---
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 5000
      protocol: tcp
      comment: 'rss-feed-changedetection'
  ### geerlingguy.docker
  docker_users:
    - mg
  ### mgrote.restic
  restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
  qssrestic_cron_hours: "*/4"
  restic_exclude: |
        ._*
        desktop.ini
        .Trash-*
        **/**cache***/**
        **/**Cache***/**
        **/**AppData***/**
        /var/lib/docker/volumes/***Musik***
        /var/lib/docker/volumes/***musik***
        /var/lib/docker/volumes/***musik***
        /var/lib/docker/volumes/***musik***
        /var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/**
        # https://github.com/restic/restic/issues/1005
        # https://forum.restic.net/t/exclude-syntax-confusion/1531/12
  ### ryandaniels.create_users
  users:
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
      update_password: on_create
      ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw==  #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
      use_sudo: yes
      use_sudo_nopass: yes
      user_state: present
      groups: ssh, sudo, docker
      servers:
        - production
        - test
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
      update_password: on_create
      ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
      use_sudo: yes
      use_sudo_nopass: yes
      user_state: present
      groups: ssh, sudo
      servers:
        - production
        - test