---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
  - vgname: vg_docker
    disks:
      - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
    create: true
    lvnames:
      - lvname: docker
        size: +100%FREE
        create: true
        filesystem: xfs
        mount: true
        mntp: /var/lib/docker
manage_lvm: true
pvresize_to_max: true

### mgrote_mount_cifs
cifs_mounts:
  - name: bilder
    type: cifs
    state: present
    dest: /mnt/fileserver3_photoprism_bilder_ro
    src: //fileserver3.mgrote.net/bilder
    user: photoprism
    password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"
    domain: mgrote.net
    uid: 5000
    gid: 5000
    extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird

### mgrote.restic
restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben

### mgrote.docker-compose-inline
compose_owner: "docker-user"
compose_group: "docker-user"
compose_file_permissions: "644"
compose_dir_permissions: "755"
compose_dest_basedir: "/docker"
compose_src_basedir: "{{ inventory_dir }}/docker-compose"
compose_files:
  - name: registry
    state: present
    network: traefik
  - name: nextcloud
    state: present
    network: traefik
  - name: httpd
    state: present
  - name: unifi-network-application
    state: present
  - name: miniflux
    state: present
    network: traefik
  - name: traefik
    state: present
    network: traefik
  - name: navidrome
    state: present
    network: traefik
  - name: watchtower
    state: present
  - name: routeros-config-export
    state: present
  - name: mail-relay
    state: present
    network: mail-relay
  - name: woodpecker
    state: present
    network: traefik
  - name: photoprism
    state: present
  - name: wiki
    state: present
    network: traefik
  - name: statping-ng
    state: present
  - name: loki
    state: present
    
### oefenweb.ufw
ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'ssh'
    from_ip: 0.0.0.0/0
  # docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
  - rule: allow
    from_ip: 192.168.0.0/16
    comment: 'docker networks'
  - rule: allow
    from_ip: 172.0.0.0/8
    comment: 'docker networks'