housekeeping: comments (#619)
Reviewed-on: #619 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
7b8f61c750
commit
f201aaef06
16 changed files with 41 additions and 41 deletions
|
@ -10,7 +10,7 @@ file_header: |
|
|||
### mgrote_netplan
|
||||
netplan_configure: true
|
||||
|
||||
### mgrote.restic
|
||||
### mgrote_restic
|
||||
restic_user: root
|
||||
restic_group: restic
|
||||
restic_conf_dir: /etc/restic
|
||||
|
@ -33,7 +33,7 @@ restic_mount_user: restic
|
|||
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
|
||||
restic_fail_mail: "{{ my_mail }}"
|
||||
|
||||
### mgrote.user
|
||||
### mgrote_user
|
||||
users:
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
|
@ -60,7 +60,7 @@ unattended_origins_patterns:
|
|||
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
||||
- 'o=Ubuntu,a=${distro_codename}-updates'
|
||||
|
||||
### mgrote.ntp_chrony_client
|
||||
### mgrote_ntp_chrony_client
|
||||
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||
ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
|
||||
ntp_chrony_servers: # welche Server sollen befragt werden
|
||||
|
@ -70,16 +70,16 @@ ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
|
|||
ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
|
||||
ntp_chrony_logging: false
|
||||
|
||||
### mgrote.postfix
|
||||
### mgrote_postfix
|
||||
postfix_smtp_server: docker10.mgrote.net
|
||||
postfix_smtp_server_port: 1025
|
||||
|
||||
### mgrote.tmux
|
||||
### mgrote_tmux
|
||||
tmux_conf_destination: "/home/mg/.tmux.conf"
|
||||
tmux_bashrc_destination: "/home/mg/.bashrc"
|
||||
tmux_standardsession_name: "default"
|
||||
|
||||
### mgrote.fail2ban
|
||||
### mgrote_fail2ban
|
||||
f2b_bantime: 300
|
||||
f2b_findtime: 300
|
||||
f2b_maxretry: 5
|
||||
|
@ -96,7 +96,7 @@ ufw_rules:
|
|||
ufw_default_incoming_policy: deny
|
||||
ufw_default_outgoing_policy: allow
|
||||
|
||||
### mgrote.apt_manage_packages
|
||||
### mgrote_apt_manage_packages
|
||||
apt_packages_common:
|
||||
- locales
|
||||
- python3
|
||||
|
@ -142,7 +142,7 @@ apt_packages_absent:
|
|||
apt_packages_internet:
|
||||
- http://docker10.mgrote.net:3344/bash-helper-scripts-mgrote-latest.deb
|
||||
|
||||
### mgrote.zfs_sanoid
|
||||
### mgrote_zfs_sanoid
|
||||
sanoid_templates:
|
||||
- name: '31tage'
|
||||
keep_hourly: '24' # Aufheben (Stunde)
|
||||
|
@ -190,7 +190,7 @@ sanoid_templates:
|
|||
autosnap: 'yes'
|
||||
autoprune: 'yes'
|
||||
|
||||
### mgrote.zfs_sanoid
|
||||
### mgrote_zfs_sanoid
|
||||
sanoid_deb_url: http://docker10.mgrote.net:3344/sanoid_3.0.4.deb
|
||||
|
||||
# Ansible Variablen
|
||||
|
|
|
@ -9,6 +9,6 @@ pip_install_packages:
|
|||
- name: ansible
|
||||
- name: docker-compose
|
||||
|
||||
### mgrote.apt_manage_packages
|
||||
### mgrote_apt_manage_packages
|
||||
apt_packages_extra:
|
||||
- sshpass
|
||||
|
|
|
@ -69,9 +69,9 @@ blocky_custom_lookups: # optional
|
|||
- name: fritz.box
|
||||
ip: 192.168.5.1
|
||||
|
||||
### mgrote.apt_manage_packages
|
||||
### mgrote_apt_manage_packages
|
||||
apt_packages_internet:
|
||||
- http://192.168.2.43:3344/bash-helper-scripts-mgrote-latest.deb
|
||||
|
||||
### mgrote.restic
|
||||
### mgrote_restic
|
||||
restic_repository: "//192.168.2.54/restic"
|
||||
|
|
|
@ -15,10 +15,10 @@ lvm_groups:
|
|||
manage_lvm: true
|
||||
pvresize_to_max: true
|
||||
|
||||
### mgrote.restic
|
||||
### mgrote_restic
|
||||
restic_folders_to_backup: "/ /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
|
||||
|
||||
### mgrote.user
|
||||
### mgrote_user
|
||||
users:
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
|
@ -52,10 +52,10 @@ docker_users:
|
|||
docker_install_compose: true
|
||||
docker_add_repo: false # erstelle kein Repo-Eintrag unter /etc/apt/sources.list.d/, steht explizit unter "repos_override"
|
||||
|
||||
### mgrote.docker-compose-deploy
|
||||
### mgrote_docker-compose-deploy
|
||||
docker_compose_base_dir: /home/docker-user
|
||||
|
||||
### mgrote.apt_manage_sources
|
||||
### mgrote_apt_manage_sources
|
||||
repos_override: # mit docker-repos
|
||||
- deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted"
|
||||
|
|
|
@ -18,7 +18,7 @@ ufw_rules:
|
|||
comment: 'smb'
|
||||
from_ip: 0.0.0.0/0
|
||||
|
||||
### mgrote.fileserver_smb
|
||||
### mgrote_fileserver_smb
|
||||
smb_workgroup: WORKGROUP
|
||||
smb_min_protocol: "SMB2"
|
||||
smb_client_min_protocol: "SMB2"
|
||||
|
|
|
@ -15,7 +15,7 @@ lvm_groups:
|
|||
manage_lvm: true
|
||||
pvresize_to_max: true
|
||||
|
||||
### mgrote.restic
|
||||
### mgrote_restic
|
||||
restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
|
||||
|
||||
### oefenweb.ufw
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
### mgrote_netplan
|
||||
netplan_configure: false
|
||||
|
||||
### mgrote.postfix
|
||||
### mgrote_postfix
|
||||
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24 192.168.3.0/24"
|
||||
|
||||
### mgrote.restic
|
||||
### mgrote_restic
|
||||
restic_folders_to_backup: "/ /etc/proxmox-backup"
|
||||
|
||||
### mgrote.user
|
||||
### mgrote_user
|
||||
users:
|
||||
- username: root
|
||||
password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
||||
|
|
|
@ -2,10 +2,10 @@
|
|||
### mgrote_netplan
|
||||
netplan_configure: false
|
||||
|
||||
### mgrote.restic
|
||||
### mgrote_restic
|
||||
restic_folders_to_backup: "/ /etc/pve"
|
||||
|
||||
### mgrote.user
|
||||
### mgrote_user
|
||||
users:
|
||||
- username: root
|
||||
password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
||||
|
@ -31,7 +31,7 @@ users:
|
|||
allow_sudo: true
|
||||
allow_passwordless_sudo: true
|
||||
|
||||
### mgrote.apt_manage_packages
|
||||
### mgrote_apt_manage_packages
|
||||
apt_packages_extra:
|
||||
- ifupdown2
|
||||
- bmon
|
||||
|
|
|
@ -29,10 +29,10 @@ cifs_mounts:
|
|||
gid: 5000
|
||||
extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
|
||||
|
||||
### mgrote.restic
|
||||
### mgrote_restic
|
||||
restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
|
||||
|
||||
### mgrote.docker-compose-inline
|
||||
### mgrote_docker-compose-inline
|
||||
compose_owner: "docker-user"
|
||||
compose_group: "docker-user"
|
||||
compose_file_permissions: "644"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
### mgrote.youtubedl
|
||||
### mgrote_youtubedl
|
||||
ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp"
|
||||
ytdl_timer: "Tue,Sat 03:00"
|
||||
ytdl_bin_path: /usr/local/bin/yt-dlp
|
||||
|
|
|
@ -33,7 +33,7 @@ pbs_users:
|
|||
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
|
||||
|
||||
# mgrote.zfs_manage_datasets
|
||||
### mgrote.zfs_extra
|
||||
### mgrote_zfs_extra
|
||||
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
|
||||
zfs_datasets: # DatenPools werden hier nicht verwaltet
|
||||
# rpool - System-Datasets
|
||||
|
@ -68,7 +68,7 @@ zfs_extra_zfs_pools:
|
|||
- name: "backup"
|
||||
systemd_timer_schedule: "*-01,04,07,10-01 23:00"
|
||||
|
||||
### mgrote.zfs_sanoid
|
||||
### mgrote_zfs_sanoid
|
||||
sanoid_snaps_enable: true
|
||||
|
||||
## syncoid
|
||||
|
|
|
@ -29,7 +29,7 @@ pbs_users:
|
|||
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase backup /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH
|
||||
|
||||
# mgrote.zfs_manage_datasets
|
||||
### mgrote.zfs_extra
|
||||
### mgrote_zfs_extra
|
||||
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
|
||||
zfs_datasets: # DatenPools werden hier nicht verwaltet
|
||||
# rpool - System-Datasets
|
||||
|
@ -64,7 +64,7 @@ zfs_extra_zfs_pools:
|
|||
- name: "backup"
|
||||
systemd_timer_schedule: "*-01,04,07,10-01 23:00"
|
||||
|
||||
### mgrote.zfs_sanoid
|
||||
### mgrote_zfs_sanoid
|
||||
sanoid_snaps_enable: true
|
||||
## syncoid
|
||||
sanoid_syncoid_destination_host: true
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data_raidz mirror /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi2
|
||||
|
||||
# mgrote.zfs_manage_datasets
|
||||
### mgrote.zfs_extra
|
||||
### mgrote_zfs_extra
|
||||
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
|
||||
zfs_datasets: # DatenPools werden hier nicht verwaltet
|
||||
# rpool - System-Datasets
|
||||
|
@ -83,7 +83,7 @@ zfs_extra_zfs_pools:
|
|||
- name: "hdd_data_raidz"
|
||||
systemd_timer_schedule: "*-01,04,07,10-01 23:00"
|
||||
|
||||
### mgrote.zfs_sanoid
|
||||
### mgrote_zfs_sanoid
|
||||
sanoid_datasets:
|
||||
- path: 'hdd_data_raidz/videos'
|
||||
template: '3tage'
|
||||
|
@ -150,14 +150,14 @@ sanoid_datasets:
|
|||
snapshots: true
|
||||
template: '3tage'
|
||||
|
||||
### mgrote.cv4pve-autosnap
|
||||
### mgrote_cv4pve-autosnap
|
||||
cv4pve_api_user: root@pam!cv4pve-autosnap
|
||||
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
|
||||
cv4pve_vmid: all
|
||||
cv4pve_keep_snapshots: 5
|
||||
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip"
|
||||
|
||||
### mgrote.proxmox_bind_mounts
|
||||
### mgrote_proxmox_bind_mounts
|
||||
pve_bind_mounts:
|
||||
- vmid: 100
|
||||
mp_nr: 0
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
### sudo zpool create -o ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=prompt -O keyformat=passphrase hdd_data_raidz mirror /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A27KFJDH /dev/disk/by-id/ata-TOSHIBA_MG09ACA18TE_Z1B0A28LFJDH
|
||||
|
||||
# mgrote.zfs_manage_datasets
|
||||
### mgrote.zfs_extra
|
||||
### mgrote_zfs_extra
|
||||
# Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
|
||||
zfs_datasets: # DatenPools werden hier nicht verwaltet
|
||||
# rpool - System-Datasets
|
||||
|
@ -87,7 +87,7 @@ zfs_extra_zfs_pools:
|
|||
- name: "hdd_data_raidz"
|
||||
systemd_timer_schedule: "*-01,04,07,10-01 23:00"
|
||||
|
||||
### mgrote.zfs_sanoid
|
||||
### mgrote_zfs_sanoid
|
||||
sanoid_snaps_enable: true
|
||||
## enable sending snaps
|
||||
sanoid_syncoid_source_host: true
|
||||
|
@ -160,14 +160,14 @@ sanoid_datasets:
|
|||
snapshots: true
|
||||
template: 'pve3tage'
|
||||
|
||||
### mgrote.cv4pve-autosnap
|
||||
### mgrote_cv4pve-autosnap
|
||||
cv4pve_api_user: root@pam!cv4pve-autosnap
|
||||
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
|
||||
cv4pve_vmid: all,-115
|
||||
cv4pve_keep_snapshots: 5
|
||||
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.14.7/cv4pve-autosnap-linux-x64.zip"
|
||||
|
||||
### mgrote.proxmox_bind_mounts
|
||||
### mgrote_proxmox_bind_mounts
|
||||
pve_bind_mounts:
|
||||
### fileserver3
|
||||
- vmid: 115
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
ansible_password: hallowelt
|
||||
ansible_become_password: hallowelt
|
||||
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
|
||||
### mgrote.user
|
||||
### mgrote_user
|
||||
users:
|
||||
- username: ansible-user
|
||||
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||
|
|
|
@ -44,7 +44,7 @@ sanoid_user_group: sanoid
|
|||
#sanoid_syncoid_ssh_privkey: "{{ lookup('keepass', 'sanoid_syncoid_private_key', 'notes') }}"
|
||||
#sanoid_syncoid_ssh_pubkey: "{{ lookup('keepass', 'sanoid_syncoid_public_key', 'notes') }}"
|
||||
|
||||
### mgrote.sanoid
|
||||
### mgrote_sanoid
|
||||
#sanoid_syncoid_datasets_sync:
|
||||
# - source_host: pve5.mgrote.net
|
||||
# source_dataset: hdd_data_raidz/tmp
|
||||
|
|
Loading…
Reference in a new issue