--- ### mrlesmithjr.ansible-manage-lvm lvm_groups: - vgname: vg_docker disks: - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 create: true lvnames: - lvname: lv_docker size: +100%FREE create: true filesystem: xfs mount: true mntp: /var/lib/docker manage_lvm: true pvresize_to_max: true ### mgrote.restic restic_folders_to_backup: "/ /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files ### mgrote.user users: - username: mg password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" update_password: on_create groups: ssh, sudo, docker state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true allow_passwordless_sudo: true - username: docker-user password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}" update_password: on_create groups: ssh, sudo, docker state: present allow_sudo: true allow_passwordless_sudo: true uid: "5000" - username: ansible-user password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: on_create groups: ssh, sudo state: present public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2 allow_sudo: true allow_passwordless_sudo: true - username: drone password: "{{ lookup('keepass', 'drone_linux_password_hash', 'password') }}" update_password: on_create groups: ssh, sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvdN2vrhe57wMfJXELr1QycQo3H5yQIMl6BIBx1yl81 drone.io-User allow_sudo: true allow_passwordless_sudo: true ### geerlingguy.docker docker_users: - mg - docker-user ### geerlingguy.pip pip_package: python3-pip pip_install_packages: - name: docker # für munin-plugin docker_ ### mgrote.docker-compose-deploy docker_compose_base_dir: /home/docker-user ### mgrote.munin-node munin_node_bind_host: "0.0.0.0" munin_node_bind_port: "4949" munin_node_allowed_cidrs: [192.168.2.0/24] munin_node_plugins: - name: timesync src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - name: systemd_status src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - name: systemd_mem src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem config: | [systemd_mem] env.all_services true - name: lvm_ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ config: | [lvm_*] user root - name: fail2ban src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban config: | [fail2ban] env.client /usr/bin/fail2ban-client env.config_dir /etc/fail2ban user root - name: docker_containers src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ config: | [docker_*] user root env.DOCKER_HOST unix://run/docker.sock - name: docker_cpu src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_memory src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_network src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_volumes src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ ### mgrote.apt_manage_packages apt_packages_extra: - bc # für munin plugins - jq # für munin plugins