mg
492ac5b187
Group Vars und Inventory hinzugefügt Gruppe umbenannt, bindestrich nicht in gruppennamen erlaubt wip Einrückung Datei richtig benannt playbook mit richtiger rolle readme meta doku dict collectipn in doku doku funktioniert
45 lines
1.2 KiB
YAML
45 lines
1.2 KiB
YAML
---
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 192.168.2.0/24
|
|
# Weitere Regeln sind nicht notwendig da Docker iptables selber verwaltet.
|
|
# - rule: allow
|
|
# comment: 'alles erlauben'
|
|
### geerlingguy.docker
|
|
docker_users:
|
|
- mg
|
|
- root
|
|
- ansible-user
|
|
### ryandaniels.create_users
|
|
users:
|
|
- username: mg
|
|
password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
|
|
update_password: on_create
|
|
ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
|
|
use_sudo: yes
|
|
use_sudo_nopass: yes
|
|
user_state: present
|
|
groups: ssh, sudo, docker
|
|
servers:
|
|
- production
|
|
- staging
|
|
- test
|
|
### mgrote.restic
|
|
restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
|
|
restic_cron_hours: "*"
|
|
restic_exclude: |
|
|
._*
|
|
desktop.ini
|
|
.Trash-*
|
|
**/**cache***/**
|
|
**/**Cache***/**
|
|
**/**AppData***/**
|
|
/var/lib/docker/volumes/***Musik***
|
|
/var/lib/docker/volumes/***musik***
|
|
# https://github.com/restic/restic/issues/1005
|
|
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
|