---
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 192.168.2.0/24
    # Weitere Regeln sind nicht notwendig da Docker iptables selber verwaltet.
#    - rule: allow
#      comment: 'alles erlauben'
  ### geerlingguy.docker
  docker_users:
    - mg
    - root
    - ansible-user
  ### ryandaniels.create_users
  users:
  - username: mg
    password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
    update_password: on_create
    ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
    use_sudo: yes
    use_sudo_nopass: yes
    user_state: present
    groups: ssh, sudo, docker
    servers:
      - production
      - staging
      - test
      - virt
      - cephq
      - k8s
  ### mgrote.restic
  restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
  restic_cron_hours: "*"
  restic_exclude: |
        ._*
        desktop.ini
        .Trash-*
        **/**cache***/**
        **/**Cache***/**
        **/**AppData***/**
        /var/lib/docker/volumes/***Musik***
        /var/lib/docker/volumes/***musik***
        # https://github.com/restic/restic/issues/1005
        # https://forum.restic.net/t/exclude-syntax-confusion/1531/12