--- ### mgrote.restic restic_folders_to_backup: "/ /var/lib/docker /var/lib/docker2" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files #### mgrote.set_permissions dir_permissions: - path: /var/lib/docker2/httpd-registry mode: '0777' ### mrlesmithjr.ansible-manage-lvm lvm_groups: - vgname: vg_docker disks: - /dev/sdc create: true lvnames: - lvname: lv_docker size: +100%FREE create: true filesystem: xfs mount: true mntp: /var/lib/docker - vgname: vg_docker2 disks: - /dev/sdb create: true lvnames: - lvname: lv_docker2 size: +100%FREE create: true filesystem: xfs mount: true mntp: /var/lib/docker2/httpd-registry manage_lvm: true pvresize_to_max: true ### mgrote.apt_manage_packages apt_packages_extra: - libwww-curl-perl # für munin-plugin: unifi - libjson-perl # für munin-plugin: unifi - sshpass # fur munin mt_system_* ### mgrote.docker-compose-deploy docker_compose_projects: - name: watchtower dir_name: docker-watchtower repository_url: git.mgrote.net/mg/docker-watchtower state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: ansible-ara dir_name: docker-ansible-ara repository_url: git.mgrote.net/mg/docker-ansible-ara state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: homer dir_name: docker-homer repository_url: git.mgrote.net/mg/docker-homer state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: photoprism dir_name: docker-photoprism repository_url: git.mgrote.net/mg/docker-photoprism state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: miniflux dir_name: docker-miniflux repository_url: git.mgrote.net/mg/docker-miniflux state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: traefik dir_name: docker-traefik repository_url: git.mgrote.net/mg/docker-traefik state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" network_name: nw_proxy_traefik - name: munin-master dir_name: docker-munin-master repository_url: git.mgrote.net/mg/docker-munin-master_production state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: oxidized dir_name: docker-oxidized repository_url: git.mgrote.net/mg/docker-oxidized state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: librenms dir_name: docker-librenms repository_url: git.mgrote.net/mg/docker-librenms state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: unifi-controller dir_name: docker-unifi-controller repository_url: git.mgrote.net/mg/docker-unifi-controller state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: navidrome-mg dir_name: docker-navidrome-mg repository_url: git.mgrote.net/mg/docker-navidrome-mg state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: hastebin dir_name: docker-hastebin repository_url: git.mgrote.net/mg/docker-hastebin state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" - name: apache-registry # fur diesen container ist das lv: lv_docker2 nach /var/lib/docker2/httpd-registry gemountet; dieser Pfad steht in der docker-compose.yml als Volume drin; dieser Ordner hat die Rechte 0777 damit jeder per SSH reinschrieben kann; ist fur drone.io eingerichtet; siehe $dir_permissions dir_name: docker-apache-registry repository_url: git.mgrote.net/Docker-Compose/apache-registry state: present os_username: docker-user repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" git_branch: main ### oefenweb.ufw ufw_rules: # ist extra weil bei munin kein subnet angegeben ist - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 0.0.0.0/0 - rule: allow to_port: 443 protocol: tcp comment: 'mf-filter' # da mgrote.net auf tarefik umgelietet wird funktioniert sonst mf-filter nicht, daher hier explizit Port 443 freigegeben from_ip: 0.0.0.0/0 ### geerlingguy.pip pip_package: python3-pip pip_install_packages: - name: docker # für munin-plugin docker_ - name: fritzconnection # für munin fritzbox* - name: lxml # für munin fritzbox* - name: requests # für munin fritzbox* ### mgrote.munin-node munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift munin_node_plugins: - name: timesync src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - name: systemd_status src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - name: systemd_mem src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem config: | [systemd_mem] env.all_services true - name: lvm_ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ config: | [lvm_*] user root - name: fail2ban src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban config: | [fail2ban] env.client /usr/bin/fail2ban-client env.config_dir /etc/fail2ban user root - name: docker_containers src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ config: | [docker_*] user root env.DOCKER_HOST unix://run/docker.sock - name: docker_cpu src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_memory src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_network src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: docker_volumes src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ - name: http_response src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response config: | [http_response] env.sites http://docker7.grote.lan:8888/nodes http://docker7.grote.lan:1234 http://docker7.grote.lan:5000 http://docker7.grote.lan:333 http://docker7.grote.lan:2233 http://docker7.grote.lan:2342 http://docker7.grote.lan:8081/ https://miniflux.mgrote.net/ http://docker7.grote.lan:3001 http://docker7.grote.lan:2342 https://audio.mgrote.net/mg http://docker7.grote.lan:3344 env.max_time 20 env.short_label true env.follow_redirect true - name: mt_system_crs309 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system config: | [mt_system_crs309] user root env.ssh_user munin env.ssh_password {{ lookup('keepass', 'crs309_munin_user', 'password') }} env.ssh_host 192.168.2.224 - name: mt_system_hex src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system config: | [mt_system_hex] user root env.ssh_user munin env.ssh_password {{ lookup('keepass', 'hex_munin_user', 'password') }} env.ssh_host 192.168.3.144 - name: mt_system_crs305 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system config: | [mt_system_crs305] user root env.ssh_user munin env.ssh_password {{ lookup('keepass', 'crs305_munin_user', 'password') }} env.ssh_host 192.168.2.225 - name: mt_system_rb5009 src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/router/mikrotik_system config: | [mt_system_rb5009] user root env.ssh_user munin env.ssh_password {{ lookup('keepass', 'rb5009_munin_user', 'password') }} env.ssh_host 192.168.2.1 - name: unifi src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/unifi config: | [unifi*] # User name to login to unifi controller API. Default is "ubnt". Ideally, this should # point to a read-only account. env.user munin # Password to login to unifi controller API. Default is "ubnt" env.pass {{ lookup('keepass', 'unifi_munin_user', 'password') }} # URL of the API, with port if needed. No trailing slash. env.api_url https://docker7.grote.lan:8443 # Verify SSL certificate name against host. # Note: if using a default cloudkey certificate, this will fail unless you manually add it # to the local keystore. # Default is "yes" env.ssl_verify_host no # Verify Peer's SSL vertiicate. # Note: if using a default cloudkey certificate, this will fail # Default is "yes" env.ssl_verify_peer no # The human readable name of the unifi site - used for graph titles env.name Unifi # By default, Use standard munin well know categories - env.force_category unifi #--- # Show device CPU utilization env.enable_device_cpu yes # Show device memory usage env.enable_device_mem yes # Show device load average (switches and APs only) env.enable_device_load yes # Show device uptime env.enable_device_uptime yes # Show number of clients connected to each device env.enable_clients_device yes # Show detailed graphs for each device (per device graphs) env.enable_detail_clients_device yes # Show number of clients connected to each network type env.enable_clients_type yes # Show detailed graphs for each client type (per type graphs) env.enable_detail_clients_type yes # Show unauthorized / authorized client list # if you are not using the guest portal, this is useless env.show_authorized_clients_type yes # Show transfer statistics on switch ports; wirft Fehler wenn aktiv env.enable_xfer_port no # Show detailed graphs per switch port; wirft Fehler wenn aktiv env.enable_detail_xfer_port no # Hide ports that have no link (When set to no, unplugged ports will transfer 0, not be undefined); wirft Fehler wenn aktiv env.hide_empty_xfer_port no # Show transfer statistics per device; wirft Fehler wenn aktiv env.enable_xfer_device no # Show detailed graphs for each device; wirft Fehler wenn aktiv env.enable_detail_xfer_device yes # Show transfer statistics per named network; wirft Fehler wenn aktiv env.enable_xfer_network no # Show detailed graphs for each named network; wirft Fehler wenn aktiv env.enable_detail_xfer_network no # Show transfer statistics per radio; wirft Fehler wenn aktiv env.enable_xfer_radio no # Show detailed graphs for each radio; wirft Fehler wenn aktiv env.enable_detail_xfer_radio no - name: fritzbox_uptime.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_uptime.py - name: fritzbox_traffic.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_traffic.py - name: fritzbox_power.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_power_consumption.py - name: fritzbox_memory.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_memory_usage.py - name: fritzbox_helper.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_helper.py - name: fritzbox_cpu.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_usage.py - name: fritzbox_temp.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_cpu_temperature.py - name: fritzbox_conn_uptime.py src: https://git.mgrote.net/mg/mirror-frododvr-fritzbox-munin/raw/branch/master/fritzbox_connection_uptime.py config: | [fritzbox_*] env.fritzbox_ip 192.168.5.1 env.fritzbox_username munin env.fritzbox_password {{ lookup('keepass', 'fritzbox_munin_user', 'password') }} env.traffic_remove_max true # if you do not want the possible max values