--- ### wird in vielen Rollen verwendet empfaenger_mail: michael.grote@posteo.de file_header: | #----------------------------------------------------------------# # This file is managed with ansible! # #----------------------------------------------------------------# ### geerlingguy.munin-node munin_node_bind_host: "0.0.0.0" munin_node_bind_port: "4949" munin_node_allowed_cidrs: [192.168.2.0/24] munin_node_disabled_plugins: - name: meminfo # zu hohe last - name: hddtemp2 # ersetzt durch hddtemp_smartctl - name: ntp # verursacht zu viele dns ptr request - name: hddtempd # ersetzt durch hddtemp_smartctl - name: ipmi_power # für pve2, leeres diagramm - name: docker_images - name: docker_status munin_node_plugins: - name: chrony src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/chrony - name: systemd_status src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/systemd_status - name: lvm_ src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/lvm_ config: | [lvm_*] user root ### mgrote.dotfiles dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles dotfiles_repo_path: /home/mg/dotfiles dotfiles_files: - repo_path: "{{ dotfiles_repo_path}}/.vimrc" local_path: "/home/mg/.vimrc" - repo_path: "{{ dotfiles_repo_path}}/.tmux.conf" local_path: "/home/mg/.tmux.conf" - repo_path: "{{ dotfiles_repo_path}}/.gitconfig" local_path: "/home/mg/.gitconfig" dotfiles_owner: mg ### jnv.unattended_upgrades unattended_mail: "{{ empfaenger_mail }}" unattended_mail_only_on_error: true unattended_syslog_enable: true unattended_origins_patterns: - 'origin=Ubuntu,archive=${distro_codename}-security' - 'o=Ubuntu,a=${distro_codename}-updates' ### mgrote.ntp_chrony_server ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet ntp_chrony_servers: # welche Server sollen befragt werden - address: ntp-server.grote.lan options: iburst #optionaler parameter ntp_chrony_logging: false # logging an/aus ### mgrote.postfix postfix_absender_mailadresse: info@mgrote.net postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" postfix_mail_nach_cronjob: false postfix_smtp_server: smtp.strato.de postfix_smtp_server_port: 587 postfix_smtp_use_tls: "yes" ### mgrote.apt_manage_sources manage_sources_apt_proxy_server: acng.grote.lan manage_sources_apt_proxy_port: 9999 ### mgrote.restic restic_folders_to_backup: "/usr/local /etc /root /home" restic_cron_hours: "19" restic_repository: "//fileserver2.grote.lan/backup/restic" restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}" restic_mount: "/mnt/restic" restic_mount_user: restic restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}" restic_exclude: | ._* desktop.ini .Trash-* **/**cache***/** **/**Cache***/** **/**AppData***/** ### mgrote.tmux tmux_conf_destination: "/home/mg/.tmux.conf" tmux_bashrc_destination: "/home/mg/.bashrc" tmux_standardsession_name: "default" ### mgrote.fail2ban f2b_bantime: 300 f2b_findtime: 300 f2b_maxretry: 5 f2b_destemail: "{{ empfaenger_mail }}" f2b_sender: "{{ postfix_absender_mailadresse }}" ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 192.168.2.0/24 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.144/24 ufw_default_incoming_policy: deny ufw_default_outgoing_policy: allow ### ryandaniels.create_users users: - username: mg password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" update_password: on_create ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2 use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo, docker servers: - docker - username: mg password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" update_password: on_create ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo servers: - dokuwiki - fileserver - pihole - ntpserver - acng - ansible - physical - gitea - laptop - vmtest - username: munin password: "{{ lookup('keepass', 'munin_linux_password_hash', 'password') }}" update_password: always use_sudo: yes use_sudo_nopass: yes user_state: present groups: root, docker servers: - production - username: root password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}" update_password: always ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo, root servers: - proxmox - username: ansible-user password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2 use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo servers: - production - test - laptop ### mgrote.apt_install_packages programs_common: - locales - python3 - build-essential - htop - git - dnsutils - nano - mc - cifs-utils - haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/ - ca-certificates - netdiscover - tree - curl - whois - logrotate - ncdu - net-tools - apt-transport-https - neofetch - moreutils - ntpdate - acl - vim - rsync - at - ripgrep programs_only_physical: - hddtemp - ipmitool - s-tui - smartmontools - lm-sensors - ethtool programs_only_vms: - qemu-guest-agent - open-vm-tools # Ansible Variablen ### User ansible_user: "ansible-user" ### SSH ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'" ### python3 # https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html ansible_python_interpreter: "/usr/bin/python3" # Ansible Plugin Variablen ### Keepass # https://github.com/viczem/ansible-keepass keepass_dbx: "./keepass_db.kdbx" keepass_psw: !vault | $ANSIBLE_VAULT;1.1;AES256 62383737623066396239383336646164616537646630653964313532383130343533346561633039 3437306134656535353438666165376332633064383135650a636537626662656130376537633164 61613132326536666466636632363866393066656236303766333338356337396338376266346631 6364336331623539300a313562303161373631613734313938346666376239613333333363376236 38363035376662353135333332363431343833656666643036326234656166643531