---
### oefenweb.ufw
ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'ssh'
    from_ip: 0.0.0.0/0
  - rule: allow
    to_port: 80 #TODO passt?
    protocol: tcp
    comment: 'munin'

### mgrote_restic
restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/munin"

### geerlingguy.apache
apache_vhosts:
  # Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
  - servername: "munin.mgrote.net"
    documentroot: "/var/cache/munin/www"

### mrlesmithjr.ansible-manage-lvm
lvm_groups:
  - vgname: vg_munin
    disks:
      - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
    create: true
    lvnames:
      - lvname: lv_munin
        size: +100%FREE
        create: true
        filesystem: xfs
        mount: true
        mntp: /var/lib/munin
manage_lvm: true
pvresize_to_max: true

###  mgrote_munin_master
munin_mode: cgi # or cron
munin_mail_user: munin@mgrote.net
munin_mail_server: "{{ postfix_smtp_server }}"
munin_mail_port: "{{ 1025 }}"
munin_mail_tls: false
munin_enable_alerts: false
munin_alerts_to: info@mgrote.net

munin_hosts:
  - name: "{{ ansible_fqdn }}.mgrote.net"
    address: "127.0.0.1"
    extra: ["use_node_name yes"]
  - name: fileserver3.mgrote.net
    address: fileserver3.mgrote.net
    extra: ["use_node_name yes"]
  - name: pve5.mgrote.net
    address: pve5.mgrote.net
    extra: ["use_node_name yes"]
  - name: forgejo.mgrote.net
    address: forgejo.mgrote.net
    extra: ["use_node_name yes"]
  - name: docker10.mgrote.net
    address: docker10.mgrote.net
    extra: ["use_node_name yes"]
  - name: pbs.mgrote.net
    address: pbs.mgrote.net
    extra: ["use_node_name yes"]
  - name: blocky.mgrote.net
    address: blocky.mgrote.net
    extra: ["use_node_name yes"]
  - name: ldap.mgrote.net
    address: ldap.mgrote.net
    extra: ["use_node_name yes"]

### mgrote_munin_node
munin_node_bind_host: "127.0.0.1"
munin_node_bind_port: "4949"
munin_node_allowed_cidrs: [127.0.0.1]
munin_node_plugins:
  - name: mikrotik_system_rb5009
    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
    config: |
        [mikrotik_system_rb5009]
        user root
        env.ssh_user munin
        env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
        env.ssh_host 192.168.2.1
  - name: mikrotik_system_crs305
    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
    config: |
        [mikrotik_system_crs305]
        user root
        env.ssh_user munin
        env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
        env.ssh_host 192.168.2.225
  - name: mikrotik_system_hex
    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/router/mikrotik_system
    config: |
        [mikrotik_system_hex]
        user root
        env.ssh_user munin
        env.ssh_password {{ lookup('viczem.keepass.keepass', 'routeros-munin-user-password', 'password') }}
        env.ssh_host 192.168.3.144

### mgrote.apt_manage_packages
apt_packages_extra:
  - sshpass # für munin: mikrotik_system