Compare commits
2 commits
7bb78b485a
...
024a70ba3c
Author | SHA1 | Date | |
---|---|---|---|
024a70ba3c | |||
3d75c0911e |
23 changed files with 72 additions and 80 deletions
|
@ -12,7 +12,7 @@ services:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
environment:
|
environment:
|
||||||
GITEA_INSTANCE_URL: https://git.mgrote.net
|
GITEA_INSTANCE_URL: https://git.mgrote.net
|
||||||
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
|
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'forgejo/gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
|
||||||
GITEA_RUNNER_NAME: "docker10-act-runner"
|
GITEA_RUNNER_NAME: "docker10-act-runner"
|
||||||
CONFIG_FILE: /config.yml
|
CONFIG_FILE: /config.yml
|
||||||
|
|
||||||
|
|
|
@ -8,11 +8,11 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- mf-db17
|
- mf-db17
|
||||||
environment:
|
environment:
|
||||||
DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable"
|
DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable"
|
||||||
RUN_MIGRATIONS: 1
|
RUN_MIGRATIONS: 1
|
||||||
# CREATE_ADMIN: 1
|
# CREATE_ADMIN: 1
|
||||||
# ADMIN_USERNAME: adminmf
|
# ADMIN_USERNAME: adminmf
|
||||||
# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_admin_password', 'password') }}"
|
# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_admin_password', 'password') }}"
|
||||||
WORKER_POOL_SIZE: 10
|
WORKER_POOL_SIZE: 10
|
||||||
POLLING_FREQUENCY: 10
|
POLLING_FREQUENCY: 10
|
||||||
CLEANUP_ARCHIVE_UNREAD_DAYS: -1
|
CLEANUP_ARCHIVE_UNREAD_DAYS: -1
|
||||||
|
@ -39,7 +39,7 @@ services:
|
||||||
pull_policy: missing
|
pull_policy: missing
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_USER: miniflux
|
POSTGRES_USER: miniflux
|
||||||
POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}"
|
POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}"
|
||||||
TZ: Europe/Berlin
|
TZ: Europe/Berlin
|
||||||
POSTGRES_HOST_AUTH_METHOD: "md5" # Workaround beim Migration von 13 -> 16; https://eelkevdbos.medium.com/upgrade-postgresql-with-docker-compose-99d995e464 ;
|
POSTGRES_HOST_AUTH_METHOD: "md5" # Workaround beim Migration von 13 -> 16; https://eelkevdbos.medium.com/upgrade-postgresql-with-docker-compose-99d995e464 ;
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -60,7 +60,7 @@ services:
|
||||||
pull_policy: missing
|
pull_policy: missing
|
||||||
environment:
|
environment:
|
||||||
TZ: Europe/Berlin
|
TZ: Europe/Berlin
|
||||||
MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux_auth_token', 'password') }}"
|
MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_auth_token', 'password') }}"
|
||||||
MF_API_URL: https://miniflux.mgrote.net/v1
|
MF_API_URL: https://miniflux.mgrote.net/v1
|
||||||
MF_SLEEP: 600
|
MF_SLEEP: 600
|
||||||
#MF_DEBUG: 1
|
#MF_DEBUG: 1
|
||||||
|
|
|
@ -12,8 +12,8 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- data:/data # wird im "command" verwendet/gesetzt
|
- data:/data # wird im "command" verwendet/gesetzt
|
||||||
environment:
|
environment:
|
||||||
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}"
|
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'username') }}"
|
||||||
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}"
|
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'password') }}"
|
||||||
command: server /data --console-address ":9001"
|
command: server /data --console-address ":9001"
|
||||||
healthcheck: # https://github.com/minio/minio/issues/18389
|
healthcheck: # https://github.com/minio/minio/issues/18389
|
||||||
test: ["CMD", "mc", "ready", "local"]
|
test: ["CMD", "mc", "ready", "local"]
|
||||||
|
|
|
@ -54,7 +54,7 @@ volumes:
|
||||||
driver: local
|
driver: local
|
||||||
driver_opts:
|
driver_opts:
|
||||||
type: "cifs"
|
type: "cifs"
|
||||||
o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}"
|
o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}"
|
||||||
device: "//192.168.2.54/musik/Musik"
|
device: "//192.168.2.54/musik/Musik"
|
||||||
######## Networks ########
|
######## Networks ########
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -11,15 +11,15 @@ services:
|
||||||
- /etc/timezone:/etc/timezone:ro
|
- /etc/timezone:/etc/timezone:ro
|
||||||
- db:/var/lib/mysql
|
- db:/var/lib/mysql
|
||||||
environment:
|
environment:
|
||||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_root_password', 'password') }}"
|
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_root_password', 'password') }}"
|
||||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
|
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
|
||||||
MYSQL_DATABASE: nextcloud
|
MYSQL_DATABASE: nextcloud
|
||||||
MYSQL_USER: nextcloud
|
MYSQL_USER: nextcloud
|
||||||
MYSQL_INITDB_SKIP_TZINFO: 1
|
MYSQL_INITDB_SKIP_TZINFO: 1
|
||||||
networks:
|
networks:
|
||||||
- intern
|
- intern
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"]
|
test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
@ -39,9 +39,9 @@ services:
|
||||||
- intern
|
- intern
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
pull_policy: missing
|
pull_policy: missing
|
||||||
command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
|
command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
|
test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
|
||||||
interval: 5s
|
interval: 5s
|
||||||
timeout: 2s
|
timeout: 2s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
@ -73,15 +73,15 @@ services:
|
||||||
environment:
|
environment:
|
||||||
# redis
|
# redis
|
||||||
REDIS_HOST: nextcloud-redis
|
REDIS_HOST: nextcloud-redis
|
||||||
REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
|
REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
|
||||||
# mysql
|
# mysql
|
||||||
MYSQL_DATABASE: nextcloud
|
MYSQL_DATABASE: nextcloud
|
||||||
MYSQL_USER: nextcloud
|
MYSQL_USER: nextcloud
|
||||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
|
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
|
||||||
MYSQL_HOST: nextcloud-db
|
MYSQL_HOST: nextcloud-db
|
||||||
# admin
|
# admin
|
||||||
NEXTCLOUD_ADMIN_USER: n-admin
|
NEXTCLOUD_ADMIN_USER: n-admin
|
||||||
NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_admin_user_password', 'password') }}"
|
NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_admin_user_password', 'password') }}"
|
||||||
# misc
|
# misc
|
||||||
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
|
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
|
||||||
PHP_MEMORY_LIMIT: 1024M
|
PHP_MEMORY_LIMIT: 1024M
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
# Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
|
# Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
|
||||||
# lldap_bind_user=nextcloud_bind_user
|
# lldap_bind_user=nextcloud_bind_user
|
||||||
# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
|
# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
|
||||||
# lldap_bind_user_groups=lldap_strict_readonly
|
# lldap_bind_user_groups=lldap_strict_readonly
|
||||||
|
|
||||||
php occ app:install user_ldap
|
php occ app:install user_ldap
|
||||||
|
@ -15,7 +15,7 @@ php occ ldap:set-config s01 ldapPort 3890
|
||||||
# EDIT: admin user
|
# EDIT: admin user
|
||||||
php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
|
php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
|
||||||
# EDIT: password
|
# EDIT: password
|
||||||
php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
|
php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
|
||||||
# EDIT: Base DN
|
# EDIT: Base DN
|
||||||
php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
|
php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
|
||||||
php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"
|
php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_deploy-token', 'notes') }}
|
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_deploy-token', 'notes') }}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_crs305_private_key', 'notes') }}
|
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_crs305_private_key', 'notes') }}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_hex_private_key', 'notes') }}
|
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_hex_private_key', 'notes') }}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_rb5009_private_key', 'notes') }}
|
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_rb5009_private_key', 'notes') }}
|
||||||
|
|
|
@ -8,7 +8,7 @@ log:
|
||||||
|
|
||||||
identity_validation:
|
identity_validation:
|
||||||
reset_password:
|
reset_password:
|
||||||
jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}
|
jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_jwt_secret', 'password') }}
|
||||||
totp:
|
totp:
|
||||||
issuer: totp.mgrote.net
|
issuer: totp.mgrote.net
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ access_control:
|
||||||
|
|
||||||
session:
|
session:
|
||||||
name: authelia_session
|
name: authelia_session
|
||||||
secret: {{ lookup('viczem.keepass.keepass', 'authelia_session_secret', 'password') }}
|
secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_session_secret', 'password') }}
|
||||||
expiration: 3600
|
expiration: 3600
|
||||||
inactivity: 300
|
inactivity: 300
|
||||||
cookies:
|
cookies:
|
||||||
|
@ -40,12 +40,12 @@ regulation:
|
||||||
ban_time: 300
|
ban_time: 300
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
|
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_storage_encryption_key', 'password') }}
|
||||||
mysql:
|
mysql:
|
||||||
database: authelia
|
database: authelia
|
||||||
address: 'tcp://authelia-db:3306'
|
address: 'tcp://authelia-db:3306'
|
||||||
username: authelia
|
username: authelia
|
||||||
password: {{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}
|
password: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}
|
||||||
|
|
||||||
notifier:
|
notifier:
|
||||||
smtp:
|
smtp:
|
||||||
|
@ -75,6 +75,6 @@ authentication_backend:
|
||||||
group_name: cn
|
group_name: cn
|
||||||
mail: mail
|
mail: mail
|
||||||
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
|
||||||
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
|
password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
|
||||||
|
|
||||||
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
|
||||||
|
|
|
@ -88,15 +88,15 @@ services:
|
||||||
- /etc/timezone:/etc/timezone:ro
|
- /etc/timezone:/etc/timezone:ro
|
||||||
- db:/var/lib/mysql
|
- db:/var/lib/mysql
|
||||||
environment:
|
environment:
|
||||||
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_root_password', 'password') }}"
|
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
|
||||||
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}"
|
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
|
||||||
MYSQL_DATABASE: authelia
|
MYSQL_DATABASE: authelia
|
||||||
MYSQL_USER: authelia
|
MYSQL_USER: authelia
|
||||||
MYSQL_INITDB_SKIP_TZINFO: 1
|
MYSQL_INITDB_SKIP_TZINFO: 1
|
||||||
networks:
|
networks:
|
||||||
- authelia
|
- authelia
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}"]
|
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
|
|
@ -9,7 +9,7 @@ file_header: |
|
||||||
#----------------------------------------------------------------#
|
#----------------------------------------------------------------#
|
||||||
# für Zugriff auf nicht öffentliche git.mgrote.net-Repos
|
# für Zugriff auf nicht öffentliche git.mgrote.net-Repos
|
||||||
ansible_forgejo_user: svc_ansible
|
ansible_forgejo_user: svc_ansible
|
||||||
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
||||||
|
|
||||||
### mgrote_user_setup
|
### mgrote_user_setup
|
||||||
dotfiles:
|
dotfiles:
|
||||||
|
@ -102,7 +102,7 @@ restic_folders_to_backup: "/usr/local /etc /root /home"
|
||||||
restic_repository: "//fileserver3.mgrote.net/restic"
|
restic_repository: "//fileserver3.mgrote.net/restic"
|
||||||
restic_fail_mail: michael.grote@posteo.de
|
restic_fail_mail: michael.grote@posteo.de
|
||||||
restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
|
restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
|
||||||
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
|
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
|
||||||
restic_mount_user: restic
|
restic_mount_user: restic
|
||||||
restic_schedule: "*-*-* 4:00:00"
|
restic_schedule: "*-*-* 4:00:00"
|
||||||
|
|
||||||
|
@ -268,8 +268,14 @@ ansible_python_interpreter: "/usr/bin/python3"
|
||||||
keepass_dbx: "./keepass_db.kdbx"
|
keepass_dbx: "./keepass_db.kdbx"
|
||||||
keepass_psw: !vault |
|
keepass_psw: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
62383737623066396239383336646164616537646630653964313532383130343533346561633039
|
35333563623630373138383563343432333866623533343766646165363261656439653861613336
|
||||||
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
|
6632626438396538316565343061393735383836633631620a653832333936313166316436613237
|
||||||
61613132326536666466636632363866393066656236303766333338356337396338376266346631
|
38616366623862306534313038343132613832633162303965313138383232383065336231643030
|
||||||
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
|
3862333162643436360a396162303433306138643863333461383737656538636463336533613630
|
||||||
38363035376662353135333332363431343833656666643036326234656166643531
|
64383631396664636139393932386239656636366337346163643430353838653166393030323132
|
||||||
|
34623439323063336438663031303638303735353735316238616633343833616461363561666338
|
||||||
|
36616565393333303935343961386130353435373830383865613133663538633338303762643935
|
||||||
|
37626537396238386365
|
||||||
|
|
||||||
|
# in "ansible-vault" steht das Vault-Secret um die Variablen "keepass_psw" zu entschlüsseln,
|
||||||
|
# das entschlüsselte Secret ist gleich dem KeepassPW
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
### mgrote_minio_configure
|
### mgrote_minio_configure
|
||||||
minio_url: https://s3.mgrote.net
|
minio_url: https://s3.mgrote.net
|
||||||
minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_access_key', 'password') }}"
|
minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_access_key', 'password') }}"
|
||||||
minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_secret_key', 'password') }}"
|
minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_secret_key', 'password') }}"
|
||||||
minio_users:
|
minio_users:
|
||||||
- name: testuser
|
- name: testuser
|
||||||
secret: "{{ lookup('viczem.keepass.keepass', 'minio_testuser_secret_key', 'password') }}"
|
secret: "{{ lookup('viczem.keepass.keepass', 'minio/minio_testuser_secret_key', 'password') }}"
|
||||||
state: present
|
state: present
|
||||||
policy: testbucket_rw
|
policy: testbucket_rw
|
||||||
minio_buckets:
|
minio_buckets:
|
||||||
|
|
|
@ -92,14 +92,14 @@ gitea_db_type: "postgres"
|
||||||
gitea_db_host: "localhost"
|
gitea_db_host: "localhost"
|
||||||
gitea_db_name: "gitea"
|
gitea_db_name: "gitea"
|
||||||
gitea_db_user: "gitea"
|
gitea_db_user: "gitea"
|
||||||
gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo_db_password', 'password') }}"
|
gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_db_password', 'password') }}"
|
||||||
# indexer
|
# indexer
|
||||||
gitea_repo_indexer_enabled: true
|
gitea_repo_indexer_enabled: true
|
||||||
# security
|
# security
|
||||||
gitea_disable_webhooks: false
|
gitea_disable_webhooks: false
|
||||||
gitea_password_check_pwn: false
|
gitea_password_check_pwn: false
|
||||||
gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo_internal_token', 'password') }}"
|
gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_internal_token', 'password') }}"
|
||||||
gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo_secret_key', 'password') }}"
|
gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_secret_key', 'password') }}"
|
||||||
# service
|
# service
|
||||||
gitea_disable_registration: true
|
gitea_disable_registration: true
|
||||||
gitea_register_email_confirm: true
|
gitea_register_email_confirm: true
|
||||||
|
@ -139,7 +139,7 @@ gitea_extra_config: |
|
||||||
[repo-archive]
|
[repo-archive]
|
||||||
ENABLED = false
|
ENABLED = false
|
||||||
# oauth2
|
# oauth2
|
||||||
gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo_oauth2_jwt_secret', 'password') }}"
|
gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_oauth2_jwt_secret', 'password') }}"
|
||||||
# Fail2Ban configuration
|
# Fail2Ban configuration
|
||||||
gitea_fail2ban_enabled: true
|
gitea_fail2ban_enabled: true
|
||||||
gitea_fail2ban_jail_maxretry: "3"
|
gitea_fail2ban_jail_maxretry: "3"
|
||||||
|
@ -151,6 +151,6 @@ gitea_fail2ban_jail_action: "iptables-allports"
|
||||||
gitea_ldap_host: "ldap.mgrote.net"
|
gitea_ldap_host: "ldap.mgrote.net"
|
||||||
gitea_ldap_base_path: "dc=mgrote,dc=net"
|
gitea_ldap_base_path: "dc=mgrote,dc=net"
|
||||||
gitea_ldap_bind_user: "forgejo_bind_user"
|
gitea_ldap_bind_user: "forgejo_bind_user"
|
||||||
gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_forgejo_bind_user', 'password') }}"
|
gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/lldap_forgejo_bind_user', 'password') }}"
|
||||||
gitea_admin_user: "fadmin"
|
gitea_admin_user: "fadmin"
|
||||||
gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo_admin_user_pass', 'password') }}"
|
gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_admin_user_pass', 'password') }}"
|
||||||
|
|
|
@ -41,13 +41,13 @@ lldap_http_port: 17170
|
||||||
lldap_http_host: "0.0.0.0"
|
lldap_http_host: "0.0.0.0"
|
||||||
lldap_ldap_host: "0.0.0.0"
|
lldap_ldap_host: "0.0.0.0"
|
||||||
lldap_public_url: http://ldap.mgrote.net:17170
|
lldap_public_url: http://ldap.mgrote.net:17170
|
||||||
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}"
|
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_jwt_secret', 'password') }}"
|
||||||
lldap_ldap_base_dn: "dc=mgrote,dc=net"
|
lldap_ldap_base_dn: "dc=mgrote,dc=net"
|
||||||
lldap_admin_username: ladmin # only used on setup
|
lldap_admin_username: ladmin # only used on setup
|
||||||
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
|
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
|
||||||
lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
|
lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
|
||||||
lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
|
lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
|
||||||
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}"
|
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_key_seed', 'password') }}"
|
||||||
#lldap_smtp_from: "lldap@mgrote.net" # unused in role
|
#lldap_smtp_from: "lldap@mgrote.net" # unused in role
|
||||||
lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
|
lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
|
||||||
lldap_smtp_server: "docker10.mgrote.net"
|
lldap_smtp_server: "docker10.mgrote.net"
|
||||||
|
@ -58,6 +58,6 @@ lldap_smtp_enable_password_reset: "true" # must be a string not a boolean
|
||||||
# "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
|
# "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
|
||||||
lldap_db_name: "lldap"
|
lldap_db_name: "lldap"
|
||||||
lldap_db_user: "lldap"
|
lldap_db_user: "lldap"
|
||||||
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}"
|
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}"
|
||||||
lldap_db_host: "localhost"
|
lldap_db_host: "localhost"
|
||||||
...
|
...
|
||||||
|
|
|
@ -82,7 +82,7 @@ munin_node_plugins:
|
||||||
[mikrotik_system_rb5009]
|
[mikrotik_system_rb5009]
|
||||||
user root
|
user root
|
||||||
env.ssh_user munin
|
env.ssh_user munin
|
||||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
|
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
|
||||||
env.ssh_host 192.168.2.1
|
env.ssh_host 192.168.2.1
|
||||||
- name: mikrotik_system_crs305
|
- name: mikrotik_system_crs305
|
||||||
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
||||||
|
@ -90,7 +90,7 @@ munin_node_plugins:
|
||||||
[mikrotik_system_crs305]
|
[mikrotik_system_crs305]
|
||||||
user root
|
user root
|
||||||
env.ssh_user munin
|
env.ssh_user munin
|
||||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
|
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
|
||||||
env.ssh_host 192.168.2.225
|
env.ssh_host 192.168.2.225
|
||||||
- name: mikrotik_system_hex
|
- name: mikrotik_system_hex
|
||||||
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
|
||||||
|
@ -98,7 +98,7 @@ munin_node_plugins:
|
||||||
[mikrotik_system_hex]
|
[mikrotik_system_hex]
|
||||||
user root
|
user root
|
||||||
env.ssh_user munin
|
env.ssh_user munin
|
||||||
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
|
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
|
||||||
env.ssh_host 192.168.3.144
|
env.ssh_host 192.168.3.144
|
||||||
- name: http_response
|
- name: http_response
|
||||||
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response
|
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response
|
||||||
|
|
|
@ -15,20 +15,6 @@ lvm_groups:
|
||||||
manage_lvm: true
|
manage_lvm: true
|
||||||
pvresize_to_max: true
|
pvresize_to_max: true
|
||||||
|
|
||||||
### mgrote_mount_cifs # löschen
|
|
||||||
cifs_mounts:
|
|
||||||
- name: bilder
|
|
||||||
type: cifs
|
|
||||||
state: absent
|
|
||||||
dest: /mnt/fileserver3_photoprism_bilder_ro
|
|
||||||
src: //fileserver3.mgrote.net/bilder
|
|
||||||
user: photoprism
|
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_photoprism', 'password') }}"
|
|
||||||
domain: mgrote.net
|
|
||||||
uid: 5000
|
|
||||||
gid: 5000
|
|
||||||
extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
|
|
||||||
|
|
||||||
### mgrote_docker-compose-inline
|
### mgrote_docker-compose-inline
|
||||||
compose_owner: "docker-user"
|
compose_owner: "docker-user"
|
||||||
compose_group: "docker-user"
|
compose_group: "docker-user"
|
||||||
|
|
|
@ -26,21 +26,21 @@ ytdl_download_limit: "10000K"
|
||||||
### mgrote_fileserver_smb
|
### mgrote_fileserver_smb
|
||||||
smb_users:
|
smb_users:
|
||||||
- name: 'restic'
|
- name: 'restic'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}"
|
||||||
- name: 'win10'
|
- name: 'win10'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_win10', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_win10', 'password') }}"
|
||||||
- name: 'kodi'
|
- name: 'kodi'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_kodi', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_kodi', 'password') }}"
|
||||||
- name: 'michaelgrote'
|
- name: 'michaelgrote'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_michaelgrote', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_michaelgrote', 'password') }}"
|
||||||
- name: 'navidrome'
|
- name: 'navidrome'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}"
|
||||||
- name: 'docker'
|
- name: 'docker'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_docker', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_docker', 'password') }}"
|
||||||
- name: 'pve'
|
- name: 'pve'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_pve', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_pve', 'password') }}"
|
||||||
- name: 'brother_ads2700w'
|
- name: 'brother_ads2700w'
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_brother_ads2700w', 'password') }}"
|
||||||
|
|
||||||
smb_shares:
|
smb_shares:
|
||||||
- name: 'videos'
|
- name: 'videos'
|
||||||
|
|
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
|
@ -34,8 +34,8 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
|
||||||
#### Nutzer
|
#### Nutzer
|
||||||
```
|
```
|
||||||
smb_users:
|
smb_users:
|
||||||
- name: 'annemariedroessler' # Nutzername
|
- name: 'xxx' # Nutzername
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_amd', 'password') }}" # Passwort als Klartext
|
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_xxx', 'password') }}" # Passwort als Klartext
|
||||||
state: present # Status(default: present)
|
state: present # Status(default: present)
|
||||||
remove_dir: false # removes homedir if state is absent und remove_dir is true (default: false)
|
remove_dir: false # removes homedir if state is absent und remove_dir is true (default: false)
|
||||||
```
|
```
|
||||||
|
@ -46,7 +46,7 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
|
||||||
- name: 'videos' # Freigabename
|
- name: 'videos' # Freigabename
|
||||||
path: '/shares_videos' # Pfad auf SMB-Server
|
path: '/shares_videos' # Pfad auf SMB-Server
|
||||||
users_ro: ' win10 kodi' # Nutzer - Lesezugriff
|
users_ro: ' win10 kodi' # Nutzer - Lesezugriff
|
||||||
users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff
|
users_rw: 'xxx michaelgrote' # Nutzer - Schreibzugriff
|
||||||
# Optional(+default-values)
|
# Optional(+default-values)
|
||||||
item.guest ok: "no"
|
item.guest ok: "no"
|
||||||
item.read only: "no"
|
item.read only: "no"
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
|
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
|
||||||
#no_log: true
|
no_log: true
|
||||||
become_user: gitea
|
become_user: gitea
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.command: |
|
ansible.builtin.command: |
|
||||||
|
|
|
@ -6,7 +6,7 @@ dotfiles:
|
||||||
home: /root
|
home: /root
|
||||||
|
|
||||||
ansible_forgejo_user: svc_ansible
|
ansible_forgejo_user: svc_ansible
|
||||||
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
|
||||||
|
|
||||||
dotfiles_vim_vundle_repo_url: "https://github.com/VundleVim/Vundle.vim.git"
|
dotfiles_vim_vundle_repo_url: "https://github.com/VundleVim/Vundle.vim.git"
|
||||||
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
|
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
|
||||||
|
|
Loading…
Reference in a new issue