d

host_vars/fileserver3.mgrote.net.yml

@@ -55,8 +55,6 @@ smb_users:
     password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
   - name: 'brother_ads2700w'
     password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
-  - name: 'photoprism'
-    password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"
 
 smb_shares:
   - name: 'videos'
@@ -89,7 +87,7 @@ smb_shares:
     users_rw: 'kodi win10 michaelgrote'
   - name: 'bilder'
     path: '/shares_bilder'
-    users_ro: 'photoprism'
+    users_ro: ''
     users_rw: ' michaelgrote win10'
   - name: 'proxmox'
     path: '/shares_pve_backup'

host_vars/gitea.mgrote.net.yml

@@ -1,116 +0,0 @@
----
-### mrlesmithjr.ansible-manage-lvm
-lvm_groups:
-  - vgname: vg_gitea_data
-    disks:
-      - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
-    create: true
-    lvnames:
-      - lvname: lv_gitea_data
-        size: +100%FREE
-        create: true
-        filesystem: xfs
-        mount: true
-        mntp: /var/lib/gitea
-manage_lvm: true
-pvresize_to_max: true
-
-### mgrote_apt_manage_packages
-apt_packages_extra:
-  - fail2ban
-
-### oefenweb.ufw
-ufw_rules:
-  - rule: allow
-    to_port: 22
-    protocol: tcp
-    comment: 'ssh'
-    from_ip: 0.0.0.0/0
-  - rule: allow
-    to_port: 4949
-    protocol: tcp
-    comment: 'munin'
-    from_ip: 192.168.2.0/24
-  - rule: allow
-    to_port: "{{ gitea_http_port }}"
-    protocol: tcp
-    comment: 'gitea'
-    from_ip: 0.0.0.0/0
-  - rule: allow
-    to_port: "{{ gitea_ssh_port }}"
-    protocol: tcp
-    comment: 'gitea'
-    from_ip: 0.0.0.0/0
-
-### l3d.gitea
-# config liegt in /etc/gitea/gitea.ini
-gitea_version: "1.21.7-0"
-gitea_fork: "forgejo"
-gitea_app_name: "Gitea"
-gitea_user: "gitea"
-gitea_home: "/var/lib/gitea"
-gitea_repository_root: "{{ gitea_home }}"
-gitea_user_repo_limit: 300
-gitea_root_url: https://git.mgrote.net
-gitea_offline_mode: true
-gitea_lfs_server_enabled: false
-gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}"
-gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}"
-gitea_disable_git_hooks: false
-gitea_show_user_email: false
-gitea_disable_gravatar: true
-gitea_enable_captcha: true
-gitea_only_allow_external_registration: false
-gitea_enable_notify_mail: true
-gitea_autowatch_on_change: true
-gitea_force_private: false
-gitea_oauth2_enabled: true
-gitea_repo_indexer_enabled: true
-
-gitea_mailer_enabled: true
-gitea_mailer_protocol: smtp
-gitea_mailer_smtp_addr: docker10.mgrote.net
-gitea_mailer_smtp_port: 1025
-gitea_mailer_from: "gitea@mgrote.net"
-
-gitea_default_branch: 'master'
-
-gitea_db_type: sqlite3
-gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3
-
-gitea_ssh_listen: 0.0.0.0
-gitea_ssh_domain: gitea.mgrote.net
-gitea_ssh_port: 2222
-gitea_start_ssh: true
-
-gitea_http_domain: git.mgrote.net
-gitea_http_listen: 0.0.0.0
-gitea_http_port: 3000
-gitea_disable_http_git: false
-gitea_protocol: http
-
-gitea_show_registration_button: false
-gitea_require_signin: false
-gitea_disable_registration: true
-
-gitea_fail2ban_enabled: true
-gitea_fail2ban_jail_maxretry: 3
-gitea_fail2ban_jail_findtime: 300
-gitea_fail2ban_jail_bantime: 600
-# webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
-# archive_cleanup: https://forum.gitea.com/t/how-to-configure-cron-task-for-delete-all-repositories-archives-zip-tar-gz-etc/4848/3
-gitea_extra_config: |
-  [webhook]
-  ALLOWED_HOST_LIST = *.mgrote.net
-
-  [cron.archive_cleanup]
-  ENABLED = true
-  RUN_AT_START = true
-  SCHEDULE = @midnight
-
-gitea_backup_on_upgrade: false
-gitea_backup_location: "{{ gitea_home }}/backups/"
-
-submodules_versioncheck: true
-gitea_log_systemd: true
-gitea_log_level: "Info"

playbooks/3_service/docker.yml

@@ -2,7 +2,6 @@
 - hosts: docker
   roles:
     - { role: mgrote_systemd_resolved, tags: "dns", become: true }
-    - { role: mgrote_mount_cifs, tags: "cifs", become: true }
     - { role: ansible-role-pip, tags: "pip", become: true }
     - { role: ansible-role-docker, tags: "docker", become: true }
     - { role: ansible_role_ctop, tags: "ctop", become: true }

roles/mgrote_gitea_setup/tasks/ldap.yml

@@ -47,7 +47,7 @@
       --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \
       --username-attribute "uid" \
       --email-attribute "mail" \
-      --firstname-attribute "givennName" \
+      --firstname-attribute "givenName" \
       --surname-attribute "sn" \
       --avatar-attribute "jpegPhoto" \
       --synchronize-users