---
  ### PROXMOX
  # fileserver3 ist ein LXC-Container; der Container ist "privileged" damit der Bind-Mount die richtigen Rechte bekommt

  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 445
      comment: 'smb'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 139
      comment: 'smb'
      from_ip: 0.0.0.0/0
    - rule: allow
      to_port: 4949
      protocol: tcp
      comment: 'munin'
      from_ip: 192.168.2.144/24
  ### mgrote.munin-node
  munin_node_plugins:
    - name: timesync
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
    - name: systemd_status
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
    - name: systemd_mem
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
      config: |
        [systemd_mem]
        env.all_services true
    - name: fail2ban
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
      config: |
        [fail2ban]
        env.client /usr/bin/fail2ban-client
        env.config_dir /etc/fail2ban
        user root
    - name: samba
      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/samba
      config: |
        [samba]
        user root
        group root
        env.smbstatus /usr/bin/smbstatus
        env.ignoreipcshare 1
  ### mgrote.fileserver_smb
  smb_workgroup: WORKGROUP
  smb_min_protocol: "SMB2"
  smb_client_min_protocol: "SMB2"
  smb_client_max_protocol: "SMB3_11"
  smb_enable_snapshots_dir: true
  smb_users:
    - name: 'restic'
      password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
    - name: 'win10'
      password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
    - name: 'kodi'
      password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
    - name: 'michaelgrote'
      password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
    - name: 'navidrome'
      password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
    - name: 'docker'
      password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
    - name: 'pve'
      password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
    - name: 'brother_ads2700w'
      password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"

  ### mgrote.apt_manage_packages
  apt_packages_internet:
    - https://github.com/rclone/rclone/releases/download/v1.59.2/rclone-v1.59.2-linux-amd64.deb
    - http://docker10.grote.lan:3344/bash-helper-scripts-mgrote/bash-helper-scripts-mgrote-latest.deb