---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
  - vgname: vg_docker
    disks:
      - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
    create: true
    lvnames:
      - lvname: docker
        size: +100%FREE
        create: true
        filesystem: xfs
        mount: true
        mntp: /var/lib/docker
manage_lvm: true
pvresize_to_max: true

### mgrote_mount_cifs #  löschen
cifs_mounts:
  - name: bilder
    type: cifs
    state: absent
    dest: /mnt/fileserver3_photoprism_bilder_ro
    src: //fileserver3.mgrote.net/bilder
    user: photoprism
    password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_photoprism', 'password') }}"
    domain: mgrote.net
    uid: 5000
    gid: 5000
    extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird

### mgrote_docker-compose-inline
compose_owner: "docker-user"
compose_group: "docker-user"
compose_dest_basedir: "/docker"
compose_src_basedir: "{{ inventory_dir }}/docker-compose"
compose_files:
#  - name: registry
#    state: present
#    network: traefik
#  - name: nextcloud
#    state: present
#    network: traefik
#  - name: unifi-network-application
#    state: present
#  - name: miniflux
#    state: present
#    network: traefik
  - name: traefik
    state: present
    network: traefik
#  - name: navidrome
#    state: present
#    network: traefik
#  - name: routeros-config-export
#    state: present
#  - name: postfix
#    state: present
#    network: postfix
  - name: wiki
    state: present
    network: traefik
#  - name: gramps
#    state: present
#  - name: act-runner
#    state: present
#  - name: minio
#    state: present

### oefenweb.ufw
ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'ssh'
    from_ip: 0.0.0.0/0
  # docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
  - rule: allow
    from_ip: 192.168.0.0/16
    comment: 'docker networks'
  - rule: allow
    from_ip: 172.0.0.0/8
    comment: 'docker networks'