housekeeping: comments (#619)

Reviewed-on: #619
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-11-29 21:15:50 +01:00 committed by mg
parent 7b8f61c750
commit f201aaef06
16 changed files with 41 additions and 41 deletions

View file

@ -10,7 +10,7 @@ file_header: |
### mgrote_netplan ### mgrote_netplan
netplan_configure: true netplan_configure: true
### mgrote.restic ### mgrote_restic
restic_user: root restic_user: root
restic_group: restic restic_group: restic
restic_conf_dir: /etc/restic restic_conf_dir: /etc/restic
@ -33,7 +33,7 @@ restic_mount_user: restic
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}" restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
restic_fail_mail: "{{ my_mail }}" restic_fail_mail: "{{ my_mail }}"
### mgrote.user ### mgrote_user
users: users:
- username: mg - username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
@ -60,7 +60,7 @@ unattended_origins_patterns:
- 'origin=Ubuntu,archive=${distro_codename}-security' - 'origin=Ubuntu,archive=${distro_codename}-security'
- 'o=Ubuntu,a=${distro_codename}-updates' - 'o=Ubuntu,a=${distro_codename}-updates'
### mgrote.ntp_chrony_client ### mgrote_ntp_chrony_client
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
ntp_chrony_servers: # welche Server sollen befragt werden ntp_chrony_servers: # welche Server sollen befragt werden
@ -70,16 +70,16 @@ ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
ntp_chrony_logging: false ntp_chrony_logging: false
### mgrote.postfix ### mgrote_postfix
postfix_smtp_server: docker10.mgrote.net postfix_smtp_server: docker10.mgrote.net
postfix_smtp_server_port: 1025 postfix_smtp_server_port: 1025
### mgrote.tmux ### mgrote_tmux
tmux_conf_destination: "/home/mg/.tmux.conf" tmux_conf_destination: "/home/mg/.tmux.conf"
tmux_bashrc_destination: "/home/mg/.bashrc" tmux_bashrc_destination: "/home/mg/.bashrc"
tmux_standardsession_name: "default" tmux_standardsession_name: "default"
### mgrote.fail2ban ### mgrote_fail2ban
f2b_bantime: 300 f2b_bantime: 300
f2b_findtime: 300 f2b_findtime: 300
f2b_maxretry: 5 f2b_maxretry: 5
@ -96,7 +96,7 @@ ufw_rules:
ufw_default_incoming_policy: deny ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow ufw_default_outgoing_policy: allow
### mgrote.apt_manage_packages ### mgrote_apt_manage_packages
apt_packages_common: apt_packages_common:
- locales - locales
- python3 - python3
@ -142,7 +142,7 @@ apt_packages_absent:
apt_packages_internet: apt_packages_internet:
- http://docker10.mgrote.net:3344/bash-helper-scripts-mgrote-latest.deb - http://docker10.mgrote.net:3344/bash-helper-scripts-mgrote-latest.deb
### mgrote.zfs_sanoid ### mgrote_zfs_sanoid
sanoid_templates: sanoid_templates:
- name: '31tage' - name: '31tage'
keep_hourly: '24' # Aufheben (Stunde) keep_hourly: '24' # Aufheben (Stunde)
@ -190,7 +190,7 @@ sanoid_templates:
autosnap: 'yes' autosnap: 'yes'
autoprune: 'yes' autoprune: 'yes'
### mgrote.zfs_sanoid ### mgrote_zfs_sanoid
sanoid_deb_url: http://docker10.mgrote.net:3344/sanoid_3.0.4.deb sanoid_deb_url: http://docker10.mgrote.net:3344/sanoid_3.0.4.deb
# Ansible Variablen # Ansible Variablen

View file

@ -9,6 +9,6 @@ pip_install_packages:
- name: ansible - name: ansible
- name: docker-compose - name: docker-compose
### mgrote.apt_manage_packages ### mgrote_apt_manage_packages
apt_packages_extra: apt_packages_extra:
- sshpass - sshpass

View file

@ -69,9 +69,9 @@ blocky_custom_lookups: # optional
- name: fritz.box - name: fritz.box
ip: 192.168.5.1 ip: 192.168.5.1
### mgrote.apt_manage_packages ### mgrote_apt_manage_packages
apt_packages_internet: apt_packages_internet:
- http://192.168.2.43:3344/bash-helper-scripts-mgrote-latest.deb - http://192.168.2.43:3344/bash-helper-scripts-mgrote-latest.deb
### mgrote.restic ### mgrote_restic
restic_repository: "//192.168.2.54/restic" restic_repository: "//192.168.2.54/restic"

View file

@ -15,10 +15,10 @@ lvm_groups:
manage_lvm: true manage_lvm: true
pvresize_to_max: true pvresize_to_max: true
### mgrote.restic ### mgrote_restic
restic_folders_to_backup: "/ /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files restic_folders_to_backup: "/ /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
### mgrote.user ### mgrote_user
users: users:
- username: mg - username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
@ -52,10 +52,10 @@ docker_users:
docker_install_compose: true docker_install_compose: true
docker_add_repo: false # erstelle kein Repo-Eintrag unter /etc/apt/sources.list.d/, steht explizit unter "repos_override" docker_add_repo: false # erstelle kein Repo-Eintrag unter /etc/apt/sources.list.d/, steht explizit unter "repos_override"
### mgrote.docker-compose-deploy ### mgrote_docker-compose-deploy
docker_compose_base_dir: /home/docker-user docker_compose_base_dir: /home/docker-user
### mgrote.apt_manage_sources ### mgrote_apt_manage_sources
repos_override: # mit docker-repos repos_override: # mit docker-repos
- deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable - deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted" - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted"

View file

@ -18,7 +18,7 @@ ufw_rules:
comment: 'smb' comment: 'smb'
from_ip: 0.0.0.0/0 from_ip: 0.0.0.0/0
### mgrote.fileserver_smb ### mgrote_fileserver_smb
smb_workgroup: WORKGROUP smb_workgroup: WORKGROUP
smb_min_protocol: "SMB2" smb_min_protocol: "SMB2"
smb_client_min_protocol: "SMB2" smb_client_min_protocol: "SMB2"

View file

@ -15,7 +15,7 @@ lvm_groups:
manage_lvm: true manage_lvm: true
pvresize_to_max: true pvresize_to_max: true
### mgrote.restic ### mgrote_restic
restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
### oefenweb.ufw ### oefenweb.ufw

View file

@ -2,13 +2,13 @@
### mgrote_netplan ### mgrote_netplan
netplan_configure: false netplan_configure: false
### mgrote.postfix ### mgrote_postfix
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24 192.168.3.0/24" postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24 192.168.3.0/24"
### mgrote.restic ### mgrote_restic
restic_folders_to_backup: "/ /etc/proxmox-backup" restic_folders_to_backup: "/ /etc/proxmox-backup"
### mgrote.user ### mgrote_user
users: users:
- username: root - username: root
password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}" password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}"

View file

@ -2,10 +2,10 @@
### mgrote_netplan ### mgrote_netplan
netplan_configure: false netplan_configure: false
### mgrote.restic ### mgrote_restic
restic_folders_to_backup: "/ /etc/pve" restic_folders_to_backup: "/ /etc/pve"
### mgrote.user ### mgrote_user
users: users:
- username: root - username: root
password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}" password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}"
@ -31,7 +31,7 @@ users:
allow_sudo: true allow_sudo: true
allow_passwordless_sudo: true allow_passwordless_sudo: true
### mgrote.apt_manage_packages ### mgrote_apt_manage_packages
apt_packages_extra: apt_packages_extra:
- ifupdown2 - ifupdown2
- bmon - bmon

View file

@ -29,10 +29,10 @@ cifs_mounts:
gid: 5000 gid: 5000
extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
### mgrote.restic ### mgrote_restic
restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
### mgrote.docker-compose-inline ### mgrote_docker-compose-inline
compose_owner: "docker-user" compose_owner: "docker-user"
compose_group: "docker-user" compose_group: "docker-user"
compose_file_permissions: "644" compose_file_permissions: "644"

View file

@ -1,5 +1,5 @@
--- ---
### mgrote.youtubedl ### mgrote_youtubedl
ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp" ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp"
ytdl_timer: "Tue,Sat 03:00" ytdl_timer: "Tue,Sat 03:00"
ytdl_bin_path: /usr/local/bin/yt-dlp ytdl_bin_path: /usr/local/bin/yt-dlp

View file

@ -33,7 +33,7 @@ pbs_users:
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 ### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
# mgrote.zfs_manage_datasets # mgrote.zfs_manage_datasets
### mgrote.zfs_extra ### mgrote_zfs_extra
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_* # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets: # DatenPools werden hier nicht verwaltet zfs_datasets: # DatenPools werden hier nicht verwaltet
# rpool - System-Datasets # rpool - System-Datasets
@ -68,7 +68,7 @@ zfs_extra_zfs_pools:
- name: "backup" - name: "backup"
systemd_timer_schedule: "*-01,04,07,10-01 23:00" systemd_timer_schedule: "*-01,04,07,10-01 23:00"
### mgrote.zfs_sanoid ### mgrote_zfs_sanoid
sanoid_snaps_enable: true sanoid_snaps_enable: true
## syncoid ## syncoid

View file

@ -29,7 +29,7 @@ pbs_users:
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH ### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH
# mgrote.zfs_manage_datasets # mgrote.zfs_manage_datasets
### mgrote.zfs_extra ### mgrote_zfs_extra
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_* # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets: # DatenPools werden hier nicht verwaltet zfs_datasets: # DatenPools werden hier nicht verwaltet
# rpool - System-Datasets # rpool - System-Datasets
@ -64,7 +64,7 @@ zfs_extra_zfs_pools:
- name: "backup" - name: "backup"
systemd_timer_schedule: "*-01,04,07,10-01 23:00" systemd_timer_schedule: "*-01,04,07,10-01 23:00"
### mgrote.zfs_sanoid ### mgrote_zfs_sanoid
sanoid_snaps_enable: true sanoid_snaps_enable: true
## syncoid ## syncoid
sanoid_syncoid_destination_host: true sanoid_syncoid_destination_host: true

View file

@ -7,7 +7,7 @@
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data_raidz mirror /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2 ### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data_raidz mirror /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
# mgrote.zfs_manage_datasets # mgrote.zfs_manage_datasets
### mgrote.zfs_extra ### mgrote_zfs_extra
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_* # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets: # DatenPools werden hier nicht verwaltet zfs_datasets: # DatenPools werden hier nicht verwaltet
# rpool - System-Datasets # rpool - System-Datasets
@ -83,7 +83,7 @@ zfs_extra_zfs_pools:
- name: "hdd_data_raidz" - name: "hdd_data_raidz"
systemd_timer_schedule: "*-01,04,07,10-01 23:00" systemd_timer_schedule: "*-01,04,07,10-01 23:00"
### mgrote.zfs_sanoid ### mgrote_zfs_sanoid
sanoid_datasets: sanoid_datasets:
- path: 'hdd_data_raidz/videos' - path: 'hdd_data_raidz/videos'
template: '3tage' template: '3tage'
@ -150,14 +150,14 @@ sanoid_datasets:
snapshots: true snapshots: true
template: '3tage' template: '3tage'
### mgrote.cv4pve-autosnap ### mgrote_cv4pve-autosnap
cv4pve_api_user: root@pam!cv4pve-autosnap cv4pve_api_user: root@pam!cv4pve-autosnap
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}" cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
cv4pve_vmid: all cv4pve_vmid: all
cv4pve_keep_snapshots: 5 cv4pve_keep_snapshots: 5
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip" cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip"
### mgrote.proxmox_bind_mounts ### mgrote_proxmox_bind_mounts
pve_bind_mounts: pve_bind_mounts:
- vmid: 100 - vmid: 100
mp_nr: 0 mp_nr: 0

View file

@ -7,7 +7,7 @@
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data_raidz mirror /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A27KFJDH /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH ### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data_raidz mirror /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A27KFJDH /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH
# mgrote.zfs_manage_datasets # mgrote.zfs_manage_datasets
### mgrote.zfs_extra ### mgrote_zfs_extra
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_* # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
zfs_datasets: # DatenPools werden hier nicht verwaltet zfs_datasets: # DatenPools werden hier nicht verwaltet
# rpool - System-Datasets # rpool - System-Datasets
@ -87,7 +87,7 @@ zfs_extra_zfs_pools:
- name: "hdd_data_raidz" - name: "hdd_data_raidz"
systemd_timer_schedule: "*-01,04,07,10-01 23:00" systemd_timer_schedule: "*-01,04,07,10-01 23:00"
### mgrote.zfs_sanoid ### mgrote_zfs_sanoid
sanoid_snaps_enable: true sanoid_snaps_enable: true
## enable sending snaps ## enable sending snaps
sanoid_syncoid_source_host: true sanoid_syncoid_source_host: true
@ -160,14 +160,14 @@ sanoid_datasets:
snapshots: true snapshots: true
template: 'pve3tage' template: 'pve3tage'
### mgrote.cv4pve-autosnap ### mgrote_cv4pve-autosnap
cv4pve_api_user: root@pam!cv4pve-autosnap cv4pve_api_user: root@pam!cv4pve-autosnap
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}" cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
cv4pve_vmid: all,-115 cv4pve_vmid: all,-115
cv4pve_keep_snapshots: 5 cv4pve_keep_snapshots: 5
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.14.7/cv4pve-autosnap-linux-x64.zip" cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.14.7/cv4pve-autosnap-linux-x64.zip"
### mgrote.proxmox_bind_mounts ### mgrote_proxmox_bind_mounts
pve_bind_mounts: pve_bind_mounts:
### fileserver3 ### fileserver3
- vmid: 115 - vmid: 115

View file

@ -34,7 +34,7 @@
ansible_password: hallowelt ansible_password: hallowelt
ansible_become_password: hallowelt ansible_become_password: hallowelt
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'" ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
### mgrote.user ### mgrote_user
users: users:
- username: ansible-user - username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"

View file

@ -44,7 +44,7 @@ sanoid_user_group: sanoid
#sanoid_syncoid_ssh_privkey: "{{ lookup('keepass', 'sanoid_syncoid_private_key', 'notes') }}" #sanoid_syncoid_ssh_privkey: "{{ lookup('keepass', 'sanoid_syncoid_private_key', 'notes') }}"
#sanoid_syncoid_ssh_pubkey: "{{ lookup('keepass', 'sanoid_syncoid_public_key', 'notes') }}" #sanoid_syncoid_ssh_pubkey: "{{ lookup('keepass', 'sanoid_syncoid_public_key', 'notes') }}"
### mgrote.sanoid ### mgrote_sanoid
#sanoid_syncoid_datasets_sync: #sanoid_syncoid_datasets_sync:
# - source_host: pve5.mgrote.net # - source_host: pve5.mgrote.net
# source_dataset: hdd_data_raidz/tmp # source_dataset: hdd_data_raidz/tmp