mg
/
homeserver
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Compare commits

merge into: mg:master
Branches Tags
mg:master
mg:duplicati
mg:trldau
mg:test
mg:g
mg:lbu
mg:gb
mg:mkdocs_auth
mg:laptop
mg:portfolio
mg:acv
mg:cccc
mg:w
mg:b2
mg:logging
mg:mfd
mg:mmrr
mg:lldap
...
pull from: mg:laptop
Branches Tags
mg:master
mg:duplicati
mg:trldau
mg:test
mg:g
mg:lbu
mg:gb
mg:mkdocs_auth
mg:laptop
mg:portfolio
mg:acv
mg:cccc
mg:w
mg:b2
mg:logging
mg:mfd
mg:mmrr
mg:lldap

18 Commits
master ... laptop

Author SHA1 Message Date
Michael Grote abbd3a4027 hash mg irantu 2024-04-02 16:12:27 +02:00
Michael Grote fec3d05853 dfg 2024-04-02 16:12:27 +02:00
Michael Grote 2711b53443 handler 2024-04-02 16:12:27 +02:00
Michael Grote 76e80bef32 pb 2024-04-02 16:12:27 +02:00
Michael Grote 65e11720b4 ln 2024-04-02 16:12:27 +02:00
Michael Grote 4816028a69 d 2024-04-02 16:12:27 +02:00
Michael Grote 27814973f9 m 2024-04-02 16:12:27 +02:00
Michael Grote 8b24cb052d vars 2024-04-02 16:12:27 +02:00
Michael Grote 821621a542 add wine 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote 79a5973721 add wireguard 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote 1fed3f9fca chnage password 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote e7e4a4919a packages 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote 938cc8c287 fixes 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote 3330df558a housekeeping 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote 76fae15233 vars 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote d67020db21 sources 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote 1d21878b43 inventory 
Signed-off-by: Michael Grote <michael.grote@posteo.de>
 2024-04-02 16:12:27 +02:00
Michael Grote 6db5b9d2b8 f 2024-04-02 16:12:27 +02:00
11 changed files with 132 additions and 32 deletions
Show Stats Expand all files Collapse all files

23
group_vars/all.yml
View File

@ -20,29 +20,6 @@ dotfiles_vim_vundle_repo_url: https://git.mgrote.net/mirrors/Vundle.vim.git
### mgrote_netplan
netplan_configure: true
### mgrote_restic
restic_user: root
restic_group: restic
restic_conf_dir: /etc/restic
restic_exclude: |
._*
desktop.ini
.Trash-*
**/**cache***/**
**/**Cache***/**
**/**AppData***/**
# https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
restic_mount_timeout: "10 min"
restic_failure_delay: "30 s"
restic_schedule: "0/6:00" # alle 6 Stunden
restic_folders_to_backup: "/" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
restic_repository: "//fileserver3.mgrote.net/restic"
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
restic_mount_user: restic
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
restic_fail_mail: "{{ my_mail }}"
### mgrote_user
users:
- username: mg

67
host_vars/irantu.mgrote.net Normal file
View File

@ -0,0 +1,67 @@
---
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 192.168.2.0/24
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow
### apt_install_packages
apt_packages_extra:
- qemu
- virt-manager
- tmux
- keychain
- jq
- vim
- cifs-utils
- nextcloud-desktop
- keepassxc
- openssh-server
- sshpass
- ansible
- linux-oem-22.04c
- vlc
- rofi
- wireguard
- wine
### mgrote_user
users:
- username: mg
password: "{{ lookup('keepass', 'mg_irantu_hash', 'password') }}"
update_password: always
groups: ssh, sudo
state: present
public_ssh_key: "{{ ssh_public_key_mg }}"
allow_sudo: true
allow_passwordless_sudo: true
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: always
groups: ssh, sudo
state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
allow_sudo: true
allow_passwordless_sudo: true
### mgrote.wireguard
wireguard_profiles:
- name: wg0
privatekey: "{{ lookup('keepass', 'wireguard_irantu_private_key', 'password') }}"
address: 10.25.25.4/24
dns: 192.168.2.37
publickey: yUDu0ReEz6CjFW6Ecoh2oN/eAGRtVQP38Bu5hJnv1w0=
allowedips: 192.168.2.0/24, 192.168.3.0/24
endpoint: mgrote.net:13231
- name: wg1
privatekey: "{{ lookup('keepass', 'wireguard_irantu_private_key', 'password') }}"
address: 10.25.25.4/24
dns: 192.168.2.37
publickey: yUDu0ReEz6CjFW6Ecoh2oN/eAGRtVQP38Bu5hJnv1w0=
allowedips: 0.0.0.0/0
endpoint: mgrote.net:13231
...

5
inventory
View File

@ -32,6 +32,10 @@ all:
hosts:
pve5.mgrote.net:
pbs.mgrote.net:
irantu.mgrote.net:
laptop:
hosts:
irantu.mgrote.net:
gitea:
hosts:
gitea.mgrote.net:
@ -39,6 +43,7 @@ all:
production:
hosts:
fileserver3.mgrote.net:
irantu.mgrote.net:
ansible2.mgrote.net:
pve5.mgrote.net:
gitea.mgrote.net:

BIN
keepass_db.kdbx
View File

Binary file not shown.

4
playbooks/3_service/laptop.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: laptop
roles:
- { role: mgrote_wireguard, tags: "wireguard", become: true }

8
roles/mgrote_apt_manage_sources/vars/mint.yaml Normal file
View File

@ -0,0 +1,8 @@
---
# Repositories
repos:
- "deb http://packages.linuxmint.com victoria main upstream import backport"
- "deb http://de.archive.ubuntu.com/ubuntu jammy main restricted universe multiverse" # TODO
- "deb http://de.archive.ubuntu.com/ubuntu jammy-updates main restricted universe multiverse"
- "deb http://de.archive.ubuntu.com/ubuntu jammy-security main restricted universe multiverse"
- "deb http://de.archive.ubuntu.com/ubuntu jammy-backports main restricted universe multiverse"

9
roles/mgrote_apt_manage_sources/vars/mint.yml
View File

@ -1,9 +0,0 @@
---
# Repositories
repos:
- "deb http://packages.linuxmint.com vera main upstream import backport"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} main restricted universe multiverse"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates main restricted universe multiverse"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-backports main restricted universe multiverse"
- "deb http://security.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse"
- "deb http://archive.canonical.com/ubuntu/ {{ ansible_distribution_release }} partner"

11
roles/mgrote_wireguard/defaults/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
wireguard_conf_dir: /etc/wireguard
#wireguard_profiles:
# - name: wg0
# privatekey:
# address:
# dns:
# publickey:
# allowedips:
# endpoint:
...

5
roles/mgrote_wireguard/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Ensure resolvconf is configured # noqa no-changed-when
become: true
ansible.builtin.command: ln -s /usr/bin/resolvectl /usr/local/bin/resolvconf
...

22
roles/mgrote_wireguard/tasks/main.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Ensure package exists
become: true
ansible.builtin.package:
name:
- wireguard
state: present
notify:
- Ensure resolvconf is configured
- name: Ensure profiles are templated
become: true
ansible.builtin.template:
src: "wg.conf.j2"
dest: "{{ wireguard_conf_dir }}/{{ item.name }}.conf"
owner: root
group: root
mode: "0600"
when:
- wireguard_profiles is defined
loop: wireguard_profiles
...

10
roles/mgrote_wireguard/templates/wg.conf.j2 Normal file
View File

@ -0,0 +1,10 @@
[Interface]
PrivateKey = {{ privatekey }}
Address = {{ address }}
DNS = {{ dns }}
[Peer]
PublicKey = {{ publickey }}
AllowedIPs = {{ allowedips }}
Endpoint = {{ endpoint }}
PersistentKeepalive = 25