mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

add laptop setup #268

Merged
mg merged 44 commits from laptop_mint into master 2024-12-30 20:06:25 +01:00
Conversation 0 Commits 44 Files changed 106 +107 -1
2 changed files with 107 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 3d4ec29baf - Show all commits

3
group_vars/all.yml
View file

@ -20,6 +20,7 @@ dotfiles:
home: /root
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"
### mgrote_netplan
netplan_configure: true
@ -101,7 +102,7 @@ restic_exclude: |
**/**AppData***/**
restic_folders_to_backup: "/usr/local /etc /root /home"
restic_repository: "//fileserver3.mgrote.net/restic"
restic_fail_mail: michael.grote@posteo.de
restic_fail_mail: "{{ my_mail }}"
restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
restic_mount_user: restic

105
host_vars/irantu.mgrote.net.yml
View file

@ -0,0 +1,105 @@
---
# Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen.
### mgrote_user_setup
dotfiles:
- user: mg
home: /home/mg
- user: root
home: /root
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"
### mgrote_user
users:
- username: mg
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
update_password: always
groups:
- ssh
- sudo
state: present
public_ssh_key: "{{ ssh_public_key_mg }}"
allow_sudo: true
allow_passwordless_sudo: true
- username: ansible-user
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: always
groups:
- ssh
- sudo
state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE
allow_sudo: true
allow_passwordless_sudo: true
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow
### mgrote_restic
restic_exclude: |
._*
desktop.ini
.Trash-*
**/**cache***/**
**/**Cache***/**
**/**AppData***/**
restic_folders_to_backup: "/usr/local /etc /root /home"
restic_repository: "//fileserver3.mgrote.net/restic"
restic_fail_mail: "{{ my_mail }}"
restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}"
restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow
restic_mount_user: restic
restic_schedule: "*-*-* 4:00:00"
### mgrote_apt_manage_packages
apt_packages_common:
- locales
- python3
- build-essential
- htop
- git
- dnsutils
- mc
- cifs-utils
- haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/
- ca-certificates
- netdiscover
- tree
- curl
- whois
- logrotate
- ncdu
- net-tools
- apt-transport-https
- moreutils
- acl
- vim
- rsync
- at
- ripgrep
- iotop
- pwgen
- keychain
- bc
- jq
apt_packages_physical:
- s-tui
- smartmontools
- lm-sensors
- ethtool
- fwupd
apt_packages_absent:
- nano
- snapd
- ubuntu-advantage-tools
- neofetch
- graphviz
- ubuntu-pro-client
...