Compare commits

...

2 commits

Author SHA1 Message Date
024a70ba3c Merge branch 'master' into rsync_mirror_logging
All checks were successful
ansible-lint / gitleaks (pull_request) Successful in 4s
ansible-lint / Ansible Lint (pull_request) Successful in 41s
2024-11-10 15:45:18 +01:00
3d75c0911e keepass housekeeping, adding subdirs, updating vault pass (#232)
All checks were successful
ansible-lint / gitleaks (push) Successful in 3s
ansible-lint / Ansible Lint (push) Successful in 41s
Reviewed-on: #232
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
2024-11-10 15:44:41 +01:00
23 changed files with 72 additions and 80 deletions

View file

@ -12,7 +12,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
environment:
GITEA_INSTANCE_URL: https://git.mgrote.net
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'forgejo/gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
GITEA_RUNNER_NAME: "docker10-act-runner"
CONFIG_FILE: /config.yml

View file

@ -8,11 +8,11 @@ services:
depends_on:
- mf-db17
environment:
DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable"
DATABASE_URL: "postgres://miniflux:{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}@mf-db17/miniflux?sslmode=disable"
RUN_MIGRATIONS: 1
# CREATE_ADMIN: 1
# ADMIN_USERNAME: adminmf
# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_admin_password', 'password') }}"
# ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_admin_password', 'password') }}"
WORKER_POOL_SIZE: 10
POLLING_FREQUENCY: 10
CLEANUP_ARCHIVE_UNREAD_DAYS: -1
@ -39,7 +39,7 @@ services:
pull_policy: missing
environment:
POSTGRES_USER: miniflux
POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux_postgres_password', 'password') }}"
POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}"
TZ: Europe/Berlin
POSTGRES_HOST_AUTH_METHOD: "md5" # Workaround beim Migration von 13 -> 16; https://eelkevdbos.medium.com/upgrade-postgresql-with-docker-compose-99d995e464 ;
volumes:
@ -60,7 +60,7 @@ services:
pull_policy: missing
environment:
TZ: Europe/Berlin
MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux_auth_token', 'password') }}"
MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_auth_token', 'password') }}"
MF_API_URL: https://miniflux.mgrote.net/v1
MF_SLEEP: 600
#MF_DEBUG: 1

View file

@ -12,8 +12,8 @@ services:
volumes:
- data:/data # wird im "command" verwendet/gesetzt
environment:
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}"
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}"
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'username') }}"
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'password') }}"
command: server /data --console-address ":9001"
healthcheck: # https://github.com/minio/minio/issues/18389
test: ["CMD", "mc", "ready", "local"]

View file

@ -54,7 +54,7 @@ volumes:
driver: local
driver_opts:
type: "cifs"
o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}"
o: "user=navidrome,password={{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}"
device: "//192.168.2.54/musik/Musik"
######## Networks ########
networks:

View file

@ -11,15 +11,15 @@ services:
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_INITDB_SKIP_TZINFO: 1
networks:
- intern
healthcheck:
test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"]
test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"]
interval: 30s
timeout: 10s
retries: 3
@ -39,9 +39,9 @@ services:
- intern
restart: unless-stopped
pull_policy: missing
command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
healthcheck:
test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
interval: 5s
timeout: 2s
retries: 3
@ -73,15 +73,15 @@ services:
environment:
# redis
REDIS_HOST: nextcloud-redis
REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
# mysql
MYSQL_DATABASE: nextcloud
MYSQL_USER: nextcloud
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
MYSQL_HOST: nextcloud-db
# admin
NEXTCLOUD_ADMIN_USER: n-admin
NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_admin_user_password', 'password') }}"
NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_admin_user_password', 'password') }}"
# misc
NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
PHP_MEMORY_LIMIT: 1024M

View file

@ -2,7 +2,7 @@
# Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
# lldap_bind_user=nextcloud_bind_user
# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
# lldap_bind_user_groups=lldap_strict_readonly
php occ app:install user_ldap
@ -15,7 +15,7 @@ php occ ldap:set-config s01 ldapPort 3890
# EDIT: admin user
php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
# EDIT: password
php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
# EDIT: Base DN
php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"

View file

@ -1 +1 @@
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_deploy-token', 'notes') }}
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_deploy-token', 'notes') }}

View file

@ -1 +1 @@
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_crs305_private_key', 'notes') }}
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_crs305_private_key', 'notes') }}

View file

@ -1 +1 @@
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_hex_private_key', 'notes') }}
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_hex_private_key', 'notes') }}

View file

@ -1 +1 @@
{{ lookup('viczem.keepass.keepass', 'routeros-config-backup_rb5009_private_key', 'notes') }}
{{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-config-backup_rb5009_private_key', 'notes') }}

View file

@ -8,7 +8,7 @@ log:
identity_validation:
reset_password:
jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}
jwt_secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_jwt_secret', 'password') }}
totp:
issuer: totp.mgrote.net
@ -22,7 +22,7 @@ access_control:
session:
name: authelia_session
secret: {{ lookup('viczem.keepass.keepass', 'authelia_session_secret', 'password') }}
secret: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_session_secret', 'password') }}
expiration: 3600
inactivity: 300
cookies:
@ -40,12 +40,12 @@ regulation:
ban_time: 300
storage:
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_storage_encryption_key', 'password') }}
mysql:
database: authelia
address: 'tcp://authelia-db:3306'
username: authelia
password: {{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}
password: {{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}
notifier:
smtp:
@ -75,6 +75,6 @@ authentication_backend:
group_name: cn
mail: mail
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/

View file

@ -88,15 +88,15 @@ services:
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}"
MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_root_password', 'password') }}"
MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"
MYSQL_DATABASE: authelia
MYSQL_USER: authelia
MYSQL_INITDB_SKIP_TZINFO: 1
networks:
- authelia
healthcheck:
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia_mysql_password', 'password') }}"]
test: ["CMD", "mariadb-show", "authelia", "-h", "localhost", "-u", "authelia", "-p{{ lookup('viczem.keepass.keepass', 'authelia/authelia_mysql_password', 'password') }}"]
interval: 30s
timeout: 10s
retries: 3

View file

@ -9,7 +9,7 @@ file_header: |
#----------------------------------------------------------------#
# für Zugriff auf nicht öffentliche git.mgrote.net-Repos
ansible_forgejo_user: svc_ansible
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
### mgrote_user_setup
dotfiles:
@ -102,7 +102,7 @@ restic_folders_to_backup: "/usr/local /etc /root /home"
restic_repository: "//fileserver3.mgrote.net/restic"
restic_fail_mail: michael.grote@posteo.de
restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
restic_mount_user: restic
restic_schedule: "*-*-* 4:00:00"
@ -268,8 +268,14 @@ ansible_python_interpreter: "/usr/bin/python3"
keepass_dbx: "./keepass_db.kdbx"
keepass_psw: !vault |
$ANSIBLE_VAULT;1.1;AES256
62383737623066396239383336646164616537646630653964313532383130343533346561633039
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
61613132326536666466636632363866393066656236303766333338356337396338376266346631
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
38363035376662353135333332363431343833656666643036326234656166643531
35333563623630373138383563343432333866623533343766646165363261656439653861613336
6632626438396538316565343061393735383836633631620a653832333936313166316436613237
38616366623862306534313038343132613832633162303965313138383232383065336231643030
3862333162643436360a396162303433306138643863333461383737656538636463336533613630
64383631396664636139393932386239656636366337346163643430353838653166393030323132
34623439323063336438663031303638303735353735316238616633343833616461363561666338
36616565393333303935343961386130353435373830383865613133663538633338303762643935
37626537396238386365
# in "ansible-vault" steht das Vault-Secret um die Variablen "keepass_psw" zu entschlüsseln,
# das entschlüsselte Secret ist gleich dem KeepassPW

View file

@ -1,11 +1,11 @@
---
### mgrote_minio_configure
minio_url: https://s3.mgrote.net
minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_access_key', 'password') }}"
minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio_root_secret_key', 'password') }}"
minio_root_access_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_access_key', 'password') }}"
minio_root_secret_key: "{{ lookup('viczem.keepass.keepass', 'minio/minio_root_secret_key', 'password') }}"
minio_users:
- name: testuser
secret: "{{ lookup('viczem.keepass.keepass', 'minio_testuser_secret_key', 'password') }}"
secret: "{{ lookup('viczem.keepass.keepass', 'minio/minio_testuser_secret_key', 'password') }}"
state: present
policy: testbucket_rw
minio_buckets:

View file

@ -92,14 +92,14 @@ gitea_db_type: "postgres"
gitea_db_host: "localhost"
gitea_db_name: "gitea"
gitea_db_user: "gitea"
gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo_db_password', 'password') }}"
gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_db_password', 'password') }}"
# indexer
gitea_repo_indexer_enabled: true
# security
gitea_disable_webhooks: false
gitea_password_check_pwn: false
gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo_internal_token', 'password') }}"
gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo_secret_key', 'password') }}"
gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_internal_token', 'password') }}"
gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_secret_key', 'password') }}"
# service
gitea_disable_registration: true
gitea_register_email_confirm: true
@ -139,7 +139,7 @@ gitea_extra_config: |
[repo-archive]
ENABLED = false
# oauth2
gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo_oauth2_jwt_secret', 'password') }}"
gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_oauth2_jwt_secret', 'password') }}"
# Fail2Ban configuration
gitea_fail2ban_enabled: true
gitea_fail2ban_jail_maxretry: "3"
@ -151,6 +151,6 @@ gitea_fail2ban_jail_action: "iptables-allports"
gitea_ldap_host: "ldap.mgrote.net"
gitea_ldap_base_path: "dc=mgrote,dc=net"
gitea_ldap_bind_user: "forgejo_bind_user"
gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_forgejo_bind_user', 'password') }}"
gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/lldap_forgejo_bind_user', 'password') }}"
gitea_admin_user: "fadmin"
gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo_admin_user_pass', 'password') }}"
gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/forgejo_admin_user_pass', 'password') }}"

View file

@ -41,13 +41,13 @@ lldap_http_port: 17170
lldap_http_host: "0.0.0.0"
lldap_ldap_host: "0.0.0.0"
lldap_public_url: http://ldap.mgrote.net:17170
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}"
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_jwt_secret', 'password') }}"
lldap_ldap_base_dn: "dc=mgrote,dc=net"
lldap_admin_username: ladmin # only used on setup
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}"
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_key_seed', 'password') }}"
#lldap_smtp_from: "lldap@mgrote.net" # unused in role
lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
lldap_smtp_server: "docker10.mgrote.net"
@ -58,6 +58,6 @@ lldap_smtp_enable_password_reset: "true" # must be a string not a boolean
# "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
lldap_db_name: "lldap"
lldap_db_user: "lldap"
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}"
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}"
lldap_db_host: "localhost"
...

View file

@ -82,7 +82,7 @@ munin_node_plugins:
[mikrotik_system_rb5009]
user root
env.ssh_user munin
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
env.ssh_host 192.168.2.1
- name: mikrotik_system_crs305
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@ -90,7 +90,7 @@ munin_node_plugins:
[mikrotik_system_crs305]
user root
env.ssh_user munin
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
env.ssh_host 192.168.2.225
- name: mikrotik_system_hex
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
@ -98,7 +98,7 @@ munin_node_plugins:
[mikrotik_system_hex]
user root
env.ssh_user munin
env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
env.ssh_password {{ lookup('viczem.keepass.keepass', 'mikrotik/routeros-munin-user-password', 'password') }}
env.ssh_host 192.168.3.144
- name: http_response
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response

View file

@ -15,20 +15,6 @@ lvm_groups:
manage_lvm: true
pvresize_to_max: true
### mgrote_mount_cifs # löschen
cifs_mounts:
- name: bilder
type: cifs
state: absent
dest: /mnt/fileserver3_photoprism_bilder_ro
src: //fileserver3.mgrote.net/bilder
user: photoprism
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_photoprism', 'password') }}"
domain: mgrote.net
uid: 5000
gid: 5000
extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
### mgrote_docker-compose-inline
compose_owner: "docker-user"
compose_group: "docker-user"

View file

@ -26,21 +26,21 @@ ytdl_download_limit: "10000K"
### mgrote_fileserver_smb
smb_users:
- name: 'restic'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_restic', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}"
- name: 'win10'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_win10', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_win10', 'password') }}"
- name: 'kodi'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_kodi', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_kodi', 'password') }}"
- name: 'michaelgrote'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_michaelgrote', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_michaelgrote', 'password') }}"
- name: 'navidrome'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_navidrome', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_navidrome', 'password') }}"
- name: 'docker'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_docker', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_docker', 'password') }}"
- name: 'pve'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_pve', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_pve', 'password') }}"
- name: 'brother_ads2700w'
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_brother_ads2700w', 'password') }}"
smb_shares:
- name: 'videos'

Binary file not shown.

View file

@ -34,8 +34,8 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
#### Nutzer
```
smb_users:
- name: 'annemariedroessler' # Nutzername
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_amd', 'password') }}" # Passwort als Klartext
- name: 'xxx' # Nutzername
password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_xxx', 'password') }}" # Passwort als Klartext
state: present # Status(default: present)
remove_dir: false # removes homedir if state is absent und remove_dir is true (default: false)
```
@ -46,7 +46,7 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
- name: 'videos' # Freigabename
path: '/shares_videos' # Pfad auf SMB-Server
users_ro: ' win10 kodi' # Nutzer - Lesezugriff
users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff
users_rw: 'xxx michaelgrote' # Nutzer - Schreibzugriff
# Optional(+default-values)
item.guest ok: "no"
item.read only: "no"

View file

@ -16,7 +16,7 @@
changed_when: false
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
#no_log: true
no_log: true
become_user: gitea
become: true
ansible.builtin.command: |

View file

@ -6,7 +6,7 @@ dotfiles:
home: /root
ansible_forgejo_user: svc_ansible
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo/user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
dotfiles_vim_vundle_repo_url: "https://github.com/VundleVim/Vundle.vim.git"
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles