---
  ### mgrote.docker-compose-deploy
  docker_compose_base_dir: /home/mg/docker
  docker_compose_projects:
    - name: munin-master
      dir_name: docker-munin-master
      repository_url: git.mgrote.net/mg/docker-munin-master
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      state: present
    - name: watchtower
      dir_name: docker-watchtower
      repository_url: git.mgrote.net/mg/docker-watchtower
      state: present
    - name: homer
      dir_name: docker-homer
      repository_url: git.mgrote.net/mg/docker-homer
      state: present
    - name: unifi-controller
      dir_name: docker-unifi-controller
      repository_url: git.mgrote.net/mg/docker-unifi-controller
      repository_user: mg
      repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}"
      state: present
  ### geerlingguy.munin-node
  munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift
  munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift
    - '^127\.0\.0\.1$'
    - '^::1$'
    - ^0\.0\.0\.0$
  ### oefenweb.ufw
  ufw_rules: # ist extra weil bei munin kein subnet angegeben ist
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 4949
      protocol: tcp
      comment: 'munin'