Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407)

Reviewed-on: mg/ansible#407
This commit is contained in:
Michael Grote 2022-08-25 22:22:11 +02:00
parent 893b4a840d
commit c1dd9daef6
98 changed files with 3738 additions and 383 deletions

View file

@ -1,6 +1,6 @@
# ansible_heimserver
[![Build Status](http://docker9.grote.lan/api/badges/mg/ansible/status.svg)](http://docker9.grote.lan/mg/ansible)
[![Build Status](http://docker10.grote.lan/api/badges/mg/ansible/status.svg)](http://docker10.grote.lan/mg/ansible)
## example-cli
`ansible-playbook playbooks/base/0_master.yml -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan`

View file

@ -34,4 +34,4 @@ always = true
[ara]
api_client = http
api_server = http://docker7.grote.lan:2233
api_server = http://docker10.grote.lan:2233

View file

@ -0,0 +1,15 @@
version: '3.3'
services:
ara:
container_name: ara
ports:
- '2233:8000'
image: 'quay.io/recordsansible/ara-api:latest'
volumes:
- store:/opt/ara:z
environment:
- ARA_ALLOWED_HOSTS=['docker10.grote.lan']
restart: always
######## Volumes ########
volumes:
store:

View file

@ -0,0 +1,50 @@
version: '3.3'
services:
# server
drone:
volumes:
- 'data:/data'
environment:
- 'DRONE_GITEA_SERVER=https://git.mgrote.net'
- DRONE_GITEA_CLIENT_ID=f8f0db2a-0089-4e23-9f5a-a5e52f20d765
- DRONE_GITEA_CLIENT_SECRET={{ lookup('keepass', 'drone_gitea_client_secret', 'password') }}
- DRONE_RPC_SECRET={{ lookup('keepass', 'drone_rpc_secret', 'password') }}
- DRONE_SERVER_HOST=docker10.grote.lan:81
- DRONE_SERVER_PROTO=http
- DRONE_USER_CREATE=username:mg,admin:true # Gitea-Nutzer "mg" als Admin
#- DRONE_LOGS_DEBUG=true
ports:
- '81:80'
- '444:443'
restart: always
container_name: drone-server
image: 'drone/drone:latest'
networks:
- intern
# runner
drone-runner-docker:
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
environment:
- DRONE_RPC_PROTO=http
# container-name des servers
- DRONE_RPC_HOST=drone-server
- DRONE_RPC_SECRET={{ lookup('keepass', 'drone_rpc_secret', 'password') }}
- DRONE_RUNNER_CAPACITY=4
- DRONE_RUNNER_NAME=drone-runner
ports:
- '3000:3000'
restart: always
container_name: drone-runner
image: 'drone/drone-runner-docker:latest'
networks:
- intern
######## Volumes ########
volumes:
data:
######## Networks ########
networks:
intern: # hier kommunizieren Runner + Server

View file

@ -0,0 +1,36 @@
version: '3'
services:
######## hastebin ########
hastebin:
container_name: "hastebin-frontend"
image: quotengrote/hastebin
restart: always
depends_on:
- redis
environment:
- TZ=Europe/Berlin
- STORAGE_TYPE=redis
- STORAGE_HOST=redis
networks:
- int
ports:
- 7777:7777
######## redis ########
redis:
container_name: "hastebin-redis"
image: redis
restart: always
volumes:
- redis:/data
networks:
- int
environment:
- TZ=Europe/Berlin
######## Volumes ########
volumes:
redis:
######## Networks ########
networks:
int: # das Prefix "hastebin_" wird automatisch gesetzt; gilt auch für Volumes
driver: bridge

View file

@ -0,0 +1,246 @@
---
# https://github.com/bastienwirtz/homer/blob/main/docs/configuration.md
title: "Homer"
logo: "assets/icons/homer.png"
header: false
footer: false
columns: "4"
theme: default
colors:
light:
highlight-primary: "#3367d6"
highlight-secondary: "#4285f4"
highlight-hover: "#5a95f5"
background: "#f5f5f5"
card-background: "#ffffff"
text: "#363636"
text-header: "#ffffff"
text-title: "#303030"
text-subtitle: "#424242"
card-shadow: rgba(0, 0, 0, 0.1)
link-hover: "#363636"
dark:
highlight-primary: "#3367d6"
highlight-secondary: "#4285f4"
highlight-hover: "#5a95f5"
background: "#131313"
card-background: "#2b2b2b"
text: "#eaeaea"
text-header: "#ffffff"
text-title: "#fafafa"
text-subtitle: "#f5f5f5"
card-shadow: rgba(0, 0, 0, 0.4)
link-hover: "#ffdd57"
links:
- name: "Homepage"
icon: "fas fa-heartbeat"
url: "http://docker10.grote.lan:333"
- name: "Management"
icon: "fas fa-code-branch"
url: "#mgmt"
- name: "Extern"
icon: "fas fa-file-alt"
url: "#papa"
- name: "Test"
icon: "fas fa-globe"
url: "#test"
# wetter
# https://github.com/bastienwirtz/homer/pull/181
services:
- name: "Wetter"
icon: "fas fa-cloud"
items:
- name: "Weather"
location: "Burg" # your location.
locationId: "2941501" # OpenWeatherMap city ID.
apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://openweathermap.org/api.
units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin.
background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none.
type: "OpenWeather"
- name: "Weather"
location: "Magdeburg"
locationId: "2874545"
apiKey: "c1ec4c040abfa80b991c72d48b49d4a0"
units: "metric"
background: "none"
type: "OpenWeather"
- name: "Help"
icon: "fas fa-cloud"
items:
- name: "Crontab Guru"
logo: "assets/icons/healthchecks.png"
url: "https://crontab.guru"
target: "_blank"
- name: "Epoch Converter"
logo: "assets/icons/epochconverter.png"
url: "https://www.epochconverter.com"
target: "_blank"
- name: "fstab Generator"
logo: "assets/icons/sabnzbd.png"
url: "https://epistel.no/fstab/"
target: "_blank"
- name: "chmod Calculator"
logo: "assets/icons/redis.png"
url: "https://chmod-calculator.com"
target: "_blank"
- name: "composerizer"
logo: "assets/icons/docker.png"
url: "https://www.composerize.com"
target: "_blank"
subtitle: "docker-run to docker-compose"
- name: "Umrechner Bytes"
logo: "assets/icons/bytes.png"
url: "https://www.fischerclan.de/byte_umrechner.html"
target: "_blank"
- name: "git revert..."
logo: "assets/icons/netatmo.png"
url: "https://sethrobertson.github.io/GitFixUm/fixup.html"
target: "_blank"
- name: "Dienste"
icon: "fas fa-cloud"
items:
- name: "gitea"
logo: "assets/icons/gitea.png"
url: "https://git.mgrote.net"
target: "_blank"
subtitle: "git"
- name: "Miniflux"
logo: "assets/icons/miniflux.png"
url: "https://miniflux.mgrote.net/unread"
target: "_blank"
subtitle: "RSS"
- name: "Nextcloud"
logo: "assets/icons/nextcloud.png"
url: "https://nextcloud.mgrote.net"
target: "_blank"
subtitle: "Cloud"
- name: "DokuWiki"
logo: "assets/icons/dokuwiki.png"
url: "http://dokuwiki2.grote.lan"
target: "_blank"
subtitle: "Wiki"
- name: "RSS-Bridge"
logo: "assets/icons/rssb.png"
url: "http://docker10.grote.lan:3001"
target: "_blank"
subtitle: "Facebook/Instagram-to-rss"
- name: "Navidrome - mg"
logo: "assets/icons/navidrome.png"
url: "https://audio.mgrote.net/mg"
target: "_blank"
subtitle: "Audio-Streaming"
- name: "changedetection.io"
logo: "assets/icons/changedetection.png"
url: "http://docker10.grote.lan:5000"
target: "_blank"
subtitle: "Website2rss"
- name: "Photoprism"
logo: "assets/icons/photoprism.svg"
url: "http://docker10.grote.lan:2342"
target: "_blank"
subtitle: "Bildersammlung"
- name: "hastebin"
logo: "assets/icons/hastebin.png"
url: "http://docker10.grote.lan:7777"
target: "_blank"
subtitle: "pastebin"
- name: "Web"
icon: "fas fa-cloud"
items:
- name: "Todoist"
logo: "assets/icons/todoist.png"
url: "https://todoist.com/app/#project%2F2231794668"
target: "_blank"
- name: "WhatsApp"
logo: "assets/icons/whatsapp.png"
url: "https://web.whatsapp.com"
target: "_blank"
- name: "GitHub"
logo: "assets/icons/github.png"
url: "https://github.com/quotengrote"
target: "_blank"
- name: "Monkeytype"
logo: "assets/icons/monkeytype.png"
target: "_blank"
url: "https://monkeytype.com"
- name: "Posteo"
logo: "assets/icons/posteo.png"
url: "https://posteo.de/webmail/?_task=mail&_refresh=1&_mbox=INBOX"
target: "_blank"
- name: "Wikipedia"
logo: "assets/icons/wikipedia.png"
url: "https://de.wikipedia.org/wiki/Benutzer:Quotengrote"
target: "_blank"
- name: "Docker Hub"
logo: "assets/icons/docker.png"
url: "https://hub.docker.com/r/quotengrote"
target: "_blank"
- name: "Diabetes"
icon: "fas fa-cloud"
items:
- name: "LibreView"
logo: "assets/icons/freestyle.png"
url: "https://www.libreview.com/glucosereports"
target: "_blank"
- name: "DexCom Clarity"
logo: "assets/icons/dexcom.png"
url: "https://clarity.dexcom.eu/#/overview"
target: "_blank"
- name: "glooko"
logo: "assets/icons/glooko.png"
url: "https://de-fr.my.glooko.com"
target: "_blank"
- name: "Spiele"
icon: "fas fa-cloud"
items:
- name: "Gravity Simulator"
logo: "assets/icons/freshrss.png"
url: "https://testtubegames.com/gravity.html"
target: "_blank"
- name: "Finanzen"
icon: "fas fa-cloud"
items:
- name: "ING Diba"
logo: "assets/icons/ing.png"
url: "https://www.ing.de"
target: "_blank"
- name: "Leaseplanbank"
logo: "assets/icons/leaseplan.webp"
url: "https://sparen.leaseplanbank.de"
target: "_blank"
- name: "Dataport"
icon: "fas fa-cloud"
items:
- name: "Outlook"
logo: "assets/icons/dataport.png"
url: "https://webmail.ondataport.de"
target: "_blank"
subtitle: "Webmail"

Binary file not shown.

After

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 71 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 80 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 75 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 17 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 228 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 85 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

View file

@ -0,0 +1,320 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 15.0.1, SVG Export Plug-In -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/">
]>
<svg version="1.1"
xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
x="0px" y="0px" width="270px" height="270px" viewBox="-16.2 -42 270 270"
overflow="visible" enable-background="new -16.2 -42 270 270" xml:space="preserve">
<defs>
</defs>
<path d="M193.8,103l9.5-17.2c-7.2-7.5-19.1-19.2-39.1-37.7c-46.6-43.2-49.4-43-50.5-43c-1.2,0-3.4-0.8-49.8,42.9
C11.7,97.1,13.5,98.8,13.5,98.8s-1.6,2.7,50.9,51.2c47.1,43.6,48,42.4,49.3,42.4c1.3,0,4.1,0.7,50.6-43
c25.1-23.6,37.6-36.2,43.7-42.9L193.8,103"/>
<path d="M193.8,103l0.5,0.2l9.6-17.5l-0.3-0.3c-7.2-7.5-19.1-19.2-39.1-37.7c-23.1-21.4-35.4-32.1-42.1-37.5
c-3.4-2.7-5.3-4.1-6.5-4.8c-0.6-0.4-1-0.5-1.4-0.7c-0.3-0.1-0.6-0.1-0.8-0.1h0l-0.1,0c-0.2,0-0.5,0-0.8,0.1
c-1.2,0.4-3.7,1.9-10.8,7.9c-7.1,6-18.8,16.5-38.4,35c-24.4,23-37,35.6-43.5,42.5c-3.2,3.4-5,5.5-5.9,6.7c-0.5,0.6-0.7,1-0.9,1.3
c-0.2,0.3-0.2,0.4-0.2,0.6c0,0.1,0,0.3,0.2,0.4l0.4-0.4L13,98.5c-0.1,0.1-0.1,0.2-0.1,0.3c0,0.2,0.1,0.4,0.2,0.7
c0.5,1,2.4,3.7,9.6,11.2c7.2,7.5,19.6,19.7,41.3,39.7c22.3,20.6,34.3,31.2,40.8,36.7c3.3,2.7,5.2,4.2,6.4,4.9c0.6,0.4,1,0.6,1.4,0.7
c0.3,0.1,0.6,0.2,0.8,0.2c0.1,0,0.2,0,0.2,0l0.1,0c0.2,0,0.5,0,0.9-0.1c1.3-0.4,3.9-1.9,11.2-7.9c7.2-6,19.1-16.6,38.8-35.1
c25.1-23.6,37.6-36.2,43.7-43l0.6-0.6l-15-3.6L193.8,103l0.5,0.2L193.8,103l-0.1,0.5l14.1,3.4l0.1-0.5l-0.4-0.3
c-6.1,6.7-18.5,19.3-43.7,42.9c-22.5,21.1-34.7,31.9-41.5,37.3c-3.4,2.7-5.4,4.1-6.7,4.8c-0.6,0.4-1,0.5-1.3,0.6
c-0.3,0.1-0.4,0.1-0.6,0.1l-0.1,0l-0.2,0c-0.1,0-0.2,0-0.5-0.1c-0.4-0.2-1.3-0.6-2.8-1.8c-4.7-3.5-16.2-13.3-45.4-40.4
C40,126.7,27.2,114,20.7,107c-3.3-3.5-5-5.6-5.9-6.8c-0.4-0.6-0.7-1-0.8-1.2C14,98.9,14,98.8,14,98.8l0,0l-0.2,0H14l0,0l-0.2,0H14
h-0.5l0.4,0.2c0.1-0.1,0.1-0.2,0.1-0.2h-0.5l0.4,0.2l0.2-0.4l-0.3-0.3l-0.3,0.3H14c0-0.1,0-0.2-0.2-0.3l-0.3,0.3H14h-0.3l0.3,0.1
l0-0.1h-0.3l0.3,0.1l-0.1,0l0.1,0l0,0l-0.1,0l0.1,0l0-0.1c0.1-0.3,0.6-1,1.9-2.5c3.9-4.6,15.3-16.7,48.3-47.7
c22.4-21.1,34.5-31.8,41.1-37.2c3.3-2.7,5.3-4.1,6.5-4.8c0.6-0.4,1-0.5,1.2-0.6c0.3-0.1,0.4-0.1,0.5-0.1l0.1,0h0
c0.1,0,0.2,0,0.5,0.1c0.4,0.1,1.2,0.5,2.8,1.6c4.8,3.3,16.5,13.1,46.9,41.1c20,18.5,31.9,30.2,39.1,37.7l0.4-0.4l-0.5-0.2l-9.8,17.8
l0.7,0.2L193.8,103"/>
<path fill="#FFE500" d="M193.8,103l8.1-14.8c-6.1-6.8-18.6-19.4-43.9-42.8c-46.3-42.8-48.8-43-50.5-43c-1.7,0-3.3-0.9-49.8,42.9
C5.6,94.4,7.4,96,7.4,96s-1.6,2.7,50.9,51.2c46.8,43.3,47.9,42.4,49.3,42.4c1.4,0,4.1,0.7,50.6-43c23.9-22.5,36.3-35,42.7-41.9
L193.8,103"/>
<path d="M193.8,103l0.7,0.4l8.1-14.8l-0.1-0.9c-6.1-6.8-18.6-19.4-43.9-42.8c-23.2-21.4-35.4-32.2-42-37.6c-3.3-2.7-5.3-4.1-6.5-4.8
c-0.6-0.4-1.1-0.6-1.5-0.7c-0.4-0.1-0.7-0.1-1-0.1l-0.2,0c-0.2,0-0.6,0-1,0.2c-0.7,0.2-1.7,0.7-3.4,1.9c-5,3.6-16.5,13.4-45.8,41
c-24.4,23-37,35.6-43.5,42.5c-3.3,3.4-5,5.5-5.9,6.7c-0.5,0.6-0.7,1-0.9,1.3c-0.2,0.3-0.2,0.5-0.3,0.8c0,0.2,0.1,0.4,0.2,0.6L7.4,96
l-0.7-0.4c-0.1,0.1-0.1,0.3-0.1,0.4c0,0.3,0.1,0.5,0.2,0.8c0.3,0.6,0.9,1.5,2.3,3.2c4.3,5.2,16.1,17.7,48.5,47.7
c22.5,20.8,34.4,31.4,40.9,36.8c3.3,2.7,5.2,4.1,6.4,4.9c0.6,0.4,1.1,0.6,1.4,0.7c0.4,0.1,0.7,0.2,0.9,0.2l0.2,0l0.1,0
c0.2,0,0.6,0,1-0.1c0.7-0.2,1.7-0.7,3.4-1.9c5.2-3.5,17-13.4,46.6-41.1c23.9-22.5,36.3-35,42.8-41.9l-0.4-1.3l-7.1-1.7L193.8,103
l0.7,0.4L193.8,103l-0.2,0.7l7.1,1.7l0.2-0.7l-0.6-0.5c-6.4,6.9-18.8,19.4-42.7,41.9c-22.5,21.1-34.7,31.9-41.5,37.3
c-3.4,2.7-5.4,4.1-6.6,4.8c-0.6,0.3-1,0.5-1.3,0.6c-0.3,0.1-0.4,0.1-0.5,0.1l-0.1,0l-0.2,0c-0.1,0-0.2,0-0.4-0.1
c-0.4-0.1-1.2-0.5-2.7-1.7c-4.6-3.4-16-13.1-45.5-40.4c-24.7-22.9-37.4-35.5-43.9-42.5c-3.3-3.5-5-5.6-5.8-6.8
c-0.4-0.6-0.7-1-0.8-1.2C8.2,96,8.1,96,8.1,96l0,0l-0.4,0.1h0.4l0-0.1l-0.4,0.1h0.4H7.4L8,96.4c0.1-0.1,0.1-0.3,0.1-0.4H7.4L8,96.4
l-0.1-1L7.4,96h0.7c0-0.1,0-0.4-0.2-0.5L7.4,96h0.7H7.6l0.5,0.1l0-0.1H7.6l0.5,0.1l-0.2,0l0.2,0.1l0,0l-0.2,0l0.2,0.1
c0,0,0.3-0.6,1.4-2C13,90,23.9,78.2,58.2,45.9c22.3-21,34.3-31.7,40.9-37.2c3.3-2.7,5.2-4.1,6.4-4.8c0.6-0.3,1-0.5,1.2-0.6
c0.3-0.1,0.4-0.1,0.6-0.1l0.2,0c0.2,0,0.3,0,0.6,0.1c0.4,0.1,1.2,0.5,2.8,1.6c4.7,3.3,16.3,13,46.6,41.1
c25.3,23.4,37.7,36,43.8,42.7l0.6-0.5l-0.7-0.4l-8.1,14.8l0.5,1.1L193.8,103"/>
<g>
<defs>
<path id="SVGID_1_" d="M107.5,3.9L107.5,3.9L107.5,3.9l0.2,0l-0.1,0C107.9,3.9,107.3,3.9,107.5,3.9 M201.3,90.3
c-5.5-6.2-17.3-18.8-44.3-43.8c-40.9-38-48.4-42.1-49.5-42.6c-1.1,0.4-8.5,4.5-48.8,42.5C38.2,65.7,23.6,80,15.3,88.8
c-3.6,3.8-6.1,6.8-6.4,7.1c0.8,1.4,6.5,9.6,50.4,50.2c18.8,17.4,32.6,29.7,41.2,36.7c1.2,1,6.9,5.3,6.9,5.3l0.2,0
c0.6-0.1,7.1-2.5,49.7-42.6c26.2-24.7,38-37.3,43.8-43.6L201.3,90.3 M8.6,96.8c0.2-0.3,0.2-0.5,0.2-0.7l0,0L8.6,96.8"/>
</defs>
<clipPath id="SVGID_2_">
<use xlink:href="#SVGID_1_" overflow="visible"/>
</clipPath>
<path clip-path="url(#SVGID_2_)" fill="#FFE500" d="M90.7,170.7l-5-6l-5.2-5.8l-3.5-3.6c-18.5-18.5-56.1-56.3-56.5-56.6
c-0.1-0.1-0.2-0.2-0.2-0.3v0c0-0.1,0.1-0.2,0.1-0.3c1.6-1.5,38.4-37,58.4-54L109.8,19l-0.9-19l-47,41.9C44.7,57,11.9,93,11.6,93.3
c-0.8,0.7-1.3,1.8-1.3,3c0,1.2,0.5,2.2,1.4,3l0.2,0.2c5.7,5.4,34.6,33,49.3,47.1c5,4.8,6.8,6.3,8.6,7.8l8,6.6L90.7,170.7z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE500" d="M85.5,164.7L85.5,164.7c-0.1-0.1-0.7-0.8-5.2-5.8l-3.5-3.6l-48.6-48.7l-7.9-7.9
l-0.2-0.4l0.2-0.4c3.9-3.8,39-37.5,58.4-54c0,0,30.2-24.4,30.8-24.9c0-0.1-0.9-18-0.9-18.6C108.2,0.8,62,42,62,42
C44.8,57.1,12,93.1,11.7,93.4c-0.8,0.7-1.2,1.8-1.2,2.9c0,1.1,0.5,2.1,1.3,2.9l0,0l0.2,0.2c5.7,5.4,34.6,33,49.3,47.1
c4.9,4.7,6.7,6.2,8.5,7.7l8.1,6.6c0,0,8.9,6.7,11.9,9C88.6,168.4,85.5,164.7,85.5,164.7z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE600" d="M85.4,164.8L85.4,164.8c0,0-0.5-0.5-5.2-5.8l-3.5-3.6l-48.6-48.7l-7.9-7.9
L20,98.3v0c0-0.1,0.2-0.5,0.2-0.5c3.9-3.8,38.9-37.4,58.5-54c0,0,30.2-24.4,30.7-24.9c0-0.1-0.9-17.6-0.9-18.2
c-0.5,0.4-46.5,41.5-46.5,41.5c-17.2,15.1-50,51.1-50.3,51.4c-0.8,0.7-1.2,1.7-1.2,2.8c0,1.1,0.4,2.1,1.3,2.8l0.2,0.2
c10.3,9.8,35.8,34.1,49.3,47.1c4.9,4.7,6.7,6.2,8.5,7.7l8.1,6.6c0,0,9.4,7.1,10.9,8.2C87.7,167.6,85.4,164.8,85.4,164.8z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE600" d="M85.3,164.9l0.1,0.1c-0.2-0.1-0.5-0.6-5.3-5.9l-3.5-3.6l-48.6-48.7l-7.9-7.9
l-0.3-0.5v0c0-0.1,0.2-0.6,0.2-0.6c0.4-0.4,37.8-36.5,58.5-54.1c0,0,30.1-24.3,30.7-24.8c0-0.1-0.9-17.2-0.9-17.8
C108,1.4,62.2,42.2,62.2,42.2c-16.8,14.8-49,50-50.3,51.3c-0.8,0.7-1.2,1.7-1.2,2.7c0,1,0.4,2,1.2,2.7l0.2,0.2
c10.3,9.8,35.7,34,49.3,47.1c4.9,4.7,6.7,6.2,8.5,7.6l8.1,6.6c0,0,8.3,6.3,9.9,7.5C86.9,166.8,85.3,164.9,85.3,164.9z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE600" d="M85.2,165l0.2,0.1c-0.2-0.1-0.4-0.4-5-5.6l-0.3-0.3l-3.5-3.6L28,106.9l-7.9-7.9
l-0.3-0.5l0,0c0-0.1,0.2-0.8,0.2-0.8c0.3-0.3,37.9-36.6,58.6-54.1c0,0,30.1-24.3,30.6-24.8c0-0.1-0.9-16.8-0.9-17.4
c-0.5,0.4-46,41-46,41c-16.9,14.9-49,50-50.3,51.3c-0.7,0.7-1.1,1.6-1.1,2.6c0,1,0.4,1.9,1.2,2.6l0.2,0.2
c10.3,9.8,35.7,34,49.3,47.1c4.9,4.7,6.7,6.2,8.5,7.6l8.1,6.6c0,0,6.3,4.8,8.8,6.7C86.2,166.2,85.2,165,85.2,165z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE707" d="M85.1,165.1L85.1,165.1c-0.4-0.4-1.3-1.5-4.9-5.5l-0.3-0.3l-3.5-3.6L27.9,107
L20,99l-0.3-0.5l0,0c0-0.1,0.2-0.9,0.2-0.9c0.2-0.3,37.8-36.5,58.6-54.2c0,0,30-24.2,30.6-24.7c0-0.1-0.9-16.4-0.9-17.1
c-0.5,0.4-45.8,40.8-45.8,40.8c-17,14.9-49,50-50.3,51.3c-0.7,0.6-1.1,1.5-1.1,2.5c0,0.9,0.4,1.8,1.1,2.5l0.2,0.2
c10.3,9.8,35.6,33.9,49.3,47.1c4.9,4.7,6.7,6.2,8.5,7.6l8.1,6.6c0,0,6.5,5,7.8,5.9C85.5,165.6,85.1,165.1,85.1,165.1z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE71C" d="M85,165.2L85,165.2l-5.2-5.8l-3.4-3.6l-48.6-48.7l-7.9-7.9l-0.3-0.6l0,0
c0-0.2,0.2-1,0.2-1c0.2-0.2,37.4-36.2,58.6-54.3c0,0,30-24.2,30.5-24.7c0-0.1-0.9-16-0.9-16.7c-0.5,0.4-45.5,40.6-45.5,40.6
C46,57,15.5,90.6,12.2,93.9c-0.7,0.6-1.1,1.5-1.1,2.4c0,0.9,0.4,1.7,1.1,2.4l0.2,0.2c10.2,9.7,35.5,33.8,49.3,47.1
c4.9,4.7,6.7,6.2,8.4,7.6l8.1,6.6c0,0,5.4,4.1,6.8,5.1L85,165.2z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE829" d="M79.7,159.5l-3.4-3.6l-48.6-48.7l-7.9-7.9l-0.4-0.6l0,0c0-0.2,0.1-1.1,0.1-1.1
c0.1-0.2,37.5-36.4,58.7-54.4c0,0,29.9-24.2,30.5-24.6c0-0.1-0.9-15.7-0.9-16.3c-0.5,0.4-45.3,40.4-45.3,40.4
c-16.5,14.5-47,48-50.3,51.3c-0.6,0.6-1,1.4-1,2.3c0,0.9,0.4,1.7,1,2.3l0.2,0.2c10.2,9.7,35.4,33.7,49.3,47.1
c4.9,4.7,6.7,6.2,8.4,7.6c0,0,0,0,8.1,6.7c0,0,3.8,2.8,5.7,4.3C82.9,163.1,79.7,159.5,79.7,159.5z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE833" d="M79.6,159.6l-3.4-3.6l-48.6-48.7l-7.9-7.9l-0.4-0.6l0,0c0-0.2,0.1-1.2,0.1-1.2
c0.1-0.2,37-36,58.7-54.4c0,0,29.9-24.1,30.4-24.6c0-0.1-0.9-15.3-0.9-15.9c-0.5,0.4-45,40.1-45,40.1c-16.4,14.4-47,48-50.3,51.3
c-0.6,0.6-1,1.4-1,2.2c0,0.8,0.3,1.6,1,2.2l0.2,0.2c10.1,9.7,35.3,33.6,49.3,47.1c4.9,4.7,6.7,6.2,8.4,7.6l-0.2,0
c0.2,0,1,0.7,7.5,6l0.8,0.7c0,0,3.7,2.8,4.5,3.4C81.8,162,79.6,159.6,79.6,159.6z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE93C" d="M79.5,159.6L79.5,159.6l-3.4-3.6l-48.6-48.7l-7.9-7.9l-0.4-0.7l0,0
c0-0.2,0.1-1.2,0.1-1.2C19.3,97.4,56.3,61.4,78,43c0,0,29.8-24.1,30.4-24.6c0-0.1-0.9-14.9-0.9-15.5c-0.5,0.4-44.8,39.9-44.8,39.9
c-16.4,14.4-47,48-50.3,51.3c-0.6,0.5-0.9,1.3-0.9,2.1c0,0.8,0.3,1.5,0.9,2.1l0.2,0.2c10.2,9.7,35.3,33.6,49.3,47.1
c4.8,4.7,6.7,6.2,8.4,7.6l0,0l0,0c0.5,0.3,1.9,1.4,7.3,5.9l0.8,0.7c0,0,2,1.5,3.3,2.5C81.4,161.8,79.5,159.6,79.5,159.6z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE944" d="M79.4,159.7L79.4,159.7l-3.4-3.5l-48.6-48.7l-7.9-7.9L19,98.9l0-0.1l0.1-1.3
c0.1-0.1,36.6-35.8,58.8-54.6c0,0,29.8-24,30.3-24.5c0-0.1-0.9-14.5-0.9-15.1C106.9,3.7,62.9,43,62.9,43
C46.5,57.4,15.9,91,12.6,94.3c-0.6,0.5-0.9,1.2-0.9,2c0,0.7,0.3,1.4,0.9,2l0.2,0.2C23,108,48.1,132,62.1,145.5
c4.8,4.7,6.6,6.2,8.4,7.6c0.5,0.4,8.1,6.6,8.1,6.6c0,0,1.1,0.8,2,1.5C80,160.5,79.4,159.7,79.4,159.7z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEA4B" d="M79.2,159.8L79.2,159.8l-3.4-3.5l-48.6-48.7l-7.9-7.9l-0.4-0.7l0-0.2l0.1-1.3
c0.2-0.5,37.7-36.8,58.9-54.7c0,0,29.7-24,30.3-24.5c0-0.1-0.9-14.1-0.9-14.7C106.8,4,63,43.1,63,43.1C46.6,57.5,16,91.1,12.7,94.4
c-0.5,0.5-0.8,1.2-0.8,1.9c0,0.7,0.3,1.4,0.8,1.8l0.2,0.2c10.2,9.7,35.3,33.6,49.3,47.1c4.8,4.7,6.6,6.1,8.4,7.6l8.2,6.7
c0,0,0.2,0.1,0.8,0.6C79.5,160.1,79.2,159.8,79.2,159.8z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEA52" d="M75.7,156.4l-48.6-48.7l-7.9-7.9L18.8,99l-0.1-0.3l0.1-1.3
C19,97,56.5,60.6,77.7,42.6c0,0,29.7-23.9,30.2-24.4c0-0.1-0.9-13.7-0.9-14.3c-0.5,0.4-44,39.3-44,39.3
c-16.4,14.4-46.9,48-50.2,51.3c-0.5,0.5-0.8,1.1-0.8,1.7c0,0.7,0.3,1.3,0.8,1.7l0.2,0.2c10.1,9.7,35.3,33.6,49.3,47.1
c4.8,4.7,6.6,6.1,8.4,7.6c0,0,6.3,5.2,7.4,6.1C77.1,157.9,75.7,156.4,75.7,156.4z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEB58" d="M75.6,156.5L27,107.8l-7.9-7.9l-0.5-0.8l-0.1-0.3c0-0.1,0.1-1.3,0.1-1.3
c0.2-0.5,37.7-36.9,59-54.9c0,0,29.6-23.9,30.2-24.4c0-0.1-0.9-13.3-0.9-13.9c-0.5,0.4-43.8,39.1-43.8,39.1
C46.9,57.6,16.3,91.3,13,94.6c-0.5,0.4-0.8,1-0.8,1.6c0,0.6,0.3,1.2,0.7,1.6l0.2,0.2c10.1,9.6,35.2,33.5,49.3,47.1
c4.8,4.7,6.6,6.1,8.3,7.5c0,0,5.2,4.2,5.6,4.5C76,156.9,75.6,156.5,75.6,156.5z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEB5E" d="M26.9,107.9L19,100l-0.5-0.8l-0.1-0.2l0-0.2l0.1-1.3c0.2-0.5,37.7-36.9,59-55
c0,0,29.6-23.9,30.1-24.3c0-0.1-0.9-12.9-0.9-13.5C106.3,5,63.3,43.4,63.3,43.4C47,57.7,16.4,91.4,13.1,94.7
c-0.5,0.4-0.7,1-0.7,1.5c0,0.6,0.2,1.1,0.7,1.5l0.2,0.2c10.1,9.6,35.1,33.4,49.3,47.1c4.8,4.7,6.6,6.1,8.3,7.5c0,0,1.9,1.5,3.5,2.8
C70.2,151.2,54.3,135.3,26.9,107.9z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEC64" d="M18.9,100.1l-0.5-0.8L18.3,99l0-0.2l0.1-1.4c0.2-0.5,37.7-37,59.1-55.1
c0,0,29.5-23.8,30.1-24.3c0-0.1-0.9-12.5-0.9-13.1c-0.5,0.4-43.3,38.6-43.3,38.6c-16.3,14.3-46.9,48-50.2,51.3
c-0.4,0.4-0.7,0.9-0.7,1.4c0,0.5,0.2,1,0.6,1.4l0.2,0.2c10.1,9.6,35.2,33.5,49.3,47.1c4.8,4.7,6.6,6.1,8.3,7.5c0,0,0.6,0.5,1.2,1
C68.6,149.9,18.9,100.1,18.9,100.1z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEC64" d="M18.8,100.2L18.8,100.2l-0.6-0.8L18.1,99c0-0.1,0-0.2,0-0.2l0.1-1.4
c0.2-0.5,37.7-37,59.2-55.2c0,0,29.5-23.8,30-24.2c0-0.1-0.9-12.1-0.9-12.7c-0.5,0.4-43,38.4-43,38.4c-16.2,14.2-46.9,48-50.2,51.3
c-0.4,0.4-0.6,0.9-0.6,1.3c0,0.5,0.2,1,0.6,1.3l0.2,0.2c10.1,9.6,35.2,33.5,49.3,47.1c3.9,3.8,5.8,5.4,7.3,6.7
C66.2,147.7,18.8,100.2,18.8,100.2z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEC6A" d="M18.7,100.3L18.7,100.3l-0.6-0.9L18,99.1l0-0.2l0.1-1.4
c0.2-0.5,37.7-37.1,59.2-55.3c0,0,29.4-23.7,30-24.2c0-0.1-0.9-11.7-0.9-12.3C105.9,6,63.6,43.7,63.6,43.7
C47.4,58,16.7,91.7,13.4,95c-0.4,0.3-0.6,0.8-0.6,1.2c0,0.4,0.2,0.9,0.6,1.2l0.2,0.2c7.9,7.5,34.6,33,49.3,47.1
c1.6,1.6,2.9,2.8,3.9,3.7C61.3,142.9,18.7,100.3,18.7,100.3z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEC6A" d="M18.6,100.4L18.6,100.4L18,99.5l-0.1-0.4l-0.1-0.3l0.1-1.4
c0.1-0.5,37.7-37.2,59.3-55.4c0,0,29.4-23.7,29.9-24.2c0-0.1-0.9-11.3-0.9-11.9c-0.5,0.4-42.5,38-42.5,38
c-16.2,14.2-46.9,48-50.2,51.3c-0.3,0.3-0.5,0.7-0.5,1.1c0,0.4,0.2,0.8,0.5,1.1l0.2,0.2c7,6.7,29.2,27.8,44.3,42.3
C46.2,128,18.6,100.4,18.6,100.4z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFED75" d="M18.5,100.5L18.5,100.5l-0.6-0.9l-0.2-0.4l-0.1-0.3l0.1-1.5
c0.1-0.5,37.7-37.2,59.3-55.5c0,0,29.3-23.6,29.9-24.1c0-0.1-0.9-10.9-0.9-11.5C105.6,6.6,63.8,44,63.8,44
C47.6,58.2,16.9,91.9,13.6,95.2c-0.3,0.3-0.5,0.7-0.5,1c0,0.4,0.2,0.7,0.5,1c0,0,22.8,21.8,35.7,34.1
C38.8,120.8,18.5,100.5,18.5,100.5z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEE7B" d="M18.4,100.6l-0.1-0.1l-0.5-0.8l-0.2-0.4l-0.1-0.4l0.1-1.5
c0.1-0.5,37.7-37.3,59.4-55.6c0,0,29.3-23.6,29.8-24.1c0-0.1-0.9-10.6-0.9-11.1c-0.5,0.4-42,37.5-42,37.5
C47.7,58.3,17,92,13.7,95.3c-0.3,0.3-0.5,0.6-0.5,0.9c0,0.3,0.1,0.6,0.4,0.9c0,0,17.9,17.1,27,25.7
C31.7,113.9,18.4,100.6,18.4,100.6z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEE80" d="M18.3,100.7l-0.1-0.1l-0.5-0.8l-0.2-0.4l-0.1-0.4l0.1-1.5
c0.1-0.5,37.7-37.4,59.4-55.7c0,0,29.2-23.6,29.8-24c0-0.1-0.9-10.2-0.9-10.8C105.3,7.3,64,44.2,64,44.2
C47.9,58.3,17.1,92.1,13.8,95.4c-0.3,0.2-0.4,0.5-0.4,0.8c0,0.3,0.1,0.6,0.4,0.8c0,0,11.8,11.2,18.2,17.4
C25.5,107.9,18.3,100.7,18.3,100.7z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFEF85" d="M18.2,100.8l-0.1-0.2l0,0c-0.1-0.1-0.2-0.3-0.6-0.9l-0.2-0.5l-0.1-0.4l0.1-1.5
c0.1-0.5,37.8-37.4,59.5-55.8c0,0,29.2-23.5,29.7-24c0-0.1-0.9-9.8-0.9-10.4c-0.5,0.4-41.6,37.1-41.6,37.1
C48,58.4,17.2,92.2,13.9,95.5c-0.2,0.2-0.4,0.5-0.4,0.7c0,0.2,0.1,0.5,0.3,0.7c0,0,6.8,6.4,9.5,9C20.9,103.5,18.2,100.8,18.2,100.8
z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF08A" d="M18.1,100.9L18.1,100.9L18.1,100.9z M17.4,99.9l-0.2-0.5l-0.1-0.5v0l0.1-1.6
c0.1-0.5,37.8-37.5,59.5-55.9c0,0,29.1-23.5,29.7-23.9c0-0.1-0.9-9.4-0.9-10C105,7.9,64.2,44.4,64.2,44.4
C48.1,58.5,17.3,92.3,14,95.6c-0.2,0.2-0.3,0.4-0.3,0.6c0,0.2,0.1,0.4,0.3,0.6c0,0,2.5,2.4,3.8,3.6C17.6,100.2,17.4,99.9,17.4,99.9
z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF08F" d="M17.3,100L17.3,100L17.3,100z M17,99.4L16.9,99v0l0.1-1.6
c0.1-0.5,37.8-37.6,59.6-56c0,0,29.1-23.4,29.6-23.9c0-0.1-0.9-9-0.9-9.6c-0.5,0.4-41.1,36.7-41.1,36.7
c-16,14.1-46.8,47.9-50.2,51.2c-0.2,0.2-0.3,0.4-0.3,0.5c0,0.2,0.1,0.3,0.2,0.5c0,0,2.2,2.1,3.1,2.9L17,99.4z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF194" d="M16.8,99c0-0.1,0.1-1.7,0.1-1.7c0.1-0.5,37.8-37.6,59.6-56.1
c0,0,29-23.4,29.6-23.9c0-0.1-0.9-8.6-0.9-9.2c-0.5,0.4-40.8,36.4-40.8,36.4c-16,14-46.8,47.9-50.2,51.2L14,96.2l0.2,0.4
c0,0,2.3,2.2,2.7,2.5L16.8,99z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF199" d="M16.7,97.3c0.1-0.5,37.8-37.7,59.7-56.2c0.3-0.2,28.5-23,29.5-23.8
c0-0.1-0.1-2-0.1-2s-0.8-6.2-0.8-6.8c-0.5,0.4-40.6,36.2-40.6,36.2c-12.4,10.9-34,34-44.4,45.1l-5.8,6.1l0,0c0,0-0.1,0.2-0.2,0.3
l0.1,0.3c0,0,1.7,1.6,2.4,2.3C16.7,98.4,16.7,97.3,16.7,97.3z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF29E" d="M16.6,97.3L16.6,97.3c0.1-0.5,37.8-37.8,59.7-56.3c0,0,28.9-23.3,29.5-23.8
c0-0.1-0.1-2-0.1-2s-0.7-5.1-0.8-6.4c-0.5,0.4-40.3,36-40.3,36c-12.5,10.9-34,34-44.3,45.1L14.4,96l0-0.1c0,0-0.1,0.2-0.2,0.4
l0.1,0.2l-0.1,0c0.2,0.1,0.7,0.6,2.2,2C16.5,98.1,16.6,97.3,16.6,97.3z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF2A3" d="M16.4,97.3L16.4,97.3c0.1-0.5,37.9-37.9,59.8-56.5c0,0,28.8-23.2,29.4-23.7
c0-0.1-0.1-1.9-0.1-1.9s-0.7-4.9-0.8-6.1c-0.5,0.4-40.1,35.8-40.1,35.8c-12.4,10.9-34,34-44.3,45c0,0,0,0-5.8,6.2l0,0l0,0.1
l0.1,0.2l-0.1-0.1c0.2,0.1,0.7,0.6,2,1.8C16.4,97.8,16.4,97.3,16.4,97.3z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF3A8" d="M16.3,97.3L16.3,97.3c0.1-0.5,37.9-38,59.8-56.6c0,0,0,0,16-13.2
c0,0,13.3-10.4,13.4-10.5c0-0.1-0.8-6.4-0.8-7.6C104.2,9.8,64.8,45,64.8,45C52.3,56,30.8,79,20.5,90l0,0c-0.1,0.1-0.3,0.4-0.9,0.9
l-5,5.3l0.1,0.1c0.2,0.2,0.7,0.6,1.6,1.5C16.3,97.6,16.3,97.3,16.3,97.3z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF4AC" d="M16.1,97.3l0-0.1c0.1-0.4,37.9-37.9,59.9-56.5l0,0c0.1-0.1,0.2-0.2,0.5-0.4
c0,0,28.7-23.2,28.8-23.3c0-0.1-0.8-6.7-0.8-7.3c-0.5,0.4-39.6,35.4-39.6,35.4c-12.4,10.9-34,33.9-44.3,45L19.8,91
c-0.1,0.1-4.5,4.7-4.9,5.2c0.1,0.2,0.9,0.9,1.3,1.3L16.1,97.3z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF4B1" d="M65,45.3C52.5,56.2,31,79.2,20.7,90.2l-0.8,0.8c0,0-4.3,4.6-4.8,5.1
c0.1,0.1,0.7,0.7,1,0.9c0.1-0.5,38-38,59.9-56.6l0.5-0.4c0,0,28.1-22.7,28.8-23.2c0-0.1-0.2-1.7-0.2-1.7c-0.2-1.8-0.5-4.4-0.6-5.2
C104,10.4,65,45.3,65,45.3z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF5B5" d="M65.1,45.4c-12.4,10.9-33.9,33.9-44.3,45c0,0-5,5.3-5.6,5.9
c0.1,0.1,0.6,0.6,0.8,0.7c2.5-2.7,38.6-38.5,59.8-56.5l0.5-0.4c0,0,27.9-22.5,28.7-23.2c0-0.1-0.2-1.6-0.2-1.6s-0.4-3.9-0.5-4.9
C103.9,10.7,65.1,45.4,65.1,45.4z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF5B9" d="M65.1,45.5C52.7,56.4,31.2,79.4,20.9,90.4c0,0-5.3,5.6-5.5,5.8
c0.1,0.1,0.4,0.4,0.6,0.5c3.1-3.3,38.8-38.7,59.7-56.4l0.5-0.4c0,0,28.5-23,28.7-23.1c0-0.1-0.2-1.5-0.2-1.5c0,0-0.4-3.6-0.5-4.6
C103.7,11,65.1,45.5,65.1,45.5z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF6BE" d="M65.2,45.6C52.8,56.5,31.4,79.5,21,90.5c0,0-5.2,5.5-5.4,5.7
c0.1,0.1,0.3,0.3,0.4,0.3c3.5-3.8,38.7-38.6,59.6-56.4l0.5-0.4c0,0,0,0,16-12.9c0,0,12.5-10.1,12.6-10.2c0-0.1-0.2-1.5-0.2-1.5
c0,0-0.4-3.9-0.5-4.4C103.6,11.3,65.2,45.6,65.2,45.6z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF6C2" d="M65.3,45.7C52.9,56.6,31.5,79.6,21.1,90.6c0,0,0,0-2.8,2.9c0,0-2.3,2.5-2.5,2.7
l0.1,0.1c3.9-4.2,38.8-38.6,59.5-56.3l0.5-0.4l0,0.1c0.1-0.1,0.6-0.5,2.8-2.3c0,0,25.7-20.7,25.8-20.8c0-0.1-0.2-1.4-0.2-1.4
c0,0-0.4-3.7-0.5-4.1C103.5,11.6,65.3,45.7,65.3,45.7z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFF7C6" d="M65.4,45.8C53,56.7,31.6,79.7,21.2,90.7v0c0,0.1-0.2,0.2-0.5,0.6
c0,0-0.9,1-1.6,1.7c10-10,38.4-37.8,56.3-53l0.5-0.4l0,0.1c0.1-0.2,0.4-0.5,2.8-2.4c0,0,25.6-20.7,25.7-20.8c0-0.1-0.1-1.3-0.1-1.3
c0,0-0.4-3.5-0.4-3.8C103.4,11.9,65.4,45.8,65.4,45.8z"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE500" d="M124.3,22.5l5,6l5.2,5.8L138,38c18.5,18.5,56.1,56.3,56.5,56.6
c0.1,0.1,0.2,0.2,0.2,0.3v0c0,0.1-0.1,0.2-0.1,0.3c-1.6,1.5-38.4,37-58.4,54l-30.8,24.9l0.9,19l47-41.9
c17.2-15.1,50-51.1,50.3-51.4c0.8-0.7,1.3-1.8,1.3-3c0-1.2-0.5-2.2-1.3-3l-0.2-0.2c-5.7-5.4-34.6-33-49.3-47.1
c-5-4.8-6.8-6.3-8.6-7.8l-8-6.6L124.3,22.5"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE500" d="M200.9,101.7c-2.6,2.8-7.4,7.9-13.1,14c4.5-4.6,7.9-8.2,10.4-10.9
c0.4-0.5,0.8-0.9,1.2-1.3c0.5-0.6,1-1.1,1.5-1.6L200.9,101.7 M126.2,24.3c1.1,1.3,3.4,4.1,3.4,4.1l-0.1-0.1
c0.1,0.1,0.6,0.6,5.3,5.9l3.5,3.6l48.6,48.7l7.9,7.9l0.2,0.4v0c0,0.1-0.2,0.5-0.2,0.5c-4,3.8-38.9,37.4-58.5,54
c0,0-30.2,24.4-30.7,24.9c0,0.1,0.4,7.6,0.6,13c0.1,0.1,0.2,0.2,0.3,0.3c-0.3-5.1-0.7-13-0.7-13.1c0.6-0.5,30.6-24.8,30.6-24.8
c20.6-17.5,58.2-53.8,58.5-54.1c0,0,0.2-0.6,0.2-0.8l0,0l-0.3-0.5l-7.9-7.9l-48.6-48.7L135,34l-0.3-0.3c-4.6-5.2-4.9-5.5-5-5.6
l0.2,0.1c0,0-1-1.2-1.7-2.1c2.5,1.9,8.8,6.7,8.8,6.7l8.1,6.6c1.8,1.4,3.6,2.9,8.5,7.6c12.9,12.5,36.7,35.1,47.8,45.7l0-0.4
c-11.2-10.7-34.8-33.1-47.6-45.5c-4.9-4.7-6.7-6.2-8.5-7.7l-8.1-6.6C137,32.5,127.6,25.4,126.2,24.3"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE400" d="M200.9,101.2c-3.9,4.2-12.8,13.8-22.5,23.9c3.6-3.5,6.7-6.6,9.4-9.4
c5.7-6.1,10.5-11.2,13.1-14L200.9,101.2 M128,26.1c0.8,0.9,1.7,2.1,1.7,2.1l-0.2-0.1c0.2,0.1,0.4,0.4,5,5.6L135,34l3.5,3.6
L187,86.3l7.9,7.9l0.3,0.5l0,0c0,0.1-0.2,0.8-0.2,0.8c-0.3,0.3-37.9,36.6-58.5,54.1c0,0-30.1,24.3-30.6,24.8c0,0.1,0.4,8,0.7,13.1
c0.1,0.1,0.2,0.2,0.3,0.3c-0.3-4.9-0.7-13.2-0.7-13.3c0.6-0.5,30.5-24.7,30.5-24.7c21.2-18,58.5-54,58.6-54.3c0,0,0.2-0.8,0.2-1
l0,0l-0.3-0.6l-7.9-7.9l-48.6-48.7l-3.4-3.6L130,28l0,0l-0.1-0.1c1.4,1,6.8,5.1,6.8,5.1l8.1,6.6c1.8,1.4,3.6,2.9,8.4,7.6
c13.3,12.8,37,35.5,48,45.9l0-0.4c-11.1-10.6-34.8-33.2-47.8-45.7c-4.9-4.7-6.7-6.2-8.5-7.6l-8.1-6.6C136.9,32.8,130.6,28,128,26.1
"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE400" d="M142.7,159c-5.4,4.8-12.2,10.9-18.4,16.4C129,171.3,135,166,142.7,159
M200.9,100.8c-4.7,5-17.5,18.9-30,31.6c2.7-2.6,5.2-5,7.5-7.3c9.7-10.1,18.6-19.7,22.5-23.9L200.9,100.8 M129.9,27.9L130,28l0,0
l5.2,5.8l3.4,3.6l48.6,48.7l7.9,7.9l0.3,0.6l0,0c0,0.2-0.2,1-0.2,1c-0.2,0.2-37.4,36.2-58.6,54.3c0,0-30,24.2-30.5,24.7
c0,0.1,0.5,8.4,0.7,13.3c0.1,0.1,0.3,0.2,0.3,0.3c-0.2-4.5-0.7-13.3-0.7-13.4c0.6-0.5,30.4-24.6,30.4-24.6
c21.7-18.4,58.6-54.3,58.7-54.4c0,0,0.1-0.9,0.1-1.2l0,0l-0.4-0.6l-7.9-7.9l-48.6-48.7l-3.4-3.6c0,0-2.2-2.4-3.4-3.8
c0.8,0.6,4.4,3.4,4.5,3.4l0.8,0.7c6.5,5.3,7.3,6,7.5,6l-0.2,0c1.8,1.4,3.6,2.9,8.4,7.6c13.5,13.1,37.4,35.8,48.1,46l0-0.4
c-10.9-10.4-34.7-33-48-45.9c-4.9-4.7-6.7-6.2-8.4-7.6l-8.1-6.6C136.7,33,131.3,28.9,129.9,27.9"/>
<path clip-path="url(#SVGID_2_)" fill="#FFE100" d="M153.8,148.7c-0.6,0.5-1.2,1-1.7,1.5c0,0-21.6,19.3-34.8,31
c1.9-1.6,4.2-3.5,7-5.8c6.2-5.6,13.1-11.7,18.4-16.4C146.1,155.9,149.8,152.4,153.8,148.7 M201,100.3c-5.7,6-24.9,27-39.9,41.5
c3.6-3.4,6.9-6.6,9.9-9.5c12.5-12.7,25.3-26.6,30-31.6L201,100.3 M132,29.9c1.2,1.3,3.4,3.8,3.4,3.8l3.4,3.6l48.6,48.7l7.9,7.9
l0.4,0.6l0,0c0,0.2-0.1,1.2-0.1,1.2c-0.1,0.2-37,36-58.7,54.4c0,0-29.9,24.1-30.4,24.6c0,0.1,0.5,8.9,0.7,13.4
c0.1,0.1,0.1,0.1,0.1,0.1l0.2,0c0,0,0,0,0,0c-0.2-4-0.8-13.2-0.8-13.3c0.6-0.5,30.3-24.5,30.3-24.5c22.2-18.9,58.8-54.5,58.8-54.6
l0.1-1.3l0-0.1l-0.4-0.7l-7.9-7.9L139.1,37l-3.4-3.6l0,0c0,0-0.7-0.8-1.4-1.5c0.9,0.7,2,1.5,2,1.5c0,0,7.7,6.3,8.1,6.6
c1.7,1.4,3.6,2.9,8.4,7.6c13.6,13.1,37.6,36,48.3,46.2l0-0.4c-10.8-10.3-34.6-33-48.1-46c-4.9-4.7-6.7-6.2-8.4-7.6l0.2,0
c-0.2,0-1-0.7-7.5-6l-0.8-0.7C136.5,33.2,132.8,30.5,132,29.9"/>
<path clip-path="url(#SVGID_2_)" fill="#FFDE00" d="M201,99.9c-6.6,6.9-33.9,36.8-49.1,50.1c0,0-26.4,23.5-38.3,34.2
c1.1-0.8,2.3-1.8,3.7-2.9c13.1-11.7,34.8-31,34.8-31c0.6-0.5,1.1-1,1.7-1.5c1.1-1,2.2-2.1,3.3-3.1c1.3-1.3,2.6-2.5,3.9-3.7
c15-14.6,34.2-35.5,39.9-41.5L201,99.9 M134.3,31.9c0.7,0.7,1.4,1.5,1.4,1.5l0,0l3.4,3.6l48.6,48.7l7.9,7.9l0.4,0.7l0,0.1l-0.1,1.3
c-0.1,0.1-36.6,35.8-58.8,54.6c0,0-29.8,24-30.3,24.5c0,0.1,0.6,9.3,0.8,13.3c0.1,0,0.2,0,0.3-0.1c-0.2-3.5-0.8-13-0.8-13.1
c0.6-0.5,30.2-24.4,30.2-24.4c21.2-18,58.8-54.4,58.9-54.8l0.1-1.3l-0.1-0.3l-0.5-0.7l-7.9-7.9l-48.6-48.7c0,0-1.4-1.5-2.4-2.5
c1.1,0.9,7.4,6.1,7.4,6.1c1.7,1.4,3.5,2.9,8.4,7.6c13.7,13.2,37.9,36.3,48.5,46.4l0-0.4c-10.7-10.2-34.8-33.1-48.3-46.2
c-4.8-4.7-6.6-6.2-8.4-7.6c-0.5-0.4-8.1-6.6-8.1-6.6C136.3,33.5,135.2,32.6,134.3,31.9"/>
<path clip-path="url(#SVGID_2_)" fill="#FFDA00" d="M201,99.4c-6.1,6.5-34,36.9-49.3,50.3c0,0-30.8,27.5-40.6,36.2
c0.7-0.5,1.5-1.1,2.5-1.8c11.9-10.6,38.3-34.2,38.3-34.2c15.2-13.3,42.5-43.2,49.1-50.1L201,99.4 M136.8,34.3c1,1,2.4,2.5,2.4,2.5
l48.6,48.7l7.9,7.9l0.5,0.7l0.1,0.3l-0.1,1.3c-0.2,0.5-37.7,36.8-58.9,54.8c0,0-29.7,23.9-30.2,24.4c0,0.1,0.6,9.6,0.8,13.1
c0.1,0,0.2-0.1,0.3-0.2c-0.2-2.8-0.8-12.7-0.8-12.8c0.6-0.5,30.1-24.3,30.1-24.3c21.3-18.1,58.9-54.6,59-55l0.1-1.3l0-0.2l-0.1-0.2
l-0.5-0.8l-7.9-7.9c-27.4-27.5-43.3-43.4-47.4-47.5c1.6,1.3,3.5,2.8,3.5,2.8c1.7,1.4,3.5,2.9,8.3,7.5
c13.9,13.4,38.3,36.7,48.7,46.6l0-0.4c-10.6-10.1-34.8-33.2-48.5-46.4c-4.8-4.7-6.6-6.1-8.4-7.6C144.3,40.3,138,35.2,136.8,34.3"/>
<path clip-path="url(#SVGID_2_)" fill="#FFD800" d="M201,99c-5.6,5.9-34.1,37-49.5,50.6c0,0-36,32.2-42.2,37.6
c0.5-0.3,1.1-0.7,1.8-1.2c9.8-8.7,40.6-36.2,40.6-36.2c15.3-13.4,43.2-43.9,49.3-50.3L201,99 M140.6,37.7
c4.2,4.2,20,20.1,47.4,47.5l7.9,7.9l0.5,0.8l0.1,0.2l0,0.2l-0.1,1.3c-0.2,0.5-37.7,36.9-59,55c0,0-29.6,23.9-30.1,24.3
c0,0.1,0.7,9.9,0.8,12.8c0.1,0,0.2-0.1,0.3-0.2c-0.1-1.8-0.9-12.4-0.9-12.5c0.6-0.5,30-24.2,30-24.2c21.4-18.2,59-54.8,59.1-55.2
l0.1-1.4c0,0,0-0.1,0-0.2l-0.1-0.3l-0.5-0.8l0,0c0,0-47.4-47.5-51.2-51.4c1.5,1.2,3.4,2.9,7.3,6.7c13.9,13.4,38.6,36.9,48.9,46.8
l0-0.4c-10.4-9.9-34.8-33.1-48.7-46.6c-4.8-4.7-6.6-6.1-8.3-7.5C144.1,40.6,142.2,39,140.6,37.7"/>
<path clip-path="url(#SVGID_2_)" fill="#FFD700" d="M144.9,41.6c3.8,3.8,51.2,51.4,51.2,51.4l0,0l0.5,0.8l0.1,0.3
c0,0.1,0,0.2,0,0.2l-0.1,1.4c-0.2,0.5-37.7,37-59.1,55.2c0,0-29.5,23.8-30,24.2c0,0.1,0.8,10.6,0.9,12.5c0.2-0.1,0.5-0.3,0.9-0.5
c6.1-5.5,42.2-37.6,42.2-37.6C166.9,136,195.4,104.9,201,99l0-0.4c-5.1,5.3-34.1,37.1-49.7,50.8c0,0-42,37.5-42.5,38
c0-0.6-0.9-11.8-0.9-11.9c0.6-0.5,29.9-24.2,29.9-24.2c21.5-18.3,59.1-55,59.2-55.4l0.1-1.4l-0.1-0.3l-0.1-0.4l-0.5-0.8l-0.1-0.1
c0,0-27.6-27.7-39.3-39.4c15,14.4,36.9,35.2,44.1,42.1l0-0.4c-10.4-9.9-35-33.3-48.9-46.8C148.3,44.5,146.4,42.9,144.9,41.6"/>
<path clip-path="url(#SVGID_2_)" fill="#FED500" d="M157.1,53.4c11.7,11.8,39.3,39.4,39.3,39.4l0.1,0.1l0.5,0.8l0.1,0.4l0.1,0.3
l-0.1,1.4c-0.1,0.5-37.7,37.2-59.2,55.4c0,0-29.4,23.7-29.9,24.2c0,0.1,0.9,11.3,0.9,11.9c0.5-0.4,42.5-38,42.5-38
c15.6-13.7,44.7-45.5,49.7-50.8l0-0.4c-4.3,4.4-34.1,37.1-49.9,51c0,0-41.6,37.1-42,37.5c0-0.6-0.9-11-0.9-11.1
c0.6-0.5,29.8-24.1,29.8-24.1c21.6-18.3,59.2-55.2,59.3-55.6l0.1-1.5l-0.1-0.4l-0.2-0.4l-0.5-0.8l-0.1-0.1c0,0-13.3-13.3-22.2-22.3
c8.5,8.1,24.8,23.7,26.8,25.6l0-0.4C193.9,88.6,172,67.8,157.1,53.4"/>
<path clip-path="url(#SVGID_2_)" fill="#FED400" d="M174.4,70.3c8.9,8.9,22.2,22.3,22.2,22.3l0.1,0.1l0.5,0.8l0.2,0.4l0.1,0.4
l-0.1,1.5c-0.1,0.5-37.7,37.3-59.3,55.6c0,0-29.3,23.6-29.8,24.1c0,0.1,0.9,10.6,0.9,11.1c0.5-0.4,42-37.5,42-37.5
c15.8-13.9,45.6-46.6,49.9-51l0-0.4c-3.4,3.4-34.1,37.1-50.2,51.2c0,0-41.1,36.7-41.5,37.1c0-0.6-0.9-10.2-0.9-10.4
c0.6-0.5,29.7-24,29.7-24c21.7-18.4,59.3-55.4,59.4-55.8l0.1-1.5l-0.1-0.4l-0.2-0.5c-0.4-0.5-0.5-0.8-0.6-0.9l0,0l-0.1-0.2
c0,0-2.7-2.7-5.1-5.1c2.6,2.5,9.1,8.7,9.4,9l0-0.4C199.1,94,182.8,78.4,174.4,70.3"/>
<path clip-path="url(#SVGID_2_)" fill="#FDD200" d="M197.7,93.2L197.7,93.2L197.7,93.2 M191.7,87.2c2.4,2.4,5.1,5.1,5.1,5.1
l0.1,0.2l0,0c0.1,0.1,0.2,0.3,0.6,0.9l0.2,0.5l0.1,0.4l-0.1,1.5c-0.1,0.5-37.8,37.4-59.4,55.8c0,0-29.2,23.5-29.7,24
c0,0.1,0.9,9.8,0.9,10.4c0.5-0.4,41.5-37.1,41.5-37.1c16.1-14.1,46.7-47.8,50.2-51.2l0-0.5c0,0.1-0.1,0.2-0.2,0.3
c-3.3,3.3-34.2,37.2-50.2,51.2c0,0-40.6,36.2-41.1,36.7c0-0.6-0.9-9.4-0.9-9.6c0.6-0.5,29.6-23.9,29.6-23.9
c21.8-18.5,59.4-55.6,59.6-56l0.1-1.6v0l-0.1-0.5l-0.1-0.2c0.9,0.9,3.1,2.9,3.1,2.9c0.1,0.1,0.1,0.2,0.2,0.2l0-0.5
C200.8,96,194.3,89.8,191.7,87.2"/>
<path clip-path="url(#SVGID_2_)" fill="#FDD000" d="M109.9,184.7c0-0.6-0.7-6.8-0.7-6.8s-0.2-1.9-0.2-2c1-0.8,29.2-23.6,29.5-23.8
c21.8-18.5,59.5-55.8,59.7-56.2c0,0,0.1-1.1,0.1-1.4c0.7,0.6,2.4,2.3,2.4,2.3l0,0l0.1,0.3c-0.1,0.1-0.2,0.3-0.2,0.3l0,0l-5.8,6.1
c-10.4,11.1-31.9,34.1-44.3,45.1C150.5,148.5,110.4,184.3,109.9,184.7 M197.9,93.6l0.1,0.2l0.1,0.5v0l-0.1,1.6
c-0.1,0.5-37.8,37.6-59.6,56c0,0-29.1,23.4-29.6,23.9c0,0.1,0.9,9,0.9,9.6c0.5-0.4,41.1-36.7,41.1-36.7
c16-14.1,46.8-47.9,50.2-51.2c0.1-0.1,0.2-0.2,0.2-0.3l0-0.5c0-0.1-0.1-0.2-0.2-0.2C200.9,96.5,198.8,94.4,197.9,93.6 M197.7,93.2
L197.7,93.2L197.7,93.2"/>
<path clip-path="url(#SVGID_2_)" fill="#FCCE00" d="M110.2,184.1c0-1.3-0.6-6-0.6-6s-0.2-1.9-0.2-2c0.6-0.5,29.4-23.7,29.4-23.7
c21.9-18.6,59.6-56,59.7-56.4l0-0.1c0,0,0-0.5,0-0.8c1.3,1.2,1.8,1.7,2,1.8l-0.1-0.1l0.1,0.2l0,0.1l0,0c-5.6,5.9-5.8,6.2-5.8,6.2
c0,0,0,0,0,0c-10.3,11.1-31.9,34.1-44.3,45C150.3,148.2,110.7,183.7,110.2,184.1 M198.3,94.4c0,0.3-0.1,1.4-0.1,1.4
c-0.1,0.5-37.8,37.7-59.7,56.2c-0.3,0.2-28.5,23-29.5,23.8c0,0.1,0.2,2,0.2,2s0.6,6.2,0.7,6.8c0.5-0.4,40.6-36.2,40.6-36.2
c12.4-10.9,34-34,44.3-45.1l5.8-6.1l0,0c0,0,0.1-0.2,0.2-0.3l-0.1-0.3l0,0C200.7,96.7,199,95,198.3,94.4"/>
<path clip-path="url(#SVGID_2_)" fill="#FBCD00" d="M139,152.5c21.9-18.6,59.7-56.1,59.8-56.5l0-0.1l0-0.2c0.4,0.4,1.2,1.1,1.3,1.3
c-0.5,0.5-4.9,5.2-4.9,5.2l-0.8,0.8c-10.3,11.1-31.8,34.1-44.3,45c0,0-39.2,35-39.6,35.4c0-0.6-0.8-7.1-0.8-7.3
c0.1-0.1,28.8-23.3,28.8-23.3C138.8,152.7,138.9,152.6,139,152.5L139,152.5 M198.6,95.1c0,0.3,0,0.8,0,0.8l0,0.1
c-0.1,0.4-37.9,37.8-59.7,56.4c0,0-28.8,23.2-29.4,23.7c0,0.1,0.2,2,0.2,2s0.6,4.7,0.6,6c0.5-0.4,40.1-35.8,40.1-35.8
c12.4-10.9,34-33.9,44.3-45c0,0,0,0,0,0c0,0,0.2-0.3,5.8-6.2l0,0l0-0.1l-0.1-0.2l0.1,0.1C200.3,96.7,199.9,96.3,198.6,95.1"/>
<path clip-path="url(#SVGID_2_)" fill="#FBCB00" d="M198.8,95.7l0,0.2l0,0.1c-0.1,0.4-37.9,37.9-59.8,56.5l0,0
c-0.1,0.1-0.2,0.2-0.5,0.4c0,0-28.7,23.2-28.8,23.3c0,0.1,0.8,6.7,0.8,7.3c0.5-0.4,39.6-35.4,39.6-35.4
c12.4-10.9,33.9-33.9,44.3-45l0.8-0.8c0.1-0.1,4.5-4.7,4.9-5.2C200,96.8,199.2,96.1,198.8,95.7"/>
</g>
<rect x="15.3" y="66.6" transform="matrix(0.706 0.7082 -0.7082 0.706 58.1477 6.1217)" fill="#FFE500" width="12.7" height="13.1"/>
<rect x="186.4" y="65.1" fill="#FFE500" width="2.6" height="10.1"/>
<polygon fill-rule="evenodd" clip-rule="evenodd" points="119.8,62.7 119.8,121.7 102.4,121.7 102.3,73.4 109.8,71.6 107.6,62.8 "/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M49.5,75.5c7.2-0.3,17.7-0.8,24.3,0c8.4,1,19.4,3.2,20.3,15
c0.4,5.6-1.5,10.4-9.4,16.7c0,0,8,8.7,15.3,17c0,0-9.1,8.6-14.1,12.7l-17.9-29.7c4-3.1,8.8-7.6,8.8-12.9c0-5.1-4.8-7.5-6.5-7.5h-3.7
v49.6H49.5V75.5z"/>
<polygon fill-rule="evenodd" clip-rule="evenodd" points="140.1,136.1 140.1,89.5 123.3,89.5 123.3,74.5 174.5,74.5 174.5,89.5
157.8,89.5 157.8,136.1 "/>
<path d="M42.9,60.1L42.8,75l-18.1,0l0,13.8l16.7-0.1v14.2l-16.4,0l0,23.9H7V60.9C25,60.1,42.9,60.1,42.9,60.1z"/>
<polygon fill-rule="evenodd" clip-rule="evenodd" points="229,97.7 240.6,98.1 245.2,68.2 230.8,67 "/>
<polygon points="223.8,104.3 232.9,96.9 242.5,108.9 233.4,116.2 226.1,107.1 "/>
<polygon fill-rule="evenodd" clip-rule="evenodd" points="115.8,118.3 95.4,118.3 95.3,67.3 102.5,65.5 100.2,56.3 115.8,56.3 "/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M133.1,86.1c0,0-15.2,0.4-15.1,0.4l-1.7,0.2V68.1h54.3v18.6l-1.8,0l-14.9-0.6v46.6
h-20.7V86.1z"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M169.5,53.3l0.6,0c5.9,0,23-0.3,46.2,1l2.6,0.2l-24.4,45.4
c5,0.1,11.5,0.2,20.1-0.4l1.9-0.1l0,18.4c0,0-47.4,0-48.2,0h-3.6L189,71.2c-5.2,0-11.4,0-18.9,0.4l-0.7,0.1V53.3z"/>
<path d="M38.9,55l0,16.7l-1.7,0l-16.5,0l0,10.2l16.7-0.1l0,17.4h-1.7l-14.7,0l0,23.9H0V54.6l1.4-0.1c18-0.8,37-0.7,37-0.7"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M62.6,100.4c3.7-3.1,7.3-6.8,7.3-11.1c0-4.1-3.9-6-5.1-6h-2.2V100.4z M68.5,69.1
c8.2,1,20.6,3.3,21.6,16.4c0.4,5.9-1.6,10.9-8.7,17l15.3,17.9l-0.9,0.9c-4.2,4.3-8.9,8.4-13.9,12.4l-1.3,1.1l-17.9-29.7v27.8H42.5
V69.2l1.4-0.1C51.2,68.8,61.8,68.4,68.5,69.1z"/>
<polygon fill-rule="evenodd" clip-rule="evenodd" points="224.2,62.6 241.8,64 236.7,96.9 222.2,96.4 "/>
<path d="M239.1,106.5l-9.3-11.5l-11.5,9.3h-1.8v1.8c-8.2,0.4-14.4,0.2-18.9,0.1l24.5-45.5c-23.2-1.3-40-1-52.2-0.7v15.3
c15.1-0.8,21.6-0.7,27.2-0.8l-24.2,46.6h1.1c0.8,0,46.7,0,46.7,0l0-14l7,8.7L239.1,106.5z"/>
<polygon fill-rule="evenodd" clip-rule="evenodd" fill="#E2001A" points="114.3,57.8 114.3,116.7 96.9,116.7 96.8,68.5 104.3,66.7
102.1,57.8 "/>
<path fill-rule="evenodd" clip-rule="evenodd" fill="#E2001A" d="M44,70.6c7.2-0.3,17.7-0.8,24.3,0c8.4,1,19.4,3.2,20.3,15
c0.4,5.6-1.5,10.4-9.4,16.7l15.4,18c-4.1,4.2-8.8,8.3-13.7,12.3l-18.3-30.4c4-3.1,8.8-7.6,8.8-12.9c0-5.1-4.8-7.5-6.5-7.5h-3.7v49.6
H44V70.6z"/>
<polygon fill-rule="evenodd" clip-rule="evenodd" fill="#E2001A" points="134.6,131.2 134.6,84.6 117.8,85 117.8,69.6 169,69.6
169,85 152.3,84.6 152.3,131.2 "/>
<path fill-rule="evenodd" clip-rule="evenodd" fill="#E2001A" d="M170.7,70.1V54.8c5.9,0,22.7-0.3,45.9,1l-24.5,45.5
c5.3,0.1,12.8,0.3,23-0.4l0,15.3c0,0-45.9,0-46.7,0l-1.1,0l24.2-46.6C185.9,69.7,179.4,69.7,170.7,70.1z"/>
<polygon fill="#E2001A" points="37.4,64.5 37.4,70 19.2,70 19.2,83.8 35.9,83.7 35.9,97.9 19.4,97.9 19.4,121.8 1.5,121.8 1.5,56
37.4,55.3 "/>
<polygon fill-rule="evenodd" clip-rule="evenodd" fill="#E2001A" points="223.8,94.9 235.4,95.3 240,65.4 225.6,64.2 "/>
<rect x="222.8" y="99.6" transform="matrix(-0.777 0.6295 -0.6295 -0.777 472.7412 43.5246)" fill="#E2001A" width="11.7" height="11.7"/>
</svg>

After

Width:  |  Height:  |  Size: 32 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 16 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 33 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 59 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 151 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 55 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 17 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.2 KiB

View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<!-- Created with Sodipodi ("http://www.sodipodi.com/") -->
<svg
id="svg592"
sodipodi:version="0.33"
width="600pt"
height="600pt"
sodipodi:docbase="/home/tobias/Desktop"
sodipodi:docname="/home/tobias/Desktop/Oxidising.svg"
sodipodi:author="Aqua78"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:xlink="http://www.w3.org/1999/xlink">
<defs
id="defs594" />
<sodipodi:namedview
id="base" />
<rect
style="font-size:12.000;fill:#ff6700;fill-rule:evenodd;stroke:#000000;stroke-width:6.250000;"
id="rect633"
width="600.000000"
height="600.000000"
x="84.682228"
y="154.565033"
transform="translate(-4.650838,-74.41330)" />
<g
id="g650"
transform="matrix(4.005551,0,0,4.005551,78.44294,71.31516)">
<path
style="fill:#000000;fill-rule:evenodd;stroke:#000000;stroke-opacity:1;stroke-width:1pt;stroke-linejoin:miter;stroke-linecap:round;fill-opacity:1;"
d="M 76.437500 16.500000 C 76.437498 16.500000 69.300080 21.920720 70.093750 31.312500 C 70.887434 40.704289 72.491460 38.600530 70.375000 44.156250 C 65.480680 38.600612 60.437500 38.187500 60.437500 38.187500 C 60.437501 38.187502 63.209340 42.287100 62.812500 49.562500 C 62.415661 56.837893 59.781250 61.875000 59.781250 61.875000 L 56.875000 62.281250 C 56.875000 62.281251 54.900730 56.968750 51.593750 56.968750 C 53.710221 69.799872 45.882280 80.257300 45.750000 80.125000 C 45.617722 79.992704 42.053970 79.458070 39.937500 76.812500 C 39.276110 78.928895 39.544050 81.570190 42.718750 85.406250 C 41.660521 88.316327 39.397600 103.155260 46.937500 114.531250 C 47.458273 115.262983 48.149456 115.846240 48.843750 116.437500 C 48.312833 114.297503 47.937500 112.084690 47.937500 109.781250 C 47.937500 94.498330 60.342067 82.093750 75.625000 82.093750 C 90.907931 82.093747 103.312500 94.498327 103.312500 109.781250 C 103.312499 111.488763 103.108870 113.158920 102.812500 114.781250 C 103.286579 114.619303 105.021670 114.153740 105.031250 114.125000 C 105.163549 113.860513 108.851050 109.633990 108.718750 106.062500 C 108.586549 102.490908 108.842900 80.649800 110.562500 79.062500 C 112.282199 77.475198 107.651950 80.240550 106.593750 79.843750 C 105.535449 79.446942 108.057850 53.399870 103.031250 51.812500 C 103.163549 58.294202 99.875000 63.718750 99.875000 63.718750 C 99.874999 63.718752 98.289418 51.296360 96.437500 45.343750 C 94.585597 39.391141 89.812500 36.750000 89.812500 36.750000 C 89.812502 36.750002 90.875880 42.685750 89.156250 46.125000 C 87.436622 49.564261 87.964480 40.827920 86.906250 38.843750 C 85.848008 36.859572 79.363450 28.814260 78.437500 25.375000 C 77.511554 21.935751 76.437500 16.500000 76.437500 16.500000 z M 77.781250 57.218750 C 77.781248 57.218749 78.801040 64.167358 79.406250 65.781250 C 80.011456 67.395138 82.831077 73.255204 82.125000 76.281250 C 81.418926 79.307296 76.579864 81.611464 74.562500 77.375000 C 72.545135 73.138536 72.233499 61.455214 77.781250 57.218750 z M 65.375000 67.406250 C 66.484551 67.607982 70.191841 70.115268 69.687500 77.781250 C 68.577950 82.723792 64.052605 81.613027 63.750000 76.468750 C 63.447399 74.249651 65.072396 71.743582 65.375000 67.406250 z M 90.187500 75.156250 C 92.608338 82.418760 90.000000 81.812499 90.000000 81.812500 C 86.267878 81.812500 87.968399 77.577088 90.187500 75.156250 z M 55.468750 78.687500 C 56.467294 79.472070 57.451208 83.361399 55.687500 83.218750 C 53.424520 83.076099 54.428425 79.103210 55.468750 78.687500 z M 98.250000 79.593750 C 100.458966 81.972808 99.718225 86.941545 98.156250 86.656250 C 95.484734 86.875293 96.569854 80.838781 98.250000 79.593750 z M 47.406250 91.687500 C 48.048170 92.543398 50.808083 97.621930 47.718750 97.437500 C 45.342663 97.395720 46.906978 92.430289 47.406250 91.687500 z M 104.593750 91.937500 C 105.734939 92.008828 106.652650 95.831856 104.906250 95.718750 C 103.302496 95.748295 103.850970 92.281886 104.593750 91.937500 z "
id="path649" />
<circle cx="77.82140" cy="111.3967" r="27.31232" transform="matrix(1.013699,0.000000,0.000000,1.013699,-2.446365,-2.904882)"
style="fill-rule:evenodd;stroke:#000000;fill:none;fill-opacity:1;stroke-opacity:1;stroke-width:3.2061;stroke-linejoin:miter;stroke-linecap:butt;stroke-dasharray:none;" />
</g>
</svg>

After

Width:  |  Height:  |  Size: 4.4 KiB

View file

@ -0,0 +1 @@
<svg id="b96c2bed-161d-4a6a-88f8-007e67c638f7" data-name="Logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 283.46 283.46"><defs><style>.bbbce7e6-9f7c-4bc7-b65d-f87c42553021{fill:url(#b5078497-905e-430d-8c08-43e741159356);}.b35d0c34-aac5-4d6b-a247-c101a4f12738{fill:none;stroke:#fff;stroke-miterlimit:10;stroke-width:5px;}</style><linearGradient id="b5078497-905e-430d-8c08-43e741159356" x1="75.44" y1="26.92" x2="208.02" y2="256.55" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#dab1d3"/><stop offset="0.01" stop-color="#d84793"/><stop offset="0.51" stop-color="#d6d900"/><stop offset="0.76" stop-color="#1eb7c8"/><stop offset="1" stop-color="#3c55a2"/></linearGradient></defs><circle class="bbbce7e6-9f7c-4bc7-b65d-f87c42553021" cx="141.73" cy="141.73" r="132.55"/><path id="ad49426f-1fb1-4b02-9f9e-efa82492899f" data-name="Logo Pfad" class="b35d0c34-aac5-4d6b-a247-c101a4f12738" d="M233.41,185.29l-4.62,25.54M40.41,186.13l15.2,15.06M157.05,55.31,55.65,200.75a.11.11,0,0,0,.08.16l172.9,9.91a.1.1,0,0,0,.09-.14L157.23,55.32A.1.1,0,0,0,157.05,55.31ZM136.16,41.24,40,185.93a.13.13,0,0,0,.11.2l192.76-.84a.13.13,0,0,0,.1-.2L136.38,41.24A.13.13,0,0,0,136.16,41.24Zm.12-.16,20.87,14.08"/></svg>

After

Width:  |  Height:  |  Size: 1.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 47 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 45 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 203 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 10 KiB

View file

@ -0,0 +1 @@
{"name":"Homer Dashboard","short_name":"Homer","theme_color":"#3367D6","icons":[{"src":"./icons/favicon-16x16.png","sizes":"16x16","type":"image/png"},{"src":"./icons/favicon-32x32.png","sizes":"32x32","type":"image/png"},{"src":"./icons/icon-any.png","sizes":"512x512","type":"image/png","purpose":"any"},{"src":"./icons/icon-any.svg","sizes":"any","type":"image/svg+xml","purpose":"any"},{"src":"./icons/icon-maskable.png","sizes":"512x512","type":"image/png","purpose":"maskable"},{"src":"./icons/safari-pinned-tab.svg","sizes":"any","type":"image/svg+xml","purpose":"monochrome"}],"start_url":"../","display":"standalone","background_color":"#000000"}

View file

@ -0,0 +1,135 @@
---
# Additionnal page configuration
# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://<mydashboad>#<config>).
# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything
subtitle: "Management"
# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one:
# message: ~
# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field:
links:
- name: "Homepage"
icon: "fas fa-heartbeat"
url: "http://docker10.grote.lan:333"
- name: "Management"
icon: "fas fa-code-branch"
url: "#mgmt"
- name: "Extern"
icon: "fas fa-file-alt"
url: "#papa"
- name: "Test"
icon: "fas fa-globe"
url: "#test"
services:
- name: "Hardware"
icon: "fas fa-cloud"
items:
- name: "IPMI - pve2"
logo: "assets/icons/netbootxyz.png"
url: "https://192.168.2.13"
target: "_blank"
subtitle: "Supermicro X10SRL-F"
- name: "Brother ADS-2700W"
logo: "assets/icons/brother.jpg"
url: "http://192.168.2.48"
target: "_blank"
- name: "Fritzbox 7590"
logo: "assets/icons/fritzbox.svg"
url: "http://192.168.5.1"
target: "_blank"
subtitle: "Modem"
- name: "Infra"
icon: "fas fa-cloud"
items:
- name: "ProxMox Virtual Environment"
logo: "assets/icons/pve.png"
url: "https://pve2.grote.lan:8006"
target: "_blank"
subtitle: "Selbstbau"
- name: "Apt-Cacher-NG"
logo: "assets/icons/acng.jpg"
url: "http://acng.grote.lan:9999/acng-report.html"
target: "_blank"
subtitle: "apt"
- name: "gitea"
logo: "assets/icons/gitea.png"
url: "https://git.mgrote.net"
target: "_blank"
subtitle: "git"
- name: "Traefik"
logo: "assets/icons/traefik.png"
url: "http://docker10.grote.lan:8081"
target: "_blank"
subtitle: "Reverse Proxy"
- name: "Unifi Controller"
logo: "assets/icons/ubiquiti.png"
url: "https://docker10.grote.lan:8443"
target: "_blank"
subtitle: "WLAN"
- name: "drone.io"
logo: "assets/icons/drone.png"
url: "http://docker10.grote.lan:81"
target: "_blank"
subtitle: "CI/CD"
- name: "httpd"
logo: "assets/icons/roundcube.png"
url: " http://docker10.grote.lan:3344"
target: "_blank"
subtitle: "Package-Registry"
- name: "Monitoring"
icon: "fas fa-cloud"
items:
- name: "Ara"
logo: "assets/icons/ara.png"
url: "http://docker10.grote.lan:2233"
target: "_blank"
subtitle: "ansible"
- name: "Munin - Production"
logo: "assets/icons/munin.png"
url: "http://docker10.grote.lan:1234"
target: "_blank"
subtitle: "Monitoring"
- name: "Oxidized"
logo: "assets/icons/oxidized.svg"
url: "http://docker10.grote.lan:8888"
target: "_blank"
subtitle: "network device configuration backup tool"
- name: "LibreNMS"
logo: "assets/icons/librenms.png"
url: "http://docker10.grote.lan:8000"
target: "_blank"
subtitle: "network monitoring"
- name: "Internet-MGMT"
icon: "fas fa-cloud"
items:
- name: "IONOS"
logo: "assets/icons/1und1.jpg"
url: "https://login.ionos.de/#/servers/F872D83983D453EA40074C5C59AFB7DD"
target: "_blank"
subtitle: "tor1.mgrote.net"
- name: "Scaleway"
logo: "assets/icons/scaleway.png"
url: "https://console.scaleway.com/object-storage/buckets"
target: "_blank"
subtitle: "Scaleway S3"
- name: "gl.inet - Cloud"
logo: "assets/icons/gl-cloud.png"
url: "https://www.goodcloud.xyz/#/login"
target: "_blank"
subtitle: "Mango MGMT"
- name: "Strato - DNS"
logo: "assets/icons/strato.jpg"
url: "https://www.strato.de/apps/CustomerService#/skl"
target: "_blank"
subtitle: "Domainverwaltung"

View file

@ -0,0 +1,46 @@
---
# Additionnal page configuration
# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://<mydashboad>#<config>).
# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything
subtitle: "Papa's Dienste"
# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one:
message: "Nur per VPN erreichbar, @home über den Router als s2s-Tunnel umgesetzt."
# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field:
links:
- name: "Homepage"
icon: "fas fa-heartbeat"
url: "http://docker10.grote.lan:333"
- name: "Management"
icon: "fas fa-code-branch"
url: "#mgmt"
- name: "Extern"
icon: "fas fa-file-alt"
url: "#papa"
- name: "Test"
icon: "fas fa-globe"
url: "#test"
services:
- name: "Storage"
icon: "fas fa-cloud"
items:
- name: "QNAP TS-251+"
logo: "assets/icons/qnap.png"
url: "http://192.168.3.108:8080"
target: "_blank"
- name: "Network"
icon: "fas fa-cloud"
items:
- name: "Speedport Smart 3"
logo: "assets/icons/speedport.png"
url: "http://192.168.3.1"
target: "_blank"
- name: "Netgear GS308E"
logo: "assets/icons/switch.png"
url: "http://192.168.3.147"
target: "_blank"

View file

@ -0,0 +1,69 @@
---
# Additionnal page configuration
# Additionnal configurations are loaded using its file name, minus the extension, as an anchor (https://<mydashboad>#<config>).
# `config.yml` is still used as a base configuration, and all values here will overwrite it, so you don't have to re-defined everything
subtitle: "Test/Staging"
# This overwrites message config. Setting it to empty to remove message from this page and keep it only in the main one:
# message: ~
# as we want to include a differente link here (so we can get back to home page), we need to replicate all links or they will be revome when overwriting the links field:
links:
- name: "Homepage"
icon: "fas fa-heartbeat"
url: "http://docker10.grote.lan:333"
- name: "Management"
icon: "fas fa-code-branch"
url: "#mgmt"
- name: "Extern"
icon: "fas fa-file-alt"
url: "#papa"
- name: "Test"
icon: "fas fa-globe"
url: "#test"
services:
- name: "Infra"
icon: "fas fa-cloud"
items:
- name: "ProxMox Virtual Environment"
logo: "assets/icons/pve.png"
url: "https://pve2-test2.grote.lan:8006"
target: "_blank"
subtitle: "VM"
- name: "Apt-Cacher-NG"
logo: "assets/icons/acng.jpg"
url: "http://acng-test.grote.lan:9999/acng-report.html"
target: "_blank"
subtitle: "apt"
- name: "gitea"
logo: "assets/icons/gitea.png"
url: "http://gitea-test.grote.lan:3000"
target: "_blank"
subtitle: "git"
- name: "Monitoring"
icon: "fas fa-cloud"
items:
- name: "Munin"
logo: "assets/icons/munin.png"
url: "http://docker7-test.grote.lan:12345"
target: "_blank"
subtitle: "Monitoring"
- name: "Dienste"
icon: "fas fa-cloud"
items:
- name: "homer"
logo: "assets/icons/homer.png"
url: "http://docker7-test.grote.lan:333"
target: "_blank"
subtitle: "Dashboard"
- name: "DokuWiki"
logo: "assets/icons/dokuwiki.png"
url: "http://dokuwiki-test.grote.lan/doku.php"
target: "_blank"
subtitle: "Wiki"

View file

@ -0,0 +1,16 @@
version: '3'
services:
######## homer ########
homer:
image: b4bz/homer:latest
container_name: homer-dashboard
restart: always
environment:
- TZ=Europe/Berlin
- UID=1000
- GID=1000
- INIT_ASSETS=0
volumes:
- ./assets/:/www/assets
ports:
- 333:8080

View file

@ -0,0 +1,12 @@
version: '3'
services:
httpd-registry:
container_name: "httpd-registry"
image: httpd:bullseye
restart: always
volumes:
# mounte das lokale Verzeichnis in den Container, der Inhalt ist dann per http aufzurufen; reingeschrieben wird in den lokalen Ordner z.B. per scp aus der Pipeline heraus
- /mnt/httpd:/usr/local/apache2/htdocs/
- "${PWD}/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro"
ports:
- 3344:80

View file

@ -0,0 +1,555 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/usr/local/apache2"
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:logs
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule isapi_module modules/mod_isapi.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule bucketeer_module modules/mod_bucketeer.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule example_hooks_module modules/mod_example_hooks.so
#LoadModule case_filter_module modules/mod_case_filter.so
#LoadModule case_filter_in_module modules/mod_case_filter_in.so
#LoadModule example_ipc_module modules/mod_example_ipc.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
#LoadModule brotli_module modules/mod_brotli.so
LoadModule mime_module modules/mod_mime.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule lua_module modules/mod_lua.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
#LoadModule proxy_http2_module modules/mod_proxy_http2.so
#LoadModule md_module modules/mod_md.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www-data
Group www-data
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all granted
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache2/htdocs"
<Directory "/usr/local/apache2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
# Ab hier alles für schöne Dir-listings
# https://perishablepress.com/better-default-directory-views-with-htaccess/
IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
Order allow,deny
Options +Indexes
Allow from all
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /proc/self/fd/2
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog /proc/self/fd/1 common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
#Include conf/extra/httpd-languages.conf
# User home directories
#Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
#Include conf/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

View file

@ -0,0 +1,21 @@
TZ=Europe/Paris
PUID=1000
PGID=1000
MYSQL_DATABASE=librenms
MYSQL_USER=librenms
MYSQL_PASSWORD={{ lookup('keepass', 'librenms_mysql_password', 'password') }}
MEMORY_LIMIT=256M
UPLOAD_MAX_SIZE=16M
OPCACHE_MEM_SIZE=128
REAL_IP_FROM=0.0.0.0/32
REAL_IP_HEADER=X-Forwarded-For
LOG_IP_VAR=remote_addr
LIBRENMS_SNMP_COMMUNITY=librenms
MEMCACHED_HOST=memcached
MEMCACHED_PORT=11211
LIBRENMS_WEATHERMAP=false
LIBRENMS_WEATHERMAP_SCHEDULE=*/5 * * * *

View file

@ -0,0 +1,161 @@
version: "3.5"
services:
db:
image: mariadb:10.5
container_name: librenms_db
command:
- "mysqld"
- "--innodb-file-per-table=1"
- "--lower-case-table-names=0"
- "--character-set-server=utf8mb4"
- "--collation-server=utf8mb4_unicode_ci"
volumes:
- "mariadb:/var/lib/mysql"
environment:
- "TZ=${TZ}"
- "MYSQL_ALLOW_EMPTY_PASSWORD=yes"
- "MYSQL_DATABASE=${MYSQL_DATABASE}"
- "MYSQL_USER=${MYSQL_USER}"
- "MYSQL_PASSWORD=${MYSQL_PASSWORD}"
restart: always
memcached:
image: memcached:alpine
container_name: librenms_memcached
environment:
- "TZ=${TZ}"
restart: always
redis:
image: redis:5.0-alpine
container_name: librenms_redis
environment:
- "TZ=${TZ}"
restart: always
librenms:
image: librenms/librenms:latest
container_name: librenms
hostname: librenms
cap_add:
- NET_ADMIN
- NET_RAW
ports:
- target: 8000
published: 8000
protocol: tcp
depends_on:
- db
- memcached
volumes:
- "data:/data"
environment:
- "TZ=${TZ}"
- "PUID=${PUID}"
- "PGID=${PGID}"
- "DB_HOST=db"
- "DB_NAME=${MYSQL_DATABASE}"
- "DB_USER=${MYSQL_USER}"
- "DB_PASSWORD=${MYSQL_PASSWORD}"
- "DB_TIMEOUT=60"
- "REDIS_HOST=redis"
- "REDIS_PORT=6379"
- "REDIS_DB=0"
restart: always
dispatcher:
image: librenms/librenms:latest
container_name: librenms_dispatcher
hostname: librenms-dispatcher
cap_add:
- NET_ADMIN
- NET_RAW
depends_on:
- librenms
- redis
volumes:
- "data:/data"
environment:
- "TZ=${TZ}"
- "PUID=${PUID}"
- "PGID=${PGID}"
- "DB_HOST=db"
- "DB_NAME=${MYSQL_DATABASE}"
- "DB_USER=${MYSQL_USER}"
- "DB_PASSWORD=${MYSQL_PASSWORD}"
- "DB_TIMEOUT=60"
- "DISPATCHER_NODE_ID=dispatcher1"
- "REDIS_HOST=redis"
- "REDIS_PORT=6379"
- "REDIS_DB=0"
- "SIDECAR_DISPATCHER=1"
restart: always
syslogng:
image: librenms/librenms:latest
container_name: librenms_syslogng
hostname: librenms-syslogng
cap_add:
- NET_ADMIN
- NET_RAW
depends_on:
- librenms
ports:
- target: 514
published: 514
protocol: tcp
- target: 514
published: 514
protocol: udp
volumes:
- "data:/data"
environment:
- "TZ=${TZ}"
- "PUID=${PUID}"
- "PGID=${PGID}"
- "DB_HOST=db"
- "DB_NAME=${MYSQL_DATABASE}"
- "DB_USER=${MYSQL_USER}"
- "DB_PASSWORD=${MYSQL_PASSWORD}"
- "DB_TIMEOUT=60"
- "REDIS_HOST=redis"
- "REDIS_PORT=6379"
- "REDIS_DB=0"
- "SIDECAR_SYSLOGNG=1"
restart: always
snmptrapd:
image: librenms/librenms:latest
container_name: librenms_snmptrapd
hostname: librenms-snmptrapd
cap_add:
- NET_ADMIN
- NET_RAW
depends_on:
- librenms
ports:
- target: 162
published: 162
protocol: tcp
- target: 162
published: 162
protocol: udp
volumes:
- "data:/data"
environment:
- "TZ=${TZ}"
- "PUID=${PUID}"
- "PGID=${PGID}"
- "DB_HOST=db"
- "DB_NAME=${MYSQL_DATABASE}"
- "DB_USER=${MYSQL_USER}"
- "DB_PASSWORD=${MYSQL_PASSWORD}"
- "DB_TIMEOUT=60"
- "SIDECAR_SNMPTRAPD=1"
restart: always
######## Volumes ########
volumes:
mariadb:
data:

View file

@ -0,0 +1,99 @@
version: '3'
services:
######## Miniflux ########
miniflux:
container_name: "mf-frontend"
image: miniflux/miniflux:latest
restart: always
depends_on:
- db
environment:
- DATABASE_URL=postgres://miniflux:{{ lookup('keepass', 'miniflux_postgres_password', 'password') }}@mf-db/miniflux?sslmode=disable
- RUN_MIGRATIONS=1
# - CREATE_ADMIN=1
# - ADMIN_USERNAME=adminmf
# - ADMIN_PASSWORD={{ lookup('keepass', 'miniflux_admin_password', 'password') }}
- WORKER_POOL_SIZE=10
- POLLING_FREQUENCY=10
- CLEANUP_ARCHIVE_UNREAD_DAYS=-1
- CLEANUP_ARCHIVE_READ_DAYS=90
- TZ=Europe/Berlin
networks:
- intern
- traefik
labels:
- traefik.http.routers.miniflux.rule=Host(`miniflux.mgrote.net`)
- traefik.enable=true
- traefik.http.routers.miniflux.tls=true
- traefik.http.routers.miniflux.tls.certresolver=resolver_letsencrypt
- traefik.http.routers.miniflux.entrypoints=entry_https
- traefik.http.services.miniflux.loadbalancer.server.port=8080
######## PostGreSQL ########
db:
container_name: "mf-db"
image: postgres:13
restart: always
environment:
- POSTGRES_USER=miniflux
- POSTGRES_PASSWORD={{ lookup('keepass', 'miniflux_postgres_password', 'password') }}
- TZ=Europe/Berlin
volumes:
- db:/var/lib/postgresql/data
networks:
- intern
labels:
- com.centurylinklabs.watchtower.enable="false"
######## Miniflux-Filter ########
mf-filter:
container_name: mf-filter
restart: always
environment:
- TZ=Europe/Berlin
- MF_AUTH_TOKEN={{ lookup('keepass', 'miniflux_auth_token', 'password') }}
- MF_API_URL=https://miniflux.mgrote.net/v1
- MF_SLEEP=60
#- MF_DEBUG=1
image: quotengrote/miniflux-filter:latest
volumes:
- ./filter.txt:/data/filter.txt
networks:
- intern
######## RSS-Bridge ########
rssbridge:
container_name: "mf-bridge"
image: rssbridge/rss-bridge:latest
restart: always
environment:
- TZ=Europe/Berlin
volumes:
- ./whitelist.txt:/app/whitelist.txt
networks:
- intern
ports: #um neue Feeds einzufügen
- 3001:80
######## changedetection ########
changedetection.io:
image: ghcr.io/dgtlmoon/changedetection.io
container_name: mf-changedetection.io
hostname: changedetection.io
volumes:
- changedetection-data:/datastore
environment:
- PORT=5000
- BASE_URL=http://docker10.grote.lan:5000
ports:
- 5000:5000
restart: always
networks:
- intern
######## Volumes ########
volumes:
db:
changedetection-data:
######## Networks ########
networks:
traefik:
external: true
intern:
driver: bridge

View file

@ -0,0 +1,460 @@
9to5linux.com::9to5Linux Weekly Roundup:
astralcodexten.substack.com::Open Thread
augengeradeaus.net::Sicherheitshalber der Podcast
axios.com::Axios on HBO
computerbase.de::Adrenalin 2020 Edition
computerbase.de::Adrenalin 2021 Edition
computerbase.de::Community: Fotowettbewerb
computerbase.de::Fotowettbewerb:
computerbase.de::Screenshot-Wettbewerb
computerbase.de::Sonntagsfrage:
computerbase.de::Wochenrück- und Ausblick:
facebook.com::Bridge returned error
golem.de::Anzeige
golem.de::Aus dem Verlag:
golem.de::Fifa
golem.de::(g+)
golem.de::in aller Kürze
golem.de::In eigener Sache
golem.de::kurznews
golem.de::Marvel
golem.de::Sonst noch was?
golem.de::Star Trek:
golem.de::Tech Talks:
golem.de::Wochenrückblick
hardwareluxx.de::Der Hardwareluxx-Webwatch:
hardwareluxx.de::Unsere Artikel der letzten Woche
heise.de::Anzeige
heise.de::Auslegungssache
heise.de::Bit-Rauschen
heise.de::Bit-Rauschen, der Prozessor-Podcast
heise.de::c't <webdev>
heise.de::ct-Webinar:
heise.de::Desinfec
heise.de::Die Bilder der Woche
heise.de::Die Bilder der Woche (KW
heise.de::Die Highlights bei
heise.de::Die Hupe
heise.de::Dienstag
heise.de::Dienstag:
heise.de::Die Produktwerker
heise.de::Ferris Talk
heise.de::FIFA
heise.de::Freitag
heise.de::Fußball-WM
heise.de::heise+
heise.de::heise+ |
heise.de::heise-Angebot:
heise.de::Heise-Konferenz
heise.de::heise meets
heise.de::heise meets…
heise.de::#heiseshow
heise.de::heiseshow
heise.de::Heise spielt
heise.de::iX-Workshop
heise.de::Kurz informiert:
heise.de::Mac & i Extra:
heise.de::Missing Link
heise.de::Mittwoch
heise.de::Montag
heise.de::Podcast
heise.de::Podcast "Die Hupe"
heise.de::Podcast Die Hupe
heise.de::Podcast "Die Produktwerker"
heise.de::samstag
heise.de::SoftwareArchitekTOUR
heise.de::software-architektur.tv
heise.de::Sonderheft
heise.de::sonntag
heise.de::t 3003
heise.de::Tech2go-Podcast:
heise.de::TechStage
heise.de::TechStage |
heise.de::t Fotografie
heise.de::t Fotografie-Wettbewerb
heise.de::#TGIQF
heise.de::TGIQF
heise.de::t uplink
heise.de::t zockt
heise.de::uplink
heise.de::Was war. Was wird.
heise.de::WM 2022
heise.de::zockt
heise.de::Zugriff auf alle Inhalte von heise+
instagram.com::Bridge returned error
mdr.de::Fussball
mdr.de::Fußball
mdr.de::Leichtathletik:
mdr.de::Link des Audios
mdr.de::Link des Videos
mdr.de::Livestream
mdr.de::#MDRklärt:
mdr.de::Pferdesport:
mdr.de::Podcast:
mdr.de::Podcast "digital Leben"
mdr.de::Podcast "digital Leben":
mdr.de::Podcastserie
mdr.de::Schwimmen:
mf-bridge::Bridge encountered an unexpected situation
monkeyuser.com::AdLitteram
netzpolitik.org::KW
netzpolitik.org::NPP
planet3dnow.de::AIDA64 Version
planet3dnow.de::Blender
planet3dnow.de::CrystalDiskInfo
planet3dnow.de::CrystalDiskMark
planet3dnow.de::DesktopOK
planet3dnow.de::Display Driver Uninstaller (DDU)
planet3dnow.de::FreeCommander XE
planet3dnow.de::FurMark
planet3dnow.de::GPUZ
planet3dnow.de::HWiNFO64
planet3dnow.de::KiTTY
planet3dnow.de::LibreOffice 7
planet3dnow.de::MC Extractor
planet3dnow.de::Media Player Classic
planet3dnow.de::Neue Downloads der KW
planet3dnow.de::Notepad++
planet3dnow.de::NVCleanstall v
planet3dnow.de::Nvidia GeForce-Treiber
planet3dnow.de::paint.net
planet3dnow.de::PowerToys v
planet3dnow.de::Prime95
planet3dnow.de::Process Lasso
planet3dnow.de::Quick CPU
planet3dnow.de::Radeon Software Adrenalin
planet3dnow.de::Rufus
planet3dnow.de::Ryzen Master
planet3dnow.de::Sysinternals Suite
planet3dnow.de::System Information Viewer Version
planet3dnow.de::SystemRescue
planet3dnow.de::Thunderbird
planet3dnow.de::Universal Media Server
planet3dnow.de::WinRAR
planet3dnow.de::WinSCP
planet3dnow.de::ZenTimings
portuguesegeese.com::portuguesegeese.com
reddit.com::UEFA
stackoverflow.blog::Podcast
stackoverflow.blog::The Overflow
stadt-bremerhaven.de::Bundesliga
stadt-bremerhaven.de::Disney+
stadt-bremerhaven.de::eFootball
stadt-bremerhaven.de::FIFA
stadt-bremerhaven.de::Formel 1
stadt-bremerhaven.de::Immer wieder sonntags KW
stadt-bremerhaven.de::Sky Ticket
stadt-bremerhaven.de::(Werbung)
stadt-bremerhaven.de::WM 2022
sueddeutsche.de::1:1
sueddeutsche.de::1860 München
sueddeutsche.de::1. FC Kaiserslautern:
sueddeutsche.de::1. FC Köln
sueddeutsche.de::1. FC Union
sueddeutsche.de::3. Liga
sueddeutsche.de::Afrika-Cup:
sueddeutsche.de::Alphonso Davies
sueddeutsche.de::American Football:
sueddeutsche.de::Arminia Bielefeld:
sueddeutsche.de::ATP-
sueddeutsche.de::ATP Finals
sueddeutsche.de::Australian Open:
sueddeutsche.de::Auswärtstor
sueddeutsche.de::Barça
sueddeutsche.de::Basketball
sueddeutsche.de::Bayern
sueddeutsche.de::Belenenses
sueddeutsche.de::Berlinale
sueddeutsche.de::Biathlon
sueddeutsche.de::Bobfahr
sueddeutsche.de::Borussia
sueddeutsche.de::Borussia Dortmund:
sueddeutsche.de::Bundesliga
sueddeutsche.de::BVB
sueddeutsche.de::Carlos Alcaraz
sueddeutsche.de::Champions-League
sueddeutsche.de::Conference League
sueddeutsche.de::Conference-League
sueddeutsche.de::Daniil Medwedew
sueddeutsche.de::Darts
sueddeutsche.de::Darts-WM:
sueddeutsche.de::Davis Cup
sueddeutsche.de::Derby
sueddeutsche.de::Deutsche Nationalmannschaft
sueddeutsche.de::Deutsche U21:
sueddeutsche.de::DFB
sueddeutsche.de::DFB-Elf
sueddeutsche.de::DFB-Pokal
sueddeutsche.de::DFL-Supercup
sueddeutsche.de::Djokovic
sueddeutsche.de::Dressur-Weltmeister
sueddeutsche.de::Drittliga
sueddeutsche.de::Eintracht
sueddeutsche.de::Eisbären Berlin
sueddeutsche.de::Eishockey-WM:
sueddeutsche.de::Eiskunstl
sueddeutsche.de::Eisschnelllauf
sueddeutsche.de::Elfmeter
sueddeutsche.de::EM:
sueddeutsche.de::Emil Forsberg
sueddeutsche.de::Englisches Nationalteam:
sueddeutsche.de::ESC-Finale
sueddeutsche.de::Euroleague
sueddeutsche.de::Europa League
sueddeutsche.de::Europa League:
sueddeutsche.de::Europameister
sueddeutsche.de::Europapokal
sueddeutsche.de::Eurovision Song Contest
sueddeutsche.de::Eurovision Song Contest:
sueddeutsche.de::FC Augsburg
sueddeutsche.de::FC Barcelona
sueddeutsche.de::FC Chelsea:
sueddeutsche.de::FC Sevilla
sueddeutsche.de::Formel 1
sueddeutsche.de::Frankfurt
sueddeutsche.de::French Open
sueddeutsche.de::Fussball
sueddeutsche.de::Fußball
sueddeutsche.de::Fußball-EM
sueddeutsche.de::Fußballern
sueddeutsche.de::Fußball in England:
sueddeutsche.de::Fußballtorwart
sueddeutsche.de::Fußball-WM
sueddeutsche.de::Galopp
sueddeutsche.de::Gerard López
sueddeutsche.de::Gladbach
sueddeutsche.de::Glasgow Rangers
sueddeutsche.de::Golf:
sueddeutsche.de::Guardiola
sueddeutsche.de::Halbfinale
sueddeutsche.de::Handball-EM:
sueddeutsche.de::Handball-WM
sueddeutsche.de::Hannover 96:
sueddeutsche.de::Heldenfußball
sueddeutsche.de::Hertha
sueddeutsche.de::Hinspiel
sueddeutsche.de::Hochspring
sueddeutsche.de::HSV
sueddeutsche.de::Ibrahimović
sueddeutsche.de::"Ich bin ein Star"
sueddeutsche.de::Infantino
sueddeutsche.de::Inter Mailand
sueddeutsche.de::Joachim Löw
sueddeutsche.de::Julian Nagelsmann
sueddeutsche.de::Juve
sueddeutsche.de::Kevin Trapp
sueddeutsche.de::Klopp
sueddeutsche.de::Klosterhalfen
sueddeutsche.de::La Boum:
sueddeutsche.de::La Liga
sueddeutsche.de::Länderspiel
sueddeutsche.de::Lazio Rom
sueddeutsche.de::Leichtathletik:
sueddeutsche.de::Leichtathletik-Weltmeisterschaft
sueddeutsche.de::Leichtathletik-WM
sueddeutsche.de::Leichtathletik-WM:
sueddeutsche.de::Leon Draisaitl
sueddeutsche.de::leute:
sueddeutsche.de::Leverkusen
sueddeutsche.de::Lewandowski
sueddeutsche.de::Lewis Hamilton
sueddeutsche.de::LIV Tour
sueddeutsche.de::Los Angeles Lakers
sueddeutsche.de::Manchester City
sueddeutsche.de::Manchester United
sueddeutsche.de::ManCity
sueddeutsche.de::ManUnited
sueddeutsche.de::Mbappé
sueddeutsche.de::Messi
sueddeutsche.de::Miroslav Klose
sueddeutsche.de::Monza
sueddeutsche.de::Mourinho
sueddeutsche.de::Musiala
sueddeutsche.de::Nadal
sueddeutsche.de::Nationalmannschaft
sueddeutsche.de::Nations League
sueddeutsche.de::NBA
sueddeutsche.de::Neujahrsspringen
sueddeutsche.de::NFL
sueddeutsche.de::Niklas Süle:
sueddeutsche.de::Nordische Ski-WM
sueddeutsche.de::Olympia
sueddeutsche.de::Olympia:
sueddeutsche.de::Olympia 2022:
sueddeutsche.de::Olympia-Ticker:
sueddeutsche.de::Olympischen Spielen:
sueddeutsche.de::Olympische Spiele:
sueddeutsche.de::Olympische Winterspiele:
sueddeutsche.de::OSC Lille
sueddeutsche.de::Paralympics:
sueddeutsche.de::Paris Saint-Germain
sueddeutsche.de::Pep Guardiola
sueddeutsche.de::Pferdesport
sueddeutsche.de::Playoffs
sueddeutsche.de::Podcasts-Tipps im
sueddeutsche.de::Podcast-Tipps
sueddeutsche.de::Pokal-Sieg
sueddeutsche.de::Polizeiruf 110
sueddeutsche.de::Prantls Blick:
sueddeutsche.de::Premier
sueddeutsche.de::Premier League
sueddeutsche.de::PSV Eindhoven
sueddeutsche.de::Qualifikationsspiel
sueddeutsche.de::Raducanu
sueddeutsche.de::Rangnick
sueddeutsche.de::RB Leipzig:
sueddeutsche.de::Real Madrid
sueddeutsche.de::Reiten
sueddeutsche.de::Reit-WM
sueddeutsche.de::Relegation
sueddeutsche.de::Robin Gosens
sueddeutsche.de::Rodel-
sueddeutsche.de::Rodeln:
sueddeutsche.de::Ronaldo
sueddeutsche.de::Rudern
sueddeutsche.de::SC Freiburg
sueddeutsche.de::Schach-WM
sueddeutsche.de::Schalke
sueddeutsche.de::Schiedsrichter
sueddeutsche.de::Schwimmen:
sueddeutsche.de::Schwimm-WM
sueddeutsche.de::Serien des Monats
sueddeutsche.de::Ski alpin
sueddeutsche.de::Ski alpin:
sueddeutsche.de::Skilanglauf
sueddeutsche.de::Skirenn
sueddeutsche.de::Skispringen
sueddeutsche.de::Ski-Weltcup
sueddeutsche.de::Slalomfahr
sueddeutsche.de::Stanley Cup
sueddeutsche.de::ST. Pauli
sueddeutsche.de::Stürmer
sueddeutsche.de::Super Bowl
sueddeutsche.de::Super Bowl Sunday:
sueddeutsche.de::Supercup
sueddeutsche.de::Supercup live
sueddeutsche.de::Super League
sueddeutsche.de::Synchronschwimmen:
sueddeutsche.de::SZ-Audioreihe
sueddeutsche.de::SZ-Kolumne "Bester Dinge":
sueddeutsche.de::SZ-Kolumne "Mitten in ...":
sueddeutsche.de::SZ-Plus-Abonnenten lesen auch
sueddeutsche.de::SZ-Podcast
sueddeutsche.de::SZ-Podcast "Und nun zum Sport":
sueddeutsche.de::Tabellenspitze
sueddeutsche.de::"Tatort"
sueddeutsche.de::Tatort aus
sueddeutsche.de::Tatort München:
sueddeutsche.de::Teamspringen
sueddeutsche.de::Tennis
sueddeutsche.de::Tennis:
sueddeutsche.de::Three Lions:
sueddeutsche.de::Timo Boll
sueddeutsche.de::Tischtennis WM:
sueddeutsche.de::Toni Kroos
sueddeutsche.de::Tottenham
sueddeutsche.de::Trikots
sueddeutsche.de::TSG Hoffenheim
sueddeutsche.de::Tuchel
sueddeutsche.de::Türkgücü München
sueddeutsche.de::Ukrainisches Tagebuch
sueddeutsche.de::Uli Hoeneß
sueddeutsche.de::Union Berlin
sueddeutsche.de::US Open
sueddeutsche.de::VfB Stuttgart
sueddeutsche.de::VfL
sueddeutsche.de::VfL Wolfsburg
sueddeutsche.de::Vierschanzentournee
sueddeutsche.de::Viertelfinal
sueddeutsche.de::Weitspr
sueddeutsche.de::Werder
sueddeutsche.de::Wimbledon
sueddeutsche.de::WM-Qualifikation
sueddeutsche.de::WM-Silber
sueddeutsche.de::WM-Ticket
sueddeutsche.de::WM-Titel
sueddeutsche.de::Zlatan
tagesschau.de::Alpine-Super-Kombination:
tagesschau.de::American Football:
tagesschau.de::Auslandspodcast
tagesschau.de::Bahnrad
tagesschau.de::Bayern München
tagesschau.de::Biathl
tagesschau.de::Boateng
tagesschau.de::Bremer SV
tagesschau.de::Bundesliga
tagesschau.de::BVB
tagesschau.de::Carlsen
tagesschau.de::Champions League
tagesschau.de::Darts-
tagesschau.de::Darts-WM:
tagesschau.de::DFB
tagesschau.de::DFB-Bundesgericht
tagesschau.de::Dressurreit
tagesschau.de::Eintracht
tagesschau.de::Eishockey:
tagesschau.de::Eishockey-WM:
tagesschau.de::EM:
tagesschau.de::ESC-Finale
tagesschau.de::European Championships
tagesschau.de::Fashion Week
tagesschau.de::Football
tagesschau.de::Formel 1:
tagesschau.de::Formel-1
tagesschau.de::Freiwasser-
tagesschau.de::Fußball
tagesschau.de::Fußball-Bundesliga
tagesschau.de::Fußball-EM
tagesschau.de::Gladbach
tagesschau.de::Handball:
tagesschau.de::Handball-EM:
tagesschau.de::Hertha BSC
tagesschau.de::Hoffenheim
tagesschau.de::Klippenspring
tagesschau.de::Klosterhalfen
tagesschau.de::Kostic
tagesschau.de::Leichtathletik-WM:
tagesschau.de::Liveblog
tagesschau.de::Livestream
tagesschau.de::Mehrkamp
tagesschau.de::Nationalmannschaft
tagesschau.de::Nationaltrainer
tagesschau.de::Nepomnjaschtschi
tagesschau.de::Neujahrsspringen
tagesschau.de::Olympia-
tagesschau.de::Olympia:
tagesschau.de::Olympischen Winterspiele:
tagesschau.de::Olympische Winterspiele:
tagesschau.de::Paralympics
tagesschau.de::Remis
tagesschau.de::Riesenslalom:
tagesschau.de::RKI meldet
tagesschau.de::Rodel-
tagesschau.de::Schach-WM:
tagesschau.de::Schwimm-EM
tagesschau.de::Schwimm-WM:
tagesschau.de::Ski Alpin:
tagesschau.de::Skispring
tagesschau.de::Sondersendung:
tagesschau.de::Springreiter
tagesschau.de::Sprintstaffel
tagesschau.de::Stefan Kuntz
tagesschau.de::Tabellenspitze
tagesschau.de::Tennis
tagesschau.de::Trainerwechsel
tagesschau.de::Tuchel
tagesschau.de::UEFA
tagesschau.de::Verstappen
tagesschau.de::Vierschanzentournee
tagesschau.de::Wasserspringen:
tagesschau.de::Weitsprung
tagesschau.de::Werders
tagesschau.de::WM-Auftakt
tagesschau.de::WM-Gold
tagesschau.de::WM-Qualifikation
tagesschau.de::WM-Viertelfinale
tagesschau.de::Zukunftspodcast
tagesschau.de::Zweierbob:
theguardian.com::Guardiola
theguardian.com::Manchester United
toonhole.com::Bernai

View file

@ -0,0 +1,9 @@
#!/bin/bash
FILTERFILE=./filter.txt
VORHER=$(wc -l < $FILTERFILE)
echo Sortiere und filtere doppelte Zeilen heraus.
sort filter.txt | uniq -u -i | cat > .tmp
NACHHER=$(wc -l < .tmp)
echo Es wurden $((VORHER-NACHHER)) Zeilen entfernt!
mv -f .tmp filter.txt

View file

@ -0,0 +1,5 @@
TwitterBridge
WikipediaBridge
YoutubeBridge
FacebookBridge
InstagramBridge

View file

@ -0,0 +1,41 @@
version: '3'
services:
munin:
container_name: "munin-master-prod"
image: quotengrote/munin-server
restart: always
environment:
- MAILCONTACT=michael.grote@posteo.de
- MAILSERVER=smtp.strato.de
- MAILPORT=587
- MAILUSER=info@mgrote.net
- MAILPASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
- MAILFROM=info@mgrote.net
- MAILNAME=Munin-Prod
- MAILDOMAIN=mgrote.net
- TZ=Europe/Berlin
- DISABLELOCALNODE=yes
- CRONDELAY=5
- 'NODES=
fileserver2.grote.lan:fileserver2.grote.lan
acng.grote.lan:acng.grote.lan
ansible2.grote.lan:ansible2.grote.lan
pve2.grote.lan:pve2.grote.lan
dokuwiki2.grote.lan:dokuwiki2.grote.lan
gitea.grote.lan:gitea.grote.lan
docker10.grote.lan:docker10.grote.lan
dnsmasq.grote.lan:dnsmasq.grote.lan'
# z.B.
# computer-test.grote.lan.test:192.68.2.4
# computer.grote.lan:computer.grote.lan
volumes:
- db:/var/lib/munin
- logs:/var/log/munin
- cache:/var/cache/munin
ports:
- 1234:80
volumes:
db:
logs:
cache:

View file

@ -0,0 +1,54 @@
version: '3'
services:
######## navidrome-mg ########
navidrome-mg:
container_name: "navidrome-mg"
image: deluan/navidrome:latest
restart: always
environment:
- ND_LOGLEVEL=info
- ND_SESSIONTIMEOUT=24h
- ND_MUSICFOLDER=/music
- ND_DATAFOLDER=/data
- ND_SCANSCHEDULE=6 * * * *
- ND_TRANSCODINGCACHESIZE=500MB
- ND_IMAGECACHESIZE=100MB
- ND_AUTOIMPORTPLAYLISTS=false
- ND_BASEURL=/mg
- ND_ENABLESTARRATING=false
- ND_ENABLEGRAVATAR=false
- ND_LASTFM_ENABLED=false
- ND_ENABLETRANSCODINGCONFIG=true
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
- ND_ENABLE_EXTERNAL_SERVICES=false
volumes:
- musik_smb_mg:/music:ro
- data:/data
networks:
- traefik
labels:
- traefik.http.routers.navidrome-mg.rule=Host(`audio.mgrote.net`)&&PathPrefix(`/mg`)
- traefik.enable=true
- traefik.http.routers.navidrome-mg.tls=true
- traefik.http.routers.navidrome-mg.tls.certresolver=resolver_letsencrypt
- traefik.http.routers.navidrome-mg.entrypoints=entry_https
- traefik.http.services.navidrome-mg.loadbalancer.server.port=4533
ports:
- "4533:4533"
######## Volumes ########
volumes:
data:
musik_smb_mg: # Verzeichnis in restic aus Backup ausnehmen!
driver: local
driver_opts:
type: "cifs"
o: "user=navidrome,password={{ lookup('keepass', 'navidrome_smb_share_password', 'password') }}"
device: "//192.168.2.36/musik/Musik"
######## Networks ########
networks:
traefik:
external: true

View file

@ -0,0 +1,5 @@
MYSQL_ROOT_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}
MYSQL_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}
REDIS_HOST_PASSWORD={{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}
SMTP_PASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
NC_MAJOR_VERSION=23

View file

@ -0,0 +1,117 @@
version: '3.3'
services:
######## Datenbank ########
nextcloud-db:
image: mariadb
container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_INITDB_SKIP_TZINFO=1
networks:
- intern
labels:
- com.centurylinklabs.watchtower.enable="false"
######## Redis ########
nextcloud-redis:
image: redis:alpine
container_name: nextcloud-redis
hostname: nextcloud-redis
networks:
- intern
restart: unless-stopped
command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
labels:
- com.centurylinklabs.watchtower.enable="false"
######## cron ########
cron:
container_name: nextcloud-cron
image: rcdailey/nextcloud-cronjob
restart: unless-stopped
network_mode: none
depends_on:
- nextcloud-app
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
environment:
- NEXTCLOUD_CONTAINER_NAME=nextcloud-app
- NEXTCLOUD_CRON_MINUTE_INTERVAL=1
######## Nextcloud ########
nextcloud-app:
image: nextcloud:${NC_MAJOR_VERSION}
container_name: nextcloud-app
restart: unless-stopped
depends_on:
- nextcloud-db
- nextcloud-redis
environment:
REDIS_HOST: nextcloud-redis
REDIS_HOST_PASSWORD: ${REDIS_HOST_PASSWORD}
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_HOST: nextcloud-db
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
SMTP_HOST: smtp.strato.de
SMTP_SECURE: tls
SMTP_PORT: 587
SMTP_AUTHTYPE: LOGIN
SMTP_NAME: info@mgrote.net
SMTP_PASSWORD: ${SMTP_PASSWORD}
MAIL_FROM_ADDRESS: info@mgrote.net
PHP_MEMORY_LIMIT: 1024M
PHP_UPLOAD_LIMIT: 10G
APACHE_DISABLE_REWRITE_IP: 1
TRUSTED_PROXIES: "192.168.2.43" # docker10.grote.lan/traefik #prüfen
volumes:
- app:/var/www/html
- data:/var/www/html/data
networks:
- intern
# ports:
# - 80:80
networks:
- intern
- traefik
labels:
- traefik.http.routers.nextcloud.rule=Host(`nextcloud.mgrote.net`)
- traefik.enable=true
- traefik.http.routers.nextcloud.tls=true
- traefik.http.routers.nextcloud.tls.certresolver=resolver_letsencrypt
- traefik.http.routers.nextcloud.entrypoints=entry_https
- traefik.http.services.nextcloud.loadbalancer.server.port=80
- traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex="^/.well-known/ca(l|rd)dav"
- traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement="/remote.php/dav/"
- traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains=false
- traefik.http.middlewares.nextcloud-hsts.headers.stspreload=true
- traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552001
- traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment=false
- traefik.http.routers.nextcloud.middlewares=nextcloud-hsts@docker,nextcloud-webdav@docker
######## Networks ########
networks:
intern:
driver: bridge
traefik:
external: true
######## Volumes ########
volumes:
db:
app:
data:
######## Doku ########
# Telefonregion
# docker exec --user www-data nextcloud-app php occ config:system:set default_phone_region --value="DE"

Binary file not shown.

After

Width:  |  Height:  |  Size: 31 KiB

View file

@ -0,0 +1,34 @@
source:
default: csv
csv:
file: /var/lib/oxidized/router.db
delimiter: !ruby/regexp /:/
map:
name: 0
ip: 1
model: 2
username: 3
password: 4
vars_map:
enable: 5
# enable WebGUI
rest: 0.0.0.0:8888
# debug
# debug: true
output:
default: git
git:
user: oxidized
email: oxidized@grote.lan
repo: "/var/lib/oxidized/devices.git"
hooks:
push_to_remote:
type: githubrepo
events: [post_store]
remote_repo: ssh://gitea@git.mgrote.net:2222/mg/oxidized-configs.git
publickey: /ssh/id_rsa.pub
privatekey: /ssh/id_rsa

View file

@ -0,0 +1,35 @@
version: '3.3'
services:
oxidized:
restart: always
container_name: "oxidized"
image: oxidized/oxidized:latest
ports:
- 8888:8888/tcp
environment:
CONFIG_RELOAD_INTERVAL: 600
volumes:
- ./router.db:/var/lib/oxidized/router.db
- ./config:/root/.config/oxidized/config
- ./ssh:/ssh/
- oxidized:/var/lib/oxidized
######## Volumes ########
volumes:
oxidized:
# auf git.mgrote.net ist "docker-oxidized" als user angelegt und die ssh-keys sind in seinem Nutzerprofil hinterlegt
# von Nutzer "mg" sind die beiden oxidized Repos an "docker-oxidized" geteilt
# ssh:
# die ssh-keys müsen im alten pem-format vorliegen
# https://github.com/ytti/oxidized/pull/2453/commits/a67a7204f65be8c564144e23012844fcff5444b5
# erstellen:
# 1. ssh-keygen (ohne alles)
# 2. ssh-keygen -p -m PEM -f <private_key>
# 3. chmod 0660 id_rsa*
# 4. Key in ansible-vault/KeePass hinterlegen
# hardware:
# oxidized besitzt jeweils einen user auf jedem Gerät mit der Policy "read-only"

View file

@ -0,0 +1,5 @@
rb5009.grote.lan:192.168.2.1:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_rb5009', 'password') }}
crs309.grote.lan:192.168.2.224:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs309', 'password') }}
nanohd-wohnzimmer.grote.lan:192.168.2.35:airos:ubi_ssh_admin:{{ lookup('keepass', 'docker_oxidized_nanohd', 'password') }}
crs305.grote.lan:192.168.2.225:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs305', 'password') }}
hex.grote.lan:192.168.3.144:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_hex', 'password') }}

View file

@ -0,0 +1 @@
{{ lookup('keepass', 'docker_oxidized_gitea_ssh_key_private', 'notes') }}

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiSAQC6Ayt6c9FSrJFBuuGmNpAU/cTDt+s9fy5l4LXOlY+255+ny0IDwfSYBx0e4DtOcpMnaOBazBSONc9zPAU+JFfX7XnO00ion4zHdoviy4TGYO+26L08srobU2sggZnIZLdXIXflpB2t80L2VfJa0RruARjDOAwAv1pM2JqWLjI1be1s8VvY6cj4ki5vl2xkKLBviIS/tBTgdIxtr/+S6U5az+wuopzEO6bXgIoye8ZvwWRVbqWhWwSarntX1yLfDHjFg5IIP9T5j1ySK/dgNL632JZhqM36F4LYEHiTZ4myAE7dCk08HIneQ3O5K4mWgRDKShBpPrWRMGKQouH0N0uoXVu24R7nBio3poVP0dY0TInhWtjIrY8vmdebHQGThNtTwXCBmBHX40UAkKSUuy98gzXa5X068ohvoWzOBHhSk9XY2upPwPEf3qga+mB98aH6UqjcI6/CHi2dIGOL5z8WbYBLhHJQo/hp7lVgLCbpQVv45Whjf+p+IX/sgk= mg@docker10

View file

@ -0,0 +1,92 @@
version: '3.5'
# ------------------------------------------------------------------
# DOCKER COMPOSE COMMAND REFERENCE
# ------------------------------------------------------------------
# Start | docker-compose up -d
# Stop | docker-compose stop
# Update | docker-compose pull
# Logs | docker-compose logs --tail=25 -f
# Terminal | docker-compose exec photoprism bash
# Help | docker-compose exec photoprism photoprism help
# Config | docker-compose exec photoprism photoprism config
# Reset | docker-compose exec photoprism photoprism reset
# Backup | docker-compose exec photoprism photoprism backup -a -i
# Restore | docker-compose exec photoprism photoprism restore -a -i
# Index | docker-compose exec photoprism photoprism index
# Reindex | docker-compose exec photoprism photoprism index -a
# Import | docker-compose exec photoprism photoprism import
# -------------------------------------------------------------------
services:
photoprism:
# Use photoprism/photoprism:preview instead for testing preview builds:
image: photoprism/photoprism:latest
container_name: photoprism-frontend
restart: always
security_opt:
- seccomp:unconfined
- apparmor:unconfined
ports:
- 2342:2342
environment:
PHOTOPRISM_ADMIN_PASSWORD: "{{ lookup('keepass', 'photoprism_admin_password', 'password') }}"
PHOTOPRISM_HTTP_PORT: 2342
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # none or gzip
PHOTOPRISM_DEBUG: "false"
PHOTOPRISM_PUBLIC: "false" # No authentication required (disables password protection)
PHOTOPRISM_READONLY: "true" # Don't modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false"
PHOTOPRISM_DISABLE_WEBDAV: "true"
PHOTOPRISM_DISABLE_SETTINGS: "false"
PHOTOPRISM_DISABLE_TENSORFLOW: "false"
PHOTOPRISM_DARKTABLE_PRESETS: "false"
PHOTOPRISM_DETECT_NSFW: "true"
PHOTOPRISM_UPLOAD_NSFW: "true"
PHOTOPRISM_DATABASE_DRIVER: "mysql"
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"
PHOTOPRISM_DATABASE_NAME: "photoprism"
PHOTOPRISM_DATABASE_USER: "photoprism"
PHOTOPRISM_DATABASE_PASSWORD: "{{ lookup('keepass', 'photoprism_database_password', 'password') }}"
PHOTOPRISM_SITE_URL: "http://docker10.grote.lan:2342/"
PHOTOPRISM_SITE_TITLE: "PhotoPrism"
PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
PHOTOPRISM_SITE_DESCRIPTION: ""
PHOTOPRISM_SITE_AUTHOR: "mgrote"
# You may optionally set a user / group id using environment variables if your Docker version or NAS does not
# support this natively (see next example):
# UID: 1000
# GID: 1000
# UMASK: 0000
# Uncomment and edit the following line to set a specific user / group id (native):
# user: "1000:1000"
volumes:
- "smb_bilder:/photoprism/originals/"
- "storage:/photoprism/storage"
# hier alle Bilder hinzufügen, in einem Ordner
mariadb:
image: mariadb:10.5
container_name: photoprism-db
restart: always
security_opt:
- seccomp:unconfined
- apparmor:unconfined
command: mysqld --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=50
volumes: # Don't remove permanent storage for index database files!
- "database:/var/lib/mysql"
environment:
MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'photoprism_mysql_root_password', 'password') }}
MYSQL_DATABASE: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: {{ lookup('keepass', 'photoprism_database_password', 'password') }}
labels:
- com.centurylinklabs.watchtower.enable="false"
volumes:
storage:
database:
smb_bilder:
driver: local
driver_opts:
type: "cifs"
o: "user=photoprism,password={{ lookup('keepass', 'photoprism_fileserver_cifs_password', 'password') }}"
device: "//192.168.2.36/bilder"

View file

@ -0,0 +1,8 @@
---
version: "3.8"
services:
snowflake-proxy:
network_mode: host
image: thetorproject/snowflake-proxy:latest
container_name: tor-snowflake-proxy
restart: unless-stopped

View file

@ -0,0 +1,29 @@
version: '3'
services:
######## traefik ########
traefik:
container_name: "traefik"
image: traefik:latest
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml
- ./file-provider.yml:/etc/traefik/file-provider.yml
- acme_data:/etc/traefik/acme
networks:
- traefik
ports:
- "80:80" # HTTP
- "8081:8080" # Web-GUI
- "443:443" # HTTPS
- "2222:2222" # SSH
environment:
- TZ=Europe/Berlin
######## Networks ########
networks:
traefik:
external: true
######## Volumes ########
volumes:
acme_data:

View file

@ -0,0 +1,44 @@
# TCP da SSH keine Hostnamen kennt
# alle Anfragen an diesen Port werden an Gitea weitergeleitet
tcp:
###### router #####
routers:
router-ssh:
entryPoints:
- entry_ssh
rule: HostSNI(`*`)
service: service_gitea_ssh
###### services #####
services:
service_gitea_ssh:
loadBalancer:
servers:
- address: gitea.grote.lan:2222
http:
###### router #####
routers:
router_dokuwiki:
rule: "Host(`dokuwiki.mgrote.net`,`mgrote.net`,`www.mgrote.net`,`wiki.mgrote.net`)"
service: "service_dokuwiki"
entrypoints:
- entry_https
tls:
certresolver: resolver_letsencrypt
router_gitea:
rule: "Host(`git.mgrote.net`)"
service: "service_gitea"
entrypoints:
- entry_https
tls:
certresolver: resolver_letsencrypt
###### services #####
services:
service_dokuwiki:
loadBalancer:
servers:
- url: "http://dokuwiki2.grote.lan/"
service_gitea:
loadBalancer:
servers:
- url: "http://gitea.grote.lan:3000/"

View file

@ -0,0 +1,38 @@
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: traefik
file:
filename: /etc/traefik/file-provider.yml # Datei für alte/externe Services
entryPoints:
entry_http:
address: :80
http: #Umleitung http zu https
redirections:
entryPoint:
to: entry_https
scheme: https
permanent: true
entry_https:
address: :443
entry_ssh:
address: :2222 # wenn hier zusätzliche Ports eingetragen werden, müssen diese auch in der docker-compose.yml als Ports gemappt werden
#letsencrypt
certificatesResolvers:
resolver_letsencrypt:
acme:
email: "michael.grote@posteo.de"
storage: "/etc/traefik/acme/acme.json"
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
# zum Testen, da Staging kein Rate-Limiting einsetzt
tlsChallenge: true
log:
level: INFO
api:
insecure: true
dashboard: true #unter Port 8081 erreichbar

View file

@ -0,0 +1,29 @@
---
version: "2.1"
services:
unifi-controller:
image: ghcr.io/linuxserver/unifi-controller
container_name: unifi-controller
environment:
- PUID=1000
- PGID=1000
- MEM_LIMIT=1024M #optional
- MEM_STARTUP=1024M #optional
volumes:
- data:/config
ports:
- 3478:3478/udp #Unifi STUN port
- 10001:10001/udp #Required for AP discovery
- 8080:8080 #Required for device communication
- 8443:8443 #Unifi web admin port
- 1900:1900/udp #optional, Required for Make controller discoverable on L2 network option
- 8843:8843 #optional, Unifi guest portal HTTPS redirect port
- 8880:8880 #optional, Unifi guest portal HTTP redirect port
- 6789:6789 #optional, For mobile throughput test
- 5514:5514/udp #optional
restart: always
labels:
- com.centurylinklabs.watchtower.enable="false"
######## Volumes ########
volumes:
data:

View file

@ -185,7 +185,7 @@
- nano
- ubuntu-advantage-tools
apt_packages_internet:
- http://docker7.grote.lan:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb
- http://docker10.grote.lan:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb

View file

@ -23,7 +23,7 @@
### mgrote.apt_manage_packages
# hier mit IP statt Hostnamen da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann
apt_packages_internet:
- http://192.168.2.50:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb
- http://192.168.2.43:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb
### mgrote.munin-node
munin_node_plugins:
- name: timesync

View file

@ -1,10 +1,4 @@
---
### mgrote.restic
restic_folders_to_backup: "/ /var/lib/docker /var/lib/docker2" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
#### mgrote.set_permissions
dir_permissions:
- path: /var/lib/docker2/httpd-registry
mode: '0777'
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_docker
@ -12,7 +6,7 @@
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
create: true
lvnames:
- lvname: lv_docker
- lvname: docker
size: +100%FREE
create: true
filesystem: xfs
@ -23,124 +17,68 @@
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
create: true
lvnames:
- lvname: lv_docker2
size: +100%FREE
- lvname: httpd
size: 1G
create: true
filesystem: xfs
mount: true
mntp: /var/lib/docker2/httpd-registry
mntp: /mnt/httpd
manage_lvm: true
pvresize_to_max: true
### mgrote.apt_manage_packages
apt_packages_extra:
- libwww-curl-perl # für munin-plugin: unifi
- libjson-perl # für munin-plugin: unifi
- sshpass # fur munin mt_system_*
### mgrote.docker-compose-deploy
docker_compose_projects:
- name: watchtower
dir_name: docker-watchtower
repository_url: git.mgrote.net/mg/docker-watchtower
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: ansible-ara
dir_name: docker-ansible-ara
repository_url: git.mgrote.net/mg/docker-ansible-ara
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: homer
dir_name: docker-homer
repository_url: git.mgrote.net/mg/docker-homer
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: photoprism
dir_name: docker-photoprism
repository_url: git.mgrote.net/mg/docker-photoprism
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: miniflux
dir_name: docker-miniflux
repository_url: git.mgrote.net/mg/docker-miniflux
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: traefik
dir_name: docker-traefik
repository_url: git.mgrote.net/mg/docker-traefik
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
network_name: nw_proxy_traefik
- name: munin-master
dir_name: docker-munin-master
repository_url: git.mgrote.net/mg/docker-munin-master_production
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: oxidized
dir_name: docker-oxidized
repository_url: git.mgrote.net/mg/docker-oxidized
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: librenms
dir_name: docker-librenms
repository_url: git.mgrote.net/mg/docker-librenms
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: unifi-controller
dir_name: docker-unifi-controller
repository_url: git.mgrote.net/mg/docker-unifi-controller
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: navidrome-mg
dir_name: docker-navidrome-mg
repository_url: git.mgrote.net/mg/docker-navidrome-mg
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: hastebin
dir_name: docker-hastebin
repository_url: git.mgrote.net/mg/docker-hastebin
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: tor-snowflake
dir_name: tor-snowflake
repository_url: git.mgrote.net/Docker-Compose/tor-snowflake
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: apache-registry # fur diesen container ist das lv: lv_docker2 nach /var/lib/docker2/httpd-registry gemountet; dieser Pfad steht in der docker-compose.yml als Volume drin; dieser Ordner hat die Rechte 0777 damit jeder per SSH reinschrieben kann; ist fur drone.io eingerichtet; siehe $dir_permissions
dir_name: docker-apache-registry
repository_url: git.mgrote.net/Docker-Compose/apache-registry
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
git_branch: main
### mgrote.restic
restic_folders_to_backup: "/ /var/lib/docker /mnt/httpd" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
# die vars noch in rolle übertragen mit beispiel
### mgrote.docker-compose-inline
compose_owner: "docker-user"
compose_group: "docker-user"
compose_file_permissions: "644"
compose_dir_permissions: "755"
compose_dest_basedir: "/docker"
compose_src_basedir: "{{ inventory_dir }}/docker-compose"
compose_files:
- name: hastebin
state: present
- name: ara
state: present
- name: oxidized
state: present
- name: homer
state: present
- name: munin
state: present
- name: drone
state: present
- name: nextcloud
state: present
network: traefik
- name: tor-snowflake
state: present
- name: photoprism
state: present
- name: librenms
state: present
- name: httpd # das Volume hat die Rechte 0777 damit jeder per SSH reinschreiben kann; ist fur drone.io eingerichtet; siehe $dir_permissions
state: present
- name: unifi-controller
state: present
- name: miniflux
state: present
network: traefik
- name: traefik
state: present
network: traefik
- name: navidrome
state: present
network: traefik
#### mgrote.set_permissions
dir_permissions:
- path: /mnt/httpd
mode: '0777'
### oefenweb.ufw
ufw_rules: # ist extra weil bei munin kein subnet angegeben ist
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
@ -151,11 +89,14 @@
protocol: tcp
comment: 'munin'
from_ip: 0.0.0.0/0
# docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
- rule: allow
to_port: 443
protocol: tcp
comment: 'mf-filter' # da mgrote.net auf tarefik umgelietet wird funktioniert sonst mf-filter nicht, daher hier explizit Port 443 freigegeben
from_ip: 0.0.0.0/0
from_ip: 192.168.0.0/16
comment: 'docker networks'
- rule: allow
from_ip: 172.0.0.0/8
comment: 'docker networks'
### geerlingguy.pip
pip_package: python3-pip
pip_install_packages:
@ -163,6 +104,13 @@
- name: fritzconnection # für munin fritzbox*
- name: lxml # für munin fritzbox*
- name: requests # für munin fritzbox*
### mgrote.apt_manage_packages
apt_packages_extra:
- libwww-curl-perl # für munin-plugin: unifi
- libjson-perl # für munin-plugin: unifi
- sshpass # fur munin mt_system_*
### mgrote.munin-node
munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
munin_node_plugins:
@ -205,7 +153,7 @@
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: |
[http_response]
env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 http://docker7.grote.lan:2342 https://audio.mgrote.net/mg http://docker7.grote.lan:3344
env.sites http://docker10.grote.lan:7777 http://docker10.grote.lan:2233 http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 http://docker10.grote.lan:2342/
env.max_time 20
env.short_label true
env.follow_redirect true
@ -215,7 +163,7 @@
[mt_system_crs309]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'crs309_munin_user', 'password') }}
env.ssh_password {{ lookup('keepass', 'munin_user_crs309', 'password') }}
env.ssh_host 192.168.2.224
- name: mt_system_hex
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@ -223,7 +171,7 @@
[mt_system_hex]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'hex_munin_user', 'password') }}
env.ssh_password {{ lookup('keepass', 'munin_user_hex', 'password') }}
env.ssh_host 192.168.3.144
- name: mt_system_crs305
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@ -231,7 +179,7 @@
[mt_system_crs305]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'crs305_munin_user', 'password') }}
env.ssh_password {{ lookup('keepass', 'munin_user_crs305', 'password') }}
env.ssh_host 192.168.2.225
- name: mt_system_rb5009
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@ -239,7 +187,7 @@
[mt_system_rb5009]
user root
env.ssh_user munin
env.ssh_password {{ lookup('keepass', 'rb5009_munin_user', 'password') }}
env.ssh_password {{ lookup('keepass', 'munin_user_rb5009', 'password') }}
env.ssh_host 192.168.2.1
- name: unifi
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi
@ -249,9 +197,9 @@
# point to a read-only account.
env.user munin
# Password to login to unifi controller API. Default is "ubnt"
env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }}
env.pass {{ lookup('keepass', 'munin_user_unifi', 'password') }}
# URL of the API, with port if needed. No trailing slash.
env.api_url https://docker7.grote.lan:8443
env.api_url https://docker10.grote.lan:8443
# Verify SSL certificate name against host.
# Note: if using a default cloudkey certificate, this will fail unless you manually add it
# to the local keystore.
@ -323,5 +271,13 @@
[fritzbox_*]
env.fritzbox_ip 192.168.5.1
env.fritzbox_username munin
env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }}
env.fritzbox_password {{ lookup('keepass', 'munin_user_fritzbox', 'password') }}
env.traffic_remove_max true # if you do not want the possible max values
- name: nextcloud_nextcloud.mgrote.net
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
config: |
[nextcloud_nextcloud.mgrote.net]
env.username munin
env.password {{ lookup('keepass', 'munin_user_nextcloud', 'password') }}
env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
env.scheme https

View file

@ -1,120 +0,0 @@
---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_nextcloud
disks:
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
create: true
lvnames:
- lvname: lv_nextcloud
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /mnt/nextcloud
- vgname: vg_docker
disks:
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
create: true
lvnames:
- lvname: lv_docker
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /var/lib/docker
manage_lvm: true
pvresize_to_max: true
### mgrote.restic
restic_folders_to_backup: "/ /mnt/nextcloud /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
restic_schedule: "0/2:00" # alle 2 Stunden
restic_exclude: |
._*
.Trash-*
# https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
### mgrote.munin-node
munin_node_plugins:
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: systemd_mem
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config: |
[systemd_mem]
env.all_services true
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: nextcloud_nextcloud.mgrote.net
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/nextcloud/nextcloud_
config: |
[nextcloud_nextcloud.mgrote.net]
env.username munin
env.password {{ lookup('keepass', 'nextcloud_munin_user', 'password') }}
env.api_path /ocs/v2.php/apps/serverinfo/api/v1/info
env.scheme https
- name: http_response
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: |
[http_response]
env.sites https://nextcloud.mgrote.net
env.max_time 20
env.short_label true
env.follow_redirect true
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: docker_containers
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
config: |
[docker_*]
user root
env.DOCKER_HOST unix://run/docker.sock
- name: docker_cpu
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_memory
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_network
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_volumes
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
### mgrote.docker-compose-deploy
docker_compose_projects:
- name: nextcloud
dir_name: docker-nextcloud
repository_url: git.mgrote.net/mg/docker-nextcloud
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: watchtower
dir_name: docker-watchtower
repository_url: git.mgrote.net/mg/docker-watchtower
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"

View file

@ -1,121 +0,0 @@
---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_drone
disks:
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
create: true
lvnames:
- lvname: lv_drone
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /drone
- vgname: vg_docker
disks:
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
create: true
lvnames:
- lvname: lv_docker
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /var/lib/docker
manage_lvm: true
pvresize_to_max: true
### mgrote.restic
restic_folders_to_backup: "/ /drone /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
restic_schedule: "0/6:00"
restic_exclude: |
._*
.Trash-*
# https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
### mgrote.munin-node
munin_node_plugins:
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: systemd_mem
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config: |
[systemd_mem]
env.all_services true
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: http_response
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: |
[http_response]
env.sites http://docker9.grote.lan
env.max_time 20
env.short_label true
env.follow_redirect true
- name: timesync
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: docker_containers
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
config: |
[docker_*]
user root
env.DOCKER_HOST unix://run/docker.sock
- name: docker_cpu
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_memory
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_network
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
- name: docker_volumes
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_
### mgrote.docker-compose-deploy
docker_compose_projects:
- name: watchtower
dir_name: docker-watchtower
repository_url: git.mgrote.net/mg/docker-watchtower
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
- name: drone-server
dir_name: docker-drone-server
repository_url: git.mgrote.net/mg/docker-drone-server
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
network_name: nw_drone
- name: drone-runnner
dir_name: docker-drone-runnner
repository_url: git.mgrote.net/mg/docker-drone-runner
state: present
os_username: docker-user
repository_user: mg
repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
network_name: nw_drone

View file

@ -22,10 +22,8 @@ all:
ansible-test.grote.lan:
docker:
hosts:
docker7.grote.lan:
docker10.grote.lan:
docker7-test.grote.lan:
docker8.grote.lan:
docker9.grote.lan:
vmtest:
hosts:
vm-test2.grote.lan:
@ -58,9 +56,7 @@ all:
pve2.grote.lan:
gitea.grote.lan:
dnsmasq.grote.lan:
docker7.grote.lan:
docker8.grote.lan:
docker9.grote.lan:
docker10.grote.lan:
test:
hosts:
dokuwiki-test.grote.lan:

Binary file not shown.

View file

@ -5,4 +5,4 @@
- { role: geerlingguy.docker, tags: "docker", become: true }
- { role: gantsign.ctop, tags: "ctop", become: true }
- { role: mgrote.set_permissions, tags: "perm", become: true }
- { role: mgrote.docker-compose-deploy, tags: "compose", become: true }
- { role: mgrote.docker-compose-inline, tags: "compose", become: true }

View file

@ -1,2 +1,2 @@
---
alacritty_url: http://docker7.grote.lan:3344/alacritty/alacritty-latest.tar.gz
alacritty_url: http://docker10.grote.lan:3344/alacritty/alacritty-latest.tar.gz

View file

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/licenses/why-not-lgpl.html>.

View file

@ -0,0 +1,27 @@
# mgrote.docker-compose-inline
### Beschreibung
Diese Rolle templated docker-compose-Ordner auf die Zielmaschine und startet dort die Container.
### getestet auf
- [X] Ubuntu (>=20.04)
### Variablen + Defaults
siehe [defaults](./defaults/main.yml)
### Nutzung: Abbau Container
1. setze `state: absent`
1. lösche Ordner in `compose_src_basedir`
2. Rolle ausführen
### Nutzung: Hinzufügen Container
1. ersteller Ordner in `compose_src_basedir`
1. alle Dateien die templated werden sollen + IMMER `docker-compose.yml` mit der Dateiendung `.j2` versehen
1. Secrets: in `*.j2`-Dateien mit `{{ lookup('keepass', '<name>', 'password') }}
` einbauen

View file

@ -0,0 +1,18 @@
---
# owner and group of all files and directories
compose_owner: "docker-user"
compose_group: "docker-user"
# default permissions for all files and directories
compose_file_permissions: "644"
compose_dir_permissions: "755"
# where to store the compose-files on the destination system
compose_dest_basedir: "/docker" # without trailing "/"
# where are the docker-compose-files located on the ansible controller
compose_src_basedir: "{{ inventory_dir }}/docker-compose" # without trailing "/"
# dict of compose-files to deploy
#compose_files:
# - name: hastebin # used for directory name; starting & stopping
# state: present
# #network: test_nw # external network (optional)
# - name: ara
# state: present

View file

@ -0,0 +1,97 @@
---
- name: ensure basedir exists
become: true
ansible.builtin.file:
path: "{{ compose_dest_basedir }}"
state: directory
mode: "{{ compose_dir_permissions }}"
owner: "{{ compose_owner }}"
group: "{{ compose_group }}"
# https://codeutility.org/ansible-can-the-templates-module-handle-multiple-templates-directories-stack-overflow/
- name: copy all directories recursively
ansible.builtin.file:
dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '') }}"
state: directory
mode: "{{ compose_dir_permissions }}"
owner: "{{ compose_owner }}"
group: "{{ compose_group }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type d').split('\n') }}"
- name: copy all files recursively (can take a long time)
ansible.builtin.copy:
mode: "{{ compose_file_permissions }}"
owner: "{{ compose_owner }}"
group: "{{ compose_group }}"
src: "{{ item }}"
dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '') }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}"
no_log: true
- name: copy templates files recursively
ansible.builtin.template:
mode: "{{ compose_file_permissions }}"
owner: "{{ compose_owner }}"
group: "{{ compose_group }}"
src: "{{ item }}"
dest: "{{compose_dest_basedir}}/{{ item|replace(compose_src_basedir+'/', '')|replace('.j2', '') }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
register: copy_template
no_log: true
# - name: print $copy_template
# ansible.builtin.debug:
# var: copy_template
- name: create networks
become: true
ansible.builtin.shell: "docker network create {{ item.network }}" # erstelle network
register: network_result # speichere ergebnis in var
changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
ignore_errors: yes # ignoriere fehler
loop: "{{ compose_files }}"
when:
- item.state == "present"
- item.network is defined
- name: (re)start container
become: true
ansible.builtin.shell: docker-compose up -d
args:
chdir: "{{ compose_dest_basedir }}/{{ item.name }}"
register: start_result # speichere ergebnis in var
changed_when: "start_result.rc == 0" # markiere tasks als changed when exit-code == 0
loop: "{{ compose_files }}"
when:
- item.state == "present"
- copy_template is changed
- name: stop old container
become: true
ansible.builtin.shell: docker-compose down
args:
chdir: "{{ compose_dest_basedir }}/{{ item.name }}"
loop: "{{ compose_files }}"
when:
- item.state == "absent"
ignore_errors: yes # ignoriere fehler
- name: remove old networks
become: true
ansible.builtin.shell: "docker network remove {{ item.network }}" # erstelle network
register: network_result # speichere ergebnis in var
changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
ignore_errors: yes # ignoriere fehler
loop: "{{ compose_files }}"
when:
- item.state == "absent"
- item.network is defined
- name: remove old docker-compose files & directories
become: true
ansible.builtin.file:
path: "{{ compose_dest_basedir }}/{{ item.name }}/"
state: absent
loop: "{{ compose_files }}"
when:
- item.state == "absent"