--- # Diese Datei enthällt alles für den Laptop, es werden auch alle Variablen aus den Group-Vars extra eingetragen. ### mgrote_user_setup dotfiles: - user: mg home: /home/mg dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git" ### mgrote_user users: - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always groups: - ssh - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true allow_passwordless_sudo: true - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always groups: - ssh - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE allow_sudo: true allow_passwordless_sudo: true - username: docker-user password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}" update_password: always groups: - ssh - sudo - docker state: present allow_sudo: true allow_passwordless_sudo: true uid: "5000" ### geerlingguy.pip pip_package: python3-pip pip_install_packages: - name: docker # für munin-plugin docker_ ### geerlingguy.docker docker_users: - mg - docker-user docker_install_compose: true docker_add_repo: true docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/ubuntu jammy {{ docker_apt_release_channel }}" # Distribution ubuntu jammy explizit gesetzt docker_apt_gpg_key: "{{ docker_repo_url }}/ubuntu/gpg" # Distribution ubuntu explizit gesetzt ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 ufw_default_incoming_policy: deny ufw_default_outgoing_policy: allow ### mgrote_restic restic_exclude: | ._* desktop.ini .Trash-* **/**cache***/** **/**Cache***/** **/**AppData***/** restic_folders_to_backup: "/usr/local /etc /root /home" restic_repository: "//fileserver3.mgrote.net/restic" restic_fail_mail: "{{ my_mail }}" restic_repository_password: "{{ lookup('viczem.keepass.keepass', 'restic_repository_password', 'password') }}" restic_mount_password: "{{ lookup('viczem.keepass.keepass', 'fileserver/fileserver_smb_user_restic', 'password') }}" #gitleaks:allow restic_mount_user: restic restic_schedule: "*-*-* 4:00:00" ### mgrote_apt_manage_packages apt_packages_common: - locales - python3 - build-essential - htop - git - dnsutils - mc - cifs-utils - haveged #https://www.linux-magazin.de/ausgaben/2011/09/einfuehrung2/ - ca-certificates - netdiscover - tree - curl - whois - logrotate - ncdu - net-tools - apt-transport-https - moreutils - acl - vim - rsync - at - ripgrep - iotop - pwgen - keychain - bc - jq apt_packages_physical: - s-tui - smartmontools - lm-sensors - ethtool - fwupd apt_packages_absent: - nano - snapd - ubuntu-advantage-tools - neofetch - graphviz - ubuntu-pro-client ...