homeserver/host_vars/docker10.mgrote.net.yml
Michael Grote 28f22968da
Some checks failed
ci/woodpecker/push/gitleaks Pipeline was successful
ci/woodpecker/push/ansible-lint Pipeline was successful
ci/woodpecker/push/ansible-playbook Pipeline failed
ci: deploy config on merge or push (#127)
Reviewed-on: #127
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

ci: testing deployment (#128)

Reviewed-on: #128
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

ci: test

ci: enable deployment

ci: set ssh-key for deployment

ci: debug

ci: deactivate ansible-lint temporarily

ci: deactivate ansible-galaxy temporarily

ci: debug ssh-key shell redirect

ci: base64

ci: debug

ci: debug

ci: fix output

Revert "ci: deactivate ansible-lint temporarily"

This reverts commit 6729342f26.

ci: fix vault-pass secret

pbs_integration: enable no_log

ci: debug ansible-vault

ci: debug

ci: ansible-vault + move to viczem.keepass (#130)

Reviewed-on: #130
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

ff

plugin umbennennugn

ff
2024-07-09 22:27:57 +02:00

84 lines
2 KiB
YAML

---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_docker
disks:
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
create: true
lvnames:
- lvname: docker
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /var/lib/docker
manage_lvm: true
pvresize_to_max: true
### mgrote_mount_cifs # löschen
cifs_mounts:
- name: bilder
type: cifs
state: absent
dest: /mnt/fileserver3_photoprism_bilder_ro
src: //fileserver3.mgrote.net/bilder
user: photoprism
password: "{{ lookup('viczem.keepass.keepass', 'fileserver_smb_user_photoprism', 'password') }}"
domain: mgrote.net
uid: 5000
gid: 5000
extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
### mgrote_docker-compose-inline
compose_owner: "docker-user"
compose_group: "docker-user"
compose_dest_basedir: "/docker"
compose_src_basedir: "{{ inventory_dir }}/docker-compose"
compose_files:
- name: registry
state: present
network: traefik
- name: nextcloud
state: present
network: traefik
- name: httpd
state: present
- name: unifi-network-application
state: present
- name: miniflux
state: present
network: traefik
- name: traefik
state: present
network: traefik
- name: navidrome
state: present
network: traefik
- name: routeros-config-export
state: present
- name: mail-relay
state: present
network: mail-relay
- name: woodpecker
state: present
network: traefik
- name: wiki
state: present
network: traefik
- name: gramps
state: present
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
# docker network inspect $(docker network ls -q)|grep -E "IPv(4|6)A" | grep -v \"\" | sort -h
- rule: allow
from_ip: 192.168.0.0/16
comment: 'docker networks'
- rule: allow
from_ip: 172.0.0.0/8
comment: 'docker networks'