }}"
+ group: "{{ compose_group }}"
+ with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type d').split('\n') }}"
+
+ - name: copy all files recursively (can take a long time)
+ ansible.builtin.copy:
+ mode: "{{ compose_file_permissions }}"
+ owner: "{{ compose_owner }}"
+ group: "{{ compose_group }}"
+ src: "{{ item }}"
+ dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '') }}"
+ with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}"
+ no_log: true
+
+ - name: copy templates files recursively
+ ansible.builtin.template:
+ mode: "{{ compose_file_permissions }}"
+ owner: "{{ compose_owner }}"
+ group: "{{ compose_group }}"
+ src: "{{ item }}"
+ dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '')|replace('.j2', '') }}"
+ with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
+ register: copy_template
+ no_log: true
+
+# - name: print $copy_template
+# ansible.builtin.debug:
+# var: copy_template
+
+ - name: create networks
+ become: true
+ ansible.builtin.shell: "docker network create {{ item.network }}" # erstelle network
+ register: network_result # speichere ergebnis in var
+ changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
+ ignore_errors: yes # ignoriere fehler
+ loop: "{{ compose_files }}"
+ when:
+ - item.state == "present"
+ - item.network is defined
+
+ - name: (re)start container
+ become: true
+ ansible.builtin.shell: docker-compose up -d
+ args:
+ chdir: "{{ compose_dest_basedir }}/{{ item.name }}"
+ register: start_result # speichere ergebnis in var
+ changed_when: "start_result.rc == 0" # markiere tasks als changed when exit-code == 0
+ loop: "{{ compose_files }}"
+ when:
+ - item.state == "present"
+ - copy_template is changed
+
+ - name: stop old container
+ become: true
+ ansible.builtin.shell: docker-compose down
+ args:
+ chdir: "{{ compose_dest_basedir }}/{{ item.name }}"
+ loop: "{{ compose_files }}"
+ when:
+ - item.state == "absent"
+ ignore_errors: yes # ignoriere fehler
+
+ - name: remove old networks
+ become: true
+ ansible.builtin.shell: "docker network remove {{ item.network }}" # erstelle network
+ register: network_result # speichere ergebnis in var
+ changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
+ ignore_errors: yes # ignoriere fehler
+ loop: "{{ compose_files }}"
+ when:
+ - item.state == "absent"
+ - item.network is defined
+
+ - name: remove old docker-compose files & directories
+ become: true
+ ansible.builtin.file:
+ path: "{{ compose_dest_basedir }}/{{ item.name }}/"
+ state: absent
+ loop: "{{ compose_files }}"
+ when:
+ - item.state == "absent"