--- ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 192.168.2.0/24 # Weitere Regeln sind nicht notwendig da Docker iptables selber verwaltet. # - rule: allow # comment: 'alles erlauben' ### geerlingguy.docker docker_users: - mg - root - ansible-user - git ### ryandaniels.create_users users: - username: mg password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}" update_password: on_create ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}" use_sudo: yes use_sudo_nopass: yes user_state: present groups: ssh, sudo, docker servers: - production - test ### mgrote.restic restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker restic_cron_hours: "*" restic_exclude: | ._* desktop.ini .Trash-* **/**cache***/** **/**Cache***/** **/**AppData***/** /var/lib/docker/volumes/***Musik*** /var/lib/docker/volumes/***musik*** /var/lib/docker/volumes/***musik*** /var/lib/docker/volumes/ocrmypdf-auto_scan_input/* /var/lib/docker/volumes/ocrmypdf-auto_scan_output/* # https://github.com/restic/restic/issues/1005 # https://forum.restic.net/t/exclude-syntax-confusion/1531/12 ### riemers.gitlab-runner gitlab_runner_coordinator_url: https://git.mgrote.net gitlab_runner_registration_token: "{{ lookup('keepass', 'gitlab_runner_registration_token', 'password') }}" gitlab_runner_runners: - name: "{{ ansible_hostname }}-docker" executor: docker