diff --git a/docker-compose/traefik/file-provider.yml b/docker-compose/traefik/file-provider.yml index 49362c99..b6f6f9ae 100644 --- a/docker-compose/traefik/file-provider.yml +++ b/docker-compose/traefik/file-provider.yml @@ -21,8 +21,8 @@ http: middlewares: ratelimit: rateLimit: - average: 25 - burst: 50 + average: 40 + burst: 80 sourceCriterion: ipStrategy: depth: 2 diff --git a/host_vars/pve5.mgrote.net.yml b/host_vars/pve5.mgrote.net.yml index c6ca2e03..34e3adc6 100644 --- a/host_vars/pve5.mgrote.net.yml +++ b/host_vars/pve5.mgrote.net.yml @@ -173,55 +173,55 @@ sanoid_datasets: ### mgrote_proxmox_bind_mounts pve_bind_mounts: ### fileserver3 - - vmid: 115 + - vmid: 107 mp_nr: 0 mp_path_host: /hdd_data/videos mp_path_guest: /shares_videos - - vmid: 115 + - vmid: 107 mp_nr: 2 mp_path_host: /hdd_data/pve_backup mp_path_guest: /shares_pve_backup - - vmid: 115 + - vmid: 107 mp_nr: 3 mp_path_host: /hdd_data/papa_backup mp_path_guest: /shares_papa_backup - - vmid: 115 + - vmid: 107 mp_nr: 4 mp_path_host: /hdd_data/music mp_path_guest: /shares_music - - vmid: 115 + - vmid: 107 mp_nr: 5 mp_path_host: /hdd_data/tmp mp_path_guest: /shares_tmp - - vmid: 115 + - vmid: 107 mp_nr: 6 mp_path_host: /hdd_data/archiv mp_path_guest: /shares_archiv - - vmid: 115 + - vmid: 107 mp_nr: 7 mp_path_host: /hdd_data/bilder mp_path_guest: /shares_bilder - - vmid: 115 + - vmid: 107 mp_nr: 9 mp_path_host: /hdd_data/scans mp_path_guest: /shares_scans - - vmid: 115 + - vmid: 107 mp_nr: 10 mp_path_host: /hdd_data/restic mp_path_guest: /shares_restic - - vmid: 115 + - vmid: 107 mp_nr: 12 mp_path_host: /hdd_data/backup mp_path_guest: /shares_backup - - vmid: 115 + - vmid: 107 mp_nr: 14 mp_path_host: /hdd_data/buecher mp_path_guest: /shares_buecher - - vmid: 115 + - vmid: 107 mp_nr: 15 mp_path_host: /hdd_data/programme mp_path_guest: /shares_programme - - vmid: 115 + - vmid: 107 mp_nr: 16 mp_path_host: /hdd_data/vm mp_path_guest: /shares_vm diff --git a/playbooks/1_bootstrap.yml b/playbooks/1_bootstrap.yml index e96d6ff4..8f616148 100644 --- a/playbooks/1_bootstrap.yml +++ b/playbooks/1_bootstrap.yml @@ -2,7 +2,7 @@ - hosts: all gather_facts: false roles: - - role: ansible-role-bootstrap + - role: robertdebock.bootstrap tags: "bootstrap" become: true - role: mgrote_apt_manage_sources @@ -47,3 +47,8 @@ # Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen. + +# Vorher benötigt werden: +# sudo adduser mg +# sudo adduser mg sudo +# sudo apt install openssh-sever diff --git a/playbooks/3_service/docker.yml b/playbooks/3_service/docker.yml index 05c423ec..f103c1bb 100644 --- a/playbooks/3_service/docker.yml +++ b/playbooks/3_service/docker.yml @@ -4,6 +4,9 @@ - role: mgrote_systemd_resolved tags: "dns" become: true + - role: mgrote_pip_pre_tasks + tags: "pip_pre" + become: true - role: geerlingguy.pip tags: "pip" become: true diff --git a/playbooks/base/monitoring.yml b/playbooks/base/monitoring.yml index f92b6b1f..7beb71b9 100644 --- a/playbooks/base/monitoring.yml +++ b/playbooks/base/monitoring.yml @@ -4,7 +4,6 @@ - role: mgrote_munin_node become: true tags: "munin" - when: "not 'laptop' in group_names" ### Die Host müssen auch beim Docker-Container: "munin-master eingetragen" werden. ### wird nur auf physischen Rechnern ausgeführt. diff --git a/playbooks/base/system.yml b/playbooks/base/system.yml index f5cc995d..1f92b051 100644 --- a/playbooks/base/system.yml +++ b/playbooks/base/system.yml @@ -24,3 +24,4 @@ tags: "ssh" - role: mgrote_netplan tags: "netplan" + when: "not 'fileserver' in group_names" diff --git a/roles/mgrote_fwupd_settings/handlers/main.yml b/roles/mgrote_fwupd_settings/handlers/main.yml index efd7dfbc..c032a9cc 100644 --- a/roles/mgrote_fwupd_settings/handlers/main.yml +++ b/roles/mgrote_fwupd_settings/handlers/main.yml @@ -5,3 +5,5 @@ state: restarted daemon_reload: true name: fwupd-refresh.service + when: + - "'fwupd-refresh.service' in services" diff --git a/roles/mgrote_pip_pre_tasks/tasks/main.yml b/roles/mgrote_pip_pre_tasks/tasks/main.yml new file mode 100644 index 00000000..1a242e3a --- /dev/null +++ b/roles/mgrote_pip_pre_tasks/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# Remove EXTERNALLY-MANAGED file +# Related issue: https://github.com/geerlingguy/ansible-role-pip/issues/57 + https://www.jeffgeerling.com/blog/2023/how-solve-error-externally-managed-environment-when-installing-pip3 + +- name: Get Python 3.X version + ansible.builtin.command: python3 --version + register: pyver + changed_when: false + failed_when: pyver.rc != 0 + +- name: Ignore PEP 668 because it's silly. + ansible.builtin.file: + state: absent + path: "/usr/lib/python{{ pyver.stdout.split()[1] | regex_search('([0-9]+\\.[0-9]+)') }}/EXTERNALLY-MANAGED" + when: pyver.stdout | regex_search('3\.[0-9]+') diff --git a/roles/mgrote_proxmox_bind_mounts/tasks/bm.yml b/roles/mgrote_proxmox_bind_mounts/tasks/bm.yml index 9ecee9dd..3e0414b8 100644 --- a/roles/mgrote_proxmox_bind_mounts/tasks/bm.yml +++ b/roles/mgrote_proxmox_bind_mounts/tasks/bm.yml @@ -20,8 +20,6 @@ register: restart changed_when: - restart.rc == 25 - failed_when: - - restart.rc != 25 notify: restart lxc # füge bind-mount hinzu falls er fehlt, also rc ungleich 0 # pro bind-mount diff --git a/roles/mgrote_ssh/handlers/main.yml b/roles/mgrote_ssh/handlers/main.yml index 6b341078..4456bd14 100644 --- a/roles/mgrote_ssh/handlers/main.yml +++ b/roles/mgrote_ssh/handlers/main.yml @@ -2,6 +2,6 @@ - name: restart sshd become: true ansible.builtin.systemd: - name: sshd + name: ssh enabled: true state: restarted diff --git a/roles/mgrote_user_setup/handlers/main.yml b/roles/mgrote_user_setup/handlers/main.yml index cf9bc9fe..4e6ae4be 100644 --- a/roles/mgrote_user_setup/handlers/main.yml +++ b/roles/mgrote_user_setup/handlers/main.yml @@ -2,7 +2,7 @@ - name: Vundle - PluginInstall # noqa no-changed-when risky-shell-pipe become: true become_user: "{{ item.user }}" - ansible.builtin.shell: yes | vim -c PluginInstall -c qall + ansible.builtin.shell: yes yes yes | vim -c PluginInstall -c qall args: chdir: "{{ item.home }}" loop: "{{ dotfiles }}"