--- ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 192.168.2.0/24 # Weitere Regeln sind nicht notwendig da Docker iptables selber verwaltet. # - rule: allow # comment: 'alles erlauben' ### geerlingguy.docker docker_users: - mg - root - ansible-user - git ### ryandaniels.create_users users: - username: mg password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" update_password: on_create ssh_key: "{{ lookup('keepass', 'mg_ssh_pubkey', 'password') }}" use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo, docker servers: - production - test - username: gitlab-user password: "{{ lookup('keepass', 'gitlab_user_linux_password_hash', 'password') }}" update_password: on_create ssh_key: "{{ lookup('keepass', 'gitlab_user_ssh_pubkey', 'password') }}" use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo, docker servers: - production - test - username: ansible-user password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: on_create ssh_key: "{{ lookup('keepass', 'ansible_user_ssh_pubkey', 'password') }}" use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo servers: - production - test ### mgrote.restic restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker restic_cron_hours: "*" restic_exclude: | ._* desktop.ini .Trash-* **/**cache***/** **/**Cache***/** **/**AppData***/** /var/lib/docker/volumes/***Musik*** /var/lib/docker/volumes/***musik*** /var/lib/docker/volumes/***musik*** /var/lib/docker/volumes/ocrmypdf-auto_scan_input/* /var/lib/docker/volumes/ocrmypdf-auto_scan_output/* # https://github.com/restic/restic/issues/1005 # https://forum.restic.net/t/exclude-syntax-confusion/1531/12