homeserver/group_vars/all.yml
mg 7d5c3fdf2d Monitoring: munin eingebaut (#4)
eiegnes playbook entfernt

apcupsd eingebaut

eigene rolle gelöscht

playbook munin entfernt

rolle munin master entfernt

rolle nur bei gruppe

playbook in master eingebunden

playbook

vars

programme physical angepasst

firewall für munin angepasst

wip

wip

rollen hinzugefügt

playbook und muster rolle

munin in inventory

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#4
Co-Authored-By: mg <mg@noreply.git.mgrote.net>
Co-Committed-By: mg <mg@noreply.git.mgrote.net>
2021-02-26 14:16:03 +01:00

168 lines
5.1 KiB
YAML

---
### wird in vielen Rollen verwendet
empfaenger_mail: michael.grote@posteo.de
### geerlingguy.munin-node
munin_node_bind_host: "*"
munin_node_bind_port: "4949"
munin_node_allowed_cidrs: [192.168.2.0/24]
munin_node_plugins:
- name: apc_nis
- name: hddtemp_smartctl
munin_node_config: {
"apc_nis": {
"env.host": "pve2.grote.lan",
"env.port": "3551"
}
}
### mgrote.postfix
postfix_absender_mailadresse: info@mgrote.net
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
postfix_mail_nach_cronjob: false
postfix_smtp_server: smtp.strato.de
postfix_smtp_server_port: 587
postfix_smtp_use_tls: "yes"
### mgrote.apt_manage_sources
manage_sources_apt_proxy_url: "acng.grote.lan:9999"
### mgrote.restic
restic_folders_to_backup: "/usr/local /etc /root /home"
restic_cron_hours: "19"
restic_repository: "//fileserver2.grote.lan/backup/restic"
restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
restic_mount: "/mnt/restic"
restic_mount_user: restic
restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
restic_exclude: |
._*
desktop.ini
.Trash-*
**/**cache***/**
**/**Cache***/**
**/**AppData***/**
### mgrote.tmux
tmux_conf_destination: "/home/mg/.tmux.conf"
tmux_bashrc_destination: "/home/mg/.bashrc"
tmux_standardsession_name: "default"
### mgrote.fail2ban
f2b_bantime: 300
f2b_findtime: 300
f2b_maxretry: 5
f2b_destemail: "{{ empfaenger_mail }}"
f2b_sender: "{{ postfix_absender_mailadresse }}"
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 192.168.2.0/24
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin-node'
from_ip: 192.168.2.0/24
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow
### ryandaniels.create_users
users:
- username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create
ssh_key: "{{ lookup('keepass', 'mg_ssh_pubkey', 'password') }}" #generieren: ssh-keygen -o; für putty andern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
use_sudo: yes
use_sudo_nopass: yes
user_state: present
groups: ssh, sudo
servers:
- production
- test
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create
ssh_key: "{{ lookup('keepass', 'ansible_user_ssh_pubkey', 'password') }}"
use_sudo: yes
use_sudo_nopass: yes
user_state: present
groups: ssh, sudo
servers:
- production
- test
### geerlingguy.dotfiles
dotfiles_repo: "https://git.mgrote.net/mg/dotfiles"
dotfiles_repo_local_destination: "/home/mg/dotfiles-repo"
dotfiles_home: "/home/mg"
dotfiles_user: "mg"
dotfiles_repo_accept_hostkey: true
dotfiles_files:
- .bash_aliases
- .tmux.conf
- .gitconfig
- .vimrc
### mgrote.apt_install_packages
programs_common:
- locales
- python
- build-essential
- ntp
- htop
- git
- dnsutils
- nano
- mc
- cifs-utils
- netdiscover
- tree
- curl
- logrotate
- ncdu
- net-tools
- apt-transport-https
- neofetch
- ntpdate
- acl
- vim
programs_only_physical:
- hddtemp
- ipmitool
- s-tui
- smartmontools
- lm-sensors
programs_only_vms:
- qemu-guest-agent
- open-vm-tools
### mgrote.apcupsd
apcupsd_master_onbatterydelay: 10
apcupsd_master_batterylevel_for_shutdown: 50
apcupsd_master_minutes_for_shutdown: 10
apcupsd_master_nologon_when_active: disable
apcupsd_slave_onbatterydelay: 10
apcupsd_slave_batterylevel_for_shutdown: 50
apcupsd_slave_minutes_for_shutdown: 10
apcupsd_slave_nologon_when_active: disable
apcupsd_nis_master: on
apcupsd_nis_master_listen_ip: 0.0.0.0
apcupsd_nis_master_listen_port: 3551
apcupsd_ups_name: APC-BX950U-GR
# Ansible Variablen
### User
ansible_user: "ansible-user"
### SSH
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
### python3
# https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html
ansible_python_interpreter: "/usr/bin/python3"
# Ansible Plugin Variablen
### Keepass
# https://github.com/viczem/ansible-keepass
keepass_dbx: "./keepass_db.kdbx"
keepass_psw: !vault |
$ANSIBLE_VAULT;1.1;AES256
62383737623066396239383336646164616537646630653964313532383130343533346561633039
3437306134656535353438666165376332633064383135650a636537626662656130376537633164
61613132326536666466636632363866393066656236303766333338356337396338376266346631
6364336331623539300a313562303161373631613734313938346666376239613333333363376236
38363035376662353135333332363431343833656666643036326234656166643531