--- ### mrlesmithjr.ansible-manage-lvm lvm_groups: - vgname: vg_gitea_data disks: - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 create: true lvnames: - lvname: lv_gitea_data size: +100%FREE create: true filesystem: xfs mount: true mntp: /var/lib/gitea manage_lvm: true pvresize_to_max: true ### mgrote.restic restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: "{{ gitea_http_port }}" protocol: tcp comment: 'gitea' from_ip: 0.0.0.0/0 - rule: allow to_port: "{{ gitea_ssh_port }}" protocol: tcp comment: 'gitea' from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.144/24 ### l3d.gitea # config liegt in /etc/gitea/gitea.ini gitea_version: "1.20.3" gitea_app_name: "Gitea" gitea_user: "gitea" gitea_home: "/var/lib/gitea" gitea_repository_root: "{{ gitea_home }}" gitea_user_repo_limit: 300 gitea_root_url: https://git.mgrote.net gitea_offline_mode: true gitea_lfs_server_enabled: false gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}" gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}" gitea_disable_git_hooks: false gitea_show_user_email: false gitea_disable_gravatar: true gitea_enable_captcha: true gitea_only_allow_external_registration: false gitea_enable_notify_mail: false gitea_force_private: false gitea_oauth2_enabled: true gitea_repo_indexer_enabled: true gitea_mailer_enabled: true gitea_mailer_skip_verify: false gitea_mailer_tls_enabled: true gitea_mailer_host: smtp.strato.de:465 gitea_mailer_from: info@mgrote.net gitea_mailer_user: "info@mgrote.net" gitea_mailer_password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" gitea_mailer_type: smtp gitea_default_branch: 'master' gitea_db_type: sqlite3 gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3 gitea_ssh_listen: 0.0.0.0 gitea_ssh_domain: gitea.grote.lan gitea_ssh_port: 2222 gitea_start_ssh: true gitea_http_domain: git.mgrote.net gitea_http_listen: 0.0.0.0 gitea_http_port: 3000 gitea_disable_http_git: false gitea_protocol: http gitea_show_registration_button: false gitea_require_signin: false gitea_disable_registration: true gitea_fail2ban_enabled: true gitea_fail2ban_jail_maxretry: 3 gitea_fail2ban_jail_findtime: 300 gitea_fail2ban_jail_bantime: 600 # wird für drone benötigt, sonst wird der Webhook nicht "gesendet" gitea_extra_config: | [webhook] ALLOWED_HOST_LIST = *.grote.lan gitea_backup_on_upgrade: false gitea_backup_location: "{{ gitea_home }}/backups/" ### mgrote.munin-node munin_node_plugins: - name: chrony src: https://git.mgrote.net/Mirror/munin-contrib/raw/branch/master/plugins/chrony/chrony - name: systemd_status src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - name: systemd_mem src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem config: | [systemd_mem] env.all_services true - name: lvm_ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ config: | [lvm_*] user root - name: fail2ban src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban config: | [fail2ban] env.client /usr/bin/fail2ban-client env.config_dir /etc/fail2ban user root - name: http_response src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response config: | [http_response] env.sites http://gitea.grote.lan:3000 https://git.mgrote.net env.max_time 20 env.short_label true env.follow_redirect true - name: drone src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/cicd/drone config: | [drone] env.url http://docker10.grote.lan:81/api/user/repos?latest=true env.token {{ lookup('keepass', 'munin_plugin_drone_token', 'password') }}